From e6f5c98e0e9e3b4d5486fe6b95818b1859c1f278 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Wed, 30 Oct 2024 10:03:02 +0000
Subject: [PATCH 001/142] Proofs for Ind-cpa and portable compress modules

---
 .../Libcrux_ml_kem.Hash_functions.Avx2.fsti   |   25 +-
 .../Libcrux_ml_kem.Hash_functions.Neon.fsti   |   25 +-
 ...ibcrux_ml_kem.Hash_functions.Portable.fsti |   25 +-
 .../Libcrux_ml_kem.Hash_functions.fsti        |   14 +-
 .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti      |   18 +-
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     | 1183 +++++++++-------
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    |  474 ++++---
 .../extraction/Libcrux_ml_kem.Matrix.fst      |  346 ++---
 .../extraction/Libcrux_ml_kem.Matrix.fsti     |  108 +-
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fst   |   10 +-
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti  |   12 +-
 .../extraction/Libcrux_ml_kem.Sampling.fst    |  210 +--
 .../extraction/Libcrux_ml_kem.Sampling.fsti   |   30 +-
 .../extraction/Libcrux_ml_kem.Serialize.fst   | 1206 +++++++++--------
 .../extraction/Libcrux_ml_kem.Serialize.fsti  |  236 ++--
 .../extraction/Libcrux_ml_kem.Variant.fsti    |   21 +-
 ...ibcrux_ml_kem.Vector.Portable.Compress.fst |  111 +-
 ...bcrux_ml_kem.Vector.Portable.Compress.fsti |   21 +-
 .../proofs/fstar/spec/Spec.MLKEM.Math.fst     |    8 +-
 .../proofs/fstar/spec/Spec.MLKEM.fst          |  105 +-
 .../proofs/fstar/spec/Spec.Utils.fst          |    3 +
 libcrux-ml-kem/src/hash_functions.rs          |   38 +-
 libcrux-ml-kem/src/ind_cpa.rs                 |  199 ++-
 libcrux-ml-kem/src/matrix.rs                  |    4 +-
 libcrux-ml-kem/src/ntt.rs                     |    6 +
 libcrux-ml-kem/src/sampling.rs                |    5 +
 libcrux-ml-kem/src/serialize.rs               |   42 +-
 libcrux-ml-kem/src/variant.rs                 |    8 +
 .../src/vector/portable/compress.rs           |   84 +-
 29 files changed, 2714 insertions(+), 1863 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
index b5a8cb0e2..fc7ae6c87 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
@@ -3,6 +3,11 @@ module Libcrux_ml_kem.Hash_functions.Avx2
 open Core
 open FStar.Mul
 
+/// The state.
+/// It\'s only used for SHAKE128.
+/// All other functions don\'t actually use any members.
+val t_Simd256Hash:Type0
+
 val v_G (input: t_Slice u8)
     : Prims.Pure (t_Array u8 (sz 64))
       Prims.l_True
@@ -28,12 +33,12 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8)
           result == Spec.Utils.v_PRF v_LEN input)
 
 val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K)
-    : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) Prims.l_True (fun _ -> Prims.l_True)
-
-/// The state.
-/// It\'s only used for SHAKE128.
-/// All other functions don\'t actually use any members.
-val t_Simd256Hash:Type0
+    : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K)
+      (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4))
+      (ensures
+        fun result ->
+          let result:t_Array (t_Array u8 v_LEN) v_K = result in
+          result == Spec.Utils.v_PRFxN v_K v_LEN input)
 
 val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K)
     : Prims.Pure t_Simd256Hash Prims.l_True (fun _ -> Prims.l_True)
@@ -63,7 +68,10 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K =
     (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) ->
         v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input);
     f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input);
-    f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true);
+    f_PRFxN_pre
+    =
+    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) ->
+        v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4));
     f_PRFxN_post
     =
     (fun
@@ -71,7 +79,8 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K =
         (input: t_Array (t_Array u8 (sz 33)) v_K)
         (out: t_Array (t_Array u8 v_LEN) v_K)
         ->
-        true);
+        (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
+        out == Spec.Utils.v_PRFxN v_K v_LEN input);
     f_PRFxN
     =
     (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input);
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
index 5294a8dc5..8232d0b3d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
@@ -3,6 +3,11 @@ module Libcrux_ml_kem.Hash_functions.Neon
 open Core
 open FStar.Mul
 
+/// The state.
+/// It\'s only used for SHAKE128.
+/// All other functions don\'t actually use any members.
+val t_Simd128Hash:Type0
+
 val v_G (input: t_Slice u8)
     : Prims.Pure (t_Array u8 (sz 64))
       Prims.l_True
@@ -28,12 +33,12 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8)
           result == Spec.Utils.v_PRF v_LEN input)
 
 val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K)
-    : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) Prims.l_True (fun _ -> Prims.l_True)
-
-/// The state.
-/// It\'s only used for SHAKE128.
-/// All other functions don\'t actually use any members.
-val t_Simd128Hash:Type0
+    : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K)
+      (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4))
+      (ensures
+        fun result ->
+          let result:t_Array (t_Array u8 v_LEN) v_K = result in
+          result == Spec.Utils.v_PRFxN v_K v_LEN input)
 
 val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K)
     : Prims.Pure t_Simd128Hash Prims.l_True (fun _ -> Prims.l_True)
@@ -63,7 +68,10 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K =
     (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) ->
         v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input);
     f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input);
-    f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true);
+    f_PRFxN_pre
+    =
+    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) ->
+        v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4));
     f_PRFxN_post
     =
     (fun
@@ -71,7 +79,8 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K =
         (input: t_Array (t_Array u8 (sz 33)) v_K)
         (out: t_Array (t_Array u8 v_LEN) v_K)
         ->
-        true);
+        (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
+        out == Spec.Utils.v_PRFxN v_K v_LEN input);
     f_PRFxN
     =
     (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input);
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
index 89c8300ff..33e10a142 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
@@ -3,6 +3,11 @@ module Libcrux_ml_kem.Hash_functions.Portable
 open Core
 open FStar.Mul
 
+/// The state.
+/// It\'s only used for SHAKE128.
+/// All other functions don\'t actually use any members.
+val t_PortableHash (v_K: usize) : Type0
+
 val v_G (input: t_Slice u8)
     : Prims.Pure (t_Array u8 (sz 64))
       Prims.l_True
@@ -28,12 +33,12 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8)
           result == Spec.Utils.v_PRF v_LEN input)
 
 val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K)
-    : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) Prims.l_True (fun _ -> Prims.l_True)
-
-/// The state.
-/// It\'s only used for SHAKE128.
-/// All other functions don\'t actually use any members.
-val t_PortableHash (v_K: usize) : Type0
+    : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K)
+      (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4))
+      (ensures
+        fun result ->
+          let result:t_Array (t_Array u8 v_LEN) v_K = result in
+          result == Spec.Utils.v_PRFxN v_K v_LEN input)
 
 val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K)
     : Prims.Pure (t_PortableHash v_K) Prims.l_True (fun _ -> Prims.l_True)
@@ -63,7 +68,10 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K
     (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) ->
         v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input);
     f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input);
-    f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true);
+    f_PRFxN_pre
+    =
+    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) ->
+        v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4));
     f_PRFxN_post
     =
     (fun
@@ -71,7 +79,8 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K
         (input: t_Array (t_Array u8 (sz 33)) v_K)
         (out: t_Array (t_Array u8 v_LEN) v_K)
         ->
-        true);
+        (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
+        out == Spec.Utils.v_PRFxN v_K v_LEN input);
     f_PRFxN
     =
     (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input);
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti
index 076ee08eb..f734de676 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti
@@ -25,9 +25,17 @@ class t_Hash (v_Self: Type0) (v_K: usize) = {
     -> pred: Type0{pred ==> v v_LEN < pow2 32 ==> result == Spec.Utils.v_PRF v_LEN input};
   f_PRF:v_LEN: usize -> x0: t_Slice u8
     -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result);
-  f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K -> pred: Type0{true ==> pred};
-  f_PRFxN_post:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> t_Array (t_Array u8 v_LEN) v_K
-    -> Type0;
+  f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K
+    -> pred: Type0{v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4) ==> pred};
+  f_PRFxN_post:
+      v_LEN: usize ->
+      input: t_Array (t_Array u8 (sz 33)) v_K ->
+      result: t_Array (t_Array u8 v_LEN) v_K
+    -> pred:
+      Type0
+        { pred ==>
+          (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
+          result == Spec.Utils.v_PRFxN v_K v_LEN input };
   f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K
     -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K)
         (f_PRFxN_pre v_LEN x0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
index a0ce84565..b7e0c4efc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
@@ -14,6 +14,15 @@ type t_IndCpaPrivateKeyUnpacked
   (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
   = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K }
 
+/// An unpacked ML-KEM IND-CPA Private Key
+type t_IndCpaPublicKeyUnpacked
+  (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+  = {
+  f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K;
+  f_seed_for_A:t_Array u8 (sz 32);
+  f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K
+}
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl
       (v_K: usize)
@@ -40,15 +49,6 @@ let impl
       t_IndCpaPrivateKeyUnpacked v_K v_Vector
   }
 
-/// An unpacked ML-KEM IND-CPA Private Key
-type t_IndCpaPublicKeyUnpacked
-  (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-  = {
-  f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K;
-  f_seed_for_A:t_Array u8 (sz 32);
-  f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K
-}
-
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_1
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 4821be2e5..aa3f657ef 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -12,6 +12,76 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+#push-options "--ext context_pruning"
+
+let deserialize_secret_key
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (secret_key: t_Slice u8)
+     =
+  let _:Prims.unit = assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial) in
+  let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      v_K
+      (fun temp_0_ ->
+          let _:usize = temp_0_ in
+          Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+          <:
+          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+  in
+  let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
+      secret_key
+      (fun secret_as_ntt i ->
+          let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
+          =
+            secret_as_ntt
+          in
+          let i:usize = i in
+          forall (j: nat).
+            j < v i ==>
+            j * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT +
+            v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <=
+            v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) /\
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index secret_as_ntt j) ==
+            Spec.MLKEM.byte_decode 12
+              (Seq.slice secret_key
+                  (j * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)
+                  (j * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT +
+                    v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)))
+      secret_as_ntt
+      (fun secret_as_ntt temp_1_ ->
+          let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
+          =
+            secret_as_ntt
+          in
+          let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in
+          let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
+          =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt
+              i
+              (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector
+                  secret_bytes
+                <:
+                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          in
+          secret_as_ntt)
+  in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #Spec.MLKEM.polynomial
+      #(v v_K)
+      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector secret_as_ntt)
+      (Spec.MLKEM.vector_decode_12 #v_K secret_key)
+  in
+  secret_as_ntt
+
+#pop-options
+
+#push-options "--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always"
+
 let sample_ring_element_cbd
       (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
       (#v_Vector #v_Hasher: Type0)
@@ -35,13 +105,22 @@ let sample_ring_element_cbd
   in
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in
   let v__domain_separator_init:u8 = domain_separator in
+  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in
   let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_K
       (fun temp_0_ i ->
           let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
           let i:usize = i in
-          v domain_separator == v v__domain_separator_init + v i)
+          v domain_separator == v v__domain_separator_init + v i /\
+          (v i < v v_K ==>
+            (forall (j: nat).
+                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
+          (forall (j: nat).
+              j < v i ==>
+              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
+              Seq.slice (Seq.index prf_inputs j) 0 32 ==
+              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
       (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
       (fun temp_0_ i ->
           let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
@@ -60,6 +139,28 @@ let sample_ring_element_cbd
           let domain_separator:u8 = domain_separator +! 1uy in
           domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
   in
+  let _:Prims.unit =
+    let lemma_aux (i: nat{i < v v_K})
+        : Lemma
+        (prf_inputs.[ sz i ] ==
+          (Seq.append (Seq.slice prf_input 0 32)
+              (Seq.create 1
+                  (mk_int #u8_inttype (v (v__domain_separator_init +! (mk_int #u8_inttype i))))))) =
+      Lib.Sequence.eq_intro #u8
+        #33
+        prf_inputs.[ sz i ]
+        (Seq.append (Seq.slice prf_input 0 32)
+            (Seq.create 1 (mk_int #u8_inttype (v v__domain_separator_init + i))))
+    in
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33))
+      #(v v_K)
+      prf_inputs
+      (createi v_K
+          (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+              (Seq.slice prf_input 0 32)
+              (sz (v v__domain_separator_init))))
+  in
   let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array
     (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K =
     Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher
@@ -71,37 +172,47 @@ let sample_ring_element_cbd
   let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_K
-      (fun error_1_ temp_1_ ->
+      (fun error_1_ i ->
           let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
             error_1_
           in
-          let _:usize = temp_1_ in
-          true)
+          let i:usize = i in
+          forall (j: nat).
+            j < v i ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector error_1_.[ sz j ] ==
+            Spec.MLKEM.sample_poly_cbd v_ETA2 prf_outputs.[ sz j ])
       error_1_
       (fun error_1_ i ->
           let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
             error_1_
           in
           let i:usize = i in
-          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_
-            i
-            (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2
-                #v_Vector
-                (prf_outputs.[ i ] <: t_Slice u8)
-              <:
-              Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          <:
-          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+          let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_
+              i
+              (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2
+                  #v_Vector
+                  (prf_outputs.[ i ] <: t_Slice u8)
+                <:
+                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          in
+          error_1_)
   in
-  let result:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) =
-    error_1_, domain_separator
-    <:
-    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial)
+      #(v v_K)
+      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1_)
+      (Spec.MLKEM.sample_vector_cbd2 #v_K
+          (Seq.slice prf_input 0 32)
+          (sz (v v__domain_separator_init)))
   in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  error_1_, domain_separator
+  <:
+  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
 
-#push-options "--admit_smt_queries true"
+#pop-options
+
+#push-options "--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always"
 
 let sample_vector_cbd_then_ntt
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
@@ -118,13 +229,22 @@ let sample_vector_cbd_then_ntt
      =
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in
   let v__domain_separator_init:u8 = domain_separator in
+  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in
   let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_K
       (fun temp_0_ i ->
           let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
           let i:usize = i in
-          v domain_separator == v v__domain_separator_init + v i)
+          v domain_separator == v v__domain_separator_init + v i /\
+          (v i < v v_K ==>
+            (forall (j: nat).
+                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
+          (forall (j: nat).
+              j < v i ==>
+              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
+              Seq.slice (Seq.index prf_inputs j) 0 32 ==
+              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
       (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
       (fun temp_0_ i ->
           let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
@@ -143,6 +263,28 @@ let sample_vector_cbd_then_ntt
           let domain_separator:u8 = domain_separator +! 1uy in
           domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
   in
+  let _:Prims.unit =
+    let lemma_aux (i: nat{i < v v_K})
+        : Lemma
+        (prf_inputs.[ sz i ] ==
+          (Seq.append (Seq.slice prf_input 0 32)
+              (Seq.create 1
+                  (mk_int #u8_inttype (v (v__domain_separator_init +! (mk_int #u8_inttype i))))))) =
+      Lib.Sequence.eq_intro #u8
+        #33
+        prf_inputs.[ sz i ]
+        (Seq.append (Seq.slice prf_input 0 32)
+            (Seq.create 1 (mk_int #u8_inttype (v v__domain_separator_init + i))))
+    in
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33))
+      #(v v_K)
+      prf_inputs
+      (createi v_K
+          (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+              (Seq.slice prf_input 0 32)
+              (sz (v v__domain_separator_init))))
+  in
   let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array
     (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K =
     Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher
@@ -154,12 +296,15 @@ let sample_vector_cbd_then_ntt
   let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_K
-      (fun re_as_ntt temp_1_ ->
+      (fun re_as_ntt i ->
           let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
             re_as_ntt
           in
-          let _:usize = temp_1_ in
-          true)
+          let i:usize = i in
+          forall (j: nat).
+            j < v i ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_as_ntt.[ sz j ] ==
+            Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd v_ETA prf_outputs.[ sz j ]))
       re_as_ntt
       (fun re_as_ntt i ->
           let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
@@ -185,6 +330,14 @@ let sample_vector_cbd_then_ntt
           in
           re_as_ntt)
   in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial)
+      #(v v_K)
+      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt)
+      (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
+          (Seq.slice prf_input 0 32)
+          (sz (v v__domain_separator_init)))
+  in
   let hax_temp_output:u8 = domain_separator in
   re_as_ntt, hax_temp_output
   <:
@@ -225,13 +378,149 @@ let sample_vector_cbd_then_ntt_out
   in
   let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = tmp0 in
   let domain_separator:u8 = out in
-  let result:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) =
-    re_as_ntt, domain_separator
+  re_as_ntt, domain_separator
+  <:
+  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
+
+let generate_keypair_unpacked
+      (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize)
+      (#v_Vector #v_Hasher #v_Scheme: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i4:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme)
+      (key_generation_seed: t_Slice u8)
+      (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
+      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+     =
+  let hashed:t_Array u8 (sz 64) =
+    Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme
+      #FStar.Tactics.Typeclasses.solve
+      v_K
+      #v_Hasher
+      key_generation_seed
+  in
+  let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) =
+    Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32)
+  in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #32
+      seed_for_A
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A) 0 32)
+  in
+  let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    {
+      public_key with
+      Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
+      =
+      Libcrux_ml_kem.Matrix.sample_matrix_A v_K
+        #v_Vector
+        #v_Hasher
+        public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
+        (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34))
+        true
+    }
+    <:
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  in
+  let _:Prims.unit =
+    let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in
+    assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A)
+  in
+  let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) =
+    Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error
+  in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8 #32 seed_for_secret_and_error (Seq.slice prf_input 0 32)
+  in
+  let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) =
+    sample_vector_cbd_then_ntt v_K
+      v_ETA1
+      v_ETA1_RANDOMNESS_SIZE
+      #v_Vector
+      #v_Hasher
+      private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
+      prf_input
+      0uy
+  in
+  let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector =
+    { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 }
+    <:
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector
+  in
+  let domain_separator:u8 = out in
+  let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8
+  ) =
+    sample_vector_cbd_then_ntt_out v_K
+      v_ETA1
+      v_ETA1_RANDOMNESS_SIZE
+      #v_Vector
+      #v_Hasher
+      prf_input
+      domain_separator
+  in
+  let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    {
+      public_key with
+      Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+      =
+      Libcrux_ml_kem.Matrix.compute_As_plus_e v_K
+        #v_Vector
+        public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+        public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
+        private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
+        error_as_ntt
+    }
+    <:
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  in
+  let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    {
+      public_key with
+      Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A
+      =
+      Core.Result.impl__unwrap #(t_Array u8 (sz 32))
+        #Core.Array.t_TryFromSliceError
+        (Core.Convert.f_try_into #(t_Slice u8)
+            #(t_Array u8 (sz 32))
+            #FStar.Tactics.Typeclasses.solve
+            seed_for_A
+          <:
+          Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)
+    }
     <:
-    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
   in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  let _:Prims.unit =
+    let ((t_as_ntt, seed_for_A), secret_as_ntt), valid =
+      Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K key_generation_seed
+    in
+    assert (valid ==>
+        ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key.f_t_as_ntt) ==
+          t_as_ntt) /\ (public_key.f_seed_for_A == seed_for_A) /\
+        ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector private_key.f_secret_as_ntt) ==
+          secret_as_ntt));
+    assert ((forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key
+                    .f_secret_as_ntt
+                  i)) /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                    .f_t_as_ntt
+                  i)))
+  in
+  private_key, public_key
+  <:
+  (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector &
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+
+#push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
 
 let compress_then_serialize_u
       (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
@@ -243,25 +532,37 @@ let compress_then_serialize_u
       (out: t_Slice u8)
      =
   let _:Prims.unit =
-    assert ((v Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT * v v_COMPRESSION_FACTOR) / 8 ==
-        320 \/
-        (v Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT * v v_COMPRESSION_FACTOR) / 8 ==
-        352)
+    assert (v (sz 32 *! v_COMPRESSION_FACTOR) == 32 * v v_COMPRESSION_FACTOR);
+    assert (v (v_OUT_LEN /! v_K) == v v_OUT_LEN / v v_K);
+    assert (v v_OUT_LEN / v v_K == 32 * v v_COMPRESSION_FACTOR)
   in
   let out:t_Slice u8 =
     Rust_primitives.Hax.Folds.fold_enumerated_slice input
       (fun out i ->
           let out:t_Slice u8 = out in
           let i:usize = i in
-          v i < v v_K ==>
-          (Seq.length out == v v_OUT_LEN /\
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index input (v i))))
+          (v i < v v_K ==>
+            Seq.length out == v v_OUT_LEN /\
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index input (v i))) /\
+          (forall (j: nat).
+              j < v i ==>
+              Seq.length out == v v_OUT_LEN /\ (j + 1) * (v v_OUT_LEN / v v_K) <= Seq.length out /\
+              (Seq.slice out (j * (v v_OUT_LEN / v v_K)) (((j + 1)) * (v v_OUT_LEN / v v_K)) ==
+                Spec.MLKEM.compress_then_byte_encode (v v_COMPRESSION_FACTOR)
+                  (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index input j)))))
       out
       (fun out temp_1_ ->
           let out:t_Slice u8 = out in
           let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
             temp_1_
           in
+          let _:Prims.unit =
+            assert (forall (j: nat).
+                  j < v i ==>
+                  ((Seq.slice out (j * (v v_OUT_LEN / v v_K)) (((j + 1)) * (v v_OUT_LEN / v v_K)) ==
+                      Spec.MLKEM.compress_then_byte_encode (v v_COMPRESSION_FACTOR)
+                        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index input j)))))
+          in
           let out:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
               ({
@@ -292,342 +593,52 @@ let compress_then_serialize_u
                 <:
                 t_Slice u8)
           in
+          let _:Prims.unit =
+            let lemma_aux (j: nat{j < v i})
+                : Lemma
+                (Seq.slice out (j * (v v_OUT_LEN / v v_K)) (((j + 1)) * (v v_OUT_LEN / v v_K)) ==
+                  Spec.MLKEM.compress_then_byte_encode (v v_COMPRESSION_FACTOR)
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index input j))) =
+              Lib.Sequence.eq_intro #u8
+                #(v v_OUT_LEN / v v_K)
+                (Seq.slice out (j * (v v_OUT_LEN / v v_K)) (((j + 1)) * (v v_OUT_LEN / v v_K)))
+                (Spec.MLKEM.compress_then_byte_encode (v v_COMPRESSION_FACTOR)
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index input j)))
+            in
+            Classical.forall_intro lemma_aux
+          in
           out)
   in
-  let result:Prims.unit = () <: Prims.unit in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  let hax_temp_output:Prims.unit = result in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #(v v_OUT_LEN)
+      out
+      (Spec.MLKEM.compress_then_encode_u #v_K
+          (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input))
+  in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   out
 
-let deserialize_then_decompress_u
-      (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
-      (#v_Vector: Type0)
+#pop-options
+
+#push-options "--z3rlimit 200"
+
+let encrypt_unpacked
+      (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+          usize)
+      (#v_Vector #v_Hasher: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
+          i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      (message: t_Array u8 (sz 32))
+      (randomness: t_Slice u8)
      =
-  let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      v_K
-      (fun temp_0_ ->
-          let _:usize = temp_0_ in
-          Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-          <:
-          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-  in
-  let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *!
-          v_U_COMPRESSION_FACTOR
-          <:
-          usize) /!
-        sz 8
-        <:
-        usize)
-      (ciphertext <: t_Slice u8)
-      (fun u_as_ntt temp_1_ ->
-          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-            u_as_ntt
-          in
-          let _:usize = temp_1_ in
-          true)
-      u_as_ntt
-      (fun u_as_ntt temp_1_ ->
-          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-            u_as_ntt
-          in
-          let i, u_bytes:(usize & t_Slice u8) = temp_1_ in
-          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
-              i
-              (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR
-                  #v_Vector
-                  u_bytes
-                <:
-                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          in
-          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
-              i
-              (Libcrux_ml_kem.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR
-                  #v_Vector
-                  (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-                <:
-                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          in
-          u_as_ntt)
-  in
-  let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
-
-let deserialize_secret_key
-      (v_K: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (secret_key: t_Slice u8)
-     =
-  let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      v_K
-      (fun temp_0_ ->
-          let _:usize = temp_0_ in
-          Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-          <:
-          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-  in
-  let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
-      secret_key
-      (fun secret_as_ntt temp_1_ ->
-          let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
-          =
-            secret_as_ntt
-          in
-          let _:usize = temp_1_ in
-          true)
-      secret_as_ntt
-      (fun secret_as_ntt temp_1_ ->
-          let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
-          =
-            secret_as_ntt
-          in
-          let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in
-          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt
-            i
-            (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector
-                secret_bytes
-              <:
-              Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          <:
-          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-  in
-  let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    secret_as_ntt
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
-
-#push-options "--z3rlimit 200"
-
-let serialize_secret_key
-      (v_K v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-     =
-  let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
-  let out:t_Array u8 v_OUT_LEN =
-    Rust_primitives.Hax.Folds.fold_enumerated_slice key
-      (fun out i ->
-          let out:t_Array u8 v_OUT_LEN = out in
-          let i:usize = i in
-          v i < v v_K ==>
-          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key (v i)))
-      out
-      (fun out temp_1_ ->
-          let out:t_Array u8 v_OUT_LEN = out in
-          let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-            temp_1_
-          in
-          let out:t_Array u8 v_OUT_LEN =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
-              ({
-                  Core.Ops.Range.f_start
-                  =
-                  i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (out.[ {
-                        Core.Ops.Range.f_start
-                        =
-                        i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
-                        <:
-                        usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re
-                    <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-          in
-          out)
-  in
-  let result:t_Array u8 v_OUT_LEN = out in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
-
-#pop-options
-
-let serialize_public_key_mut
-      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      (seed_for_a: t_Slice u8)
-      (serialized: t_Array u8 v_PUBLIC_KEY_SIZE)
-     =
-  let serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-      ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT }
-        <:
-        Core.Ops.Range.t_Range usize)
-      (Core.Slice.impl__copy_from_slice #u8
-          (serialized.[ {
-                Core.Ops.Range.f_start = sz 0;
-                Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT
-              }
-              <:
-              Core.Ops.Range.t_Range usize ]
-            <:
-            t_Slice u8)
-          (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt
-            <:
-            t_Slice u8)
-        <:
-        t_Slice u8)
-  in
-  let serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from serialized
-      ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT }
-        <:
-        Core.Ops.Range.t_RangeFrom usize)
-      (Core.Slice.impl__copy_from_slice #u8
-          (serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT }
-              <:
-              Core.Ops.Range.t_RangeFrom usize ]
-            <:
-            t_Slice u8)
-          seed_for_a
-        <:
-        t_Slice u8)
-  in
-  let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in
-  serialized
-
-let serialize_public_key
-      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      (seed_for_a: t_Slice u8)
-     =
-  let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
-    Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE
-  in
-  let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
-    serialize_public_key_mut v_K
-      v_RANKED_BYTES_PER_RING_ELEMENT
-      v_PUBLIC_KEY_SIZE
-      #v_Vector
-      tt_as_ntt
-      seed_for_a
-      public_key_serialized
-  in
-  let result:t_Array u8 v_PUBLIC_KEY_SIZE = public_key_serialized in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
-
-let decrypt_unpacked
-      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
-          usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
-      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
-     =
-  let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext
-  in
-  let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR
-      #v_Vector
-      (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE }
-          <:
-          Core.Ops.Range.t_RangeFrom usize ]
-        <:
-        t_Slice u8)
-  in
-  let message:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Matrix.compute_message v_K
-      #v_Vector
-      v
-      secret_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
-      u_as_ntt
-  in
-  Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message
-
-let decrypt
-      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
-          usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (secret_key: t_Slice u8)
-      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
-     =
-  let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    deserialize_secret_key v_K #v_Vector secret_key
-  in
-  let secret_key_unpacked:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector =
-    { Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = secret_as_ntt }
-    <:
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector
-  in
-  let result:t_Array u8 (sz 32) =
-    decrypt_unpacked v_K
-      v_CIPHERTEXT_SIZE
-      v_VECTOR_U_ENCODED_SIZE
-      v_U_COMPRESSION_FACTOR
-      v_V_COMPRESSION_FACTOR
-      #v_Vector
-      secret_key_unpacked
-      ciphertext
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
-
-#push-options "--z3rlimit 200"
-
-let encrypt_unpacked
-      (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
-          usize)
-      (#v_Vector #v_Hasher: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
-      (message: t_Array u8 (sz 32))
-      (randomness: t_Slice u8)
-     =
-  let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) =
-    Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness
+  let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) =
+    Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness
   in
   let r_as_ntt, domain_separator:(t_Array
       (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K &
@@ -640,6 +651,10 @@ let encrypt_unpacked
       prf_input
       0uy
   in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8 #32 randomness (Seq.slice prf_input 0 32);
+    assert (v domain_separator == v v_K)
+  in
   let error_1_, domain_separator:(t_Array
       (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K &
     u8) =
@@ -654,6 +669,10 @@ let encrypt_unpacked
   let prf_input:t_Array u8 (sz 33) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator
   in
+  let _:Prims.unit =
+    assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator)));
+    assert (prf_input == Seq.append randomness (Seq.create 1 domain_separator))
+  in
   let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE =
     Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher
       #v_K
@@ -684,6 +703,12 @@ let encrypt_unpacked
       error_2_
       message_as_ring_element
   in
+  let _:Prims.unit =
+    assert (v_C1_LEN = Spec.MLKEM.v_C1_SIZE v_K);
+    assert (v_C2_LEN = Spec.MLKEM.v_C2_SIZE v_K);
+    assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN);
+    assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE)
+  in
   let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in
   let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext
@@ -717,6 +742,11 @@ let encrypt_unpacked
         <:
         t_Slice u8)
   in
+  let _:Prims.unit =
+    lemma_slice_append ciphertext
+      (Seq.slice ciphertext 0 (Rust_primitives.v v_C1_LEN))
+      (Seq.slice ciphertext (Rust_primitives.v v_C1_LEN) (Seq.length ciphertext))
+  in
   ciphertext
 
 #pop-options
@@ -735,6 +765,7 @@ let encrypt
       (message: t_Array u8 (sz 32))
       (randomness: t_Slice u8)
      =
+  let _:Prims.unit = reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt in
   let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
     Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
       #FStar.Tactics.Typeclasses.solve
@@ -762,6 +793,12 @@ let encrypt
       <:
       Core.Ops.Range.t_RangeFrom usize ]
   in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #32
+      seed
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (Rust_primitives.mk_usize 34) seed) 0 32)
+  in
   let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
     {
       unpacked_public_key with
@@ -777,119 +814,333 @@ let encrypt
     <:
     Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
   in
-  let result:t_Array u8 v_CIPHERTEXT_SIZE =
-    encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN
-      v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2
-      v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN
+    v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2
+    v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness
 
-let generate_keypair_unpacked
-      (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize)
-      (#v_Vector #v_Hasher #v_Scheme: Type0)
+#push-options "--ext context_pruning"
+
+let deserialize_then_decompress_u
+      (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
+      (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme)
-      (key_generation_seed: t_Slice u8)
-      (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
-      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
      =
-  let hashed:t_Array u8 (sz 64) =
-    Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme
-      #FStar.Tactics.Typeclasses.solve
+  let _:Prims.unit =
+    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR) /!
+            Rust_primitives.mk_usize 8) ==
+        v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K))
+  in
+  let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       v_K
-      #v_Hasher
-      key_generation_seed
+      (fun temp_0_ ->
+          let _:usize = temp_0_ in
+          Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+          <:
+          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
   in
-  let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) =
-    Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32)
+  let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *!
+          v_U_COMPRESSION_FACTOR
+          <:
+          usize) /!
+        sz 8
+        <:
+        usize)
+      (ciphertext <: t_Slice u8)
+      (fun u_as_ntt i ->
+          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            u_as_ntt
+          in
+          let i:usize = i in
+          forall (j: nat).
+            j < v i ==>
+            j * v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K) <=
+            v v_CIPHERTEXT_SIZE /\
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index u_as_ntt j) ==
+            Spec.MLKEM.poly_ntt (Spec.MLKEM.byte_decode_then_decompress (v v_U_COMPRESSION_FACTOR)
+                  (Seq.slice ciphertext
+                      (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K))
+                      (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K)))
+              ))
+      u_as_ntt
+      (fun u_as_ntt temp_1_ ->
+          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            u_as_ntt
+          in
+          let i, u_bytes:(usize & t_Slice u8) = temp_1_ in
+          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
+              i
+              (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR
+                  #v_Vector
+                  u_bytes
+                <:
+                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          in
+          let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
+              i
+              (Libcrux_ml_kem.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR
+                  #v_Vector
+                  (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+                <:
+                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          in
+          u_as_ntt)
   in
-  let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
-    {
-      public_key with
-      Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
-      =
-      Libcrux_ml_kem.Matrix.sample_matrix_A v_K
-        #v_Vector
-        #v_Hasher
-        public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
-        (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34))
-        true
-    }
-    <:
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #Spec.MLKEM.polynomial
+      #(v v_K)
+      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector u_as_ntt)
+      (let open Spec.MLKEM in
+        vector_ntt (decode_then_decompress_u #v_K
+              (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K)))))
   in
-  let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) =
-    Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error
+  u_as_ntt
+
+#pop-options
+
+let decrypt_unpacked
+      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+          usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
+      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+     =
+  let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext
   in
-  let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) =
-    sample_vector_cbd_then_ntt v_K
-      v_ETA1
-      v_ETA1_RANDOMNESS_SIZE
+  let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR
       #v_Vector
-      #v_Hasher
-      private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
-      prf_input
-      0uy
+      (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE }
+          <:
+          Core.Ops.Range.t_RangeFrom usize ]
+        <:
+        t_Slice u8)
   in
-  let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector =
-    { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 }
+  let message:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Matrix.compute_message v_K
+      #v_Vector
+      v
+      secret_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
+      u_as_ntt
+  in
+  Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message
+
+let decrypt
+      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+          usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (secret_key: t_Slice u8)
+      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+     =
+  let _:Prims.unit = reveal_opaque (`%Spec.MLKEM.ind_cpa_decrypt) Spec.MLKEM.ind_cpa_decrypt in
+  let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    deserialize_secret_key v_K #v_Vector secret_key
+  in
+  let secret_key_unpacked:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector =
+    { Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = secret_as_ntt }
     <:
     Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector
   in
-  let domain_separator:u8 = out in
-  let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8
-  ) =
-    sample_vector_cbd_then_ntt_out v_K
-      v_ETA1
-      v_ETA1_RANDOMNESS_SIZE
-      #v_Vector
-      #v_Hasher
-      prf_input
-      domain_separator
+  decrypt_unpacked v_K
+    v_CIPHERTEXT_SIZE
+    v_VECTOR_U_ENCODED_SIZE
+    v_U_COMPRESSION_FACTOR
+    v_V_COMPRESSION_FACTOR
+    #v_Vector
+    secret_key_unpacked
+    ciphertext
+
+#push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
+
+let serialize_secret_key
+      (v_K v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+     =
+  let _:Prims.unit = assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial) in
+  let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+  let out:t_Array u8 v_OUT_LEN =
+    Rust_primitives.Hax.Folds.fold_enumerated_slice key
+      (fun out i ->
+          let out:t_Array u8 v_OUT_LEN = out in
+          let i:usize = i in
+          (v i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key (v i))) /\
+          (forall (j: nat).
+              j < v i ==>
+              (j + 1) * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <= Seq.length out /\
+              (Seq.slice out
+                  (j * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)
+                  ((j + 1) * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT) ==
+                Spec.MLKEM.byte_encode 12
+                  (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index key j)))))
+      out
+      (fun out temp_1_ ->
+          let out:t_Array u8 v_OUT_LEN = out in
+          let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+            temp_1_
+          in
+          let out:t_Array u8 v_OUT_LEN =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+              ({
+                  Core.Ops.Range.f_start
+                  =
+                  i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
+                  Core.Ops.Range.f_end
+                  =
+                  (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize
+                }
+                <:
+                Core.Ops.Range.t_Range usize)
+              (Core.Slice.impl__copy_from_slice #u8
+                  (out.[ {
+                        Core.Ops.Range.f_start
+                        =
+                        i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
+                        Core.Ops.Range.f_end
+                        =
+                        (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
+                        <:
+                        usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                  (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re
+                    <:
+                    t_Slice u8)
+                <:
+                t_Slice u8)
+          in
+          let _:Prims.unit =
+            let lemma_aux (j: nat{j < v i})
+                : Lemma
+                (Seq.slice out
+                    (j * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)
+                    ((j + 1) * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT) ==
+                  Spec.MLKEM.byte_encode 12
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index key j))) =
+              Lib.Sequence.eq_intro #u8
+                #(v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)
+                (Seq.slice out
+                    (j * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)
+                    ((j + 1) * v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT))
+                (Spec.MLKEM.byte_encode 12
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index key j)))
+            in
+            Classical.forall_intro lemma_aux
+          in
+          out)
   in
-  let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
-    {
-      public_key with
-      Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-      =
-      Libcrux_ml_kem.Matrix.compute_As_plus_e v_K
-        #v_Vector
-        public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-        public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
-        private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
-        error_as_ntt
-    }
-    <:
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  let _:Prims.unit =
+    assert (Spec.MLKEM.coerce_vector_12 (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+              #v_Vector
+              key) ==
+        Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key);
+    Lib.Sequence.eq_intro #u8
+      #(v v_OUT_LEN)
+      out
+      (Spec.MLKEM.vector_encode_12 #v_K
+          (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key))
   in
-  let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
-    {
-      public_key with
-      Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A
-      =
-      Core.Result.impl__unwrap #(t_Array u8 (sz 32))
-        #Core.Array.t_TryFromSliceError
-        (Core.Convert.f_try_into #(t_Slice u8)
-            #(t_Array u8 (sz 32))
-            #FStar.Tactics.Typeclasses.solve
-            seed_for_A
-          <:
-          Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)
-    }
-    <:
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  out
+
+#pop-options
+
+let serialize_public_key_mut
+      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (seed_for_a: t_Slice u8)
+      (serialized: t_Array u8 v_PUBLIC_KEY_SIZE)
+     =
+  let serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+      ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT }
+        <:
+        Core.Ops.Range.t_Range usize)
+      (Core.Slice.impl__copy_from_slice #u8
+          (serialized.[ {
+                Core.Ops.Range.f_start = sz 0;
+                Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT
+              }
+              <:
+              Core.Ops.Range.t_Range usize ]
+            <:
+            t_Slice u8)
+          (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt
+            <:
+            t_Slice u8)
+        <:
+        t_Slice u8)
   in
-  let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in
-  private_key, public_key
-  <:
-  (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector &
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+  let serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from serialized
+      ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT }
+        <:
+        Core.Ops.Range.t_RangeFrom usize)
+      (Core.Slice.impl__copy_from_slice #u8
+          (serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT }
+              <:
+              Core.Ops.Range.t_RangeFrom usize ]
+            <:
+            t_Slice u8)
+          seed_for_a
+        <:
+        t_Slice u8)
+  in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #(v v_PUBLIC_KEY_SIZE)
+      serialized
+      (Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+              (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt))
+          seed_for_a)
+  in
+  serialized
+
+let serialize_public_key
+      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (seed_for_a: t_Slice u8)
+     =
+  let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+    Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE
+  in
+  let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+    serialize_public_key_mut v_K
+      v_RANKED_BYTES_PER_RING_ELEMENT
+      v_PUBLIC_KEY_SIZE
+      #v_Vector
+      tt_as_ntt
+      seed_for_a
+      public_key_serialized
+  in
+  public_key_serialized
 
 let generate_keypair
       (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
@@ -944,10 +1195,6 @@ let generate_keypair
       #v_Vector
       private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
   in
-  let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) =
-    secret_key_serialized, public_key_serialized
-    <:
-    (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  secret_key_serialized, public_key_serialized
+  <:
+  (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 34b5b8ade..51c306877 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -12,6 +12,24 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+val deserialize_secret_key
+      (v_K: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (secret_key: t_Slice u8)
+    : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v (Core.Slice.impl__len #u8 secret_key) /
+        v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <=
+        v v_K)
+      (ensures
+        fun res ->
+          let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in
+          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res ==
+          Spec.MLKEM.vector_decode_12 #v_K secret_key)
+
 /// Sample a vector of ring elements from a centered binomial distribution.
 val sample_ring_element_cbd
       (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
@@ -23,8 +41,17 @@ val sample_ring_element_cbd
     : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
       (requires
         Spec.MLKEM.is_rank v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
-        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ range (v domain_separator + v v_K) u8_inttype)
-      (fun _ -> Prims.l_True)
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v domain_separator < 2 * v v_K /\
+        range (v domain_separator + v v_K) u8_inttype)
+      (ensures
+        fun temp_0_ ->
+          let err1, ds:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K &
+            u8) =
+            temp_0_
+          in
+          v ds == v domain_separator + v v_K /\
+          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector err1 ==
+          Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))
 
 /// Sample a vector of ring elements from a centered binomial distribution and
 /// convert them into their NTT representations.
@@ -52,7 +79,11 @@ val sample_vector_cbd_then_ntt
           Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt_future ==
           Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
             (Seq.slice prf_input 0 32)
-            (sz (v domain_separator)))
+            (sz (v domain_separator)) /\
+          (forall (i: nat).
+              i < v v_K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index re_as_ntt_future
+                    i)))
 
 val sample_vector_cbd_then_ntt_out
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
@@ -78,6 +109,84 @@ val sample_vector_cbd_then_ntt_out
             (Seq.slice prf_input 0 32)
             (sz (v domain_separator)))
 
+/// This function implements most of <strong>Algorithm 12</strong> of the
+/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm.
+/// We say \"most of\" since Algorithm 12 samples the required randomness within
+/// the function itself, whereas this implementation expects it to be provided
+/// through the `key_generation_seed` parameter.
+/// Algorithm 12 is reproduced below:
+/// ```plaintext
+/// Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+/// Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+/// d ←$ B
+/// (ρ,σ) ← G(d)
+/// N ← 0
+/// for (i ← 0; i < k; i++)
+///     for(j ← 0; j < k; j++)
+///         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+///     end for
+/// end for
+/// for(i ← 0; i < k; i++)
+///     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+///     N ← N + 1
+/// end for
+/// for(i ← 0; i < k; i++)
+///     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+///     N ← N + 1
+/// end for
+/// ŝ ← NTT(s)
+/// ê ← NTT(e)
+/// t\u{302} ← Â◦ŝ + ê
+/// ekₚₖₑ ← ByteEncode₁₂(t\u{302}) ‖ ρ
+/// dkₚₖₑ ← ByteEncode₁₂(ŝ)
+/// ```
+/// The NIST FIPS 203 standard can be found at
+/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
+val generate_keypair_unpacked
+      (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize)
+      (#v_Vector #v_Hasher #v_Scheme: Type0)
+      {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |}
+      (key_generation_seed: t_Slice u8)
+      (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
+      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector &
+        Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE)
+      (ensures
+        fun temp_0_ ->
+          let private_key_future, public_key_future:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked
+              v_K v_Vector &
+            Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) =
+            temp_0_
+          in
+          let ((t_as_ntt, seed_for_A), secret_as_ntt), valid =
+            Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K key_generation_seed
+          in
+          (valid ==>
+            ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key_future.f_t_as_ntt
+              ) ==
+              t_as_ntt) /\ (public_key_future.f_seed_for_A == seed_for_A) /\
+            ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                  #v_Vector
+                  private_key_future.f_secret_as_ntt) ==
+              secret_as_ntt)) /\
+          (forall (i: nat).
+              i < v v_K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key_future
+                      .f_secret_as_ntt
+                    i)) /\
+          (forall (i: nat).
+              i < v v_K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future
+                      .f_t_as_ntt
+                    i)))
+
 /// Call [`compress_then_serialize_ring_element_u`] on each ring element.
 val compress_then_serialize_u
       (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
@@ -100,160 +209,6 @@ val compress_then_serialize_u
           Spec.MLKEM.compress_then_encode_u #v_K
             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input))
 
-/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element
-/// in the `ciphertext`.
-val deserialize_then_decompress_u
-      (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      (requires
-        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
-        v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K)
-      (ensures
-        fun res ->
-          let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in
-          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res ==
-          Spec.MLKEM.(vector_ntt (decode_then_decompress_u #v_K
-                  (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K))))))
-
-/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
-val deserialize_secret_key
-      (v_K: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (secret_key: t_Slice u8)
-    : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      (requires
-        Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
-        v (Core.Slice.impl__len #u8 secret_key) /
-        v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <=
-        v v_K)
-      (ensures
-        fun res ->
-          let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in
-          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res ==
-          Spec.MLKEM.vector_decode_12 #v_K secret_key)
-
-/// Call [`serialize_uncompressed_ring_element`] for each ring element.
-val serialize_secret_key
-      (v_K v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-    : Prims.Pure (t_Array u8 v_OUT_LEN)
-      (requires
-        Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
-        (forall (i: nat).
-            i < v v_K ==>
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key i)))
-      (ensures
-        fun res ->
-          let res:t_Array u8 v_OUT_LEN = res in
-          res ==
-          Spec.MLKEM.vector_encode_12 #v_K
-            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key))
-
-/// Concatenate `t` and `ρ` into the public key.
-val serialize_public_key_mut
-      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      (seed_for_a: t_Slice u8)
-      (serialized: t_Array u8 v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE)
-      (requires
-        Spec.MLKEM.is_rank v_K /\
-        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
-        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\
-        (forall (i: nat).
-            i < v v_K ==>
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i)))
-      (ensures
-        fun serialized_future ->
-          let serialized_future:t_Array u8 v_PUBLIC_KEY_SIZE = serialized_future in
-          serialized_future ==
-          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
-                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt))
-            seed_for_a)
-
-/// Concatenate `t` and `ρ` into the public key.
-val serialize_public_key
-      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      (seed_for_a: t_Slice u8)
-    : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE)
-      (requires
-        Spec.MLKEM.is_rank v_K /\
-        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
-        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\
-        (forall (i: nat).
-            i < v v_K ==>
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i)))
-      (ensures
-        fun res ->
-          let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in
-          res ==
-          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
-                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt))
-            seed_for_a)
-
-/// This function implements <strong>Algorithm 14</strong> of the
-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
-/// Algorithm 14 is reproduced below:
-/// ```plaintext
-/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
-/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
-/// Output: message m ∈ 𝔹^{32}.
-/// c₁ ← c[0 : 32dᵤk]
-/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
-/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
-/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
-/// ŝ ← ByteDecode₁₂(dkₚₖₑ)
-/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
-/// m ← ByteEncode₁(Compress₁(w))
-/// return m
-/// ```
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-val decrypt_unpacked
-      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
-          usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
-      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32))
-      (requires
-        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
-        v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
-        v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
-        v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K)
-      (fun _ -> Prims.l_True)
-
-val decrypt
-      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
-          usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (secret_key: t_Slice u8)
-      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32))
-      (requires
-        Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
-        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
-        v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\
-        v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
-        v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K)
-      (ensures
-        fun result ->
-          let result:t_Array u8 (sz 32) = result in
-          result == Spec.MLKEM.ind_cpa_decrypt v_K secret_key ciphertext)
-
 /// This function implements <strong>Algorithm 13</strong> of the
 /// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
 /// Algorithm 13 is reproduced below:
@@ -310,7 +265,15 @@ val encrypt_unpacked
         v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
         v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
         length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE)
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun result ->
+          let result:t_Array u8 v_CIPHERTEXT_SIZE = result in
+          result ==
+          Spec.MLKEM.ind_cpa_encrypt_unpacked v_K
+            message
+            randomness
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key.f_t_as_ntt)
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.f_A))
 
 val encrypt
       (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
@@ -340,72 +303,147 @@ val encrypt
           let expected, valid = Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness in
           valid ==> result == expected)
 
-/// This function implements most of <strong>Algorithm 12</strong> of the
-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm.
-/// We say \"most of\" since Algorithm 12 samples the required randomness within
-/// the function itself, whereas this implementation expects it to be provided
-/// through the `key_generation_seed` parameter.
-/// Algorithm 12 is reproduced below:
+/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+/// in the `ciphertext`.
+val deserialize_then_decompress_u
+      (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+    : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K)
+      (ensures
+        fun res ->
+          let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in
+          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res ==
+          Spec.MLKEM.(vector_ntt (decode_then_decompress_u #v_K
+                  (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K))))))
+
+/// This function implements <strong>Algorithm 14</strong> of the
+/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+/// Algorithm 14 is reproduced below:
 /// ```plaintext
-/// Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
-/// Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
-/// d ←$ B
-/// (ρ,σ) ← G(d)
-/// N ← 0
-/// for (i ← 0; i < k; i++)
-///     for(j ← 0; j < k; j++)
-///         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
-///     end for
-/// end for
-/// for(i ← 0; i < k; i++)
-///     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
-///     N ← N + 1
-/// end for
-/// for(i ← 0; i < k; i++)
-///     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
-///     N ← N + 1
-/// end for
-/// ŝ ← NTT(s)
-/// ê ← NTT(e)
-/// t\u{302} ← Â◦ŝ + ê
-/// ekₚₖₑ ← ByteEncode₁₂(t\u{302}) ‖ ρ
-/// dkₚₖₑ ← ByteEncode₁₂(ŝ)
+/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+/// Output: message m ∈ 𝔹^{32}.
+/// c₁ ← c[0 : 32dᵤk]
+/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+/// ŝ ← ByteDecode₁₂(dkₚₖₑ)
+/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+/// m ← ByteEncode₁(Compress₁(w))
+/// return m
 /// ```
 /// The NIST FIPS 203 standard can be found at
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-val generate_keypair_unpacked
-      (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize)
-      (#v_Vector #v_Hasher #v_Scheme: Type0)
-      {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
-      {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |}
-      (key_generation_seed: t_Slice u8)
-      (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
-      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
-    : Prims.Pure
-      (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector &
-        Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+val decrypt_unpacked
+      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+          usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
+      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+    : Prims.Pure (t_Array u8 (sz 32))
       (requires
-        Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
-        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
-        length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE)
+        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K)
       (ensures
-        fun temp_0_ ->
-          let private_key_future, public_key_future:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked
-              v_K v_Vector &
-            Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) =
-            temp_0_
-          in
-          (forall (i: nat).
-              i < v v_K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key_future
-                      .f_secret_as_ntt
-                    i)) /\
-          (forall (i: nat).
-              i < v v_K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future
-                      .f_t_as_ntt
-                    i)))
+        fun result ->
+          let result:t_Array u8 (sz 32) = result in
+          result ==
+          Spec.MLKEM.ind_cpa_decrypt_unpacked v_K
+            ciphertext
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector secret_key.f_secret_as_ntt))
+
+val decrypt
+      (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+          usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (secret_key: t_Slice u8)
+      (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\
+        v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K)
+      (ensures
+        fun result ->
+          let result:t_Array u8 (sz 32) = result in
+          result == Spec.MLKEM.ind_cpa_decrypt v_K secret_key ciphertext)
+
+/// Call [`serialize_uncompressed_ring_element`] for each ring element.
+val serialize_secret_key
+      (v_K v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+    : Prims.Pure (t_Array u8 v_OUT_LEN)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key i)))
+      (ensures
+        fun res ->
+          let res:t_Array u8 v_OUT_LEN = res in
+          res ==
+          Spec.MLKEM.vector_encode_12 #v_K
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key))
+
+/// Concatenate `t` and `ρ` into the public key.
+val serialize_public_key_mut
+      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (seed_for_a: t_Slice u8)
+      (serialized: t_Array u8 v_PUBLIC_KEY_SIZE)
+    : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE)
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i)))
+      (ensures
+        fun serialized_future ->
+          let serialized_future:t_Array u8 v_PUBLIC_KEY_SIZE = serialized_future in
+          serialized_future ==
+          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt))
+            seed_for_a)
+
+/// Concatenate `t` and `ρ` into the public key.
+val serialize_public_key
+      (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (seed_for_a: t_Slice u8)
+    : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE)
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i)))
+      (ensures
+        fun res ->
+          let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in
+          res ==
+          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt))
+            seed_for_a)
 
 val generate_keypair
       (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
index 227ecb785..0fe17e19e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
@@ -10,6 +10,133 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let sample_matrix_A
+      (v_K: usize)
+      (#v_Vector #v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (v_A_transpose:
+          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+      (seed: t_Array u8 (sz 34))
+      (transpose: bool)
+     =
+  let v_A_transpose:t_Array
+    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      v_K
+      (fun v_A_transpose temp_1_ ->
+          let v_A_transpose:t_Array
+            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+            v_A_transpose
+          in
+          let _:usize = temp_1_ in
+          true)
+      v_A_transpose
+      (fun v_A_transpose i ->
+          let v_A_transpose:t_Array
+            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+            v_A_transpose
+          in
+          let i:usize = i in
+          let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in
+          let seeds:t_Array (t_Array u8 (sz 34)) v_K =
+            Rust_primitives.Hax.Folds.fold_range (sz 0)
+              v_K
+              (fun seeds temp_1_ ->
+                  let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in
+                  let _:usize = temp_1_ in
+                  true)
+              seeds
+              (fun seeds j ->
+                  let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in
+                  let j:usize = j in
+                  let seeds:t_Array (t_Array u8 (sz 34)) v_K =
+                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds
+                      j
+                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ]
+                            <:
+                            t_Array u8 (sz 34))
+                          (sz 32)
+                          (cast (i <: usize) <: u8)
+                        <:
+                        t_Array u8 (sz 34))
+                  in
+                  let seeds:t_Array (t_Array u8 (sz 34)) v_K =
+                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds
+                      j
+                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ]
+                            <:
+                            t_Array u8 (sz 34))
+                          (sz 33)
+                          (cast (j <: usize) <: u8)
+                        <:
+                        t_Array u8 (sz 34))
+                  in
+                  seeds)
+          in
+          let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds
+          in
+          Rust_primitives.Hax.Folds.fold_enumerated_slice sampled
+            (fun v_A_transpose temp_1_ ->
+                let v_A_transpose:t_Array
+                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                  v_A_transpose
+                in
+                let _:usize = temp_1_ in
+                true)
+            v_A_transpose
+            (fun v_A_transpose temp_1_ ->
+                let v_A_transpose:t_Array
+                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                  v_A_transpose
+                in
+                let j, sample:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+                  temp_1_
+                in
+                if transpose
+                then
+                  let v_A_transpose:t_Array
+                    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
+                      j
+                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ j
+                            ]
+                            <:
+                            t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
+                          )
+                          i
+                          sample
+                        <:
+                        t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+                  in
+                  v_A_transpose
+                else
+                  let v_A_transpose:t_Array
+                    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
+                      i
+                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ i
+                            ]
+                            <:
+                            t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
+                          )
+                          j
+                          sample
+                        <:
+                        t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+                  in
+                  v_A_transpose))
+  in
+  let result:Prims.unit = () <: Prims.unit in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
+  v_A_transpose
+
 let compute_As_plus_e
       (v_K: usize)
       (#v_Vector: Type0)
@@ -107,6 +234,52 @@ let compute_As_plus_e
 
 #push-options "--admit_smt_queries true"
 
+let compute_message
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (secret_as_ntt u_as_ntt:
+          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+     =
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+  in
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      v_K
+      (fun result temp_1_ ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          let _:usize = temp_1_ in
+          true)
+      result
+      (fun result i ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          let i:usize = i in
+          let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector
+              (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+              (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          in
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product
+          in
+          result)
+  in
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result
+  in
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result
+  in
+  result
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
 let compute_ring_element_v
       (v_K: usize)
       (#v_Vector: Type0)
@@ -254,176 +427,3 @@ let compute_vector_u
   result
 
 #pop-options
-
-#push-options "--admit_smt_queries true"
-
-let compute_message
-      (v_K: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (secret_as_ntt u_as_ntt:
-          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-     =
-  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-  in
-  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      v_K
-      (fun result temp_1_ ->
-          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
-          let _:usize = temp_1_ in
-          true)
-      result
-      (fun result i ->
-          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
-          let i:usize = i in
-          let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector
-              (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-              (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          in
-          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product
-          in
-          result)
-  in
-  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result
-  in
-  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result
-  in
-  result
-
-#pop-options
-
-let sample_matrix_A
-      (v_K: usize)
-      (#v_Vector #v_Hasher: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-      (v_A_transpose:
-          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
-      (seed: t_Array u8 (sz 34))
-      (transpose: bool)
-     =
-  let v_A_transpose:t_Array
-    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      v_K
-      (fun v_A_transpose temp_1_ ->
-          let v_A_transpose:t_Array
-            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-            v_A_transpose
-          in
-          let _:usize = temp_1_ in
-          true)
-      v_A_transpose
-      (fun v_A_transpose i ->
-          let v_A_transpose:t_Array
-            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-            v_A_transpose
-          in
-          let i:usize = i in
-          let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in
-          let seeds:t_Array (t_Array u8 (sz 34)) v_K =
-            Rust_primitives.Hax.Folds.fold_range (sz 0)
-              v_K
-              (fun seeds temp_1_ ->
-                  let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in
-                  let _:usize = temp_1_ in
-                  true)
-              seeds
-              (fun seeds j ->
-                  let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in
-                  let j:usize = j in
-                  let seeds:t_Array (t_Array u8 (sz 34)) v_K =
-                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds
-                      j
-                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ]
-                            <:
-                            t_Array u8 (sz 34))
-                          (sz 32)
-                          (cast (i <: usize) <: u8)
-                        <:
-                        t_Array u8 (sz 34))
-                  in
-                  let seeds:t_Array (t_Array u8 (sz 34)) v_K =
-                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds
-                      j
-                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ]
-                            <:
-                            t_Array u8 (sz 34))
-                          (sz 33)
-                          (cast (j <: usize) <: u8)
-                        <:
-                        t_Array u8 (sz 34))
-                  in
-                  seeds)
-          in
-          let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-            Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds
-          in
-          Rust_primitives.Hax.Folds.fold_enumerated_slice sampled
-            (fun v_A_transpose temp_1_ ->
-                let v_A_transpose:t_Array
-                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-                  v_A_transpose
-                in
-                let _:usize = temp_1_ in
-                true)
-            v_A_transpose
-            (fun v_A_transpose temp_1_ ->
-                let v_A_transpose:t_Array
-                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-                  v_A_transpose
-                in
-                let j, sample:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-                  temp_1_
-                in
-                if transpose
-                then
-                  let v_A_transpose:t_Array
-                    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
-                      j
-                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ j
-                            ]
-                            <:
-                            t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
-                          )
-                          i
-                          sample
-                        <:
-                        t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-                  in
-                  v_A_transpose
-                else
-                  let v_A_transpose:t_Array
-                    (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-                    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
-                      i
-                      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ i
-                            ]
-                            <:
-                            t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K
-                          )
-                          j
-                          sample
-                        <:
-                        t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-                  in
-                  v_A_transpose))
-  in
-  let result:Prims.unit = () <: Prims.unit in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  let hax_temp_output:Prims.unit = result in
-  v_A_transpose
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
index 0520e4a48..7c0e78e63 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
@@ -10,6 +10,32 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+val sample_matrix_A
+      (v_K: usize)
+      (#v_Vector #v_Hasher: Type0)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      (v_A_transpose:
+          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+      (seed: t_Array u8 (sz 34))
+      (transpose: bool)
+    : Prims.Pure
+      (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+      (requires Spec.MLKEM.is_rank v_K)
+      (ensures
+        fun v_A_transpose_future ->
+          let v_A_transpose_future:t_Array
+            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+            v_A_transpose_future
+          in
+          let matrix_A, valid = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in
+          valid ==>
+          (if transpose
+            then Libcrux_ml_kem.Polynomial.to_spec_matrix_t v_A_transpose_future == matrix_A
+            else
+              Libcrux_ml_kem.Polynomial.to_spec_matrix_t v_A_transpose_future ==
+              Spec.MLKEM.matrix_transpose matrix_A))
+
 /// Compute  ◦ ŝ + ê
 val compute_As_plus_e
       (v_K: usize)
@@ -32,7 +58,36 @@ val compute_As_plus_e
           to_spec_vector_t tt_as_ntt_future =
           Spec.MLKEM.compute_As_plus_e_ntt (to_spec_matrix_t matrix_A)
             (to_spec_vector_t s_as_ntt)
-            (to_spec_vector_t error_as_ntt))
+            (to_spec_vector_t error_as_ntt) /\
+          (forall (i: nat).
+              i < v v_K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt_future
+                    i)))
+
+/// The following functions compute various expressions involving
+/// vectors and matrices. The computation of these expressions has been
+/// abstracted away into these functions in order to save on loop iterations.
+/// Compute v − InverseNTT(sᵀ ◦ NTT(u))
+val compute_message
+      (v_K: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (secret_as_ntt u_as_ntt:
+          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+    : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (requires Spec.MLKEM.is_rank v_K)
+      (ensures
+        fun res ->
+          let res:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = res in
+          let open Libcrux_ml_kem.Polynomial in
+          let secret_spec = to_spec_vector_t secret_as_ntt in
+          let u_spec = to_spec_vector_t u_as_ntt in
+          let v_spec = to_spec_poly_t v in
+          to_spec_poly_t res ==
+          Spec.MLKEM.(poly_sub v_spec
+              (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec))) /\
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res)
 
 /// Compute InverseNTT(tᵀ ◦ r\u{302}) + e₂ + message
 val compute_ring_element_v
@@ -79,54 +134,3 @@ val compute_vector_u
           (forall (i: nat).
               i < v v_K ==>
               Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index res i)))
-
-/// The following functions compute various expressions involving
-/// vectors and matrices. The computation of these expressions has been
-/// abstracted away into these functions in order to save on loop iterations.
-/// Compute v − InverseNTT(sᵀ ◦ NTT(u))
-val compute_message
-      (v_K: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (secret_as_ntt u_as_ntt:
-          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-    : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (requires Spec.MLKEM.is_rank v_K)
-      (ensures
-        fun res ->
-          let res:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = res in
-          let open Libcrux_ml_kem.Polynomial in
-          let secret_spec = to_spec_vector_t secret_as_ntt in
-          let u_spec = to_spec_vector_t u_as_ntt in
-          let v_spec = to_spec_poly_t v in
-          to_spec_poly_t res ==
-          Spec.MLKEM.(poly_sub v_spec
-              (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec))) /\
-          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res)
-
-val sample_matrix_A
-      (v_K: usize)
-      (#v_Vector #v_Hasher: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
-      (v_A_transpose:
-          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
-      (seed: t_Array u8 (sz 34))
-      (transpose: bool)
-    : Prims.Pure
-      (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
-      (requires Spec.MLKEM.is_rank v_K)
-      (ensures
-        fun v_A_transpose_future ->
-          let v_A_transpose_future:t_Array
-            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-            v_A_transpose_future
-          in
-          let matrix_A, valid = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in
-          valid ==>
-          (if transpose
-            then Libcrux_ml_kem.Polynomial.to_spec_matrix_t v_A_transpose_future == matrix_A
-            else
-              Libcrux_ml_kem.Polynomial.to_spec_matrix_t v_A_transpose_future ==
-              Spec.MLKEM.matrix_transpose matrix_A))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
index 5d86ce050..d974fbef3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
@@ -464,12 +464,13 @@ let ntt_binomially_sampled_ring_element
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
-  let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-  =
+  let result, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
     (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re
     <:
     (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
   in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
   re
 
 #pop-options
@@ -527,12 +528,13 @@ let ntt_vector_u
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
-  let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-  =
+  let result, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
     (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re
     <:
     (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
   in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
   re
 
 #pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
index 487f928cf..8cf047654 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
@@ -164,7 +164,11 @@ val ntt_binomially_sampled_ring_element
         forall i.
           i < 8 ==>
           ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ]))
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun re_future ->
+          let re_future:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re_future in
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_future ==
+          Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
 
 val ntt_vector_u
       (v_VECTOR_U_COMPRESSION_FACTOR: usize)
@@ -173,4 +177,8 @@ val ntt_vector_u
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       Prims.l_True
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun re_future ->
+          let re_future:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re_future in
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_future ==
+          Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst
index 0ed1d6ebd..13f72a5df 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst
@@ -144,6 +144,104 @@ let sample_from_uniform_distribution_next
   <:
   (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool)
 
+#push-options "--admit_smt_queries true"
+
+let sample_from_xof
+      (v_K: usize)
+      (#v_Vector #v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (seeds: t_Array (t_Array u8 (sz 34)) v_K)
+     =
+  let (sampled_coefficients: t_Array usize v_K):t_Array usize v_K =
+    Rust_primitives.Hax.repeat (sz 0) v_K
+  in
+  let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K =
+    Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K
+  in
+  let xof_state:v_Hasher =
+    Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb_final #v_Hasher
+      #v_K
+      #FStar.Tactics.Typeclasses.solve
+      seeds
+  in
+  let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) =
+    Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_first_three_blocks #v_Hasher
+      #v_K
+      #FStar.Tactics.Typeclasses.solve
+      xof_state
+  in
+  let xof_state:v_Hasher = tmp0 in
+  let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in
+  let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) =
+    sample_from_uniform_distribution_next #v_Vector v_K (sz 504) randomness sampled_coefficients out
+  in
+  let sampled_coefficients:t_Array usize v_K = tmp0 in
+  let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in
+  let done:bool = out1 in
+  let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K &
+    t_Array usize v_K &
+    v_Hasher) =
+    Rust_primitives.f_while_loop (fun temp_0_ ->
+          let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K &
+            t_Array usize v_K &
+            v_Hasher) =
+            temp_0_
+          in
+          ~.done <: bool)
+      (done, out, sampled_coefficients, xof_state
+        <:
+        (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher))
+      (fun temp_0_ ->
+          let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K &
+            t_Array usize v_K &
+            v_Hasher) =
+            temp_0_
+          in
+          let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) =
+            Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_next_block #v_Hasher
+              #v_K
+              #FStar.Tactics.Typeclasses.solve
+              xof_state
+          in
+          let xof_state:v_Hasher = tmp0 in
+          let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in
+          let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) =
+            sample_from_uniform_distribution_next #v_Vector
+              v_K
+              (sz 168)
+              randomness
+              sampled_coefficients
+              out
+          in
+          let sampled_coefficients:t_Array usize v_K = tmp0 in
+          let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in
+          let done:bool = out1 in
+          done, out, sampled_coefficients, xof_state
+          <:
+          (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher))
+  in
+  Core.Array.impl_23__map #(t_Array i16 (sz 272))
+    v_K
+    #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+    out
+    (fun s ->
+        let s:t_Array i16 (sz 272) = s in
+        Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector
+          (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 }
+              <:
+              Core.Ops.Range.t_Range usize ]
+            <:
+            t_Slice i16)
+        <:
+        Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+
+#pop-options
+
 #push-options "--z3rlimit 800"
 
 let sample_from_binomial_distribution_2_
@@ -316,109 +414,15 @@ let sample_from_binomial_distribution
       (randomness: t_Slice u8)
      =
   let _:Prims.unit = assert ((v (cast v_ETA <: u32) == 2) \/ (v (cast v_ETA <: u32) == 3)) in
-  match cast (v_ETA <: usize) <: u32 with
-  | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness
-  | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    match cast (v_ETA <: usize) <: u32 with
+    | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness
+    | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness
+    | _ ->
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
-
-#push-options "--admit_smt_queries true"
-
-let sample_from_xof
-      (v_K: usize)
-      (#v_Vector #v_Hasher: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-      (seeds: t_Array (t_Array u8 (sz 34)) v_K)
-     =
-  let (sampled_coefficients: t_Array usize v_K):t_Array usize v_K =
-    Rust_primitives.Hax.repeat (sz 0) v_K
-  in
-  let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K =
-    Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K
-  in
-  let xof_state:v_Hasher =
-    Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb_final #v_Hasher
-      #v_K
-      #FStar.Tactics.Typeclasses.solve
-      seeds
-  in
-  let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) =
-    Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_first_three_blocks #v_Hasher
-      #v_K
-      #FStar.Tactics.Typeclasses.solve
-      xof_state
-  in
-  let xof_state:v_Hasher = tmp0 in
-  let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in
-  let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) =
-    sample_from_uniform_distribution_next #v_Vector v_K (sz 504) randomness sampled_coefficients out
-  in
-  let sampled_coefficients:t_Array usize v_K = tmp0 in
-  let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in
-  let done:bool = out1 in
-  let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K &
-    t_Array usize v_K &
-    v_Hasher) =
-    Rust_primitives.f_while_loop (fun temp_0_ ->
-          let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K &
-            t_Array usize v_K &
-            v_Hasher) =
-            temp_0_
-          in
-          ~.done <: bool)
-      (done, out, sampled_coefficients, xof_state
-        <:
-        (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher))
-      (fun temp_0_ ->
-          let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K &
-            t_Array usize v_K &
-            v_Hasher) =
-            temp_0_
-          in
-          let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) =
-            Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_next_block #v_Hasher
-              #v_K
-              #FStar.Tactics.Typeclasses.solve
-              xof_state
-          in
-          let xof_state:v_Hasher = tmp0 in
-          let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in
-          let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) =
-            sample_from_uniform_distribution_next #v_Vector
-              v_K
-              (sz 168)
-              randomness
-              sampled_coefficients
-              out
-          in
-          let sampled_coefficients:t_Array usize v_K = tmp0 in
-          let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in
-          let done:bool = out1 in
-          done, out, sampled_coefficients, xof_state
           <:
-          (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher))
+          Rust_primitives.Hax.t_Never)
   in
-  Core.Array.impl_23__map #(t_Array i16 (sz 272))
-    v_K
-    #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-    out
-    (fun s ->
-        let s:t_Array i16 (sz 272) = s in
-        Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector
-          (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 }
-              <:
-              Core.Ops.Range.t_Range usize ]
-            <:
-            t_Slice i16)
-        <:
-        Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-
-#pop-options
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti
index 8d7df649d..701fc9640 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti
@@ -54,6 +54,16 @@ val sample_from_uniform_distribution_next
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+val sample_from_xof
+      (v_K: usize)
+      (#v_Vector #v_Hasher: Type0)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      (seeds: t_Array (t_Array u8 (sz 34)) v_K)
+    : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Given a series of uniformly random bytes in `randomness`, for some number `eta`,
 /// the `sample_from_binomial_distribution_{eta}` functions sample
 /// a ring element from a binomial distribution centered at 0 that uses two sets
@@ -117,14 +127,12 @@ val sample_from_binomial_distribution
       (requires
         (v_ETA =. sz 2 || v_ETA =. sz 3) &&
         (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! sz 64 <: usize))
-      (fun _ -> Prims.l_True)
-
-val sample_from_xof
-      (v_K: usize)
-      (#v_Vector #v_Hasher: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
-      (seeds: t_Array (t_Array u8 (sz 34)) v_K)
-    : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          (forall (i: nat).
+              i < 8 ==>
+              Libcrux_ml_kem.Ntt.ntt_layer_7_pre (result.f_coefficients.[ sz i ])
+                (result.f_coefficients.[ sz i +! sz 8 ])) /\
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
+          Spec.MLKEM.sample_poly_cbd v_ETA randomness)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index 3d527ad48..ca0e4382e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -21,401 +21,263 @@ let to_unsigned_field_modulus
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
-let compress_then_serialize_10_
-      (v_OUT_LEN: usize)
+let deserialize_then_decompress_11_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (serialized: t_Slice u8)
      =
-  let _:Prims.unit = assert_norm (pow2 10 == 1024) in
-  let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
-  let serialized:t_Array u8 v_OUT_LEN =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
-      (fun serialized i ->
-          let serialized:t_Array u8 v_OUT_LEN = serialized in
-          let i:usize = i in
-          v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re)
-      serialized
-      (fun serialized i ->
-          let serialized:t_Array u8 v_OUT_LEN = serialized in
-          let i:usize = i in
-          let _:Prims.unit = assert (20 * v i + 20 <= 320) in
-          let _:Prims.unit =
-            reveal_opaque (`%coefficients_field_modulus_range)
-              (coefficients_field_modulus_range #v_Vector)
-          in
-          let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              10l
-              (to_unsigned_field_modulus #v_Vector
-                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
-                <:
-                v_Vector)
-          in
-          let bytes:t_Array u8 (sz 20) =
-            Libcrux_ml_kem.Vector.Traits.f_serialize_10_ #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              coefficient
-          in
-          let serialized:t_Array u8 v_OUT_LEN =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = sz 20 *! i <: usize;
-                  Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = sz 20 *! i <: usize;
-                        Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (bytes <: t_Slice u8)
-                <:
-                t_Slice u8)
-          in
-          serialized)
+  let _:Prims.unit =
+    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352)
   in
-  let result:t_Array u8 v_OUT_LEN = serialized in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
-
-#push-options "--admit_smt_queries true"
-
-let compress_then_serialize_11_
-      (v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-     =
-  let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
-  let serialized:t_Array u8 v_OUT_LEN =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
-      (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUT_LEN = serialized in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+  in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22)
+      serialized
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
           let _:usize = temp_1_ in
           true)
-      serialized
-      (fun serialized i ->
-          let serialized:t_Array u8 v_OUT_LEN = serialized in
-          let i:usize = i in
+      re
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+          let i, bytes:(usize & t_Slice u8) = temp_1_ in
           let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              11l
-              (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector
-                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
-                <:
-                v_Vector)
-          in
-          let bytes:t_Array u8 (sz 22) =
-            Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              coefficient
+              bytes
           in
-          let serialized:t_Array u8 v_OUT_LEN =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = sz 22 *! i <: usize;
-                  Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = sz 22 *! i <: usize;
-                        Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (bytes <: t_Slice u8)
-                <:
-                t_Slice u8)
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            {
+              re with
+              Libcrux_ml_kem.Polynomial.f_coefficients
+              =
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+                  .Libcrux_ml_kem.Polynomial.f_coefficients
+                i
+                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
+                    #FStar.Tactics.Typeclasses.solve
+                    11l
+                    coefficient
+                  <:
+                  v_Vector)
+            }
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
           in
-          serialized)
+          re)
   in
-  serialized
-
-#pop-options
+  re
 
-let compress_then_serialize_4_
+let deserialize_then_decompress_4_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (serialized: t_Slice u8)
      =
-  let _:Prims.unit = assert_norm (pow2 4 == 16) in
-  let serialized:t_Slice u8 =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
-      (fun serialized i ->
-          let serialized:t_Slice u8 = serialized in
-          let i:usize = i in
-          v i >= 0 /\ v i <= 16 /\ v i < 16 ==>
-          (Seq.length serialized == 128 /\ coefficients_field_modulus_range re))
+  let _:Prims.unit =
+    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128)
+  in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+  in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8)
       serialized
-      (fun serialized i ->
-          let serialized:t_Slice u8 = serialized in
-          let i:usize = i in
-          let _:Prims.unit = assert (8 * v i + 8 <= 128) in
-          let _:Prims.unit =
-            reveal_opaque (`%coefficients_field_modulus_range)
-              (coefficients_field_modulus_range #v_Vector)
-          in
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+          let _:usize = temp_1_ in
+          true)
+      re
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+          let i, bytes:(usize & t_Slice u8) = temp_1_ in
           let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              4l
-              (to_unsigned_field_modulus #v_Vector
-                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
-                <:
-                v_Vector)
-          in
-          let bytes:t_Array u8 (sz 8) =
-            Libcrux_ml_kem.Vector.Traits.f_serialize_4_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_deserialize_4_ #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              coefficient
+              bytes
           in
-          let serialized:t_Slice u8 =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = sz 8 *! i <: usize;
-                  Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = sz 8 *! i <: usize;
-                        Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (bytes <: t_Slice u8)
-                <:
-                t_Slice u8)
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            {
+              re with
+              Libcrux_ml_kem.Polynomial.f_coefficients
+              =
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+                  .Libcrux_ml_kem.Polynomial.f_coefficients
+                i
+                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
+                    #FStar.Tactics.Typeclasses.solve
+                    4l
+                    coefficient
+                  <:
+                  v_Vector)
+            }
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
           in
-          serialized)
+          re)
   in
-  let result:Prims.unit = () <: Prims.unit in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  let hax_temp_output:Prims.unit = result in
-  serialized
-
-#push-options "--admit_smt_queries true"
+  re
 
-let compress_then_serialize_5_
+let deserialize_then_decompress_5_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (serialized: t_Slice u8)
      =
-  let serialized:t_Slice u8 =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
-      (fun serialized temp_1_ ->
-          let serialized:t_Slice u8 = serialized in
+  let _:Prims.unit =
+    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160)
+  in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+  in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10)
+      serialized
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
           let _:usize = temp_1_ in
           true)
-      serialized
-      (fun serialized i ->
-          let serialized:t_Slice u8 = serialized in
-          let i:usize = i in
-          let coefficients:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              5l
-              (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector
-                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
-                <:
-                v_Vector)
-          in
-          let bytes:t_Array u8 (sz 10) =
-            Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              coefficients
+      re
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+          let i, bytes:(usize & t_Slice u8) = temp_1_ in
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            {
+              re with
+              Libcrux_ml_kem.Polynomial.f_coefficients
+              =
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+                  .Libcrux_ml_kem.Polynomial.f_coefficients
+                i
+                (Libcrux_ml_kem.Vector.Traits.f_deserialize_5_ #v_Vector
+                    #FStar.Tactics.Typeclasses.solve
+                    bytes
+                  <:
+                  v_Vector)
+            }
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
           in
-          let serialized:t_Slice u8 =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = sz 10 *! i <: usize;
-                  Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = sz 10 *! i <: usize;
-                        Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (bytes <: t_Slice u8)
-                <:
-                t_Slice u8)
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            {
+              re with
+              Libcrux_ml_kem.Polynomial.f_coefficients
+              =
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+                  .Libcrux_ml_kem.Polynomial.f_coefficients
+                i
+                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
+                    #FStar.Tactics.Typeclasses.solve
+                    5l
+                    (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
+                  <:
+                  v_Vector)
+            }
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
           in
-          serialized)
+          re)
   in
-  let hax_temp_output:Prims.unit = () <: Prims.unit in
-  serialized
-
-#pop-options
+  re
 
-let compress_then_serialize_message
+let deserialize_then_decompress_message
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (serialized: t_Array u8 (sz 32))
      =
-  let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
-  let serialized:t_Array u8 (sz 32) =
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+  in
+  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       (sz 16)
-      (fun serialized i ->
-          let serialized:t_Array u8 (sz 32) = serialized in
-          let i:usize = i in
-          v i < 16 ==> coefficients_field_modulus_range re)
-      serialized
-      (fun serialized i ->
-          let serialized:t_Array u8 (sz 32) = serialized in
+      (fun re temp_1_ ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+          let _:usize = temp_1_ in
+          true)
+      re
+      (fun re i ->
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
           let i:usize = i in
-          let _:Prims.unit = assert (2 * v i + 2 <= 32) in
-          let _:Prims.unit =
-            reveal_opaque (`%coefficients_field_modulus_range)
-              (coefficients_field_modulus_range #v_Vector)
-          in
-          let coefficient:v_Vector =
-            to_unsigned_field_modulus #v_Vector
-              (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
-          in
           let coefficient_compressed:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_compress_1_ #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              coefficient
-          in
-          let bytes:t_Array u8 (sz 2) =
-            Libcrux_ml_kem.Vector.Traits.f_serialize_1_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_deserialize_1_ #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              coefficient_compressed
-          in
-          let serialized:t_Array u8 (sz 32) =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = sz 2 *! i <: usize;
-                  Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = sz 2 *! i <: usize;
-                        Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (bytes <: t_Slice u8)
+              (serialized.[ {
+                    Core.Ops.Range.f_start = sz 2 *! i <: usize;
+                    Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize
+                  }
+                  <:
+                  Core.Ops.Range.t_Range usize ]
                 <:
                 t_Slice u8)
           in
-          serialized)
+          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+            {
+              re with
+              Libcrux_ml_kem.Polynomial.f_coefficients
+              =
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+                  .Libcrux_ml_kem.Polynomial.f_coefficients
+                i
+                (Libcrux_ml_kem.Vector.Traits.decompress_1_ #v_Vector coefficient_compressed
+                  <:
+                  v_Vector)
+            }
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
+          in
+          re)
   in
-  let result:t_Array u8 (sz 32) = serialized in
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
-let compress_then_serialize_ring_element_u
-      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-     =
-  let _:Prims.unit =
-    assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/
-        (v (cast v_COMPRESSION_FACTOR <: u32) == 11));
-    Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR)
-  in
-  match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
-  | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re
-  | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
-
-        <:
-        Rust_primitives.Hax.t_Never)
-
-let compress_then_serialize_ring_element_v
-      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+let deserialize_then_decompress_ring_element_v
+      (v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (out: t_Slice u8)
+      (serialized: t_Slice u8)
      =
   let _:Prims.unit =
     assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/
-        (v (cast v_COMPRESSION_FACTOR <: u32) == 5));
-    Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR)
+        (v (cast v_COMPRESSION_FACTOR <: u32) == 5))
   in
-  let out, hax_temp_output:(t_Slice u8 & Prims.unit) =
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
     match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
-    | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit)
-    | 5ul -> compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit)
+    | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized
+    | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized
     | _ ->
-      out,
       Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
           <:
           Rust_primitives.Hax.t_Never)
-      <:
-      (t_Slice u8 & Prims.unit)
   in
-  out
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
-let deserialize_then_decompress_10_
+let deserialize_to_reduced_ring_element
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (serialized: t_Slice u8)
      =
-  let _:Prims.unit =
-    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320)
-  in
+  let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
     Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
   in
-  let v__coefficients_length:usize =
-    Core.Slice.impl__len #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients <: t_Slice v_Vector)
-  in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20)
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24)
       serialized
       (fun re temp_1_ ->
           let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
@@ -426,7 +288,7 @@ let deserialize_then_decompress_10_
           let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
           let i, bytes:(usize & t_Slice u8) = temp_1_ in
           let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_deserialize_10_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector
               #FStar.Tactics.Typeclasses.solve
               bytes
           in
@@ -438,9 +300,8 @@ let deserialize_then_decompress_10_
               Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
                   .Libcrux_ml_kem.Polynomial.f_coefficients
                 i
-                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
+                (Libcrux_ml_kem.Vector.Traits.f_cond_subtract_3329_ #v_Vector
                     #FStar.Tactics.Typeclasses.solve
-                    10l
                     coefficient
                   <:
                   v_Vector)
@@ -450,74 +311,88 @@ let deserialize_then_decompress_10_
           in
           re)
   in
-  re
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
-let deserialize_then_decompress_11_
+let deserialize_ring_elements_reduced
+      (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Slice u8)
+      (public_key: t_Slice u8)
+      (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
      =
-  let _:Prims.unit =
-    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352)
-  in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-  in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22)
-      serialized
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+  let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
+      public_key
+      (fun deserialized_pk temp_1_ ->
+          let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+            v_K =
+            deserialized_pk
+          in
           let _:usize = temp_1_ in
           true)
-      re
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
-          let i, bytes:(usize & t_Slice u8) = temp_1_ in
-          let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #v_Vector
-              #FStar.Tactics.Typeclasses.solve
-              bytes
-          in
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            {
-              re with
-              Libcrux_ml_kem.Polynomial.f_coefficients
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_kem.Polynomial.f_coefficients
-                i
-                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
-                    #FStar.Tactics.Typeclasses.solve
-                    11l
-                    coefficient
-                  <:
-                  v_Vector)
-            }
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
+      deserialized_pk
+      (fun deserialized_pk temp_1_ ->
+          let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+            v_K =
+            deserialized_pk
           in
-          re)
+          let i, ring_element:(usize & t_Slice u8) = temp_1_ in
+          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk
+            i
+            (deserialize_to_reduced_ring_element #v_Vector ring_element
+              <:
+              Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          <:
+          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
   in
-  re
+  let result:Prims.unit = () <: Prims.unit in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
+  deserialized_pk
 
-let deserialize_then_decompress_4_
+let deserialize_ring_elements_reduced_out
+      (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Slice u8)
+      (public_key: t_Slice u8)
      =
-  let _:Prims.unit =
-    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128)
+  let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      v_K
+      (fun v__i ->
+          let v__i:usize = v__i in
+          Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+          <:
+          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+  in
+  let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    deserialize_ring_elements_reduced v_K #v_Vector public_key deserialized_pk
+  in
+  let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+    deserialized_pk
   in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
+
+let deserialize_to_uncompressed_ring_element
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (serialized: t_Slice u8)
+     =
+  let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
     Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
   in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8)
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24)
       serialized
       (fun re temp_1_ ->
           let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
@@ -527,205 +402,429 @@ let deserialize_then_decompress_4_
       (fun re temp_1_ ->
           let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
           let i, bytes:(usize & t_Slice u8) = temp_1_ in
+          {
+            re with
+            Libcrux_ml_kem.Polynomial.f_coefficients
+            =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+                .Libcrux_ml_kem.Polynomial.f_coefficients
+              i
+              (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector
+                  #FStar.Tactics.Typeclasses.solve
+                  bytes
+                <:
+                v_Vector)
+            <:
+            t_Array v_Vector (sz 16)
+          }
+          <:
+          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+  in
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
+
+let compress_then_serialize_10_
+      (v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+     =
+  let _:Prims.unit = assert_norm (pow2 10 == 1024) in
+  let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+  let serialized:t_Array u8 v_OUT_LEN =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
+      (fun serialized i ->
+          let serialized:t_Array u8 v_OUT_LEN = serialized in
+          let i:usize = i in
+          v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re)
+      serialized
+      (fun serialized i ->
+          let serialized:t_Array u8 v_OUT_LEN = serialized in
+          let i:usize = i in
+          let _:Prims.unit = assert (20 * v i + 20 <= 320) in
+          let _:Prims.unit =
+            reveal_opaque (`%coefficients_field_modulus_range)
+              (coefficients_field_modulus_range #v_Vector)
+          in
           let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_deserialize_4_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              bytes
+              10l
+              (to_unsigned_field_modulus #v_Vector
+                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
+                <:
+                v_Vector)
           in
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            {
-              re with
-              Libcrux_ml_kem.Polynomial.f_coefficients
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_kem.Polynomial.f_coefficients
-                i
-                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
-                    #FStar.Tactics.Typeclasses.solve
-                    4l
-                    coefficient
-                  <:
-                  v_Vector)
-            }
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
+          let bytes:t_Array u8 (sz 20) =
+            Libcrux_ml_kem.Vector.Traits.f_serialize_10_ #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              coefficient
           in
-          re)
+          let serialized:t_Array u8 v_OUT_LEN =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+              ({
+                  Core.Ops.Range.f_start = sz 20 *! i <: usize;
+                  Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize
+                }
+                <:
+                Core.Ops.Range.t_Range usize)
+              (Core.Slice.impl__copy_from_slice #u8
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = sz 20 *! i <: usize;
+                        Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                  (bytes <: t_Slice u8)
+                <:
+                t_Slice u8)
+          in
+          serialized)
   in
-  re
+  let result:t_Array u8 v_OUT_LEN = serialized in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
-let deserialize_then_decompress_5_
+#push-options "--admit_smt_queries true"
+
+let compress_then_serialize_11_
+      (v_OUT_LEN: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Slice u8)
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit =
-    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160)
-  in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+  let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+  let serialized:t_Array u8 v_OUT_LEN =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
+      (fun serialized temp_1_ ->
+          let serialized:t_Array u8 v_OUT_LEN = serialized in
+          let _:usize = temp_1_ in
+          true)
+      serialized
+      (fun serialized i ->
+          let serialized:t_Array u8 v_OUT_LEN = serialized in
+          let i:usize = i in
+          let coefficient:v_Vector =
+            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              11l
+              (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector
+                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
+                <:
+                v_Vector)
+          in
+          let bytes:t_Array u8 (sz 22) =
+            Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              coefficient
+          in
+          let serialized:t_Array u8 v_OUT_LEN =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+              ({
+                  Core.Ops.Range.f_start = sz 22 *! i <: usize;
+                  Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize
+                }
+                <:
+                Core.Ops.Range.t_Range usize)
+              (Core.Slice.impl__copy_from_slice #u8
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = sz 22 *! i <: usize;
+                        Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                  (bytes <: t_Slice u8)
+                <:
+                t_Slice u8)
+          in
+          serialized)
   in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10)
+  serialized
+
+#pop-options
+
+let compress_then_serialize_4_
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (serialized: t_Slice u8)
+     =
+  let _:Prims.unit = assert_norm (pow2 4 == 16) in
+  let serialized:t_Slice u8 =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
+      (fun serialized i ->
+          let serialized:t_Slice u8 = serialized in
+          let i:usize = i in
+          v i >= 0 /\ v i <= 16 /\ v i < 16 ==>
+          (Seq.length serialized == 128 /\ coefficients_field_modulus_range re))
       serialized
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+      (fun serialized i ->
+          let serialized:t_Slice u8 = serialized in
+          let i:usize = i in
+          let _:Prims.unit = assert (8 * v i + 8 <= 128) in
+          let _:Prims.unit =
+            reveal_opaque (`%coefficients_field_modulus_range)
+              (coefficients_field_modulus_range #v_Vector)
+          in
+          let coefficient:v_Vector =
+            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              4l
+              (to_unsigned_field_modulus #v_Vector
+                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
+                <:
+                v_Vector)
+          in
+          let bytes:t_Array u8 (sz 8) =
+            Libcrux_ml_kem.Vector.Traits.f_serialize_4_ #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              coefficient
+          in
+          let serialized:t_Slice u8 =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+              ({
+                  Core.Ops.Range.f_start = sz 8 *! i <: usize;
+                  Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize
+                }
+                <:
+                Core.Ops.Range.t_Range usize)
+              (Core.Slice.impl__copy_from_slice #u8
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = sz 8 *! i <: usize;
+                        Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                  (bytes <: t_Slice u8)
+                <:
+                t_Slice u8)
+          in
+          serialized)
+  in
+  let result:Prims.unit = () <: Prims.unit in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
+  serialized
+
+#push-options "--admit_smt_queries true"
+
+let compress_then_serialize_5_
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (serialized: t_Slice u8)
+     =
+  let serialized:t_Slice u8 =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
           let _:usize = temp_1_ in
           true)
-      re
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
-          let i, bytes:(usize & t_Slice u8) = temp_1_ in
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            {
-              re with
-              Libcrux_ml_kem.Polynomial.f_coefficients
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_kem.Polynomial.f_coefficients
-                i
-                (Libcrux_ml_kem.Vector.Traits.f_deserialize_5_ #v_Vector
-                    #FStar.Tactics.Typeclasses.solve
-                    bytes
-                  <:
-                  v_Vector)
-            }
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
+      serialized
+      (fun serialized i ->
+          let serialized:t_Slice u8 = serialized in
+          let i:usize = i in
+          let coefficients:v_Vector =
+            Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              5l
+              (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector
+                  (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
+                <:
+                v_Vector)
           in
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            {
-              re with
-              Libcrux_ml_kem.Polynomial.f_coefficients
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_kem.Polynomial.f_coefficients
-                i
-                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
-                    #FStar.Tactics.Typeclasses.solve
-                    5l
-                    (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
-                  <:
-                  v_Vector)
-            }
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
+          let bytes:t_Array u8 (sz 10) =
+            Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              coefficients
+          in
+          let serialized:t_Slice u8 =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+              ({
+                  Core.Ops.Range.f_start = sz 10 *! i <: usize;
+                  Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize
+                }
+                <:
+                Core.Ops.Range.t_Range usize)
+              (Core.Slice.impl__copy_from_slice #u8
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = sz 10 *! i <: usize;
+                        Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                  (bytes <: t_Slice u8)
+                <:
+                t_Slice u8)
           in
-          re)
+          serialized)
   in
-  re
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
+  serialized
 
-let deserialize_then_decompress_message
+#pop-options
+
+let compress_then_serialize_message
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Array u8 (sz 32))
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
      =
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-  in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+  let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+  let serialized:t_Array u8 (sz 32) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       (sz 16)
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
-          let _:usize = temp_1_ in
-          true)
-      re
-      (fun re i ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+      (fun serialized i ->
+          let serialized:t_Array u8 (sz 32) = serialized in
+          let i:usize = i in
+          v i < 16 ==> coefficients_field_modulus_range re)
+      serialized
+      (fun serialized i ->
+          let serialized:t_Array u8 (sz 32) = serialized in
           let i:usize = i in
+          let _:Prims.unit = assert (2 * v i + 2 <= 32) in
+          let _:Prims.unit =
+            reveal_opaque (`%coefficients_field_modulus_range)
+              (coefficients_field_modulus_range #v_Vector)
+          in
+          let coefficient:v_Vector =
+            to_unsigned_field_modulus #v_Vector
+              (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector)
+          in
           let coefficient_compressed:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_deserialize_1_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_compress_1_ #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              (serialized.[ {
-                    Core.Ops.Range.f_start = sz 2 *! i <: usize;
-                    Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize
-                  }
-                  <:
-                  Core.Ops.Range.t_Range usize ]
+              coefficient
+          in
+          let bytes:t_Array u8 (sz 2) =
+            Libcrux_ml_kem.Vector.Traits.f_serialize_1_ #v_Vector
+              #FStar.Tactics.Typeclasses.solve
+              coefficient_compressed
+          in
+          let serialized:t_Array u8 (sz 32) =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+              ({
+                  Core.Ops.Range.f_start = sz 2 *! i <: usize;
+                  Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize
+                }
+                <:
+                Core.Ops.Range.t_Range usize)
+              (Core.Slice.impl__copy_from_slice #u8
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = sz 2 *! i <: usize;
+                        Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                  (bytes <: t_Slice u8)
                 <:
                 t_Slice u8)
           in
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-            {
-              re with
-              Libcrux_ml_kem.Polynomial.f_coefficients
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_kem.Polynomial.f_coefficients
-                i
-                (Libcrux_ml_kem.Vector.Traits.decompress_1_ #v_Vector coefficient_compressed
-                  <:
-                  v_Vector)
-            }
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
-          in
-          re)
+          serialized)
   in
-  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
+  let result:t_Array u8 (sz 32) = serialized in
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
-let deserialize_then_decompress_ring_element_u
-      (v_COMPRESSION_FACTOR: usize)
+let compress_then_serialize_ring_element_u
+      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Slice u8)
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit =
     assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/
-        (v (cast v_COMPRESSION_FACTOR <: u32) == 11))
+        (v (cast v_COMPRESSION_FACTOR <: u32) == 11));
+    Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR)
   in
-  match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
-  | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized
-  | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let result:t_Array u8 v_OUT_LEN =
+    match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+    | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re
+    | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re
+    | _ ->
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+  in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
-let deserialize_then_decompress_ring_element_v
-      (v_COMPRESSION_FACTOR: usize)
+let compress_then_serialize_ring_element_v
+      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Slice u8)
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (out: t_Slice u8)
      =
   let _:Prims.unit =
     assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/
-        (v (cast v_COMPRESSION_FACTOR <: u32) == 5))
+        (v (cast v_COMPRESSION_FACTOR <: u32) == 5));
+    Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR)
   in
-  match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
-  | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized
-  | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let out, result:(t_Slice u8 & Prims.unit) =
+    match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+    | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit)
+    | 5ul -> compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit)
+    | _ ->
+      out,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (t_Slice u8 & Prims.unit)
+  in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
+  out
 
-let deserialize_to_reduced_ring_element
+let deserialize_then_decompress_10_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (serialized: t_Slice u8)
      =
-  let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in
+  let _:Prims.unit =
+    assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320)
+  in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
     Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
   in
+  let v__coefficients_length:usize =
+    Core.Slice.impl__len #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients <: t_Slice v_Vector)
+  in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24)
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20)
       serialized
       (fun re temp_1_ ->
           let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
@@ -736,7 +835,7 @@ let deserialize_to_reduced_ring_element
           let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
           let i, bytes:(usize & t_Slice u8) = temp_1_ in
           let coefficient:v_Vector =
-            Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector
+            Libcrux_ml_kem.Vector.Traits.f_deserialize_10_ #v_Vector
               #FStar.Tactics.Typeclasses.solve
               bytes
           in
@@ -748,8 +847,9 @@ let deserialize_to_reduced_ring_element
               Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
                   .Libcrux_ml_kem.Polynomial.f_coefficients
                 i
-                (Libcrux_ml_kem.Vector.Traits.f_cond_subtract_3329_ #v_Vector
+                (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector
                     #FStar.Tactics.Typeclasses.solve
+                    10l
                     coefficient
                   <:
                   v_Vector)
@@ -759,115 +859,33 @@ let deserialize_to_reduced_ring_element
           in
           re)
   in
-  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  re
 
-let deserialize_ring_elements_reduced
-      (v_K: usize)
+let deserialize_then_decompress_ring_element_u
+      (v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (public_key: t_Slice u8)
-      (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (serialized: t_Slice u8)
      =
-  let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
-      public_key
-      (fun deserialized_pk temp_1_ ->
-          let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-            v_K =
-            deserialized_pk
-          in
-          let _:usize = temp_1_ in
-          true)
-      deserialized_pk
-      (fun deserialized_pk temp_1_ ->
-          let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-            v_K =
-            deserialized_pk
-          in
-          let i, ring_element:(usize & t_Slice u8) = temp_1_ in
-          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk
-            i
-            (deserialize_to_reduced_ring_element #v_Vector ring_element
-              <:
-              Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          <:
-          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+  let _:Prims.unit =
+    assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/
+        (v (cast v_COMPRESSION_FACTOR <: u32) == 11))
   in
-  let hax_temp_output:Prims.unit = () <: Prims.unit in
-  deserialized_pk
+  let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
+    match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+    | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized
+    | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized
+    | _ ->
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-let deserialize_ring_elements_reduced_out
-      (v_K: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (public_key: t_Slice u8)
-     =
-  let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      v_K
-      (fun v__i ->
-          let v__i:usize = v__i in
-          Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
           <:
-          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-  in
-  let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    deserialize_ring_elements_reduced v_K #v_Vector public_key deserialized_pk
-  in
-  let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
-    deserialized_pk
+          Rust_primitives.Hax.t_Never)
   in
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
-let deserialize_to_uncompressed_ring_element
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (serialized: t_Slice u8)
-     =
-  let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-  in
-  let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24)
-      serialized
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
-          let _:usize = temp_1_ in
-          true)
-      re
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
-          let i, bytes:(usize & t_Slice u8) = temp_1_ in
-          {
-            re with
-            Libcrux_ml_kem.Polynomial.f_coefficients
-            =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                .Libcrux_ml_kem.Polynomial.f_coefficients
-              i
-              (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector
-                  #FStar.Tactics.Typeclasses.solve
-                  bytes
-                <:
-                v_Vector)
-            <:
-            t_Array v_Vector (sz 16)
-          }
-          <:
-          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-  in
-  re
-
 let serialize_uncompressed_ring_element
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 129fd3ced..415926dbf 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -38,89 +38,6 @@ val to_unsigned_field_modulus
             v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array result) i) <
             v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)
 
-val compress_then_serialize_10_
-      (v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-    : Prims.Pure (t_Array u8 v_OUT_LEN)
-      (requires v v_OUT_LEN == 320 /\ coefficients_field_modulus_range re)
-      (fun _ -> Prims.l_True)
-
-val compress_then_serialize_11_
-      (v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-    : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
-
-val compress_then_serialize_4_
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (serialized: t_Slice u8)
-    : Prims.Pure (t_Slice u8)
-      (requires Seq.length serialized == 128 /\ coefficients_field_modulus_range re)
-      (ensures
-        fun serialized_future ->
-          let serialized_future:t_Slice u8 = serialized_future in
-          Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized)
-
-val compress_then_serialize_5_
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (serialized: t_Slice u8)
-    : Prims.Pure (t_Slice u8)
-      (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160)
-      (ensures
-        fun serialized_future ->
-          let serialized_future:t_Slice u8 = serialized_future in
-          Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized)
-
-val compress_then_serialize_message
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-    : Prims.Pure (t_Array u8 (sz 32))
-      (requires coefficients_field_modulus_range re)
-      (fun _ -> Prims.l_True)
-
-val compress_then_serialize_ring_element_u
-      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-    : Prims.Pure (t_Array u8 v_OUT_LEN)
-      (requires
-        (v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11) /\
-        v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ coefficients_field_modulus_range re)
-      (fun _ -> Prims.l_True)
-
-val compress_then_serialize_ring_element_v
-      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (out: t_Slice u8)
-    : Prims.Pure (t_Slice u8)
-      (requires
-        (v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5) /\
-        v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ Seq.length out == v v_OUT_LEN /\
-        coefficients_field_modulus_range re)
-      (ensures
-        fun out_future ->
-          let out_future:t_Slice u8 = out_future in
-          Core.Slice.impl__len #u8 out_future == Core.Slice.impl__len #u8 out)
-
-val deserialize_then_decompress_10_
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (serialized: t_Slice u8)
-    : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 320)
-      (fun _ -> Prims.l_True)
-
 val deserialize_then_decompress_11_
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -151,18 +68,11 @@ val deserialize_then_decompress_message
       (serialized: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val deserialize_then_decompress_ring_element_u
-      (v_COMPRESSION_FACTOR: usize)
-      (#v_Vector: Type0)
-      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (serialized: t_Slice u8)
-    : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (requires
-        (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) &&
-        (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize))
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
+          Spec.MLKEM.decode_then_decompress_message serialized)
 
 val deserialize_then_decompress_ring_element_v
       (v_COMPRESSION_FACTOR: usize)
@@ -173,7 +83,11 @@ val deserialize_then_decompress_ring_element_v
       (requires
         (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) &&
         (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize))
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
+          Spec.MLKEM.decode_then_decompress_v v_COMPRESSION_FACTOR serialized)
 
 /// Only use with public values.
 /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`.
@@ -198,7 +112,14 @@ val deserialize_ring_elements_reduced
       (requires
         Spec.MLKEM.is_rank v_K /\
         Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K))
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun deserialized_pk_future ->
+          let deserialized_pk_future:t_Array
+            (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+            deserialized_pk_future
+          in
+          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector deserialized_pk_future ==
+          Spec.MLKEM.vector_decode_12 #v_K public_key)
 
 /// This function deserializes ring elements and reduces the result by the field
 /// modulus.
@@ -227,12 +148,131 @@ val deserialize_to_uncompressed_ring_element
       (requires
         (Core.Slice.impl__len #u8 serialized <: usize) =.
         Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT)
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
+          Spec.MLKEM.byte_decode 12 serialized)
+
+val compress_then_serialize_10_
+      (v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_Array u8 v_OUT_LEN)
+      (requires v v_OUT_LEN == 320 /\ coefficients_field_modulus_range re)
       (fun _ -> Prims.l_True)
 
+val compress_then_serialize_11_
+      (v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+val compress_then_serialize_4_
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8)
+      (requires Seq.length serialized == 128 /\ coefficients_field_modulus_range re)
+      (ensures
+        fun serialized_future ->
+          let serialized_future:t_Slice u8 = serialized_future in
+          Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized)
+
+val compress_then_serialize_5_
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8)
+      (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160)
+      (ensures
+        fun serialized_future ->
+          let serialized_future:t_Slice u8 = serialized_future in
+          Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized)
+
+val compress_then_serialize_message
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires coefficients_field_modulus_range re)
+      (ensures
+        fun result ->
+          let result:t_Array u8 (sz 32) = result in
+          result ==
+          Spec.MLKEM.compress_then_encode_message (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector
+                re))
+
+val compress_then_serialize_ring_element_u
+      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_Array u8 v_OUT_LEN)
+      (requires
+        (v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11) /\
+        v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ coefficients_field_modulus_range re)
+      (ensures
+        fun result ->
+          let result:t_Array u8 v_OUT_LEN = result in
+          result ==
+          Spec.MLKEM.compress_then_byte_encode (v v_COMPRESSION_FACTOR)
+            (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
+
+val compress_then_serialize_ring_element_v
+      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (out: t_Slice u8)
+    : Prims.Pure (t_Slice u8)
+      (requires
+        (v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5) /\
+        v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ Seq.length out == v v_OUT_LEN /\
+        coefficients_field_modulus_range re)
+      (ensures
+        fun out_future ->
+          let out_future:t_Slice u8 = out_future in
+          Core.Slice.impl__len #u8 out_future == Core.Slice.impl__len #u8 out /\
+          out_future ==
+          Spec.MLKEM.compress_then_encode_v v_COMPRESSION_FACTOR
+            (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
+
+val deserialize_then_decompress_10_
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (serialized: t_Slice u8)
+    : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 320)
+      (fun _ -> Prims.l_True)
+
+val deserialize_then_decompress_ring_element_u
+      (v_COMPRESSION_FACTOR: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (serialized: t_Slice u8)
+    : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+      (requires
+        (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) &&
+        (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize))
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
+          Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
+          Spec.MLKEM.byte_decode_then_decompress (v v_COMPRESSION_FACTOR) serialized)
+
 val serialize_uncompressed_ring_element
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_Array u8 (sz 384))
       (requires coefficients_field_modulus_range re)
-      (fun _ -> Prims.l_True)
+      (ensures
+        fun result ->
+          let result:t_Array u8 (sz 384) = result in
+          result ==
+          Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
index 943518133..0d74da846 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
@@ -80,9 +80,13 @@ class t_Variant (v_Self: Type0) = {
       v_K: usize ->
       #v_Hasher: Type0 ->
       {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
-      t_Slice u8 ->
-      t_Array u8 (sz 64)
-    -> Type0;
+      seed: t_Slice u8 ->
+      res: t_Array u8 (sz 64)
+    -> pred:
+      Type0
+        { pred ==>
+          Seq.length seed == 32 ==>
+          res == Spec.Utils.v_G (Seq.append seed (Seq.create 1 (cast v_K <: u8))) };
   f_cpa_keygen_seed:
       v_K: usize ->
       #v_Hasher: Type0 ->
@@ -194,9 +198,10 @@ let impl: t_Variant t_MlKem =
           i4:
           Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
         (key_generation_seed: t_Slice u8)
-        (out: t_Array u8 (sz 64))
+        (res: t_Array u8 (sz 64))
         ->
-        true);
+        Seq.length key_generation_seed == 32 ==>
+        res == Spec.Utils.v_G (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8))));
     f_cpa_keygen_seed
     =
     fun
@@ -236,6 +241,12 @@ let impl: t_Variant t_MlKem =
           Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
           (cast (v_K <: usize) <: u8)
       in
+      let _:Prims.unit =
+        Lib.Sequence.eq_intro #u8
+          #33
+          seed
+          (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8)))
+      in
       Libcrux_ml_kem.Hash_functions.f_G #v_Hasher
         #v_K
         #FStar.Tactics.Typeclasses.solve
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
index 8bda725bd..aa963a309 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
@@ -17,10 +17,43 @@ let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) =
 
 let compress_message_coefficient (fe: u16) =
   let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in
+  let _:Prims.unit = assert (v shifted == 1664 - v fe) in
   let mask:i16 = shifted >>! 15l in
+  let _:Prims.unit =
+    assert (v mask = v shifted / pow2 15);
+    assert (if v shifted < 0 then mask = ones else mask = zero)
+  in
   let shifted_to_positive:i16 = mask ^. shifted in
+  let _:Prims.unit =
+    logxor_lemma shifted mask;
+    assert (v shifted < 0 ==> v shifted_to_positive = v (lognot shifted));
+    neg_equiv_lemma shifted;
+    assert (v (lognot shifted) = - (v shifted) - 1);
+    assert (v shifted >= 0 ==> v shifted_to_positive = v (mask `logxor` shifted));
+    assert (v shifted >= 0 ==> mask = zero);
+    assert (v shifted >= 0 ==> mask ^. shifted = shifted);
+    assert (v shifted >= 0 ==> v shifted_to_positive = v shifted);
+    assert (shifted_to_positive >=. mk_i16 0)
+  in
   let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in
-  cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8
+  let _:Prims.unit =
+    assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe);
+    assert (1664 - v fe < 0 ==> v shifted_positive_in_range == - 2497 + v fe)
+  in
+  let r0:i16 = shifted_positive_in_range >>! 15l in
+  let (r1: i16):i16 = r0 &. 1s in
+  let res:u8 = cast (r1 <: i16) <: u8 in
+  let _:Prims.unit =
+    assert (v r0 = v shifted_positive_in_range / pow2 15);
+    assert (if v shifted_positive_in_range < 0 then r0 = ones else r0 = zero);
+    logand_lemma (mk_i16 1) r0;
+    assert (if v shifted_positive_in_range < 0 then r1 = mk_i16 1 else r1 = mk_i16 0);
+    assert ((v fe >= 833 && v fe <= 2496) ==> r1 = mk_i16 1);
+    assert (v fe < 833 ==> r1 = mk_i16 0);
+    assert (v fe > 2496 ==> r1 = mk_i16 0);
+    assert (v res = v r1)
+  in
+  res
 
 #push-options "--fuel 0 --ifuel 0 --z3rlimit 2000"
 
@@ -30,7 +63,8 @@ let compress
      =
   let _:Prims.unit =
     assert (v (cast (v_COEFFICIENT_BITS) <: u8) == v v_COEFFICIENT_BITS);
-    assert (v (cast (v_COEFFICIENT_BITS) <: u32) == v v_COEFFICIENT_BITS)
+    assert (v (cast (v_COEFFICIENT_BITS) <: u32) == v v_COEFFICIENT_BITS);
+    assert (v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16) == 3329)
   in
   let _:Prims.unit =
     assert (forall (i: nat).
@@ -163,35 +197,76 @@ let compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
 
 #pop-options
 
+#push-options "--z3rlimit 300 --ext context_pruning"
+
 let decompress_ciphertext_coefficient
       (v_COEFFICIENT_BITS: i32)
-      (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
      =
-  let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+  let _:Prims.unit =
+    assert_norm (pow2 1 == 2);
+    assert_norm (pow2 4 == 16);
+    assert_norm (pow2 5 == 32);
+    assert_norm (pow2 10 == 1024);
+    assert_norm (pow2 11 == 2048)
+  in
+  let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR
-      (fun v temp_1_ ->
-          let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in
-          let _:usize = temp_1_ in
-          true)
-      v
-      (fun v i ->
-          let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in
+      (fun a i ->
+          let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in
           let i:usize = i in
+          (v i < 16 ==>
+            (forall (j: nat).
+                (j >= v i /\ j < 16) ==>
+                v (Seq.index a.f_elements j) >= 0 /\
+                v (Seq.index a.f_elements j) < pow2 (v v_COEFFICIENT_BITS))) /\
+          (forall (j: nat).
+              j < v i ==>
+              v (Seq.index a.f_elements j) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))
+      a
+      (fun a i ->
+          let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in
+          let i:usize = i in
+          let _:Prims.unit =
+            assert (v (a.f_elements.[ i ] <: i16) < pow2 11);
+            assert (v (a.f_elements.[ i ] <: i16) == v (cast (a.f_elements.[ i ] <: i16) <: i32));
+            assert (v (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) ==
+                v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32));
+            assert (v ((cast (a.f_elements.[ i ] <: i16) <: i32) *!
+                    (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32)) ==
+                v (cast (a.f_elements.[ i ] <: i16) <: i32) *
+                v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32))
+          in
           let decompressed:i32 =
-            (cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) *!
+            (cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) *!
             (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32)
           in
+          let _:Prims.unit =
+            assert (v (decompressed <<! mk_i32 1) == v decompressed * 2);
+            assert (v (mk_i32 1 <<! v_COEFFICIENT_BITS) == pow2 (v v_COEFFICIENT_BITS));
+            assert (v ((decompressed <<! mk_i32 1) +! (mk_i32 1 <<! v_COEFFICIENT_BITS)) ==
+                v (decompressed <<! mk_i32 1) + v (mk_i32 1 <<! v_COEFFICIENT_BITS))
+          in
           let decompressed:i32 =
             (decompressed <<! 1l <: i32) +! (1l <<! v_COEFFICIENT_BITS <: i32)
           in
+          let _:Prims.unit =
+            assert (v (v_COEFFICIENT_BITS +! mk_i32 1) == v v_COEFFICIENT_BITS + 1);
+            assert (v (decompressed >>! (v_COEFFICIENT_BITS +! mk_i32 1 <: i32)) ==
+                v decompressed / pow2 (v v_COEFFICIENT_BITS + 1))
+          in
           let decompressed:i32 = decompressed >>! (v_COEFFICIENT_BITS +! 1l <: i32) in
-          let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+          let _:Prims.unit =
+            assert (v decompressed < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS);
+            assert (v (cast decompressed <: i16) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)
+          in
+          let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
             {
-              v with
+              a with
               Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements
               =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a
                   .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements
                 i
                 (cast (decompressed <: i32) <: i16)
@@ -199,6 +274,8 @@ let decompress_ciphertext_coefficient
             <:
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
           in
-          v)
+          a)
   in
-  v
+  a
+
+#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti
index 938330976..cdba6253e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti
@@ -36,11 +36,11 @@ val compress_message_coefficient (fe: u16)
       (ensures
         fun result ->
           let result:u8 = result in
-          Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool))
+          Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2496us <: bool))
             (fun temp_0_ ->
                 let _:Prims.unit = temp_0_ in
                 result =. 1uy <: bool) &&
-          Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool)
+          Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2496us <: bool)) <: bool)
             (fun temp_0_ ->
                 let _:Prims.unit = temp_0_ in
                 result =. 0uy <: bool))
@@ -76,7 +76,18 @@ val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
 
 val decompress_ciphertext_coefficient
       (v_COEFFICIENT_BITS: i32)
-      (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
     : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index a.f_elements i) >= 0 /\
+            v (Seq.index a.f_elements i) < pow2 (v v_COEFFICIENT_BITS)))
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in
+          forall (i: nat).
+            i < 16 ==>
+            v (Seq.index result.f_elements i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst
index 571e879fb..dc97bb645 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst
@@ -107,6 +107,7 @@ let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial =
 #pop-options
 
 val poly_ntt: polynomial -> polynomial
+[@ "opaque_to_smt"]
 let poly_ntt p =
   let p = poly_ntt_layer p 7 in
   let p = poly_ntt_layer p 6 in
@@ -184,6 +185,7 @@ val vector_dot_product_ntt: #r:rank -> vector r -> vector r -> polynomial
 let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b)
 
 val matrix_transpose: #r:rank -> matrix r -> matrix r
+[@ "opaque_to_smt"]
 let matrix_transpose #r m =
   createi r (fun i -> 
     createi r (fun j ->
@@ -194,6 +196,7 @@ let matrix_vector_mul_ntt #r m v =
   createi r (fun i -> vector_dot_product_ntt m.[i] v)
 
 val compute_As_plus_e_ntt: #r:rank -> a:matrix r -> s:vector r -> e:vector r -> vector r
+[@ "opaque_to_smt"]
 let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e
 
 
@@ -235,12 +238,13 @@ let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element
   = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in
     r
     
-
+[@ "opaque_to_smt"]
 let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d))
   =  let coefficients' : t_Array nat (sz 256) = map_array #(field_element_d d) (fun x -> x <: nat) coefficients in
      bits_to_bytes #(sz (32 * d))
        (retype_bit_vector (bit_vec_of_nat_array coefficients' d))
 
+[@ "opaque_to_smt"]
 let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d
   = let bv = bytes_to_bits coefficients in
     let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in
@@ -256,11 +260,13 @@ let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d
 let coerce_polynomial_12 (p:polynomial): polynomial_d 12 = p
 let coerce_vector_12 (#r:rank) (v:vector r): vector_d r 12 = v
 
+[@ "opaque_to_smt"]
 let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d))
   = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients
     in
     byte_encode d coefs
 
+[@ "opaque_to_smt"]
 let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial
   = map_array (decompress_d d) (byte_decode d b)
 
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
index 07c9216ae..7defc385c 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
@@ -28,7 +28,10 @@ val v_ETA1 (r:rank) : u:usize{u == sz 3 \/ u == sz 2}
 let v_ETA1 (r:rank) : usize = 
   if r = sz 2 then sz 3 else
   if r = sz 3 then sz 2 else
-  if r = sz 4 then sz 2
+  if r = sz 4 then sz 2 else (
+  assert (false);
+  sz 0)
+  
 
 let v_ETA2 (r:rank) : usize = sz 2
 
@@ -135,6 +138,7 @@ let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x
     sample_polynomial_ntt seed34
 
 val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r & bool)
+[@ "opaque_to_smt"]
 let sample_matrix_A_ntt #r seed = 
   let m = 
     createi r (fun i -> 
@@ -159,18 +163,29 @@ let sample_poly_cbd2 #r seed domain_sep =
   let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE r) prf_input in
   sample_poly_cbd (v_ETA2 r) prf_output
 
-val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial
-let sample_poly_cbd1 #r seed domain_sep =
-  let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in
-  let prf_output = v_PRF (v_ETA1_RANDOMNESS_SIZE r) prf_input in
-  sample_poly_cbd (v_ETA1 r) prf_output
+let sample_vector_cbd1_prf_input (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) (i:usize{i <. r}) : t_Array u8 (sz 33) =
+  Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep + v i)))
+
+let sample_vector_cbd1_prf_output (#r:rank) (prf_output:t_Array (t_Array u8 (v_ETA1_RANDOMNESS_SIZE r)) r) (i:usize{i <. r}) : polynomial =
+  sample_poly_cbd (v_ETA1 r) prf_output.[i]
 
 let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r =
-    createi r (fun i ->  sample_poly_cbd1 #r seed (domain_sep +! i))
+    let prf_input = createi r (sample_vector_cbd1_prf_input #r seed domain_sep) in
+    let prf_output = v_PRFxN r (v_ETA1_RANDOMNESS_SIZE r) prf_input in
+    createi r (sample_vector_cbd1_prf_output #r prf_output)
+
+let sample_vector_cbd2_prf_input (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) (i:usize{i <. r}) : t_Array u8 (sz 33) =
+  Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep + v i)))
+
+let sample_vector_cbd2_prf_output (#r:rank) (prf_output:t_Array (t_Array u8 (v_ETA2_RANDOMNESS_SIZE r)) r) (i:usize{i <. r}) : polynomial =
+  sample_poly_cbd (v_ETA2 r) prf_output.[i]
 
 let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r =
-    createi r (fun i ->  sample_poly_cbd2 #r seed (domain_sep +! i))
+    let prf_input = createi r (sample_vector_cbd2_prf_input #r seed domain_sep) in
+    let prf_output = v_PRFxN r (v_ETA2_RANDOMNESS_SIZE r) prf_input in
+    createi r (sample_vector_cbd2_prf_output #r prf_output)
 
+[@ "opaque_to_smt"]
 let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r =
     vector_ntt (sample_vector_cbd1 #r seed domain_sep)
 
@@ -205,14 +220,25 @@ let decode_then_decompress_u (#r:rank) (arr: t_Array u8 (v_C1_SIZE r)): vector r
       byte_decode_then_decompress (v d) slice
     )
 
-let compress_then_encode_v (#r:rank): polynomial -> t_Array u8 (v_C2_SIZE r)
-  = compress_then_byte_encode (v (v_VECTOR_V_COMPRESSION_FACTOR r))
+let compress_then_encode_v (u:usize{u == sz 4 \/ u == sz 5}): polynomial -> t_Array u8 (sz 32 *! u)
+  = compress_then_byte_encode (v u)
 
-let decode_then_decompress_v (#r:rank): t_Array u8 (v_C2_SIZE r) -> polynomial
-  = byte_decode_then_decompress (v (v_VECTOR_V_COMPRESSION_FACTOR r)) 
+let decode_then_decompress_v (u:usize{u == sz 4 \/ u == sz 5}): t_Array u8 (sz 32 *! u) -> polynomial
+  = byte_decode_then_decompress (v u)
 
 (** IND-CPA Functions *)
 
+val ind_cpa_generate_keypair_unpacked (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) :
+                             ((((vector r) & (t_Array u8 (sz 32))) & (vector r)) & bool)
+let ind_cpa_generate_keypair_unpacked r randomness =
+    let hashed = v_G (Seq.append randomness (Seq.create 1 (cast r <: u8))) in
+    let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in
+    let (matrix_A_as_ntt, sufficient_randomness) = sample_matrix_A_ntt #r seed_for_A in
+    let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in
+    let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in
+    let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in
+    (((t_as_ntt,seed_for_A), secret_as_ntt), sufficient_randomness)
+
 /// This function implements most of <strong>Algorithm 12</strong> of the
 /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE key generation algorithm.
 ///
@@ -223,16 +249,30 @@ let decode_then_decompress_v (#r:rank): t_Array u8 (v_C2_SIZE r) -> polynomial
 val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) :
                              (t_MLKEMCPAKeyPair r & bool)
 let ind_cpa_generate_keypair r randomness =
-    let hashed = v_G randomness in
-    let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in
-    let (matrix_A_as_ntt, sufficient_randomness) = sample_matrix_A_ntt #r seed_for_A in
-    let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in
-    let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in
-    let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in
+    let (((t_as_ntt,seed_for_A), secret_as_ntt), sufficient_randomness) =
+      ind_cpa_generate_keypair_unpacked r randomness in
     let public_key_serialized = Seq.append (vector_encode_12 #r t_as_ntt) seed_for_A in
     let secret_key_serialized = vector_encode_12 #r secret_as_ntt in
     ((secret_key_serialized,public_key_serialized), sufficient_randomness)
 
+val ind_cpa_encrypt_unpacked (r:rank)
+                    (message: t_Array u8 v_SHARED_SECRET_SIZE)
+                    (randomness:t_Array u8 v_SHARED_SECRET_SIZE)
+                    (t_as_ntt:vector r)
+                    (matrix_A_as_ntt:matrix r) :
+                    t_MLKEMCiphertext r
+
+let ind_cpa_encrypt_unpacked r message randomness t_as_ntt matrix_A_as_ntt =
+    let r_as_ntt = sample_vector_cbd_then_ntt #r randomness (sz 0) in
+    let error_1 = sample_vector_cbd2 #r randomness r in
+    let error_2 = sample_poly_cbd2 #r randomness (r +! r) in
+    let u = vector_add (vector_inv_ntt (matrix_vector_mul_ntt matrix_A_as_ntt r_as_ntt)) error_1 in
+    let mu = decode_then_decompress_message message in
+    let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in  
+    let c1 = compress_then_encode_u #r u in
+    let c2 = compress_then_encode_v (v_VECTOR_V_COMPRESSION_FACTOR r) v in
+    concat c1 c2
+
 /// This function implements <strong>Algorithm 13</strong> of the
 /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE encryption algorithm.
 
@@ -246,15 +286,19 @@ let ind_cpa_encrypt r public_key message randomness =
     let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE r) in
     let t_as_ntt = vector_decode_12 #r t_as_ntt_bytes in 
     let matrix_A_as_ntt, sufficient_randomness = sample_matrix_A_ntt #r seed_for_A in
-    let r_as_ntt = sample_vector_cbd_then_ntt #r randomness (sz 0) in
-    let error_1 = sample_vector_cbd2 #r randomness r in
-    let error_2 = sample_poly_cbd2 #r randomness (r +! r) in
-    let u = vector_add (vector_inv_ntt (matrix_vector_mul_ntt (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in
-    let mu = decode_then_decompress_message message in
-    let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in  
-    let c1 = compress_then_encode_u #r u in
-    let c2 = compress_then_encode_v #r v in
-    (concat c1 c2, sufficient_randomness)
+    let c = ind_cpa_encrypt_unpacked r message randomness t_as_ntt (matrix_transpose matrix_A_as_ntt) in
+    (c, sufficient_randomness)
+
+val ind_cpa_decrypt_unpacked (r:rank)
+                    (ciphertext: t_MLKEMCiphertext r) (secret_as_ntt:vector r): 
+                    t_MLKEMSharedSecret
+
+let ind_cpa_decrypt_unpacked r ciphertext secret_as_ntt =
+    let (c1,c2) = split ciphertext (v_C1_SIZE r) in
+    let u = decode_then_decompress_u #r c1 in
+    let v = decode_then_decompress_v (v_VECTOR_V_COMPRESSION_FACTOR r) c2 in
+    let w = poly_sub v (poly_inv_ntt (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in
+    compress_then_encode_message w
 
 /// This function implements <strong>Algorithm 14</strong> of the
 /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE decryption algorithm.
@@ -265,12 +309,8 @@ val ind_cpa_decrypt (r:rank) (secret_key: t_MLKEMCPAPrivateKey r)
 
 [@ "opaque_to_smt"]
 let ind_cpa_decrypt r secret_key ciphertext =
-    let (c1,c2) = split ciphertext (v_C1_SIZE r) in
-    let u = decode_then_decompress_u #r c1 in
-    let v = decode_then_decompress_v #r c2 in
     let secret_as_ntt = vector_decode_12 #r secret_key in
-    let w = poly_sub v (poly_inv_ntt (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in
-    compress_then_encode_message w
+    ind_cpa_decrypt_unpacked r ciphertext secret_as_ntt
 
 (** IND-CCA Functions *)
 
@@ -340,4 +380,3 @@ let ind_cca_decapsulate p secret_key ciphertext =
     if reencrypted = ciphertext
     then success_shared_secret, sufficient_randomness
     else rejection_shared_secret, sufficient_randomness
-   
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
index 1c6ed14b1..5c77472f2 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
@@ -126,6 +126,9 @@ val v_PRF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_L
 let v_PRF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 (
   shake256 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN))
 
+assume val v_PRFxN (r:usize{v r == 2 \/ v r == 3 \/ v r == 4}) (v_LEN: usize{v v_LEN < pow2 32})
+  (input: t_Array (t_Array u8 (sz 33)) r) : t_Array (t_Array u8 v_LEN) r
+
 let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input
 
 val v_XOF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_LEN
diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs
index 6627b3d72..aa91579d3 100644
--- a/libcrux-ml-kem/src/hash_functions.rs
+++ b/libcrux-ml-kem/src/hash_functions.rs
@@ -48,7 +48,12 @@ pub(crate) trait Hash<const K: usize> {
     fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN];
 
     /// PRFxN aka N SHAKE256
-    #[requires(true)]
+    #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[ensures(|result|
+        // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
+        fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+            $result == Spec.Utils.v_PRFxN $K $LEN $input"))
+    ]
     fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K];
 
     /// Create a SHAKE128 state and absorb the input.
@@ -113,6 +118,10 @@ pub(crate) mod portable {
         digest
     }
 
+    #[hax_lib::requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[hax_lib::ensures(|result|
+        fstar!("$result == Spec.Utils.v_PRFxN $K $LEN $input"))
+    ]
     #[inline(always)]
     fn PRFxN<const K: usize, const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
         debug_assert!(K == 2 || K == 3 || K == 4);
@@ -190,6 +199,12 @@ pub(crate) mod portable {
             PRF::<LEN>(input)
         }
 
+        #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+        // Output name has be `out` https://github.com/hacspec/hax/issues/832
+        #[ensures(|out|
+            fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+                $out == Spec.Utils.v_PRFxN $K $LEN $input"))
+        ]
         #[inline(always)]
         fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
             PRFxN::<K, LEN>(input)
@@ -261,6 +276,10 @@ pub(crate) mod avx2 {
         digest
     }
 
+    #[hax_lib::requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[hax_lib::ensures(|result|
+        fstar!("$result == Spec.Utils.v_PRFxN $K $LEN $input"))
+    ]
     #[inline(always)]
     fn PRFxN<const K: usize, const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
         debug_assert!(K == 2 || K == 3 || K == 4);
@@ -437,6 +456,12 @@ pub(crate) mod avx2 {
             PRF::<LEN>(input)
         }
 
+        #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+        // Output name has be `out` https://github.com/hacspec/hax/issues/832
+        #[ensures(|out|
+            fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+                $out == Spec.Utils.v_PRFxN $K $LEN $input"))
+        ]
         #[inline(always)]
         fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
             PRFxN::<K, LEN>(input)
@@ -506,6 +531,10 @@ pub(crate) mod neon {
         digest
     }
 
+    #[hax_lib::requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[hax_lib::ensures(|result|
+        fstar!("$result == Spec.Utils.v_PRFxN $K $LEN $input"))
+    ]
     #[inline(always)]
     fn PRFxN<const K: usize, const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
         debug_assert!(K == 2 || K == 3 || K == 4);
@@ -712,6 +741,13 @@ pub(crate) mod neon {
             PRF::<LEN>(input)
         }
 
+        #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+        // Output name has be `out` https://github.com/hacspec/hax/issues/832
+        #[ensures(|out|
+            // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
+            fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+                $out == Spec.Utils.v_PRFxN $K $LEN $input"))
+        ]
         #[inline(always)]
         fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
             PRFxN::<K, LEN>(input)
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 81aa3e1e8..b27030255 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -60,7 +60,6 @@ use unpacked::*;
 
 /// Concatenate `t` and `ρ` into the public key.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -92,7 +91,6 @@ pub(crate) fn serialize_public_key<
 
 /// Concatenate `t` and `ρ` into the public key.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -121,12 +119,14 @@ pub(crate) fn serialize_public_key_mut<
         Vector,
     >(t_as_ntt));
     serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a);
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #(v $PUBLIC_KEY_SIZE) serialized
+        (Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t
+            #$K #$:Vector $t_as_ntt)) $seed_for_a)");
 }
 
 /// Call [`serialize_uncompressed_ring_element`] for each ring element.
 #[inline(always)]
-#[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     (forall (i:nat). i < v $K ==>
@@ -138,27 +138,51 @@ pub(crate) fn serialize_public_key_mut<
 pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector: Operations>(
     key: &[PolynomialRingElement<Vector>; K],
 ) -> [u8; OUT_LEN] {
+    hax_lib::fstar!("assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial)");
     let mut out = [0u8; OUT_LEN];
 
     cloop! {
         for (i, re) in key.into_iter().enumerate() {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < v $K ==>
-                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))") });
+            hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < v $K ==>
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))) /\\
+                (forall (j: nat). j < v $i ==>
+                (j + 1) * v $BYTES_PER_RING_ELEMENT <= Seq.length $out /\\
+                (Seq.slice $out (j * v $BYTES_PER_RING_ELEMENT) ((j + 1) * v $BYTES_PER_RING_ELEMENT) ==
+                    Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j))))") });
             out[i * BYTES_PER_RING_ELEMENT..(i + 1) * BYTES_PER_RING_ELEMENT]
             .copy_from_slice(&serialize_uncompressed_ring_element(&re));
+            hax_lib::fstar!("let lemma_aux (j: nat{ j < v $i }) : Lemma
+                (Seq.slice out (j * v $BYTES_PER_RING_ELEMENT) ((j + 1) * v $BYTES_PER_RING_ELEMENT) ==
+                    Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j))) =
+                Lib.Sequence.eq_intro #u8 #(v $BYTES_PER_RING_ELEMENT)
+                (Seq.slice out (j * v $BYTES_PER_RING_ELEMENT) ((j + 1) * v $BYTES_PER_RING_ELEMENT))
+                (Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j)))
+            in
+            Classical.forall_intro lemma_aux");
         }
     }
 
+    hax_lib::fstar!("assert (Spec.MLKEM.coerce_vector_12 (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key) ==
+        Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key);
+    Lib.Sequence.eq_intro #u8 #(v $OUT_LEN) $out
+        (Spec.MLKEM.vector_encode_12 #$K
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key))");
     out
 }
 
 /// Sample a vector of ring elements from a centered binomial distribution.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::options("--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+    v $domain_separator < 2 * v $K /\\
     range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::ensures(|(err1,ds)|
+    fstar!("v $ds == v $domain_separator + v $K /\\
+                Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $err1 ==
+                Spec.MLKEM.sample_vector_cbd2 #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))")
+)]
 fn sample_ring_element_cbd<
     const K: usize,
     const ETA2_RANDOMNESS_SIZE: usize,
@@ -172,22 +196,41 @@ fn sample_ring_element_cbd<
     let mut error_1 = from_fn(|_i| PolynomialRingElement::<Vector>::ZERO());
     let mut prf_inputs = [prf_input; K];
     let _domain_separator_init = domain_separator;
+    let _prf_inputs_init = prf_inputs;
     for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i") });
+        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
+          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
+            ${prf_inputs}.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
+          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index $prf_inputs j) 32) == v $_domain_separator_init + j /\\
+            Seq.slice (Seq.index $prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
         prf_inputs[i][32] = domain_separator;
         domain_separator += 1;
     }
+    hax_lib::fstar!("let lemma_aux (i:nat{ i < v $K }) : Lemma (${prf_inputs}.[sz i] == (Seq.append (Seq.slice $prf_input 0 32) 
+        (Seq.create 1 (mk_int #u8_inttype (v ($_domain_separator_init +! (mk_int #u8_inttype i))))))) =
+        Lib.Sequence.eq_intro #u8 #33 ${prf_inputs}.[sz i] (Seq.append (Seq.slice $prf_input 0 32) 
+        (Seq.create 1 (mk_int #u8_inttype (v $_domain_separator_init + i)))) in
+
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v $K) $prf_inputs 
+        (createi $K (Spec.MLKEM.sample_vector_cbd2_prf_input #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init))))");
     let prf_outputs: [[u8; ETA2_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs);
     for i in 0..K {
+        hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j:nat). j < v $i ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${error_1}.[ sz j ] ==
+              Spec.MLKEM.sample_poly_cbd $ETA2 ${prf_outputs}.[ sz j ]") });
         error_1[i] = sample_from_binomial_distribution::<ETA2, Vector>(&prf_outputs[i]);
     }
+    hax_lib::fstar!("Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v $K)
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $error_1) 
+    (Spec.MLKEM.sample_vector_cbd2 #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init)))");
     (error_1, domain_separator)
 }
 
 /// Sample a vector of ring elements from a centered binomial distribution and
 /// convert them into their NTT representations.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::fstar::options("--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA == Spec.MLKEM.v_ETA1 $K /\\
@@ -195,8 +238,10 @@ fn sample_ring_element_cbd<
     range (v $domain_separator + v $K) u8_inttype"))]
 #[hax_lib::ensures(|ds|
     fstar!("v $ds == v $domain_separator + v $K /\\
-                Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${re_as_ntt}_future ==
-                Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))")
+            Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${re_as_ntt}_future ==
+            Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator)) /\\
+            (forall (i: nat). i < v $K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${re_as_ntt}_future i))")
 )]
 fn sample_vector_cbd_then_ntt<
     const K: usize,
@@ -211,21 +256,39 @@ fn sample_vector_cbd_then_ntt<
 ) -> u8 {
     let mut prf_inputs = [prf_input; K];
     let _domain_separator_init = domain_separator;
+    let _prf_inputs_init = prf_inputs;
     for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i") });
+        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
+          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
+            ${prf_inputs}.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
+          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index $prf_inputs j) 32) == v $_domain_separator_init + j /\\
+            Seq.slice (Seq.index $prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
         prf_inputs[i][32] = domain_separator;
         domain_separator += 1;
     }
+    hax_lib::fstar!("let lemma_aux (i:nat{ i < v $K }) : Lemma (${prf_inputs}.[sz i] == (Seq.append (Seq.slice $prf_input 0 32) 
+        (Seq.create 1 (mk_int #u8_inttype (v ($_domain_separator_init +! (mk_int #u8_inttype i))))))) =
+        Lib.Sequence.eq_intro #u8 #33 ${prf_inputs}.[sz i] (Seq.append (Seq.slice $prf_input 0 32) 
+        (Seq.create 1 (mk_int #u8_inttype (v $_domain_separator_init + i)))) in
+
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v $K) $prf_inputs 
+        (createi $K (Spec.MLKEM.sample_vector_cbd1_prf_input #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init))))");
     let prf_outputs: [[u8; ETA_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs);
     for i in 0..K {
+        hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j:nat). j < v $i ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector re_as_ntt.[ sz j ] ==
+              Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ])") });
         re_as_ntt[i] = sample_from_binomial_distribution::<ETA, Vector>(&prf_outputs[i]);
         ntt_binomially_sampled_ring_element(&mut re_as_ntt[i]);
     }
+    hax_lib::fstar!("Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v $K)
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector re_as_ntt) 
+    (Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init)))");
     domain_separator
 }
 
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA == Spec.MLKEM.v_ETA1 $K /\\
@@ -294,12 +357,14 @@ fn sample_vector_cbd_then_ntt_out<
 /// The NIST FIPS 203 standard can be found at
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[allow(non_snake_case)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
     length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))]
-#[hax_lib::ensures(|_| fstar!("
+#[hax_lib::ensures(|_| fstar!("let (((t_as_ntt,seed_for_A), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in 
+    (valid ==> ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}_future.f_t_as_ntt) == t_as_ntt) /\\
+        (${public_key}_future.f_seed_for_A == seed_for_A) /\\
+        ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key}_future.f_secret_as_ntt) == secret_as_ntt)) /\\
     (forall (i:nat). i < v $K ==>
         Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\\
     (forall (i:nat). i < v $K ==>
@@ -321,9 +386,14 @@ pub(crate) fn generate_keypair_unpacked<
     let hashed = Scheme::cpa_keygen_seed::<K, Hasher>(key_generation_seed);
     let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32);
 
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed_for_A
+        (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed_for_A) 0 32)");
     sample_matrix_A::<K, Vector, Hasher>(&mut public_key.A, into_padded_array(seed_for_A), true);
 
+    hax_lib::fstar!("let (matrix_A_as_ntt, valid) = Spec.MLKEM.sample_matrix_A_ntt #$K $seed_for_A in
+        assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A)");
     let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error);
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed_for_secret_and_error (Seq.slice $prf_input 0 32)");
     let domain_separator =
         sample_vector_cbd_then_ntt::<K, ETA1, ETA1_RANDOMNESS_SIZE, Vector, Hasher>(
             &mut private_key.secret_as_ntt,
@@ -346,13 +416,24 @@ pub(crate) fn generate_keypair_unpacked<
 
     public_key.seed_for_A = seed_for_A.try_into().unwrap();
 
+    hax_lib::fstar!("let ((t_as_ntt, seed_for_A), secret_as_ntt), valid =
+        Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in
+        assert (valid ==>
+            ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector public_key.f_t_as_ntt) ==
+              t_as_ntt) /\\ (public_key.f_seed_for_A == seed_for_A) /\\
+            ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector private_key.f_secret_as_ntt) ==
+              secret_as_ntt));
+        assert ((forall (i: nat). i < v $K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key.f_secret_as_ntt i)) /\\
+          (forall (i: nat). i < v $K ==>
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key.f_t_as_ntt i)))");
+
     // For encapsulation, we need to store A not Aˆ, and so we untranspose A
     // However, we pass A_transpose here and let the IND-CCA layer do the untranspose.
     // We could do it here, but then we would pay the performance cost (if any) for the packed API as well.
 }
 
 #[allow(non_snake_case)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -398,7 +479,7 @@ pub(crate) fn generate_keypair<
 }
 
 /// Call [`compress_then_serialize_ring_element_u`] on each ring element.
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\
     $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
@@ -420,19 +501,43 @@ fn compress_then_serialize_u<
     input: [PolynomialRingElement<Vector>; K],
     out: &mut [u8],
 ) {
-    hax_lib::fstar!("assert ((v $COEFFICIENTS_IN_RING_ELEMENT * v $COMPRESSION_FACTOR) / 8 == 320 \\/
-        (v $COEFFICIENTS_IN_RING_ELEMENT * v $COMPRESSION_FACTOR) / 8 == 352)");
+    hax_lib::fstar!("assert (v (sz 32 *! $COMPRESSION_FACTOR) == 32 * v $COMPRESSION_FACTOR);
+        assert (v ($OUT_LEN /! $K) == v $OUT_LEN / v $K);
+        assert (v $OUT_LEN / v $K == 32 * v $COMPRESSION_FACTOR)");
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     cloop! {
         for (i, re) in input.into_iter().enumerate() {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < v $K ==> (Seq.length out == v $OUT_LEN /\\
-                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input (v $i)))") });
+            hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < v $K ==> Seq.length out == v $OUT_LEN /\\
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input (v $i))) /\\
+            (forall (j: nat). j < v $i ==>
+                Seq.length out == v $OUT_LEN /\\
+                (j + 1) * (v $OUT_LEN / v $K) <= Seq.length out /\\
+                (Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)) == 
+                    Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
+                        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j))))") });
+            hax_lib::fstar!("assert (forall (j: nat). j < v $i ==>
+                ((Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)) == 
+                Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j)))))");
             out[i * (OUT_LEN / K)..(i + 1) * (OUT_LEN / K)].copy_from_slice(
                 &compress_then_serialize_ring_element_u::<COMPRESSION_FACTOR, BLOCK_LEN, Vector>(&re),
             );
+            hax_lib::fstar!("let lemma_aux (j: nat{ j < v $i }) : Lemma
+                (Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)) ==
+                Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index $input j))) =
+                Lib.Sequence.eq_intro #u8 #(v $OUT_LEN / v $K) 
+                (Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)))
+                (Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j)))
+            in
+            Classical.forall_intro lemma_aux");
         }
     };
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #(v $OUT_LEN) out
+        (Spec.MLKEM.compress_then_encode_u #$K
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input))");
     ()
 }
 
@@ -489,6 +594,11 @@ fn compress_then_serialize_u<
       $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
       $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
       length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
+#[hax_lib::ensures(|result|
+    fstar!("$result == Spec.MLKEM.ind_cpa_encrypt_unpacked $K $message $randomness
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_t_as_ntt)
+        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_A)")
+)]
 pub(crate) fn encrypt_unpacked<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -519,6 +629,8 @@ pub(crate) fn encrypt_unpacked<
         sample_vector_cbd_then_ntt_out::<K, ETA1, ETA1_RANDOMNESS_SIZE, Vector, Hasher>(
             prf_input, 0,
         );
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $randomness (Seq.slice $prf_input 0 32);
+        assert (v $domain_separator == v $K)");
 
     // for i from 0 to k−1 do
     //     e1[i] := CBD_{η2}(PRF(r,N))
@@ -532,6 +644,8 @@ pub(crate) fn encrypt_unpacked<
 
     // e_2 := CBD{η2}(PRF(r, N))
     prf_input[32] = domain_separator;
+    hax_lib::fstar!("assert (Seq.equal $prf_input (Seq.append $randomness (Seq.create 1 $domain_separator)));
+        assert ($prf_input == Seq.append $randomness (Seq.create 1 $domain_separator))");
     let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = Hasher::PRF(&prf_input);
     let error_2 = sample_from_binomial_distribution::<ETA2, Vector>(&prf_output);
 
@@ -546,6 +660,10 @@ pub(crate) fn encrypt_unpacked<
         &error_2,
         &message_as_ring_element,
     );
+    hax_lib::fstar!("assert ($C1_LEN = Spec.MLKEM.v_C1_SIZE v_K);
+        assert ($C2_LEN = Spec.MLKEM.v_C2_SIZE v_K);
+        assert ($CIPHERTEXT_SIZE == $C1_LEN +! $C2_LEN);
+        assert ($C1_LEN <=. $CIPHERTEXT_SIZE)");
 
     let mut ciphertext = [0u8; CIPHERTEXT_SIZE];
 
@@ -560,12 +678,13 @@ pub(crate) fn encrypt_unpacked<
         v,
         &mut ciphertext[C1_LEN..],
     );
+    hax_lib::fstar!("lemma_slice_append $ciphertext (Seq.slice $ciphertext 0 (Rust_primitives.v $C1_LEN))
+        (Seq.slice $ciphertext (Rust_primitives.v $C1_LEN) (Seq.length $ciphertext))");
 
     ciphertext
 }
 
 #[allow(non_snake_case)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA1 = Spec.MLKEM.v_ETA1 $K /\\
     $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
@@ -604,6 +723,7 @@ pub(crate) fn encrypt<
     message: [u8; SHARED_SECRET_SIZE],
     randomness: &[u8],
 ) -> [u8; CIPHERTEXT_SIZE] {
+    hax_lib::fstar!("reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt");
     let mut unpacked_public_key = IndCpaPublicKeyUnpacked::<K, Vector>::default();
 
     // tˆ := Decode_12(pk)
@@ -619,6 +739,8 @@ pub(crate) fn encrypt<
     //     end for
     // end for
     let seed = &public_key[T_AS_NTT_ENCODED_SIZE..];
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed (Seq.slice
+        (Libcrux_ml_kem.Utils.into_padded_array (Rust_primitives.mk_usize 34) $seed) 0 32)");
     sample_matrix_A::<K, Vector, Hasher>(
         &mut unpacked_public_key.A,
         into_padded_array(seed),
@@ -647,7 +769,7 @@ pub(crate) fn encrypt<
 /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element
 /// in the `ciphertext`.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::options("--ext context_pruning")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
     $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))]
@@ -663,22 +785,34 @@ fn deserialize_then_decompress_u<
 >(
     ciphertext: &[u8; CIPHERTEXT_SIZE],
 ) -> [PolynomialRingElement<Vector>; K] {
+    hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! $U_COMPRESSION_FACTOR ) /!
+        Rust_primitives.mk_usize 8) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))");
     let mut u_as_ntt = from_fn(|_| PolynomialRingElement::<Vector>::ZERO());
     cloop! {
         for (i, u_bytes) in ciphertext
             .chunks_exact((COEFFICIENTS_IN_RING_ELEMENT * U_COMPRESSION_FACTOR) / 8)
             .enumerate()
         {
+            hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j: nat). j < v $i ==>
+              j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) <= v $CIPHERTEXT_SIZE /\\
+              Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $u_as_ntt j) ==
+                Spec.MLKEM.poly_ntt (Spec.MLKEM.byte_decode_then_decompress (v $U_COMPRESSION_FACTOR)
+                  (Seq.slice $ciphertext (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))
+                    (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))))") });
             u_as_ntt[i]  = deserialize_then_decompress_ring_element_u::<U_COMPRESSION_FACTOR, Vector>(u_bytes);
             ntt_vector_u::<U_COMPRESSION_FACTOR, Vector>(&mut u_as_ntt[i]);
         }
     }
+    hax_lib::fstar!("Lib.Sequence.eq_intro #Spec.MLKEM.polynomial #(v $K)
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $u_as_ntt)
+        (Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K
+        (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K))))))");
     u_as_ntt
 }
 
 /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::options("--ext context_pruning")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     v (${secret_key.len()}) / v $BYTES_PER_RING_ELEMENT <= v $K"))]
@@ -689,12 +823,23 @@ fn deserialize_then_decompress_u<
 fn deserialize_secret_key<const K: usize, Vector: Operations>(
     secret_key: &[u8],
 ) -> [PolynomialRingElement<Vector>; K] {
+    hax_lib::fstar!("assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial)");
     let mut secret_as_ntt = from_fn(|_| PolynomialRingElement::<Vector>::ZERO());
     cloop! {
         for (i, secret_bytes) in secret_key.chunks_exact(BYTES_PER_RING_ELEMENT).enumerate() {
+            hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j: nat). j < v $i ==>
+                j * v $BYTES_PER_RING_ELEMENT + v $BYTES_PER_RING_ELEMENT <=
+                    v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K) /\\
+                Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $secret_as_ntt j) ==
+                    Spec.MLKEM.byte_decode 12 (Seq.slice $secret_key
+                        (j * v $BYTES_PER_RING_ELEMENT)
+                        (j * v $BYTES_PER_RING_ELEMENT + v $BYTES_PER_RING_ELEMENT))") });
             secret_as_ntt[i] = deserialize_to_uncompressed_ring_element(secret_bytes);
         }
     }
+    hax_lib::fstar!("Lib.Sequence.eq_intro #Spec.MLKEM.polynomial #(v $K)
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $secret_as_ntt)
+        (Spec.MLKEM.vector_decode_12 #$K $secret_key)");
     secret_as_ntt
 }
 
@@ -726,6 +871,10 @@ fn deserialize_secret_key<const K: usize, Vector: Operations>(
     $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
     $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
     $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K"))]
+#[hax_lib::ensures(|result|
+    fstar!("$result == Spec.MLKEM.ind_cpa_decrypt_unpacked $K $ciphertext
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${secret_key}.f_secret_as_ntt)")
+)]
 pub(crate) fn decrypt_unpacked<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -753,7 +902,6 @@ pub(crate) fn decrypt_unpacked<
 }
 
 #[allow(non_snake_case)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ 
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
@@ -774,6 +922,7 @@ pub(crate) fn decrypt<
     secret_key: &[u8],
     ciphertext: &[u8; CIPHERTEXT_SIZE],
 ) -> [u8; SHARED_SECRET_SIZE] {
+    hax_lib::fstar!("reveal_opaque (`%Spec.MLKEM.ind_cpa_decrypt) Spec.MLKEM.ind_cpa_decrypt");
     // sˆ := Decode_12(sk)
     let secret_as_ntt = deserialize_secret_key::<K, Vector>(secret_key);
     let secret_key_unpacked = IndCpaPrivateKeyUnpacked { secret_as_ntt };
diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs
index 855b45891..01c2d987d 100644
--- a/libcrux-ml-kem/src/matrix.rs
+++ b/libcrux-ml-kem/src/matrix.rs
@@ -156,7 +156,9 @@ pub(crate) fn compute_vector_u<const K: usize, Vector: Operations>(
              Spec.MLKEM.compute_As_plus_e_ntt
                (to_spec_matrix_t $matrix_A) 
                (to_spec_vector_t $s_as_ntt) 
-               (to_spec_vector_t $error_as_ntt)")
+               (to_spec_vector_t $error_as_ntt) /\\
+        (forall (i: nat). i < v $K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${t_as_ntt}_future i))")
 )]
 pub(crate) fn compute_As_plus_e<const K: usize, Vector: Operations>(
     t_as_ntt: &mut [PolynomialRingElement<Vector>; K],
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index b3aa4087e..9008f7190 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -256,9 +256,12 @@ pub(crate) fn ntt_at_layer_7<Vector: Operations>(re: &mut PolynomialRingElement<
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
 #[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
     (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
+#[hax_lib::ensures(|_| fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
+    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"))]
 pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
     re: &mut PolynomialRingElement<Vector>,
 ) {
@@ -278,7 +281,10 @@ pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
+#[hax_lib::ensures(|_| fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
+    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"))]
 pub(crate) fn ntt_vector_u<const VECTOR_U_COMPRESSION_FACTOR: usize, Vector: Operations>(
     re: &mut PolynomialRingElement<Vector>,
 ) {
diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs
index 094334c58..1a140d1a8 100644
--- a/libcrux-ml-kem/src/sampling.rs
+++ b/libcrux-ml-kem/src/sampling.rs
@@ -252,7 +252,12 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires((ETA == 2 || ETA == 3) && randomness.len() == ETA * 64)]
+#[hax_lib::ensures(|result| fstar!("(forall (i:nat). i < 8 ==> Libcrux_ml_kem.Ntt.ntt_layer_7_pre
+    (${result}.f_coefficients.[ sz i ]) (${result}.f_coefficients.[ sz i +! sz 8 ])) /\\
+    Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result ==
+        Spec.MLKEM.sample_poly_cbd $ETA $randomness"))]
 pub(super) fn sample_from_binomial_distribution<const ETA: usize, Vector: Operations>(
     randomness: &[u8],
 ) -> PolynomialRingElement<Vector> {
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 9e059baf7..18f8444b7 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -33,6 +33,10 @@ pub(super) fn to_unsigned_field_modulus<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("coefficients_field_modulus_range $re"))]
+#[hax_lib::ensures(|result|
+    fstar!("$result ==
+        Spec.MLKEM.compress_then_encode_message (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+)]
 pub(super) fn compress_then_serialize_message<Vector: Operations>(
     re: PolynomialRingElement<Vector>,
 ) -> [u8; SHARED_SECRET_SIZE] {
@@ -55,6 +59,10 @@ pub(super) fn compress_then_serialize_message<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::ensures(|result|
+    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result ==
+        Spec.MLKEM.decode_then_decompress_message $serialized")
+)]
 pub(super) fn deserialize_then_decompress_message<Vector: Operations>(
     serialized: [u8; SHARED_SECRET_SIZE],
 ) -> PolynomialRingElement<Vector> {
@@ -69,6 +77,10 @@ pub(super) fn deserialize_then_decompress_message<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("coefficients_field_modulus_range $re"))]
+#[hax_lib::ensures(|result|
+    fstar!("$result ==
+        Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+)]
 pub(super) fn serialize_uncompressed_ring_element<Vector: Operations>(
     re: &PolynomialRingElement<Vector>,
 ) -> [u8; BYTES_PER_RING_ELEMENT] {
@@ -89,9 +101,14 @@ pub(super) fn serialize_uncompressed_ring_element<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(
     serialized.len() == BYTES_PER_RING_ELEMENT
 )]
+#[hax_lib::ensures(|result|
+    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
+        Spec.MLKEM.byte_decode 12 $serialized")
+)]
 pub(super) fn deserialize_to_uncompressed_ring_element<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
@@ -160,10 +177,15 @@ pub(super) fn deserialize_ring_elements_reduced_out<
 
 /// See [deserialize_ring_elements_reduced_out].
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(
     fstar!("Spec.MLKEM.is_rank v_K /\\ 
             Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)")
 )]
+#[hax_lib::ensures(|_|
+    fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${deserialized_pk}_future == 
+        Spec.MLKEM.vector_decode_12 #$K $public_key")
+)]
 pub(super) fn deserialize_ring_elements_reduced<
     const K: usize,
     Vector: Operations,
@@ -222,8 +244,13 @@ fn compress_then_serialize_11<const OUT_LEN: usize, Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\\
     v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ coefficients_field_modulus_range $re"))]
+#[hax_lib::ensures(|result|
+    fstar!("$result == Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
+        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+)]
 pub(super) fn compress_then_serialize_ring_element_u<
     const COMPRESSION_FACTOR: usize,
     const OUT_LEN: usize,
@@ -297,10 +324,13 @@ fn compress_then_serialize_5<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 4 \\/ v $COMPRESSION_FACTOR == 5) /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\
     Seq.length $out == v $OUT_LEN /\\ coefficients_field_modulus_range $re"))]
 #[hax_lib::ensures(|_|
-    fstar!("${out_future.len()} == ${out.len()}")
+    fstar!("${out_future.len()} == ${out.len()} /\\
+        ${out}_future == Spec.MLKEM.compress_then_encode_v $COMPRESSION_FACTOR
+            (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
 )]
 pub(super) fn compress_then_serialize_ring_element_v<
     const COMPRESSION_FACTOR: usize,
@@ -362,10 +392,15 @@ fn deserialize_then_decompress_11<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(
     (COMPRESSION_FACTOR == 10 || COMPRESSION_FACTOR == 11) &&
     serialized.len() == 32 * COMPRESSION_FACTOR
 )]
+#[hax_lib::ensures(|result|
+    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
+        Spec.MLKEM.byte_decode_then_decompress (v $COMPRESSION_FACTOR) $serialized")
+)]
 pub(super) fn deserialize_then_decompress_ring_element_u<
     const COMPRESSION_FACTOR: usize,
     Vector: Operations,
@@ -421,10 +456,15 @@ fn deserialize_then_decompress_5<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(
     (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) &&
     serialized.len() == 32 * COMPRESSION_FACTOR
 )]
+#[hax_lib::ensures(|result|
+    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
+        Spec.MLKEM.decode_then_decompress_v $COMPRESSION_FACTOR $serialized")
+)]
 pub(super) fn deserialize_then_decompress_ring_element_v<
     const COMPRESSION_FACTOR: usize,
     Vector: Operations,
diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs
index 0ce3c7182..080559de4 100644
--- a/libcrux-ml-kem/src/variant.rs
+++ b/libcrux-ml-kem/src/variant.rs
@@ -21,6 +21,9 @@ pub(crate) trait Variant {
     #[ensures(|res| fstar!("$res == $randomness"))] // We only have post-conditions for ML-KEM, not Kyber
     fn entropy_preprocess<const K: usize, Hasher: Hash<K>>(randomness: &[u8]) -> [u8; 32];
     #[requires(seed.len() == 32)]
+    #[ensures(|res| fstar!("Seq.length $seed == 32 ==> $res == Spec.Utils.v_G
+        (Seq.append $seed (Seq.create 1 (cast $K <: u8)))")
+    )]
     fn cpa_keygen_seed<const K: usize, Hasher: Hash<K>>(seed: &[u8]) -> [u8; 64];
 }
 
@@ -91,10 +94,15 @@ impl Variant for MlKem {
 
     #[inline(always)]
     #[requires(key_generation_seed.len() == 32)]
+    #[ensures(|res| fstar!("Seq.length $key_generation_seed == 32 ==> $res == Spec.Utils.v_G
+        (Seq.append $key_generation_seed (Seq.create 1 (cast $K <: u8)))")
+    )]
     fn cpa_keygen_seed<const K: usize, Hasher: Hash<K>>(key_generation_seed: &[u8]) -> [u8; 64] {
         let mut seed = [0u8; CPA_PKE_KEY_GENERATION_SEED_SIZE + 1];
         seed[0..CPA_PKE_KEY_GENERATION_SEED_SIZE].copy_from_slice(key_generation_seed);
         seed[CPA_PKE_KEY_GENERATION_SEED_SIZE] = K as u8;
+        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #33 $seed
+            (Seq.append $key_generation_seed (Seq.create 1 (cast $K <: u8)))");
         Hasher::G(&seed)
     }
 }
diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs
index fa8e5a0ee..ae3be0ab3 100644
--- a/libcrux-ml-kem/src/vector/portable/compress.rs
+++ b/libcrux-ml-kem/src/vector/portable/compress.rs
@@ -25,8 +25,8 @@ use crate::vector::FIELD_MODULUS;
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))]
 #[cfg_attr(hax, hax_lib::ensures(|result|
-        hax_lib::implies(833 <= fe && fe <= 2596, || result == 1) &&
-        hax_lib::implies(!(833 <= fe && fe <= 2596), || result == 0)
+        hax_lib::implies(833 <= fe && fe <= 2496, || result == 1) &&
+        hax_lib::implies(!(833 <= fe && fe <= 2496), || result == 0)
 ))]
 pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     // The approach used here is inspired by:
@@ -35,6 +35,7 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     // If 833 <= fe <= 2496,
     // then -832 <= shifted <= 831
     let shifted: i16 = 1664 - (fe as i16);
+    hax_lib::fstar!("assert (v $shifted == 1664 - v $fe)");
 
     // If shifted < 0, then
     // (shifted >> 15) ^ shifted = flip_bits(shifted) = -shifted - 1, and so
@@ -44,13 +45,37 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     // (shifted >> 15) ^ shifted = shifted, and so
     // if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831
     let mask = shifted >> 15;
+    hax_lib::fstar!("assert (v $mask = v $shifted / pow2 15);
+        assert (if v $shifted < 0 then $mask = ones else $mask = zero)");
     let shifted_to_positive = mask ^ shifted;
+    hax_lib::fstar!("logxor_lemma $shifted $mask;
+        assert (v $shifted < 0 ==> v $shifted_to_positive = v (lognot $shifted));
+        neg_equiv_lemma $shifted;
+        assert (v (lognot $shifted) = -(v $shifted) -1);
+        assert (v $shifted >= 0 ==> v $shifted_to_positive = v ($mask `logxor` $shifted));
+        assert (v $shifted >= 0 ==> $mask = zero);
+        assert (v $shifted >= 0 ==> $mask ^. $shifted = $shifted);
+        assert (v $shifted >= 0 ==> v $shifted_to_positive = v $shifted);
+        assert ($shifted_to_positive >=. mk_i16 0)");
 
     let shifted_positive_in_range = shifted_to_positive - 832;
+    hax_lib::fstar!("assert (1664 - v $fe >= 0 ==> v $shifted_positive_in_range == 832 - v $fe);
+        assert (1664 - v $fe < 0 ==> v $shifted_positive_in_range == -2497 + v $fe)");
 
     // If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means
     // the most significant bit of shifted_positive_in_range will be 1.
-    ((shifted_positive_in_range >> 15) & 1) as u8
+    let r0 = shifted_positive_in_range >> 15;
+    let r1: i16 = r0 & 1;
+    let res = r1 as u8;
+    hax_lib::fstar!("assert (v $r0 = v $shifted_positive_in_range / pow2 15);
+        assert (if v $shifted_positive_in_range < 0 then $r0 = ones else $r0 = zero);
+        logand_lemma (mk_i16 1) $r0; 
+        assert (if v $shifted_positive_in_range < 0 then $r1 = mk_i16 1 else $r1 = mk_i16 0);
+        assert ((v $fe >= 833 && v $fe <= 2496) ==> $r1 = mk_i16 1);
+        assert (v $fe < 833 ==> $r1 = mk_i16 0);
+        assert (v $fe > 2496 ==> $r1 = mk_i16 0);
+        assert (v $res = v $r1)");
+    res
 }
 
 #[cfg_attr(hax,
@@ -128,7 +153,8 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
     v (${result}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"))]
 pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> PortableVector {
     hax_lib::fstar!("assert (v (cast ($COEFFICIENT_BITS) <: u8) == v $COEFFICIENT_BITS);
-        assert (v (cast ($COEFFICIENT_BITS) <: u32) == v $COEFFICIENT_BITS)");
+        assert (v (cast ($COEFFICIENT_BITS) <: u32) == v $COEFFICIENT_BITS);
+        assert (v (cast ($FIELD_MODULUS) <: u16) == 3329)");
     hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <.
         (cast ($FIELD_MODULUS) <: u16))");
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
@@ -147,23 +173,51 @@ pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> Po
 }
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 300 --ext context_pruning")]
+#[hax_lib::requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+        v $COEFFICIENT_BITS == 5 \\/
+        v $COEFFICIENT_BITS == 10 \\/
+        v $COEFFICIENT_BITS == 11) /\\
+    (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\
+        v (Seq.index ${a}.f_elements i) < pow2 (v $COEFFICIENT_BITS))"))]
+#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (Seq.index ${result}.f_elements i) < v $FIELD_MODULUS"))]
 pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
-    mut v: PortableVector,
+    mut a: PortableVector,
 ) -> PortableVector {
-    // debug_assert!(to_i16_array(v)
-    //     .into_iter()
-    //     .all(|coefficient| coefficient.abs() < 1 << COEFFICIENT_BITS));
+    hax_lib::fstar!("assert_norm (pow2 1 == 2);
+        assert_norm (pow2 4 == 16);
+        assert_norm (pow2 5 == 32);
+        assert_norm (pow2 10 == 1024);
+        assert_norm (pow2 11 == 2048)");
 
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        let mut decompressed = v.elements[i] as i32 * FIELD_MODULUS as i32;
+        hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
+            v (Seq.index ${a}.f_elements j) >= 0 /\\  v (Seq.index ${a}.f_elements j) < pow2 (v $COEFFICIENT_BITS))) /\\
+            (forall (j:nat). j < v $i ==>
+                v (Seq.index ${a}.f_elements j) < v $FIELD_MODULUS)") });
+        hax_lib::fstar!("assert (v (${a}.f_elements.[ $i ] <: i16) < pow2 11);
+          assert (v (${a}.f_elements.[ $i ] <: i16) ==
+            v (cast (${a}.f_elements.[ $i ] <: i16) <: i32));
+          assert (v ($FIELD_MODULUS <: i16) ==
+            v (cast ($FIELD_MODULUS <: i16) <: i32));
+          assert (v ((cast (${a}.f_elements.[ $i ] <: i16) <: i32) *!
+            (cast ($FIELD_MODULUS <: i16) <: i32)) ==
+              v (cast (${a}.f_elements.[ $i ] <: i16) <: i32) *
+                v (cast ($FIELD_MODULUS <: i16) <: i32))");
+        let mut decompressed = a.elements[i] as i32 * FIELD_MODULUS as i32;
+        hax_lib::fstar!("assert (v ($decompressed <<! mk_i32 1) == v $decompressed * 2);
+          assert (v (mk_i32 1 <<! $COEFFICIENT_BITS) == pow2 (v $COEFFICIENT_BITS));
+          assert (v (($decompressed <<! mk_i32 1) +! (mk_i32 1 <<! $COEFFICIENT_BITS)) ==
+            v ($decompressed <<! mk_i32 1) + v (mk_i32 1 <<! $COEFFICIENT_BITS))");
         decompressed = (decompressed << 1) + (1i32 << COEFFICIENT_BITS);
+        hax_lib::fstar!("assert (v ($COEFFICIENT_BITS +! mk_i32 1) == v $COEFFICIENT_BITS + 1);
+          assert (v ($decompressed >>! ($COEFFICIENT_BITS +! mk_i32 1 <: i32)) ==
+            v $decompressed / pow2 (v $COEFFICIENT_BITS + 1))");
         decompressed = decompressed >> (COEFFICIENT_BITS + 1);
-        v.elements[i] = decompressed as i16;
+        hax_lib::fstar!("assert (v $decompressed < v $FIELD_MODULUS);
+          assert (v (cast $decompressed <: i16) < v $FIELD_MODULUS)");
+        a.elements[i] = decompressed as i16;
     }
 
-    // debug_assert!(to_i16_array(v)
-    //     .into_iter()
-    //     .all(|coefficient| coefficient.abs() as u16 <= 1 << 12));
-
-    v
+    a
 }

From 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Wed, 30 Oct 2024 10:27:31 +0000
Subject: [PATCH 002/142] Update Cargo.lock

---
 Cargo.lock | 192 ++++++++++++++++++++++++++---------------------------
 1 file changed, 96 insertions(+), 96 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1384219f6..c1c73469d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -29,9 +29,9 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
 
 [[package]]
 name = "anstream"
-version = "0.6.15"
+version = "0.6.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64e15c1ab1f89faffbf04a634d5e1962e9074f2741eef6d97f3c4e322426d526"
+checksum = "23a1e53f0f5d86382dafe1cf314783b2044280f406e7e1506368220ad11b1338"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -44,36 +44,36 @@ dependencies = [
 
 [[package]]
 name = "anstyle"
-version = "1.0.8"
+version = "1.0.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1"
+checksum = "8365de52b16c035ff4fcafe0092ba9390540e3e352870ac09933bebcaa2c8c56"
 
 [[package]]
 name = "anstyle-parse"
-version = "0.2.5"
+version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb47de1e80c2b463c735db5b217a0ddc39d612e7ac9e2e96a5aed1f57616c1cb"
+checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9"
 dependencies = [
  "utf8parse",
 ]
 
 [[package]]
 name = "anstyle-query"
-version = "1.1.1"
+version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a"
+checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
 name = "anstyle-wincon"
-version = "3.0.4"
+version = "3.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8"
+checksum = "2109dbce0e72be3ec00bed26e6a7479ca384ad226efdd66db8fa2e3a38c83125"
 dependencies = [
  "anstyle",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -84,9 +84,9 @@ checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110"
 
 [[package]]
 name = "autocfg"
-version = "1.3.0"
+version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"
+checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
 [[package]]
 name = "base16ct"
@@ -126,9 +126,9 @@ dependencies = [
 
 [[package]]
 name = "bindgen"
-version = "0.69.4"
+version = "0.69.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0"
+checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
 dependencies = [
  "bitflags",
  "cexpr",
@@ -143,7 +143,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn 2.0.77",
+ "syn 2.0.85",
  "which",
 ]
 
@@ -191,9 +191,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.1.21"
+version = "1.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07b1695e2c7e8fc85310cde85aeaab7e3097f593c91d209d3f9df76c928100f0"
+checksum = "c2e7962b54006dcfcc61cb72735f4d89bb97061dd6a7ed882ec6b8ee53714c6f"
 dependencies = [
  "jobserver",
  "libc",
@@ -290,9 +290,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.18"
+version = "4.5.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0956a43b323ac1afaffc053ed5c4b7c1f1800bacd1683c353aabbb752515dd3"
+checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -300,9 +300,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.18"
+version = "4.5.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d72166dd41634086d5803a47eb71ae740e61d84709c36f3c34110173db3961b"
+checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54"
 dependencies = [
  "anstream",
  "anstyle",
@@ -319,7 +319,7 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
@@ -341,9 +341,9 @@ dependencies = [
 
 [[package]]
 name = "colorchoice"
-version = "1.0.2"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0"
+checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
 
 [[package]]
 name = "console_error_panic_hook"
@@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
@@ -701,8 +701,8 @@ dependencies = [
 
 [[package]]
 name = "hax-lib"
-version = "0.1.0-pre.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72"
+version = "0.1.0-alpha.1"
+source = "git+https://github.com/hacspec/hax/?branch=main#cd66c7ce60ebbbdc9444635a53b4e51fb8fda14c"
 dependencies = [
  "hax-lib-macros",
  "num-bigint",
@@ -711,21 +711,21 @@ dependencies = [
 
 [[package]]
 name = "hax-lib-macros"
-version = "0.1.0-pre.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72"
+version = "0.1.0-alpha.1"
+source = "git+https://github.com/hacspec/hax/?branch=main#cd66c7ce60ebbbdc9444635a53b4e51fb8fda14c"
 dependencies = [
  "hax-lib-macros-types",
  "paste",
  "proc-macro-error",
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
 name = "hax-lib-macros-types"
-version = "0.1.0-pre.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72"
+version = "0.1.0-alpha.1"
+source = "git+https://github.com/hacspec/hax/?branch=main#cd66c7ce60ebbbdc9444635a53b4e51fb8fda14c"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -849,9 +849,9 @@ dependencies = [
 
 [[package]]
 name = "js-sys"
-version = "0.3.70"
+version = "0.3.72"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a"
+checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9"
 dependencies = [
  "wasm-bindgen",
 ]
@@ -889,9 +889,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.159"
+version = "0.2.161"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
+checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1"
 
 [[package]]
 name = "libcrux"
@@ -1112,9 +1112,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 
 [[package]]
 name = "minicov"
-version = "0.3.5"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c71e683cd655513b99affab7d317deb690528255a0d5f717f1024093c12b169"
+checksum = "def6d99771d7c499c26ad4d40eb6645eafd3a1553b35fc26ea5a489a45e82d9a"
 dependencies = [
  "cc",
  "walkdir",
@@ -1166,9 +1166,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.19.0"
+version = "1.20.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
+checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
 
 [[package]]
 name = "oorandom"
@@ -1184,9 +1184,9 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
 
 [[package]]
 name = "openssl"
-version = "0.10.66"
+version = "0.10.68"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1"
+checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -1205,14 +1205,14 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.103"
+version = "0.9.104"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6"
+checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
 dependencies = [
  "cc",
  "libc",
@@ -1326,9 +1326,9 @@ dependencies = [
 
 [[package]]
 name = "pqcrypto-internals"
-version = "0.2.5"
+version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9d34bec6abe2283e6de7748b68b292d1ffa2203397e3e71380ff8418a49fb46"
+checksum = "e10cdd9eee50fe65bbd4f40211f1a492f1ee52e97a51100950b6f1fa319ab7cd"
 dependencies = [
  "cc",
  "dunce",
@@ -1367,12 +1367,12 @@ dependencies = [
 
 [[package]]
 name = "prettyplease"
-version = "0.2.22"
+version = "0.2.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba"
+checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
 dependencies = [
  "proc-macro2",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
@@ -1410,9 +1410,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.86"
+version = "1.0.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
+checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e"
 dependencies = [
  "unicode-ident",
 ]
@@ -1500,9 +1500,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.10.6"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
+checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1512,9 +1512,9 @@ dependencies = [
 
 [[package]]
 name = "regex-automata"
-version = "0.4.7"
+version = "0.4.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
+checksum = "368758f23274712b504848e9d5a6f010445cc8b87a7cdb4d7cbee666c1288da3"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1523,9 +1523,9 @@ dependencies = [
 
 [[package]]
 name = "regex-syntax"
-version = "0.8.4"
+version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
+checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "rfc6979"
@@ -1569,9 +1569,9 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.37"
+version = "0.38.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811"
+checksum = "aa260229e6538e52293eeb577aabd09945a09d6d9cc0fc550ed7529056c2e32a"
 dependencies = [
  "bitflags",
  "errno",
@@ -1623,29 +1623,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
 
 [[package]]
 name = "serde"
-version = "1.0.210"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a"
+checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.210"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f"
+checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.128"
+version = "1.0.132"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8"
+checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03"
 dependencies = [
  "itoa",
  "memchr",
@@ -1737,9 +1737,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.77"
+version = "2.0.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed"
+checksum = "5023162dfcd14ef8f32034d8bcd4cc5ddc61ef7a247c024a33e24e1f24d21b56"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1801,9 +1801,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 
 [[package]]
 name = "uuid"
-version = "1.10.0"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
+checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a"
 dependencies = [
  "getrandom",
 ]
@@ -1838,9 +1838,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.93"
+version = "0.2.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5"
+checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e"
 dependencies = [
  "cfg-if",
  "once_cell",
@@ -1849,24 +1849,24 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.93"
+version = "0.2.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b"
+checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358"
 dependencies = [
  "bumpalo",
  "log",
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.43"
+version = "0.4.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61e9300f63a621e96ed275155c108eb6f843b6a26d053f122ab69724559dc8ed"
+checksum = "cc7ec4f8827a71586374db3e87abdb5a2bb3a15afed140221307c3ec06b1f63b"
 dependencies = [
  "cfg-if",
  "js-sys",
@@ -1876,9 +1876,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.93"
+version = "0.2.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf"
+checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1886,28 +1886,28 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.93"
+version = "0.2.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
+checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.93"
+version = "0.2.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484"
+checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d"
 
 [[package]]
 name = "wasm-bindgen-test"
-version = "0.3.43"
+version = "0.3.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68497a05fb21143a08a7d24fc81763384a3072ee43c44e86aad1744d6adef9d9"
+checksum = "d381749acb0943d357dcbd8f0b100640679883fcdeeef04def49daf8d33a5426"
 dependencies = [
  "console_error_panic_hook",
  "js-sys",
@@ -1920,20 +1920,20 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-test-macro"
-version = "0.3.43"
+version = "0.3.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021"
+checksum = "c97b2ef2c8d627381e51c071c2ab328eac606d3f69dd82bcbca20a9e389d95f0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
 name = "web-sys"
-version = "0.3.70"
+version = "0.3.72"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0"
+checksum = "f6488b90108c040df0fe62fa815cbdee25124641df01814dd7282749234c6112"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -2084,7 +2084,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]
 
 [[package]]
@@ -2104,5 +2104,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.77",
+ "syn 2.0.85",
 ]

From 7f7e08c4207f63ce2c4978f38618b141a601e738 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 30 Oct 2024 10:53:09 +0000
Subject: [PATCH 003/142] refreshed C code

---
 libcrux-ml-kem/c/code_gen.txt                 |    2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   38 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   32 +-
 .../c/internal/libcrux_mlkem_portable.h       |   32 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |    2 +-
 .../c/internal/libcrux_sha3_internal.h        |    2 +-
 libcrux-ml-kem/c/libcrux_core.c               |   38 +-
 libcrux-ml-kem/c/libcrux_core.h               |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 1054 ++++++++--------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 1090 ++++++++---------
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |    2 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |    2 +-
 libcrux-ml-kem/cg/code_gen.txt                |    2 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   16 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |    2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     |  714 ++++++-----
 .../cg/libcrux_mlkem768_avx2_types.h          |    2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  754 ++++++------
 .../cg/libcrux_mlkem768_portable_types.h      |    2 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |    2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |    2 +-
 42 files changed, 1977 insertions(+), 2037 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index d393ef31c..620e1c137 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
 Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 9c0e8828e..b5eb18527 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __internal_libcrux_core_H
@@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1(
+libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451(
     uint8_t value[1568U]);
 
 /**
@@ -82,7 +82,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 3168
 - PUBLIC_KEY_SIZE= 1568
 */
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781(
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61(
     libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
     libcrux_ml_kem_types_MlKemPublicKey_1f pk);
 
@@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61(
+libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1(
     uint8_t value[3168U]);
 
 /**
@@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0(
+libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450(
     uint8_t value[1184U]);
 
 /**
@@ -120,7 +120,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 2400
 - PUBLIC_KEY_SIZE= 1184
 */
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780(
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60(
     libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
     libcrux_ml_kem_types_MlKemPublicKey_15 pk);
 
@@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60(
+libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0(
     uint8_t value[2400U]);
 
 /**
@@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 800
 */
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af(
+libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45(
     uint8_t value[800U]);
 
 /**
@@ -158,7 +158,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 1632
 - PUBLIC_KEY_SIZE= 800
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6(
     libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
     libcrux_ml_kem_types_MlKemPublicKey_be pk);
 
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6(
+libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c(
     uint8_t value[1632U]);
 
 /**
@@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_121(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d11(
     libcrux_ml_kem_types_MlKemPublicKey_15 *self);
 
 /**
@@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_3a1(
     uint8_t value[1088U]);
 
 /**
@@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_be1(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self);
 
 /**
@@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 800
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_120(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d10(
     libcrux_ml_kem_types_MlKemPublicKey_be *self);
 
 /**
@@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0(
+libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_3a0(
     uint8_t value[768U]);
 
 /**
@@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_be0(
     libcrux_ml_kem_types_MlKemCiphertext_e8 *self);
 
 /**
@@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1568
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_12(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d1(
     libcrux_ml_kem_types_MlKemPublicKey_1f *self);
 
 /**
@@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b(
+libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_3a(
     uint8_t value[1568U]);
 
 /**
@@ -344,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_be(
     libcrux_ml_kem_types_MlKemCiphertext_1f *self);
 
 /**
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index cd446e37c..ea36300ae 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
@@ -41,7 +41,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_db1(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -51,7 +51,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_e11(
+bool libcrux_ml_kem_ind_cca_validate_private_key_a81(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
@@ -69,7 +69,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -90,7 +90,7 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_791(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]);
 
@@ -116,7 +116,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_6f1(
+void libcrux_ml_kem_ind_cca_decapsulate_cd1(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
@@ -128,7 +128,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_db0(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -138,7 +138,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_e10(
+bool libcrux_ml_kem_ind_cca_validate_private_key_a80(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
 
@@ -156,7 +156,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -177,7 +177,7 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_790(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]);
 
@@ -203,7 +203,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_6f0(
+void libcrux_ml_kem_ind_cca_decapsulate_cd0(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
 
@@ -215,7 +215,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_db(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -225,7 +225,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_e1(
+bool libcrux_ml_kem_ind_cca_validate_private_key_a8(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
 
@@ -242,7 +242,7 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd(
     uint8_t randomness[64U]);
 
 /**
@@ -264,7 +264,7 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_79(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]);
 
@@ -290,7 +290,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_6f(
+void libcrux_ml_kem_ind_cca_decapsulate_cd(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
 
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index c67068ba0..7475145d9 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
@@ -46,7 +46,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -56,7 +56,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_c0(
+bool libcrux_ml_kem_ind_cca_validate_private_key_99(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
 
@@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_1e1(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]);
 
@@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_811(
+void libcrux_ml_kem_ind_cca_decapsulate_2d1(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
 
@@ -133,7 +133,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -143,7 +143,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_90(
+bool libcrux_ml_kem_ind_cca_validate_private_key_ba(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
 
@@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 192
 */
 libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_1e0(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]);
 
@@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_810(
+void libcrux_ml_kem_ind_cca_decapsulate_2d0(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
 
@@ -220,7 +220,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -230,7 +230,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_94(
+bool libcrux_ml_kem_ind_cca_validate_private_key_4e(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
@@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_1e(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]);
 
@@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_81(
+void libcrux_ml_kem_ind_cca_decapsulate_2d(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 2f2a3e44e..b25010cbc 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 6ee3decbd..5f8662e56 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 1cbf9e303..394f12228 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "internal/libcrux_core.h"
@@ -80,7 +80,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1(
+libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
@@ -100,7 +100,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 3168
 - PUBLIC_KEY_SIZE= 1568
 */
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781(
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61(
     libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
     libcrux_ml_kem_types_MlKemPublicKey_1f pk) {
   return (
@@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61(
+libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1(
     uint8_t value[3168U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[3168U];
@@ -135,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0(
+libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450(
     uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
@@ -155,7 +155,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 2400
 - PUBLIC_KEY_SIZE= 1184
 */
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780(
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60(
     libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
     libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
   return (
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60(
+libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0(
     uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
@@ -190,7 +190,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 800
 */
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af(
+libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45(
     uint8_t value[800U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[800U];
@@ -210,7 +210,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 1632
 - PUBLIC_KEY_SIZE= 800
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6(
     libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
     libcrux_ml_kem_types_MlKemPublicKey_be pk) {
   return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk});
@@ -225,7 +225,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6(
+libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c(
     uint8_t value[1632U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1632U];
@@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_121(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d11(
     libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
   return self->value;
 }
@@ -257,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_3a1(
     uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
@@ -276,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_be1(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
@@ -308,7 +308,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 800
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_120(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d10(
     libcrux_ml_kem_types_MlKemPublicKey_be *self) {
   return self->value;
 }
@@ -322,7 +322,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0(
+libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_3a0(
     uint8_t value[768U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[768U];
@@ -341,7 +341,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_be0(
     libcrux_ml_kem_types_MlKemCiphertext_e8 *self) {
   return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t);
 }
@@ -373,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1568
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_12(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d1(
     libcrux_ml_kem_types_MlKemPublicKey_1f *self) {
   return self->value;
 }
@@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b(
+libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_3a(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
@@ -465,7 +465,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_be(
     libcrux_ml_kem_types_MlKemCiphertext_1f *self) {
   return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t);
 }
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 788f288e4..106b44b1f 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index cdea86609..052060fb6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index a62e4b058..f8b601eef 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_mlkem1024_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-static void decapsulate_150(
+static void decapsulate_200(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_6f0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_cd0(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_150(
 void libcrux_ml_kem_mlkem1024_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  decapsulate_150(private_key, ciphertext, ret);
+  decapsulate_200(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_21 encapsulate_9e0(
+static tuple_21 encapsulate_b00(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_790(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_9e0(uu____0, copy_of_randomness);
+  return encapsulate_b00(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_010(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_8e0(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_010(copy_of_randomness);
+  return generate_keypair_8e0(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_private_key_840(
+static KRML_MUSTINLINE bool validate_private_key_a10(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_e10(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_a80(private_key,
                                                          ciphertext);
 }
 
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_840(
 bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return validate_private_key_840(private_key, ciphertext);
+  return validate_private_key_a10(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_public_key_e30(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_4a0(public_key);
+static KRML_MUSTINLINE bool validate_public_key_c20(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_db0(public_key);
 }
 
 /**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e30(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
-  return validate_public_key_e30(public_key->value);
+  return validate_public_key_c20(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 037013ac3..a20c4e836 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 96788b0a9..0b655b537 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_mlkem1024_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-static void decapsulate_e51(
+static void decapsulate_f71(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_2d1(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_e51(
 void libcrux_ml_kem_mlkem1024_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  decapsulate_e51(private_key, ciphertext, ret);
+  decapsulate_f71(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_21 encapsulate_1f1(
+static tuple_21 encapsulate_af1(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_8a1(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_1e1(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_1f1(uu____0, copy_of_randomness);
+  return encapsulate_af1(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e31(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_561(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_281(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_911(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_e31(copy_of_randomness);
+  return generate_keypair_561(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_private_key_a41(
+static KRML_MUSTINLINE bool validate_private_key_a91(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_c0(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_99(private_key,
                                                         ciphertext);
 }
 
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_a41(
 bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return validate_private_key_a41(private_key, ciphertext);
+  return validate_private_key_a91(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_public_key_101(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_071(public_key);
+static KRML_MUSTINLINE bool validate_public_key_a81(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_8c1(public_key);
 }
 
 /**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_101(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem1024_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
-  return validate_public_key_101(public_key->value);
+  return validate_public_key_a81(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 9a9d19aa3..8dac186df 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index bc9966b87..1ec63a95d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 92728c869..1ea59179a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_mlkem512_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
+static void decapsulate_20(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
                            libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext,
                            uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_6f(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_cd(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
 void libcrux_ml_kem_mlkem512_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_15(private_key, ciphertext, ret);
+  decapsulate_20(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_ec encapsulate_9e(
+static tuple_ec encapsulate_b0(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_79(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_9e(uu____0, copy_of_randomness);
+  return encapsulate_b0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_01(
+static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_8e(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_01(copy_of_randomness);
+  return generate_keypair_8e(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE bool validate_private_key_84(
+static KRML_MUSTINLINE bool validate_private_key_a1(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_e1(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_a8(private_key,
                                                         ciphertext);
 }
 
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_84(
 bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return validate_private_key_84(private_key, ciphertext);
+  return validate_private_key_a1(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE bool validate_public_key_e3(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_4a(public_key);
+static KRML_MUSTINLINE bool validate_public_key_c2(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_db(public_key);
 }
 
 /**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e3(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem512_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
-  return validate_public_key_e3(public_key->value);
+  return validate_public_key_c2(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 9a569226e..8227a08bf 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index b8c676f21..3f1132f00 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_mlkem512_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-static void decapsulate_e50(
+static void decapsulate_f70(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_2d0(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_e50(
 void libcrux_ml_kem_mlkem512_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_e50(private_key, ciphertext, ret);
+  decapsulate_f70(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_ec encapsulate_1f0(
+static tuple_ec encapsulate_af0(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_1e0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_1f0(uu____0, copy_of_randomness);
+  return encapsulate_af0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_e30(
+static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_560(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_e30(copy_of_randomness);
+  return generate_keypair_560(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE bool validate_private_key_a40(
+static KRML_MUSTINLINE bool validate_private_key_a90(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_90(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_ba(private_key,
                                                         ciphertext);
 }
 
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_a40(
 bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return validate_private_key_a40(private_key, ciphertext);
+  return validate_private_key_a90(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE bool validate_public_key_100(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_070(public_key);
+static KRML_MUSTINLINE bool validate_public_key_a80(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_8c0(public_key);
 }
 
 /**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_100(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem512_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
-  return validate_public_key_100(public_key->value);
+  return validate_public_key_a80(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index d77580778..b35f61b44 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index a6116f34c..d9947c213 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index e40e70dc4..aca4d93f8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_mlkem768_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static void decapsulate_151(
+static void decapsulate_201(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_6f1(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_cd1(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_151(
 void libcrux_ml_kem_mlkem768_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_151(private_key, ciphertext, ret);
+  decapsulate_201(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_3c encapsulate_9e1(
+static tuple_3c encapsulate_b01(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_791(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_9e1(uu____0, copy_of_randomness);
+  return encapsulate_b01(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_011(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_8e1(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_d21(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_dd1(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_011(copy_of_randomness);
+  return generate_keypair_8e1(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool validate_private_key_841(
+static KRML_MUSTINLINE bool validate_private_key_a11(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_e11(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_a81(private_key,
                                                          ciphertext);
 }
 
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_841(
 bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return validate_private_key_841(private_key, ciphertext);
+  return validate_private_key_a11(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool validate_public_key_e31(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_4a1(public_key);
+static KRML_MUSTINLINE bool validate_public_key_c21(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_db1(public_key);
 }
 
 /**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e31(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return validate_public_key_e31(public_key->value);
+  return validate_public_key_c21(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index aaf21051e..a977c4abe 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 5b18705f9..6f19bf422 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_mlkem768_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static void decapsulate_e5(
+static void decapsulate_f7(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_2d(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_e5(
 void libcrux_ml_kem_mlkem768_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_e5(private_key, ciphertext, ret);
+  decapsulate_f7(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_3c encapsulate_1f(
+static tuple_3c encapsulate_af(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_1e(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_1f(uu____0, copy_of_randomness);
+  return encapsulate_af(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e3(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_56(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_e3(copy_of_randomness);
+  return generate_keypair_56(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool validate_private_key_a4(
+static KRML_MUSTINLINE bool validate_private_key_a9(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_94(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_4e(private_key,
                                                         ciphertext);
 }
 
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_a4(
 bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return validate_private_key_a4(private_key, ciphertext);
+  return validate_private_key_a9(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool validate_public_key_10(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_07(public_key);
+static KRML_MUSTINLINE bool validate_public_key_a8(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_8c(public_key);
 }
 
 /**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_10(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return validate_public_key_10(public_key->value);
+  return validate_public_key_a8(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 3e1a2fe82..47c0dd223 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 4893a5ab2..7112fa8d3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -1140,7 +1140,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_reduced_ring_element_d7(Eurydice_slice serialized) {
+deserialize_to_reduced_ring_element_65(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -1160,7 +1160,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -1174,7 +1174,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_d7(ring_element);
+        deserialize_to_reduced_ring_element_65(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -1185,13 +1185,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_001(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_191(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_e71(public_key, deserialized_pk);
+  deserialize_ring_elements_reduced_9f1(public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
       result, deserialized_pk,
@@ -1206,7 +1206,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right
 with const generics
 - SHIFT_BY= 15
 */
-static KRML_MUSTINLINE __m256i shift_right_1f(__m256i vector) {
+static KRML_MUSTINLINE __m256i shift_right_70(__m256i vector) {
   return mm256_srai_epi16((int32_t)15, vector, __m256i);
 }
 
@@ -1219,8 +1219,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09
 with const generics
 - SHIFT_BY= 15
 */
-static __m256i shift_right_09_c7(__m256i vector) {
-  return shift_right_1f(vector);
+static __m256i shift_right_09_58(__m256i vector) {
+  return shift_right_70(vector);
 }
 
 /**
@@ -1229,8 +1229,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static __m256i to_unsigned_representative_b5(__m256i a) {
-  __m256i t = shift_right_09_c7(a);
+static __m256i to_unsigned_representative_e5(__m256i a) {
+  __m256i t = shift_right_09_58(a);
   __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -1242,8 +1242,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_88(__m256i a) {
-  return to_unsigned_representative_b5(a);
+static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_8a(__m256i a) {
+  return to_unsigned_representative_e5(a);
 }
 
 /**
@@ -1252,13 +1252,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b8(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_09(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = to_unsigned_field_modulus_88(re->coefficients[i0]);
+    __m256i coefficient = to_unsigned_field_modulus_8a(re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -1278,7 +1278,7 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void serialize_secret_key_051(
+static KRML_MUSTINLINE void serialize_secret_key_231(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -1296,13 +1296,11 @@ static KRML_MUSTINLINE void serialize_secret_key_051(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_b8(&re, ret0);
+    serialize_uncompressed_ring_element_09(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[1152U];
-  memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
 /**
@@ -1313,13 +1311,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_071(
+static KRML_MUSTINLINE void serialize_public_key_mut_ff1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  serialize_secret_key_051(t_as_ntt, ret);
+  serialize_secret_key_231(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -1336,14 +1334,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_e51(
+static KRML_MUSTINLINE void serialize_public_key_161(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  serialize_public_key_mut_071(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  serialize_public_key_mut_ff1(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -1354,15 +1350,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_db1(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
-  deserialize_ring_elements_reduced_out_001(
+  deserialize_ring_elements_reduced_out_191(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_e51(
+  serialize_public_key_161(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -1392,7 +1388,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_e11(
+bool libcrux_ml_kem_ind_cca_validate_private_key_a81(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -1504,7 +1500,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_101(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_6b1(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -2087,7 +2083,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_13(
+static KRML_MUSTINLINE void ntt_at_layer_7_69(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -2112,7 +2108,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i montgomery_multiply_fe_5f(__m256i v, int16_t fer) {
+static __m256i montgomery_multiply_fe_e0(__m256i v, int16_t fer) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
 }
 
@@ -2123,8 +2119,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-ntt_layer_int_vec_step_97(__m256i a, __m256i b, int16_t zeta_r) {
-  __m256i t = montgomery_multiply_fe_5f(b, zeta_r);
+ntt_layer_int_vec_step_e8(__m256i a, __m256i b, int16_t zeta_r) {
+  __m256i t = montgomery_multiply_fe_e0(b, zeta_r);
   b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
   a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
@@ -2137,7 +2133,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_ca(
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_07(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2150,7 +2146,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_ca(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          ntt_layer_int_vec_step_97(
+          ntt_layer_int_vec_step_e8(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2167,7 +2163,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_bc(
+static KRML_MUSTINLINE void ntt_at_layer_3_46(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2183,7 +2179,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_c2(
+static KRML_MUSTINLINE void ntt_at_layer_2_53(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2201,7 +2197,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_09(
+static KRML_MUSTINLINE void ntt_at_layer_1_42(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2226,7 +2222,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_dc(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_83(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2242,17 +2238,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_44(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_25(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
-  ntt_at_layer_7_13(re);
+  ntt_at_layer_7_69(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_bc(&zeta_i, re);
-  ntt_at_layer_2_c2(&zeta_i, re);
-  ntt_at_layer_1_09(&zeta_i, re);
-  poly_barrett_reduce_ef_dc(re);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_46(&zeta_i, re);
+  ntt_at_layer_2_53(&zeta_i, re);
+  ntt_at_layer_1_42(&zeta_i, re);
+  poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -2263,7 +2259,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_081(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_681(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -2273,6 +2269,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_081(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -2282,7 +2280,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_081(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -2305,7 +2303,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71(
+static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_481(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
@@ -2314,18 +2312,18 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_081(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_681(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b0 result;
+  tuple_b0 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -2340,7 +2338,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
+ntt_multiply_ef_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05();
   for (size_t i = (size_t)0U;
@@ -2370,7 +2368,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_311(
+static KRML_MUSTINLINE void add_to_ring_element_ef_aa1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -2390,7 +2388,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i to_standard_domain_c1(__m256i v) {
+static __m256i to_standard_domain_bb(__m256i v) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
@@ -2406,14 +2404,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_e7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        to_standard_domain_c1(self->coefficients[j]);
+        to_standard_domain_bb(self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -2426,7 +2424,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_As_plus_e_671(
+static KRML_MUSTINLINE void compute_As_plus_e_b61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -2453,10 +2451,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_671(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_311(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_d5(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_aa1(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_e7(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -2469,12 +2467,12 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_4a1(
+static void generate_keypair_unpacked_a21(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_a0 *private_key,
     IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_101(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_6b1(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -2494,17 +2492,17 @@ static void generate_keypair_unpacked_4a1(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_081(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_681(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_481(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_671(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_b61(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -2529,14 +2527,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1();
   IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891();
-  generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_a21(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_e51(
+  serialize_public_key_161(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_051(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_231(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -2545,12 +2543,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -2560,7 +2558,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_711(
+static KRML_MUSTINLINE void serialize_kem_secret_key_7b1(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -2616,7 +2614,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -2631,7 +2629,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]) {
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  serialize_kem_secret_key_711(
+  serialize_kem_secret_key_7b1(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -2640,13 +2638,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_780(
-      uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f60(
+      uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key));
 }
 
 /**
@@ -2659,7 +2657,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_c51(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_6c1(Eurydice_slice randomness,
                                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -2676,7 +2674,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_b0
-sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_6a1(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   error_1[i] = ZERO_ef_05(););
@@ -2687,6 +2685,8 @@ sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -2703,12 +2703,12 @@ sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b0 result;
+  tuple_b0 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -2744,7 +2744,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_a3(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_78(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2765,7 +2765,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_2c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2784,7 +2784,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_d7(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_73(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
                    zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2801,11 +2801,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-inv_ntt_layer_int_vec_step_reduce_2d(__m256i a, __m256i b, int16_t zeta_r) {
+inv_ntt_layer_int_vec_step_reduce_83(__m256i a, __m256i b, int16_t zeta_r) {
   __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
   a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
       libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = montgomery_multiply_fe_5f(a_minus_b, zeta_r);
+  b = montgomery_multiply_fe_e0(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2816,7 +2816,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_04(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2831,7 +2831,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_2d(
+          inv_ntt_layer_int_vec_step_reduce_83(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2848,18 +2848,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_801(
+static KRML_MUSTINLINE void invert_ntt_montgomery_401(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_a3(&zeta_i, re);
-  invert_ntt_at_layer_2_cd(&zeta_i, re);
-  invert_ntt_at_layer_3_d7(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_dc(re);
+  invert_ntt_at_layer_1_78(&zeta_i, re);
+  invert_ntt_at_layer_2_2c(&zeta_i, re);
+  invert_ntt_at_layer_3_73(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -2873,7 +2873,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_05(
+static KRML_MUSTINLINE void add_error_reduce_ef_ee(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
@@ -2894,7 +2894,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_vector_u_3c1(
+static KRML_MUSTINLINE void compute_vector_u_421(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
@@ -2921,11 +2921,11 @@ static KRML_MUSTINLINE void compute_vector_u_3c1(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_311(&result[i1], &product);
+          ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_aa1(&result[i1], &product);
     }
-    invert_ntt_montgomery_801(&result[i1]);
-    add_error_reduce_ef_05(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_401(&result[i1]);
+    add_error_reduce_ef_ee(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -2938,7 +2938,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i decompress_1_20(__m256i vec) {
+static __m256i decompress_1_4e(__m256i vec) {
   __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
   __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
   return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s,
@@ -2952,7 +2952,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_message_12(uint8_t serialized[32U]) {
+deserialize_then_decompress_message_6f(uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
@@ -2961,7 +2961,7 @@ deserialize_then_decompress_message_12(uint8_t serialized[32U]) {
               Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                           (size_t)2U * i0 + (size_t)2U,
                                           uint8_t));
-      re.coefficients[i0] = decompress_1_20(coefficient_compressed););
+      re.coefficients[i0] = decompress_1_4e(coefficient_compressed););
   return re;
 }
 
@@ -2977,7 +2977,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-add_message_error_reduce_ef_b9(
+add_message_error_reduce_ef_a6(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
@@ -3004,7 +3004,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_511(
+compute_ring_element_v_d21(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -3012,10 +3012,10 @@ compute_ring_element_v_511(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_311(&result, &product););
-  invert_ntt_montgomery_801(&result);
-  result = add_message_error_reduce_ef_b9(error_2, message, result);
+                      ntt_multiply_ef_d5(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_aa1(&result, &product););
+  invert_ntt_montgomery_401(&result);
+  result = add_message_error_reduce_ef_a6(error_2, message, result);
   return result;
 }
 
@@ -3026,7 +3026,7 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_76(__m256i vector) {
+compress_ciphertext_coefficient_19(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3073,8 +3073,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static __m256i compress_09_70(__m256i vector) {
-  return compress_ciphertext_coefficient_76(vector);
+static __m256i compress_09_8f(__m256i vector) {
+  return compress_ciphertext_coefficient_19(vector);
 }
 
 /**
@@ -3083,14 +3083,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_10_170(
+static KRML_MUSTINLINE void compress_then_serialize_10_4d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_70(to_unsigned_field_modulus_88(re->coefficients[i0]));
+        compress_09_8f(to_unsigned_field_modulus_8a(re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -3110,7 +3110,7 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_760(__m256i vector) {
+compress_ciphertext_coefficient_190(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3157,8 +3157,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 11
 */
-static __m256i compress_09_700(__m256i vector) {
-  return compress_ciphertext_coefficient_760(vector);
+static __m256i compress_09_8f0(__m256i vector) {
+  return compress_ciphertext_coefficient_190(vector);
 }
 
 /**
@@ -3168,11 +3168,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b00(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_680(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  compress_then_serialize_10_170(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+  uint8_t result[320U];
+  compress_then_serialize_10_4d0(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3184,7 +3184,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_e81(
+static void compress_then_serialize_u_931(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -3200,7 +3200,7 @@ static void compress_then_serialize_u_e81(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_b00(&re, ret);
+    compress_then_serialize_ring_element_u_680(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -3213,7 +3213,7 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_761(__m256i vector) {
+compress_ciphertext_coefficient_191(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3260,8 +3260,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 4
 */
-static __m256i compress_09_701(__m256i vector) {
-  return compress_ciphertext_coefficient_761(vector);
+static __m256i compress_09_8f1(__m256i vector) {
+  return compress_ciphertext_coefficient_191(vector);
 }
 
 /**
@@ -3270,14 +3270,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_06(
+static KRML_MUSTINLINE void compress_then_serialize_4_aa(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_701(to_unsigned_field_modulus_88(re.coefficients[i0]));
+        compress_09_8f1(to_unsigned_field_modulus_8a(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
     Eurydice_slice_copy(
@@ -3294,7 +3294,7 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_762(__m256i vector) {
+compress_ciphertext_coefficient_192(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3341,8 +3341,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 5
 */
-static __m256i compress_09_702(__m256i vector) {
-  return compress_ciphertext_coefficient_762(vector);
+static __m256i compress_09_8f2(__m256i vector) {
+  return compress_ciphertext_coefficient_192(vector);
 }
 
 /**
@@ -3351,14 +3351,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_7a(
+static KRML_MUSTINLINE void compress_then_serialize_5_fc(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients =
-        compress_09_702(to_unsigned_representative_b5(re.coefficients[i0]));
+        compress_09_8f2(to_unsigned_representative_e5(re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
     Eurydice_slice_copy(
@@ -3375,9 +3375,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f20(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  compress_then_serialize_4_06(re, out);
+  compress_then_serialize_4_aa(re, out);
 }
 
 /**
@@ -3397,7 +3397,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key,
+static void encrypt_unpacked_ec1(IndCpaPublicKeyUnpacked_a0 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness,
                                  uint8_t ret[1088U]) {
@@ -3406,7 +3406,7 @@ static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U);
+  tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_481(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -3416,7 +3416,7 @@ static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_b0 uu____3 =
-      sample_ring_element_cbd_a01(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_6a1(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   memcpy(
       error_1, uu____3.fst,
@@ -3430,25 +3430,25 @@ static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key,
       sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
-  compute_vector_u_3c1(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_421(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_12(copy_of_message);
+      deserialize_then_decompress_message_6f(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_511(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_d21(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_e81(
+  compress_then_serialize_u_931(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_f20(
+  compress_then_serialize_ring_element_v_7b0(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -3471,10 +3471,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_681(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1088U]) {
   IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891();
-  deserialize_ring_elements_reduced_e71(
+  deserialize_ring_elements_reduced_9f1(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -3488,9 +3488,9 @@ static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  encrypt_unpacked_031(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  encrypt_unpacked_ec1(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -3504,7 +3504,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void kdf_d8_dc1(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_b21(Eurydice_slice shared_secret,
                                        uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3531,11 +3531,11 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_791(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_c51(
+  entropy_preprocess_d8_6c1(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -3545,7 +3545,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41(
       size_t);
   uint8_t ret[32U];
   H_a9_411(Eurydice_array_to_slice(
-               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key),
+               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -3559,19 +3559,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  encrypt_b41(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_681(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_3a1(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_dc1(shared_secret, shared_secret_array);
+  kdf_d8_b21(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -3590,7 +3590,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_uncompressed_ring_element_fe(Eurydice_slice serialized) {
+deserialize_to_uncompressed_ring_element_6e(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -3608,7 +3608,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_secret_key_0d1(
+static KRML_MUSTINLINE void deserialize_secret_key_cf1(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
@@ -3625,15 +3625,11 @@ static KRML_MUSTINLINE void deserialize_secret_key_0d1(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_fe(secret_bytes);
+        deserialize_to_uncompressed_ring_element_6e(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -3644,7 +3640,7 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_6c(__m256i vector) {
+decompress_ciphertext_coefficient_4f(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3688,8 +3684,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 10
 */
-static __m256i decompress_ciphertext_coefficient_09_0f(__m256i vector) {
-  return decompress_ciphertext_coefficient_6c(vector);
+static __m256i decompress_ciphertext_coefficient_09_4c(__m256i vector) {
+  return decompress_ciphertext_coefficient_4f(vector);
 }
 
 /**
@@ -3699,7 +3695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_10_47(Eurydice_slice serialized) {
+deserialize_then_decompress_10_e4(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   LowStar_Ignore_ignore(
       Eurydice_slice_len(
@@ -3712,7 +3708,7 @@ deserialize_then_decompress_10_47(Eurydice_slice serialized) {
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_4c(coefficient);
   }
   return re;
 }
@@ -3724,7 +3720,7 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_6c0(__m256i vector) {
+decompress_ciphertext_coefficient_4f0(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3768,8 +3764,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 11
 */
-static __m256i decompress_ciphertext_coefficient_09_0f0(__m256i vector) {
-  return decompress_ciphertext_coefficient_6c0(vector);
+static __m256i decompress_ciphertext_coefficient_09_4c0(__m256i vector) {
+  return decompress_ciphertext_coefficient_4f0(vector);
 }
 
 /**
@@ -3779,7 +3775,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_11_a8(Eurydice_slice serialized) {
+deserialize_then_decompress_11_39(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
@@ -3787,7 +3783,7 @@ deserialize_then_decompress_11_a8(Eurydice_slice serialized) {
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f0(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_4c0(coefficient);
   }
   return re;
 }
@@ -3799,8 +3795,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_d30(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_47(serialized);
+deserialize_then_decompress_ring_element_u_180(Eurydice_slice serialized) {
+  return deserialize_then_decompress_10_e4(serialized);
 }
 
 /**
@@ -3809,17 +3805,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void ntt_vector_u_090(
+static KRML_MUSTINLINE void ntt_vector_u_b10(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_bc(&zeta_i, re);
-  ntt_at_layer_2_c2(&zeta_i, re);
-  ntt_at_layer_1_09(&zeta_i, re);
-  poly_barrett_reduce_ef_dc(re);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_46(&zeta_i, re);
+  ntt_at_layer_2_53(&zeta_i, re);
+  ntt_at_layer_1_42(&zeta_i, re);
+  poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -3830,7 +3826,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_411(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_b11(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
@@ -3853,15 +3849,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_411(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes);
-    ntt_vector_u_090(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_180(u_bytes);
+    ntt_vector_u_b10(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
-  memcpy(
-      result, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -3872,7 +3864,7 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_6c1(__m256i vector) {
+decompress_ciphertext_coefficient_4f1(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3916,8 +3908,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 4
 */
-static __m256i decompress_ciphertext_coefficient_09_0f1(__m256i vector) {
-  return decompress_ciphertext_coefficient_6c1(vector);
+static __m256i decompress_ciphertext_coefficient_09_4c1(__m256i vector) {
+  return decompress_ciphertext_coefficient_4f1(vector);
 }
 
 /**
@@ -3927,7 +3919,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_4_98(Eurydice_slice serialized) {
+deserialize_then_decompress_4_4d(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
@@ -3935,7 +3927,7 @@ deserialize_then_decompress_4_98(Eurydice_slice serialized) {
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f1(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_4c1(coefficient);
   }
   return re;
 }
@@ -3947,7 +3939,7 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_6c2(__m256i vector) {
+decompress_ciphertext_coefficient_4f2(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3991,8 +3983,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 5
 */
-static __m256i decompress_ciphertext_coefficient_09_0f2(__m256i vector) {
-  return decompress_ciphertext_coefficient_6c2(vector);
+static __m256i decompress_ciphertext_coefficient_09_4c2(__m256i vector) {
+  return decompress_ciphertext_coefficient_4f2(vector);
 }
 
 /**
@@ -4002,7 +3994,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_5_45(Eurydice_slice serialized) {
+deserialize_then_decompress_5_67(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
@@ -4011,7 +4003,7 @@ deserialize_then_decompress_5_45(Eurydice_slice serialized) {
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
     re.coefficients[i0] =
-        decompress_ciphertext_coefficient_09_0f2(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_09_4c2(re.coefficients[i0]);
   }
   return re;
 }
@@ -4023,8 +4015,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_98(serialized);
+deserialize_then_decompress_ring_element_v_3d0(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_4d(serialized);
 }
 
 /**
@@ -4039,7 +4031,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-subtract_reduce_ef_73(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
+subtract_reduce_ef_07(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -4061,17 +4053,17 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7e1(
+compute_message_c31(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_311(&result, &product););
-  invert_ntt_montgomery_801(&result);
-  result = subtract_reduce_ef_73(v, result);
+                      ntt_multiply_ef_d5(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_aa1(&result, &product););
+  invert_ntt_montgomery_401(&result);
+  result = subtract_reduce_ef_07(v, result);
   return result;
 }
 
@@ -4081,12 +4073,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_83(
+static KRML_MUSTINLINE void compress_then_serialize_message_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
-      __m256i coefficient = to_unsigned_field_modulus_88(re.coefficients[i0]);
+      __m256i coefficient = to_unsigned_field_modulus_8a(re.coefficients[i0]);
       __m256i coefficient_compressed =
           libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
       uint8_t bytes[2U];
@@ -4111,18 +4103,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_461(IndCpaPrivateKeyUnpacked_a0 *secret_key,
+static void decrypt_unpacked_981(IndCpaPrivateKeyUnpacked_a0 *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
-  deserialize_then_decompress_u_411(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_b11(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_860(
+      deserialize_then_decompress_ring_element_v_3d0(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_7e1(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_c31(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_83(message, ret0);
+  compress_then_serialize_message_6c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -4136,10 +4128,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_361(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-  deserialize_secret_key_0d1(secret_key, secret_as_ntt);
+  deserialize_secret_key_cf1(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -4149,9 +4141,9 @@ static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  decrypt_unpacked_461(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  decrypt_unpacked_981(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -4202,7 +4194,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_6f1(
+void libcrux_ml_kem_ind_cca_decapsulate_cd1(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -4220,7 +4212,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f1(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_361(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -4242,7 +4234,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f1(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
@@ -4252,17 +4244,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f1(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_b41(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_681(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_dc1(Eurydice_array_to_slice(
+  kdf_d8_b21(Eurydice_array_to_slice(
                  (size_t)32U, implicit_rejection_shared_secret0, uint8_t),
              implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_dc1(shared_secret0, shared_secret1);
+  kdf_d8_b21(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4277,7 +4269,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -4291,7 +4283,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_d7(ring_element);
+        deserialize_to_reduced_ring_element_65(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -4302,13 +4294,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_000(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_190(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_e7(public_key, deserialized_pk);
+  deserialize_ring_elements_reduced_9f(public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
   memcpy(
       result, deserialized_pk,
@@ -4325,7 +4317,7 @@ with const generics
 - K= 4
 - OUT_LEN= 1536
 */
-static KRML_MUSTINLINE void serialize_secret_key_05(
+static KRML_MUSTINLINE void serialize_secret_key_23(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[1536U]) {
   uint8_t out[1536U] = {0U};
@@ -4343,13 +4335,11 @@ static KRML_MUSTINLINE void serialize_secret_key_05(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_b8(&re, ret0);
+    serialize_uncompressed_ring_element_09(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[1536U];
-  memcpy(result, out, (size_t)1536U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1536U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)1536U * sizeof(uint8_t));
 }
 
 /**
@@ -4360,13 +4350,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_07(
+static KRML_MUSTINLINE void serialize_public_key_mut_ff(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1536U, uint8_t);
   uint8_t ret[1536U];
-  serialize_secret_key_05(t_as_ntt, ret);
+  serialize_secret_key_23(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -4383,14 +4373,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_e5(
+static KRML_MUSTINLINE void serialize_public_key_16(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
   uint8_t public_key_serialized[1568U] = {0U};
-  serialize_public_key_mut_07(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1568U];
-  memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  serialize_public_key_mut_ff(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4401,15 +4389,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_db0(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
-  deserialize_ring_elements_reduced_out_000(
+  deserialize_ring_elements_reduced_out_190(
       Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_e5(
+  serialize_public_key_16(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
                                       uint8_t, size_t),
@@ -4439,7 +4427,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_e10(
+bool libcrux_ml_kem_ind_cca_validate_private_key_a80(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
   uint8_t t[32U];
@@ -4559,7 +4547,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_10(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_6b(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -5029,7 +5017,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_08(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_68(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5039,6 +5027,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_08(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -5048,7 +5038,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_08(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -5071,7 +5061,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7(
+static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_48(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
@@ -5080,18 +5070,18 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_08(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_68(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_71 result;
+  tuple_71 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -5105,7 +5095,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_31(
+static KRML_MUSTINLINE void add_to_ring_element_ef_aa(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -5125,7 +5115,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_As_plus_e_67(
+static KRML_MUSTINLINE void compute_As_plus_e_b6(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -5152,10 +5142,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_67(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_31(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_d5(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_aa(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_e7(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -5168,12 +5158,12 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_4a(
+static void generate_keypair_unpacked_a2(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_01 *private_key,
     IndCpaPublicKeyUnpacked_01 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_10(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_6b(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5193,17 +5183,17 @@ static void generate_keypair_unpacked_4a(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_08(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_68(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_48(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_67(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_b6(public_key->t_as_ntt, public_key->A,
                        private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -5228,14 +5218,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c();
   IndCpaPublicKeyUnpacked_01 public_key = default_8d_89();
-  generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_a2(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_e5(
+  serialize_public_key_16(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_23(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -5244,12 +5234,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470(
   uint8_t copy_of_public_key_serialized[1568U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair1024 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1536U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -5259,7 +5249,7 @@ with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_710(
+static KRML_MUSTINLINE void serialize_kem_secret_key_7b0(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
   uint8_t out[3168U] = {0U};
@@ -5315,7 +5305,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5330,7 +5320,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
   uint8_t public_key[1568U];
   memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
   uint8_t secret_key_serialized[3168U];
-  serialize_kem_secret_key_710(
+  serialize_kem_secret_key_7b0(
       Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5339,13 +5329,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
-      libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_781(
-      uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f61(
+      uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key));
 }
 
 /**
@@ -5358,7 +5348,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_c50(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_6c0(Eurydice_slice randomness,
                                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5375,7 +5365,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_71
-sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_6a(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   error_1[i] = ZERO_ef_05(););
@@ -5386,6 +5376,8 @@ sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -5402,12 +5394,12 @@ sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_71 result;
+  tuple_71 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -5431,18 +5423,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_80(
+static KRML_MUSTINLINE void invert_ntt_montgomery_40(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_a3(&zeta_i, re);
-  invert_ntt_at_layer_2_cd(&zeta_i, re);
-  invert_ntt_at_layer_3_d7(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_dc(re);
+  invert_ntt_at_layer_1_78(&zeta_i, re);
+  invert_ntt_at_layer_2_2c(&zeta_i, re);
+  invert_ntt_at_layer_3_73(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -5451,7 +5443,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_vector_u_3c(
+static KRML_MUSTINLINE void compute_vector_u_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
@@ -5478,11 +5470,11 @@ static KRML_MUSTINLINE void compute_vector_u_3c(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_31(&result[i1], &product);
+          ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_aa(&result[i1], &product);
     }
-    invert_ntt_montgomery_80(&result[i1]);
-    add_error_reduce_ef_05(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_40(&result[i1]);
+    add_error_reduce_ef_ee(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -5496,7 +5488,7 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_51(
+compute_ring_element_v_d2(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -5504,10 +5496,10 @@ compute_ring_element_v_51(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_31(&result, &product););
-  invert_ntt_montgomery_80(&result);
-  result = add_message_error_reduce_ef_b9(error_2, message, result);
+                      ntt_multiply_ef_d5(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_aa(&result, &product););
+  invert_ntt_montgomery_40(&result);
+  result = add_message_error_reduce_ef_a6(error_2, message, result);
   return result;
 }
 
@@ -5517,14 +5509,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_11_b8(
+static KRML_MUSTINLINE void compress_then_serialize_11_fd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
   uint8_t serialized[352U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_700(to_unsigned_representative_b5(re->coefficients[i0]));
+        compress_09_8f0(to_unsigned_representative_e5(re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -5542,11 +5534,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 11
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_68(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
-  uint8_t uu____0[352U];
-  compress_then_serialize_11_b8(re, uu____0);
-  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
+  uint8_t result[352U];
+  compress_then_serialize_11_fd(re, result);
+  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
 }
 
 /**
@@ -5558,7 +5550,7 @@ with const generics
 - COMPRESSION_FACTOR= 11
 - BLOCK_LEN= 352
 */
-static void compress_then_serialize_u_e8(
+static void compress_then_serialize_u_93(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -5574,7 +5566,7 @@ static void compress_then_serialize_u_e8(
         out, i0 * ((size_t)1408U / (size_t)4U),
         (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
-    compress_then_serialize_ring_element_u_b0(&re, ret);
+    compress_then_serialize_ring_element_u_68(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
   }
@@ -5587,9 +5579,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f2(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  compress_then_serialize_5_7a(re, out);
+  compress_then_serialize_5_fc(re, out);
 }
 
 /**
@@ -5609,7 +5601,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key,
+static void encrypt_unpacked_ec(IndCpaPublicKeyUnpacked_01 *public_key,
                                 uint8_t message[32U], Eurydice_slice randomness,
                                 uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
@@ -5617,7 +5609,7 @@ static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U);
+  tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_48(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -5627,7 +5619,7 @@ static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_71 uu____3 =
-      sample_ring_element_cbd_a0(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_6a(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U];
   memcpy(
       error_1, uu____3.fst,
@@ -5641,25 +5633,25 @@ static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key,
       sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U];
-  compute_vector_u_3c(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_42(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_12(copy_of_message);
+      deserialize_then_decompress_message_6f(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_51(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_d2(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U];
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_e8(
+  compress_then_serialize_u_93(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_f2(
+  compress_then_serialize_ring_element_v_7b(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -5682,10 +5674,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_680(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1568U]) {
   IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89();
-  deserialize_ring_elements_reduced_e7(
+  deserialize_ring_elements_reduced_9f(
       Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -5699,9 +5691,9 @@ static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1568U];
-  encrypt_unpacked_03(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  uint8_t ret1[1568U];
+  encrypt_unpacked_ec(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -5715,7 +5707,7 @@ with const generics
 - K= 4
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE void kdf_d8_dc0(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_b20(Eurydice_slice shared_secret,
                                        uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5742,11 +5734,11 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_790(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_c50(
+  entropy_preprocess_d8_6c0(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5756,7 +5748,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40(
       size_t);
   uint8_t ret[32U];
   H_a9_41(Eurydice_array_to_slice(
-              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key),
+              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key),
               uint8_t),
           ret);
   Eurydice_slice_copy(
@@ -5770,19 +5762,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t);
+      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1568U];
-  encrypt_b40(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_680(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
-      libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_3a(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_dc0(shared_secret, shared_secret_array);
+  kdf_d8_b20(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -5800,7 +5792,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_secret_key_0d0(
+static KRML_MUSTINLINE void deserialize_secret_key_cf0(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
@@ -5817,15 +5809,11 @@ static KRML_MUSTINLINE void deserialize_secret_key_0d0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_fe(secret_bytes);
+        deserialize_to_uncompressed_ring_element_6e(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -5836,8 +5824,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_d3(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_a8(serialized);
+deserialize_then_decompress_ring_element_u_18(Eurydice_slice serialized) {
+  return deserialize_then_decompress_11_39(serialized);
 }
 
 /**
@@ -5846,17 +5834,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void ntt_vector_u_09(
+static KRML_MUSTINLINE void ntt_vector_u_b1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_bc(&zeta_i, re);
-  ntt_at_layer_2_c2(&zeta_i, re);
-  ntt_at_layer_1_09(&zeta_i, re);
-  poly_barrett_reduce_ef_dc(re);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_46(&zeta_i, re);
+  ntt_at_layer_2_53(&zeta_i, re);
+  ntt_at_layer_1_42(&zeta_i, re);
+  poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -5867,7 +5855,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1568
 - U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_41(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_b1(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
@@ -5890,15 +5878,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_41(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)11U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d3(u_bytes);
-    ntt_vector_u_09(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_18(u_bytes);
+    ntt_vector_u_b1(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
   memcpy(
-      result, u_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -5909,8 +5893,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_45(serialized);
+deserialize_then_decompress_ring_element_v_3d(Eurydice_slice serialized) {
+  return deserialize_then_decompress_5_67(serialized);
 }
 
 /**
@@ -5920,17 +5904,17 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7e(
+compute_message_c3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_31(&result, &product););
-  invert_ntt_montgomery_80(&result);
-  result = subtract_reduce_ef_73(v, result);
+                      ntt_multiply_ef_d5(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_aa(&result, &product););
+  invert_ntt_montgomery_40(&result);
+  result = subtract_reduce_ef_07(v, result);
   return result;
 }
 
@@ -5944,18 +5928,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_unpacked_46(IndCpaPrivateKeyUnpacked_01 *secret_key,
+static void decrypt_unpacked_98(IndCpaPrivateKeyUnpacked_01 *secret_key,
                                 uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
-  deserialize_then_decompress_u_41(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_b1(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_86(
+      deserialize_then_decompress_ring_element_v_3d(
           Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                           (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_7e(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_c3(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_83(message, ret0);
+  compress_then_serialize_message_6c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5969,10 +5953,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_360(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
-  deserialize_secret_key_0d0(secret_key, secret_as_ntt);
+  deserialize_secret_key_cf0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -5982,9 +5966,9 @@ static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  decrypt_unpacked_46(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  decrypt_unpacked_98(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -6023,7 +6007,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_6f0(
+void libcrux_ml_kem_ind_cca_decapsulate_cd0(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -6041,7 +6025,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_360(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -6063,7 +6047,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f0(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
@@ -6073,17 +6057,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_b40(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_680(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_dc0(Eurydice_array_to_slice(
+  kdf_d8_b20(Eurydice_array_to_slice(
                  (size_t)32U, implicit_rejection_shared_secret0, uint8_t),
              implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_dc0(shared_secret0, shared_secret1);
+  kdf_d8_b20(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_be(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6098,7 +6082,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -6112,7 +6096,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_d7(ring_element);
+        deserialize_to_reduced_ring_element_65(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -6123,13 +6107,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_00(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_19(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_e70(public_key, deserialized_pk);
+  deserialize_ring_elements_reduced_9f0(public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
   memcpy(
       result, deserialized_pk,
@@ -6146,7 +6130,7 @@ with const generics
 - K= 2
 - OUT_LEN= 768
 */
-static KRML_MUSTINLINE void serialize_secret_key_050(
+static KRML_MUSTINLINE void serialize_secret_key_230(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[768U]) {
   uint8_t out[768U] = {0U};
@@ -6164,13 +6148,11 @@ static KRML_MUSTINLINE void serialize_secret_key_050(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_b8(&re, ret0);
+    serialize_uncompressed_ring_element_09(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[768U];
-  memcpy(result, out, (size_t)768U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -6181,13 +6163,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_070(
+static KRML_MUSTINLINE void serialize_public_key_mut_ff0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)768U, uint8_t);
   uint8_t ret[768U];
-  serialize_secret_key_050(t_as_ntt, ret);
+  serialize_secret_key_230(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -6204,14 +6186,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_e50(
+static KRML_MUSTINLINE void serialize_public_key_160(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[800U]) {
   uint8_t public_key_serialized[800U] = {0U};
-  serialize_public_key_mut_070(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[800U];
-  memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
+  serialize_public_key_mut_ff0(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
 }
 
 /**
@@ -6222,15 +6202,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_db(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
-  deserialize_ring_elements_reduced_out_00(
+  deserialize_ring_elements_reduced_out_19(
       Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[800U];
-  serialize_public_key_e50(
+  serialize_public_key_160(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
                                       uint8_t, size_t),
@@ -6260,7 +6240,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_e1(
+bool libcrux_ml_kem_ind_cca_validate_private_key_a8(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
   uint8_t t[32U];
@@ -6366,7 +6346,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_100(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_6b0(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -6829,7 +6809,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_080(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_680(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6839,6 +6819,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_080(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -6848,7 +6830,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_080(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_d70(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6871,7 +6853,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70(
+static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_480(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
@@ -6880,18 +6862,18 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_080(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_680(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_74 result;
+  tuple_74 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -6905,7 +6887,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_310(
+static KRML_MUSTINLINE void add_to_ring_element_ef_aa0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -6925,7 +6907,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_As_plus_e_670(
+static KRML_MUSTINLINE void compute_As_plus_e_b60(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -6952,10 +6934,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_670(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_310(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_d5(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_aa0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_e7(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6968,12 +6950,12 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static void generate_keypair_unpacked_4a0(
+static void generate_keypair_unpacked_a20(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_d6 *private_key,
     IndCpaPublicKeyUnpacked_d6 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_100(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_6b0(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6993,17 +6975,17 @@ static void generate_keypair_unpacked_4a0(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_080(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_680(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_480(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_670(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_b60(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -7028,14 +7010,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0();
   IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890();
-  generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_a20(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[800U];
-  serialize_public_key_e50(
+  serialize_public_key_160(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_050(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_230(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7044,12 +7026,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47(
   uint8_t copy_of_public_key_serialized[800U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair512 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair512 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)768U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -7059,7 +7041,7 @@ with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_71(
+static KRML_MUSTINLINE void serialize_kem_secret_key_7b(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
   uint8_t out[1632U] = {0U};
@@ -7114,7 +7096,7 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd(
     uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
@@ -7130,7 +7112,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2(
   uint8_t public_key[800U];
   memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
   uint8_t secret_key_serialized[1632U];
-  serialize_kem_secret_key_71(
+  serialize_kem_secret_key_7b(
       Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -7139,13 +7121,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2(
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
-      libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_78(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f6(
+      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
 }
 
 /**
@@ -7158,7 +7140,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_c5(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_6c(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7221,7 +7203,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_74
-sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_6a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   error_1[i] = ZERO_ef_05(););
@@ -7232,6 +7214,8 @@ sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -7248,12 +7232,12 @@ sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_74 result;
+  tuple_74 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -7277,18 +7261,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_800(
+static KRML_MUSTINLINE void invert_ntt_montgomery_400(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_a3(&zeta_i, re);
-  invert_ntt_at_layer_2_cd(&zeta_i, re);
-  invert_ntt_at_layer_3_d7(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_dc(re);
+  invert_ntt_at_layer_1_78(&zeta_i, re);
+  invert_ntt_at_layer_2_2c(&zeta_i, re);
+  invert_ntt_at_layer_3_73(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -7297,7 +7281,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_vector_u_3c0(
+static KRML_MUSTINLINE void compute_vector_u_420(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
@@ -7324,11 +7308,11 @@ static KRML_MUSTINLINE void compute_vector_u_3c0(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_310(&result[i1], &product);
+          ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_aa0(&result[i1], &product);
     }
-    invert_ntt_montgomery_800(&result[i1]);
-    add_error_reduce_ef_05(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_400(&result[i1]);
+    add_error_reduce_ef_ee(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -7342,7 +7326,7 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_510(
+compute_ring_element_v_d20(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -7350,10 +7334,10 @@ compute_ring_element_v_510(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_310(&result, &product););
-  invert_ntt_montgomery_800(&result);
-  result = add_message_error_reduce_ef_b9(error_2, message, result);
+                      ntt_multiply_ef_d5(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_aa0(&result, &product););
+  invert_ntt_montgomery_400(&result);
+  result = add_message_error_reduce_ef_a6(error_2, message, result);
   return result;
 }
 
@@ -7366,7 +7350,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_e80(
+static void compress_then_serialize_u_930(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -7382,7 +7366,7 @@ static void compress_then_serialize_u_e80(
         out, i0 * ((size_t)640U / (size_t)2U),
         (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_b00(&re, ret);
+    compress_then_serialize_ring_element_u_680(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -7405,7 +7389,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key,
+static void encrypt_unpacked_ec0(IndCpaPublicKeyUnpacked_d6 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
@@ -7413,7 +7397,7 @@ static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U);
+  tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_480(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -7423,7 +7407,7 @@ static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_74 uu____3 =
-      sample_ring_element_cbd_a00(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_6a0(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U];
   memcpy(
       error_1, uu____3.fst,
@@ -7437,25 +7421,25 @@ static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key,
       sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U];
-  compute_vector_u_3c0(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_420(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_12(copy_of_message);
+      deserialize_then_decompress_message_6f(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_510(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_d20(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U];
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_e80(
+  compress_then_serialize_u_930(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_f20(
+  compress_then_serialize_ring_element_v_7b0(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -7478,10 +7462,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_68(Eurydice_slice public_key, uint8_t message[32U],
                        Eurydice_slice randomness, uint8_t ret[768U]) {
   IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890();
-  deserialize_ring_elements_reduced_e70(
+  deserialize_ring_elements_reduced_9f0(
       Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -7495,9 +7479,9 @@ static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[768U];
-  encrypt_unpacked_030(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
+  uint8_t ret1[768U];
+  encrypt_unpacked_ec0(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -7511,7 +7495,7 @@ with const generics
 - K= 2
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE void kdf_d8_dc(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_b2(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7538,11 +7522,11 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_79(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_c5(
+  entropy_preprocess_d8_6c(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -7552,7 +7536,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4(
       size_t);
   uint8_t ret[32U];
   H_a9_410(Eurydice_array_to_slice(
-               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key),
+               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -7566,19 +7550,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t);
+      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[768U];
-  encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_68(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
-      libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_3a0(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_dc(shared_secret, shared_secret_array);
+  kdf_d8_b2(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -7596,7 +7580,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_secret_key_0d(
+static KRML_MUSTINLINE void deserialize_secret_key_cf(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
@@ -7613,15 +7597,11 @@ static KRML_MUSTINLINE void deserialize_secret_key_0d(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_fe(secret_bytes);
+        deserialize_to_uncompressed_ring_element_6e(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -7633,7 +7613,7 @@ with const generics
 - CIPHERTEXT_SIZE= 768
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_410(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_b10(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
@@ -7656,15 +7636,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_410(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes);
-    ntt_vector_u_090(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_180(u_bytes);
+    ntt_vector_u_b10(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
   memcpy(
-      result, u_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -7675,17 +7651,17 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7e0(
+compute_message_c30(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_310(&result, &product););
-  invert_ntt_montgomery_800(&result);
-  result = subtract_reduce_ef_73(v, result);
+                      ntt_multiply_ef_d5(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_aa0(&result, &product););
+  invert_ntt_montgomery_400(&result);
+  result = subtract_reduce_ef_07(v, result);
   return result;
 }
 
@@ -7699,18 +7675,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_460(IndCpaPrivateKeyUnpacked_d6 *secret_key,
+static void decrypt_unpacked_980(IndCpaPrivateKeyUnpacked_d6 *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
-  deserialize_then_decompress_u_410(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_b10(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_860(
+      deserialize_then_decompress_ring_element_v_3d0(
           Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                           (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_7e0(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_c30(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_83(message, ret0);
+  compress_then_serialize_message_6c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7724,10 +7700,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_36(Eurydice_slice secret_key, uint8_t *ciphertext,
                        uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
-  deserialize_secret_key_0d(secret_key, secret_as_ntt);
+  deserialize_secret_key_cf(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U];
   memcpy(
@@ -7737,9 +7713,9 @@ static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  decrypt_unpacked_460(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  decrypt_unpacked_980(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7778,7 +7754,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_6f(
+void libcrux_ml_kem_ind_cca_decapsulate_cd(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -7796,7 +7772,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_36(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -7818,7 +7794,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
@@ -7828,16 +7804,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_6f(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_68(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_dc(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_b2(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_dc(shared_secret0, shared_secret1);
+  kdf_d8_b2(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index ce38cd383..7f1adf92e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 3bc08594b..12ab2b9e6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -1152,7 +1152,9 @@ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
   int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
+  int16_t r0 = shifted_positive_in_range >> 15U;
+  int16_t r1 = r0 & (int16_t)1;
+  return (uint8_t)r1;
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2388,7 +2390,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_reduced_ring_element_01(Eurydice_slice serialized) {
+deserialize_to_reduced_ring_element_60(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -2410,7 +2412,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_75(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -2424,7 +2426,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_75(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_01(ring_element);
+        deserialize_to_reduced_ring_element_60(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -2435,13 +2437,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_75(public_key, deserialized_pk);
+  deserialize_ring_elements_reduced_ed(public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
   memcpy(
       result, deserialized_pk,
@@ -2457,7 +2459,7 @@ with const generics
 - SHIFT_BY= 15
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_38(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+shift_right_3c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -2476,8 +2478,8 @@ with const generics
 - SHIFT_BY= 15
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_0d_6b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return shift_right_38(v);
+shift_right_0d_3e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+  return shift_right_3c(v);
 }
 
 /**
@@ -2487,10 +2489,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_representative_9f(
+to_unsigned_representative_30(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      shift_right_0d_6b(a);
+      shift_right_0d_3e(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
       libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -2504,10 +2506,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_field_modulus_c4(
+to_unsigned_field_modulus_05(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      to_unsigned_representative_9f(a);
+      to_unsigned_representative_30(a);
   return result;
 }
 
@@ -2517,14 +2519,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c6(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_13(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        to_unsigned_field_modulus_c4(re->coefficients[i0]);
+        to_unsigned_field_modulus_05(re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -2544,7 +2546,7 @@ with const generics
 - K= 4
 - OUT_LEN= 1536
 */
-static KRML_MUSTINLINE void serialize_secret_key_1d(
+static KRML_MUSTINLINE void serialize_secret_key_9e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[1536U]) {
   uint8_t out[1536U] = {0U};
@@ -2562,13 +2564,11 @@ static KRML_MUSTINLINE void serialize_secret_key_1d(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_c6(&re, ret0);
+    serialize_uncompressed_ring_element_13(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[1536U];
-  memcpy(result, out, (size_t)1536U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1536U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)1536U * sizeof(uint8_t));
 }
 
 /**
@@ -2579,13 +2579,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_12(
+static KRML_MUSTINLINE void serialize_public_key_mut_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1536U, uint8_t);
   uint8_t ret[1536U];
-  serialize_secret_key_1d(t_as_ntt, ret);
+  serialize_secret_key_9e(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -2602,14 +2602,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_e9(
+static KRML_MUSTINLINE void serialize_public_key_fd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
   uint8_t public_key_serialized[1568U] = {0U};
-  serialize_public_key_mut_12(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1568U];
-  memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -2620,15 +2618,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
-  deserialize_ring_elements_reduced_out_fa1(
+  deserialize_ring_elements_reduced_out_661(
       Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_e9(
+  serialize_public_key_fd(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
                                       uint8_t, size_t),
@@ -2658,7 +2656,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_c0(
+bool libcrux_ml_kem_ind_cca_validate_private_key_99(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
   uint8_t t[32U];
@@ -2778,7 +2776,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_e4(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_28(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -3340,7 +3338,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_97(
+static KRML_MUSTINLINE void ntt_at_layer_7_5f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -3368,7 +3366,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-montgomery_multiply_fe_ad(
+montgomery_multiply_fe_5d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
                                                                            fer);
@@ -3382,12 +3380,12 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    ntt_layer_int_vec_step_57(
+    ntt_layer_int_vec_step_31(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      montgomery_multiply_fe_ad(b, zeta_r);
+      montgomery_multiply_fe_5d(b, zeta_r);
   b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
   a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
   return (
@@ -3401,7 +3399,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_bf(
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_64(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3414,7 +3412,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_bf(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          ntt_layer_int_vec_step_57(
+          ntt_layer_int_vec_step_31(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3431,7 +3429,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_b8(
+static KRML_MUSTINLINE void ntt_at_layer_3_7b(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3449,7 +3447,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_34(
+static KRML_MUSTINLINE void ntt_at_layer_2_ea(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3468,7 +3466,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_21(
+static KRML_MUSTINLINE void ntt_at_layer_1_76(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3494,7 +3492,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_b4(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_e7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -3512,17 +3510,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_36(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_62(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
-  ntt_at_layer_7_97(re);
+  ntt_at_layer_7_5f(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_b8(&zeta_i, re);
-  ntt_at_layer_2_34(&zeta_i, re);
-  ntt_at_layer_1_21(&zeta_i, re);
-  poly_barrett_reduce_ef_b4(re);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_7b(&zeta_i, re);
+  ntt_at_layer_2_ea(&zeta_i, re);
+  ntt_at_layer_1_76(&zeta_i, re);
+  poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -3534,7 +3532,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f7(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_76(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -3544,6 +3542,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f7(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -3553,7 +3553,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f7(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -3577,7 +3577,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44(
+static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_15(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
@@ -3586,18 +3586,18 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_f7(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_76(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_710 result;
+  tuple_710 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3612,7 +3612,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
+ntt_multiply_ef_66(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
@@ -3644,7 +3644,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_3a(
+static KRML_MUSTINLINE void add_to_ring_element_ef_59(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -3669,7 +3669,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_standard_domain_73(
+to_standard_domain_c1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -3686,14 +3686,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_69(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_73(self->coefficients[j]);
+        coefficient_normal_form = to_standard_domain_c1(self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3708,7 +3708,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_As_plus_e_f0(
+static KRML_MUSTINLINE void compute_As_plus_e_6a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -3735,10 +3735,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_3a(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_66(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_59(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_6c(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -3751,12 +3751,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_86(
+static void generate_keypair_unpacked_1a(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_42 *private_key,
     IndCpaPublicKeyUnpacked_42 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_e4(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_28(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -3776,17 +3776,17 @@ static void generate_keypair_unpacked_86(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_f7(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_76(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_15(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_6a(public_key->t_as_ntt, public_key->A,
                        private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -3811,14 +3811,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9();
   IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1();
-  generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_1a(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_e9(
+  serialize_public_key_fd(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_9e(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -3827,12 +3827,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081(
   uint8_t copy_of_public_key_serialized[1568U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair1024 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1536U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -3842,7 +3842,7 @@ with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_50(
+static KRML_MUSTINLINE void serialize_kem_secret_key_64(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
   uint8_t out[3168U] = {0U};
@@ -3898,7 +3898,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -3913,7 +3913,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]) {
   uint8_t public_key[1568U];
   memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
   uint8_t secret_key_serialized[3168U];
-  serialize_kem_secret_key_50(
+  serialize_kem_secret_key_64(
       Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -3922,13 +3922,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
-      libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_781(
-      uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f61(
+      uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key));
 }
 
 /**
@@ -3941,7 +3941,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_b3(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_5f(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3959,7 +3959,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_710
-sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_22(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   error_1[i] = ZERO_ef_1b(););
@@ -3970,6 +3970,8 @@ sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -3986,12 +3988,12 @@ sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_710 result;
+  tuple_710 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -4027,7 +4029,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_19(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_ed(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4048,7 +4050,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_f7(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_30(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4067,7 +4069,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_77(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_2f(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4087,7 +4089,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    inv_ntt_layer_int_vec_step_reduce_97(
+    inv_ntt_layer_int_vec_step_reduce_2b(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
@@ -4095,7 +4097,7 @@ static KRML_MUSTINLINE
       libcrux_ml_kem_vector_portable_sub_0d(b, &a);
   a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
       libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = montgomery_multiply_fe_ad(a_minus_b, zeta_r);
+  b = montgomery_multiply_fe_5d(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -4107,7 +4109,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7a(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -4122,7 +4124,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_97(
+          inv_ntt_layer_int_vec_step_reduce_2b(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -4139,18 +4141,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_8c(
+static KRML_MUSTINLINE void invert_ntt_montgomery_fa(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_19(&zeta_i, re);
-  invert_ntt_at_layer_2_f7(&zeta_i, re);
-  invert_ntt_at_layer_3_77(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_b4(re);
+  invert_ntt_at_layer_1_ed(&zeta_i, re);
+  invert_ntt_at_layer_2_30(&zeta_i, re);
+  invert_ntt_at_layer_3_2f(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -4164,7 +4166,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_da(
+static KRML_MUSTINLINE void add_error_reduce_ef_0d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
@@ -4188,7 +4190,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_vector_u_d2(
+static KRML_MUSTINLINE void compute_vector_u_a3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
@@ -4215,11 +4217,11 @@ static KRML_MUSTINLINE void compute_vector_u_d2(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_3a(&result[i1], &product);
+          ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_59(&result[i1], &product);
     }
-    invert_ntt_montgomery_8c(&result[i1]);
-    add_error_reduce_ef_da(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_fa(&result[i1]);
+    add_error_reduce_ef_0d(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -4233,7 +4235,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_1_4a(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+decompress_1_16(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
       libcrux_ml_kem_vector_portable_ZERO_0d();
   libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
@@ -4251,7 +4253,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_message_5e(uint8_t serialized[32U]) {
+deserialize_then_decompress_message_97(uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
@@ -4262,7 +4264,7 @@ deserialize_then_decompress_message_5e(uint8_t serialized[32U]) {
                                               (size_t)2U * i0 + (size_t)2U,
                                               uint8_t));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-          decompress_1_4a(coefficient_compressed);
+          decompress_1_16(coefficient_compressed);
       re.coefficients[i0] = uu____0;);
   return re;
 }
@@ -4279,7 +4281,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-add_message_error_reduce_ef_5c(
+add_message_error_reduce_ef_b4(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
@@ -4309,7 +4311,7 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_95(
+compute_ring_element_v_da(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -4317,10 +4319,10 @@ compute_ring_element_v_95(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_3a(&result, &product););
-  invert_ntt_montgomery_8c(&result);
-  result = add_message_error_reduce_ef_5c(error_2, message, result);
+                      ntt_multiply_ef_66(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_59(&result, &product););
+  invert_ntt_montgomery_fa(&result);
+  result = add_message_error_reduce_ef_b4(error_2, message, result);
   return result;
 }
 
@@ -4330,7 +4332,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_6a(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_de(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4351,9 +4353,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_83(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_48(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_6a(a);
+  return compress_de(a);
 }
 
 /**
@@ -4362,7 +4364,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_6a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_de0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4384,8 +4386,8 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_830(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_6a0(a);
+compress_0d_480(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_de0(a);
 }
 
 /**
@@ -4394,14 +4396,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_11_00(
+static KRML_MUSTINLINE void compress_then_serialize_11_f3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
   uint8_t serialized[352U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_830(to_unsigned_representative_9f(re->coefficients[i0]));
+        compress_0d_480(to_unsigned_representative_30(re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -4419,11 +4421,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 11
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_39(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_e0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
-  uint8_t uu____0[352U];
-  compress_then_serialize_11_00(re, uu____0);
-  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
+  uint8_t result[352U];
+  compress_then_serialize_11_f3(re, result);
+  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
 }
 
 /**
@@ -4435,7 +4437,7 @@ with const generics
 - COMPRESSION_FACTOR= 11
 - BLOCK_LEN= 352
 */
-static void compress_then_serialize_u_54(
+static void compress_then_serialize_u_0f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -4451,7 +4453,7 @@ static void compress_then_serialize_u_54(
         out, i0 * ((size_t)1408U / (size_t)4U),
         (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
-    compress_then_serialize_ring_element_u_39(&re, ret);
+    compress_then_serialize_ring_element_u_e0(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
   }
@@ -4463,7 +4465,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_6a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_de1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4485,8 +4487,8 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_831(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_6a1(a);
+compress_0d_481(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_de1(a);
 }
 
 /**
@@ -4495,14 +4497,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_df(
+static KRML_MUSTINLINE void compress_then_serialize_4_71(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_831(to_unsigned_field_modulus_c4(re.coefficients[i0]));
+        compress_0d_481(to_unsigned_field_modulus_05(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
     Eurydice_slice_copy(
@@ -4518,7 +4520,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_6a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_de2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4540,8 +4542,8 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_832(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_6a2(a);
+compress_0d_482(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_de2(a);
 }
 
 /**
@@ -4550,14 +4552,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_51(
+static KRML_MUSTINLINE void compress_then_serialize_5_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        compress_0d_832(to_unsigned_representative_9f(re.coefficients[i0]));
+        compress_0d_482(to_unsigned_representative_30(re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
     Eurydice_slice_copy(
@@ -4574,9 +4576,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  compress_then_serialize_5_51(re, out);
+  compress_then_serialize_5_42(re, out);
 }
 
 /**
@@ -4597,7 +4599,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key,
+static void encrypt_unpacked_15(IndCpaPublicKeyUnpacked_42 *public_key,
                                 uint8_t message[32U], Eurydice_slice randomness,
                                 uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
@@ -4605,7 +4607,7 @@ static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U);
+  tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_15(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -4615,7 +4617,7 @@ static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_710 uu____3 =
-      sample_ring_element_cbd_23(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_22(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
   memcpy(
       error_1, uu____3.fst,
@@ -4629,25 +4631,25 @@ static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key,
       sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U];
-  compute_vector_u_d2(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_a3(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_5e(copy_of_message);
+      deserialize_then_decompress_message_97(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_95(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_da(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U];
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_54(
+  compress_then_serialize_u_0f(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_ce(
+  compress_then_serialize_ring_element_v_e3(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -4671,10 +4673,10 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_dc1(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1568U]) {
   IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1();
-  deserialize_ring_elements_reduced_75(
+  deserialize_ring_elements_reduced_ed(
       Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -4688,9 +4690,9 @@ static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1568U];
-  encrypt_unpacked_43(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  uint8_t ret1[1568U];
+  encrypt_unpacked_15(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4704,7 +4706,7 @@ with const generics
 - K= 4
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE void kdf_d8_a6(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_91(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4731,11 +4733,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_1e1(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_b3(
+  entropy_preprocess_d8_5f(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -4745,7 +4747,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1(
       size_t);
   uint8_t ret[32U];
   H_f1_d5(Eurydice_array_to_slice(
-              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key),
+              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key),
               uint8_t),
           ret);
   Eurydice_slice_copy(
@@ -4759,19 +4761,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t);
+      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1568U];
-  encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_dc1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
-      libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_3a(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_a6(shared_secret, shared_secret_array);
+  kdf_d8_91(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -4790,7 +4792,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_uncompressed_ring_element_a4(Eurydice_slice serialized) {
+deserialize_to_uncompressed_ring_element_96(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -4810,7 +4812,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_secret_key_831(
+static KRML_MUSTINLINE void deserialize_secret_key_631(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
@@ -4827,15 +4829,11 @@ static KRML_MUSTINLINE void deserialize_secret_key_831(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_a4(secret_bytes);
+        deserialize_to_uncompressed_ring_element_96(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -4846,18 +4844,18 @@ const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_fe(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_99(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
     decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -4871,9 +4869,9 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_78(
+decompress_ciphertext_coefficient_0d_f5(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_fe(v);
+  return decompress_ciphertext_coefficient_99(v);
 }
 
 /**
@@ -4883,7 +4881,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_10_40(Eurydice_slice serialized) {
+deserialize_then_decompress_10_0d(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   LowStar_Ignore_ignore(
       Eurydice_slice_len(
@@ -4900,7 +4898,7 @@ deserialize_then_decompress_10_40(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_78(coefficient);
+        decompress_ciphertext_coefficient_0d_f5(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4913,18 +4911,18 @@ const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_fe0(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_990(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
     decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -4938,9 +4936,9 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_780(
+decompress_ciphertext_coefficient_0d_f50(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_fe0(v);
+  return decompress_ciphertext_coefficient_990(v);
 }
 
 /**
@@ -4950,7 +4948,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_11_0a(Eurydice_slice serialized) {
+deserialize_then_decompress_11_eb(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
@@ -4960,7 +4958,7 @@ deserialize_then_decompress_11_0a(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_780(coefficient);
+        decompress_ciphertext_coefficient_0d_f50(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4973,8 +4971,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_58(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_0a(serialized);
+deserialize_then_decompress_ring_element_u_91(Eurydice_slice serialized) {
+  return deserialize_then_decompress_11_eb(serialized);
 }
 
 /**
@@ -4983,17 +4981,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void ntt_vector_u_f1(
+static KRML_MUSTINLINE void ntt_vector_u_1a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_b8(&zeta_i, re);
-  ntt_at_layer_2_34(&zeta_i, re);
-  ntt_at_layer_1_21(&zeta_i, re);
-  poly_barrett_reduce_ef_b4(re);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_7b(&zeta_i, re);
+  ntt_at_layer_2_ea(&zeta_i, re);
+  ntt_at_layer_1_76(&zeta_i, re);
+  poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -5004,7 +5002,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1568
 - U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_b1(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_f2(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
@@ -5027,15 +5025,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)11U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_58(u_bytes);
-    ntt_vector_u_f1(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_91(u_bytes);
+    ntt_vector_u_1a(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
   memcpy(
-      result, u_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -5046,18 +5040,18 @@ const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_fe1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_991(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
     decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -5071,9 +5065,9 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_781(
+decompress_ciphertext_coefficient_0d_f51(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_fe1(v);
+  return decompress_ciphertext_coefficient_991(v);
 }
 
 /**
@@ -5083,7 +5077,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_4_dd(Eurydice_slice serialized) {
+deserialize_then_decompress_4_e9(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
@@ -5093,7 +5087,7 @@ deserialize_then_decompress_4_dd(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_781(coefficient);
+        decompress_ciphertext_coefficient_0d_f51(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5106,18 +5100,18 @@ const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_fe2(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_992(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
     decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -5131,9 +5125,9 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_782(
+decompress_ciphertext_coefficient_0d_f52(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_fe2(v);
+  return decompress_ciphertext_coefficient_992(v);
 }
 
 /**
@@ -5143,7 +5137,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_5_e7(Eurydice_slice serialized) {
+deserialize_then_decompress_5_53(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
@@ -5153,7 +5147,7 @@ deserialize_then_decompress_5_e7(Eurydice_slice serialized) {
     re.coefficients[i0] =
         libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        decompress_ciphertext_coefficient_0d_782(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_0d_f52(re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
   return re;
@@ -5166,8 +5160,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_87(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_e7(serialized);
+deserialize_then_decompress_ring_element_v_c1(Eurydice_slice serialized) {
+  return deserialize_then_decompress_5_53(serialized);
 }
 
 /**
@@ -5182,7 +5176,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-subtract_reduce_ef_59(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
+subtract_reduce_ef_c0(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -5207,17 +5201,17 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_fc(
+compute_message_ac(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_3a(&result, &product););
-  invert_ntt_montgomery_8c(&result);
-  result = subtract_reduce_ef_59(v, result);
+                      ntt_multiply_ef_66(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_59(&result, &product););
+  invert_ntt_montgomery_fa(&result);
+  result = subtract_reduce_ef_c0(v, result);
   return result;
 }
 
@@ -5227,13 +5221,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_ee(
+static KRML_MUSTINLINE void compress_then_serialize_message_44(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-          to_unsigned_field_modulus_c4(re.coefficients[i0]);
+          to_unsigned_field_modulus_05(re.coefficients[i0]);
       libcrux_ml_kem_vector_portable_vector_type_PortableVector
           coefficient_compressed =
               libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
@@ -5259,18 +5253,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_unpacked_ee(IndCpaPrivateKeyUnpacked_42 *secret_key,
+static void decrypt_unpacked_41(IndCpaPrivateKeyUnpacked_42 *secret_key,
                                 uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
-  deserialize_then_decompress_u_b1(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_f2(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_87(
+      deserialize_then_decompress_ring_element_v_c1(
           Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                           (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_fc(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_ac(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_ee(message, ret0);
+  compress_then_serialize_message_44(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5284,10 +5278,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_5f1(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_151(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
-  deserialize_secret_key_831(secret_key, secret_as_ntt);
+  deserialize_secret_key_631(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -5297,9 +5291,9 @@ static void decrypt_5f1(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  decrypt_unpacked_ee(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  decrypt_unpacked_41(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5350,7 +5344,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_811(
+void libcrux_ml_kem_ind_cca_decapsulate_2d1(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5368,7 +5362,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_811(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_5f1(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_151(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -5390,7 +5384,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_811(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
@@ -5400,17 +5394,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_811(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_dc1(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_a6(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_91(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_a6(shared_secret0, shared_secret1);
+  kdf_d8_91(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_be(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5425,7 +5419,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_750(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed0(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -5439,7 +5433,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_750(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_01(ring_element);
+        deserialize_to_reduced_ring_element_60(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -5450,13 +5444,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_750(public_key, deserialized_pk);
+  deserialize_ring_elements_reduced_ed0(public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
   memcpy(
       result, deserialized_pk,
@@ -5473,7 +5467,7 @@ with const generics
 - K= 2
 - OUT_LEN= 768
 */
-static KRML_MUSTINLINE void serialize_secret_key_1d0(
+static KRML_MUSTINLINE void serialize_secret_key_9e0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[768U]) {
   uint8_t out[768U] = {0U};
@@ -5491,13 +5485,11 @@ static KRML_MUSTINLINE void serialize_secret_key_1d0(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_c6(&re, ret0);
+    serialize_uncompressed_ring_element_13(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[768U];
-  memcpy(result, out, (size_t)768U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -5508,13 +5500,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_120(
+static KRML_MUSTINLINE void serialize_public_key_mut_6c0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)768U, uint8_t);
   uint8_t ret[768U];
-  serialize_secret_key_1d0(t_as_ntt, ret);
+  serialize_secret_key_9e0(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -5531,14 +5523,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_e90(
+static KRML_MUSTINLINE void serialize_public_key_fd0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[800U]) {
   uint8_t public_key_serialized[800U] = {0U};
-  serialize_public_key_mut_120(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[800U];
-  memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
+  serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
 }
 
 /**
@@ -5549,15 +5539,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
-  deserialize_ring_elements_reduced_out_fa0(
+  deserialize_ring_elements_reduced_out_660(
       Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[800U];
-  serialize_public_key_e90(
+  serialize_public_key_fd0(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
                                       uint8_t, size_t),
@@ -5587,7 +5577,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_90(
+bool libcrux_ml_kem_ind_cca_validate_private_key_ba(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
   uint8_t t[32U];
@@ -5693,7 +5683,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_40(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -6143,7 +6133,7 @@ generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f70(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_760(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6153,6 +6143,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f70(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -6162,7 +6154,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f70(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_6b0(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6186,7 +6178,7 @@ generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440(
+static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_150(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
@@ -6195,18 +6187,18 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_f70(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_760(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_740 result;
+  tuple_740 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -6220,7 +6212,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_3a0(
+static KRML_MUSTINLINE void add_to_ring_element_ef_590(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -6244,7 +6236,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_As_plus_e_f00(
+static KRML_MUSTINLINE void compute_As_plus_e_6a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -6271,10 +6263,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_66(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_590(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_6c(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6287,12 +6279,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static void generate_keypair_unpacked_860(
+static void generate_keypair_unpacked_1a0(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_ae *private_key,
     IndCpaPublicKeyUnpacked_ae *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_7e(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_40(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6312,17 +6304,17 @@ static void generate_keypair_unpacked_860(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_f70(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_760(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_150(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_6a0(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -6347,14 +6339,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90();
   IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10();
-  generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_1a0(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[800U];
-  serialize_public_key_e90(
+  serialize_public_key_fd0(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_1d0(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_9e0(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6363,12 +6355,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080(
   uint8_t copy_of_public_key_serialized[800U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair512 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair512 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)768U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -6378,7 +6370,7 @@ with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_4a(
+static KRML_MUSTINLINE void serialize_kem_secret_key_ee(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
   uint8_t out[1632U] = {0U};
@@ -6434,7 +6426,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 192
 */
 libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6449,7 +6441,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
   uint8_t public_key[800U];
   memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
   uint8_t secret_key_serialized[1632U];
-  serialize_kem_secret_key_4a(
+  serialize_kem_secret_key_ee(
       Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -6458,13 +6450,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
-      libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_78(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f6(
+      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
 }
 
 /**
@@ -6477,7 +6469,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_53(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6527,7 +6519,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_740
-sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_220(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   error_1[i] = ZERO_ef_1b(););
@@ -6538,6 +6530,8 @@ sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -6554,12 +6548,12 @@ sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_740 result;
+  tuple_740 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -6583,18 +6577,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_8c0(
+static KRML_MUSTINLINE void invert_ntt_montgomery_fa0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_19(&zeta_i, re);
-  invert_ntt_at_layer_2_f7(&zeta_i, re);
-  invert_ntt_at_layer_3_77(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_b4(re);
+  invert_ntt_at_layer_1_ed(&zeta_i, re);
+  invert_ntt_at_layer_2_30(&zeta_i, re);
+  invert_ntt_at_layer_3_2f(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -6603,7 +6597,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_vector_u_d20(
+static KRML_MUSTINLINE void compute_vector_u_a30(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
@@ -6630,11 +6624,11 @@ static KRML_MUSTINLINE void compute_vector_u_d20(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_3a0(&result[i1], &product);
+          ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_590(&result[i1], &product);
     }
-    invert_ntt_montgomery_8c0(&result[i1]);
-    add_error_reduce_ef_da(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_fa0(&result[i1]);
+    add_error_reduce_ef_0d(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -6648,7 +6642,7 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_950(
+compute_ring_element_v_da0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -6656,10 +6650,10 @@ compute_ring_element_v_950(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_3a0(&result, &product););
-  invert_ntt_montgomery_8c0(&result);
-  result = add_message_error_reduce_ef_5c(error_2, message, result);
+                      ntt_multiply_ef_66(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_590(&result, &product););
+  invert_ntt_montgomery_fa0(&result);
+  result = add_message_error_reduce_ef_b4(error_2, message, result);
   return result;
 }
 
@@ -6669,14 +6663,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_10_c50(
+static KRML_MUSTINLINE void compress_then_serialize_10_100(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_83(to_unsigned_field_modulus_c4(re->coefficients[i0]));
+        compress_0d_48(to_unsigned_field_modulus_05(re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -6696,11 +6690,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_390(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_e00(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  compress_then_serialize_10_c50(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+  uint8_t result[320U];
+  compress_then_serialize_10_100(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -6712,7 +6706,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_540(
+static void compress_then_serialize_u_0f0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -6728,7 +6722,7 @@ static void compress_then_serialize_u_540(
         out, i0 * ((size_t)640U / (size_t)2U),
         (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_390(&re, ret);
+    compress_then_serialize_ring_element_u_e00(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -6741,9 +6735,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e30(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  compress_then_serialize_4_df(re, out);
+  compress_then_serialize_4_71(re, out);
 }
 
 /**
@@ -6764,7 +6758,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key,
+static void encrypt_unpacked_150(IndCpaPublicKeyUnpacked_ae *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
@@ -6773,7 +6767,7 @@ static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key,
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_740 uu____1 =
-      sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_out_150(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -6783,7 +6777,7 @@ static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_740 uu____3 =
-      sample_ring_element_cbd_230(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_220(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
   memcpy(
       error_1, uu____3.fst,
@@ -6797,25 +6791,25 @@ static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key,
       sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U];
-  compute_vector_u_d20(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_a30(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_5e(copy_of_message);
+      deserialize_then_decompress_message_97(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_950(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_da0(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U];
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_540(
+  compress_then_serialize_u_0f0(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_ce0(
+  compress_then_serialize_ring_element_v_e30(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -6839,10 +6833,10 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_dc0(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[768U]) {
   IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10();
-  deserialize_ring_elements_reduced_750(
+  deserialize_ring_elements_reduced_ed0(
       Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -6856,9 +6850,9 @@ static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[768U];
-  encrypt_unpacked_430(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
+  uint8_t ret1[768U];
+  encrypt_unpacked_150(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -6872,7 +6866,7 @@ with const generics
 - K= 2
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE void kdf_d8_f4(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_70(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6899,11 +6893,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_1e0(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_9c(
+  entropy_preprocess_d8_53(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6913,7 +6907,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0(
       size_t);
   uint8_t ret[32U];
   H_f1_d50(Eurydice_array_to_slice(
-               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key),
+               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -6927,19 +6921,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t);
+      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[768U];
-  encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_dc0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
-      libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_3a0(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_f4(shared_secret, shared_secret_array);
+  kdf_d8_70(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -6957,7 +6951,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_secret_key_830(
+static KRML_MUSTINLINE void deserialize_secret_key_630(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
@@ -6974,15 +6968,11 @@ static KRML_MUSTINLINE void deserialize_secret_key_830(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_a4(secret_bytes);
+        deserialize_to_uncompressed_ring_element_96(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -6993,8 +6983,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_580(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_40(serialized);
+deserialize_then_decompress_ring_element_u_910(Eurydice_slice serialized) {
+  return deserialize_then_decompress_10_0d(serialized);
 }
 
 /**
@@ -7003,17 +6993,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void ntt_vector_u_f10(
+static KRML_MUSTINLINE void ntt_vector_u_1a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_b8(&zeta_i, re);
-  ntt_at_layer_2_34(&zeta_i, re);
-  ntt_at_layer_1_21(&zeta_i, re);
-  poly_barrett_reduce_ef_b4(re);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_7b(&zeta_i, re);
+  ntt_at_layer_2_ea(&zeta_i, re);
+  ntt_at_layer_1_76(&zeta_i, re);
+  poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -7024,7 +7014,7 @@ with const generics
 - CIPHERTEXT_SIZE= 768
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_b10(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_f20(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
@@ -7047,15 +7037,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes);
-    ntt_vector_u_f10(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_910(u_bytes);
+    ntt_vector_u_1a0(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
   memcpy(
-      result, u_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -7066,8 +7052,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_870(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_dd(serialized);
+deserialize_then_decompress_ring_element_v_c10(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_e9(serialized);
 }
 
 /**
@@ -7077,17 +7063,17 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_fc0(
+compute_message_ac0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_3a0(&result, &product););
-  invert_ntt_montgomery_8c0(&result);
-  result = subtract_reduce_ef_59(v, result);
+                      ntt_multiply_ef_66(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_590(&result, &product););
+  invert_ntt_montgomery_fa0(&result);
+  result = subtract_reduce_ef_c0(v, result);
   return result;
 }
 
@@ -7101,18 +7087,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_ee0(IndCpaPrivateKeyUnpacked_ae *secret_key,
+static void decrypt_unpacked_410(IndCpaPrivateKeyUnpacked_ae *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
-  deserialize_then_decompress_u_b10(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_f20(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_870(
+      deserialize_then_decompress_ring_element_v_c10(
           Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                           (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_fc0(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_ac0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_ee(message, ret0);
+  compress_then_serialize_message_44(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7126,10 +7112,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_5f0(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_150(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
-  deserialize_secret_key_830(secret_key, secret_as_ntt);
+  deserialize_secret_key_630(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U];
   memcpy(
@@ -7139,9 +7125,9 @@ static void decrypt_5f0(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  decrypt_unpacked_ee0(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  decrypt_unpacked_410(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7180,7 +7166,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_810(
+void libcrux_ml_kem_ind_cca_decapsulate_2d0(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -7198,7 +7184,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_810(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_5f0(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_150(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -7220,7 +7206,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_810(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
@@ -7230,17 +7216,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_810(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_dc0(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_f4(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_70(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_f4(shared_secret0, shared_secret1);
+  kdf_d8_70(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -7255,7 +7241,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_751(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed1(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -7269,7 +7255,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_751(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_01(ring_element);
+        deserialize_to_reduced_ring_element_60(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -7280,13 +7266,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_751(public_key, deserialized_pk);
+  deserialize_ring_elements_reduced_ed1(public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
   memcpy(
       result, deserialized_pk,
@@ -7303,7 +7289,7 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void serialize_secret_key_1d1(
+static KRML_MUSTINLINE void serialize_secret_key_9e1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -7321,13 +7307,11 @@ static KRML_MUSTINLINE void serialize_secret_key_1d1(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_c6(&re, ret0);
+    serialize_uncompressed_ring_element_13(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[1152U];
-  memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
 /**
@@ -7338,13 +7322,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_121(
+static KRML_MUSTINLINE void serialize_public_key_mut_6c1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  serialize_secret_key_1d1(t_as_ntt, ret);
+  serialize_secret_key_9e1(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -7361,14 +7345,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_e91(
+static KRML_MUSTINLINE void serialize_public_key_fd1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  serialize_public_key_mut_121(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -7379,15 +7361,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
-  deserialize_ring_elements_reduced_out_fa(
+  deserialize_ring_elements_reduced_out_66(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_e91(
+  serialize_public_key_fd1(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -7417,7 +7399,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_94(
+bool libcrux_ml_kem_ind_cca_validate_private_key_4e(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -7529,7 +7511,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_a4(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_58(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -7968,7 +7950,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f71(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_761(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -7978,6 +7960,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f71(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -7987,7 +7971,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f71(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -8011,7 +7995,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441(
+static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_151(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
@@ -8020,18 +8004,18 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_f71(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_761(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b00 result;
+  tuple_b00 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -8045,7 +8029,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_3a1(
+static KRML_MUSTINLINE void add_to_ring_element_ef_591(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -8069,7 +8053,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_As_plus_e_f01(
+static KRML_MUSTINLINE void compute_As_plus_e_6a1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -8096,10 +8080,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_66(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_591(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_6c(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -8112,12 +8096,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_861(
+static void generate_keypair_unpacked_1a1(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_f8 *private_key,
     IndCpaPublicKeyUnpacked_f8 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_a4(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_58(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8137,17 +8121,17 @@ static void generate_keypair_unpacked_861(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_f71(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_761(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_151(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_6a1(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -8172,14 +8156,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91();
   IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11();
-  generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_1a1(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_e91(
+  serialize_public_key_fd1(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_1d1(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_9e1(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -8188,12 +8172,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -8203,7 +8187,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_c0(
+static KRML_MUSTINLINE void serialize_kem_secret_key_d8(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -8259,7 +8243,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -8274,7 +8258,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  serialize_kem_secret_key_c0(
+  serialize_kem_secret_key_d8(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -8283,13 +8267,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_780(
-      uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f60(
+      uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key));
 }
 
 /**
@@ -8302,7 +8286,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_05(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_be(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8320,7 +8304,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_b00
-sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_221(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   error_1[i] = ZERO_ef_1b(););
@@ -8331,6 +8315,8 @@ sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -8347,12 +8333,12 @@ sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b00 result;
+  tuple_b00 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -8376,18 +8362,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_8c1(
+static KRML_MUSTINLINE void invert_ntt_montgomery_fa1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_19(&zeta_i, re);
-  invert_ntt_at_layer_2_f7(&zeta_i, re);
-  invert_ntt_at_layer_3_77(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_b4(re);
+  invert_ntt_at_layer_1_ed(&zeta_i, re);
+  invert_ntt_at_layer_2_30(&zeta_i, re);
+  invert_ntt_at_layer_3_2f(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -8396,7 +8382,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_vector_u_d21(
+static KRML_MUSTINLINE void compute_vector_u_a31(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
@@ -8423,11 +8409,11 @@ static KRML_MUSTINLINE void compute_vector_u_d21(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_3a1(&result[i1], &product);
+          ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_591(&result[i1], &product);
     }
-    invert_ntt_montgomery_8c1(&result[i1]);
-    add_error_reduce_ef_da(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_fa1(&result[i1]);
+    add_error_reduce_ef_0d(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -8441,7 +8427,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_951(
+compute_ring_element_v_da1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -8449,10 +8435,10 @@ compute_ring_element_v_951(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_3a1(&result, &product););
-  invert_ntt_montgomery_8c1(&result);
-  result = add_message_error_reduce_ef_5c(error_2, message, result);
+                      ntt_multiply_ef_66(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_591(&result, &product););
+  invert_ntt_montgomery_fa1(&result);
+  result = add_message_error_reduce_ef_b4(error_2, message, result);
   return result;
 }
 
@@ -8465,7 +8451,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_541(
+static void compress_then_serialize_u_0f1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -8481,7 +8467,7 @@ static void compress_then_serialize_u_541(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_390(&re, ret);
+    compress_then_serialize_ring_element_u_e00(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -8505,7 +8491,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key,
+static void encrypt_unpacked_151(IndCpaPublicKeyUnpacked_f8 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness,
                                  uint8_t ret[1088U]) {
@@ -8515,7 +8501,7 @@ static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key,
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_b00 uu____1 =
-      sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_out_151(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -8525,7 +8511,7 @@ static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_b00 uu____3 =
-      sample_ring_element_cbd_231(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_221(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   memcpy(
       error_1, uu____3.fst,
@@ -8539,25 +8525,25 @@ static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key,
       sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
-  compute_vector_u_d21(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_a31(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_5e(copy_of_message);
+      deserialize_then_decompress_message_97(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_951(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_da1(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_541(
+  compress_then_serialize_u_0f1(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_ce0(
+  compress_then_serialize_ring_element_v_e30(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -8581,10 +8567,10 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_dc(Eurydice_slice public_key, uint8_t message[32U],
                        Eurydice_slice randomness, uint8_t ret[1088U]) {
   IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11();
-  deserialize_ring_elements_reduced_751(
+  deserialize_ring_elements_reduced_ed1(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -8598,9 +8584,9 @@ static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  encrypt_unpacked_431(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  encrypt_unpacked_151(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -8614,7 +8600,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void kdf_d8_8d(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_ea(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8641,11 +8627,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_1e(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_05(
+  entropy_preprocess_d8_be(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -8655,7 +8641,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a(
       size_t);
   uint8_t ret[32U];
   H_f1_d51(Eurydice_array_to_slice(
-               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key),
+               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -8669,19 +8655,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_dc(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_3a1(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_8d(shared_secret, shared_secret_array);
+  kdf_d8_ea(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -8699,7 +8685,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_secret_key_83(
+static KRML_MUSTINLINE void deserialize_secret_key_63(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
@@ -8716,15 +8702,11 @@ static KRML_MUSTINLINE void deserialize_secret_key_83(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_a4(secret_bytes);
+        deserialize_to_uncompressed_ring_element_96(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -8736,7 +8718,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_b11(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_f21(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
@@ -8759,15 +8741,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes);
-    ntt_vector_u_f10(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_910(u_bytes);
+    ntt_vector_u_1a0(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -8778,17 +8756,17 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_fc1(
+compute_message_ac1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_3a1(&result, &product););
-  invert_ntt_montgomery_8c1(&result);
-  result = subtract_reduce_ef_59(v, result);
+                      ntt_multiply_ef_66(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_591(&result, &product););
+  invert_ntt_montgomery_fa1(&result);
+  result = subtract_reduce_ef_c0(v, result);
   return result;
 }
 
@@ -8802,18 +8780,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_ee1(IndCpaPrivateKeyUnpacked_f8 *secret_key,
+static void decrypt_unpacked_411(IndCpaPrivateKeyUnpacked_f8 *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
-  deserialize_then_decompress_u_b11(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_f21(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_870(
+      deserialize_then_decompress_ring_element_v_c10(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_fc1(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_ac1(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_ee(message, ret0);
+  compress_then_serialize_message_44(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -8827,10 +8805,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_5f(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_15(Eurydice_slice secret_key, uint8_t *ciphertext,
                        uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-  deserialize_secret_key_83(secret_key, secret_as_ntt);
+  deserialize_secret_key_63(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -8840,9 +8818,9 @@ static void decrypt_5f(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  decrypt_unpacked_ee1(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  decrypt_unpacked_411(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -8881,7 +8859,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_81(
+void libcrux_ml_kem_ind_cca_decapsulate_2d(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -8899,7 +8877,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_81(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_5f(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_15(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -8921,7 +8899,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_81(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
@@ -8931,16 +8909,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_81(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_dc(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_8d(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_ea(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_8d(shared_secret0, shared_secret1);
+  kdf_d8_ea(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index b375e1f09..61ab4ae2b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index ee291c40e..573e394f6 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 65d87344a..401087870 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 67f5d174c..f16eb40f0 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index a20e6c410..1a0eb4009 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 360ff4122..e6ff85f86 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 2fc24f7d1..faa5831e2 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index d393ef31c..620e1c137 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
 Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 1a0b95675..20077092f 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_core_H
@@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4
 with const generics
 - SIZE= 1088
 */
-static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_24(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_73(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return self->value;
 }
@@ -245,7 +245,7 @@ with const generics
 - SIZE= 1184
 */
 static inline libcrux_ml_kem_types_MlKemPublicKey_15
-libcrux_ml_kem_types_from_5a_af(uint8_t value[1184U]) {
+libcrux_ml_kem_types_from_5a_45(uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
   memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
@@ -279,7 +279,7 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_types_from_3a_78(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
+libcrux_ml_kem_types_from_3a_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
                                 libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
@@ -295,7 +295,7 @@ with const generics
 - SIZE= 2400
 */
 static inline libcrux_ml_kem_types_MlKemPrivateKey_55
-libcrux_ml_kem_types_from_7f_e6(uint8_t value[2400U]) {
+libcrux_ml_kem_types_from_7f_8c(uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
   memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
@@ -359,7 +359,7 @@ with const generics
 - SIZE= 1088
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
-libcrux_ml_kem_types_from_01_96(uint8_t value[1088U]) {
+libcrux_ml_kem_types_from_01_33(uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
   memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
@@ -376,7 +376,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_60(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_d9(
     libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
   return self->value;
 }
@@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e7(
+static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_69(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 443142103..677876656 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 686aabb0d..f78826e2c 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -1319,7 +1319,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ff(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_87(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -1331,7 +1331,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_db(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1352,7 +1352,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
@@ -1370,16 +1370,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4(
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_db(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -1393,7 +1389,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a8(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6d(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -1405,7 +1401,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_04(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1457,9 +1453,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e0(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_04(
       vector);
 }
 
@@ -1471,7 +1467,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_6a(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1487,7 +1483,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e0(
             coefficient);
   }
   return re;
@@ -1501,7 +1497,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_040(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1553,9 +1549,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e00(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_040(
       vector);
 }
 
@@ -1567,7 +1563,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_33(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_ce(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1578,7 +1574,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_33(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e00(
             coefficient);
   }
   return re;
@@ -1592,9 +1588,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e0(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6a(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s {
@@ -1609,7 +1605,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(
+static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e0(
     __m256i v, int16_t fer) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
 }
@@ -1622,9 +1618,9 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(__m256i a, __m256i b,
+libcrux_ml_kem_ntt_ntt_layer_int_vec_step_e8(__m256i a, __m256i b,
                                              int16_t zeta_r) {
-  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(b, zeta_r);
+  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e0(b, zeta_r);
   b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
   a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
@@ -1638,7 +1634,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -1651,7 +1647,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_e8(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -1669,7 +1665,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_bc(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_46(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1688,7 +1684,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1708,7 +1704,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_42(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1735,7 +1731,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -1752,24 +1748,24 @@ with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b5(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_76(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_bc(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -1782,7 +1778,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
@@ -1807,16 +1803,12 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(
                 (size_t)10U / (size_t)8U,
         uint8_t);
     u_as_ntt[i0] =
-        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b(
+        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e0(
             u_bytes);
-    libcrux_ml_kem_ntt_ntt_vector_u_b5(&u_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_vector_u_76(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
-      result, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -1828,7 +1820,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_041(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1880,9 +1872,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e01(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_041(
       vector);
 }
 
@@ -1894,7 +1886,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1905,7 +1897,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e01(
             coefficient);
   }
   return re;
@@ -1919,7 +1911,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_042(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1971,9 +1963,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e02(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_042(
       vector);
 }
 
@@ -1985,7 +1977,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_05(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1996,7 +1988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e02(
             re.coefficients[i0]);
   }
   return re;
@@ -2010,9 +2002,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ca(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(serialized);
 }
 
 /**
@@ -2028,7 +2020,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_ntt_multiply_ef_63(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out =
@@ -2061,7 +2053,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -2082,7 +2074,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_cd(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2106,7 +2098,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_56(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2128,7 +2120,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2149,13 +2141,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef(__m256i a,
+libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_db(__m256i a,
                                                                __m256i b,
                                                                int16_t zeta_r) {
   __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
   a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
       libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(a_minus_b, zeta_r);
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e0(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2168,7 +2160,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2183,7 +2175,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_db(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2205,18 +2197,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_cd(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_56(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -2232,7 +2224,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_subtract_reduce_ef_a0(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_dd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
   for (size_t i = (size_t)0U;
@@ -2256,7 +2248,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_message_a0(
+libcrux_ml_kem_matrix_compute_message_fc(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
@@ -2265,12 +2257,12 @@ libcrux_ml_kem_matrix_compute_message_a0(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&result, &product);
   }
   libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_a0(v, result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_dd(v, result);
   return result;
 }
 
@@ -2281,7 +2273,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(__m256i vector) {
+libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6b(__m256i vector) {
   return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i);
 }
 
@@ -2295,9 +2287,9 @@ with const generics
 - SHIFT_BY= 15
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_0f(
+static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_ff(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(vector);
+  return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6b(vector);
 }
 
 /**
@@ -2308,8 +2300,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) {
-  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_0f(a);
+libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(__m256i a) {
+  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_ff(a);
   __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -2323,8 +2315,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(__m256i a) {
-  return libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(a);
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(__m256i a) {
+  return libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(a);
 }
 
 /**
@@ -2335,12 +2327,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_53(
+libcrux_ml_kem_serialize_compress_then_serialize_message_76(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
         re.coefficients[i0]);
     __m256i coefficient_compressed =
         libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
@@ -2367,20 +2359,20 @@ with const generics
 - V_COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ca(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      libcrux_ml_kem_matrix_compute_message_a0(&v, secret_key->secret_as_ntt,
+      libcrux_ml_kem_matrix_compute_message_fc(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_53(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_76(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -2395,11 +2387,11 @@ with const generics
 - V_COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_3a(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_6f(Eurydice_slice secret_key,
                                                      uint8_t *ciphertext,
                                                      uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -2410,10 +2402,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_3a(Eurydice_slice secret_key,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(&secret_key_unpacked, ciphertext,
-                                             result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(&secret_key_unpacked, ciphertext,
+                                             ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -2505,7 +2497,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d9(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -2529,7 +2521,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -2543,7 +2535,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63(
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d9(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -3024,7 +3016,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_1b(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -3193,7 +3185,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_69(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -3215,23 +3207,23 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_25(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_13(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_69(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_bc(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_46(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_c2(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_53(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_09(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_42(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(re);
 }
 
 /**
@@ -3244,7 +3236,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -3254,6 +3246,8 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -3266,7 +3260,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
     re_as_ntt[i0] =
         libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -3281,7 +3275,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3290,19 +3284,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
-  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
+  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
       uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b00 result;
+  tuple_b00 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3315,7 +3309,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_0d(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_22(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -3329,7 +3323,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U],
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_88(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3342,6 +3336,8 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -3361,12 +3357,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U],
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b00 result;
+  tuple_b00 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3407,7 +3403,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_vector_u_closure_8e(size_t _i) {
+libcrux_ml_kem_matrix_compute_vector_u_closure_fe(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -3423,7 +3419,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_e3(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_03(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
@@ -3445,7 +3441,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cf(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
@@ -3473,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cf(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result[i1],
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&result[i1],
                                                           &product);
     }
     libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_e3(&result[i1], &error_1[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_03(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -3492,7 +3488,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_8f(
+static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_22(
     __m256i vec) {
   __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
   __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
@@ -3508,7 +3504,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_44(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_50(
     uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -3519,7 +3515,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_44(
             Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                         (size_t)2U * i0 + (size_t)2U, uint8_t));
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_traits_decompress_1_8f(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_22(coefficient_compressed);
   }
   return re;
 }
@@ -3537,7 +3533,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_9e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
@@ -3565,7 +3561,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_ring_element_v_de(
+libcrux_ml_kem_matrix_compute_ring_element_v_c3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -3575,12 +3571,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_de(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&result, &product);
   }
   libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4(
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_9e(
       error_2, message, result);
   return result;
 }
@@ -3593,7 +3589,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d6(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3648,9 +3644,9 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d6(
       vector);
 }
 
@@ -3662,14 +3658,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_b4(
+libcrux_ml_kem_serialize_compress_then_serialize_10_36(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_fc(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
             re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
@@ -3691,7 +3687,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d60(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3746,9 +3742,9 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb0(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc0(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d60(
       vector);
 }
 
@@ -3760,14 +3756,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_65(
+libcrux_ml_kem_serialize_compress_then_serialize_11_aa(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb0(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_fc0(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(
             re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
@@ -3788,11 +3784,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_b4(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+  uint8_t result[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_36(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3805,7 +3801,7 @@ with const generics
 - BLOCK_LEN= 320
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84(
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -3821,7 +3817,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8(&re,
+    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25(&re,
                                                                        ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -3836,7 +3832,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d61(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3891,9 +3887,9 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb1(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc1(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d61(
       vector);
 }
 
@@ -3905,14 +3901,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_ea(
+libcrux_ml_kem_serialize_compress_then_serialize_4_25(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb1(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_fc1(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
             re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
@@ -3931,7 +3927,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d62(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3986,9 +3982,9 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb2(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc2(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d62(
       vector);
 }
 
@@ -4000,14 +3996,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_47(
+libcrux_ml_kem_serialize_compress_then_serialize_5_de(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_eb2(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(
+    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_fc2(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(
             re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
@@ -4027,9 +4023,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out);
+  libcrux_ml_kem_serialize_compress_then_serialize_4_25(re, out);
 }
 
 /**
@@ -4050,7 +4046,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
@@ -4058,7 +4054,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
+  tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
       copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
   memcpy(
@@ -4068,7 +4064,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(
+  tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_88(
       copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   memcpy(
@@ -4083,27 +4079,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_cf(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_59(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_44(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_50(
           copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      libcrux_ml_kem_matrix_compute_ring_element_v_de(
+      libcrux_ml_kem_matrix_compute_ring_element_v_c3(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84(
+  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63(
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2a(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -4127,13 +4123,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_e7(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_cf(Eurydice_slice public_key,
                                                      uint8_t message[32U],
                                                      Eurydice_slice randomness,
                                                      uint8_t ret[1088U]) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
       unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -4148,10 +4144,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_e7(Eurydice_slice public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____1, copy_of_message,
-                                             randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(uu____1, copy_of_message,
+                                             randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -4166,7 +4162,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_dc(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b2(
     Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
@@ -4198,7 +4194,7 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_5b(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_1b(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -4216,7 +4212,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5b(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_6f(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -4240,7 +4236,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5b(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -4251,18 +4247,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5b(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_d8_dc(
+  libcrux_ml_kem_variant_kdf_d8_b2(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_dc(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_d8_b2(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4292,10 +4288,10 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10(
+static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7f(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_1b(private_key, ciphertext, ret);
 }
 
 /**
@@ -4309,7 +4305,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10(private_key,
+  libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7f(private_key,
                                                             ciphertext, ret);
 }
 
@@ -4324,7 +4320,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_c5(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_6c(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4367,11 +4363,11 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a7(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_d8_c5(
+  libcrux_ml_kem_variant_entropy_preprocess_d8_6c(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -4382,7 +4378,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a7(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_60(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -4397,20 +4393,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a7(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_d8_dc(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_d8_b2(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -4442,14 +4438,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd(
+libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_00(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_a7(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_cf(uu____0, copy_of_randomness);
 }
 
 /**
@@ -4467,7 +4463,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_00(
       uu____0, copy_of_randomness);
 }
 
@@ -4503,7 +4499,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_10(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_6b(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -4526,7 +4522,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1(
+static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bb(
     __m256i v) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -4545,14 +4541,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_e7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_traits_to_standard_domain_c1(
+        libcrux_ml_kem_vector_traits_to_standard_domain_bb(
             self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
@@ -4567,7 +4563,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_b6(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -4595,12 +4591,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element,
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(matrix_element,
                                                        &s_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0],
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_e7(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -4615,12 +4611,12 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_10(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_6b(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -4640,7 +4636,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -4648,11 +4644,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_matrix_compute_As_plus_e_67(
+  libcrux_ml_kem_matrix_compute_As_plus_e_b6(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -4670,13 +4666,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_09(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
         re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
@@ -4698,7 +4694,7 @@ with const generics
 - OUT_LEN= 1152
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_23(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -4716,13 +4712,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_09(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[1152U];
-  memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
 /**
@@ -4734,13 +4728,13 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ff(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_05(t_as_ntt, ret);
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_23(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -4758,15 +4752,13 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_16(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(t_as_ntt, seed_for_a,
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ff(t_as_ntt, seed_for_a,
                                                      public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -4788,15 +4780,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) {
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_23(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -4806,12 +4798,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) {
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -4822,7 +4814,7 @@ with const generics
 - SERIALIZED_KEY_LEN= 2400
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -4879,7 +4871,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_d2(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -4894,7 +4886,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_d2(uint8_t randomness[64U]) {
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -4903,13 +4895,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d2(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_78(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f6(
+      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
 }
 
 /**
@@ -4925,12 +4917,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd(
+libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_91(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness);
 }
 
 /**
@@ -4942,7 +4934,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_91(
       copy_of_randomness);
 }
 
@@ -4958,7 +4950,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_20(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_45(
     Eurydice_slice shared_secret,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t kdf_input[64U];
@@ -4969,7 +4961,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_20(
   uint8_t ret0[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1088U,
-                              libcrux_ml_kem_types_as_slice_d4_24(ciphertext),
+                              libcrux_ml_kem_types_as_slice_d4_73(ciphertext),
                               uint8_t),
       ret0);
   Eurydice_slice_copy(
@@ -5003,7 +4995,7 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_1b0(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5021,7 +5013,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_6f(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5045,7 +5037,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -5056,18 +5048,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_33_20(
+  libcrux_ml_kem_variant_kdf_33_45(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_20(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_33_45(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5101,10 +5093,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_5c(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_1b0(private_key, ciphertext, ret);
 }
 
 /**
@@ -5118,7 +5110,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_5c(
       private_key, ciphertext, ret);
 }
 
@@ -5133,7 +5125,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_d3(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_bf(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret);
 }
@@ -5158,11 +5150,11 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a70(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf0(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_33_d3(
+  libcrux_ml_kem_variant_entropy_preprocess_33_bf(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5173,7 +5165,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a70(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_60(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -5188,20 +5180,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a70(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_33_20(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_33_45(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5236,14 +5228,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_a70(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_cf0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -5261,7 +5253,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d(
       uu____0, copy_of_randomness);
 }
 
@@ -5276,7 +5268,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_39(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_c2(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret);
 }
@@ -5291,12 +5283,12 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a20(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_39(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_c2(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5316,7 +5308,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -5324,11 +5316,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_matrix_compute_As_plus_e_67(
+  libcrux_ml_kem_matrix_compute_As_plus_e_b6(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -5358,15 +5350,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_470(
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a20(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_23(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5376,12 +5368,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_470(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -5399,7 +5391,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5414,7 +5406,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5423,13 +5415,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_78(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f6(
+      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
 }
 
 /**
@@ -5446,12 +5438,12 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness);
 }
 
 /**
@@ -5463,7 +5455,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47(
       copy_of_randomness);
 }
 
@@ -5476,7 +5468,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e5(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_7e(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -5502,10 +5494,10 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ac(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_e5(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_7e(private_key,
                                                         ciphertext);
 }
 
@@ -5518,7 +5510,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ac(
       private_key, ciphertext);
 }
 
@@ -5530,7 +5522,7 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1a(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_c0(
     size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
@@ -5543,14 +5535,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_17(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
   }
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
       public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
@@ -5570,16 +5562,16 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_84(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7d(
     uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_17(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -5598,9 +5590,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a2(
     uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_84(public_key);
+  return libcrux_ml_kem_ind_cca_validate_public_key_7d(public_key);
 }
 
 /**
@@ -5611,7 +5603,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96(
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a2(
       public_key->value);
 }
 
@@ -5637,11 +5629,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_e0(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(
       &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5671,7 +5663,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -5683,11 +5675,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+          libcrux_ml_kem_types_as_ref_00_69(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -5724,10 +5716,10 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_03(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(key_pair, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_unpacked_decapsulate_e0(key_pair, ciphertext, ret);
 }
 
 /**
@@ -5741,7 +5733,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_03(
       private_key, ciphertext, ret);
 }
 
@@ -5764,7 +5756,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(
+static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_98(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
   uint8_t to_hash[64U];
@@ -5792,7 +5784,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(uu____2, copy_of_randomness,
                                              pseudorandomness, ciphertext);
   uint8_t shared_secret_array[32U] = {0U};
   Eurydice_slice_copy(
@@ -5802,7 +5794,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -5836,7 +5828,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cf(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
@@ -5844,7 +5836,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(uu____0,
+  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_98(uu____0,
                                                         copy_of_randomness);
 }
 
@@ -5865,7 +5857,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cf(
       uu____0, copy_of_randomness);
 }
 
@@ -5885,7 +5877,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_dd(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_d8(size_t _j) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -5904,7 +5896,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_b6(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -5924,7 +5916,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_clone_8d_55(
+libcrux_ml_kem_polynomial_clone_8d_35(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit;
   __m256i ret[16U];
@@ -5951,7 +5943,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_c0(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -5961,19 +5953,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(
       (size_t)64U, randomness,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a(i, A[i]);
+    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_b6(i, A[i]);
   }
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
     for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_55(
+          libcrux_ml_kem_polynomial_clone_8d_35(
               &out->public_key.ind_cpa_public_key.A[j][i1]);
       A[i1][j] = uu____0;
     }
@@ -5986,7 +5978,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(
          (size_t)3U *
              sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]));
   uint8_t pk_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
       out->public_key.ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice(
           (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
@@ -6022,13 +6014,13 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b3(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(copy_of_randomness, out);
+  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_c0(copy_of_randomness, out);
 }
 
 /**
@@ -6041,7 +6033,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b3(
       copy_of_randomness, key_pair);
 }
 
@@ -6058,7 +6050,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_default_1c_a5(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_1c_c3(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
   lit.public_key_hash[0U] = 0U;
@@ -6110,7 +6102,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_e3(void) {
+    libcrux_ml_kem_ind_cca_unpacked_default_07_0d(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0;
   uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
   uu____0.implicit_rejection_value[0U] = 0U;
@@ -6148,7 +6140,7 @@ static KRML_MUSTINLINE
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){
           .private_key = uu____0,
-          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_a5()});
+          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_c3()});
 }
 
 /**
@@ -6157,7 +6149,7 @@ static KRML_MUSTINLINE
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_e3();
+  return libcrux_ml_kem_ind_cca_unpacked_default_07_0d();
 }
 
 /**
@@ -6166,7 +6158,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_a5();
+  return libcrux_ml_kem_ind_cca_unpacked_default_1c_c3();
 }
 
 /**
@@ -6187,10 +6179,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_32(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ff(
       self->ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
                               uint8_t),
@@ -6215,10 +6207,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_19(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_32(
       &self->public_key, serialized);
 }
 
@@ -6230,7 +6222,7 @@ static inline void
 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(key_pair,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_19(key_pair,
                                                                   serialized);
 }
 
@@ -6247,7 +6239,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d3(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
@@ -6284,11 +6276,11 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_clone_28_e1(
+libcrux_ml_kem_ind_cca_unpacked_clone_28_35(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key);
+      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d3(&self->ind_cpa_public_key);
   uint8_t ret[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -6312,7 +6304,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c(
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_d5(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -6325,8 +6317,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_e1(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c(key_pair));
+      libcrux_ml_kem_ind_cca_unpacked_clone_28_35(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_de_d5(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -6337,7 +6329,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_32(public_key,
                                                                   serialized);
 }
 
@@ -6355,13 +6347,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(
+libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_e7(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
       (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
       uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
   uint8_t uu____1[32U];
   libcrux_ml_kem_utils_into_padded_array_423(
@@ -6381,7 +6373,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(
   uint8_t uu____3[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_60(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
                               uint8_t),
       uu____3);
   memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -6402,11 +6394,11 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_02(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_e7(public_key,
                                                        unpacked_public_key);
 }
 
@@ -6418,7 +6410,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_02(
       public_key, unpacked_public_key);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
index 162259dd8..6a6aba124 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_avx2_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 091d5acc2..3cc9d5fa2 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -1232,7 +1232,9 @@ libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
   int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
+  int16_t r0 = shifted_positive_in_range >> 15U;
+  int16_t r1 = r0 & (int16_t)1;
+  return (uint8_t)r1;
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2556,7 +2558,7 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_97(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_e3(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -2567,7 +2569,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2b(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2589,7 +2591,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_66(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
@@ -2607,16 +2609,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8(
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2b(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -2629,7 +2627,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - U_COMPRESSION_FACTOR= 10
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3c(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -2640,18 +2638,18 @@ const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_99(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
     decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -2665,9 +2663,9 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f5(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_99(
       v);
 }
 
@@ -2678,7 +2676,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_3b(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2697,7 +2695,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f5(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2711,18 +2709,18 @@ const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_990(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
     decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -2736,9 +2734,9 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f50(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_990(
       v);
 }
 
@@ -2749,7 +2747,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_6f(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_0b(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2761,7 +2759,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6f(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f50(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2775,9 +2773,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_19(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3b(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
@@ -2792,7 +2790,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(
+libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
                                                                            fer);
@@ -2806,12 +2804,12 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57(
+    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_31(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(b, zeta_r);
+      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5d(b, zeta_r);
   b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
   a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
   return (
@@ -2825,7 +2823,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2838,7 +2836,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_31(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -2855,7 +2853,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b8(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_7b(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2875,7 +2873,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2896,7 +2894,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_76(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2924,7 +2922,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2942,24 +2940,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_7c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_04(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_7b(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_76(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -2971,7 +2969,7 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
@@ -2996,16 +2994,12 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(
                 (size_t)10U / (size_t)8U,
         uint8_t);
     u_as_ntt[i0] =
-        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad(
+        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_19(
             u_bytes);
-    libcrux_ml_kem_ntt_ntt_vector_u_7c(&u_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_vector_u_04(&u_as_ntt[i0]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, result,
+      ret, u_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -3016,18 +3010,18 @@ const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_991(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
     decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -3041,9 +3035,9 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f51(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_991(
       v);
 }
 
@@ -3054,7 +3048,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3066,7 +3060,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f51(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -3080,18 +3074,18 @@ const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_992(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
     decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -3105,9 +3099,9 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f52(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_992(
       v);
 }
 
@@ -3118,7 +3112,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_34(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3130,7 +3124,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_34(
     re.coefficients[i0] =
         libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f52(
             re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
@@ -3144,9 +3138,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e4(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(serialized);
 }
 
 /**
@@ -3161,7 +3155,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_ntt_multiply_ef_76(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_66(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out =
@@ -3195,7 +3189,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -3219,7 +3213,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f7(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3242,7 +3236,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d5(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3263,7 +3257,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_60(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3285,7 +3279,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01(
+    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_c4(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
@@ -3293,7 +3287,7 @@ static KRML_MUSTINLINE
       libcrux_ml_kem_vector_portable_sub_0d(b, &a);
   a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
       libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(a_minus_b, zeta_r);
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5d(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -3306,7 +3300,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3321,7 +3315,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_c4(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3338,22 +3332,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d5(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_60(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -3368,7 +3362,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_subtract_reduce_ef_55(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_15(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
   for (size_t i = (size_t)0U;
@@ -3394,7 +3388,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_message_9f(
+libcrux_ml_kem_matrix_compute_message_95(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
@@ -3403,12 +3397,12 @@ libcrux_ml_kem_matrix_compute_message_9f(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_66(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_55(v, result);
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_15(v, result);
   return result;
 }
 
@@ -3418,7 +3412,7 @@ with const generics
 - SHIFT_BY= 15
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_arithmetic_shift_right_38(
+libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -3438,9 +3432,9 @@ with const generics
 - SHIFT_BY= 15
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_shift_right_0d_6b(
+libcrux_ml_kem_vector_portable_shift_right_0d_3e(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_arithmetic_shift_right_38(v);
+  return libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c(v);
 }
 
 /**
@@ -3450,10 +3444,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(
+libcrux_ml_kem_vector_traits_to_unsigned_representative_30(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_portable_shift_right_0d_6b(a);
+      libcrux_ml_kem_vector_portable_shift_right_0d_3e(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
       libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -3467,10 +3461,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(a);
+      libcrux_ml_kem_vector_traits_to_unsigned_representative_30(a);
   return result;
 }
 
@@ -3481,13 +3475,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_80(
+libcrux_ml_kem_serialize_compress_then_serialize_message_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
             re.coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_compressed =
@@ -3515,20 +3509,20 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_46(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e4(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      libcrux_ml_kem_matrix_compute_message_9f(&v, secret_key->secret_as_ntt,
+      libcrux_ml_kem_matrix_compute_message_95(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_80(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_8c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -3542,11 +3536,11 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static inline void libcrux_ml_kem_ind_cpa_decrypt_0d(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_66(Eurydice_slice secret_key,
                                                      uint8_t *ciphertext,
                                                      uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_66(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -3557,10 +3551,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_0d(Eurydice_slice secret_key,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(&secret_key_unpacked, ciphertext,
-                                             result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  uint8_t ret0[32U];
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_46(&secret_key_unpacked, ciphertext,
+                                             ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -3647,7 +3641,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f3(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3672,7 +3666,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -3686,7 +3680,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53(
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f3(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -4157,7 +4151,7 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_ba(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -4304,7 +4298,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_97(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_5f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -4327,23 +4321,23 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_62(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_97(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_5f(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_b8(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_7b(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_34(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_ea(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_21(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_76(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(re);
 }
 
 /**
@@ -4356,7 +4350,7 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -4366,6 +4360,8 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -4378,7 +4374,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
     re_as_ntt[i0] =
         libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -4393,7 +4389,7 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4402,19 +4398,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
-  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
+  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
       uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b0 result;
+  tuple_b0 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
+      lit.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -4427,7 +4423,7 @@ generics
 - ETA2= 2
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_44(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2b(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -4441,7 +4437,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(uint8_t prf_input[33U],
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6f(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4454,6 +4450,8 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -4473,12 +4471,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(uint8_t prf_input[33U],
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b0 result;
+  tuple_b0 lit;
   memcpy(
-      result.fst, copy_of_error_1,
+      lit.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -4516,7 +4514,7 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_vector_u_closure_9f(size_t _i) {
+libcrux_ml_kem_matrix_compute_vector_u_closure_7e(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -4531,7 +4529,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_7b(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_1a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
@@ -4555,7 +4553,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ec(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
@@ -4583,12 +4581,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ec(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result[i1],
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&result[i1],
                                                           &product);
     }
-    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_7b(&result[i1], &error_1[i1]);
+    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_1a(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -4602,7 +4600,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_decompress_1_a8(
+libcrux_ml_kem_vector_traits_decompress_1_8d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
       libcrux_ml_kem_vector_portable_ZERO_0d();
@@ -4621,7 +4619,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_f2(
     uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -4634,7 +4632,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc(
                                             (size_t)2U * i0 + (size_t)2U,
                                             uint8_t));
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_traits_decompress_1_a8(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_8d(coefficient_compressed);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4652,7 +4650,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_01(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
@@ -4682,7 +4680,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_ring_element_v_aa(
+libcrux_ml_kem_matrix_compute_ring_element_v_63(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -4692,12 +4690,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_aa(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_66(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45(
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result);
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_01(
       error_2, message, result);
   return result;
 }
@@ -4708,7 +4706,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_6a(
+libcrux_ml_kem_vector_portable_compress_compress_de(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4731,9 +4729,9 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_83(
+libcrux_ml_kem_vector_portable_compress_0d_48(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_6a(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_de(a);
 }
 
 /**
@@ -4743,15 +4741,15 @@ with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_86(
+libcrux_ml_kem_serialize_compress_then_serialize_10_22(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_83(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
+        libcrux_ml_kem_vector_portable_compress_0d_48(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
                 re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
@@ -4771,7 +4769,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_6a0(
+libcrux_ml_kem_vector_portable_compress_compress_de0(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4794,9 +4792,9 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_830(
+libcrux_ml_kem_vector_portable_compress_0d_480(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_6a0(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_de0(a);
 }
 
 /**
@@ -4806,15 +4804,15 @@ with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_dc(
+libcrux_ml_kem_serialize_compress_then_serialize_11_ca(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_830(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(
+        libcrux_ml_kem_vector_portable_compress_0d_480(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_30(
                 re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
@@ -4834,11 +4832,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cb(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_86(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+  uint8_t result[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_22(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -4850,7 +4848,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a(
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f9(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -4866,7 +4864,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5(&re,
+    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cb(&re,
                                                                        ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -4879,7 +4877,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_6a1(
+libcrux_ml_kem_vector_portable_compress_compress_de1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4902,9 +4900,9 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_831(
+libcrux_ml_kem_vector_portable_compress_0d_481(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_6a1(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_de1(a);
 }
 
 /**
@@ -4914,15 +4912,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_56(
+libcrux_ml_kem_serialize_compress_then_serialize_4_20(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_831(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
+        libcrux_ml_kem_vector_portable_compress_0d_481(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
                 re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
@@ -4939,7 +4937,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_6a2(
+libcrux_ml_kem_vector_portable_compress_compress_de2(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4962,9 +4960,9 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_832(
+libcrux_ml_kem_vector_portable_compress_0d_482(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_6a2(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_de2(a);
 }
 
 /**
@@ -4974,15 +4972,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_53(
+libcrux_ml_kem_serialize_compress_then_serialize_5_6d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        libcrux_ml_kem_vector_portable_compress_0d_832(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(
+        libcrux_ml_kem_vector_portable_compress_0d_482(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_30(
                 re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
@@ -5001,9 +4999,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - OUT_LEN= 128
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_cf(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_56(re, out);
+  libcrux_ml_kem_serialize_compress_then_serialize_4_20(re, out);
 }
 
 /**
@@ -5024,7 +5022,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
@@ -5032,7 +5030,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
+  tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
       copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
   memcpy(
@@ -5042,7 +5040,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(
+  tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6f(
       copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   memcpy(
@@ -5057,27 +5055,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_ec(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_5e(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_f2(
           copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      libcrux_ml_kem_matrix_compute_ring_element_v_aa(
+      libcrux_ml_kem_matrix_compute_ring_element_v_63(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a(
+  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f9(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef(
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_cf(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -5101,13 +5099,13 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_encrypt_a5(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_2a(Eurydice_slice public_key,
                                                      uint8_t message[32U],
                                                      Eurydice_slice randomness,
                                                      uint8_t ret[1088U]) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
       unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -5122,10 +5120,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a5(Eurydice_slice public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message,
-                                             randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(uu____1, copy_of_message,
+                                             randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -5139,7 +5137,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_8d(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_ea(
     Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
@@ -5170,7 +5168,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1a(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_58(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5188,7 +5186,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1a(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_66(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5212,7 +5210,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1a(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -5223,18 +5221,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1a(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_d8_8d(
+  libcrux_ml_kem_variant_kdf_d8_ea(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_8d(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_d8_ea(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5264,10 +5262,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce(
+libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d2(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_1a(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_58(private_key, ciphertext, ret);
 }
 
 /**
@@ -5280,7 +5278,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce(
 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce(
+  libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d2(
       private_key, ciphertext, ret);
 }
 
@@ -5294,7 +5292,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_05(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_be(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5335,11 +5333,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_d8_05(
+  libcrux_ml_kem_variant_entropy_preprocess_d8_be(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5350,7 +5348,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_60(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -5365,20 +5363,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_d8_8d(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_d8_ea(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5409,14 +5407,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db(
+libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_da(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_4e(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_eb(uu____0, copy_of_randomness);
 }
 
 /**
@@ -5433,7 +5431,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_da(
       uu____0, copy_of_randomness);
 }
 
@@ -5467,7 +5465,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_58(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -5490,7 +5488,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_standard_domain_73(
+libcrux_ml_kem_vector_traits_to_standard_domain_c1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -5508,7 +5506,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
@@ -5516,7 +5514,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69(
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_traits_to_standard_domain_73(
+            libcrux_ml_kem_vector_traits_to_standard_domain_c1(
                 self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -5532,7 +5530,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -5560,12 +5558,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element,
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_66(matrix_element,
                                                        &s_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0],
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_6c(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -5579,12 +5577,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_58(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5604,7 +5602,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -5612,11 +5610,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_matrix_compute_As_plus_e_f0(
+  libcrux_ml_kem_matrix_compute_As_plus_e_6a(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -5633,14 +5631,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_13(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
             re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
@@ -5661,7 +5659,7 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -5679,13 +5677,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_13(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
-  uint8_t result[1152U];
-  memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
+  memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
 /**
@@ -5696,13 +5692,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(t_as_ntt, ret);
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -5719,15 +5715,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(t_as_ntt, seed_for_a,
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a,
                                                      public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -5748,15 +5742,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) {
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5766,12 +5760,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) {
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -5781,7 +5775,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -5837,7 +5831,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5852,7 +5846,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5861,13 +5855,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_78(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f6(
+      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
 }
 
 /**
@@ -5883,12 +5877,12 @@ generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3(
+libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_56(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness);
 }
 
 /**
@@ -5899,7 +5893,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_56(
       copy_of_randomness);
 }
 
@@ -5914,7 +5908,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ff(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_a1(
     Eurydice_slice shared_secret,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t kdf_input[64U];
@@ -5925,7 +5919,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ff(
   uint8_t ret0[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1088U,
-                              libcrux_ml_kem_types_as_slice_d4_24(ciphertext),
+                              libcrux_ml_kem_types_as_slice_d4_73(ciphertext),
                               uint8_t),
       ret0);
   Eurydice_slice_copy(
@@ -5958,7 +5952,7 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_580(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5976,7 +5970,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_66(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6000,7 +5994,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -6011,18 +6005,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_33_ff(
+  libcrux_ml_kem_variant_kdf_33_a1(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_ff(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_33_a1(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6056,10 +6050,10 @@ generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bc(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_1a0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_580(private_key, ciphertext, ret);
 }
 
 /**
@@ -6072,7 +6066,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6(
 static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6(
+  libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bc(
       private_key, ciphertext, ret);
 }
 
@@ -6086,7 +6080,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_57(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_cd(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret);
 }
@@ -6110,11 +6104,11 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e0(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb0(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_33_57(
+  libcrux_ml_kem_variant_entropy_preprocess_33_cd(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6125,7 +6119,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e0(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_60(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -6140,20 +6134,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e0(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_33_ff(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_33_a1(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6188,14 +6182,14 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_02(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_4e0(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_eb0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -6212,7 +6206,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_02(
       uu____0, copy_of_randomness);
 }
 
@@ -6226,7 +6220,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_f9(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9f(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret);
 }
@@ -6240,12 +6234,12 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a0(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_f9(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_9f(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6265,7 +6259,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -6273,11 +6267,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_matrix_compute_As_plus_e_f0(
+  libcrux_ml_kem_matrix_compute_As_plus_e_6a(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -6306,15 +6300,15 @@ libcrux_ml_kem_ind_cpa_generate_keypair_080(
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a0(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6324,12 +6318,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_080(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -6346,7 +6340,7 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6361,7 +6355,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -6370,13 +6364,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_78(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_f6(
+      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
 }
 
 /**
@@ -6392,12 +6386,12 @@ generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_63(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness);
 }
 
 /**
@@ -6409,7 +6403,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_63(
       copy_of_randomness);
 }
 
@@ -6421,7 +6415,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_96(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_c7(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -6446,10 +6440,10 @@ generics
 - CIPHERTEXT_SIZE= 1088
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_94(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_96(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_c7(private_key,
                                                         ciphertext);
 }
 
@@ -6461,7 +6455,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5(
 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_94(
       private_key, ciphertext);
 }
 
@@ -6473,7 +6467,7 @@ generics
 - K= 3
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_16(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_bc(
     size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
@@ -6485,14 +6479,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ff(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
   }
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
       public_key, deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
   memcpy(
@@ -6511,16 +6505,16 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f6(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a(
     uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ff(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -6538,9 +6532,9 @@ generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4f(
     uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_f6(public_key);
+  return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key);
 }
 
 /**
@@ -6550,7 +6544,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6(
 */
 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4f(
       public_key->value);
 }
 
@@ -6576,11 +6570,11 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_32(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_46(
       &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6610,7 +6604,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -6622,11 +6616,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
+          libcrux_ml_kem_types_as_ref_00_69(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -6662,10 +6656,10 @@ generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_d3(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(key_pair, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_unpacked_decapsulate_32(key_pair, ciphertext, ret);
 }
 
 /**
@@ -6679,7 +6673,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
         *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_d3(
       private_key, ciphertext, ret);
 }
 
@@ -6702,7 +6696,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(
+static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
     uint8_t randomness[32U]) {
   uint8_t to_hash[64U];
@@ -6730,7 +6724,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(uu____2, copy_of_randomness,
                                              pseudorandomness, ciphertext);
   uint8_t shared_secret_array[32U] = {0U};
   Eurydice_slice_copy(
@@ -6740,7 +6734,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -6773,7 +6767,7 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_fb(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 =
@@ -6781,7 +6775,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(uu____0,
+  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(uu____0,
                                                         copy_of_randomness);
 }
 
@@ -6801,7 +6795,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_fb(
       uu____0, copy_of_randomness);
 }
 
@@ -6820,7 +6814,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_08(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_61(size_t _j) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -6838,7 +6832,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6c(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -6857,7 +6851,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_clone_8d_ef(
+libcrux_ml_kem_polynomial_clone_8d_9f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U];
@@ -6886,7 +6880,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_4a(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -6896,19 +6890,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(
       (size_t)64U, randomness,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0(i, A[i]);
+    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6c(i, A[i]);
   }
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
     for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_ef(
+          libcrux_ml_kem_polynomial_clone_8d_9f(
               &out->public_key.ind_cpa_public_key.A[j][i1]);
       A[i1][j] = uu____0;
     }
@@ -6921,7 +6915,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(
          (size_t)3U *
              sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
   uint8_t pk_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
       out->public_key.ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice(
           (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
@@ -6956,13 +6950,13 @@ const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c1(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(copy_of_randomness, out);
+  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_4a(copy_of_randomness, out);
 }
 
 /**
@@ -6975,7 +6969,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c1(
       copy_of_randomness, key_pair);
 }
 
@@ -6991,7 +6985,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_default_1c_e8(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_1c_fd(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
   lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
   lit.public_key_hash[0U] = 0U;
@@ -7042,7 +7036,7 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) {
+    libcrux_ml_kem_ind_cca_unpacked_default_07_9f(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0;
   uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
   uu____0.implicit_rejection_value[0U] = 0U;
@@ -7080,7 +7074,7 @@ static KRML_MUSTINLINE
   return (CLITERAL(
       libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){
       .private_key = uu____0,
-      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_e8()});
+      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fd()});
 }
 
 /**
@@ -7088,7 +7082,7 @@ static KRML_MUSTINLINE
 */
 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_e2();
+  return libcrux_ml_kem_ind_cca_unpacked_default_07_9f();
 }
 
 /**
@@ -7096,7 +7090,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
 */
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_e8();
+  return libcrux_ml_kem_ind_cca_unpacked_default_1c_fd();
 }
 
 /**
@@ -7116,10 +7110,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_85(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
       self->ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
                               uint8_t),
@@ -7143,10 +7137,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_85(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_85(
       &self->public_key, serialized);
 }
 
@@ -7157,7 +7151,7 @@ static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_85(key_pair,
                                                                   serialized);
 }
 
@@ -7173,7 +7167,7 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93(
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ce(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
@@ -7209,11 +7203,11 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_clone_28_68(
+libcrux_ml_kem_ind_cca_unpacked_clone_28_20(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
   lit.ind_cpa_public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93(&self->ind_cpa_public_key);
+      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ce(&self->ind_cpa_public_key);
   uint8_t ret[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -7236,7 +7230,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9(
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_1e(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -7248,8 +7242,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_68(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9(key_pair));
+      libcrux_ml_kem_ind_cca_unpacked_clone_28_20(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_de_1e(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -7260,7 +7254,7 @@ static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_85(public_key,
                                                                   serialized);
 }
 
@@ -7283,7 +7277,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
         *unpacked_public_key) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
       (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
       uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
   uint8_t uu____1[32U];
   libcrux_ml_kem_utils_into_padded_array_423(
@@ -7303,7 +7297,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
   uint8_t uu____3[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_60(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
                               uint8_t),
       uu____3);
   memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -7323,7 +7317,7 @@ const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_c5(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
         *unpacked_public_key) {
@@ -7339,7 +7333,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_c5(
       public_key, unpacked_public_key);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
index f381a6d12..9b8b7968c 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_mlkem768_portable_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 872af5692..12bdcaa69 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index ef344518f..251b5abff 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
+ * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
  */
 
 #ifndef __libcrux_sha3_portable_H

From 4b0d78759e0adf160bab80862883bd5ba7338977 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 30 Oct 2024 12:53:54 +0000
Subject: [PATCH 004/142] restored c/cg

---
 libcrux-ml-kem/c/code_gen.txt                 |    2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   38 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   32 +-
 .../c/internal/libcrux_mlkem_portable.h       |   32 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |    2 +-
 .../c/internal/libcrux_sha3_internal.h        |    2 +-
 libcrux-ml-kem/c/libcrux_core.c               |   38 +-
 libcrux-ml-kem/c/libcrux_core.h               |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   32 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 1078 +++++++-------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |    2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 1262 ++++++++---------
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   47 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |    2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |    2 +-
 libcrux-ml-kem/cg/code_gen.txt                |    2 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   16 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |    2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     |  733 +++++-----
 .../cg/libcrux_mlkem768_avx2_types.h          |    2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  913 ++++++------
 .../cg/libcrux_mlkem768_portable_types.h      |    2 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |    2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |    2 +-
 42 files changed, 2133 insertions(+), 2300 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 620e1c137..7599cb2f1 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
 Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index b5eb18527..31a212a7c 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __internal_libcrux_core_H
@@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451(
+libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671(
     uint8_t value[1568U]);
 
 /**
@@ -82,7 +82,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 3168
 - PUBLIC_KEY_SIZE= 1568
 */
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61(
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1(
     libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
     libcrux_ml_kem_types_MlKemPublicKey_1f pk);
 
@@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1(
+libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1(
     uint8_t value[3168U]);
 
 /**
@@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450(
+libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670(
     uint8_t value[1184U]);
 
 /**
@@ -120,7 +120,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 2400
 - PUBLIC_KEY_SIZE= 1184
 */
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60(
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0(
     libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
     libcrux_ml_kem_types_MlKemPublicKey_15 pk);
 
@@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0(
+libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0(
     uint8_t value[2400U]);
 
 /**
@@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 800
 */
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45(
+libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67(
     uint8_t value[800U]);
 
 /**
@@ -158,7 +158,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 1632
 - PUBLIC_KEY_SIZE= 800
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee(
     libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
     libcrux_ml_kem_types_MlKemPublicKey_be pk);
 
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c(
+libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af(
     uint8_t value[1632U]);
 
 /**
@@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_d11(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1(
     libcrux_ml_kem_types_MlKemPublicKey_15 *self);
 
 /**
@@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_3a1(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451(
     uint8_t value[1088U]);
 
 /**
@@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_be1(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_401(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self);
 
 /**
@@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 800
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_d10(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0(
     libcrux_ml_kem_types_MlKemPublicKey_be *self);
 
 /**
@@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_3a0(
+libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450(
     uint8_t value[768U]);
 
 /**
@@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_be0(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_400(
     libcrux_ml_kem_types_MlKemCiphertext_e8 *self);
 
 /**
@@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1568
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_d1(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_fe(
     libcrux_ml_kem_types_MlKemPublicKey_1f *self);
 
 /**
@@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_3a(
+libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45(
     uint8_t value[1568U]);
 
 /**
@@ -344,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_be(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_40(
     libcrux_ml_kem_types_MlKemCiphertext_1f *self);
 
 /**
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index ea36300ae..c4c213b73 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
@@ -41,7 +41,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_db1(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -51,7 +51,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_a81(
+bool libcrux_ml_kem_ind_cca_validate_private_key_701(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
@@ -69,7 +69,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -90,7 +90,7 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_791(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]);
 
@@ -116,7 +116,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_cd1(
+void libcrux_ml_kem_ind_cca_decapsulate_7f1(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
@@ -128,7 +128,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_db0(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -138,7 +138,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_a80(
+bool libcrux_ml_kem_ind_cca_validate_private_key_700(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
 
@@ -156,7 +156,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -177,7 +177,7 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_790(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]);
 
@@ -203,7 +203,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_cd0(
+void libcrux_ml_kem_ind_cca_decapsulate_7f0(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
 
@@ -215,7 +215,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_db(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -225,7 +225,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_a8(
+bool libcrux_ml_kem_ind_cca_validate_private_key_70(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
 
@@ -242,7 +242,7 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
     uint8_t randomness[64U]);
 
 /**
@@ -264,7 +264,7 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_79(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]);
 
@@ -290,7 +290,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_cd(
+void libcrux_ml_kem_ind_cca_decapsulate_7f(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
 
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index 7475145d9..def86cf8e 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
@@ -46,7 +46,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -56,7 +56,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_99(
+bool libcrux_ml_kem_ind_cca_validate_private_key_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
 
@@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_1e1(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]);
 
@@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_2d1(
+void libcrux_ml_kem_ind_cca_decapsulate_191(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
 
@@ -133,7 +133,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -143,7 +143,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_ba(
+bool libcrux_ml_kem_ind_cca_validate_private_key_b4(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
 
@@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 192
 */
 libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_1e0(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]);
 
@@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_2d0(
+void libcrux_ml_kem_ind_cca_decapsulate_190(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
 
@@ -220,7 +220,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -230,7 +230,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_4e(
+bool libcrux_ml_kem_ind_cca_validate_private_key_33(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
@@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_1e(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]);
 
@@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_2d(
+void libcrux_ml_kem_ind_cca_decapsulate_19(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index b25010cbc..95df92565 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 5f8662e56..a57bfa85c 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 394f12228..bad4aa323 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "internal/libcrux_core.h"
@@ -80,7 +80,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451(
+libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
@@ -100,7 +100,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 3168
 - PUBLIC_KEY_SIZE= 1568
 */
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61(
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1(
     libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
     libcrux_ml_kem_types_MlKemPublicKey_1f pk) {
   return (
@@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1(
+libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1(
     uint8_t value[3168U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[3168U];
@@ -135,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450(
+libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670(
     uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
@@ -155,7 +155,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 2400
 - PUBLIC_KEY_SIZE= 1184
 */
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60(
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0(
     libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
     libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
   return (
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0(
+libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0(
     uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
@@ -190,7 +190,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 800
 */
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45(
+libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67(
     uint8_t value[800U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[800U];
@@ -210,7 +210,7 @@ with const generics
 - PRIVATE_KEY_SIZE= 1632
 - PUBLIC_KEY_SIZE= 800
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee(
     libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
     libcrux_ml_kem_types_MlKemPublicKey_be pk) {
   return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk});
@@ -225,7 +225,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c(
+libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af(
     uint8_t value[1632U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1632U];
@@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_d11(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1(
     libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
   return self->value;
 }
@@ -257,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_3a1(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451(
     uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
@@ -276,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_be1(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_401(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
@@ -308,7 +308,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 800
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_d10(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0(
     libcrux_ml_kem_types_MlKemPublicKey_be *self) {
   return self->value;
 }
@@ -322,7 +322,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_3a0(
+libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450(
     uint8_t value[768U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[768U];
@@ -341,7 +341,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_be0(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_400(
     libcrux_ml_kem_types_MlKemCiphertext_e8 *self) {
   return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t);
 }
@@ -373,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1568
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_d1(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_fe(
     libcrux_ml_kem_types_MlKemPublicKey_1f *self) {
   return self->value;
 }
@@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_3a(
+libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
@@ -465,7 +465,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_be(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_40(
     libcrux_ml_kem_types_MlKemCiphertext_1f *self) {
   return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t);
 }
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 106b44b1f..bc1f587a2 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 052060fb6..63a7ab056 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index f8b601eef..1028b5ac1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_mlkem1024_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-static void decapsulate_200(
+static void decapsulate_0c0(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_cd0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_200(
 void libcrux_ml_kem_mlkem1024_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  decapsulate_200(private_key, ciphertext, ret);
+  decapsulate_0c0(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_21 encapsulate_b00(
+static tuple_21 encapsulate_ae0(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_790(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_a10(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_b00(uu____0, copy_of_randomness);
+  return encapsulate_ae0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_8e0(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_5a0(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_8e0(copy_of_randomness);
+  return generate_keypair_5a0(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_private_key_a10(
+static KRML_MUSTINLINE bool validate_private_key_080(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_a80(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key,
                                                          ciphertext);
 }
 
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_a10(
 bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return validate_private_key_a10(private_key, ciphertext);
+  return validate_private_key_080(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_public_key_c20(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_db0(public_key);
+static KRML_MUSTINLINE bool validate_public_key_f60(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key);
 }
 
 /**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_c20(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
-  return validate_public_key_c20(public_key->value);
+  return validate_public_key_f60(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index a20c4e836..dede724bf 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 0b655b537..bed205e56 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_mlkem1024_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-static void decapsulate_f71(
+static void decapsulate_831(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_2d1(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_191(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_f71(
 void libcrux_ml_kem_mlkem1024_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  decapsulate_f71(private_key, ciphertext, ret);
+  decapsulate_831(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_21 encapsulate_af1(
+static tuple_21 encapsulate_951(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_1e1(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_661(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_af1(uu____0, copy_of_randomness);
+  return encapsulate_951(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_561(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_d11(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_911(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_561(copy_of_randomness);
+  return generate_keypair_d11(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_private_key_a91(
+static KRML_MUSTINLINE bool validate_private_key_da1(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_99(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_ae(private_key,
                                                         ciphertext);
 }
 
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_a91(
 bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return validate_private_key_a91(private_key, ciphertext);
+  return validate_private_key_da1(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_public_key_a81(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_8c1(public_key);
+static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_bf1(public_key);
 }
 
 /**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_a81(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem1024_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
-  return validate_public_key_a81(public_key->value);
+  return validate_public_key_e91(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 8dac186df..87b018021 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 1ec63a95d..157226146 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 1ea59179a..8008c0304 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_mlkem512_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-static void decapsulate_20(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
+static void decapsulate_0c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
                            libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext,
                            uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_cd(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_20(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
 void libcrux_ml_kem_mlkem512_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_20(private_key, ciphertext, ret);
+  decapsulate_0c(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_ec encapsulate_b0(
+static tuple_ec encapsulate_ae(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_79(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_a1(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_b0(uu____0, copy_of_randomness);
+  return encapsulate_ae(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_8e(
+static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_5a(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_8e(copy_of_randomness);
+  return generate_keypair_5a(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE bool validate_private_key_a1(
+static KRML_MUSTINLINE bool validate_private_key_08(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_a8(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key,
                                                         ciphertext);
 }
 
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_a1(
 bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return validate_private_key_a1(private_key, ciphertext);
+  return validate_private_key_08(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE bool validate_public_key_c2(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_db(public_key);
+static KRML_MUSTINLINE bool validate_public_key_f6(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key);
 }
 
 /**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_c2(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem512_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
-  return validate_public_key_c2(public_key->value);
+  return validate_public_key_f6(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 8227a08bf..8a66b75c4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 3f1132f00..2fc5a3251 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_mlkem512_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-static void decapsulate_f70(
+static void decapsulate_830(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_2d0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_190(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_f70(
 void libcrux_ml_kem_mlkem512_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_f70(private_key, ciphertext, ret);
+  decapsulate_830(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_ec encapsulate_af0(
+static tuple_ec encapsulate_950(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_1e0(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_660(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_af0(uu____0, copy_of_randomness);
+  return encapsulate_950(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_560(
+static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d10(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_560(copy_of_randomness);
+  return generate_keypair_d10(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE bool validate_private_key_a90(
+static KRML_MUSTINLINE bool validate_private_key_da0(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_ba(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_b4(private_key,
                                                         ciphertext);
 }
 
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_a90(
 bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return validate_private_key_a90(private_key, ciphertext);
+  return validate_private_key_da0(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE bool validate_public_key_a80(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_8c0(public_key);
+static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_bf0(public_key);
 }
 
 /**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_a80(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem512_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
-  return validate_public_key_a80(public_key->value);
+  return validate_public_key_e90(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index b35f61b44..66032c07f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index d9947c213..85985206f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index aca4d93f8..3fd65a30d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_mlkem768_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static void decapsulate_201(
+static void decapsulate_0c1(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_cd1(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_201(
 void libcrux_ml_kem_mlkem768_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_201(private_key, ciphertext, ret);
+  decapsulate_0c1(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_3c encapsulate_b01(
+static tuple_3c encapsulate_ae1(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_791(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_a11(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_b01(uu____0, copy_of_randomness);
+  return encapsulate_ae1(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_8e1(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_5a1(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_dd1(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_0b1(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_8e1(copy_of_randomness);
+  return generate_keypair_5a1(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool validate_private_key_a11(
+static KRML_MUSTINLINE bool validate_private_key_081(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_a81(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key,
                                                          ciphertext);
 }
 
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_a11(
 bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return validate_private_key_a11(private_key, ciphertext);
+  return validate_private_key_081(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool validate_public_key_c21(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_db1(public_key);
+static KRML_MUSTINLINE bool validate_public_key_f61(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key);
 }
 
 /**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_c21(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return validate_public_key_c21(public_key->value);
+  return validate_public_key_f61(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index a977c4abe..af5edca86 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 6f19bf422..1794e74b4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_mlkem768_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static void decapsulate_f7(
+static void decapsulate_83(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_2d(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_19(private_key, ciphertext, ret);
 }
 
 /**
@@ -51,7 +51,7 @@ static void decapsulate_f7(
 void libcrux_ml_kem_mlkem768_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_f7(private_key, ciphertext, ret);
+  decapsulate_83(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_3c encapsulate_af(
+static tuple_3c encapsulate_95(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_1e(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_66(uu____0, copy_of_randomness);
 }
 
 /**
@@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_af(uu____0, copy_of_randomness);
+  return encapsulate_95(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_56(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d1(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_56(copy_of_randomness);
+  return generate_keypair_d1(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool validate_private_key_a9(
+static KRML_MUSTINLINE bool validate_private_key_da(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_4e(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_33(private_key,
                                                         ciphertext);
 }
 
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_a9(
 bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return validate_private_key_a9(private_key, ciphertext);
+  return validate_private_key_da(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool validate_public_key_a8(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_8c(public_key);
+static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_bf(public_key);
 }
 
 /**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_a8(uint8_t *public_key) {
 */
 bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return validate_public_key_a8(public_key->value);
+  return validate_public_key_e9(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 47c0dd223..4e8116617 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 7112fa8d3..05520bf99 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -1140,7 +1140,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_reduced_ring_element_65(Eurydice_slice serialized) {
+deserialize_to_reduced_ring_element_dc(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -1160,7 +1160,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -1174,7 +1174,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_65(ring_element);
+        deserialize_to_reduced_ring_element_dc(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -1185,19 +1185,15 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_191(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc1(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_9f1(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+  deserialize_ring_elements_reduced_531(public_key, deserialized_pk);
   memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -1206,7 +1202,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right
 with const generics
 - SHIFT_BY= 15
 */
-static KRML_MUSTINLINE __m256i shift_right_70(__m256i vector) {
+static KRML_MUSTINLINE __m256i shift_right_65(__m256i vector) {
   return mm256_srai_epi16((int32_t)15, vector, __m256i);
 }
 
@@ -1219,8 +1215,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09
 with const generics
 - SHIFT_BY= 15
 */
-static __m256i shift_right_09_58(__m256i vector) {
-  return shift_right_70(vector);
+static __m256i shift_right_09_85(__m256i vector) {
+  return shift_right_65(vector);
 }
 
 /**
@@ -1229,8 +1225,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static __m256i to_unsigned_representative_e5(__m256i a) {
-  __m256i t = shift_right_09_58(a);
+static __m256i to_unsigned_representative_3f(__m256i a) {
+  __m256i t = shift_right_09_85(a);
   __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -1242,8 +1238,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_8a(__m256i a) {
-  return to_unsigned_representative_e5(a);
+static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_7b(__m256i a) {
+  return to_unsigned_representative_3f(a);
 }
 
 /**
@@ -1252,13 +1248,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_09(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = to_unsigned_field_modulus_8a(re->coefficients[i0]);
+    __m256i coefficient = to_unsigned_field_modulus_7b(re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -1278,7 +1274,7 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void serialize_secret_key_231(
+static KRML_MUSTINLINE void serialize_secret_key_991(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -1296,7 +1292,7 @@ static KRML_MUSTINLINE void serialize_secret_key_231(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_09(&re, ret0);
+    serialize_uncompressed_ring_element_2c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -1311,13 +1307,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_ff1(
+static KRML_MUSTINLINE void serialize_public_key_mut_6c1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  serialize_secret_key_231(t_as_ntt, ret);
+  serialize_secret_key_991(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -1334,12 +1330,14 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_161(
+static KRML_MUSTINLINE void serialize_public_key_ca1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  serialize_public_key_mut_ff1(t_as_ntt, seed_for_a, public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized);
+  uint8_t result[1184U];
+  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -1350,15 +1348,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_db1(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
-  deserialize_ring_elements_reduced_out_191(
+  deserialize_ring_elements_reduced_out_cc1(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_161(
+  serialize_public_key_ca1(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -1388,7 +1386,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_a81(
+bool libcrux_ml_kem_ind_cca_validate_private_key_701(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -1500,7 +1498,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_6b1(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_751(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -2083,7 +2081,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_69(
+static KRML_MUSTINLINE void ntt_at_layer_7_13(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -2108,7 +2106,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i montgomery_multiply_fe_e0(__m256i v, int16_t fer) {
+static __m256i montgomery_multiply_fe_5f(__m256i v, int16_t fer) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
 }
 
@@ -2119,8 +2117,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-ntt_layer_int_vec_step_e8(__m256i a, __m256i b, int16_t zeta_r) {
-  __m256i t = montgomery_multiply_fe_e0(b, zeta_r);
+ntt_layer_int_vec_step_97(__m256i a, __m256i b, int16_t zeta_r) {
+  __m256i t = montgomery_multiply_fe_5f(b, zeta_r);
   b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
   a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
@@ -2133,7 +2131,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_07(
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_ca(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2146,7 +2144,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_07(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          ntt_layer_int_vec_step_e8(
+          ntt_layer_int_vec_step_97(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2163,7 +2161,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_46(
+static KRML_MUSTINLINE void ntt_at_layer_3_ba(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2179,7 +2177,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_53(
+static KRML_MUSTINLINE void ntt_at_layer_2_89(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2197,7 +2195,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_42(
+static KRML_MUSTINLINE void ntt_at_layer_1_d7(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2222,7 +2220,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_83(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_a9(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2238,17 +2236,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_25(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ef(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
-  ntt_at_layer_7_69(re);
+  ntt_at_layer_7_13(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_46(&zeta_i, re);
-  ntt_at_layer_2_53(&zeta_i, re);
-  ntt_at_layer_1_42(&zeta_i, re);
-  poly_barrett_reduce_ef_83(re);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_ba(&zeta_i, re);
+  ntt_at_layer_2_89(&zeta_i, re);
+  ntt_at_layer_1_d7(&zeta_i, re);
+  poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -2259,7 +2257,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_681(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -2269,8 +2267,6 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_681(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -2280,7 +2276,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_681(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -2303,7 +2299,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_481(
+static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
@@ -2312,18 +2308,18 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_481(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_681(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b01(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b0 lit;
+  tuple_b0 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -2338,7 +2334,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-ntt_multiply_ef_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
+ntt_multiply_ef_b2(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05();
   for (size_t i = (size_t)0U;
@@ -2368,7 +2364,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_aa1(
+static KRML_MUSTINLINE void add_to_ring_element_ef_4f1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -2388,7 +2384,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i to_standard_domain_bb(__m256i v) {
+static __m256i to_standard_domain_79(__m256i v) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
@@ -2404,14 +2400,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_e7(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_34(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        to_standard_domain_bb(self->coefficients[j]);
+        to_standard_domain_79(self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -2424,7 +2420,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_As_plus_e_b61(
+static KRML_MUSTINLINE void compute_As_plus_e_2d1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -2451,10 +2447,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_b61(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_d5(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_aa1(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_4f1(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_e7(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -2467,12 +2463,12 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_a21(
+static void generate_keypair_unpacked_a41(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_a0 *private_key,
     IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_6b1(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_751(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -2492,17 +2488,17 @@ static void generate_keypair_unpacked_a21(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_681(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b01(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_481(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_811(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_b61(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_2d1(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -2523,18 +2519,18 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471(
+static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1();
   IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891();
-  generate_keypair_unpacked_a21(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_a41(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_161(
+  serialize_public_key_ca1(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_231(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_991(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -2543,12 +2539,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -2558,7 +2554,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_7b1(
+static KRML_MUSTINLINE void serialize_kem_secret_key_1f1(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -2614,7 +2610,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -2623,13 +2619,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      generate_keypair_471(ind_cpa_keypair_randomness);
+      generate_keypair_6a1(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  serialize_kem_secret_key_7b1(
+  serialize_kem_secret_key_1f1(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -2638,13 +2634,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f60(
-      uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee0(
+      uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key));
 }
 
 /**
@@ -2657,7 +2653,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_6c1(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_641(Eurydice_slice randomness,
                                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -2674,7 +2670,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_b0
-sample_ring_element_cbd_6a1(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   error_1[i] = ZERO_ef_05(););
@@ -2685,8 +2681,6 @@ sample_ring_element_cbd_6a1(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -2703,12 +2697,12 @@ sample_ring_element_cbd_6a1(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b0 lit;
+  tuple_b0 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -2744,7 +2738,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_78(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_f7(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2765,7 +2759,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_2c(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_98(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2784,7 +2778,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_73(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_fe(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
                    zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2801,11 +2795,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-inv_ntt_layer_int_vec_step_reduce_83(__m256i a, __m256i b, int16_t zeta_r) {
+inv_ntt_layer_int_vec_step_reduce_75(__m256i a, __m256i b, int16_t zeta_r) {
   __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
   a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
       libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = montgomery_multiply_fe_e0(a_minus_b, zeta_r);
+  b = montgomery_multiply_fe_5f(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2816,7 +2810,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_04(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2831,7 +2825,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_04(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_83(
+          inv_ntt_layer_int_vec_step_reduce_75(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2848,18 +2842,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_401(
+static KRML_MUSTINLINE void invert_ntt_montgomery_8f1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_78(&zeta_i, re);
-  invert_ntt_at_layer_2_2c(&zeta_i, re);
-  invert_ntt_at_layer_3_73(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_83(re);
+  invert_ntt_at_layer_1_f7(&zeta_i, re);
+  invert_ntt_at_layer_2_98(&zeta_i, re);
+  invert_ntt_at_layer_3_fe(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -2873,7 +2867,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_ee(
+static KRML_MUSTINLINE void add_error_reduce_ef_dd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
@@ -2894,14 +2888,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_vector_u_421(
+static KRML_MUSTINLINE void compute_vector_u_dd1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  result[i] = ZERO_ef_05(););
+                  result0[i] = ZERO_ef_05(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -2921,12 +2915,16 @@ static KRML_MUSTINLINE void compute_vector_u_421(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_aa1(&result[i1], &product);
+          ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_4f1(&result0[i1], &product);
     }
-    invert_ntt_montgomery_401(&result[i1]);
-    add_error_reduce_ef_ee(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_8f1(&result0[i1]);
+    add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+  memcpy(
+      result, result0,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -2938,7 +2936,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i decompress_1_4e(__m256i vec) {
+static __m256i decompress_1_08(__m256i vec) {
   __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
   __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
   return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s,
@@ -2952,7 +2950,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_message_6f(uint8_t serialized[32U]) {
+deserialize_then_decompress_message_d3(uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
@@ -2961,7 +2959,7 @@ deserialize_then_decompress_message_6f(uint8_t serialized[32U]) {
               Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                           (size_t)2U * i0 + (size_t)2U,
                                           uint8_t));
-      re.coefficients[i0] = decompress_1_4e(coefficient_compressed););
+      re.coefficients[i0] = decompress_1_08(coefficient_compressed););
   return re;
 }
 
@@ -2977,7 +2975,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-add_message_error_reduce_ef_a6(
+add_message_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
@@ -3004,7 +3002,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_d21(
+compute_ring_element_v_771(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -3012,10 +3010,10 @@ compute_ring_element_v_d21(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_d5(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_aa1(&result, &product););
-  invert_ntt_montgomery_401(&result);
-  result = add_message_error_reduce_ef_a6(error_2, message, result);
+                      ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_4f1(&result, &product););
+  invert_ntt_montgomery_8f1(&result);
+  result = add_message_error_reduce_ef_79(error_2, message, result);
   return result;
 }
 
@@ -3026,7 +3024,7 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_19(__m256i vector) {
+compress_ciphertext_coefficient_1a(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3073,8 +3071,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static __m256i compress_09_8f(__m256i vector) {
-  return compress_ciphertext_coefficient_19(vector);
+static __m256i compress_09_74(__m256i vector) {
+  return compress_ciphertext_coefficient_1a(vector);
 }
 
 /**
@@ -3083,14 +3081,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_10_4d0(
+static KRML_MUSTINLINE void compress_then_serialize_10_2b0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_8f(to_unsigned_field_modulus_8a(re->coefficients[i0]));
+        compress_09_74(to_unsigned_field_modulus_7b(re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -3110,7 +3108,7 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_190(__m256i vector) {
+compress_ciphertext_coefficient_1a0(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3157,8 +3155,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 11
 */
-static __m256i compress_09_8f0(__m256i vector) {
-  return compress_ciphertext_coefficient_190(vector);
+static __m256i compress_09_740(__m256i vector) {
+  return compress_ciphertext_coefficient_1a0(vector);
 }
 
 /**
@@ -3168,11 +3166,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_680(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  compress_then_serialize_10_4d0(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  compress_then_serialize_10_2b0(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3184,7 +3182,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_931(
+static void compress_then_serialize_u_421(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -3200,7 +3198,7 @@ static void compress_then_serialize_u_931(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_680(&re, ret);
+    compress_then_serialize_ring_element_u_9e0(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -3213,7 +3211,7 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_191(__m256i vector) {
+compress_ciphertext_coefficient_1a1(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3260,8 +3258,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 4
 */
-static __m256i compress_09_8f1(__m256i vector) {
-  return compress_ciphertext_coefficient_191(vector);
+static __m256i compress_09_741(__m256i vector) {
+  return compress_ciphertext_coefficient_1a1(vector);
 }
 
 /**
@@ -3270,14 +3268,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_aa(
+static KRML_MUSTINLINE void compress_then_serialize_4_a4(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_8f1(to_unsigned_field_modulus_8a(re.coefficients[i0]));
+        compress_09_741(to_unsigned_field_modulus_7b(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
     Eurydice_slice_copy(
@@ -3294,7 +3292,7 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_192(__m256i vector) {
+compress_ciphertext_coefficient_1a2(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3341,8 +3339,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 5
 */
-static __m256i compress_09_8f2(__m256i vector) {
-  return compress_ciphertext_coefficient_192(vector);
+static __m256i compress_09_742(__m256i vector) {
+  return compress_ciphertext_coefficient_1a2(vector);
 }
 
 /**
@@ -3351,14 +3349,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_fc(
+static KRML_MUSTINLINE void compress_then_serialize_5_03(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients =
-        compress_09_8f2(to_unsigned_representative_e5(re.coefficients[i0]));
+        compress_09_742(to_unsigned_representative_3f(re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
     Eurydice_slice_copy(
@@ -3375,9 +3373,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d10(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  compress_then_serialize_4_aa(re, out);
+  compress_then_serialize_4_a4(re, out);
 }
 
 /**
@@ -3397,7 +3395,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_ec1(IndCpaPublicKeyUnpacked_a0 *public_key,
+static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness,
                                  uint8_t ret[1088U]) {
@@ -3406,7 +3404,7 @@ static void encrypt_unpacked_ec1(IndCpaPublicKeyUnpacked_a0 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_481(copy_of_prf_input0, 0U);
+  tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_811(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -3416,7 +3414,7 @@ static void encrypt_unpacked_ec1(IndCpaPublicKeyUnpacked_a0 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_b0 uu____3 =
-      sample_ring_element_cbd_6a1(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_a01(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   memcpy(
       error_1, uu____3.fst,
@@ -3430,25 +3428,25 @@ static void encrypt_unpacked_ec1(IndCpaPublicKeyUnpacked_a0 *public_key,
       sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
-  compute_vector_u_421(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_dd1(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_6f(copy_of_message);
+      deserialize_then_decompress_message_d3(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_d21(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_771(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_931(
+  compress_then_serialize_u_421(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_7b0(
+  compress_then_serialize_ring_element_v_d10(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -3471,10 +3469,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_681(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1088U]) {
   IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891();
-  deserialize_ring_elements_reduced_9f1(
+  deserialize_ring_elements_reduced_531(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -3488,9 +3486,9 @@ static void encrypt_681(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  encrypt_unpacked_ec1(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t result[1088U];
+  encrypt_unpacked_a41(uu____1, copy_of_message, randomness, result);
+  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -3504,7 +3502,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void kdf_d8_b21(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_161(Eurydice_slice shared_secret,
                                        uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3531,11 +3529,11 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_791(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_6c1(
+  entropy_preprocess_d8_641(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -3545,7 +3543,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_791(
       size_t);
   uint8_t ret[32U];
   H_a9_411(Eurydice_array_to_slice(
-               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key),
+               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -3559,19 +3557,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_791(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  encrypt_681(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_3a1(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_451(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_b21(shared_secret, shared_secret_array);
+  kdf_d8_161(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -3590,7 +3588,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_uncompressed_ring_element_6e(Eurydice_slice serialized) {
+deserialize_to_uncompressed_ring_element_6c(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -3608,7 +3606,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_secret_key_cf1(
+static KRML_MUSTINLINE void deserialize_secret_key_541(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
@@ -3625,11 +3623,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_cf1(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_6e(secret_bytes);
+        deserialize_to_uncompressed_ring_element_6c(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
-      ret, secret_as_ntt,
+      result, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+  memcpy(
+      ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -3640,7 +3642,7 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_4f(__m256i vector) {
+decompress_ciphertext_coefficient_8e(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3684,8 +3686,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 10
 */
-static __m256i decompress_ciphertext_coefficient_09_4c(__m256i vector) {
-  return decompress_ciphertext_coefficient_4f(vector);
+static __m256i decompress_ciphertext_coefficient_09_70(__m256i vector) {
+  return decompress_ciphertext_coefficient_8e(vector);
 }
 
 /**
@@ -3695,7 +3697,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_10_e4(Eurydice_slice serialized) {
+deserialize_then_decompress_10_c7(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   LowStar_Ignore_ignore(
       Eurydice_slice_len(
@@ -3708,7 +3710,7 @@ deserialize_then_decompress_10_e4(Eurydice_slice serialized) {
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_4c(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_70(coefficient);
   }
   return re;
 }
@@ -3720,7 +3722,7 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_4f0(__m256i vector) {
+decompress_ciphertext_coefficient_8e0(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3764,8 +3766,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 11
 */
-static __m256i decompress_ciphertext_coefficient_09_4c0(__m256i vector) {
-  return decompress_ciphertext_coefficient_4f0(vector);
+static __m256i decompress_ciphertext_coefficient_09_700(__m256i vector) {
+  return decompress_ciphertext_coefficient_8e0(vector);
 }
 
 /**
@@ -3775,7 +3777,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_11_39(Eurydice_slice serialized) {
+deserialize_then_decompress_11_d5(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
@@ -3783,7 +3785,7 @@ deserialize_then_decompress_11_39(Eurydice_slice serialized) {
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_4c0(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_700(coefficient);
   }
   return re;
 }
@@ -3795,8 +3797,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_180(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_e4(serialized);
+deserialize_then_decompress_ring_element_u_790(Eurydice_slice serialized) {
+  return deserialize_then_decompress_10_c7(serialized);
 }
 
 /**
@@ -3805,17 +3807,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void ntt_vector_u_b10(
+static KRML_MUSTINLINE void ntt_vector_u_b70(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_46(&zeta_i, re);
-  ntt_at_layer_2_53(&zeta_i, re);
-  ntt_at_layer_1_42(&zeta_i, re);
-  poly_barrett_reduce_ef_83(re);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_ba(&zeta_i, re);
+  ntt_at_layer_2_89(&zeta_i, re);
+  ntt_at_layer_1_d7(&zeta_i, re);
+  poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -3826,7 +3828,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_b11(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_251(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
@@ -3849,8 +3851,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_180(u_bytes);
-    ntt_vector_u_b10(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes);
+    ntt_vector_u_b70(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -3864,7 +3866,7 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_4f1(__m256i vector) {
+decompress_ciphertext_coefficient_8e1(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3908,8 +3910,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 4
 */
-static __m256i decompress_ciphertext_coefficient_09_4c1(__m256i vector) {
-  return decompress_ciphertext_coefficient_4f1(vector);
+static __m256i decompress_ciphertext_coefficient_09_701(__m256i vector) {
+  return decompress_ciphertext_coefficient_8e1(vector);
 }
 
 /**
@@ -3919,7 +3921,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_4_4d(Eurydice_slice serialized) {
+deserialize_then_decompress_4_75(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
@@ -3927,7 +3929,7 @@ deserialize_then_decompress_4_4d(Eurydice_slice serialized) {
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_4c1(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_701(coefficient);
   }
   return re;
 }
@@ -3939,7 +3941,7 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_4f2(__m256i vector) {
+decompress_ciphertext_coefficient_8e2(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3983,8 +3985,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 5
 */
-static __m256i decompress_ciphertext_coefficient_09_4c2(__m256i vector) {
-  return decompress_ciphertext_coefficient_4f2(vector);
+static __m256i decompress_ciphertext_coefficient_09_702(__m256i vector) {
+  return decompress_ciphertext_coefficient_8e2(vector);
 }
 
 /**
@@ -3994,7 +3996,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_5_67(Eurydice_slice serialized) {
+deserialize_then_decompress_5_f8(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
@@ -4003,7 +4005,7 @@ deserialize_then_decompress_5_67(Eurydice_slice serialized) {
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
     re.coefficients[i0] =
-        decompress_ciphertext_coefficient_09_4c2(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_09_702(re.coefficients[i0]);
   }
   return re;
 }
@@ -4015,8 +4017,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_3d0(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_4d(serialized);
+deserialize_then_decompress_ring_element_v_b90(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_75(serialized);
 }
 
 /**
@@ -4031,7 +4033,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-subtract_reduce_ef_07(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
+subtract_reduce_ef_da(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -4053,17 +4055,17 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_c31(
+compute_message_7d1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_d5(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_aa1(&result, &product););
-  invert_ntt_montgomery_401(&result);
-  result = subtract_reduce_ef_07(v, result);
+                      ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_4f1(&result, &product););
+  invert_ntt_montgomery_8f1(&result);
+  result = subtract_reduce_ef_da(v, result);
   return result;
 }
 
@@ -4073,12 +4075,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_6c(
+static KRML_MUSTINLINE void compress_then_serialize_message_dd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
-      __m256i coefficient = to_unsigned_field_modulus_8a(re.coefficients[i0]);
+      __m256i coefficient = to_unsigned_field_modulus_7b(re.coefficients[i0]);
       __m256i coefficient_compressed =
           libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
       uint8_t bytes[2U];
@@ -4103,18 +4105,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_981(IndCpaPrivateKeyUnpacked_a0 *secret_key,
+static void decrypt_unpacked_9d1(IndCpaPrivateKeyUnpacked_a0 *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
-  deserialize_then_decompress_u_b11(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_251(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_3d0(
+      deserialize_then_decompress_ring_element_v_b90(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_c31(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_6c(message, ret0);
+  compress_then_serialize_message_dd(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -4128,10 +4130,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_361(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-  deserialize_secret_key_cf1(secret_key, secret_as_ntt);
+  deserialize_secret_key_541(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -4141,9 +4143,9 @@ static void decrypt_361(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t ret0[32U];
-  decrypt_unpacked_981(&secret_key_unpacked, ciphertext, ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  decrypt_unpacked_9d1(&secret_key_unpacked, ciphertext, result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -4194,7 +4196,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_cd1(
+void libcrux_ml_kem_ind_cca_decapsulate_7f1(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -4212,7 +4214,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd1(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_361(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_751(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -4234,7 +4236,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd1(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
@@ -4244,17 +4246,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd1(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_681(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_b21(Eurydice_array_to_slice(
+  kdf_d8_161(Eurydice_array_to_slice(
                  (size_t)32U, implicit_rejection_shared_secret0, uint8_t),
              implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_b21(shared_secret0, shared_secret1);
+  kdf_d8_161(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_401(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4269,7 +4271,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -4283,7 +4285,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_65(ring_element);
+        deserialize_to_reduced_ring_element_dc(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -4294,19 +4296,15 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_190(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc0(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_9f(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
+  deserialize_ring_elements_reduced_53(public_key, deserialized_pk);
   memcpy(
-      result, deserialized_pk,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -4317,7 +4315,7 @@ with const generics
 - K= 4
 - OUT_LEN= 1536
 */
-static KRML_MUSTINLINE void serialize_secret_key_23(
+static KRML_MUSTINLINE void serialize_secret_key_99(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[1536U]) {
   uint8_t out[1536U] = {0U};
@@ -4335,7 +4333,7 @@ static KRML_MUSTINLINE void serialize_secret_key_23(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_09(&re, ret0);
+    serialize_uncompressed_ring_element_2c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -4350,13 +4348,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_ff(
+static KRML_MUSTINLINE void serialize_public_key_mut_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1536U, uint8_t);
   uint8_t ret[1536U];
-  serialize_secret_key_23(t_as_ntt, ret);
+  serialize_secret_key_99(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -4373,12 +4371,14 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_16(
+static KRML_MUSTINLINE void serialize_public_key_ca(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
   uint8_t public_key_serialized[1568U] = {0U};
-  serialize_public_key_mut_ff(t_as_ntt, seed_for_a, public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
+  serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized);
+  uint8_t result[1568U];
+  memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4389,15 +4389,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_db0(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
-  deserialize_ring_elements_reduced_out_190(
+  deserialize_ring_elements_reduced_out_cc0(
       Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_16(
+  serialize_public_key_ca(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
                                       uint8_t, size_t),
@@ -4427,7 +4427,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_a80(
+bool libcrux_ml_kem_ind_cca_validate_private_key_700(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
   uint8_t t[32U];
@@ -4547,7 +4547,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_6b(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_75(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -5017,7 +5017,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_68(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5027,8 +5027,6 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_68(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -5038,7 +5036,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_68(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -5061,7 +5059,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_48(
+static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
@@ -5070,18 +5068,18 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_48(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_68(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b0(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_71 lit;
+  tuple_71 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -5095,7 +5093,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_aa(
+static KRML_MUSTINLINE void add_to_ring_element_ef_4f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -5115,7 +5113,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_As_plus_e_b6(
+static KRML_MUSTINLINE void compute_As_plus_e_2d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -5142,10 +5140,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_b6(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_d5(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_aa(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_4f(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_e7(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -5158,12 +5156,12 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_a2(
+static void generate_keypair_unpacked_a4(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_01 *private_key,
     IndCpaPublicKeyUnpacked_01 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_6b(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_75(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5183,17 +5181,17 @@ static void generate_keypair_unpacked_a2(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_68(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b0(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_48(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_81(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_b6(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_2d(public_key->t_as_ntt, public_key->A,
                        private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -5214,18 +5212,18 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470(
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c();
   IndCpaPublicKeyUnpacked_01 public_key = default_8d_89();
-  generate_keypair_unpacked_a2(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_a4(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_16(
+  serialize_public_key_ca(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_23(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -5234,12 +5232,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470(
   uint8_t copy_of_public_key_serialized[1568U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair1024 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1536U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -5249,7 +5247,7 @@ with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_7b0(
+static KRML_MUSTINLINE void serialize_kem_secret_key_1f0(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
   uint8_t out[3168U] = {0U};
@@ -5305,7 +5303,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5314,13 +5312,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 =
-      generate_keypair_470(ind_cpa_keypair_randomness);
+      generate_keypair_6a0(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1536U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t));
   uint8_t public_key[1568U];
   memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
   uint8_t secret_key_serialized[3168U];
-  serialize_kem_secret_key_7b0(
+  serialize_kem_secret_key_1f0(
       Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5329,13 +5327,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
-      libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f61(
-      uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee1(
+      uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key));
 }
 
 /**
@@ -5348,7 +5346,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_6c0(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_640(Eurydice_slice randomness,
                                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5365,7 +5363,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_71
-sample_ring_element_cbd_6a(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   error_1[i] = ZERO_ef_05(););
@@ -5376,8 +5374,6 @@ sample_ring_element_cbd_6a(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -5394,12 +5390,12 @@ sample_ring_element_cbd_6a(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_71 lit;
+  tuple_71 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -5423,18 +5419,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_40(
+static KRML_MUSTINLINE void invert_ntt_montgomery_8f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_78(&zeta_i, re);
-  invert_ntt_at_layer_2_2c(&zeta_i, re);
-  invert_ntt_at_layer_3_73(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_83(re);
+  invert_ntt_at_layer_1_f7(&zeta_i, re);
+  invert_ntt_at_layer_2_98(&zeta_i, re);
+  invert_ntt_at_layer_3_fe(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -5443,14 +5439,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_vector_u_42(
+static KRML_MUSTINLINE void compute_vector_u_dd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  result[i] = ZERO_ef_05(););
+                  result0[i] = ZERO_ef_05(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -5470,12 +5466,16 @@ static KRML_MUSTINLINE void compute_vector_u_42(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_aa(&result[i1], &product);
+          ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_4f(&result0[i1], &product);
     }
-    invert_ntt_montgomery_40(&result[i1]);
-    add_error_reduce_ef_ee(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_8f(&result0[i1]);
+    add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
+  memcpy(
+      result, result0,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -5488,7 +5488,7 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_d2(
+compute_ring_element_v_77(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -5496,10 +5496,10 @@ compute_ring_element_v_d2(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_d5(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_aa(&result, &product););
-  invert_ntt_montgomery_40(&result);
-  result = add_message_error_reduce_ef_a6(error_2, message, result);
+                      ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_4f(&result, &product););
+  invert_ntt_montgomery_8f(&result);
+  result = add_message_error_reduce_ef_79(error_2, message, result);
   return result;
 }
 
@@ -5509,14 +5509,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_11_fd(
+static KRML_MUSTINLINE void compress_then_serialize_11_17(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
   uint8_t serialized[352U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_8f0(to_unsigned_representative_e5(re->coefficients[i0]));
+        compress_09_740(to_unsigned_representative_3f(re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -5534,11 +5534,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 11
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_68(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
-  uint8_t result[352U];
-  compress_then_serialize_11_fd(re, result);
-  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
+  uint8_t uu____0[352U];
+  compress_then_serialize_11_17(re, uu____0);
+  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
 }
 
 /**
@@ -5550,7 +5550,7 @@ with const generics
 - COMPRESSION_FACTOR= 11
 - BLOCK_LEN= 352
 */
-static void compress_then_serialize_u_93(
+static void compress_then_serialize_u_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -5566,7 +5566,7 @@ static void compress_then_serialize_u_93(
         out, i0 * ((size_t)1408U / (size_t)4U),
         (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
-    compress_then_serialize_ring_element_u_68(&re, ret);
+    compress_then_serialize_ring_element_u_9e(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
   }
@@ -5579,9 +5579,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  compress_then_serialize_5_fc(re, out);
+  compress_then_serialize_5_03(re, out);
 }
 
 /**
@@ -5601,7 +5601,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_ec(IndCpaPublicKeyUnpacked_01 *public_key,
+static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key,
                                 uint8_t message[32U], Eurydice_slice randomness,
                                 uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
@@ -5609,7 +5609,7 @@ static void encrypt_unpacked_ec(IndCpaPublicKeyUnpacked_01 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_48(copy_of_prf_input0, 0U);
+  tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_81(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -5619,7 +5619,7 @@ static void encrypt_unpacked_ec(IndCpaPublicKeyUnpacked_01 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_71 uu____3 =
-      sample_ring_element_cbd_6a(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_a0(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U];
   memcpy(
       error_1, uu____3.fst,
@@ -5633,25 +5633,25 @@ static void encrypt_unpacked_ec(IndCpaPublicKeyUnpacked_01 *public_key,
       sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U];
-  compute_vector_u_42(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_dd(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_6f(copy_of_message);
+      deserialize_then_decompress_message_d3(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_d2(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_77(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U];
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_93(
+  compress_then_serialize_u_42(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_7b(
+  compress_then_serialize_ring_element_v_d1(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -5674,10 +5674,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_680(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1568U]) {
   IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89();
-  deserialize_ring_elements_reduced_9f(
+  deserialize_ring_elements_reduced_53(
       Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -5691,9 +5691,9 @@ static void encrypt_680(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1568U];
-  encrypt_unpacked_ec(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
+  uint8_t result[1568U];
+  encrypt_unpacked_a4(uu____1, copy_of_message, randomness, result);
+  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -5707,7 +5707,7 @@ with const generics
 - K= 4
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE void kdf_d8_b20(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_160(Eurydice_slice shared_secret,
                                        uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5734,11 +5734,11 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_790(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_6c0(
+  entropy_preprocess_d8_640(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5748,7 +5748,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_790(
       size_t);
   uint8_t ret[32U];
   H_a9_41(Eurydice_array_to_slice(
-              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key),
+              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key),
               uint8_t),
           ret);
   Eurydice_slice_copy(
@@ -5762,19 +5762,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_790(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key), uint8_t);
+      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1568U];
-  encrypt_680(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
-      libcrux_ml_kem_types_from_01_3a(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_45(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_b20(shared_secret, shared_secret_array);
+  kdf_d8_160(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -5792,7 +5792,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_secret_key_cf0(
+static KRML_MUSTINLINE void deserialize_secret_key_540(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
@@ -5809,11 +5809,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_cf0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_6e(secret_bytes);
+        deserialize_to_uncompressed_ring_element_6c(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
   memcpy(
-      ret, secret_as_ntt,
+      result, secret_as_ntt,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+  memcpy(
+      ret, result,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -5824,8 +5828,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_18(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_39(serialized);
+deserialize_then_decompress_ring_element_u_79(Eurydice_slice serialized) {
+  return deserialize_then_decompress_11_d5(serialized);
 }
 
 /**
@@ -5834,17 +5838,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void ntt_vector_u_b1(
+static KRML_MUSTINLINE void ntt_vector_u_b7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_46(&zeta_i, re);
-  ntt_at_layer_2_53(&zeta_i, re);
-  ntt_at_layer_1_42(&zeta_i, re);
-  poly_barrett_reduce_ef_83(re);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_ba(&zeta_i, re);
+  ntt_at_layer_2_89(&zeta_i, re);
+  ntt_at_layer_1_d7(&zeta_i, re);
+  poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -5855,7 +5859,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1568
 - U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_b1(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_25(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
@@ -5878,8 +5882,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)11U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_18(u_bytes);
-    ntt_vector_u_b1(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_79(u_bytes);
+    ntt_vector_u_b7(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -5893,8 +5897,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_3d(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_67(serialized);
+deserialize_then_decompress_ring_element_v_b9(Eurydice_slice serialized) {
+  return deserialize_then_decompress_5_f8(serialized);
 }
 
 /**
@@ -5904,17 +5908,17 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_c3(
+compute_message_7d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_d5(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_aa(&result, &product););
-  invert_ntt_montgomery_40(&result);
-  result = subtract_reduce_ef_07(v, result);
+                      ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_4f(&result, &product););
+  invert_ntt_montgomery_8f(&result);
+  result = subtract_reduce_ef_da(v, result);
   return result;
 }
 
@@ -5928,18 +5932,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_unpacked_98(IndCpaPrivateKeyUnpacked_01 *secret_key,
+static void decrypt_unpacked_9d(IndCpaPrivateKeyUnpacked_01 *secret_key,
                                 uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
-  deserialize_then_decompress_u_b1(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_25(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_3d(
+      deserialize_then_decompress_ring_element_v_b9(
           Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                           (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_c3(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_6c(message, ret0);
+  compress_then_serialize_message_dd(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5953,10 +5957,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_360(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
-  deserialize_secret_key_cf0(secret_key, secret_as_ntt);
+  deserialize_secret_key_540(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -5966,9 +5970,9 @@ static void decrypt_360(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t ret0[32U];
-  decrypt_unpacked_98(&secret_key_unpacked, ciphertext, ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  decrypt_unpacked_9d(&secret_key_unpacked, ciphertext, result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -6007,7 +6011,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_cd0(
+void libcrux_ml_kem_ind_cca_decapsulate_7f0(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -6025,7 +6029,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_360(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_750(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -6047,7 +6051,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd0(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
@@ -6057,17 +6061,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_680(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_b20(Eurydice_array_to_slice(
+  kdf_d8_160(Eurydice_array_to_slice(
                  (size_t)32U, implicit_rejection_shared_secret0, uint8_t),
              implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_b20(shared_secret0, shared_secret1);
+  kdf_d8_160(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_be(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_40(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6082,7 +6086,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -6096,7 +6100,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_65(ring_element);
+        deserialize_to_reduced_ring_element_dc(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -6107,19 +6111,15 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_19(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_9f0(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
+  deserialize_ring_elements_reduced_530(public_key, deserialized_pk);
   memcpy(
-      result, deserialized_pk,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -6130,7 +6130,7 @@ with const generics
 - K= 2
 - OUT_LEN= 768
 */
-static KRML_MUSTINLINE void serialize_secret_key_230(
+static KRML_MUSTINLINE void serialize_secret_key_990(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[768U]) {
   uint8_t out[768U] = {0U};
@@ -6148,7 +6148,7 @@ static KRML_MUSTINLINE void serialize_secret_key_230(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_09(&re, ret0);
+    serialize_uncompressed_ring_element_2c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -6163,13 +6163,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_ff0(
+static KRML_MUSTINLINE void serialize_public_key_mut_6c0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)768U, uint8_t);
   uint8_t ret[768U];
-  serialize_secret_key_230(t_as_ntt, ret);
+  serialize_secret_key_990(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -6186,12 +6186,14 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_160(
+static KRML_MUSTINLINE void serialize_public_key_ca0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[800U]) {
   uint8_t public_key_serialized[800U] = {0U};
-  serialize_public_key_mut_ff0(t_as_ntt, seed_for_a, public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
+  serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized);
+  uint8_t result[800U];
+  memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
 }
 
 /**
@@ -6202,15 +6204,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_db(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
-  deserialize_ring_elements_reduced_out_19(
+  deserialize_ring_elements_reduced_out_cc(
       Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[800U];
-  serialize_public_key_160(
+  serialize_public_key_ca0(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
                                       uint8_t, size_t),
@@ -6240,7 +6242,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_a8(
+bool libcrux_ml_kem_ind_cca_validate_private_key_70(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
   uint8_t t[32U];
@@ -6346,7 +6348,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_6b0(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_750(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -6809,7 +6811,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_680(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6819,8 +6821,6 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_680(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -6830,7 +6830,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_680(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_d70(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6853,7 +6853,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_480(
+static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
@@ -6862,18 +6862,18 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_480(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_680(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b00(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_74 lit;
+  tuple_74 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -6887,7 +6887,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_aa0(
+static KRML_MUSTINLINE void add_to_ring_element_ef_4f0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -6907,7 +6907,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_As_plus_e_b60(
+static KRML_MUSTINLINE void compute_As_plus_e_2d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -6934,10 +6934,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_b60(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_d5(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_aa0(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_4f0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_e7(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6950,12 +6950,12 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static void generate_keypair_unpacked_a20(
+static void generate_keypair_unpacked_a40(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_d6 *private_key,
     IndCpaPublicKeyUnpacked_d6 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_6b0(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_750(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6975,17 +6975,17 @@ static void generate_keypair_unpacked_a20(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_680(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b00(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_480(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_810(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_b60(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_2d0(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -7006,18 +7006,18 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47(
+static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0();
   IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890();
-  generate_keypair_unpacked_a20(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_a40(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[800U];
-  serialize_public_key_160(
+  serialize_public_key_ca0(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_230(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_990(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7026,12 +7026,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47(
   uint8_t copy_of_public_key_serialized[800U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair512 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair512 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)768U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -7041,7 +7041,7 @@ with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_7b(
+static KRML_MUSTINLINE void serialize_kem_secret_key_1f(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
   uint8_t out[1632U] = {0U};
@@ -7096,7 +7096,7 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
     uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
@@ -7106,13 +7106,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd(
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 =
-      generate_keypair_47(ind_cpa_keypair_randomness);
+      generate_keypair_6a(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[768U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t));
   uint8_t public_key[800U];
   memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
   uint8_t secret_key_serialized[1632U];
-  serialize_kem_secret_key_7b(
+  serialize_kem_secret_key_1f(
       Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -7121,13 +7121,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd(
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
-      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f6(
-      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee(
+      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
 }
 
 /**
@@ -7140,7 +7140,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_6c(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7203,7 +7203,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_74
-sample_ring_element_cbd_6a0(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   error_1[i] = ZERO_ef_05(););
@@ -7214,8 +7214,6 @@ sample_ring_element_cbd_6a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -7232,12 +7230,12 @@ sample_ring_element_cbd_6a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_74 lit;
+  tuple_74 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -7261,18 +7259,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_400(
+static KRML_MUSTINLINE void invert_ntt_montgomery_8f0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_78(&zeta_i, re);
-  invert_ntt_at_layer_2_2c(&zeta_i, re);
-  invert_ntt_at_layer_3_73(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_04(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_83(re);
+  invert_ntt_at_layer_1_f7(&zeta_i, re);
+  invert_ntt_at_layer_2_98(&zeta_i, re);
+  invert_ntt_at_layer_3_fe(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -7281,14 +7279,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_vector_u_420(
+static KRML_MUSTINLINE void compute_vector_u_dd0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  result[i] = ZERO_ef_05(););
+                  result0[i] = ZERO_ef_05(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -7308,12 +7306,16 @@ static KRML_MUSTINLINE void compute_vector_u_420(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_aa0(&result[i1], &product);
+          ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_4f0(&result0[i1], &product);
     }
-    invert_ntt_montgomery_400(&result[i1]);
-    add_error_reduce_ef_ee(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_8f0(&result0[i1]);
+    add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
+  memcpy(
+      result, result0,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -7326,7 +7328,7 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_d20(
+compute_ring_element_v_770(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -7334,10 +7336,10 @@ compute_ring_element_v_d20(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_d5(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_aa0(&result, &product););
-  invert_ntt_montgomery_400(&result);
-  result = add_message_error_reduce_ef_a6(error_2, message, result);
+                      ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_4f0(&result, &product););
+  invert_ntt_montgomery_8f0(&result);
+  result = add_message_error_reduce_ef_79(error_2, message, result);
   return result;
 }
 
@@ -7350,7 +7352,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_930(
+static void compress_then_serialize_u_420(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -7366,7 +7368,7 @@ static void compress_then_serialize_u_930(
         out, i0 * ((size_t)640U / (size_t)2U),
         (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_680(&re, ret);
+    compress_then_serialize_ring_element_u_9e0(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -7389,7 +7391,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_ec0(IndCpaPublicKeyUnpacked_d6 *public_key,
+static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
@@ -7397,7 +7399,7 @@ static void encrypt_unpacked_ec0(IndCpaPublicKeyUnpacked_d6 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_480(copy_of_prf_input0, 0U);
+  tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_810(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -7407,7 +7409,7 @@ static void encrypt_unpacked_ec0(IndCpaPublicKeyUnpacked_d6 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_74 uu____3 =
-      sample_ring_element_cbd_6a0(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_a00(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U];
   memcpy(
       error_1, uu____3.fst,
@@ -7421,25 +7423,25 @@ static void encrypt_unpacked_ec0(IndCpaPublicKeyUnpacked_d6 *public_key,
       sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U];
-  compute_vector_u_420(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_dd0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_6f(copy_of_message);
+      deserialize_then_decompress_message_d3(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_d20(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_770(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U];
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_930(
+  compress_then_serialize_u_420(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_7b0(
+  compress_then_serialize_ring_element_v_d10(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -7462,10 +7464,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_68(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
                        Eurydice_slice randomness, uint8_t ret[768U]) {
   IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890();
-  deserialize_ring_elements_reduced_9f0(
+  deserialize_ring_elements_reduced_530(
       Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -7479,9 +7481,9 @@ static void encrypt_68(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[768U];
-  encrypt_unpacked_ec0(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
+  uint8_t result[768U];
+  encrypt_unpacked_a40(uu____1, copy_of_message, randomness, result);
+  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -7495,7 +7497,7 @@ with const generics
 - K= 2
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE void kdf_d8_b2(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_16(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7522,11 +7524,11 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_79(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_6c(
+  entropy_preprocess_d8_64(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -7536,7 +7538,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_79(
       size_t);
   uint8_t ret[32U];
   H_a9_410(Eurydice_array_to_slice(
-               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key),
+               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -7550,19 +7552,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_79(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key), uint8_t);
+      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[768U];
-  encrypt_68(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
-      libcrux_ml_kem_types_from_01_3a0(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_450(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_b2(shared_secret, shared_secret_array);
+  kdf_d8_16(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -7580,7 +7582,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_secret_key_cf(
+static KRML_MUSTINLINE void deserialize_secret_key_54(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
@@ -7597,11 +7599,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_cf(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_6e(secret_bytes);
+        deserialize_to_uncompressed_ring_element_6c(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
+  memcpy(
+      result, secret_as_ntt,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
-      ret, secret_as_ntt,
+      ret, result,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -7613,7 +7619,7 @@ with const generics
 - CIPHERTEXT_SIZE= 768
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_b10(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_250(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
@@ -7636,8 +7642,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_180(u_bytes);
-    ntt_vector_u_b10(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes);
+    ntt_vector_u_b70(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -7651,17 +7657,17 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_c30(
+compute_message_7d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_d5(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_aa0(&result, &product););
-  invert_ntt_montgomery_400(&result);
-  result = subtract_reduce_ef_07(v, result);
+                      ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_4f0(&result, &product););
+  invert_ntt_montgomery_8f0(&result);
+  result = subtract_reduce_ef_da(v, result);
   return result;
 }
 
@@ -7675,18 +7681,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_980(IndCpaPrivateKeyUnpacked_d6 *secret_key,
+static void decrypt_unpacked_9d0(IndCpaPrivateKeyUnpacked_d6 *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
-  deserialize_then_decompress_u_b10(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_250(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_3d0(
+      deserialize_then_decompress_ring_element_v_b90(
           Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                           (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_c30(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_6c(message, ret0);
+  compress_then_serialize_message_dd(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7700,10 +7706,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_36(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext,
                        uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
-  deserialize_secret_key_cf(secret_key, secret_as_ntt);
+  deserialize_secret_key_54(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U];
   memcpy(
@@ -7713,9 +7719,9 @@ static void decrypt_36(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t ret0[32U];
-  decrypt_unpacked_980(&secret_key_unpacked, ciphertext, ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  decrypt_unpacked_9d0(&secret_key_unpacked, ciphertext, result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7754,7 +7760,7 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_cd(
+void libcrux_ml_kem_ind_cca_decapsulate_7f(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -7772,7 +7778,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_36(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -7794,7 +7800,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
@@ -7804,16 +7810,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_cd(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_68(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_b2(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_16(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_b2(shared_secret0, shared_secret1);
+  kdf_d8_16(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_400(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 7f1adf92e..02a4b1c04 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 12ab2b9e6..25021f8c9 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -199,12 +199,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11(
   ret[21U] = r11_21.f10;
 }
 
-void libcrux_ml_kem_vector_portable_serialize_11(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[22U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -212,7 +206,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_11_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]) {
-  libcrux_ml_kem_vector_portable_serialize_11(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -305,18 +299,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
   return lit;
 }
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_11(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
 }
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
@@ -1152,9 +1141,7 @@ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
   int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 = shifted_positive_in_range >> 15U;
-  int16_t r1 = r0 & (int16_t)1;
-  return (uint8_t)r1;
+  return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1203,10 +1190,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
   int16_t t =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           vec->elements[j], zeta);
-  int16_t a_minus_t = vec->elements[i] - t;
-  int16_t a_plus_t = vec->elements[i] + t;
-  vec->elements[j] = a_minus_t;
-  vec->elements[i] = a_plus_t;
+  vec->elements[j] = vec->elements[i] - t;
+  vec->elements[i] = vec->elements[i] + t;
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1315,9 +1300,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
     int16_t zeta, size_t i, size_t j) {
   int16_t a_minus_b = vec->elements[j] - vec->elements[i];
-  int16_t a_plus_b = vec->elements[j] + vec->elements[i];
   int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
-      a_plus_b);
+      vec->elements[i] + vec->elements[j]);
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           a_minus_b, zeta);
@@ -1431,11 +1415,12 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
 KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
-    size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
-  int16_t ai = a->elements[(size_t)2U * i];
-  int16_t bi = b->elements[(size_t)2U * i];
-  int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
-  int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
+    size_t i, size_t j,
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
+  int16_t ai = a->elements[i];
+  int16_t bi = b->elements[i];
+  int16_t aj = a->elements[j];
+  int16_t bj = b->elements[j];
   int32_t ai_bi = (int32_t)ai * (int32_t)bi;
   int32_t aj_bj_ = (int32_t)aj * (int32_t)bj;
   int16_t aj_bj =
@@ -1452,10 +1437,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
           ai_bj_aj_bi);
-  int16_t _out0[16U];
-  memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t));
-  out->elements[(size_t)2U * i] = o0;
-  out->elements[(size_t)2U * i + (size_t)1U] = o1;
+  out->elements[i] = o0;
+  out->elements[j] = o1;
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1469,22 +1452,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
   int16_t nzeta3 = -zeta3;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
       libcrux_ml_kem_vector_portable_vector_type_zero();
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0,
-                                                            (size_t)0U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0,
-                                                            (size_t)1U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1,
-                                                            (size_t)2U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1,
-                                                            (size_t)3U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2,
-                                                            (size_t)4U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2,
-                                                            (size_t)5U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3,
-                                                            (size_t)6U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3,
-                                                            (size_t)7U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out);
   return out;
 }
 
@@ -1524,12 +1507,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1(
   ret[1U] = result1;
 }
 
-void libcrux_ml_kem_vector_portable_serialize_1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1537,7 +1514,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_1_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_portable_serialize_1(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1624,18 +1601,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
   return lit;
 }
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_1(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
 }
 
 KRML_MUSTINLINE uint8_t_x4
@@ -1685,12 +1657,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4(
   ret[7U] = result4_7.f3;
 }
 
-void libcrux_ml_kem_vector_portable_serialize_4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1698,7 +1664,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_4_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_portable_serialize_4(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -1768,18 +1734,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
   return lit;
 }
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_4(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
 }
 
 KRML_MUSTINLINE uint8_t_x5
@@ -1827,12 +1788,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5(
   ret[9U] = r5_9.f4;
 }
 
-void libcrux_ml_kem_vector_portable_serialize_5(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[10U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1840,7 +1795,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_5_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]) {
-  libcrux_ml_kem_vector_portable_serialize_5(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -1921,18 +1876,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
   return lit;
 }
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_5(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
 }
 
 KRML_MUSTINLINE uint8_t_x5
@@ -2006,12 +1956,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10(
   ret[19U] = r15_19.f4;
 }
 
-void libcrux_ml_kem_vector_portable_serialize_10(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2019,7 +1963,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_10_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_portable_serialize_10(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -2108,18 +2052,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
   return lit;
 }
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_10(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
 }
 
 KRML_MUSTINLINE uint8_t_x3
@@ -2187,12 +2126,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12(
   ret[23U] = r21_23.thd;
 }
 
-void libcrux_ml_kem_vector_portable_serialize_12(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2200,7 +2133,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_12_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_portable_serialize_12(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x2
@@ -2258,18 +2191,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
   return lit;
 }
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_12(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
 }
 
 KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(
@@ -2390,7 +2318,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_reduced_ring_element_60(Eurydice_slice serialized) {
+deserialize_to_reduced_ring_element_a5(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -2412,7 +2340,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -2426,7 +2354,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_60(ring_element);
+        deserialize_to_reduced_ring_element_a5(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -2437,19 +2365,15 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_531(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_ed(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
+  deserialize_ring_elements_reduced_da(public_key, deserialized_pk);
   memcpy(
-      result, deserialized_pk,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -2459,7 +2383,7 @@ with const generics
 - SHIFT_BY= 15
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_3c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -2478,8 +2402,8 @@ with const generics
 - SHIFT_BY= 15
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_0d_3e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return shift_right_3c(v);
+shift_right_0d_9d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+  return shift_right_95(v);
 }
 
 /**
@@ -2489,10 +2413,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_representative_30(
+to_unsigned_representative_7c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      shift_right_0d_3e(a);
+      shift_right_0d_9d(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
       libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -2506,10 +2430,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_field_modulus_05(
+to_unsigned_field_modulus_b0(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      to_unsigned_representative_30(a);
+      to_unsigned_representative_7c(a);
   return result;
 }
 
@@ -2519,14 +2443,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_13(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        to_unsigned_field_modulus_05(re->coefficients[i0]);
+        to_unsigned_field_modulus_b0(re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -2546,7 +2470,7 @@ with const generics
 - K= 4
 - OUT_LEN= 1536
 */
-static KRML_MUSTINLINE void serialize_secret_key_9e(
+static KRML_MUSTINLINE void serialize_secret_key_5a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[1536U]) {
   uint8_t out[1536U] = {0U};
@@ -2564,7 +2488,7 @@ static KRML_MUSTINLINE void serialize_secret_key_9e(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_13(&re, ret0);
+    serialize_uncompressed_ring_element_8b(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -2579,13 +2503,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_6c(
+static KRML_MUSTINLINE void serialize_public_key_mut_3c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1536U, uint8_t);
   uint8_t ret[1536U];
-  serialize_secret_key_9e(t_as_ntt, ret);
+  serialize_secret_key_5a(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -2602,12 +2526,14 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_fd(
+static KRML_MUSTINLINE void serialize_public_key_07(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
   uint8_t public_key_serialized[1568U] = {0U};
-  serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
+  serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized);
+  uint8_t result[1568U];
+  memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -2618,15 +2544,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
-  deserialize_ring_elements_reduced_out_661(
+  deserialize_ring_elements_reduced_out_531(
       Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_fd(
+  serialize_public_key_07(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
                                       uint8_t, size_t),
@@ -2656,7 +2582,7 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_99(
+bool libcrux_ml_kem_ind_cca_validate_private_key_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
   uint8_t t[32U];
@@ -2776,7 +2702,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_28(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_57(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -3338,7 +3264,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_5f(
+static KRML_MUSTINLINE void ntt_at_layer_7_97(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -3366,7 +3292,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-montgomery_multiply_fe_5d(
+montgomery_multiply_fe_ad(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
                                                                            fer);
@@ -3380,12 +3306,12 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    ntt_layer_int_vec_step_31(
+    ntt_layer_int_vec_step_57(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      montgomery_multiply_fe_5d(b, zeta_r);
+      montgomery_multiply_fe_ad(b, zeta_r);
   b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
   a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
   return (
@@ -3399,7 +3325,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_64(
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_bf(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3412,7 +3338,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_64(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          ntt_layer_int_vec_step_31(
+          ntt_layer_int_vec_step_57(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3429,7 +3355,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_7b(
+static KRML_MUSTINLINE void ntt_at_layer_3_d0(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3447,7 +3373,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_ea(
+static KRML_MUSTINLINE void ntt_at_layer_2_76(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3466,7 +3392,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_76(
+static KRML_MUSTINLINE void ntt_at_layer_1_5d(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3492,7 +3418,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_e7(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_17(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -3510,17 +3436,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_62(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d8(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
-  ntt_at_layer_7_5f(re);
+  ntt_at_layer_7_97(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_7b(&zeta_i, re);
-  ntt_at_layer_2_ea(&zeta_i, re);
-  ntt_at_layer_1_76(&zeta_i, re);
-  poly_barrett_reduce_ef_e7(re);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_d0(&zeta_i, re);
+  ntt_at_layer_2_76(&zeta_i, re);
+  ntt_at_layer_1_5d(&zeta_i, re);
+  poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -3532,7 +3458,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_76(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -3542,8 +3468,6 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_76(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -3553,7 +3477,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_76(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -3577,7 +3501,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_15(
+static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
@@ -3586,18 +3510,18 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_15(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_76(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b1(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_710 lit;
+  tuple_710 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -3612,7 +3536,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-ntt_multiply_ef_66(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
+ntt_multiply_ef_45(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
@@ -3644,7 +3568,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_59(
+static KRML_MUSTINLINE void add_to_ring_element_ef_5d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -3669,7 +3593,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_standard_domain_c1(
+to_standard_domain_bf(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -3686,14 +3610,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_6c(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_c1(self->coefficients[j]);
+        coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3708,7 +3632,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_As_plus_e_6a(
+static KRML_MUSTINLINE void compute_As_plus_e_c7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -3735,10 +3659,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_6a(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_66(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_59(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_5d(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_6c(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -3751,12 +3675,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_1a(
+static void generate_keypair_unpacked_e9(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_42 *private_key,
     IndCpaPublicKeyUnpacked_42 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_28(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_57(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -3776,17 +3700,17 @@ static void generate_keypair_unpacked_1a(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_76(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b1(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_15(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_6a(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_c7(public_key->t_as_ntt, public_key->A,
                        private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -3807,18 +3731,18 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081(
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9();
   IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1();
-  generate_keypair_unpacked_1a(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_e9(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_fd(
+  serialize_public_key_07(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_9e(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -3827,12 +3751,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081(
   uint8_t copy_of_public_key_serialized[1568U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair1024 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1536U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -3842,7 +3766,7 @@ with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_64(
+static KRML_MUSTINLINE void serialize_kem_secret_key_d4(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
   uint8_t out[3168U] = {0U};
@@ -3898,7 +3822,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -3907,13 +3831,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 =
-      generate_keypair_081(ind_cpa_keypair_randomness);
+      generate_keypair_501(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1536U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t));
   uint8_t public_key[1568U];
   memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
   uint8_t secret_key_serialized[3168U];
-  serialize_kem_secret_key_64(
+  serialize_kem_secret_key_d4(
       Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -3922,13 +3846,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
-      libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f61(
-      uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee1(
+      uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key));
 }
 
 /**
@@ -3941,7 +3865,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_5f(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3959,7 +3883,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_710
-sample_ring_element_cbd_22(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   error_1[i] = ZERO_ef_1b(););
@@ -3970,8 +3894,6 @@ sample_ring_element_cbd_22(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -3988,12 +3910,12 @@ sample_ring_element_cbd_22(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_710 lit;
+  tuple_710 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -4029,7 +3951,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_ed(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_08(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4050,7 +3972,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_30(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_91(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4069,7 +3991,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_2f(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_41(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4089,7 +4011,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    inv_ntt_layer_int_vec_step_reduce_2b(
+    inv_ntt_layer_int_vec_step_reduce_13(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
@@ -4097,7 +4019,7 @@ static KRML_MUSTINLINE
       libcrux_ml_kem_vector_portable_sub_0d(b, &a);
   a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
       libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = montgomery_multiply_fe_5d(a_minus_b, zeta_r);
+  b = montgomery_multiply_fe_ad(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -4109,7 +4031,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7a(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -4124,7 +4046,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7a(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_2b(
+          inv_ntt_layer_int_vec_step_reduce_13(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -4141,18 +4063,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_fa(
+static KRML_MUSTINLINE void invert_ntt_montgomery_55(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_ed(&zeta_i, re);
-  invert_ntt_at_layer_2_30(&zeta_i, re);
-  invert_ntt_at_layer_3_2f(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_e7(re);
+  invert_ntt_at_layer_1_08(&zeta_i, re);
+  invert_ntt_at_layer_2_91(&zeta_i, re);
+  invert_ntt_at_layer_3_41(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -4166,7 +4088,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_0d(
+static KRML_MUSTINLINE void add_error_reduce_ef_4d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
@@ -4190,14 +4112,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_vector_u_a3(
+static KRML_MUSTINLINE void compute_vector_u_b8(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  result[i] = ZERO_ef_1b(););
+                  result0[i] = ZERO_ef_1b(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -4217,12 +4139,16 @@ static KRML_MUSTINLINE void compute_vector_u_a3(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_59(&result[i1], &product);
+          ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_5d(&result0[i1], &product);
     }
-    invert_ntt_montgomery_fa(&result[i1]);
-    add_error_reduce_ef_0d(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_55(&result0[i1]);
+    add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
+  memcpy(
+      result, result0,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -4235,7 +4161,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_1_16(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+decompress_1_78(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
       libcrux_ml_kem_vector_portable_ZERO_0d();
   libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
@@ -4253,7 +4179,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_message_97(uint8_t serialized[32U]) {
+deserialize_then_decompress_message_e3(uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
@@ -4264,7 +4190,7 @@ deserialize_then_decompress_message_97(uint8_t serialized[32U]) {
                                               (size_t)2U * i0 + (size_t)2U,
                                               uint8_t));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-          decompress_1_16(coefficient_compressed);
+          decompress_1_78(coefficient_compressed);
       re.coefficients[i0] = uu____0;);
   return re;
 }
@@ -4281,7 +4207,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-add_message_error_reduce_ef_b4(
+add_message_error_reduce_ef_21(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
@@ -4311,7 +4237,7 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_da(
+compute_ring_element_v_1e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -4319,10 +4245,10 @@ compute_ring_element_v_da(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_66(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_59(&result, &product););
-  invert_ntt_montgomery_fa(&result);
-  result = add_message_error_reduce_ef_b4(error_2, message, result);
+                      ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_5d(&result, &product););
+  invert_ntt_montgomery_55(&result);
+  result = add_message_error_reduce_ef_21(error_2, message, result);
   return result;
 }
 
@@ -4332,7 +4258,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_de(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_61(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4353,9 +4279,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_48(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fe(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_de(a);
+  return compress_61(a);
 }
 
 /**
@@ -4364,7 +4290,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_de0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_610(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4386,8 +4312,8 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_480(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_de0(a);
+compress_0d_fe0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_610(a);
 }
 
 /**
@@ -4396,14 +4322,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_11_f3(
+static KRML_MUSTINLINE void compress_then_serialize_11_a9(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
   uint8_t serialized[352U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_480(to_unsigned_representative_30(re->coefficients[i0]));
+        compress_0d_fe0(to_unsigned_representative_7c(re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -4421,11 +4347,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 11
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_e0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b5(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
-  uint8_t result[352U];
-  compress_then_serialize_11_f3(re, result);
-  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
+  uint8_t uu____0[352U];
+  compress_then_serialize_11_a9(re, uu____0);
+  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
 }
 
 /**
@@ -4437,7 +4363,7 @@ with const generics
 - COMPRESSION_FACTOR= 11
 - BLOCK_LEN= 352
 */
-static void compress_then_serialize_u_0f(
+static void compress_then_serialize_u_cd(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -4453,7 +4379,7 @@ static void compress_then_serialize_u_0f(
         out, i0 * ((size_t)1408U / (size_t)4U),
         (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
-    compress_then_serialize_ring_element_u_e0(&re, ret);
+    compress_then_serialize_ring_element_u_b5(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
   }
@@ -4465,7 +4391,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_de1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_611(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4487,8 +4413,8 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_481(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_de1(a);
+compress_0d_fe1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_611(a);
 }
 
 /**
@@ -4497,14 +4423,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_71(
+static KRML_MUSTINLINE void compress_then_serialize_4_06(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_481(to_unsigned_field_modulus_05(re.coefficients[i0]));
+        compress_0d_fe1(to_unsigned_field_modulus_b0(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
     Eurydice_slice_copy(
@@ -4520,7 +4446,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_de2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_612(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4542,8 +4468,8 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_482(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_de2(a);
+compress_0d_fe2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_612(a);
 }
 
 /**
@@ -4552,14 +4478,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_42(
+static KRML_MUSTINLINE void compress_then_serialize_5_69(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        compress_0d_482(to_unsigned_representative_30(re.coefficients[i0]));
+        compress_0d_fe2(to_unsigned_representative_7c(re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
     Eurydice_slice_copy(
@@ -4576,9 +4502,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e3(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  compress_then_serialize_5_42(re, out);
+  compress_then_serialize_5_69(re, out);
 }
 
 /**
@@ -4599,7 +4525,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_15(IndCpaPublicKeyUnpacked_42 *public_key,
+static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key,
                                 uint8_t message[32U], Eurydice_slice randomness,
                                 uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
@@ -4607,7 +4533,7 @@ static void encrypt_unpacked_15(IndCpaPublicKeyUnpacked_42 *public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_15(copy_of_prf_input0, 0U);
+  tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -4617,7 +4543,7 @@ static void encrypt_unpacked_15(IndCpaPublicKeyUnpacked_42 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_710 uu____3 =
-      sample_ring_element_cbd_22(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_7f(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
   memcpy(
       error_1, uu____3.fst,
@@ -4631,25 +4557,25 @@ static void encrypt_unpacked_15(IndCpaPublicKeyUnpacked_42 *public_key,
       sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U];
-  compute_vector_u_a3(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_97(copy_of_message);
+      deserialize_then_decompress_message_e3(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_da(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_1e(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U];
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_0f(
+  compress_then_serialize_u_cd(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_e3(
+  compress_then_serialize_ring_element_v_cf(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -4673,10 +4599,10 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_dc1(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1568U]) {
   IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1();
-  deserialize_ring_elements_reduced_ed(
+  deserialize_ring_elements_reduced_da(
       Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -4690,9 +4616,9 @@ static void encrypt_dc1(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1568U];
-  encrypt_unpacked_15(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
+  uint8_t result[1568U];
+  encrypt_unpacked_c3(uu____1, copy_of_message, randomness, result);
+  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4706,7 +4632,7 @@ with const generics
 - K= 4
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE void kdf_d8_91(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_19(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4733,11 +4659,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_1e1(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
     libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_5f(
+  entropy_preprocess_d8_62(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -4747,7 +4673,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_1e1(
       size_t);
   uint8_t ret[32U];
   H_f1_d5(Eurydice_array_to_slice(
-              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key),
+              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key),
               uint8_t),
           ret);
   Eurydice_slice_copy(
@@ -4761,19 +4687,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_1e1(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_d1(public_key), uint8_t);
+      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1568U];
-  encrypt_dc1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_4b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
-      libcrux_ml_kem_types_from_01_3a(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_45(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_91(shared_secret, shared_secret_array);
+  kdf_d8_19(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -4792,7 +4718,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_uncompressed_ring_element_96(Eurydice_slice serialized) {
+deserialize_to_uncompressed_ring_element_07(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -4812,7 +4738,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_secret_key_631(
+static KRML_MUSTINLINE void deserialize_secret_key_121(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
@@ -4829,11 +4755,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_631(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_96(secret_bytes);
+        deserialize_to_uncompressed_ring_element_07(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
   memcpy(
-      ret, secret_as_ntt,
+      result, secret_as_ntt,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+  memcpy(
+      ret, result,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -4844,18 +4774,18 @@ const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_99(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+decompress_ciphertext_coefficient_4a(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
     decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -4869,9 +4799,9 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_f5(
+decompress_ciphertext_coefficient_0d_ea(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_99(v);
+  return decompress_ciphertext_coefficient_4a(v);
 }
 
 /**
@@ -4881,7 +4811,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_10_0d(Eurydice_slice serialized) {
+deserialize_then_decompress_10_5c(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   LowStar_Ignore_ignore(
       Eurydice_slice_len(
@@ -4898,7 +4828,7 @@ deserialize_then_decompress_10_0d(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_f5(coefficient);
+        decompress_ciphertext_coefficient_0d_ea(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4911,18 +4841,18 @@ const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_990(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+decompress_ciphertext_coefficient_4a0(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
     decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -4936,9 +4866,9 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_f50(
+decompress_ciphertext_coefficient_0d_ea0(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_990(v);
+  return decompress_ciphertext_coefficient_4a0(v);
 }
 
 /**
@@ -4948,7 +4878,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_11_eb(Eurydice_slice serialized) {
+deserialize_then_decompress_11_77(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
@@ -4958,7 +4888,7 @@ deserialize_then_decompress_11_eb(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_f50(coefficient);
+        decompress_ciphertext_coefficient_0d_ea0(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4971,8 +4901,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_91(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_eb(serialized);
+deserialize_then_decompress_ring_element_u_cd(Eurydice_slice serialized) {
+  return deserialize_then_decompress_11_77(serialized);
 }
 
 /**
@@ -4981,17 +4911,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void ntt_vector_u_1a(
+static KRML_MUSTINLINE void ntt_vector_u_2c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_7b(&zeta_i, re);
-  ntt_at_layer_2_ea(&zeta_i, re);
-  ntt_at_layer_1_76(&zeta_i, re);
-  poly_barrett_reduce_ef_e7(re);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_d0(&zeta_i, re);
+  ntt_at_layer_2_76(&zeta_i, re);
+  ntt_at_layer_1_5d(&zeta_i, re);
+  poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -5002,7 +4932,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1568
 - U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_f2(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_bb(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
@@ -5025,8 +4955,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_f2(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)11U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_91(u_bytes);
-    ntt_vector_u_1a(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd(u_bytes);
+    ntt_vector_u_2c(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -5040,18 +4970,18 @@ const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_991(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+decompress_ciphertext_coefficient_4a1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
     decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -5065,9 +4995,9 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_f51(
+decompress_ciphertext_coefficient_0d_ea1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_991(v);
+  return decompress_ciphertext_coefficient_4a1(v);
 }
 
 /**
@@ -5077,7 +5007,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_4_e9(Eurydice_slice serialized) {
+deserialize_then_decompress_4_b1(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
@@ -5087,7 +5017,7 @@ deserialize_then_decompress_4_e9(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_f51(coefficient);
+        decompress_ciphertext_coefficient_0d_ea1(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5100,18 +5030,18 @@ const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_992(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+decompress_ciphertext_coefficient_4a2(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
     decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -5125,9 +5055,9 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_f52(
+decompress_ciphertext_coefficient_0d_ea2(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_992(v);
+  return decompress_ciphertext_coefficient_4a2(v);
 }
 
 /**
@@ -5137,7 +5067,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_5_53(Eurydice_slice serialized) {
+deserialize_then_decompress_5_7b(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
@@ -5147,7 +5077,7 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) {
     re.coefficients[i0] =
         libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        decompress_ciphertext_coefficient_0d_f52(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_0d_ea2(re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
   return re;
@@ -5160,8 +5090,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_c1(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_53(serialized);
+deserialize_then_decompress_ring_element_v_ce(Eurydice_slice serialized) {
+  return deserialize_then_decompress_5_7b(serialized);
 }
 
 /**
@@ -5176,7 +5106,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-subtract_reduce_ef_c0(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
+subtract_reduce_ef_92(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -5201,17 +5131,17 @@ with const generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_ac(
+compute_message_82(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_66(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_59(&result, &product););
-  invert_ntt_montgomery_fa(&result);
-  result = subtract_reduce_ef_c0(v, result);
+                      ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_5d(&result, &product););
+  invert_ntt_montgomery_55(&result);
+  result = subtract_reduce_ef_92(v, result);
   return result;
 }
 
@@ -5221,13 +5151,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_44(
+static KRML_MUSTINLINE void compress_then_serialize_message_15(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-          to_unsigned_field_modulus_05(re.coefficients[i0]);
+          to_unsigned_field_modulus_b0(re.coefficients[i0]);
       libcrux_ml_kem_vector_portable_vector_type_PortableVector
           coefficient_compressed =
               libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
@@ -5253,18 +5183,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_unpacked_41(IndCpaPrivateKeyUnpacked_42 *secret_key,
+static void decrypt_unpacked_c9(IndCpaPrivateKeyUnpacked_42 *secret_key,
                                 uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
-  deserialize_then_decompress_u_f2(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_bb(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_c1(
+      deserialize_then_decompress_ring_element_v_ce(
           Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                           (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_ac(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_82(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_44(message, ret0);
+  compress_then_serialize_message_15(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5278,10 +5208,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_151(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
-  deserialize_secret_key_631(secret_key, secret_as_ntt);
+  deserialize_secret_key_121(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -5291,9 +5221,9 @@ static void decrypt_151(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t ret0[32U];
-  decrypt_unpacked_41(&secret_key_unpacked, ciphertext, ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  decrypt_unpacked_c9(&secret_key_unpacked, ciphertext, result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5344,7 +5274,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_2d1(
+void libcrux_ml_kem_ind_cca_decapsulate_191(
     libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5362,7 +5292,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d1(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_151(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_dc1(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -5384,7 +5314,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d1(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
@@ -5394,17 +5324,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d1(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_dc1(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_4b1(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_91(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_19(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_91(shared_secret0, shared_secret1);
+  kdf_d8_19(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_be(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_40(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5419,7 +5349,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -5433,7 +5363,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_60(ring_element);
+        deserialize_to_reduced_ring_element_a5(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -5444,19 +5374,15 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_530(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_ed0(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
+  deserialize_ring_elements_reduced_da0(public_key, deserialized_pk);
   memcpy(
-      result, deserialized_pk,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -5467,7 +5393,7 @@ with const generics
 - K= 2
 - OUT_LEN= 768
 */
-static KRML_MUSTINLINE void serialize_secret_key_9e0(
+static KRML_MUSTINLINE void serialize_secret_key_5a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[768U]) {
   uint8_t out[768U] = {0U};
@@ -5485,7 +5411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_9e0(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_13(&re, ret0);
+    serialize_uncompressed_ring_element_8b(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -5500,13 +5426,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_6c0(
+static KRML_MUSTINLINE void serialize_public_key_mut_3c0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)768U, uint8_t);
   uint8_t ret[768U];
-  serialize_secret_key_9e0(t_as_ntt, ret);
+  serialize_secret_key_5a0(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -5523,12 +5449,14 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_fd0(
+static KRML_MUSTINLINE void serialize_public_key_070(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[800U]) {
   uint8_t public_key_serialized[800U] = {0U};
-  serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
+  serialize_public_key_mut_3c0(t_as_ntt, seed_for_a, public_key_serialized);
+  uint8_t result[800U];
+  memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
 }
 
 /**
@@ -5539,15 +5467,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
-  deserialize_ring_elements_reduced_out_660(
+  deserialize_ring_elements_reduced_out_530(
       Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[800U];
-  serialize_public_key_fd0(
+  serialize_public_key_070(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
                                       uint8_t, size_t),
@@ -5577,7 +5505,7 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_ba(
+bool libcrux_ml_kem_ind_cca_validate_private_key_b4(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
   uint8_t t[32U];
@@ -5683,7 +5611,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_40(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_36(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -6133,7 +6061,7 @@ generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_760(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6143,8 +6071,6 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_760(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -6154,7 +6080,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_760(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_6b0(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6178,7 +6104,7 @@ generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_150(
+static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
@@ -6187,18 +6113,18 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_150(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_760(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b10(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_740 lit;
+  tuple_740 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -6212,7 +6138,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_590(
+static KRML_MUSTINLINE void add_to_ring_element_ef_5d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -6236,7 +6162,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_As_plus_e_6a0(
+static KRML_MUSTINLINE void compute_As_plus_e_c70(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -6263,10 +6189,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_6a0(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_66(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_590(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_5d0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_6c(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6279,12 +6205,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static void generate_keypair_unpacked_1a0(
+static void generate_keypair_unpacked_e90(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_ae *private_key,
     IndCpaPublicKeyUnpacked_ae *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_40(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_36(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6304,17 +6230,17 @@ static void generate_keypair_unpacked_1a0(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_760(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b10(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_150(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_6a0(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_c70(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -6335,18 +6261,18 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080(
+static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90();
   IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10();
-  generate_keypair_unpacked_1a0(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_e90(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[800U];
-  serialize_public_key_fd0(
+  serialize_public_key_070(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_9e0(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_5a0(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6355,12 +6281,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080(
   uint8_t copy_of_public_key_serialized[800U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair512 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair512 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)768U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -6370,7 +6296,7 @@ with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_ee(
+static KRML_MUSTINLINE void serialize_kem_secret_key_a1(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
   uint8_t out[1632U] = {0U};
@@ -6426,7 +6352,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 192
 */
 libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6435,13 +6361,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 =
-      generate_keypair_080(ind_cpa_keypair_randomness);
+      generate_keypair_500(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[768U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t));
   uint8_t public_key[800U];
   memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
   uint8_t secret_key_serialized[1632U];
-  serialize_kem_secret_key_ee(
+  serialize_kem_secret_key_a1(
       Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -6450,13 +6376,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
-      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f6(
-      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee(
+      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
 }
 
 /**
@@ -6469,7 +6395,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_53(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_89(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6519,7 +6445,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_740
-sample_ring_element_cbd_220(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   error_1[i] = ZERO_ef_1b(););
@@ -6530,8 +6456,6 @@ sample_ring_element_cbd_220(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -6548,12 +6472,12 @@ sample_ring_element_cbd_220(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_740 lit;
+  tuple_740 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -6577,18 +6501,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_fa0(
+static KRML_MUSTINLINE void invert_ntt_montgomery_550(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_ed(&zeta_i, re);
-  invert_ntt_at_layer_2_30(&zeta_i, re);
-  invert_ntt_at_layer_3_2f(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_e7(re);
+  invert_ntt_at_layer_1_08(&zeta_i, re);
+  invert_ntt_at_layer_2_91(&zeta_i, re);
+  invert_ntt_at_layer_3_41(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -6597,14 +6521,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_vector_u_a30(
+static KRML_MUSTINLINE void compute_vector_u_b80(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  result[i] = ZERO_ef_1b(););
+                  result0[i] = ZERO_ef_1b(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -6624,12 +6548,16 @@ static KRML_MUSTINLINE void compute_vector_u_a30(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_590(&result[i1], &product);
+          ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_5d0(&result0[i1], &product);
     }
-    invert_ntt_montgomery_fa0(&result[i1]);
-    add_error_reduce_ef_0d(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_550(&result0[i1]);
+    add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
+  memcpy(
+      result, result0,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -6642,7 +6570,7 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_da0(
+compute_ring_element_v_1e0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -6650,10 +6578,10 @@ compute_ring_element_v_da0(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_66(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_590(&result, &product););
-  invert_ntt_montgomery_fa0(&result);
-  result = add_message_error_reduce_ef_b4(error_2, message, result);
+                      ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_5d0(&result, &product););
+  invert_ntt_montgomery_550(&result);
+  result = add_message_error_reduce_ef_21(error_2, message, result);
   return result;
 }
 
@@ -6663,14 +6591,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_10_100(
+static KRML_MUSTINLINE void compress_then_serialize_10_470(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_48(to_unsigned_field_modulus_05(re->coefficients[i0]));
+        compress_0d_fe(to_unsigned_field_modulus_b0(re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -6690,11 +6618,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_e00(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b50(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  compress_then_serialize_10_100(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  compress_then_serialize_10_470(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -6706,7 +6634,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_0f0(
+static void compress_then_serialize_u_cd0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -6722,7 +6650,7 @@ static void compress_then_serialize_u_0f0(
         out, i0 * ((size_t)640U / (size_t)2U),
         (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_e00(&re, ret);
+    compress_then_serialize_ring_element_u_b50(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -6735,9 +6663,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e30(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  compress_then_serialize_4_71(re, out);
+  compress_then_serialize_4_06(re, out);
 }
 
 /**
@@ -6758,7 +6686,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_150(IndCpaPublicKeyUnpacked_ae *public_key,
+static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
@@ -6767,7 +6695,7 @@ static void encrypt_unpacked_150(IndCpaPublicKeyUnpacked_ae *public_key,
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_740 uu____1 =
-      sample_vector_cbd_then_ntt_out_150(copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -6777,7 +6705,7 @@ static void encrypt_unpacked_150(IndCpaPublicKeyUnpacked_ae *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_740 uu____3 =
-      sample_ring_element_cbd_220(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_7f0(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
   memcpy(
       error_1, uu____3.fst,
@@ -6791,25 +6719,25 @@ static void encrypt_unpacked_150(IndCpaPublicKeyUnpacked_ae *public_key,
       sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U];
-  compute_vector_u_a30(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_97(copy_of_message);
+      deserialize_then_decompress_message_e3(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_da0(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_1e0(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U];
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_0f0(
+  compress_then_serialize_u_cd0(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_e30(
+  compress_then_serialize_ring_element_v_cf0(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -6833,10 +6761,10 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_dc0(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[768U]) {
   IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10();
-  deserialize_ring_elements_reduced_ed0(
+  deserialize_ring_elements_reduced_da0(
       Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -6850,9 +6778,9 @@ static void encrypt_dc0(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[768U];
-  encrypt_unpacked_150(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
+  uint8_t result[768U];
+  encrypt_unpacked_c30(uu____1, copy_of_message, randomness, result);
+  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -6866,7 +6794,7 @@ with const generics
 - K= 2
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE void kdf_d8_70(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_ab(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6893,11 +6821,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_1e0(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
     libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_53(
+  entropy_preprocess_d8_89(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6907,7 +6835,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_1e0(
       size_t);
   uint8_t ret[32U];
   H_f1_d50(Eurydice_array_to_slice(
-               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key),
+               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -6921,19 +6849,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_1e0(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_d10(public_key), uint8_t);
+      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[768U];
-  encrypt_dc0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_4b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
-      libcrux_ml_kem_types_from_01_3a0(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_450(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_70(shared_secret, shared_secret_array);
+  kdf_d8_ab(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -6951,7 +6879,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_secret_key_630(
+static KRML_MUSTINLINE void deserialize_secret_key_120(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
@@ -6968,11 +6896,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_630(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_96(secret_bytes);
+        deserialize_to_uncompressed_ring_element_07(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
+  memcpy(
+      result, secret_as_ntt,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, secret_as_ntt,
+      ret, result,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -6983,8 +6915,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_910(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_0d(serialized);
+deserialize_then_decompress_ring_element_u_cd0(Eurydice_slice serialized) {
+  return deserialize_then_decompress_10_5c(serialized);
 }
 
 /**
@@ -6993,17 +6925,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void ntt_vector_u_1a0(
+static KRML_MUSTINLINE void ntt_vector_u_2c0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_7b(&zeta_i, re);
-  ntt_at_layer_2_ea(&zeta_i, re);
-  ntt_at_layer_1_76(&zeta_i, re);
-  poly_barrett_reduce_ef_e7(re);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_d0(&zeta_i, re);
+  ntt_at_layer_2_76(&zeta_i, re);
+  ntt_at_layer_1_5d(&zeta_i, re);
+  poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -7014,7 +6946,7 @@ with const generics
 - CIPHERTEXT_SIZE= 768
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_f20(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
@@ -7037,8 +6969,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_f20(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_910(u_bytes);
-    ntt_vector_u_1a0(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes);
+    ntt_vector_u_2c0(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -7052,8 +6984,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_c10(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_e9(serialized);
+deserialize_then_decompress_ring_element_v_ce0(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_b1(serialized);
 }
 
 /**
@@ -7063,17 +6995,17 @@ with const generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_ac0(
+compute_message_820(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_66(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_590(&result, &product););
-  invert_ntt_montgomery_fa0(&result);
-  result = subtract_reduce_ef_c0(v, result);
+                      ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_5d0(&result, &product););
+  invert_ntt_montgomery_550(&result);
+  result = subtract_reduce_ef_92(v, result);
   return result;
 }
 
@@ -7087,18 +7019,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_410(IndCpaPrivateKeyUnpacked_ae *secret_key,
+static void decrypt_unpacked_c90(IndCpaPrivateKeyUnpacked_ae *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
-  deserialize_then_decompress_u_f20(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_bb0(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_c10(
+      deserialize_then_decompress_ring_element_v_ce0(
           Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                           (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_ac0(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_820(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_44(message, ret0);
+  compress_then_serialize_message_15(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7112,10 +7044,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_150(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext,
                         uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
-  deserialize_secret_key_630(secret_key, secret_as_ntt);
+  deserialize_secret_key_120(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U];
   memcpy(
@@ -7125,9 +7057,9 @@ static void decrypt_150(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t ret0[32U];
-  decrypt_unpacked_410(&secret_key_unpacked, ciphertext, ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  decrypt_unpacked_c90(&secret_key_unpacked, ciphertext, result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7166,7 +7098,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_2d0(
+void libcrux_ml_kem_ind_cca_decapsulate_190(
     libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -7184,7 +7116,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_150(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_dc0(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -7206,7 +7138,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d0(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
@@ -7216,17 +7148,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_dc0(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_4b0(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_70(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_ab(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_70(shared_secret0, shared_secret1);
+  kdf_d8_ab(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_be0(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_400(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -7241,7 +7173,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -7255,7 +7187,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ed1(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_60(ring_element);
+        deserialize_to_reduced_ring_element_a5(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -7266,19 +7198,15 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_53(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_ed1(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+  deserialize_ring_elements_reduced_da1(public_key, deserialized_pk);
   memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -7289,7 +7217,7 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void serialize_secret_key_9e1(
+static KRML_MUSTINLINE void serialize_secret_key_5a1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -7307,7 +7235,7 @@ static KRML_MUSTINLINE void serialize_secret_key_9e1(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_13(&re, ret0);
+    serialize_uncompressed_ring_element_8b(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -7322,13 +7250,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_6c1(
+static KRML_MUSTINLINE void serialize_public_key_mut_3c1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  serialize_secret_key_9e1(t_as_ntt, ret);
+  serialize_secret_key_5a1(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -7345,12 +7273,14 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_fd1(
+static KRML_MUSTINLINE void serialize_public_key_071(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  serialize_public_key_mut_3c1(t_as_ntt, seed_for_a, public_key_serialized);
+  uint8_t result[1184U];
+  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -7361,15 +7291,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
-  deserialize_ring_elements_reduced_out_66(
+  deserialize_ring_elements_reduced_out_53(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_fd1(
+  serialize_public_key_071(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -7399,7 +7329,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_4e(
+bool libcrux_ml_kem_ind_cca_validate_private_key_33(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -7511,7 +7441,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_58(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -7950,7 +7880,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_761(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -7960,8 +7890,6 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_761(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -7971,7 +7899,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_761(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -7995,7 +7923,7 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_151(
+static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
@@ -8004,18 +7932,18 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_151(
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_761(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b11(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b00 lit;
+  tuple_b00 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -8029,7 +7957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_591(
+static KRML_MUSTINLINE void add_to_ring_element_ef_5d1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -8053,7 +7981,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_As_plus_e_6a1(
+static KRML_MUSTINLINE void compute_As_plus_e_c71(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -8080,10 +8008,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_6a1(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_66(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_591(&t_as_ntt[i0], &product);
+          ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_5d1(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_6c(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -8096,12 +8024,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_1a1(
+static void generate_keypair_unpacked_e91(
     Eurydice_slice key_generation_seed,
     IndCpaPrivateKeyUnpacked_f8 *private_key,
     IndCpaPublicKeyUnpacked_f8 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_58(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_d1(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8121,17 +8049,17 @@ static void generate_keypair_unpacked_1a1(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_761(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b11(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_151(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_6a1(public_key->t_as_ntt, public_key->A,
+  compute_As_plus_e_c71(public_key->t_as_ntt, public_key->A,
                         private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_00 dst;
@@ -8152,18 +8080,18 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08(
+static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50(
     Eurydice_slice key_generation_seed) {
   IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91();
   IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11();
-  generate_keypair_unpacked_1a1(key_generation_seed, &private_key, &public_key);
+  generate_keypair_unpacked_e91(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_fd1(
+  serialize_public_key_071(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_9e1(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_5a1(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -8172,12 +8100,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -8187,7 +8115,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_d8(
+static KRML_MUSTINLINE void serialize_kem_secret_key_b0(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -8243,7 +8171,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -8252,13 +8180,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      generate_keypair_08(ind_cpa_keypair_randomness);
+      generate_keypair_50(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  serialize_kem_secret_key_d8(
+  serialize_kem_secret_key_b0(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -8267,13 +8195,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f60(
-      uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee0(
+      uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key));
 }
 
 /**
@@ -8286,7 +8214,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_be(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_a9(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8304,7 +8232,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_b00
-sample_ring_element_cbd_221(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   error_1[i] = ZERO_ef_1b(););
@@ -8315,8 +8243,6 @@ sample_ring_element_cbd_221(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -8333,12 +8259,12 @@ sample_ring_element_cbd_221(uint8_t prf_input[33U], uint8_t domain_separator) {
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b00 lit;
+  tuple_b00 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -8362,18 +8288,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_fa1(
+static KRML_MUSTINLINE void invert_ntt_montgomery_551(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_ed(&zeta_i, re);
-  invert_ntt_at_layer_2_30(&zeta_i, re);
-  invert_ntt_at_layer_3_2f(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_7a(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_e7(re);
+  invert_ntt_at_layer_1_08(&zeta_i, re);
+  invert_ntt_at_layer_2_91(&zeta_i, re);
+  invert_ntt_at_layer_3_41(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -8382,14 +8308,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_vector_u_a31(
+static KRML_MUSTINLINE void compute_vector_u_b81(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  result[i] = ZERO_ef_1b(););
+                  result0[i] = ZERO_ef_1b(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -8409,12 +8335,16 @@ static KRML_MUSTINLINE void compute_vector_u_a31(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_591(&result[i1], &product);
+          ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_5d1(&result0[i1], &product);
     }
-    invert_ntt_montgomery_fa1(&result[i1]);
-    add_error_reduce_ef_0d(&result[i1], &error_1[i1]);
+    invert_ntt_montgomery_551(&result0[i1]);
+    add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
+  memcpy(
+      result, result0,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -8427,7 +8357,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_da1(
+compute_ring_element_v_1e1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -8435,10 +8365,10 @@ compute_ring_element_v_da1(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_66(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_591(&result, &product););
-  invert_ntt_montgomery_fa1(&result);
-  result = add_message_error_reduce_ef_b4(error_2, message, result);
+                      ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_5d1(&result, &product););
+  invert_ntt_montgomery_551(&result);
+  result = add_message_error_reduce_ef_21(error_2, message, result);
   return result;
 }
 
@@ -8451,7 +8381,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_0f1(
+static void compress_then_serialize_u_cd1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -8467,7 +8397,7 @@ static void compress_then_serialize_u_0f1(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_e00(&re, ret);
+    compress_then_serialize_ring_element_u_b50(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -8491,7 +8421,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_151(IndCpaPublicKeyUnpacked_f8 *public_key,
+static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness,
                                  uint8_t ret[1088U]) {
@@ -8501,7 +8431,7 @@ static void encrypt_unpacked_151(IndCpaPublicKeyUnpacked_f8 *public_key,
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_b00 uu____1 =
-      sample_vector_cbd_then_ntt_out_151(copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
@@ -8511,7 +8441,7 @@ static void encrypt_unpacked_151(IndCpaPublicKeyUnpacked_f8 *public_key,
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_b00 uu____3 =
-      sample_ring_element_cbd_221(copy_of_prf_input, domain_separator0);
+      sample_ring_element_cbd_7f1(copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   memcpy(
       error_1, uu____3.fst,
@@ -8525,25 +8455,25 @@ static void encrypt_unpacked_151(IndCpaPublicKeyUnpacked_f8 *public_key,
       sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
-  compute_vector_u_a31(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_97(copy_of_message);
+      deserialize_then_decompress_message_e3(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_da1(public_key->t_as_ntt, r_as_ntt, &error_2,
+      compute_ring_element_v_1e1(public_key->t_as_ntt, r_as_ntt, &error_2,
                                  &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_0f1(
+  compress_then_serialize_u_cd1(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_e30(
+  compress_then_serialize_ring_element_v_cf0(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -8567,10 +8497,10 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_dc(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U],
                        Eurydice_slice randomness, uint8_t ret[1088U]) {
   IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11();
-  deserialize_ring_elements_reduced_ed1(
+  deserialize_ring_elements_reduced_da1(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -8584,9 +8514,9 @@ static void encrypt_dc(Eurydice_slice public_key, uint8_t message[32U],
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  encrypt_unpacked_151(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t result[1088U];
+  encrypt_unpacked_c31(uu____1, copy_of_message, randomness, result);
+  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -8600,7 +8530,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void kdf_d8_ea(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_b7(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8627,11 +8557,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_1e(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_be(
+  entropy_preprocess_d8_a9(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -8641,7 +8571,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_1e(
       size_t);
   uint8_t ret[32U];
   H_f1_d51(Eurydice_array_to_slice(
-               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key),
+               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key),
                uint8_t),
            ret);
   Eurydice_slice_copy(
@@ -8655,19 +8585,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_1e(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d11(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  encrypt_dc(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_4b(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_3a1(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_451(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_ea(shared_secret, shared_secret_array);
+  kdf_d8_b7(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
@@ -8685,7 +8615,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_secret_key_63(
+static KRML_MUSTINLINE void deserialize_secret_key_12(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
@@ -8702,11 +8632,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_63(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_96(secret_bytes);
+        deserialize_to_uncompressed_ring_element_07(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
   memcpy(
-      ret, secret_as_ntt,
+      result, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+  memcpy(
+      ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -8718,7 +8652,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_f21(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
@@ -8741,8 +8675,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_f21(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_910(u_bytes);
-    ntt_vector_u_1a0(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes);
+    ntt_vector_u_2c0(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -8756,17 +8690,17 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_ac1(
+compute_message_821(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_66(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_591(&result, &product););
-  invert_ntt_montgomery_fa1(&result);
-  result = subtract_reduce_ef_c0(v, result);
+                      ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_5d1(&result, &product););
+  invert_ntt_montgomery_551(&result);
+  result = subtract_reduce_ef_92(v, result);
   return result;
 }
 
@@ -8780,18 +8714,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_411(IndCpaPrivateKeyUnpacked_f8 *secret_key,
+static void decrypt_unpacked_c91(IndCpaPrivateKeyUnpacked_f8 *secret_key,
                                  uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
-  deserialize_then_decompress_u_f21(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_bb1(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_c10(
+      deserialize_then_decompress_ring_element_v_ce0(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_ac1(&v, secret_key->secret_as_ntt, u_as_ntt);
+      compute_message_821(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_44(message, ret0);
+  compress_then_serialize_message_15(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -8805,10 +8739,10 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_15(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext,
                        uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-  deserialize_secret_key_63(secret_key, secret_as_ntt);
+  deserialize_secret_key_12(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -8818,9 +8752,9 @@ static void decrypt_15(Eurydice_slice secret_key, uint8_t *ciphertext,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t ret0[32U];
-  decrypt_unpacked_411(&secret_key_unpacked, ciphertext, ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  decrypt_unpacked_c91(&secret_key_unpacked, ciphertext, result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -8859,7 +8793,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_2d(
+void libcrux_ml_kem_ind_cca_decapsulate_19(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -8877,7 +8811,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_15(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_dc(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -8899,7 +8833,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
@@ -8909,16 +8843,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_dc(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_4b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_ea(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_b7(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_ea(shared_secret0, shared_secret1);
+  kdf_d8_b7(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_be1(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_401(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 61ab4ae2b..e36fc4ae2 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem_portable_H
@@ -74,10 +74,6 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_11(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[22U]);
 
-void libcrux_ml_kem_vector_portable_serialize_11(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[22U]);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -103,9 +99,6 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes);
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -428,7 +421,8 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
 void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
-    size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out);
+    size_t i, size_t j,
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector *out);
 
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
@@ -450,10 +444,6 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[2U]);
 
-void libcrux_ml_kem_vector_portable_serialize_1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[2U]);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -465,9 +455,6 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v);
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -489,10 +476,6 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[8U]);
 
-void libcrux_ml_kem_vector_portable_serialize_4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[8U]);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -507,9 +490,6 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes);
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -532,10 +512,6 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_5(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[10U]);
 
-void libcrux_ml_kem_vector_portable_serialize_5(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[10U]);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -550,9 +526,6 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes);
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -567,10 +540,6 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_10(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[20U]);
 
-void libcrux_ml_kem_vector_portable_serialize_10(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[20U]);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -585,9 +554,6 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes);
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -608,10 +574,6 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_12(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[24U]);
 
-void libcrux_ml_kem_vector_portable_serialize_12(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[24U]);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -631,9 +593,6 @@ int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes);
 
-libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a);
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 573e394f6..09a7923b5 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 401087870..49d6623c3 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index f16eb40f0..1e2e63c96 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 1a0eb4009..5b4b70a94 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index e6ff85f86..d84fc7126 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index faa5831e2..bdb6771ab 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 620e1c137..7599cb2f1 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
 Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 20077092f..c6916acab 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_core_H
@@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4
 with const generics
 - SIZE= 1088
 */
-static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_73(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_76(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return self->value;
 }
@@ -245,7 +245,7 @@ with const generics
 - SIZE= 1184
 */
 static inline libcrux_ml_kem_types_MlKemPublicKey_15
-libcrux_ml_kem_types_from_5a_45(uint8_t value[1184U]) {
+libcrux_ml_kem_types_from_5a_67(uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
   memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
@@ -279,7 +279,7 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_types_from_3a_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
+libcrux_ml_kem_types_from_3a_ee(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
                                 libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
@@ -295,7 +295,7 @@ with const generics
 - SIZE= 2400
 */
 static inline libcrux_ml_kem_types_MlKemPrivateKey_55
-libcrux_ml_kem_types_from_7f_8c(uint8_t value[2400U]) {
+libcrux_ml_kem_types_from_7f_af(uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
   memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
@@ -359,7 +359,7 @@ with const generics
 - SIZE= 1088
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
-libcrux_ml_kem_types_from_01_33(uint8_t value[1088U]) {
+libcrux_ml_kem_types_from_01_8c(uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
   memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
@@ -376,7 +376,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_d9(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_02(
     libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
   return self->value;
 }
@@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_69(
+static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 677876656..2b5ee19c2 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index f78826e2c..553bb0252 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -1319,7 +1319,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_87(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_23(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -1331,7 +1331,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_db(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1352,7 +1352,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
@@ -1370,12 +1370,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_db(
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+  memcpy(
+      result, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
-      ret, secret_as_ntt,
+      ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -1389,7 +1393,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6d(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -1401,7 +1405,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_04(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1453,9 +1457,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e0(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_04(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53(
       vector);
 }
 
@@ -1467,7 +1471,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_6a(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1483,7 +1487,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_6a(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e0(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb(
             coefficient);
   }
   return re;
@@ -1497,7 +1501,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_040(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1549,9 +1553,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e00(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_040(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530(
       vector);
 }
 
@@ -1563,7 +1567,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_ce(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1574,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ce(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e00(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0(
             coefficient);
   }
   return re;
@@ -1588,9 +1592,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e0(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6a(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s {
@@ -1605,7 +1609,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e0(
+static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(
     __m256i v, int16_t fer) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
 }
@@ -1618,9 +1622,9 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_ntt_ntt_layer_int_vec_step_e8(__m256i a, __m256i b,
+libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(__m256i a, __m256i b,
                                              int16_t zeta_r) {
-  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e0(b, zeta_r);
+  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(b, zeta_r);
   b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
   a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
@@ -1634,7 +1638,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -1647,7 +1651,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_e8(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -1665,7 +1669,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_46(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ba(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1684,7 +1688,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_89(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1704,7 +1708,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_42(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1731,7 +1735,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -1748,24 +1752,24 @@ with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_76(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_ba(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_89(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -1778,7 +1782,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
@@ -1803,9 +1807,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(
                 (size_t)10U / (size_t)8U,
         uint8_t);
     u_as_ntt[i0] =
-        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_e0(
+        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c(
             u_bytes);
-    libcrux_ml_kem_ntt_ntt_vector_u_76(&u_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_vector_u_96(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -1820,7 +1824,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_041(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1872,9 +1876,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e01(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_041(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531(
       vector);
 }
 
@@ -1886,7 +1890,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1897,7 +1901,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e01(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1(
             coefficient);
   }
   return re;
@@ -1911,7 +1915,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_042(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1963,9 +1967,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e02(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_042(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532(
       vector);
 }
 
@@ -1977,7 +1981,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_05(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1988,7 +1992,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_05(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e02(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2(
             re.coefficients[i0]);
   }
   return re;
@@ -2002,9 +2006,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ca(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized);
 }
 
 /**
@@ -2020,7 +2024,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out =
@@ -2053,7 +2057,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
   for (size_t i = (size_t)0U;
@@ -2074,7 +2078,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_cd(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2098,7 +2102,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_56(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2120,7 +2124,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2141,13 +2145,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_db(__m256i a,
+libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(__m256i a,
                                                                __m256i b,
                                                                int16_t zeta_r) {
   __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
   a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
       libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_e0(a_minus_b, zeta_r);
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2160,7 +2164,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2175,7 +2179,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_db(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2193,22 +2197,22 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_cd(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_56(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_14(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -2224,7 +2228,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_subtract_reduce_ef_dd(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_23(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
   for (size_t i = (size_t)0U;
@@ -2248,7 +2252,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_message_fc(
+libcrux_ml_kem_matrix_compute_message_ee(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
@@ -2257,12 +2261,12 @@ libcrux_ml_kem_matrix_compute_message_fc(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(&secret_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_dd(v, result);
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_23(v, result);
   return result;
 }
 
@@ -2273,7 +2277,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6b(__m256i vector) {
+libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(__m256i vector) {
   return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i);
 }
 
@@ -2287,9 +2291,9 @@ with const generics
 - SHIFT_BY= 15
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_ff(
+static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_c1(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6b(vector);
+  return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(vector);
 }
 
 /**
@@ -2300,8 +2304,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(__m256i a) {
-  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_ff(a);
+libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(__m256i a) {
+  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_c1(a);
   __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -2315,8 +2319,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(__m256i a) {
-  return libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(a);
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(__m256i a) {
+  return libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(a);
 }
 
 /**
@@ -2327,12 +2331,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_76(
+libcrux_ml_kem_serialize_compress_then_serialize_message_db(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
         re.coefficients[i0]);
     __m256i coefficient_compressed =
         libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
@@ -2359,20 +2363,20 @@ with const generics
 - V_COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8e(ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ca(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      libcrux_ml_kem_matrix_compute_message_fc(&v, secret_key->secret_as_ntt,
+      libcrux_ml_kem_matrix_compute_message_ee(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_76(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -2387,11 +2391,11 @@ with const generics
 - V_COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_6f(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key,
                                                      uint8_t *ciphertext,
                                                      uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_a9(secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -2402,10 +2406,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_6f(Eurydice_slice secret_key,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t ret0[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(&secret_key_unpacked, ciphertext,
-                                             ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(&secret_key_unpacked, ciphertext,
+                                             result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -2497,7 +2501,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d9(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -2521,7 +2525,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -2535,7 +2539,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d9(
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -3016,7 +3020,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_1b(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_f4(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -3185,7 +3189,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_69(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -3207,23 +3211,23 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_25(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_69(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_13(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_46(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_ba(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_53(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_89(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_42(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_d7(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_83(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
 }
 
 /**
@@ -3236,7 +3240,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -3246,8 +3250,6 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -3260,7 +3262,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
     re_as_ntt[i0] =
         libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_25(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -3275,7 +3277,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3284,19 +3286,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
-  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
+  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
       uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b00 lit;
+  tuple_b00 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -3309,7 +3311,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_22(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_92(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -3323,7 +3325,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_88(uint8_t prf_input[33U],
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3336,8 +3338,6 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_88(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -3357,12 +3357,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_88(uint8_t prf_input[33U],
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b00 lit;
+  tuple_b00 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -3403,7 +3403,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_vector_u_closure_fe(size_t _i) {
+libcrux_ml_kem_matrix_compute_vector_u_closure_c6(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -3419,7 +3419,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_03(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
@@ -3441,14 +3441,14 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
   }
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
@@ -3469,13 +3469,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(a_element, &r_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&result[i1],
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result0[i1],
                                                           &product);
     }
-    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_03(&result[i1], &error_1[i1]);
+    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(&result0[i1],
+                                                     &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+  memcpy(
+      result, result0,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -3488,7 +3493,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_22(
+static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_06(
     __m256i vec) {
   __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
   __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
@@ -3504,7 +3509,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_50(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
     uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
       libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -3515,7 +3520,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_50(
             Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                         (size_t)2U * i0 + (size_t)2U, uint8_t));
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_traits_decompress_1_22(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_06(coefficient_compressed);
   }
   return re;
 }
@@ -3533,7 +3538,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_9e(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
@@ -3561,7 +3566,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_ring_element_v_c3(
+libcrux_ml_kem_matrix_compute_ring_element_v_5b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -3571,12 +3576,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_c3(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(&t_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_9e(
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result);
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81(
       error_2, message, result);
   return result;
 }
@@ -3589,7 +3594,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d6(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3644,9 +3649,9 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d6(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f(
       vector);
 }
 
@@ -3658,14 +3663,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_36(
+libcrux_ml_kem_serialize_compress_then_serialize_10_34(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_fc(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
             re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
@@ -3687,7 +3692,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d60(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3742,9 +3747,9 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc0(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e0(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d60(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0(
       vector);
 }
 
@@ -3756,14 +3761,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_aa(
+libcrux_ml_kem_serialize_compress_then_serialize_11_47(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_fc0(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e0(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(
             re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
@@ -3784,11 +3789,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_36(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_34(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3801,7 +3806,7 @@ with const generics
 - BLOCK_LEN= 320
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5(
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -3817,7 +3822,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25(&re,
+    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(&re,
                                                                        ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -3832,7 +3837,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d61(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3887,9 +3892,9 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc1(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e1(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d61(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1(
       vector);
 }
 
@@ -3901,14 +3906,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_25(
+libcrux_ml_kem_serialize_compress_then_serialize_4_c3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_fc1(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e1(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
             re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
@@ -3927,7 +3932,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d62(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3982,9 +3987,9 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_fc2(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e2(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d62(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2(
       vector);
 }
 
@@ -4002,8 +4007,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_de(
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_fc2(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_e5(
+    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_3e2(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(
             re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
@@ -4023,9 +4028,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2a(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_25(re, out);
+  libcrux_ml_kem_serialize_compress_then_serialize_4_c3(re, out);
 }
 
 /**
@@ -4046,7 +4051,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
@@ -4054,7 +4059,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
+  tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
       copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
   memcpy(
@@ -4064,7 +4069,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_88(
+  tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(
       copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
   memcpy(
@@ -4079,27 +4084,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_59(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_43(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_50(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
           copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      libcrux_ml_kem_matrix_compute_ring_element_v_c3(
+      libcrux_ml_kem_matrix_compute_ring_element_v_5b(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c5(
+  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2a(
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -4123,13 +4128,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_cf(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key,
                                                      uint8_t message[32U],
                                                      Eurydice_slice randomness,
                                                      uint8_t ret[1088U]) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
       unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -4144,10 +4149,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cf(Eurydice_slice public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(uu____1, copy_of_message,
-                                             randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t result[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message,
+                                             randomness, result);
+  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -4162,7 +4167,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b2(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_16(
     Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
@@ -4194,7 +4199,7 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1b(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -4212,7 +4217,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1b(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_6f(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -4236,7 +4241,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1b(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -4247,18 +4252,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1b(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_d8_b2(
+  libcrux_ml_kem_variant_kdf_d8_16(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_b2(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_d8_16(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4288,10 +4293,10 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7f(
+static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_1b(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret);
 }
 
 /**
@@ -4305,7 +4310,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_7f(private_key,
+  libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(private_key,
                                                             ciphertext, ret);
 }
 
@@ -4320,7 +4325,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_6c(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_64(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4363,11 +4368,11 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_d8_6c(
+  libcrux_ml_kem_variant_entropy_preprocess_d8_64(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -4378,7 +4383,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -4393,20 +4398,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_d8_b2(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_d8_16(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -4438,14 +4443,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_00(
+libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_cf(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness);
 }
 
 /**
@@ -4463,7 +4468,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_00(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
       uu____0, copy_of_randomness);
 }
 
@@ -4499,7 +4504,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_6b(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -4522,7 +4527,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bb(
+static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_79(
     __m256i v) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -4541,14 +4546,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_e7(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_traits_to_standard_domain_bb(
+        libcrux_ml_kem_vector_traits_to_standard_domain_79(
             self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
@@ -4563,7 +4568,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_b6(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -4591,12 +4596,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_b6(
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_d5(matrix_element,
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(matrix_element,
                                                        &s_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_aa(&t_as_ntt[i0],
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_e7(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -4611,12 +4616,12 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_6b(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -4636,7 +4641,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -4644,11 +4649,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_matrix_compute_As_plus_e_b6(
+  libcrux_ml_kem_matrix_compute_As_plus_e_2d(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -4666,13 +4671,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_09(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_8a(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
         re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
@@ -4694,7 +4699,7 @@ with const generics
 - OUT_LEN= 1152
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_23(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -4712,7 +4717,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_23(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_09(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -4728,13 +4733,13 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ff(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_23(t_as_ntt, ret);
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_99(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -4752,13 +4757,15 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_16(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ff(t_as_ntt, seed_for_a,
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a,
                                                      public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  uint8_t result[1184U];
+  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -4775,20 +4782,20 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) {
+libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_23(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -4798,12 +4805,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) {
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -4814,7 +4821,7 @@ with const generics
 - SERIALIZED_KEY_LEN= 2400
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -4871,7 +4878,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -4880,13 +4887,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_47(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_6a(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -4895,13 +4902,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f6(
-      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee(
+      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
 }
 
 /**
@@ -4917,12 +4924,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_91(
+libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness);
 }
 
 /**
@@ -4934,7 +4941,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_91(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20(
       copy_of_randomness);
 }
 
@@ -4950,7 +4957,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_45(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5(
     Eurydice_slice shared_secret,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t kdf_input[64U];
@@ -4961,7 +4968,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_45(
   uint8_t ret0[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1088U,
-                              libcrux_ml_kem_types_as_slice_d4_73(ciphertext),
+                              libcrux_ml_kem_types_as_slice_d4_76(ciphertext),
                               uint8_t),
       ret0);
   Eurydice_slice_copy(
@@ -4995,7 +5002,7 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1b0(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5013,7 +5020,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1b0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_6f(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5037,7 +5044,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1b0(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -5048,18 +5055,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1b0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_33_45(
+  libcrux_ml_kem_variant_kdf_33_f5(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_45(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_33_f5(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5093,10 +5100,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_5c(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_1b0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret);
 }
 
 /**
@@ -5110,7 +5117,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_5c(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
       private_key, ciphertext, ret);
 }
 
@@ -5125,7 +5132,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_bf(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_e7(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret);
 }
@@ -5150,11 +5157,11 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf0(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_33_bf(
+  libcrux_ml_kem_variant_entropy_preprocess_33_e7(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5165,7 +5172,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf0(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -5180,20 +5187,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cf0(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_cf(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_33_45(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_33_f5(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5228,14 +5235,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_cf0(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness);
 }
 
 /**
@@ -5253,7 +5260,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
       uu____0, copy_of_randomness);
 }
 
@@ -5268,7 +5275,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_c2(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret);
 }
@@ -5283,12 +5290,12 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a20(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_c2(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5308,7 +5315,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a20(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_68(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -5316,11 +5323,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a20(
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_48(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_matrix_compute_As_plus_e_b6(
+  libcrux_ml_kem_matrix_compute_As_plus_e_2d(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -5344,21 +5351,21 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_470(
+libcrux_ml_kem_ind_cpa_generate_keypair_6a0(
     Eurydice_slice key_generation_seed) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a20(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_23(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5368,12 +5375,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_470(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -5391,7 +5398,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5400,13 +5407,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_470(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_6a0(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5415,13 +5422,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f6(
-      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee(
+      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
 }
 
 /**
@@ -5438,12 +5445,12 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness);
 }
 
 /**
@@ -5455,7 +5462,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_47(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74(
       copy_of_randomness);
 }
 
@@ -5468,7 +5475,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_7e(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3a(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -5494,10 +5501,10 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ac(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_7e(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key,
                                                         ciphertext);
 }
 
@@ -5510,7 +5517,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ac(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
       private_key, ciphertext);
 }
 
@@ -5522,7 +5529,7 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_c0(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_4b(
     size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
@@ -5535,21 +5542,17 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_17(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
   }
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
       public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
 }
 
@@ -5562,16 +5565,16 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7d(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c0(
     uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_17(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -5590,9 +5593,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a2(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
     uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_7d(public_key);
+  return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key);
 }
 
 /**
@@ -5603,7 +5606,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a2(
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a2(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
       public_key->value);
 }
 
@@ -5629,11 +5632,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_e0(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_2a(
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(
       &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5663,7 +5666,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_e0(
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -5675,11 +5678,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_e0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+          libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -5716,10 +5719,10 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_03(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_decapsulate_e0(key_pair, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret);
 }
 
 /**
@@ -5733,7 +5736,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_03(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8(
       private_key, ciphertext, ret);
 }
 
@@ -5756,7 +5759,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_98(
+static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
   uint8_t to_hash[64U];
@@ -5784,7 +5787,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_98(
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_b4(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness,
                                              pseudorandomness, ciphertext);
   uint8_t shared_secret_array[32U] = {0U};
   Eurydice_slice_copy(
@@ -5794,7 +5797,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_98(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -5828,7 +5831,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cf(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
@@ -5836,7 +5839,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cf(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_98(uu____0,
+  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(uu____0,
                                                         copy_of_randomness);
 }
 
@@ -5857,7 +5860,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cf(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
       uu____0, copy_of_randomness);
 }
 
@@ -5877,7 +5880,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_d8(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_59(size_t _j) {
   return libcrux_ml_kem_polynomial_ZERO_ef_05();
 }
 
@@ -5896,7 +5899,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_b6(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -5916,7 +5919,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_clone_8d_35(
+libcrux_ml_kem_polynomial_clone_8d_ae(
     libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit;
   __m256i ret[16U];
@@ -5943,7 +5946,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_c0(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -5953,19 +5956,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_c0(
       (size_t)64U, randomness,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a2(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_b6(i, A[i]);
+    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(i, A[i]);
   }
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
     for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_35(
+          libcrux_ml_kem_polynomial_clone_8d_ae(
               &out->public_key.ind_cpa_public_key.A[j][i1]);
       A[i1][j] = uu____0;
     }
@@ -5978,7 +5981,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_c0(
          (size_t)3U *
              sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]));
   uint8_t pk_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_16(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
       out->public_key.ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice(
           (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
@@ -6014,13 +6017,13 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b3(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_c0(copy_of_randomness, out);
+  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(copy_of_randomness, out);
 }
 
 /**
@@ -6033,7 +6036,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b3(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7(
       copy_of_randomness, key_pair);
 }
 
@@ -6050,7 +6053,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_default_1c_c3(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_1c_9e(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
   lit.public_key_hash[0U] = 0U;
@@ -6102,7 +6105,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_0d(void) {
+    libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0;
   uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
   uu____0.implicit_rejection_value[0U] = 0U;
@@ -6140,7 +6143,7 @@ static KRML_MUSTINLINE
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){
           .private_key = uu____0,
-          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_c3()});
+          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_9e()});
 }
 
 /**
@@ -6149,7 +6152,7 @@ static KRML_MUSTINLINE
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_0d();
+  return libcrux_ml_kem_ind_cca_unpacked_default_07_e2();
 }
 
 /**
@@ -6158,7 +6161,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_c3();
+  return libcrux_ml_kem_ind_cca_unpacked_default_1c_9e();
 }
 
 /**
@@ -6179,10 +6182,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_32(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ff(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
       self->ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
                               uint8_t),
@@ -6207,10 +6210,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_19(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_32(
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(
       &self->public_key, serialized);
 }
 
@@ -6222,7 +6225,7 @@ static inline void
 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_19(key_pair,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(key_pair,
                                                                   serialized);
 }
 
@@ -6239,7 +6242,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d3(
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
@@ -6276,11 +6279,11 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_clone_28_35(
+libcrux_ml_kem_ind_cca_unpacked_clone_28_24(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_d3(&self->ind_cpa_public_key);
+      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(&self->ind_cpa_public_key);
   uint8_t ret[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -6304,7 +6307,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_d5(
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -6317,8 +6320,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_35(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_d5(key_pair));
+      libcrux_ml_kem_ind_cca_unpacked_clone_28_24(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -6329,7 +6332,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_32(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(public_key,
                                                                   serialized);
 }
 
@@ -6347,13 +6350,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_e7(
+libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
       (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ba(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
       uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
   uint8_t uu____1[32U];
   libcrux_ml_kem_utils_into_padded_array_423(
@@ -6373,7 +6376,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_e7(
   uint8_t uu____3[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_41(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
                               uint8_t),
       uu____3);
   memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -6394,11 +6397,11 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_02(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_e7(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(public_key,
                                                        unpacked_public_key);
 }
 
@@ -6410,7 +6413,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_02(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
       public_key, unpacked_public_key);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
index 6a6aba124..a99ed2625 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_avx2_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 3cc9d5fa2..2d7b89018 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -250,12 +250,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11(
   ret[21U] = r11_21.f10;
 }
 
-static inline void libcrux_ml_kem_vector_portable_serialize_11(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[22U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -263,7 +257,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_11_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]) {
-  libcrux_ml_kem_vector_portable_serialize_11(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
 }
 
 typedef struct int16_t_x8_s {
@@ -367,18 +361,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
   return lit;
 }
 
-static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_11(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
 }
 
 static KRML_MUSTINLINE void
@@ -1232,9 +1221,7 @@ libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
   int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 = shifted_positive_in_range >> 15U;
-  int16_t r1 = r0 & (int16_t)1;
-  return (uint8_t)r1;
+  return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1284,10 +1271,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
   int16_t t =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           vec->elements[j], zeta);
-  int16_t a_minus_t = vec->elements[i] - t;
-  int16_t a_plus_t = vec->elements[i] + t;
-  vec->elements[j] = a_minus_t;
-  vec->elements[i] = a_plus_t;
+  vec->elements[j] = vec->elements[i] - t;
+  vec->elements[i] = vec->elements[i] + t;
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1396,9 +1381,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
     int16_t zeta, size_t i, size_t j) {
   int16_t a_minus_b = vec->elements[j] - vec->elements[i];
-  int16_t a_plus_b = vec->elements[j] + vec->elements[i];
   int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
-      a_plus_b);
+      vec->elements[i] + vec->elements[j]);
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           a_minus_b, zeta);
@@ -1513,11 +1497,12 @@ static KRML_MUSTINLINE void
 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
-    size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
-  int16_t ai = a->elements[(size_t)2U * i];
-  int16_t bi = b->elements[(size_t)2U * i];
-  int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
-  int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
+    size_t i, size_t j,
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
+  int16_t ai = a->elements[i];
+  int16_t bi = b->elements[i];
+  int16_t aj = a->elements[j];
+  int16_t bj = b->elements[j];
   int32_t ai_bi = (int32_t)ai * (int32_t)bi;
   int32_t aj_bj_ = (int32_t)aj * (int32_t)bj;
   int16_t aj_bj =
@@ -1534,10 +1519,8 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
           ai_bj_aj_bi);
-  int16_t _out0[16U];
-  memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t));
-  out->elements[(size_t)2U * i] = o0;
-  out->elements[(size_t)2U * i + (size_t)1U] = o1;
+  out->elements[i] = o0;
+  out->elements[j] = o1;
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1551,22 +1534,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
   int16_t nzeta3 = -zeta3;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
       libcrux_ml_kem_vector_portable_vector_type_zero();
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0,
-                                                            (size_t)0U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0,
-                                                            (size_t)1U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1,
-                                                            (size_t)2U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1,
-                                                            (size_t)3U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2,
-                                                            (size_t)4U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2,
-                                                            (size_t)5U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3,
-                                                            (size_t)6U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3,
-                                                            (size_t)7U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
+      lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out);
   return out;
 }
 
@@ -1607,12 +1590,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_1(
   ret[1U] = result1;
 }
 
-static inline void libcrux_ml_kem_vector_portable_serialize_1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1620,7 +1597,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_1_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_portable_serialize_1(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1707,18 +1684,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
   return lit;
 }
 
-static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_1(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
 }
 
 typedef struct uint8_t_x4_s {
@@ -1776,12 +1748,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4(
   ret[7U] = result4_7.f3;
 }
 
-static inline void libcrux_ml_kem_vector_portable_serialize_4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1789,7 +1755,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_4_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_portable_serialize_4(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
 }
 
 static KRML_MUSTINLINE int16_t_x8
@@ -1859,18 +1825,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
   return lit;
 }
 
-static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_4(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
 }
 
 typedef struct uint8_t_x5_s {
@@ -1927,12 +1888,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5(
   ret[9U] = r5_9.f4;
 }
 
-static inline void libcrux_ml_kem_vector_portable_serialize_5(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[10U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1940,7 +1895,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_5_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]) {
-  libcrux_ml_kem_vector_portable_serialize_5(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
 }
 
 static KRML_MUSTINLINE int16_t_x8
@@ -2021,18 +1976,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
   return lit;
 }
 
-static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_5(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
 }
 
 static KRML_MUSTINLINE uint8_t_x5
@@ -2107,12 +2057,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10(
   ret[19U] = r15_19.f4;
 }
 
-static inline void libcrux_ml_kem_vector_portable_serialize_10(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2120,7 +2064,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_10_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_portable_serialize_10(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
 }
 
 static KRML_MUSTINLINE int16_t_x8
@@ -2209,18 +2153,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
   return lit;
 }
 
-static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_10(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
 }
 
 typedef struct uint8_t_x3_s {
@@ -2295,12 +2234,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12(
   ret[23U] = r21_23.thd;
 }
 
-static inline void libcrux_ml_kem_vector_portable_serialize_12(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
-    uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2308,7 +2241,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_12_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_portable_serialize_12(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
 }
 
 typedef struct int16_t_x2_s {
@@ -2371,18 +2304,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
   return lit;
 }
 
-static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
-}
-
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_deserialize_12(a);
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
 }
 
 static KRML_MUSTINLINE size_t
@@ -2558,7 +2486,7 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_e3(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_57(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -2569,7 +2497,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2b(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2591,7 +2519,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_66(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
     Eurydice_slice secret_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
@@ -2609,12 +2537,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_66(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2b(
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
   memcpy(
-      ret, secret_as_ntt,
+      result, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+  memcpy(
+      ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -2627,7 +2559,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - U_COMPRESSION_FACTOR= 10
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3c(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -2638,18 +2570,18 @@ const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_99(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
     decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -2663,9 +2595,9 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f5(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_99(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a(
       v);
 }
 
@@ -2676,7 +2608,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_3b(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2695,7 +2627,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_3b(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f5(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2709,18 +2641,18 @@ const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_990(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
     decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -2734,9 +2666,9 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f50(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_990(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0(
       v);
 }
 
@@ -2747,7 +2679,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_0b(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2759,7 +2691,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_0b(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f50(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2773,9 +2705,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_19(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3b(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
@@ -2790,7 +2722,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5d(
+libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
                                                                            fer);
@@ -2804,12 +2736,12 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_31(
+    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5d(b, zeta_r);
+      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(b, zeta_r);
   b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
   a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
   return (
@@ -2823,7 +2755,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2836,7 +2768,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_31(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -2853,7 +2785,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_7b(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d0(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2873,7 +2805,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_76(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2894,7 +2826,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_76(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_5d(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2922,7 +2854,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2940,24 +2872,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_04(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_7b(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_d0(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_76(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_76(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_5d(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -2969,7 +2901,7 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(
     uint8_t *ciphertext,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
@@ -2994,9 +2926,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(
                 (size_t)10U / (size_t)8U,
         uint8_t);
     u_as_ntt[i0] =
-        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_19(
+        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9(
             u_bytes);
-    libcrux_ml_kem_ntt_ntt_vector_u_04(&u_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_vector_u_62(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
@@ -3010,18 +2942,18 @@ const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_991(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
     decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -3035,9 +2967,9 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f51(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_991(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1(
       v);
 }
 
@@ -3048,7 +2980,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3060,7 +2992,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f51(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -3074,18 +3006,18 @@ const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_992(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)a.elements[i0] *
+    int32_t decompressed = (int32_t)v.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
     decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
-    a.elements[i0] = (int16_t)decompressed;
+    v.elements[i0] = (int16_t)decompressed;
   }
-  return a;
+  return v;
 }
 
 /**
@@ -3099,9 +3031,9 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f52(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_992(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2(
       v);
 }
 
@@ -3112,7 +3044,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_df(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3124,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8(
     re.coefficients[i0] =
         libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f52(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2(
             re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
@@ -3138,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e4(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b6(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(serialized);
 }
 
 /**
@@ -3155,7 +3087,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_ntt_multiply_ef_66(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_45(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out =
@@ -3189,7 +3121,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
   for (size_t i = (size_t)0U;
@@ -3213,7 +3145,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f7(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3236,7 +3168,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d5(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3257,7 +3189,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_60(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3279,7 +3211,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_c4(
+    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
@@ -3287,7 +3219,7 @@ static KRML_MUSTINLINE
       libcrux_ml_kem_vector_portable_sub_0d(b, &a);
   a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
       libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5d(a_minus_b, zeta_r);
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -3300,7 +3232,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3315,7 +3247,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_c4(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3332,22 +3264,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d5(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_60(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1d(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -3362,7 +3294,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_subtract_reduce_ef_15(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
   for (size_t i = (size_t)0U;
@@ -3388,7 +3320,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_message_95(
+libcrux_ml_kem_matrix_compute_message_d5(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
@@ -3397,12 +3329,12 @@ libcrux_ml_kem_matrix_compute_message_95(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_66(&secret_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_15(v, result);
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result);
   return result;
 }
 
@@ -3412,7 +3344,7 @@ with const generics
 - SHIFT_BY= 15
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c(
+libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -3432,9 +3364,9 @@ with const generics
 - SHIFT_BY= 15
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_shift_right_0d_3e(
+libcrux_ml_kem_vector_portable_shift_right_0d_9d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c(v);
+  return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v);
 }
 
 /**
@@ -3444,10 +3376,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_unsigned_representative_30(
+libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_portable_shift_right_0d_3e(a);
+      libcrux_ml_kem_vector_portable_shift_right_0d_9d(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
       libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -3461,10 +3393,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      libcrux_ml_kem_vector_traits_to_unsigned_representative_30(a);
+      libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(a);
   return result;
 }
 
@@ -3475,13 +3407,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_8c(
+libcrux_ml_kem_serialize_compress_then_serialize_message_b1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
             re.coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_compressed =
@@ -3509,20 +3441,20 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_46(
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e4(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      libcrux_ml_kem_matrix_compute_message_95(&v, secret_key->secret_as_ntt,
+      libcrux_ml_kem_matrix_compute_message_d5(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_8c(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_b1(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -3536,11 +3468,11 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static inline void libcrux_ml_kem_ind_cpa_decrypt_66(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key,
                                                      uint8_t *ciphertext,
                                                      uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_66(secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -3551,10 +3483,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_66(Eurydice_slice secret_key,
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t ret0[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_46(&secret_key_unpacked, ciphertext,
-                                             ret0);
-  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
+  uint8_t result[32U];
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext,
+                                             result);
+  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -3641,7 +3573,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f3(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3666,7 +3598,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
   for (size_t i = (size_t)0U;
@@ -3680,7 +3612,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_f3(
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -4151,7 +4083,7 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_ba(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_55(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -4298,7 +4230,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_5f(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_97(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
@@ -4321,23 +4253,23 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_62(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_5f(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_97(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_64(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_7b(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_d0(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_ea(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_76(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_76(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_5d(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_e7(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
 }
 
 /**
@@ -4350,7 +4282,7 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -4360,8 +4292,6 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -4374,7 +4304,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
     re_as_ntt[i0] =
         libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_62(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -4389,7 +4319,7 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4398,19 +4328,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
-  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
+  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
       uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b0 lit;
+  tuple_b0 result;
   memcpy(
-      lit.fst, copy_of_re_as_ntt,
+      result.fst, copy_of_re_as_ntt,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -4423,7 +4353,7 @@ generics
 - ETA2= 2
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2b(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b7(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -4437,7 +4367,7 @@ generics
 - ETA2= 2
 */
 static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6f(uint8_t prf_input[33U],
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4450,8 +4380,6 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6f(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
@@ -4471,12 +4399,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6f(uint8_t prf_input[33U],
   memcpy(
       copy_of_error_1, error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b0 lit;
+  tuple_b0 result;
   memcpy(
-      lit.fst, copy_of_error_1,
+      result.fst, copy_of_error_1,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  lit.snd = domain_separator;
-  return lit;
+  result.snd = domain_separator;
+  return result;
 }
 
 /**
@@ -4514,7 +4442,7 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_vector_u_closure_7e(size_t _i) {
+libcrux_ml_kem_matrix_compute_vector_u_closure_a1(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -4529,7 +4457,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_1a(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
@@ -4553,14 +4481,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5e(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
   }
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
@@ -4581,13 +4509,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5e(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_66(a_element, &r_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&result[i1],
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result0[i1],
                                                           &product);
     }
-    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_1a(&result[i1], &error_1[i1]);
+    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result0[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(&result0[i1],
+                                                     &error_1[i1]);
   }
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
+  memcpy(
+      result, result0,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -4600,7 +4533,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_decompress_1_8d(
+libcrux_ml_kem_vector_traits_decompress_1_d4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
       libcrux_ml_kem_vector_portable_ZERO_0d();
@@ -4619,7 +4552,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_f2(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
     uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
       libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -4632,7 +4565,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f2(
                                             (size_t)2U * i0 + (size_t)2U,
                                             uint8_t));
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_traits_decompress_1_8d(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_d4(coefficient_compressed);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4650,7 +4583,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_01(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
@@ -4680,7 +4613,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_ring_element_v_63(
+libcrux_ml_kem_matrix_compute_ring_element_v_c6(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -4690,12 +4623,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_63(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_66(&t_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_01(
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result);
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf(
       error_2, message, result);
   return result;
 }
@@ -4706,7 +4639,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_de(
+libcrux_ml_kem_vector_portable_compress_compress_61(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4729,9 +4662,9 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_48(
+libcrux_ml_kem_vector_portable_compress_0d_fe(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_de(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_61(a);
 }
 
 /**
@@ -4741,15 +4674,15 @@ with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_22(
+libcrux_ml_kem_serialize_compress_then_serialize_10_9d(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_48(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
+        libcrux_ml_kem_vector_portable_compress_0d_fe(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
                 re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
@@ -4769,7 +4702,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_de0(
+libcrux_ml_kem_vector_portable_compress_compress_610(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4792,9 +4725,9 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_480(
+libcrux_ml_kem_vector_portable_compress_0d_fe0(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_de0(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_610(a);
 }
 
 /**
@@ -4804,15 +4737,15 @@ with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_ca(
+libcrux_ml_kem_serialize_compress_then_serialize_11_63(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_480(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_30(
+        libcrux_ml_kem_vector_portable_compress_0d_fe0(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
                 re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
@@ -4832,11 +4765,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cb(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_22(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_9d(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -4848,7 +4781,7 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f9(
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
@@ -4864,7 +4797,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f9(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cb(&re,
+    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(&re,
                                                                        ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -4877,7 +4810,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_de1(
+libcrux_ml_kem_vector_portable_compress_compress_611(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4900,9 +4833,9 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_481(
+libcrux_ml_kem_vector_portable_compress_0d_fe1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_de1(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_611(a);
 }
 
 /**
@@ -4912,15 +4845,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_20(
+libcrux_ml_kem_serialize_compress_then_serialize_4_32(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_481(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
+        libcrux_ml_kem_vector_portable_compress_0d_fe1(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
                 re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
@@ -4937,7 +4870,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_de2(
+libcrux_ml_kem_vector_portable_compress_compress_612(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4960,9 +4893,9 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_482(
+libcrux_ml_kem_vector_portable_compress_0d_fe2(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_de2(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_612(a);
 }
 
 /**
@@ -4972,15 +4905,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_6d(
+libcrux_ml_kem_serialize_compress_then_serialize_5_14(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        libcrux_ml_kem_vector_portable_compress_0d_482(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_30(
+        libcrux_ml_kem_vector_portable_compress_0d_fe2(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
                 re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
@@ -4999,9 +4932,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - OUT_LEN= 128
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_cf(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_20(re, out);
+  libcrux_ml_kem_serialize_compress_then_serialize_4_32(re, out);
 }
 
 /**
@@ -5022,7 +4955,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
@@ -5030,7 +4963,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
+  tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
       copy_of_prf_input0, 0U);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
   memcpy(
@@ -5040,7 +4973,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_6f(
+  tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(
       copy_of_prf_input, domain_separator0);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
   memcpy(
@@ -5055,27 +4988,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_5e(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_90(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_f2(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
           copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      libcrux_ml_kem_matrix_compute_ring_element_v_63(
+      libcrux_ml_kem_matrix_compute_ring_element_v_c6(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f9(
+  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_cf(
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -5099,13 +5032,13 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_encrypt_2a(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key,
                                                      uint8_t message[32U],
                                                      Eurydice_slice randomness,
                                                      uint8_t ret[1088U]) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
       unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
@@ -5120,10 +5053,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_2a(Eurydice_slice public_key,
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(uu____1, copy_of_message,
-                                             randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t result[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____1, copy_of_message,
+                                             randomness, result);
+  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -5137,7 +5070,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_ea(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b7(
     Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
@@ -5168,7 +5101,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_decapsulate_58(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5186,7 +5119,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_58(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_66(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5210,7 +5143,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_58(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -5221,18 +5154,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_58(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_d8_ea(
+  libcrux_ml_kem_variant_kdf_d8_b7(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_ea(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_d8_b7(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5262,10 +5195,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d2(
+libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_58(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_d5(private_key, ciphertext, ret);
 }
 
 /**
@@ -5278,7 +5211,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d2(
 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d2(
+  libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
       private_key, ciphertext, ret);
 }
 
@@ -5292,7 +5225,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_be(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_a9(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5333,11 +5266,11 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_d8_be(
+  libcrux_ml_kem_variant_entropy_preprocess_d8_a9(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5348,7 +5281,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -5363,20 +5296,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_d8_ea(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_d8_b7(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5407,14 +5340,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_da(
+libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_eb(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_49(uu____0, copy_of_randomness);
 }
 
 /**
@@ -5431,7 +5364,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_da(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
       uu____0, copy_of_randomness);
 }
 
@@ -5465,7 +5398,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_58(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -5488,7 +5421,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_standard_domain_c1(
+libcrux_ml_kem_vector_traits_to_standard_domain_bf(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -5506,7 +5439,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_6c(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
   for (size_t i = (size_t)0U;
@@ -5514,7 +5447,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_6c(
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_traits_to_standard_domain_c1(
+            libcrux_ml_kem_vector_traits_to_standard_domain_bf(
                 self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -5530,7 +5463,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -5558,12 +5491,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_66(matrix_element,
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_45(matrix_element,
                                                        &s_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_59(&t_as_ntt[i0],
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_6c(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -5577,12 +5510,12 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_58(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5602,7 +5535,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -5610,11 +5543,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_matrix_compute_As_plus_e_6a(
+  libcrux_ml_kem_matrix_compute_As_plus_e_c7(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -5631,14 +5564,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_13(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_05(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
             re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
@@ -5659,7 +5592,7 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
@@ -5677,7 +5610,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_13(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -5692,13 +5625,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(t_as_ntt, ret);
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -5715,13 +5648,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_07(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a,
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(t_as_ntt, seed_for_a,
                                                      public_key_serialized);
-  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  uint8_t result[1184U];
+  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -5737,20 +5672,20 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) {
+libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5760,12 +5695,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) {
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -5775,7 +5710,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -5831,7 +5766,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5840,13 +5775,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_08(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_50(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5855,13 +5790,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f6(
-      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee(
+      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
 }
 
 /**
@@ -5877,12 +5812,12 @@ generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_56(
+libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness);
 }
 
 /**
@@ -5893,7 +5828,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_56(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1(
       copy_of_randomness);
 }
 
@@ -5908,7 +5843,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_a1(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de(
     Eurydice_slice shared_secret,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t kdf_input[64U];
@@ -5919,7 +5854,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_a1(
   uint8_t ret0[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1088U,
-                              libcrux_ml_kem_types_as_slice_d4_73(ciphertext),
+                              libcrux_ml_kem_types_as_slice_d4_76(ciphertext),
                               uint8_t),
       ret0);
   Eurydice_slice_copy(
@@ -5952,7 +5887,7 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_decapsulate_580(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5970,7 +5905,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_580(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_66(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -5994,7 +5929,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_580(
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -6005,18 +5940,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_580(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_33_a1(
+  libcrux_ml_kem_variant_kdf_33_de(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_a1(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_33_de(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6050,10 +5985,10 @@ generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bc(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_580(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_d50(private_key, ciphertext, ret);
 }
 
 /**
@@ -6066,7 +6001,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bc(
 static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bc(
+  libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
       private_key, ciphertext, ret);
 }
 
@@ -6080,7 +6015,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_cd(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_47(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret);
 }
@@ -6104,11 +6039,11 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb0(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_33_cd(
+  libcrux_ml_kem_variant_entropy_preprocess_33_47(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6119,7 +6054,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb0(
   uint8_t ret[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
@@ -6134,20 +6069,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_eb0(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d9(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_33_a1(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_33_de(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6182,14 +6117,14 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_02(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_eb0(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_490(uu____0, copy_of_randomness);
 }
 
 /**
@@ -6206,7 +6141,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_02(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
       uu____0, copy_of_randomness);
 }
 
@@ -6220,7 +6155,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9f(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_de(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret);
 }
@@ -6234,12 +6169,12 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a0(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
     Eurydice_slice key_generation_seed,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_9f(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_de(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6259,7 +6194,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a0(
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_76(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -6267,11 +6202,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a0(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_15(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
           copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_matrix_compute_As_plus_e_6a(
+  libcrux_ml_kem_matrix_compute_As_plus_e_c7(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
@@ -6294,21 +6229,21 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_080(
+libcrux_ml_kem_ind_cpa_generate_keypair_500(
     Eurydice_slice key_generation_seed) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a0(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_9e(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6318,12 +6253,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_080(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
+  memcpy(result.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
+  memcpy(result.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return result;
 }
 
 /**
@@ -6340,7 +6275,7 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6349,13 +6284,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_080(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_500(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -6364,13 +6299,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_f6(
-      uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_ee(
+      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
 }
 
 /**
@@ -6386,12 +6321,12 @@ generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_63(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness);
 }
 
 /**
@@ -6403,7 +6338,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_63(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69(
       copy_of_randomness);
 }
 
@@ -6415,7 +6350,7 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_c7(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_fd(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
@@ -6440,10 +6375,10 @@ generics
 - CIPHERTEXT_SIZE= 1088
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_94(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_c7(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key,
                                                         ciphertext);
 }
 
@@ -6455,7 +6390,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_94(
 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_94(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
       private_key, ciphertext);
 }
 
@@ -6479,21 +6414,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ff(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9(
     Eurydice_slice public_key,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
   }
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
       public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
 }
 
@@ -6505,16 +6436,16 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68(
     uint8_t *public_key) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ff(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -6532,9 +6463,9 @@ generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4f(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
     uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key);
+  return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key);
 }
 
 /**
@@ -6544,7 +6475,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4f(
 */
 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4f(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
       public_key->value);
 }
 
@@ -6570,11 +6501,11 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_32(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_46(
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
       &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
   libcrux_ml_kem_utils_into_padded_array_42(
@@ -6604,7 +6535,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_32(
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -6616,11 +6547,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_32(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_69(ciphertext),
+          libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -6656,10 +6587,10 @@ generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_d3(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_decapsulate_32(key_pair, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(key_pair, ciphertext, ret);
 }
 
 /**
@@ -6673,7 +6604,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
         *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_d3(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65(
       private_key, ciphertext, ret);
 }
 
@@ -6696,7 +6627,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
+static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
     uint8_t randomness[32U]) {
   uint8_t to_hash[64U];
@@ -6724,7 +6655,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_0e(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____2, copy_of_randomness,
                                              pseudorandomness, ciphertext);
   uint8_t shared_secret_array[32U] = {0U};
   Eurydice_slice_copy(
@@ -6734,7 +6665,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_33(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -6767,7 +6698,7 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_fb(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
     uint8_t randomness[32U]) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 =
@@ -6775,7 +6706,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_fb(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(uu____0,
+  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(uu____0,
                                                         copy_of_randomness);
 }
 
@@ -6795,7 +6726,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_fb(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
       uu____0, copy_of_randomness);
 }
 
@@ -6814,7 +6745,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_61(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_42(size_t _j) {
   return libcrux_ml_kem_polynomial_ZERO_ef_1b();
 }
 
@@ -6832,7 +6763,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6c(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -6851,7 +6782,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_clone_8d_9f(
+libcrux_ml_kem_polynomial_clone_8d_26(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U];
@@ -6880,7 +6811,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_4a(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -6890,19 +6821,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_4a(
       (size_t)64U, randomness,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1a(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6c(i, A[i]);
+    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(i, A[i]);
   }
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
     for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_9f(
+          libcrux_ml_kem_polynomial_clone_8d_26(
               &out->public_key.ind_cpa_public_key.A[j][i1]);
       A[i1][j] = uu____0;
     }
@@ -6915,7 +6846,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_4a(
          (size_t)3U *
              sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
   uint8_t pk_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_fd(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
       out->public_key.ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice(
           (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
@@ -6950,13 +6881,13 @@ const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c1(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_4a(copy_of_randomness, out);
+  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(copy_of_randomness, out);
 }
 
 /**
@@ -6969,7 +6900,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c1(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3(
       copy_of_randomness, key_pair);
 }
 
@@ -6985,7 +6916,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_default_1c_fd(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_1c_bd(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
   lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
   lit.public_key_hash[0U] = 0U;
@@ -7036,7 +6967,7 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_9f(void) {
+    libcrux_ml_kem_ind_cca_unpacked_default_07_db(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0;
   uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
   uu____0.implicit_rejection_value[0U] = 0U;
@@ -7074,7 +7005,7 @@ static KRML_MUSTINLINE
   return (CLITERAL(
       libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){
       .private_key = uu____0,
-      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fd()});
+      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_bd()});
 }
 
 /**
@@ -7082,7 +7013,7 @@ static KRML_MUSTINLINE
 */
 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_9f();
+  return libcrux_ml_kem_ind_cca_unpacked_default_07_db();
 }
 
 /**
@@ -7090,7 +7021,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
 */
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_fd();
+  return libcrux_ml_kem_ind_cca_unpacked_default_1c_bd();
 }
 
 /**
@@ -7110,10 +7041,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_85(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(
       self->ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
                               uint8_t),
@@ -7137,10 +7068,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_85(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_85(
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(
       &self->public_key, serialized);
 }
 
@@ -7151,7 +7082,7 @@ static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_85(key_pair,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(key_pair,
                                                                   serialized);
 }
 
@@ -7167,7 +7098,7 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ce(
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
@@ -7203,11 +7134,11 @@ with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_clone_28_20(
+libcrux_ml_kem_ind_cca_unpacked_clone_28_d3(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
   lit.ind_cpa_public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ce(&self->ind_cpa_public_key);
+      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(&self->ind_cpa_public_key);
   uint8_t ret[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -7230,7 +7161,7 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_1e(
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -7242,8 +7173,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_20(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_1e(key_pair));
+      libcrux_ml_kem_ind_cca_unpacked_clone_28_d3(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -7254,7 +7185,7 @@ static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_85(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(public_key,
                                                                   serialized);
 }
 
@@ -7277,7 +7208,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
         *unpacked_public_key) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
       (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
       uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
   uint8_t uu____1[32U];
   libcrux_ml_kem_utils_into_padded_array_423(
@@ -7297,7 +7228,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
   uint8_t uu____3[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_d5(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_d9(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
                               uint8_t),
       uu____3);
   memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -7317,7 +7248,7 @@ const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_c5(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
         *unpacked_public_key) {
@@ -7333,7 +7264,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key(
     libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_c5(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
       public_key, unpacked_public_key);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
index 9b8b7968c..e305985cd 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_mlkem768_portable_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 12bdcaa69..6cdf64314 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 251b5abff..cfdd6e5d5 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
  * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
  * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: 020cd93ab7a1437ba4a4c626b1acbf9fa14525ad
+ * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
  */
 
 #ifndef __libcrux_sha3_portable_H

From 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 30 Oct 2024 15:25:24 +0000
Subject: [PATCH 005/142] c code refresh

---
 libcrux-ml-kem/c/code_gen.txt                 |   10 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |  130 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   70 +-
 .../c/internal/libcrux_mlkem_portable.h       |   72 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   33 +-
 .../c/internal/libcrux_sha3_internal.h        |  288 +-
 .../c/karamel/include/krml/internal/target.h  |    6 +
 libcrux-ml-kem/c/libcrux_core.c               |  120 +-
 libcrux-ml-kem/c/libcrux_core.h               |   96 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   16 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   70 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   24 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   68 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   24 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   18 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   68 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   26 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   70 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   26 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   14 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   62 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   20 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   60 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   20 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 2630 ++++++++-------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   11 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 2879 +++++++++--------
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   55 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   22 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |  548 ++--
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   36 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |  992 +++---
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   12 +-
 libcrux-ml-kem/cg.yaml                        |   26 +-
 libcrux-ml-kem/cg/benches/sha3.cc             |    8 +-
 libcrux-ml-kem/cg/code_gen.txt                |   10 +-
 libcrux-ml-kem/cg/libcrux_core.h              |  124 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   10 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 1619 +++++----
 .../cg/libcrux_mlkem768_avx2_types.h          |   46 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 1826 ++++++-----
 .../cg/libcrux_mlkem768_portable_types.h      |   46 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |  590 ++--
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     | 1274 ++++----
 45 files changed, 7156 insertions(+), 7029 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 7599cb2f1..03c666cb2 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
-Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
-Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
-F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 31a212a7c..d9157cb4f 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __internal_libcrux_core_H
@@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671(
+libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5a_af(
     uint8_t value[1568U]);
 
 /**
@@ -82,9 +82,9 @@ with const generics
 - PRIVATE_KEY_SIZE= 3168
 - PUBLIC_KEY_SIZE= 1568
 */
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
-    libcrux_ml_kem_types_MlKemPublicKey_1f pk);
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_94(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 sk,
+    libcrux_ml_kem_types_MlKemPublicKey_64 pk);
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1(
+libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_7f_39(
     uint8_t value[3168U]);
 
 /**
@@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670(
+libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5a_d0(
     uint8_t value[1184U]);
 
 /**
@@ -120,9 +120,9 @@ with const generics
 - PRIVATE_KEY_SIZE= 2400
 - PUBLIC_KEY_SIZE= 1184
 */
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
-    libcrux_ml_kem_types_MlKemPublicKey_15 pk);
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_74(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 sk,
+    libcrux_ml_kem_types_MlKemPublicKey_30 pk);
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0(
+libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_7f_28(
     uint8_t value[2400U]);
 
 /**
@@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 800
 */
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67(
+libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5a_4d(
     uint8_t value[800U]);
 
 /**
@@ -158,9 +158,9 @@ with const generics
 - PRIVATE_KEY_SIZE= 1632
 - PUBLIC_KEY_SIZE= 800
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
-    libcrux_ml_kem_types_MlKemPublicKey_be pk);
+libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_types_from_3a_fa(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa sk,
+    libcrux_ml_kem_types_MlKemPublicKey_52 pk);
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af(
+libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_7f_2a(
     uint8_t value[1632U]);
 
 /**
@@ -182,8 +182,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *self);
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d0(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *self);
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_80(
     uint8_t value[1088U]);
 
 /**
@@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_401(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self);
 
 /**
@@ -217,8 +217,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 1120
 */
-void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice,
-                                                uint8_t ret[1120U]);
+void libcrux_ml_kem_utils_into_padded_array_15(Eurydice_slice slice,
+                                               uint8_t ret[1120U]);
 
 /**
 This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>#20}
@@ -228,8 +228,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 800
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0(
-    libcrux_ml_kem_types_MlKemPublicKey_be *self);
+uint8_t *libcrux_ml_kem_types_as_slice_fd_4d(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *self);
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450(
+libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_01_d0(
     uint8_t value[768U]);
 
 /**
@@ -252,8 +252,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_400(
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *self);
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_d0(
+    libcrux_ml_kem_types_MlKemCiphertext_1a *self);
 
 /**
  Pad the `slice` with `0`s at the end.
@@ -263,8 +263,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 800
 */
-void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice,
-                                                uint8_t ret[800U]);
+void libcrux_ml_kem_utils_into_padded_array_4d(Eurydice_slice slice,
+                                               uint8_t ret[800U]);
 
 /**
 This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>#20}
@@ -274,21 +274,21 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1568
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *self);
+uint8_t *libcrux_ml_kem_types_as_slice_fd_af(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *self);
 
 /**
 A monomorphic instance of core.result.Result
 with types uint8_t[32size_t], core_array_TryFromSliceError
 
 */
-typedef struct core_result_Result_00_s {
-  core_result_Result_86_tags tag;
+typedef struct core_result_Result_fb_s {
+  core_result_Result_a9_tags tag;
   union {
     uint8_t case_Ok[32U];
     core_array_TryFromSliceError case_Err;
   } val;
-} core_result_Result_00;
+} core_result_Result_fb;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -299,7 +299,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[32size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]);
+void core_result_unwrap_26_b3(core_result_Result_fb self, uint8_t ret[32U]);
 
 /**
  Pad the `slice` with `0`s at the end.
@@ -309,8 +309,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 34
 */
-void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice,
-                                                uint8_t ret[34U]);
+void libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice,
+                                               uint8_t ret[34U]);
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45(
+libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_01_af(
     uint8_t value[1568U]);
 
 /**
@@ -332,8 +332,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 33
 */
-void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice,
-                                                uint8_t ret[33U]);
+void libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice,
+                                               uint8_t ret[33U]);
 
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
@@ -344,8 +344,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_40(
-    libcrux_ml_kem_types_MlKemCiphertext_1f *self);
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_af(
+    libcrux_ml_kem_types_MlKemCiphertext_64 *self);
 
 /**
  Pad the `slice` with `0`s at the end.
@@ -355,8 +355,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 1600
 */
-void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice,
-                                                uint8_t ret[1600U]);
+void libcrux_ml_kem_utils_into_padded_array_7f(Eurydice_slice slice,
+                                               uint8_t ret[1600U]);
 
 /**
  Pad the `slice` with `0`s at the end.
@@ -366,7 +366,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 64
 */
-void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice,
+void libcrux_ml_kem_utils_into_padded_array_24(Eurydice_slice slice,
                                                uint8_t ret[64U]);
 
 /**
@@ -374,13 +374,13 @@ A monomorphic instance of core.result.Result
 with types uint8_t[24size_t], core_array_TryFromSliceError
 
 */
-typedef struct core_result_Result_6f_s {
-  core_result_Result_86_tags tag;
+typedef struct core_result_Result_b2_s {
+  core_result_Result_a9_tags tag;
   union {
     uint8_t case_Ok[24U];
     core_array_TryFromSliceError case_Err;
   } val;
-} core_result_Result_6f;
+} core_result_Result_b2;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -391,20 +391,20 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[24size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]);
+void core_result_unwrap_26_70(core_result_Result_b2 self, uint8_t ret[24U]);
 
 /**
 A monomorphic instance of core.result.Result
 with types uint8_t[20size_t], core_array_TryFromSliceError
 
 */
-typedef struct core_result_Result_7a_s {
-  core_result_Result_86_tags tag;
+typedef struct core_result_Result_e1_s {
+  core_result_Result_a9_tags tag;
   union {
     uint8_t case_Ok[20U];
     core_array_TryFromSliceError case_Err;
   } val;
-} core_result_Result_7a;
+} core_result_Result_e1;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -415,20 +415,20 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[20size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]);
+void core_result_unwrap_26_20(core_result_Result_e1 self, uint8_t ret[20U]);
 
 /**
 A monomorphic instance of core.result.Result
 with types uint8_t[10size_t], core_array_TryFromSliceError
 
 */
-typedef struct core_result_Result_cd_s {
-  core_result_Result_86_tags tag;
+typedef struct core_result_Result_9d_s {
+  core_result_Result_a9_tags tag;
   union {
     uint8_t case_Ok[10U];
     core_array_TryFromSliceError case_Err;
   } val;
-} core_result_Result_cd;
+} core_result_Result_9d;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -439,20 +439,20 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[10size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]);
+void core_result_unwrap_26_ce(core_result_Result_9d self, uint8_t ret[10U]);
 
 /**
 A monomorphic instance of core.result.Result
 with types int16_t[16size_t], core_array_TryFromSliceError
 
 */
-typedef struct core_result_Result_c0_s {
-  core_result_Result_86_tags tag;
+typedef struct core_result_Result_0a_s {
+  core_result_Result_a9_tags tag;
   union {
     int16_t case_Ok[16U];
     core_array_TryFromSliceError case_Err;
   } val;
-} core_result_Result_c0;
+} core_result_Result_0a;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -463,7 +463,7 @@ A monomorphic instance of core.result.unwrap_26
 with types int16_t[16size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]);
+void core_result_unwrap_26_00(core_result_Result_0a self, int16_t ret[16U]);
 
 typedef struct Eurydice_slice_uint8_t_4size_t__x2_s {
   Eurydice_slice fst[4U];
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index c4c213b73..dbdaa5e70 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
@@ -29,9 +29,9 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 
 */
-typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s {
+typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s {
   __m256i coefficients[16U];
-} libcrux_ml_kem_polynomial_PolynomialRingElement_d2;
+} libcrux_ml_kem_polynomial_PolynomialRingElement_f6;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
@@ -41,7 +41,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -51,8 +51,8 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_701(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+bool libcrux_ml_kem_ind_cca_validate_private_key_12(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
 /**
@@ -69,7 +69,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_d61(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -90,8 +90,8 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_701(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -116,8 +116,8 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_7f1(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+void libcrux_ml_kem_ind_cca_decapsulate_a11(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
 /**
@@ -128,7 +128,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -138,9 +138,9 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_700(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
+bool libcrux_ml_kem_ind_cca_validate_private_key_b9(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
@@ -156,7 +156,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -177,8 +177,8 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -203,9 +203,9 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_7f0(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
+void libcrux_ml_kem_ind_cca_decapsulate_a10(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
@@ -215,7 +215,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -225,9 +225,9 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_70(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
+bool libcrux_ml_kem_ind_cca_validate_private_key_ad(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
@@ -242,7 +242,7 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
+libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_ind_cca_generate_keypair_d6(
     uint8_t randomness[64U]);
 
 /**
@@ -264,8 +264,8 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -290,9 +290,9 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_7f(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
+void libcrux_ml_kem_ind_cca_decapsulate_a1(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index def86cf8e..9160fa4ed 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
@@ -34,9 +34,9 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 
 */
-typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s {
+typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
-} libcrux_ml_kem_polynomial_PolynomialRingElement_f0;
+} libcrux_ml_kem_polynomial_PolynomialRingElement_1d;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
@@ -46,7 +46,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -56,9 +56,9 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_ae(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
+bool libcrux_ml_kem_ind_cca_validate_private_key_b5(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
@@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_f81(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -95,8 +95,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_ind_cca_encapsulate_ca1(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -121,9 +121,9 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_191(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
+void libcrux_ml_kem_ind_cca_decapsulate_621(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
@@ -133,7 +133,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -143,9 +143,9 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_b4(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
+bool libcrux_ml_kem_ind_cca_validate_private_key_fb(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
@@ -160,8 +160,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]);
+libcrux_ml_kem_types_MlKemKeyPair_3e
+libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -182,8 +182,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -208,9 +208,9 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_190(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
+void libcrux_ml_kem_ind_cca_decapsulate_620(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
@@ -220,7 +220,7 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -230,8 +230,8 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_33(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+bool libcrux_ml_kem_ind_cca_validate_private_key_37(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
 /**
@@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]);
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -269,8 +269,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -295,8 +295,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_19(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+void libcrux_ml_kem_ind_cca_decapsulate_62(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
 #if defined(__cplusplus)
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 95df92565..e1421a6c3 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
@@ -23,30 +23,9 @@ extern "C" {
 #include "internal/libcrux_core.h"
 #include "intrinsics/libcrux_intrinsics_avx2.h"
 
-/**
-A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
-with types core_core_arch_x86___m256i
-with const generics
-- N= 4
-- RATE= 136
-- DELIM= 31
-*/
-void libcrux_sha3_generic_keccak_absorb_final_7f(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]);
-
-typedef libcrux_sha3_generic_keccak_KeccakState_29
+typedef libcrux_sha3_generic_keccak_KeccakState_55
     libcrux_sha3_avx2_x4_incremental_KeccakState;
 
-/**
-A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks
-with types core_core_arch_x86___m256i
-with const generics
-- N= 4
-- RATE= 168
-*/
-void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]);
-
 #if defined(__cplusplus)
 }
 #endif
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index a57bfa85c..c42e543fd 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
@@ -21,15 +21,15 @@ extern "C" {
 #include "../libcrux_sha3_internal.h"
 #include "eurydice_glue.h"
 
-typedef libcrux_sha3_generic_keccak_KeccakState_48
+typedef libcrux_sha3_generic_keccak_KeccakState_17
     libcrux_sha3_portable_KeccakState;
 
 /**
  Create a new SHAKE-128 state object.
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
 libcrux_sha3_portable_incremental_shake128_init(void) {
-  return libcrux_sha3_generic_keccak_new_89_cf();
+  return libcrux_sha3_generic_keccak_new_89_04();
 }
 
 /**
@@ -37,9 +37,9 @@ libcrux_sha3_portable_incremental_shake128_init(void) {
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) {
   Eurydice_slice buf[1U] = {data0};
-  libcrux_sha3_generic_keccak_absorb_final_40(s, buf);
+  libcrux_sha3_generic_keccak_absorb_final_9e(s, buf);
 }
 
 /**
@@ -50,23 +50,23 @@ with const generics
 - RATE= 168
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
   Eurydice_slice o0[1U];
   memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o10[1U];
   memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0);
+  libcrux_sha3_generic_keccak_squeeze_first_block_c6(s, o0);
   Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
   Eurydice_slice o1[1U];
   memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o2[1U];
   memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1);
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o2);
 }
 
 /**
@@ -74,9 +74,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
   Eurydice_slice buf[1U] = {out0};
-  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(s, buf);
 }
 
 /**
@@ -84,9 +84,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
   Eurydice_slice buf[1U] = {out0};
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, buf);
 }
 
 #define libcrux_sha3_Sha224 0
@@ -149,37 +149,37 @@ with const generics
 - RATE= 168
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
   Eurydice_slice o0[1U];
   memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o10[1U];
   memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0);
+  libcrux_sha3_generic_keccak_squeeze_first_block_c6(s, o0);
   Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
   Eurydice_slice o1[1U];
   memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o20[1U];
   memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o1);
   Eurydice_slice_uint8_t_1size_t__x2 uu____2 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U);
   Eurydice_slice o2[1U];
   memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o30[1U];
   memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o2);
   Eurydice_slice_uint8_t_1size_t__x2 uu____3 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U);
   Eurydice_slice o3[1U];
   memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o4[1U];
   memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o3);
-  libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o4);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o3);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o4);
 }
 
 /**
@@ -187,9 +187,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
   Eurydice_slice buf[1U] = {out0};
-  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(s, buf);
 }
 
 /**
@@ -197,17 +197,17 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake256_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) {
   Eurydice_slice buf[1U] = {data};
-  libcrux_sha3_generic_keccak_absorb_final_400(s, buf);
+  libcrux_sha3_generic_keccak_absorb_final_9e0(s, buf);
 }
 
 /**
  Create a new SHAKE-256 state object.
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
 libcrux_sha3_portable_incremental_shake256_init(void) {
-  return libcrux_sha3_generic_keccak_new_89_cf();
+  return libcrux_sha3_generic_keccak_new_89_04();
 }
 
 /**
@@ -215,9 +215,9 @@ libcrux_sha3_portable_incremental_shake256_init(void) {
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_block_c60(s, buf);
 }
 
 /**
@@ -225,9 +225,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c60(s, buf);
 }
 
 /**
@@ -237,14 +237,14 @@ with const generics
 - $1size_t
 - $136size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 inner;
+typedef struct libcrux_sha3_generic_keccak_KeccakXofState_e2_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 inner;
   uint8_t buf[1U][136U];
   size_t buf_len;
   bool sponge;
-} libcrux_sha3_generic_keccak_KeccakXofState_4f;
+} libcrux_sha3_generic_keccak_KeccakXofState_e2;
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
+typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
     libcrux_sha3_portable_incremental_Shake256Absorb;
 
 /**
@@ -267,8 +267,8 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
@@ -301,15 +301,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs0[1U];
   memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_consumed =
-      libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0);
+      libcrux_sha3_generic_keccak_fill_buffer_8b_c6(uu____0, copy_of_inputs0);
   if (input_consumed > (size_t)0U) {
     Eurydice_slice borrowed[1U];
     {
@@ -325,8 +325,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a(
     uint64_t(*uu____2)[5U] = self->inner.st;
     Eurydice_slice uu____3[1U];
     memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_portable_keccak_load_block_5a_35(uu____2, uu____3);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_5b(uu____2, uu____3);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
     self->buf_len = (size_t)0U;
   }
   size_t input_to_consume =
@@ -342,8 +342,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a(
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(
         copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret);
-    libcrux_sha3_portable_keccak_load_block_5a_35(uu____4, ret);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_5b(uu____4, ret);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   return remainder;
 }
@@ -371,15 +371,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
   if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
@@ -406,12 +406,12 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
 */
 static inline void libcrux_sha3_portable_incremental_absorb_7d(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_8b_45(self, buf);
+  libcrux_sha3_generic_keccak_absorb_8b_c6(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
+typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
     libcrux_sha3_portable_incremental_Shake256Squeeze;
 
 /**
@@ -432,15 +432,15 @@ with const generics
 - RATE= 136
 - DELIMITER= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -471,8 +471,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6(
   uint64_t(*uu____6)[5U] = self->inner.st;
   uint8_t uu____7[1U][200U];
   memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____6, uu____7);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____6, uu____7);
+  libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
 }
 
 /**
@@ -483,11 +483,11 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
 libcrux_sha3_portable_incremental_absorb_final_7d(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf);
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e(&self, buf);
   return self;
 }
 
@@ -505,7 +505,7 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e(
+static inline void libcrux_sha3_generic_keccak_zero_block_8b_c6(
     uint8_t ret[136U]) {
   ret[0U] = 0U;
   ret[1U] = 0U;
@@ -659,12 +659,12 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
-libcrux_sha3_generic_keccak_new_8b_47(void) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f lit;
-  lit.inner = libcrux_sha3_generic_keccak_new_89_cf();
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
+libcrux_sha3_generic_keccak_new_8b_c6(void) {
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 lit;
+  lit.inner = libcrux_sha3_generic_keccak_new_89_04();
   uint8_t ret[136U];
-  libcrux_sha3_generic_keccak_zero_block_8b_5e(ret);
+  libcrux_sha3_generic_keccak_zero_block_8b_c6(ret);
   memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t));
   lit.buf_len = (size_t)0U;
   lit.sponge = false;
@@ -679,9 +679,9 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
 libcrux_sha3_portable_incremental_new_7d(void) {
-  return libcrux_sha3_generic_keccak_new_8b_47();
+  return libcrux_sha3_generic_keccak_new_8b_c6();
 }
 
 /**
@@ -691,14 +691,14 @@ with const generics
 - $1size_t
 - $168size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 inner;
+typedef struct libcrux_sha3_generic_keccak_KeccakXofState_97_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 inner;
   uint8_t buf[1U][168U];
   size_t buf_len;
   bool sponge;
-} libcrux_sha3_generic_keccak_KeccakXofState_78;
+} libcrux_sha3_generic_keccak_KeccakXofState_97;
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_78
+typedef libcrux_sha3_generic_keccak_KeccakXofState_97
     libcrux_sha3_portable_incremental_Shake128Absorb;
 
 /**
@@ -721,8 +721,8 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
@@ -755,15 +755,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs0[1U];
   memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_consumed =
-      libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0);
+      libcrux_sha3_generic_keccak_fill_buffer_8b_c60(uu____0, copy_of_inputs0);
   if (input_consumed > (size_t)0U) {
     Eurydice_slice borrowed[1U];
     {
@@ -779,8 +779,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0(
     uint64_t(*uu____2)[5U] = self->inner.st;
     Eurydice_slice uu____3[1U];
     memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_portable_keccak_load_block_5a_350(uu____2, uu____3);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_3a(uu____2, uu____3);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
     self->buf_len = (size_t)0U;
   }
   size_t input_to_consume =
@@ -796,8 +796,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0(
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(
         copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret);
-    libcrux_sha3_portable_keccak_load_block_5a_350(uu____4, ret);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_3a(uu____4, ret);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   return remainder;
 }
@@ -825,15 +825,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
   if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
@@ -857,12 +857,12 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake128Absorb)}
 */
 static inline void libcrux_sha3_portable_incremental_absorb_1c(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_8b_450(self, buf);
+  libcrux_sha3_generic_keccak_absorb_8b_c60(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_78
+typedef libcrux_sha3_generic_keccak_KeccakXofState_97
     libcrux_sha3_portable_incremental_Shake128Squeeze;
 
 /**
@@ -883,15 +883,15 @@ with const generics
 - RATE= 168
 - DELIMITER= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e0(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -922,8 +922,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60(
   uint64_t(*uu____6)[5U] = self->inner.st;
   uint8_t uu____7[1U][200U];
   memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____6, uu____7);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+  libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____6, uu____7);
+  libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
 }
 
 /**
@@ -931,11 +931,11 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
 libcrux_sha3::portable::incremental::Shake128Absorb)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_78
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
 libcrux_sha3_portable_incremental_absorb_final_1c(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_97 self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf);
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(&self, buf);
   return self;
 }
 
@@ -953,7 +953,7 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0(
+static inline void libcrux_sha3_generic_keccak_zero_block_8b_c60(
     uint8_t ret[168U]) {
   ret[0U] = 0U;
   ret[1U] = 0U;
@@ -1139,12 +1139,12 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_78
-libcrux_sha3_generic_keccak_new_8b_470(void) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 lit;
-  lit.inner = libcrux_sha3_generic_keccak_new_89_cf();
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
+libcrux_sha3_generic_keccak_new_8b_c60(void) {
+  libcrux_sha3_generic_keccak_KeccakXofState_97 lit;
+  lit.inner = libcrux_sha3_generic_keccak_new_89_04();
   uint8_t ret[168U];
-  libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret);
+  libcrux_sha3_generic_keccak_zero_block_8b_c60(ret);
   memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t));
   lit.buf_len = (size_t)0U;
   lit.sponge = false;
@@ -1156,9 +1156,9 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
 libcrux_sha3::portable::incremental::Shake128Absorb)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_78
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
 libcrux_sha3_portable_incremental_new_1c(void) {
-  return libcrux_sha3_generic_keccak_new_8b_470();
+  return libcrux_sha3_generic_keccak_new_8b_c60();
 }
 
 /**
@@ -1173,7 +1173,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
     uint64_t (*state)[5U], Eurydice_slice out[1U]) {
   size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
   size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
@@ -1214,11 +1214,11 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice out[1U]) {
   if (self->sponge) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = out_len / (size_t)136U;
@@ -1235,15 +1235,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba(
   memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice out_rest[1U];
   memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out00);
-  core_ops_range_Range_b3 iter =
+  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                              .end = blocks}),
-          core_ops_range_Range_b3, core_ops_range_Range_b3);
+          core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-            &iter, size_t, core_option_Option_b3)
+            &iter, size_t, core_option_Option_08)
             .tag == core_option_None) {
       break;
     } else {
@@ -1254,14 +1254,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba(
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
       Eurydice_slice tmp[1U];
       memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-      libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-      libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out0);
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
       memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
     }
   }
   if (last < out_len) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-    libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out_rest);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
   }
   self->sponge = true;
 }
@@ -1275,9 +1275,9 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake256Squeeze)#3}
 */
 static inline void libcrux_sha3_portable_incremental_squeeze_8a(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf);
+  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
 }
 
 /**
@@ -1292,7 +1292,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_3a(
     uint64_t (*state)[5U], Eurydice_slice out[1U]) {
   size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
   size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
@@ -1333,11 +1333,11 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice out[1U]) {
   if (self->sponge) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = out_len / (size_t)168U;
@@ -1354,15 +1354,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0(
   memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice out_rest[1U];
   memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out00);
-  core_ops_range_Range_b3 iter =
+  libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                              .end = blocks}),
-          core_ops_range_Range_b3, core_ops_range_Range_b3);
+          core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-            &iter, size_t, core_option_Option_b3)
+            &iter, size_t, core_option_Option_08)
             .tag == core_option_None) {
       break;
     } else {
@@ -1373,14 +1373,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0(
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
       Eurydice_slice tmp[1U];
       memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-      libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-      libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out0);
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out0);
       memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
     }
   }
   if (last < out_len) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-    libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out_rest);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out_rest);
   }
   self->sponge = true;
 }
@@ -1394,18 +1394,18 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake128Squeeze)#1}
 */
 static inline void libcrux_sha3_portable_incremental_squeeze_10(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf);
+  libcrux_sha3_generic_keccak_squeeze_8b_c60(self, buf);
 }
 
 /**
 This function found in impl {(core::clone::Clone for
 libcrux_sha3::portable::KeccakState)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakState_48
+static inline libcrux_sha3_generic_keccak_KeccakState_17
 libcrux_sha3_portable_clone_3d(
-    libcrux_sha3_generic_keccak_KeccakState_48 *self) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *self) {
   return self[0U];
 }
 
diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h
index dbe3aec09..25313e254 100644
--- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h
+++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h
@@ -81,6 +81,8 @@
 #define KRML_NOINLINE __declspec(noinline)
 #elif defined(__GNUC__)
 #define KRML_NOINLINE __attribute__((noinline, unused))
+#elif defined(__SUNPRO_C)
+#define KRML_NOINLINE __attribute__((noinline))
 #else
 #define KRML_NOINLINE
 #warning "The KRML_NOINLINE macro is not defined for this toolchain!"
@@ -95,6 +97,8 @@
 #define KRML_MUSTINLINE inline __forceinline
 #elif defined(__GNUC__)
 #define KRML_MUSTINLINE inline __attribute__((always_inline))
+#elif defined(__SUNPRO_C)
+#define KRML_MUSTINLINE inline __attribute__((always_inline))
 #else
 #define KRML_MUSTINLINE inline
 #warning \
@@ -209,6 +213,8 @@ inline static int32_t krml_time(void) { return (int32_t)time(NULL); }
 #elif defined(__GNUC__)
 /* deprecated attribute is not defined in GCC < 4.5. */
 #define KRML_DEPRECATED(x)
+#elif defined(__SUNPRO_C)
+#define KRML_DEPRECATED(x) __attribute__((deprecated(x)))
 #elif defined(_MSC_VER)
 #define KRML_DEPRECATED(x) __declspec(deprecated(x))
 #endif
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index bad4aa323..1be8ad169 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "internal/libcrux_core.h"
@@ -80,12 +80,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671(
+libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5a_af(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
   memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_1f lit;
+  libcrux_ml_kem_types_MlKemPublicKey_64 lit;
   memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t));
   return lit;
 }
@@ -100,9 +100,9 @@ with const generics
 - PRIVATE_KEY_SIZE= 3168
 - PUBLIC_KEY_SIZE= 1568
 */
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
-    libcrux_ml_kem_types_MlKemPublicKey_1f pk) {
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_94(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 sk,
+    libcrux_ml_kem_types_MlKemPublicKey_64 pk) {
   return (
       CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk});
 }
@@ -116,12 +116,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1(
+libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_7f_39(
     uint8_t value[3168U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[3168U];
   memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_95 lit;
+  libcrux_ml_kem_types_MlKemPrivateKey_83 lit;
   memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t));
   return lit;
 }
@@ -135,12 +135,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670(
+libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5a_d0(
     uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
   memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_15 lit;
+  libcrux_ml_kem_types_MlKemPublicKey_30 lit;
   memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
   return lit;
 }
@@ -155,9 +155,9 @@ with const generics
 - PRIVATE_KEY_SIZE= 2400
 - PUBLIC_KEY_SIZE= 1184
 */
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
-    libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_74(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 sk,
+    libcrux_ml_kem_types_MlKemPublicKey_30 pk) {
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
 }
@@ -171,12 +171,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0(
+libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_7f_28(
     uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
   memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 lit;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 lit;
   memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t));
   return lit;
 }
@@ -190,12 +190,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 800
 */
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67(
+libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5a_4d(
     uint8_t value[800U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[800U];
   memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_be lit;
+  libcrux_ml_kem_types_MlKemPublicKey_52 lit;
   memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t));
   return lit;
 }
@@ -210,10 +210,10 @@ with const generics
 - PRIVATE_KEY_SIZE= 1632
 - PUBLIC_KEY_SIZE= 800
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
-    libcrux_ml_kem_types_MlKemPublicKey_be pk) {
-  return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk});
+libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_types_from_3a_fa(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa sk,
+    libcrux_ml_kem_types_MlKemPublicKey_52 pk) {
+  return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_3e){.sk = sk, .pk = pk});
 }
 
 /**
@@ -225,12 +225,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af(
+libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_7f_2a(
     uint8_t value[1632U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1632U];
   memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_5e lit;
+  libcrux_ml_kem_types_MlKemPrivateKey_fa lit;
   memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t));
   return lit;
 }
@@ -243,8 +243,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
+uint8_t *libcrux_ml_kem_types_as_slice_fd_d0(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *self) {
   return self->value;
 }
 
@@ -257,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_80(
     uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
@@ -276,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_401(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
@@ -289,8 +289,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 1120
 */
-void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice,
-                                                uint8_t ret[1120U]) {
+void libcrux_ml_kem_utils_into_padded_array_15(Eurydice_slice slice,
+                                               uint8_t ret[1120U]) {
   uint8_t out[1120U] = {0U};
   uint8_t *uu____0 = out;
   Eurydice_slice_copy(
@@ -308,8 +308,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 800
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0(
-    libcrux_ml_kem_types_MlKemPublicKey_be *self) {
+uint8_t *libcrux_ml_kem_types_as_slice_fd_4d(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *self) {
   return self->value;
 }
 
@@ -322,12 +322,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450(
+libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_01_d0(
     uint8_t value[768U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[768U];
   memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemCiphertext_e8 lit;
+  libcrux_ml_kem_types_MlKemCiphertext_1a lit;
   memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t));
   return lit;
 }
@@ -341,8 +341,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_400(
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *self) {
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_d0(
+    libcrux_ml_kem_types_MlKemCiphertext_1a *self) {
   return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t);
 }
 
@@ -354,8 +354,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 800
 */
-void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice,
-                                                uint8_t ret[800U]) {
+void libcrux_ml_kem_utils_into_padded_array_4d(Eurydice_slice slice,
+                                               uint8_t ret[800U]) {
   uint8_t out[800U] = {0U};
   uint8_t *uu____0 = out;
   Eurydice_slice_copy(
@@ -373,8 +373,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1568
 */
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *self) {
+uint8_t *libcrux_ml_kem_types_as_slice_fd_af(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *self) {
   return self->value;
 }
 
@@ -387,7 +387,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[32size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) {
+void core_result_unwrap_26_b3(core_result_Result_fb self, uint8_t ret[32U]) {
   if (self.tag == core_result_Ok) {
     uint8_t f0[32U];
     memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));
@@ -407,8 +407,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 34
 */
-void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice,
-                                                uint8_t ret[34U]) {
+void libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice,
+                                               uint8_t ret[34U]) {
   uint8_t out[34U] = {0U};
   uint8_t *uu____0 = out;
   Eurydice_slice_copy(
@@ -427,12 +427,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45(
+libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_01_af(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
   memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemCiphertext_1f lit;
+  libcrux_ml_kem_types_MlKemCiphertext_64 lit;
   memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t));
   return lit;
 }
@@ -445,8 +445,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 33
 */
-void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice,
-                                                uint8_t ret[33U]) {
+void libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice,
+                                               uint8_t ret[33U]) {
   uint8_t out[33U] = {0U};
   uint8_t *uu____0 = out;
   Eurydice_slice_copy(
@@ -465,8 +465,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_40(
-    libcrux_ml_kem_types_MlKemCiphertext_1f *self) {
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_af(
+    libcrux_ml_kem_types_MlKemCiphertext_64 *self) {
   return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t);
 }
 
@@ -478,8 +478,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 1600
 */
-void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice,
-                                                uint8_t ret[1600U]) {
+void libcrux_ml_kem_utils_into_padded_array_7f(Eurydice_slice slice,
+                                               uint8_t ret[1600U]) {
   uint8_t out[1600U] = {0U};
   uint8_t *uu____0 = out;
   Eurydice_slice_copy(
@@ -497,7 +497,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 64
 */
-void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice,
+void libcrux_ml_kem_utils_into_padded_array_24(Eurydice_slice slice,
                                                uint8_t ret[64U]) {
   uint8_t out[64U] = {0U};
   uint8_t *uu____0 = out;
@@ -517,7 +517,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[24size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) {
+void core_result_unwrap_26_70(core_result_Result_b2 self, uint8_t ret[24U]) {
   if (self.tag == core_result_Ok) {
     uint8_t f0[24U];
     memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t));
@@ -538,7 +538,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[20size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) {
+void core_result_unwrap_26_20(core_result_Result_e1 self, uint8_t ret[20U]) {
   if (self.tag == core_result_Ok) {
     uint8_t f0[20U];
     memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t));
@@ -559,7 +559,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[10size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) {
+void core_result_unwrap_26_ce(core_result_Result_9d self, uint8_t ret[10U]) {
   if (self.tag == core_result_Ok) {
     uint8_t f0[10U];
     memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t));
@@ -580,7 +580,7 @@ A monomorphic instance of core.result.unwrap_26
 with types int16_t[16size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) {
+void core_result_unwrap_26_00(core_result_Result_0a self, int16_t ret[16U]) {
   if (self.tag == core_result_Ok) {
     int16_t f0[16U];
     memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t));
@@ -601,7 +601,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[8size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) {
+void core_result_unwrap_26_68(core_result_Result_15 self, uint8_t ret[8U]) {
   if (self.tag == core_result_Ok) {
     uint8_t f0[8U];
     memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index bc1f587a2..697272772 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_core_H
@@ -25,30 +25,30 @@ A monomorphic instance of core.ops.range.Range
 with types size_t
 
 */
-typedef struct core_ops_range_Range_b3_s {
+typedef struct core_ops_range_Range_08_s {
   size_t start;
   size_t end;
-} core_ops_range_Range_b3;
+} core_ops_range_Range_08;
 
 #define core_result_Ok 0
 #define core_result_Err 1
 
-typedef uint8_t core_result_Result_86_tags;
+typedef uint8_t core_result_Result_a9_tags;
 
 #define core_option_None 0
 #define core_option_Some 1
 
-typedef uint8_t core_option_Option_ef_tags;
+typedef uint8_t core_option_Option_9e_tags;
 
 /**
 A monomorphic instance of core.option.Option
 with types size_t
 
 */
-typedef struct core_option_Option_b3_s {
-  core_option_Option_ef_tags tag;
+typedef struct core_option_Option_08_s {
+  core_option_Option_9e_tags tag;
   size_t f0;
-} core_option_Option_b3;
+} core_option_Option_08;
 
 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
 
@@ -59,22 +59,22 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
 with const generics
 - $1568size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s {
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_64_s {
   uint8_t value[1568U];
-} libcrux_ml_kem_types_MlKemPublicKey_1f;
+} libcrux_ml_kem_types_MlKemPublicKey_64;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
 with const generics
 - $3168size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s {
+typedef struct libcrux_ml_kem_types_MlKemPrivateKey_83_s {
   uint8_t value[3168U];
-} libcrux_ml_kem_types_MlKemPrivateKey_95;
+} libcrux_ml_kem_types_MlKemPrivateKey_83;
 
 typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s {
-  libcrux_ml_kem_types_MlKemPrivateKey_95 sk;
-  libcrux_ml_kem_types_MlKemPublicKey_1f pk;
+  libcrux_ml_kem_types_MlKemPrivateKey_83 sk;
+  libcrux_ml_kem_types_MlKemPublicKey_64 pk;
 } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair;
 
 /**
@@ -82,22 +82,22 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
 with const generics
 - $1184size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s {
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s {
   uint8_t value[1184U];
-} libcrux_ml_kem_types_MlKemPublicKey_15;
+} libcrux_ml_kem_types_MlKemPublicKey_30;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
 with const generics
 - $2400size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s {
+typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s {
   uint8_t value[2400U];
-} libcrux_ml_kem_types_MlKemPrivateKey_55;
+} libcrux_ml_kem_types_MlKemPrivateKey_d9;
 
 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
-  libcrux_ml_kem_types_MlKemPrivateKey_55 sk;
-  libcrux_ml_kem_types_MlKemPublicKey_15 pk;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 sk;
+  libcrux_ml_kem_types_MlKemPublicKey_30 pk;
 } libcrux_ml_kem_mlkem768_MlKem768KeyPair;
 
 /**
@@ -105,18 +105,18 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
 with const generics
 - $800size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s {
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_52_s {
   uint8_t value[800U];
-} libcrux_ml_kem_types_MlKemPublicKey_be;
+} libcrux_ml_kem_types_MlKemPublicKey_52;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
 with const generics
 - $1632size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s {
+typedef struct libcrux_ml_kem_types_MlKemPrivateKey_fa_s {
   uint8_t value[1632U];
-} libcrux_ml_kem_types_MlKemPrivateKey_5e;
+} libcrux_ml_kem_types_MlKemPrivateKey_fa;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair
@@ -124,10 +124,10 @@ with const generics
 - $1632size_t
 - $800size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s {
-  libcrux_ml_kem_types_MlKemPrivateKey_5e sk;
-  libcrux_ml_kem_types_MlKemPublicKey_be pk;
-} libcrux_ml_kem_types_MlKemKeyPair_cb;
+typedef struct libcrux_ml_kem_types_MlKemKeyPair_3e_s {
+  libcrux_ml_kem_types_MlKemPrivateKey_fa sk;
+  libcrux_ml_kem_types_MlKemPublicKey_52 pk;
+} libcrux_ml_kem_types_MlKemKeyPair_3e;
 
 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {
   uint8_t value[1088U];
@@ -139,38 +139,38 @@ with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]],
 uint8_t[32size_t]
 
 */
-typedef struct tuple_3c_s {
+typedef struct tuple_c2_s {
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst;
   uint8_t snd[32U];
-} tuple_3c;
+} tuple_c2;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext
 with const generics
 - $768size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s {
+typedef struct libcrux_ml_kem_types_MlKemCiphertext_1a_s {
   uint8_t value[768U];
-} libcrux_ml_kem_types_MlKemCiphertext_e8;
+} libcrux_ml_kem_types_MlKemCiphertext_1a;
 
 /**
 A monomorphic instance of K.
 with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t]
 
 */
-typedef struct tuple_ec_s {
-  libcrux_ml_kem_types_MlKemCiphertext_e8 fst;
+typedef struct tuple_41_s {
+  libcrux_ml_kem_types_MlKemCiphertext_1a fst;
   uint8_t snd[32U];
-} tuple_ec;
+} tuple_41;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext
 with const generics
 - $1568size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemCiphertext_1f_s {
+typedef struct libcrux_ml_kem_types_MlKemCiphertext_64_s {
   uint8_t value[1568U];
-} libcrux_ml_kem_types_MlKemCiphertext_1f;
+} libcrux_ml_kem_types_MlKemCiphertext_64;
 
 /**
 A monomorphic instance of K.
@@ -178,23 +178,23 @@ with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]],
 uint8_t[32size_t]
 
 */
-typedef struct tuple_21_s {
-  libcrux_ml_kem_types_MlKemCiphertext_1f fst;
+typedef struct tuple_fa_s {
+  libcrux_ml_kem_types_MlKemCiphertext_64 fst;
   uint8_t snd[32U];
-} tuple_21;
+} tuple_fa;
 
 /**
 A monomorphic instance of core.result.Result
 with types uint8_t[8size_t], core_array_TryFromSliceError
 
 */
-typedef struct core_result_Result_56_s {
-  core_result_Result_86_tags tag;
+typedef struct core_result_Result_15_s {
+  core_result_Result_a9_tags tag;
   union {
     uint8_t case_Ok[8U];
     core_array_TryFromSliceError case_Err;
   } val;
-} core_result_Result_56;
+} core_result_Result_15;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -205,7 +205,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[8size_t], core_array_TryFromSliceError
 
 */
-void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]);
+void core_result_unwrap_26_68(core_result_Result_15 self, uint8_t ret[8U]);
 
 typedef struct Eurydice_slice_uint8_t_x2_s {
   Eurydice_slice fst;
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 63a7ab056..a94d8c0a2 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem1024_H
@@ -70,13 +70,13 @@ extern "C" {
   (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE +                    \
    LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024)
 
-typedef libcrux_ml_kem_types_MlKemCiphertext_1f
+typedef libcrux_ml_kem_types_MlKemCiphertext_64
     libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext;
 
-typedef libcrux_ml_kem_types_MlKemPrivateKey_95
+typedef libcrux_ml_kem_types_MlKemPrivateKey_83
     libcrux_ml_kem_mlkem1024_MlKem1024PrivateKey;
 
-typedef libcrux_ml_kem_types_MlKemPublicKey_1f
+typedef libcrux_ml_kem_types_MlKemPublicKey_64
     libcrux_ml_kem_mlkem1024_MlKem1024PublicKey;
 
 #define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 \
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 1028b5ac1..4e1fed99d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_mlkem1024_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-static void decapsulate_0c0(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret);
+static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+                           libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext,
+                           uint8_t ret[32U]) {
+  libcrux_ml_kem_ind_cca_decapsulate_a10(private_key, ciphertext, ret);
 }
 
 /**
@@ -49,9 +49,9 @@ static void decapsulate_0c0(
  [`MlKem1024Ciphertext`].
 */
 void libcrux_ml_kem_mlkem1024_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  decapsulate_0c0(private_key, ciphertext, ret);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) {
+  decapsulate_e0(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_21 encapsulate_ae0(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+static tuple_fa encapsulate_8f(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_a10(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_700(uu____0, copy_of_randomness);
 }
 
 /**
@@ -88,14 +88,14 @@ static tuple_21 encapsulate_ae0(
  The input is a reference to an [`MlKem1024PublicKey`] and
  [`SHARED_SECRET_SIZE`] bytes of `randomness`.
 */
-tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_mlkem1024_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_ae0(uu____0, copy_of_randomness);
+  return encapsulate_8f(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_5a0(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c9(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_d60(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_5a0(copy_of_randomness);
+  return generate_keypair_c9(copy_of_randomness);
 }
 
 /**
@@ -136,11 +136,11 @@ generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_private_key_080(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key,
-                                                         ciphertext);
+static KRML_MUSTINLINE bool validate_private_key_6b(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_b9(private_key,
+                                                        ciphertext);
 }
 
 /**
@@ -149,9 +149,9 @@ static KRML_MUSTINLINE bool validate_private_key_080(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return validate_private_key_080(private_key, ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) {
+  return validate_private_key_6b(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_public_key_f60(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key);
+static KRML_MUSTINLINE bool validate_public_key_6b(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_1e(public_key);
 }
 
 /**
@@ -172,6 +172,6 @@ static KRML_MUSTINLINE bool validate_public_key_f60(uint8_t *public_key) {
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
-  return validate_public_key_f60(public_key->value);
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key) {
+  return validate_public_key_6b(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index dede724bf..22afe46de 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
@@ -29,8 +29,8 @@ extern "C" {
  [`MlKem1024Ciphertext`].
 */
 void libcrux_ml_kem_mlkem1024_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]);
 
 /**
  Encapsulate ML-KEM 1024
@@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate(
  The input is a reference to an [`MlKem1024PublicKey`] and
  [`SHARED_SECRET_SIZE`] bytes of `randomness`.
 */
-tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_mlkem1024_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]);
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext);
 
 /**
  Validate a public key.
@@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key);
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index bed205e56..f0b421213 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_mlkem1024_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-static void decapsulate_831(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_191(private_key, ciphertext, ret);
+static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+                           libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext,
+                           uint8_t ret[32U]) {
+  libcrux_ml_kem_ind_cca_decapsulate_621(private_key, ciphertext, ret);
 }
 
 /**
@@ -49,9 +49,9 @@ static void decapsulate_831(
  [`MlKem1024Ciphertext`].
 */
 void libcrux_ml_kem_mlkem1024_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
-  decapsulate_831(private_key, ciphertext, ret);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) {
+  decapsulate_e0(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_21 encapsulate_951(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+static tuple_fa encapsulate_8f(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_661(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_ca1(uu____0, copy_of_randomness);
 }
 
 /**
@@ -88,14 +88,14 @@ static tuple_21 encapsulate_951(
  The input is a reference to an [`MlKem1024PublicKey`] and
  [`SHARED_SECRET_SIZE`] bytes of `randomness`.
 */
-tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_mlkem1024_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_951(uu____0, copy_of_randomness);
+  return encapsulate_8f(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_d11(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c9(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_f81(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_d11(copy_of_randomness);
+  return generate_keypair_c9(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_private_key_da1(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_ae(private_key,
+static KRML_MUSTINLINE bool validate_private_key_6b(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_b5(private_key,
                                                         ciphertext);
 }
 
@@ -150,9 +150,9 @@ static KRML_MUSTINLINE bool validate_private_key_da1(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
-  return validate_private_key_da1(private_key, ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) {
+  return validate_private_key_6b(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_bf1(public_key);
+static KRML_MUSTINLINE bool validate_public_key_6b(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key);
 }
 
 /**
@@ -173,6 +173,6 @@ static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) {
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
-  return validate_public_key_e91(public_key->value);
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key) {
+  return validate_public_key_6b(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 87b018021..66bd0b9e5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
@@ -29,8 +29,8 @@ extern "C" {
  [`MlKem1024Ciphertext`].
 */
 void libcrux_ml_kem_mlkem1024_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]);
 
 /**
  Encapsulate ML-KEM 1024
@@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate(
  The input is a reference to an [`MlKem1024PublicKey`] and
  [`SHARED_SECRET_SIZE`] bytes of `randomness`.
 */
-tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_mlkem1024_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]);
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext);
 
 /**
  Validate a public key.
@@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem1024_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key);
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 157226146..f7c289e29 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem512_H
@@ -44,16 +44,16 @@ extern "C" {
 #define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \
   ((size_t)800U)
 
-typedef libcrux_ml_kem_types_MlKemCiphertext_e8
+typedef libcrux_ml_kem_types_MlKemCiphertext_1a
     libcrux_ml_kem_mlkem512_MlKem512Ciphertext;
 
-typedef libcrux_ml_kem_types_MlKemKeyPair_cb
+typedef libcrux_ml_kem_types_MlKemKeyPair_3e
     libcrux_ml_kem_mlkem512_MlKem512KeyPair;
 
-typedef libcrux_ml_kem_types_MlKemPrivateKey_5e
+typedef libcrux_ml_kem_types_MlKemPrivateKey_fa
     libcrux_ml_kem_mlkem512_MlKem512PrivateKey;
 
-typedef libcrux_ml_kem_types_MlKemPublicKey_be
+typedef libcrux_ml_kem_types_MlKemPublicKey_52
     libcrux_ml_kem_mlkem512_MlKem512PublicKey;
 
 #define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 ((size_t)768U)
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 8008c0304..fa3a2eac5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_mlkem512_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-static void decapsulate_0c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-                           libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext,
+static void decapsulate_69(libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+                           libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext,
                            uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_a1(private_key, ciphertext, ret);
 }
 
 /**
@@ -49,9 +49,9 @@ static void decapsulate_0c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
  [`MlKem512Ciphertext`].
 */
 void libcrux_ml_kem_mlkem512_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_0c(private_key, ciphertext, ret);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) {
+  decapsulate_69(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_ec encapsulate_ae(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+static tuple_41 encapsulate_35(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_a1(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_70(uu____0, copy_of_randomness);
 }
 
 /**
@@ -88,14 +88,14 @@ static tuple_ec encapsulate_ae(
  The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_mlkem512_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_ae(uu____0, copy_of_randomness);
+  return encapsulate_35(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,23 +109,23 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_5a(
+static libcrux_ml_kem_types_MlKemKeyPair_3e generate_keypair_a8(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_d6(copy_of_randomness);
 }
 
 /**
  Generate ML-KEM 512 Key Pair
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb
+libcrux_ml_kem_types_MlKemKeyPair_3e
 libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_5a(copy_of_randomness);
+  return generate_keypair_a8(copy_of_randomness);
 }
 
 /**
@@ -136,10 +136,10 @@ generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE bool validate_private_key_08(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key,
+static KRML_MUSTINLINE bool validate_private_key_1c(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_ad(private_key,
                                                         ciphertext);
 }
 
@@ -149,9 +149,9 @@ static KRML_MUSTINLINE bool validate_private_key_08(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return validate_private_key_08(private_key, ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) {
+  return validate_private_key_1c(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE bool validate_public_key_f6(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key);
+static KRML_MUSTINLINE bool validate_public_key_1c(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_ba(public_key);
 }
 
 /**
@@ -172,6 +172,6 @@ static KRML_MUSTINLINE bool validate_public_key_f6(uint8_t *public_key) {
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
-  return validate_public_key_f6(public_key->value);
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key) {
+  return validate_public_key_1c(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 8a66b75c4..4258c183c 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
@@ -29,8 +29,8 @@ extern "C" {
  [`MlKem512Ciphertext`].
 */
 void libcrux_ml_kem_mlkem512_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]);
 
 /**
  Encapsulate ML-KEM 512
@@ -39,14 +39,14 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate(
  The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_mlkem512_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]);
 
 /**
  Generate ML-KEM 512 Key Pair
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb
+libcrux_ml_kem_types_MlKemKeyPair_3e
 libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]);
 
 /**
@@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]);
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext);
 
 /**
  Validate a public key.
@@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key);
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 2fc5a3251..007b75d92 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_mlkem512_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-static void decapsulate_830(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_190(private_key, ciphertext, ret);
+static void decapsulate_69(libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+                           libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext,
+                           uint8_t ret[32U]) {
+  libcrux_ml_kem_ind_cca_decapsulate_620(private_key, ciphertext, ret);
 }
 
 /**
@@ -49,9 +49,9 @@ static void decapsulate_830(
  [`MlKem512Ciphertext`].
 */
 void libcrux_ml_kem_mlkem512_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_830(private_key, ciphertext, ret);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) {
+  decapsulate_69(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_ec encapsulate_950(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+static tuple_41 encapsulate_35(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_660(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_ca0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -88,14 +88,14 @@ static tuple_ec encapsulate_950(
  The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_mlkem512_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_950(uu____0, copy_of_randomness);
+  return encapsulate_35(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,23 +110,23 @@ generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d10(
+static libcrux_ml_kem_types_MlKemKeyPair_3e generate_keypair_a8(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_f80(copy_of_randomness);
 }
 
 /**
  Generate ML-KEM 512 Key Pair
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb
+libcrux_ml_kem_types_MlKemKeyPair_3e
 libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_d10(copy_of_randomness);
+  return generate_keypair_a8(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE bool validate_private_key_da0(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_b4(private_key,
+static KRML_MUSTINLINE bool validate_private_key_1c(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_fb(private_key,
                                                         ciphertext);
 }
 
@@ -150,9 +150,9 @@ static KRML_MUSTINLINE bool validate_private_key_da0(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
-  return validate_private_key_da0(private_key, ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) {
+  return validate_private_key_1c(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_bf0(public_key);
+static KRML_MUSTINLINE bool validate_public_key_1c(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_86(public_key);
 }
 
 /**
@@ -173,6 +173,6 @@ static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) {
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
-  return validate_public_key_e90(public_key->value);
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key) {
+  return validate_public_key_1c(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 66032c07f..d0b8d757d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem512_portable_H
@@ -29,8 +29,8 @@ extern "C" {
  [`MlKem512Ciphertext`].
 */
 void libcrux_ml_kem_mlkem512_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]);
 
 /**
  Encapsulate ML-KEM 512
@@ -39,14 +39,14 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate(
  The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_mlkem512_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]);
 
 /**
  Generate ML-KEM 512 Key Pair
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb
+libcrux_ml_kem_types_MlKemKeyPair_3e
 libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]);
 
 /**
@@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]);
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext);
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext);
 
 /**
  Validate a public key.
@@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem512_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key);
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 85985206f..0703da140 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_H
@@ -68,10 +68,10 @@ extern "C" {
   (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE +                   \
    LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768)
 
-typedef libcrux_ml_kem_types_MlKemPrivateKey_55
+typedef libcrux_ml_kem_types_MlKemPrivateKey_d9
     libcrux_ml_kem_mlkem768_MlKem768PrivateKey;
 
-typedef libcrux_ml_kem_types_MlKemPublicKey_15
+typedef libcrux_ml_kem_types_MlKemPublicKey_30
     libcrux_ml_kem_mlkem768_MlKem768PublicKey;
 
 #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 3fd65a30d..df43fef6b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_mlkem768_avx2.h"
@@ -35,10 +35,10 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static void decapsulate_0c1(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static void decapsulate_35(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_a11(private_key, ciphertext, ret);
 }
 
 /**
@@ -49,9 +49,9 @@ static void decapsulate_0c1(
  [`MlKem768Ciphertext`].
 */
 void libcrux_ml_kem_mlkem768_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_0c1(private_key, ciphertext, ret);
+  decapsulate_35(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_3c encapsulate_ae1(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static tuple_c2 encapsulate_cd(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_a11(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_701(uu____0, copy_of_randomness);
 }
 
 /**
@@ -88,14 +88,14 @@ static tuple_3c encapsulate_ae1(
  The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_ae1(uu____0, copy_of_randomness);
+  return encapsulate_cd(uu____0, copy_of_randomness);
 }
 
 /**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_5a1(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c6(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_0b1(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_d61(copy_of_randomness);
 }
 
 /**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_5a1(copy_of_randomness);
+  return generate_keypair_c6(copy_of_randomness);
 }
 
 /**
@@ -136,11 +136,11 @@ generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool validate_private_key_081(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static KRML_MUSTINLINE bool validate_private_key_31(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key,
-                                                         ciphertext);
+  return libcrux_ml_kem_ind_cca_validate_private_key_12(private_key,
+                                                        ciphertext);
 }
 
 /**
@@ -149,9 +149,9 @@ static KRML_MUSTINLINE bool validate_private_key_081(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return validate_private_key_081(private_key, ciphertext);
+  return validate_private_key_31(private_key, ciphertext);
 }
 
 /**
@@ -162,8 +162,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool validate_public_key_f61(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key);
+static KRML_MUSTINLINE bool validate_public_key_31(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_ed(public_key);
 }
 
 /**
@@ -172,6 +172,6 @@ static KRML_MUSTINLINE bool validate_public_key_f61(uint8_t *public_key) {
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return validate_public_key_f61(public_key->value);
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) {
+  return validate_public_key_31(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index af5edca86..54763392b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -29,7 +29,7 @@ extern "C" {
  [`MlKem768Ciphertext`].
 */
 void libcrux_ml_kem_mlkem768_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
 /**
@@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate(
  The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -55,7 +55,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]);
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext);
 
 /**
@@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key);
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 1794e74b4..98f3524ad 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_mlkem768_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static void decapsulate_83(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static void decapsulate_35(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_19(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret);
 }
 
 /**
@@ -49,9 +49,9 @@ static void decapsulate_83(
  [`MlKem768Ciphertext`].
 */
 void libcrux_ml_kem_mlkem768_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_83(private_key, ciphertext, ret);
+  decapsulate_35(private_key, ciphertext, ret);
 }
 
 /**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static tuple_3c encapsulate_95(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static tuple_c2 encapsulate_cd(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_66(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_ca(uu____0, copy_of_randomness);
 }
 
 /**
@@ -88,14 +88,14 @@ static tuple_3c encapsulate_95(
  The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_95(uu____0, copy_of_randomness);
+  return encapsulate_cd(uu____0, copy_of_randomness);
 }
 
 /**
@@ -110,12 +110,12 @@ generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d1(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c6(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_f8(copy_of_randomness);
 }
 
 /**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_d1(copy_of_randomness);
+  return generate_keypair_c6(copy_of_randomness);
 }
 
 /**
@@ -137,10 +137,10 @@ generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool validate_private_key_da(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static KRML_MUSTINLINE bool validate_private_key_31(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_33(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key,
                                                         ciphertext);
 }
 
@@ -150,9 +150,9 @@ static KRML_MUSTINLINE bool validate_private_key_da(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return validate_private_key_da(private_key, ciphertext);
+  return validate_private_key_31(private_key, ciphertext);
 }
 
 /**
@@ -163,8 +163,8 @@ generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_bf(public_key);
+static KRML_MUSTINLINE bool validate_public_key_31(uint8_t *public_key) {
+  return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key);
 }
 
 /**
@@ -173,6 +173,6 @@ static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) {
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return validate_public_key_e9(public_key->value);
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) {
+  return validate_public_key_31(public_key->value);
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 4e8116617..40d10c58e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -29,7 +29,7 @@ extern "C" {
  [`MlKem768Ciphertext`].
 */
 void libcrux_ml_kem_mlkem768_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
 /**
@@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate(
  The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]);
 
 /**
@@ -55,7 +55,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]);
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext);
 
 /**
@@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
  Returns `true` if valid, and `false` otherwise.
 */
 bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key);
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 05520bf99..7bc6760f3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -612,12 +612,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
   mm_storeu_bytes_si128(
       Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
   uint8_t ret0[8U];
-  core_result_Result_56 dst;
+  core_result_Result_15 dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t),
       Eurydice_slice, uint8_t[8U]);
-  core_result_unwrap_26_0e(dst, ret0);
+  core_result_unwrap_26_68(dst, ret0);
   memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t));
 }
 
@@ -713,12 +713,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
   uint8_t ret0[10U];
-  core_result_Result_cd dst;
+  core_result_Result_9d dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t),
       Eurydice_slice, uint8_t[10U]);
-  core_result_unwrap_26_07(dst, ret0);
+  core_result_unwrap_26_ce(dst, ret0);
   memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t));
 }
 
@@ -839,12 +839,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
                                                     (size_t)26U, uint8_t),
                         upper_8);
   uint8_t ret0[20U];
-  core_result_Result_7a dst;
+  core_result_Result_e1 dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t),
       Eurydice_slice, uint8_t[20U]);
-  core_result_unwrap_26_ea(dst, ret0);
+  core_result_unwrap_26_20(dst, ret0);
   memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t));
 }
 
@@ -982,12 +982,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12(
                                                     (size_t)28U, uint8_t),
                         upper_8);
   uint8_t ret0[24U];
-  core_result_Result_6f dst;
+  core_result_Result_b2 dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t),
       Eurydice_slice, uint8_t[24U]);
-  core_result_unwrap_26_76(dst, ret0);
+  core_result_unwrap_26_70(dst, ret0);
   memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t));
 }
 
@@ -1112,8 +1112,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_05(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit;
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_ef_61(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
   lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
   lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
   lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
@@ -1139,9 +1139,9 @@ libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_reduced_ring_element_dc(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_to_reduced_ring_element_61(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -1160,9 +1160,9 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ab(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -1173,8 +1173,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_dc(ring_element);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        deserialize_to_reduced_ring_element_61(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -1185,16 +1185,20 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_ab(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_531(public_key, deserialized_pk);
+                  deserialized_pk[i] = ZERO_ef_61(););
+  deserialize_ring_elements_reduced_ab(public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   memcpy(
-      ret, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      result, deserialized_pk,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  memcpy(
+      ret, result,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -1202,7 +1206,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right
 with const generics
 - SHIFT_BY= 15
 */
-static KRML_MUSTINLINE __m256i shift_right_65(__m256i vector) {
+static KRML_MUSTINLINE __m256i shift_right_ef(__m256i vector) {
   return mm256_srai_epi16((int32_t)15, vector, __m256i);
 }
 
@@ -1215,8 +1219,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09
 with const generics
 - SHIFT_BY= 15
 */
-static __m256i shift_right_09_85(__m256i vector) {
-  return shift_right_65(vector);
+static __m256i shift_right_09_ef(__m256i vector) {
+  return shift_right_ef(vector);
 }
 
 /**
@@ -1225,8 +1229,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static __m256i to_unsigned_representative_3f(__m256i a) {
-  __m256i t = shift_right_09_85(a);
+static __m256i to_unsigned_representative_61(__m256i a) {
+  __m256i t = shift_right_09_ef(a);
   __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -1238,8 +1242,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_7b(__m256i a) {
-  return to_unsigned_representative_3f(a);
+static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_61(__m256i a) {
+  return to_unsigned_representative_61(a);
 }
 
 /**
@@ -1248,13 +1252,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = to_unsigned_field_modulus_7b(re->coefficients[i0]);
+    __m256i coefficient = to_unsigned_field_modulus_61(re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -1274,25 +1278,25 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void serialize_secret_key_991(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
+static KRML_MUSTINLINE void serialize_secret_key_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_2c(&re, ret0);
+    serialize_uncompressed_ring_element_61(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -1307,13 +1311,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_6c1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_mut_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  serialize_secret_key_991(t_as_ntt, ret);
+  serialize_secret_key_ed(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -1330,14 +1334,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_ca1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  serialize_public_key_mut_ed(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -1348,15 +1350,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
-  deserialize_ring_elements_reduced_out_cc1(
+bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U];
+  deserialize_ring_elements_reduced_out_ab(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_ca1(
+  serialize_public_key_ed(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -1374,7 +1376,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void H_a9_411(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
 
@@ -1386,14 +1388,14 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_701(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+bool libcrux_ml_kem_ind_cca_validate_private_key_12(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
-  H_a9_411(Eurydice_array_to_subslice2(
-               private_key->value, (size_t)384U * (size_t)3U,
-               (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
-           t);
+  H_a9_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
+          t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
       (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
@@ -1407,9 +1409,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $3size_t
 */
-typedef struct IndCpaPrivateKeyUnpacked_a0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-} IndCpaPrivateKeyUnpacked_a0;
+typedef struct IndCpaPrivateKeyUnpacked_63_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
+} IndCpaPrivateKeyUnpacked_63;
 
 /**
 This function found in impl {(core::default::Default for
@@ -1422,11 +1424,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static IndCpaPrivateKeyUnpacked_a0 default_1a_3c1(void) {
-  IndCpaPrivateKeyUnpacked_a0 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_05();
-  lit.secret_as_ntt[1U] = ZERO_ef_05();
-  lit.secret_as_ntt[2U] = ZERO_ef_05();
+static IndCpaPrivateKeyUnpacked_63 default_1a_ab(void) {
+  IndCpaPrivateKeyUnpacked_63 lit;
+  lit.secret_as_ntt[0U] = ZERO_ef_61();
+  lit.secret_as_ntt[1U] = ZERO_ef_61();
+  lit.secret_as_ntt[2U] = ZERO_ef_61();
   return lit;
 }
 
@@ -1436,11 +1438,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $3size_t
 */
-typedef struct IndCpaPublicKeyUnpacked_a0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U];
+typedef struct IndCpaPublicKeyUnpacked_63_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U];
-} IndCpaPublicKeyUnpacked_a0;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
+} IndCpaPublicKeyUnpacked_63;
 
 /**
 This function found in impl {(core::default::Default for
@@ -1453,25 +1455,25 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static IndCpaPublicKeyUnpacked_a0 default_8d_891(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U];
+static IndCpaPublicKeyUnpacked_63 default_8d_ab(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_05(););
+                  uu____0[i] = ZERO_ef_61(););
   uint8_t uu____1[32U] = {0U};
-  IndCpaPublicKeyUnpacked_a0 lit;
+  IndCpaPublicKeyUnpacked_63 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_05();
-  lit.A[0U][1U] = ZERO_ef_05();
-  lit.A[0U][2U] = ZERO_ef_05();
-  lit.A[1U][0U] = ZERO_ef_05();
-  lit.A[1U][1U] = ZERO_ef_05();
-  lit.A[1U][2U] = ZERO_ef_05();
-  lit.A[2U][0U] = ZERO_ef_05();
-  lit.A[2U][1U] = ZERO_ef_05();
-  lit.A[2U][2U] = ZERO_ef_05();
+  lit.A[0U][0U] = ZERO_ef_61();
+  lit.A[0U][1U] = ZERO_ef_61();
+  lit.A[0U][2U] = ZERO_ef_61();
+  lit.A[1U][0U] = ZERO_ef_61();
+  lit.A[1U][1U] = ZERO_ef_61();
+  lit.A[1U][2U] = ZERO_ef_61();
+  lit.A[2U][0U] = ZERO_ef_61();
+  lit.A[2U][1U] = ZERO_ef_61();
+  lit.A[2U][2U] = ZERO_ef_61();
   return lit;
 }
 
@@ -1484,7 +1486,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void G_a9_9f1(Eurydice_slice input, uint8_t ret[64U]) {
+static KRML_MUSTINLINE void G_a9_e0(Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_avx2_G(input, ret);
 }
 
@@ -1498,7 +1500,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_751(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_be(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -1509,7 +1511,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_751(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)3U;
   uint8_t ret0[64U];
-  G_a9_9f1(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
+  G_a9_e0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
 
@@ -1520,8 +1522,8 @@ generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-shake128_init_absorb_final_961(uint8_t input[3U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_29 state =
+shake128_init_absorb_final_e0(uint8_t input[3U][34U]) {
+  libcrux_sha3_generic_keccak_KeccakState_55 state =
       libcrux_sha3_avx2_x4_incremental_init();
   libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
       &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t),
@@ -1542,11 +1544,11 @@ generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-shake128_init_absorb_final_a9_c11(uint8_t input[3U][34U]) {
+shake128_init_absorb_final_a9_e0(uint8_t input[3U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[3U][34U];
   memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U]));
-  return shake128_init_absorb_final_961(copy_of_input);
+  return shake128_init_absorb_final_e0(copy_of_input);
 }
 
 /**
@@ -1555,7 +1557,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with
 const generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_081(
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) {
   uint8_t out[3U][504U] = {{0U}};
   uint8_t out0[504U] = {0U};
@@ -1589,9 +1591,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with
 const generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_7a1(
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) {
-  shake128_squeeze_first_three_blocks_081(self, ret);
+  shake128_squeeze_first_three_blocks_e0(self, ret);
 }
 
 /**
@@ -1642,7 +1644,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 - N= 504
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe3(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed(
     uint8_t randomness[3U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR3(
@@ -1680,7 +1682,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_011(
+static KRML_MUSTINLINE void shake128_squeeze_next_block_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) {
   uint8_t out[3U][168U] = {{0U}};
   uint8_t out0[168U] = {0U};
@@ -1714,9 +1716,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_9f1(
+static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) {
-  shake128_squeeze_next_block_011(self, ret);
+  shake128_squeeze_next_block_e0(self, ret);
 }
 
 /**
@@ -1767,7 +1769,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 - N= 168
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe4(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed0(
     uint8_t randomness[3U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR3(
@@ -1810,9 +1812,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-from_i16_array_ef_ef(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+from_i16_array_ef_61(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -1829,9 +1831,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 3
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b41(
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c1(
     int16_t s[272U]) {
-  return from_i16_array_ef_ef(
+  return from_i16_array_ef_61(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -1841,46 +1843,46 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void sample_from_xof_901(
+static KRML_MUSTINLINE void sample_from_xof_6c1(
     uint8_t seeds[3U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   size_t sampled_coefficients[3U] = {0U};
   int16_t out[3U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[3U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
   libcrux_sha3_avx2_x4_incremental_KeccakState xof_state =
-      shake128_init_absorb_final_a9_c11(copy_of_seeds);
+      shake128_init_absorb_final_a9_e0(copy_of_seeds);
   uint8_t randomness0[3U][504U];
-  shake128_squeeze_first_three_blocks_a9_7a1(&xof_state, randomness0);
+  shake128_squeeze_first_three_blocks_a9_e0(&xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[3U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
-  bool done = sample_from_uniform_distribution_next_fe3(
+  bool done = sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[3U][168U];
-      shake128_squeeze_next_block_a9_9f1(&xof_state, randomness);
+      shake128_squeeze_next_block_a9_e0(&xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[3U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)3U * sizeof(uint8_t[168U]));
-      done = sample_from_uniform_distribution_next_fe4(
+      done = sample_from_uniform_distribution_next_ed0(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[3U][272U];
   memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  ret0[i] = closure_b41(copy_of_out[i]););
+                  ret0[i] = closure_6c1(copy_of_out[i]););
   memcpy(
       ret, ret0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -1889,8 +1891,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void sample_matrix_A_ee1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U],
+static KRML_MUSTINLINE void sample_matrix_A_6c1(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[3U],
     uint8_t seed[34U], bool transpose) {
   KRML_MAYBE_FOR3(
       i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0;
@@ -1905,25 +1907,23 @@ static KRML_MUSTINLINE void sample_matrix_A_ee1(
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_seeds[3U][34U];
       memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U];
-      sample_from_xof_901(copy_of_seeds, sampled);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[3U];
+      sample_from_xof_6c1(copy_of_seeds, sampled);
       for (size_t i = (size_t)0U;
            i < Eurydice_slice_len(
                    Eurydice_array_to_slice(
                        (size_t)3U, sampled,
-                       libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                       libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
            i++) {
         size_t j = i;
-        libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j];
+        libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
         if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
         }
-      }
-
-  );
+      });
 }
 
 /**
@@ -1932,8 +1932,8 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_fb2(uint8_t (*input)[33U],
-                                      uint8_t ret[3U][128U]) {
+static KRML_MUSTINLINE void PRFxN_41(uint8_t (*input)[33U],
+                                     uint8_t ret[3U][128U]) {
   uint8_t out[3U][128U] = {{0U}};
   uint8_t out0[128U] = {0U};
   uint8_t out1[128U] = {0U};
@@ -1970,9 +1970,9 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_a9_b22(uint8_t (*input)[33U],
-                                         uint8_t ret[3U][128U]) {
-  PRFxN_fb2(input, ret);
+static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U],
+                                        uint8_t ret[3U][128U]) {
+  PRFxN_41(input, ret);
 }
 
 /**
@@ -1981,8 +1981,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-sample_from_binomial_distribution_2_4a(Eurydice_slice randomness) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+sample_from_binomial_distribution_2_61(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
@@ -2016,7 +2016,7 @@ sample_from_binomial_distribution_2_4a(Eurydice_slice randomness) {
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_ef(
+  return from_i16_array_ef_61(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -2026,8 +2026,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-sample_from_binomial_distribution_3_20(Eurydice_slice randomness) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+sample_from_binomial_distribution_3_61(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) {
@@ -2060,7 +2060,7 @@ sample_from_binomial_distribution_3_20(Eurydice_slice randomness) {
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_ef(
+  return from_i16_array_ef_61(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -2070,9 +2070,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - ETA= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-sample_from_binomial_distribution_d7(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_2_4a(randomness);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+sample_from_binomial_distribution_89(Eurydice_slice randomness) {
+  return sample_from_binomial_distribution_2_61(randomness);
 }
 
 /**
@@ -2081,8 +2081,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_13(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_7_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
@@ -2106,7 +2106,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i montgomery_multiply_fe_5f(__m256i v, int16_t fer) {
+static __m256i montgomery_multiply_fe_61(__m256i v, int16_t fer) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
 }
 
@@ -2117,8 +2117,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-ntt_layer_int_vec_step_97(__m256i a, __m256i b, int16_t zeta_r) {
-  __m256i t = montgomery_multiply_fe_5f(b, zeta_r);
+ntt_layer_int_vec_step_61(__m256i a, __m256i b, int16_t zeta_r) {
+  __m256i t = montgomery_multiply_fe_61(b, zeta_r);
   b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
   a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
@@ -2131,8 +2131,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_ca(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -2144,7 +2144,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_ca(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          ntt_layer_int_vec_step_97(
+          ntt_layer_int_vec_step_61(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2161,8 +2161,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_ba(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_3_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -2177,8 +2177,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_89(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_2_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -2195,8 +2195,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_d7(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_1_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -2220,8 +2220,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_a9(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2236,17 +2236,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ef(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
-  ntt_at_layer_7_13(re);
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
+  ntt_at_layer_7_61(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_ba(&zeta_i, re);
-  ntt_at_layer_2_89(&zeta_i, re);
-  ntt_at_layer_1_d7(&zeta_i, re);
-  poly_barrett_reduce_ef_a9(re);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_61(&zeta_i, re);
+  ntt_at_layer_2_61(&zeta_i, re);
+  ntt_at_layer_1_61(&zeta_i, re);
+  poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -2257,8 +2257,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b41(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -2267,16 +2267,18 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[3U][128U];
-  PRFxN_a9_b22(prf_inputs, prf_outputs);
+  PRFxN_a9_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-      re_as_ntt[i0] = sample_from_binomial_distribution_d7(
+      re_as_ntt[i0] = sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -2286,10 +2288,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t
 
 */
-typedef struct tuple_b0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U];
+typedef struct tuple_23_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[3U];
   uint8_t snd;
-} tuple_b0;
+} tuple_23;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out
@@ -2299,27 +2301,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811(
+static KRML_MUSTINLINE tuple_23 sample_vector_cbd_then_ntt_out_b41(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_05(););
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
+                  re_as_ntt[i] = ZERO_ef_61(););
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_b01(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b41(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b0 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_23 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -2333,10 +2335,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-ntt_multiply_ef_b2(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2364,9 +2366,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_4f1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
+static KRML_MUSTINLINE void add_to_ring_element_ef_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
                                   (size_t)16U, self->coefficients, __m256i),
@@ -2384,7 +2386,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i to_standard_domain_79(__m256i v) {
+static __m256i to_standard_domain_61(__m256i v) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
@@ -2400,14 +2402,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_34(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        to_standard_domain_79(self->coefficients[j]);
+        to_standard_domain_61(self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -2420,37 +2422,37 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_As_plus_e_2d1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) {
+static KRML_MUSTINLINE void compute_As_plus_e_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_05();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)3U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_4f1(&t_as_ntt[i0], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          ntt_multiply_ef_61(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_ab(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_61(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -2463,47 +2465,47 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_a41(
+static void generate_keypair_unpacked_221(
     Eurydice_slice key_generation_seed,
-    IndCpaPrivateKeyUnpacked_a0 *private_key,
-    IndCpaPublicKeyUnpacked_a0 *public_key) {
+    IndCpaPrivateKeyUnpacked_63 *private_key,
+    IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_751(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret);
-  sample_matrix_A_ee1(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  sample_matrix_A_6c1(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_b01(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b41(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_811(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_2d1(public_key->t_as_ntt, public_key->A,
-                        private_key->secret_as_ntt, error_as_ntt);
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  compute_As_plus_e_ab(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
-  core_result_Result_00 dst;
+  core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  core_result_unwrap_26_33(dst, uu____5);
+  core_result_unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -2519,18 +2521,18 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1(
+static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bb1(
     Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1();
-  IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891();
-  generate_keypair_unpacked_a41(key_generation_seed, &private_key, &public_key);
+  IndCpaPrivateKeyUnpacked_63 private_key = default_1a_ab();
+  IndCpaPublicKeyUnpacked_63 public_key = default_8d_ab();
+  generate_keypair_unpacked_221(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_ca1(
+  serialize_public_key_ed(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_991(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_ed(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -2539,12 +2541,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -2554,7 +2556,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_1f1(
+static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -2580,7 +2582,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_1f1(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  H_a9_411(public_key, ret0);
+  H_a9_e0(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -2610,7 +2612,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d61(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -2619,13 +2621,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      generate_keypair_6a1(ind_cpa_keypair_randomness);
+      generate_keypair_bb1(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  serialize_kem_secret_key_1f1(
+  serialize_kem_secret_key_ae(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -2633,14 +2635,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[2400U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
+      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee0(
-      uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_74(
+      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
 }
 
 /**
@@ -2653,8 +2655,8 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_641(Eurydice_slice randomness,
-                                                      uint8_t ret[32U]) {
+static KRML_MUSTINLINE void entropy_preprocess_d8_be(Eurydice_slice randomness,
+                                                     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
                       randomness, uint8_t);
@@ -2669,11 +2671,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_b0
-sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
+static KRML_MUSTINLINE tuple_23
+sample_ring_element_cbd_b41(uint8_t prf_input[33U], uint8_t domain_separator) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  error_1[i] = ZERO_ef_05(););
+                  error_1[i] = ZERO_ef_61(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -2681,28 +2683,30 @@ sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[3U][128U];
-  PRFxN_a9_b22(prf_inputs, prf_outputs);
+  PRFxN_a9_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 =
-          sample_from_binomial_distribution_d7(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 =
+          sample_from_binomial_distribution_89(
               Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
       error_1[i0] = uu____1;);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[3U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b0 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_23 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -2710,7 +2714,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF
 with const generics
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_960(Eurydice_slice input, uint8_t ret[128U]) {
+static KRML_MUSTINLINE void PRF_a6(Eurydice_slice input, uint8_t ret[128U]) {
   uint8_t digest[128U] = {0U};
   libcrux_sha3_portable_shake256(
       Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input);
@@ -2727,9 +2731,9 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_a9_164(Eurydice_slice input,
+static KRML_MUSTINLINE void PRF_a9_410(Eurydice_slice input,
                                        uint8_t ret[128U]) {
-  PRF_960(input, ret);
+  PRF_a6(input, ret);
 }
 
 /**
@@ -2738,8 +2742,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_f7(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2759,8 +2763,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_98(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2778,8 +2782,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_fe(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
                    zeta_i[0U] = zeta_i[0U] - (size_t)1U;
                    re->coefficients[round] =
@@ -2795,11 +2799,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-inv_ntt_layer_int_vec_step_reduce_75(__m256i a, __m256i b, int16_t zeta_r) {
+inv_ntt_layer_int_vec_step_reduce_61(__m256i a, __m256i b, int16_t zeta_r) {
   __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
   a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
       libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = montgomery_multiply_fe_5f(a_minus_b, zeta_r);
+  b = montgomery_multiply_fe_61(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2810,8 +2814,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -2825,7 +2829,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_75(
+          inv_ntt_layer_int_vec_step_reduce_61(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2842,18 +2846,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_8f1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void invert_ntt_montgomery_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_f7(&zeta_i, re);
-  invert_ntt_at_layer_2_98(&zeta_i, re);
-  invert_ntt_at_layer_3_fe(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_a9(re);
+  invert_ntt_at_layer_1_61(&zeta_i, re);
+  invert_ntt_at_layer_2_61(&zeta_i, re);
+  invert_ntt_at_layer_3_61(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -2867,9 +2871,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_dd(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
+static KRML_MUSTINLINE void add_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
@@ -2888,46 +2892,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_vector_u_dd1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U];
+static KRML_MUSTINLINE void compute_vector_u_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  result0[i] = ZERO_ef_05(););
+                  result[i] = ZERO_ef_61(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)3U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)3U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_4f1(&result0[i1], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_ab(&result[i1], &product);
     }
-    invert_ntt_montgomery_8f1(&result0[i1]);
-    add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
+    invert_ntt_montgomery_ab(&result[i1]);
+    add_error_reduce_ef_61(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
-  memcpy(
-      result, result0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -2936,7 +2936,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static __m256i decompress_1_08(__m256i vec) {
+static __m256i decompress_1_61(__m256i vec) {
   __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
   __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
   return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s,
@@ -2949,9 +2949,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_message with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_message_d3(uint8_t serialized[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_message_61(uint8_t serialized[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       __m256i coefficient_compressed =
@@ -2959,7 +2959,7 @@ deserialize_then_decompress_message_d3(uint8_t serialized[32U]) {
               Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                           (size_t)2U * i0 + (size_t)2U,
                                           uint8_t));
-      re.coefficients[i0] = decompress_1_08(coefficient_compressed););
+      re.coefficients[i0] = decompress_1_61(coefficient_compressed););
   return re;
 }
 
@@ -2974,11 +2974,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-add_message_error_reduce_ef_79(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+add_message_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3001,19 +3001,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_771(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+compute_ring_element_v_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_4f1(&result, &product););
-  invert_ntt_montgomery_8f1(&result);
-  result = add_message_error_reduce_ef_79(error_2, message, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+                      ntt_multiply_ef_61(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_ab(&result, &product););
+  invert_ntt_montgomery_ab(&result);
+  result = add_message_error_reduce_ef_61(error_2, message, result);
   return result;
 }
 
@@ -3024,7 +3024,7 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a(__m256i vector) {
+compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3071,8 +3071,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static __m256i compress_09_74(__m256i vector) {
-  return compress_ciphertext_coefficient_1a(vector);
+static __m256i compress_09_ef(__m256i vector) {
+  return compress_ciphertext_coefficient_ef(vector);
 }
 
 /**
@@ -3081,14 +3081,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_10_2b0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
+static KRML_MUSTINLINE void compress_then_serialize_10_0e0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_74(to_unsigned_field_modulus_7b(re->coefficients[i0]));
+        compress_09_ef(to_unsigned_field_modulus_61(re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -3108,7 +3108,7 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a0(__m256i vector) {
+compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3155,8 +3155,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 11
 */
-static __m256i compress_09_740(__m256i vector) {
-  return compress_ciphertext_coefficient_1a0(vector);
+static __m256i compress_09_c4(__m256i vector) {
+  return compress_ciphertext_coefficient_c4(vector);
 }
 
 /**
@@ -3166,11 +3166,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  compress_then_serialize_10_2b0(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_a4(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
+  uint8_t result[320U];
+  compress_then_serialize_10_0e0(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3182,23 +3182,23 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_421(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
+static void compress_then_serialize_u_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_9e0(&re, ret);
+    compress_then_serialize_ring_element_u_a4(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -3211,7 +3211,7 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a1(__m256i vector) {
+compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3258,8 +3258,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 4
 */
-static __m256i compress_09_741(__m256i vector) {
-  return compress_ciphertext_coefficient_1a1(vector);
+static __m256i compress_09_d1(__m256i vector) {
+  return compress_ciphertext_coefficient_d1(vector);
 }
 
 /**
@@ -3268,14 +3268,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_a4(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
+static KRML_MUSTINLINE void compress_then_serialize_4_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_741(to_unsigned_field_modulus_7b(re.coefficients[i0]));
+        compress_09_d1(to_unsigned_field_modulus_61(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
     Eurydice_slice_copy(
@@ -3292,7 +3292,7 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a2(__m256i vector) {
+compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i field_modulus_halved = mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
       (int32_t)2);
@@ -3339,8 +3339,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
 with const generics
 - COEFFICIENT_BITS= 5
 */
-static __m256i compress_09_742(__m256i vector) {
-  return compress_ciphertext_coefficient_1a2(vector);
+static __m256i compress_09_f4(__m256i vector) {
+  return compress_ciphertext_coefficient_f4(vector);
 }
 
 /**
@@ -3349,14 +3349,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_03(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
+static KRML_MUSTINLINE void compress_then_serialize_5_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients =
-        compress_09_742(to_unsigned_representative_3f(re.coefficients[i0]));
+        compress_09_f4(to_unsigned_representative_61(re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
     Eurydice_slice_copy(
@@ -3373,9 +3373,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d10(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  compress_then_serialize_4_a4(re, out);
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_78(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
+  compress_then_serialize_4_61(re, out);
 }
 
 /**
@@ -3395,58 +3395,58 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key,
+static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness,
                                  uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_811(copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
+  tuple_23 uu____1 = sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input0, 0U);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____3 =
-      sample_ring_element_cbd_a01(copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
+  tuple_23 uu____3 =
+      sample_ring_element_cbd_b41(copy_of_prf_input, domain_separator0);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  PRF_a9_164(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
+  PRF_a9_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 =
-      sample_from_binomial_distribution_d7(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 =
+      sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
-  compute_vector_u_dd1(public_key->A, r_as_ntt, error_1, u);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
+  compute_vector_u_ab(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_d3(copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_771(public_key->t_as_ntt, r_as_ntt, &error_2,
-                                 &message_as_ring_element);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
+      deserialize_then_decompress_message_61(copy_of_message);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      compute_ring_element_v_ab(public_key->t_as_ntt, r_as_ntt, &error_2,
+                                &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
   memcpy(
       uu____5, u,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_421(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_d10(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
+  compress_then_serialize_ring_element_v_78(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -3469,26 +3469,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_741(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1088U]) {
-  IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891();
-  deserialize_ring_elements_reduced_531(
+  IndCpaPublicKeyUnpacked_63 unpacked_public_key = default_8d_ab();
+  deserialize_ring_elements_reduced_ab(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed, ret0);
-  sample_matrix_A_ee1(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key;
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  sample_matrix_A_6c1(uu____0, ret0, false);
+  IndCpaPublicKeyUnpacked_63 *uu____1 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  encrypt_unpacked_a41(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  encrypt_unpacked_741(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -3502,8 +3502,8 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void kdf_d8_161(Eurydice_slice shared_secret,
-                                       uint8_t ret[32U]) {
+static KRML_MUSTINLINE void kdf_d8_ae(Eurydice_slice shared_secret,
+                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
                       shared_secret, uint8_t);
@@ -3529,27 +3529,27 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_701(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_641(
+  entropy_preprocess_d8_be(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  H_a9_411(Eurydice_array_to_slice(
-               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key),
-               uint8_t),
-           ret);
+  H_a9_e0(Eurydice_array_to_slice(
+              (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key),
+              uint8_t),
+          ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  G_a9_9f1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
+  G_a9_e0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -3557,25 +3557,25 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_741(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_451(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_161(shared_secret, shared_secret_array);
+  kdf_d8_ae(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -3587,9 +3587,9 @@ libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_uncompressed_ring_element_6c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -3606,12 +3606,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_secret_key_541(
+static KRML_MUSTINLINE void deserialize_secret_key_ab(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_05(););
+                  secret_as_ntt[i] = ZERO_ef_61(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -3622,17 +3622,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_541(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_6c(secret_bytes);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        deserialize_to_uncompressed_ring_element_61(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      ret, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -3642,7 +3638,7 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e(__m256i vector) {
+decompress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3686,8 +3682,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 10
 */
-static __m256i decompress_ciphertext_coefficient_09_70(__m256i vector) {
-  return decompress_ciphertext_coefficient_8e(vector);
+static __m256i decompress_ciphertext_coefficient_09_ef(__m256i vector) {
+  return decompress_ciphertext_coefficient_ef(vector);
 }
 
 /**
@@ -3696,21 +3692,19 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_10_c7(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i),
-          __m256i),
-      size_t, void *);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_10_61(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+  size_t _coefficients_length = Eurydice_slice_len(
+      Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), __m256i);
+  LowStar_Ignore_ignore(_coefficients_length, size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_70(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_ef(coefficient);
   }
   return re;
 }
@@ -3722,7 +3716,7 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e0(__m256i vector) {
+decompress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3766,8 +3760,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 11
 */
-static __m256i decompress_ciphertext_coefficient_09_700(__m256i vector) {
-  return decompress_ciphertext_coefficient_8e0(vector);
+static __m256i decompress_ciphertext_coefficient_09_c4(__m256i vector) {
+  return decompress_ciphertext_coefficient_c4(vector);
 }
 
 /**
@@ -3776,16 +3770,16 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_11_d5(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_11_61(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_700(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_c4(coefficient);
   }
   return re;
 }
@@ -3796,9 +3790,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_790(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_c7(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_ring_element_u_ee(Eurydice_slice serialized) {
+  return deserialize_then_decompress_10_61(serialized);
 }
 
 /**
@@ -3807,17 +3801,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void ntt_vector_u_b70(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void ntt_vector_u_ee(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_ba(&zeta_i, re);
-  ntt_at_layer_2_89(&zeta_i, re);
-  ntt_at_layer_1_d7(&zeta_i, re);
-  poly_barrett_reduce_ef_a9(re);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_61(&zeta_i, re);
+  ntt_at_layer_2_61(&zeta_i, re);
+  ntt_at_layer_1_61(&zeta_i, re);
+  poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -3828,12 +3822,12 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_251(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_ed(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_05(););
+                  u_as_ntt[i] = ZERO_ef_61(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
@@ -3851,12 +3845,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_251(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes);
-    ntt_vector_u_b70(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ee(u_bytes);
+    ntt_vector_u_ee(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -3866,7 +3860,7 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e1(__m256i vector) {
+decompress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3910,8 +3904,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 4
 */
-static __m256i decompress_ciphertext_coefficient_09_701(__m256i vector) {
-  return decompress_ciphertext_coefficient_8e1(vector);
+static __m256i decompress_ciphertext_coefficient_09_d1(__m256i vector) {
+  return decompress_ciphertext_coefficient_d1(vector);
 }
 
 /**
@@ -3920,16 +3914,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_4_75(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_4_61(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_701(coefficient);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_09_d1(coefficient);
   }
   return re;
 }
@@ -3941,7 +3935,7 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e2(__m256i vector) {
+decompress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
@@ -3985,8 +3979,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
 generics
 - COEFFICIENT_BITS= 5
 */
-static __m256i decompress_ciphertext_coefficient_09_702(__m256i vector) {
-  return decompress_ciphertext_coefficient_8e2(vector);
+static __m256i decompress_ciphertext_coefficient_09_f4(__m256i vector) {
+  return decompress_ciphertext_coefficient_f4(vector);
 }
 
 /**
@@ -3995,9 +3989,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_5_f8(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_5_61(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
@@ -4005,7 +3999,7 @@ deserialize_then_decompress_5_f8(Eurydice_slice serialized) {
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
     re.coefficients[i0] =
-        decompress_ciphertext_coefficient_09_702(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_09_f4(re.coefficients[i0]);
   }
   return re;
 }
@@ -4016,9 +4010,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_b90(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_75(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_ring_element_v_42(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_61(serialized);
 }
 
 /**
@@ -4032,9 +4026,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-subtract_reduce_ef_da(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -4054,18 +4048,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7d1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+compute_message_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_4f1(&result, &product););
-  invert_ntt_montgomery_8f1(&result);
-  result = subtract_reduce_ef_da(v, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+                      ntt_multiply_ef_61(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_ab(&result, &product););
+  invert_ntt_montgomery_ab(&result);
+  result = subtract_reduce_ef_61(v, result);
   return result;
 }
 
@@ -4075,12 +4069,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_dd(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void compress_then_serialize_message_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
-      __m256i coefficient = to_unsigned_field_modulus_7b(re.coefficients[i0]);
+      __m256i coefficient = to_unsigned_field_modulus_61(re.coefficients[i0]);
       __m256i coefficient_compressed =
           libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
       uint8_t bytes[2U];
@@ -4105,18 +4099,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_9d1(IndCpaPrivateKeyUnpacked_a0 *secret_key,
-                                 uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
-  deserialize_then_decompress_u_251(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_b90(
+static void decrypt_unpacked_2f(IndCpaPrivateKeyUnpacked_63 *secret_key,
+                                uint8_t *ciphertext, uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
+  deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      deserialize_then_decompress_ring_element_v_42(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
+      compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_dd(message, ret0);
+  compress_then_serialize_message_61(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -4130,22 +4124,22 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext,
-                        uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-  deserialize_secret_key_541(secret_key, secret_as_ntt);
+static void decrypt_2f(Eurydice_slice secret_key, uint8_t *ciphertext,
+                       uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
+  deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  IndCpaPrivateKeyUnpacked_63 secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  decrypt_unpacked_9d1(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  uint8_t ret0[32U];
+  decrypt_unpacked_2f(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -4153,7 +4147,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF
 with const generics
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_96(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void PRF_9e(Eurydice_slice input, uint8_t ret[32U]) {
   uint8_t digest[32U] = {0U};
   libcrux_sha3_portable_shake256(
       Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
@@ -4170,8 +4164,8 @@ with const generics
 - K= 3
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_a9_163(Eurydice_slice input, uint8_t ret[32U]) {
-  PRF_96(input, ret);
+static KRML_MUSTINLINE void PRF_a9_41(Eurydice_slice input, uint8_t ret[32U]) {
+  PRF_9e(input, ret);
 }
 
 /**
@@ -4196,8 +4190,8 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_7f1(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+void libcrux_ml_kem_ind_cca_decapsulate_a11(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
@@ -4214,9 +4208,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_751(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_2f(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -4224,7 +4218,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  G_a9_9f1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
+  G_a9_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -4232,31 +4226,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
-             implicit_rejection_shared_secret0);
+  PRF_a9_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
+            implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_741(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_161(Eurydice_array_to_slice(
-                 (size_t)32U, implicit_rejection_shared_secret0, uint8_t),
-             implicit_rejection_shared_secret);
+  kdf_d8_ae(Eurydice_array_to_slice((size_t)32U,
+                                    implicit_rejection_shared_secret0, uint8_t),
+            implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_161(shared_secret0, shared_secret1);
+  kdf_d8_ae(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4271,9 +4265,9 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_42(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -4284,8 +4278,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_dc(ring_element);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        deserialize_to_reduced_ring_element_61(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -4296,16 +4290,20 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_42(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_53(public_key, deserialized_pk);
+                  deserialized_pk[i] = ZERO_ef_61(););
+  deserialize_ring_elements_reduced_42(public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[4U];
+  memcpy(
+      result, deserialized_pk,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(
-      ret, deserialized_pk,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      ret, result,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -4315,25 +4313,25 @@ with const generics
 - K= 4
 - OUT_LEN= 1536
 */
-static KRML_MUSTINLINE void serialize_secret_key_99(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
+static KRML_MUSTINLINE void serialize_secret_key_78(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key,
     uint8_t ret[1536U]) {
   uint8_t out[1536U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)4U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_2c(&re, ret0);
+    serialize_uncompressed_ring_element_61(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -4348,13 +4346,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_6c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_mut_1e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1536U, uint8_t);
   uint8_t ret[1536U];
-  serialize_secret_key_99(t_as_ntt, ret);
+  serialize_secret_key_78(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -4371,14 +4369,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_ca(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_1e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
   uint8_t public_key_serialized[1568U] = {0U};
-  serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1568U];
-  memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  serialize_public_key_mut_1e(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4389,15 +4385,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
-  deserialize_ring_elements_reduced_out_cc0(
+bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[4U];
+  deserialize_ring_elements_reduced_out_42(
       Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_ca(
+  serialize_public_key_1e(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
                                       uint8_t, size_t),
@@ -4415,7 +4411,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void H_a9_41(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
 
@@ -4427,11 +4423,11 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_700(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_b9(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) {
   uint8_t t[32U];
-  H_a9_41(Eurydice_array_to_subslice2(
+  H_a9_ac(Eurydice_array_to_subslice2(
               private_key->value, (size_t)384U * (size_t)4U,
               (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
           t);
@@ -4448,9 +4444,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $4size_t
 */
-typedef struct IndCpaPrivateKeyUnpacked_01_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
-} IndCpaPrivateKeyUnpacked_01;
+typedef struct IndCpaPrivateKeyUnpacked_39_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
+} IndCpaPrivateKeyUnpacked_39;
 
 /**
 This function found in impl {(core::default::Default for
@@ -4463,12 +4459,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static IndCpaPrivateKeyUnpacked_01 default_1a_3c(void) {
-  IndCpaPrivateKeyUnpacked_01 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_05();
-  lit.secret_as_ntt[1U] = ZERO_ef_05();
-  lit.secret_as_ntt[2U] = ZERO_ef_05();
-  lit.secret_as_ntt[3U] = ZERO_ef_05();
+static IndCpaPrivateKeyUnpacked_39 default_1a_42(void) {
+  IndCpaPrivateKeyUnpacked_39 lit;
+  lit.secret_as_ntt[0U] = ZERO_ef_61();
+  lit.secret_as_ntt[1U] = ZERO_ef_61();
+  lit.secret_as_ntt[2U] = ZERO_ef_61();
+  lit.secret_as_ntt[3U] = ZERO_ef_61();
   return lit;
 }
 
@@ -4478,11 +4474,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $4size_t
 */
-typedef struct IndCpaPublicKeyUnpacked_01_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U];
+typedef struct IndCpaPublicKeyUnpacked_39_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[4U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U];
-} IndCpaPublicKeyUnpacked_01;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[4U][4U];
+} IndCpaPublicKeyUnpacked_39;
 
 /**
 This function found in impl {(core::default::Default for
@@ -4495,32 +4491,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static IndCpaPublicKeyUnpacked_01 default_8d_89(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U];
+static IndCpaPublicKeyUnpacked_39 default_8d_42(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_05(););
+                  uu____0[i] = ZERO_ef_61(););
   uint8_t uu____1[32U] = {0U};
-  IndCpaPublicKeyUnpacked_01 lit;
+  IndCpaPublicKeyUnpacked_39 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_05();
-  lit.A[0U][1U] = ZERO_ef_05();
-  lit.A[0U][2U] = ZERO_ef_05();
-  lit.A[0U][3U] = ZERO_ef_05();
-  lit.A[1U][0U] = ZERO_ef_05();
-  lit.A[1U][1U] = ZERO_ef_05();
-  lit.A[1U][2U] = ZERO_ef_05();
-  lit.A[1U][3U] = ZERO_ef_05();
-  lit.A[2U][0U] = ZERO_ef_05();
-  lit.A[2U][1U] = ZERO_ef_05();
-  lit.A[2U][2U] = ZERO_ef_05();
-  lit.A[2U][3U] = ZERO_ef_05();
-  lit.A[3U][0U] = ZERO_ef_05();
-  lit.A[3U][1U] = ZERO_ef_05();
-  lit.A[3U][2U] = ZERO_ef_05();
-  lit.A[3U][3U] = ZERO_ef_05();
+  lit.A[0U][0U] = ZERO_ef_61();
+  lit.A[0U][1U] = ZERO_ef_61();
+  lit.A[0U][2U] = ZERO_ef_61();
+  lit.A[0U][3U] = ZERO_ef_61();
+  lit.A[1U][0U] = ZERO_ef_61();
+  lit.A[1U][1U] = ZERO_ef_61();
+  lit.A[1U][2U] = ZERO_ef_61();
+  lit.A[1U][3U] = ZERO_ef_61();
+  lit.A[2U][0U] = ZERO_ef_61();
+  lit.A[2U][1U] = ZERO_ef_61();
+  lit.A[2U][2U] = ZERO_ef_61();
+  lit.A[2U][3U] = ZERO_ef_61();
+  lit.A[3U][0U] = ZERO_ef_61();
+  lit.A[3U][1U] = ZERO_ef_61();
+  lit.A[3U][2U] = ZERO_ef_61();
+  lit.A[3U][3U] = ZERO_ef_61();
   return lit;
 }
 
@@ -4533,7 +4529,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void G_a9_9f(Eurydice_slice input, uint8_t ret[64U]) {
+static KRML_MUSTINLINE void G_a9_ac(Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_avx2_G(input, ret);
 }
 
@@ -4547,7 +4543,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_75(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_6a(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -4558,7 +4554,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_75(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)4U;
   uint8_t ret0[64U];
-  G_a9_9f(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
+  G_a9_ac(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
 
@@ -4569,8 +4565,8 @@ generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-shake128_init_absorb_final_96(uint8_t input[4U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_29 state =
+shake128_init_absorb_final_ac(uint8_t input[4U][34U]) {
+  libcrux_sha3_generic_keccak_KeccakState_55 state =
       libcrux_sha3_avx2_x4_incremental_init();
   libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
       &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t),
@@ -4591,11 +4587,11 @@ generics
 - K= 4
 */
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-shake128_init_absorb_final_a9_c1(uint8_t input[4U][34U]) {
+shake128_init_absorb_final_a9_ac(uint8_t input[4U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[4U][34U];
   memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U]));
-  return shake128_init_absorb_final_96(copy_of_input);
+  return shake128_init_absorb_final_ac(copy_of_input);
 }
 
 /**
@@ -4604,7 +4600,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with
 const generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_08(
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_ac(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) {
   uint8_t out[4U][504U] = {{0U}};
   uint8_t out0[504U] = {0U};
@@ -4641,9 +4637,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with
 const generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_7a(
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_ac(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) {
-  shake128_squeeze_first_three_blocks_08(self, ret);
+  shake128_squeeze_first_three_blocks_ac(self, ret);
 }
 
 /**
@@ -4694,7 +4690,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 - N= 504
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_78(
     uint8_t randomness[4U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR4(
@@ -4732,7 +4728,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_01(
+static KRML_MUSTINLINE void shake128_squeeze_next_block_ac(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) {
   uint8_t out[4U][168U] = {{0U}};
   uint8_t out0[168U] = {0U};
@@ -4769,9 +4765,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_9f(
+static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_ac(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) {
-  shake128_squeeze_next_block_01(self, ret);
+  shake128_squeeze_next_block_ac(self, ret);
 }
 
 /**
@@ -4822,7 +4818,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 4
 - N= 168
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe0(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_780(
     uint8_t randomness[4U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR4(
@@ -4860,9 +4856,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 4
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b4(
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c(
     int16_t s[272U]) {
-  return from_i16_array_ef_ef(
+  return from_i16_array_ef_61(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -4872,46 +4868,46 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void sample_from_xof_90(
+static KRML_MUSTINLINE void sample_from_xof_6c(
     uint8_t seeds[4U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
   size_t sampled_coefficients[4U] = {0U};
   int16_t out[4U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[4U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U]));
   libcrux_sha3_avx2_x4_incremental_KeccakState xof_state =
-      shake128_init_absorb_final_a9_c1(copy_of_seeds);
+      shake128_init_absorb_final_a9_ac(copy_of_seeds);
   uint8_t randomness0[4U][504U];
-  shake128_squeeze_first_three_blocks_a9_7a(&xof_state, randomness0);
+  shake128_squeeze_first_three_blocks_a9_ac(&xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[4U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
-  bool done = sample_from_uniform_distribution_next_fe(
+  bool done = sample_from_uniform_distribution_next_78(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[4U][168U];
-      shake128_squeeze_next_block_a9_9f(&xof_state, randomness);
+      shake128_squeeze_next_block_a9_ac(&xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[4U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)4U * sizeof(uint8_t[168U]));
-      done = sample_from_uniform_distribution_next_fe0(
+      done = sample_from_uniform_distribution_next_780(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[4U][272U];
   memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  ret0[i] = closure_b4(copy_of_out[i]););
+                  ret0[i] = closure_6c(copy_of_out[i]););
   memcpy(
       ret, ret0,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -4920,8 +4916,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void sample_matrix_A_ee(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U],
+static KRML_MUSTINLINE void sample_matrix_A_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[4U],
     uint8_t seed[34U], bool transpose) {
   KRML_MAYBE_FOR4(
       i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0;
@@ -4936,25 +4932,23 @@ static KRML_MUSTINLINE void sample_matrix_A_ee(
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_seeds[4U][34U];
       memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U]));
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U];
-      sample_from_xof_90(copy_of_seeds, sampled);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[4U];
+      sample_from_xof_6c(copy_of_seeds, sampled);
       for (size_t i = (size_t)0U;
            i < Eurydice_slice_len(
                    Eurydice_array_to_slice(
                        (size_t)4U, sampled,
-                       libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                       libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
            i++) {
         size_t j = i;
-        libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j];
+        libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
         if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
         }
-      }
-
-  );
+      });
 }
 
 /**
@@ -4963,7 +4957,7 @@ with const generics
 - K= 4
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_fb(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_44(uint8_t (*input)[33U],
                                      uint8_t ret[4U][128U]) {
   uint8_t out[4U][128U] = {{0U}};
   uint8_t out0[128U] = {0U};
@@ -5004,9 +4998,9 @@ with const generics
 - K= 4
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_a9_b2(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_a9_44(uint8_t (*input)[33U],
                                         uint8_t ret[4U][128U]) {
-  PRFxN_fb(input, ret);
+  PRFxN_44(input, ret);
 }
 
 /**
@@ -5017,8 +5011,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b4(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -5027,16 +5021,18 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[4U][128U];
-  PRFxN_a9_b2(prf_inputs, prf_outputs);
+  PRFxN_a9_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-      re_as_ntt[i0] = sample_from_binomial_distribution_d7(
+      re_as_ntt[i0] = sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -5046,10 +5042,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t
 
 */
-typedef struct tuple_71_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U];
+typedef struct tuple_dd_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[4U];
   uint8_t snd;
-} tuple_71;
+} tuple_dd;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out
@@ -5059,27 +5055,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81(
+static KRML_MUSTINLINE tuple_dd sample_vector_cbd_then_ntt_out_b4(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_05(););
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
+                  re_as_ntt[i] = ZERO_ef_61(););
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_b0(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b4(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[4U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_71 result;
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_dd lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -5093,9 +5089,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_4f(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
+static KRML_MUSTINLINE void add_to_ring_element_ef_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
                                   (size_t)16U, self->coefficients, __m256i),
@@ -5113,37 +5109,37 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_As_plus_e_2d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) {
+static KRML_MUSTINLINE void compute_As_plus_e_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[4U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)4U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_05();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)4U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_4f(&t_as_ntt[i0], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          ntt_multiply_ef_61(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_42(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_61(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -5156,47 +5152,47 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_a4(
+static void generate_keypair_unpacked_22(
     Eurydice_slice key_generation_seed,
-    IndCpaPrivateKeyUnpacked_01 *private_key,
-    IndCpaPublicKeyUnpacked_01 *public_key) {
+    IndCpaPrivateKeyUnpacked_39 *private_key,
+    IndCpaPublicKeyUnpacked_39 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_75(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_6a(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[4U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret);
-  sample_matrix_A_ee(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  sample_matrix_A_6c(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_b0(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b4(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[4U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_81(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_2d(public_key->t_as_ntt, public_key->A,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  compute_As_plus_e_42(public_key->t_as_ntt, public_key->A,
                        private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
-  core_result_Result_00 dst;
+  core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  core_result_unwrap_26_33(dst, uu____5);
+  core_result_unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5212,18 +5208,18 @@ with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0(
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bb0(
     Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c();
-  IndCpaPublicKeyUnpacked_01 public_key = default_8d_89();
-  generate_keypair_unpacked_a4(key_generation_seed, &private_key, &public_key);
+  IndCpaPrivateKeyUnpacked_39 private_key = default_1a_42();
+  IndCpaPublicKeyUnpacked_39 public_key = default_8d_42();
+  generate_keypair_unpacked_22(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_ca(
+  serialize_public_key_1e(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_78(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -5232,12 +5228,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0(
   uint8_t copy_of_public_key_serialized[1568U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair1024 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1536U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -5247,7 +5243,7 @@ with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_1f0(
+static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
   uint8_t out[3168U] = {0U};
@@ -5273,7 +5269,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_1f0(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  H_a9_41(public_key, ret0);
+  H_a9_ac(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -5303,7 +5299,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5312,13 +5308,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 =
-      generate_keypair_6a0(ind_cpa_keypair_randomness);
+      generate_keypair_bb0(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1536U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t));
   uint8_t public_key[1568U];
   memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
   uint8_t secret_key_serialized[3168U];
-  serialize_kem_secret_key_1f0(
+  serialize_kem_secret_key_5e(
       Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5326,14 +5322,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[3168U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
-      libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_83 private_key =
+      libcrux_ml_kem_types_from_7f_39(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_83 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee1(
-      uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_94(
+      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
 }
 
 /**
@@ -5346,8 +5342,8 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_640(Eurydice_slice randomness,
-                                                      uint8_t ret[32U]) {
+static KRML_MUSTINLINE void entropy_preprocess_d8_6a(Eurydice_slice randomness,
+                                                     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
                       randomness, uint8_t);
@@ -5362,11 +5358,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_71
-sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U];
+static KRML_MUSTINLINE tuple_dd
+sample_ring_element_cbd_b4(uint8_t prf_input[33U], uint8_t domain_separator) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  error_1[i] = ZERO_ef_05(););
+                  error_1[i] = ZERO_ef_61(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5374,28 +5370,30 @@ sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[4U][128U];
-  PRFxN_a9_b2(prf_inputs, prf_outputs);
+  PRFxN_a9_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 =
-          sample_from_binomial_distribution_d7(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 =
+          sample_from_binomial_distribution_89(
               Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
       error_1[i0] = uu____1;);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[4U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_71 result;
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_dd lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -5408,9 +5406,9 @@ with const generics
 - K= 4
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_a9_160(Eurydice_slice input,
+static KRML_MUSTINLINE void PRF_a9_440(Eurydice_slice input,
                                        uint8_t ret[128U]) {
-  PRF_960(input, ret);
+  PRF_a6(input, ret);
 }
 
 /**
@@ -5419,18 +5417,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_8f(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void invert_ntt_montgomery_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_f7(&zeta_i, re);
-  invert_ntt_at_layer_2_98(&zeta_i, re);
-  invert_ntt_at_layer_3_fe(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_a9(re);
+  invert_ntt_at_layer_1_61(&zeta_i, re);
+  invert_ntt_at_layer_2_61(&zeta_i, re);
+  invert_ntt_at_layer_3_61(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -5439,46 +5437,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_vector_u_dd(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U];
+static KRML_MUSTINLINE void compute_vector_u_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[4U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  result0[i] = ZERO_ef_05(););
+                  result[i] = ZERO_ef_61(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)4U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)4U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_4f(&result0[i1], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_42(&result[i1], &product);
     }
-    invert_ntt_montgomery_8f(&result0[i1]);
-    add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
+    invert_ntt_montgomery_42(&result[i1]);
+    add_error_reduce_ef_61(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
-  memcpy(
-      result, result0,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -5487,19 +5481,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_77(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+compute_ring_element_v_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_4f(&result, &product););
-  invert_ntt_montgomery_8f(&result);
-  result = add_message_error_reduce_ef_79(error_2, message, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+                      ntt_multiply_ef_61(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_42(&result, &product););
+  invert_ntt_montgomery_42(&result);
+  result = add_message_error_reduce_ef_61(error_2, message, result);
   return result;
 }
 
@@ -5509,14 +5503,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_11_17(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
+static KRML_MUSTINLINE void compress_then_serialize_11_0e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[352U]) {
   uint8_t serialized[352U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_740(to_unsigned_representative_3f(re->coefficients[i0]));
+        compress_09_c4(to_unsigned_representative_61(re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -5534,11 +5528,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 11
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
-  uint8_t uu____0[352U];
-  compress_then_serialize_11_17(re, uu____0);
-  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_6f(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[352U]) {
+  uint8_t result[352U];
+  compress_then_serialize_11_0e(re, result);
+  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
 }
 
 /**
@@ -5550,23 +5544,23 @@ with const generics
 - COMPRESSION_FACTOR= 11
 - BLOCK_LEN= 352
 */
-static void compress_then_serialize_u_42(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U],
+static void compress_then_serialize_u_c9(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[4U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)4U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)1408U / (size_t)4U),
         (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
-    compress_then_serialize_ring_element_u_9e(&re, ret);
+    compress_then_serialize_ring_element_u_6f(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
   }
@@ -5579,9 +5573,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  compress_then_serialize_5_03(re, out);
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
+  compress_then_serialize_5_61(re, out);
 }
 
 /**
@@ -5601,57 +5595,57 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key,
+static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key,
                                 uint8_t message[32U], Eurydice_slice randomness,
                                 uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_81(copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U];
+  tuple_dd uu____1 = sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input0, 0U);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[4U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_71 uu____3 =
-      sample_ring_element_cbd_a0(copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U];
+  tuple_dd uu____3 =
+      sample_ring_element_cbd_b4(copy_of_prf_input, domain_separator0);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[4U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  PRF_a9_160(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
+  PRF_a9_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 =
-      sample_from_binomial_distribution_d7(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 =
+      sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U];
-  compute_vector_u_dd(public_key->A, r_as_ntt, error_1, u);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[4U];
+  compute_vector_u_42(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_d3(copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_77(public_key->t_as_ntt, r_as_ntt, &error_2,
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
+      deserialize_then_decompress_message_61(copy_of_message);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      compute_ring_element_v_42(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[4U];
   memcpy(
       uu____5, u,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_42(
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  compress_then_serialize_u_c9(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_d1(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
+  compress_then_serialize_ring_element_v_ff(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -5674,26 +5668,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_740(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1568U]) {
-  IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89();
-  deserialize_ring_elements_reduced_53(
+  IndCpaPublicKeyUnpacked_39 unpacked_public_key = default_8d_42();
+  deserialize_ring_elements_reduced_42(
       Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[4U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed, ret0);
-  sample_matrix_A_ee(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key;
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  sample_matrix_A_6c(uu____0, ret0, false);
+  IndCpaPublicKeyUnpacked_39 *uu____1 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1568U];
-  encrypt_unpacked_a4(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  uint8_t ret1[1568U];
+  encrypt_unpacked_74(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -5707,8 +5701,8 @@ with const generics
 - K= 4
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE void kdf_d8_160(Eurydice_slice shared_secret,
-                                       uint8_t ret[32U]) {
+static KRML_MUSTINLINE void kdf_d8_5e(Eurydice_slice shared_secret,
+                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
                       shared_secret, uint8_t);
@@ -5734,27 +5728,27 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_640(
+  entropy_preprocess_d8_6a(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  H_a9_41(Eurydice_array_to_slice(
-              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key),
+  H_a9_ac(Eurydice_array_to_slice(
+              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_af(public_key),
               uint8_t),
           ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  G_a9_9f(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
+  G_a9_ac(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -5762,25 +5756,25 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t);
+      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_af(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1568U];
-  encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_740(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
-      libcrux_ml_kem_types_from_01_45(copy_of_ciphertext);
+  libcrux_ml_kem_types_MlKemCiphertext_64 ciphertext0 =
+      libcrux_ml_kem_types_from_01_af(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_160(shared_secret, shared_secret_array);
-  libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
+  kdf_d8_5e(shared_secret, shared_secret_array);
+  libcrux_ml_kem_types_MlKemCiphertext_64 uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_21 lit;
+  tuple_fa lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -5792,12 +5786,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_secret_key_540(
+static KRML_MUSTINLINE void deserialize_secret_key_42(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_05(););
+                  secret_as_ntt[i] = ZERO_ef_61(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -5808,17 +5802,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_540(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_6c(secret_bytes);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        deserialize_to_uncompressed_ring_element_61(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      ret, secret_as_ntt,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -5827,9 +5817,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_79(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_d5(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_ring_element_u_85(Eurydice_slice serialized) {
+  return deserialize_then_decompress_11_61(serialized);
 }
 
 /**
@@ -5838,17 +5828,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void ntt_vector_u_b7(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void ntt_vector_u_85(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_ba(&zeta_i, re);
-  ntt_at_layer_2_89(&zeta_i, re);
-  ntt_at_layer_1_d7(&zeta_i, re);
-  poly_barrett_reduce_ef_a9(re);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_61(&zeta_i, re);
+  ntt_at_layer_2_61(&zeta_i, re);
+  ntt_at_layer_1_61(&zeta_i, re);
+  poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -5859,12 +5849,12 @@ with const generics
 - CIPHERTEXT_SIZE= 1568
 - U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_25(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_1e(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_05(););
+                  u_as_ntt[i] = ZERO_ef_61(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t),
@@ -5882,12 +5872,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_25(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)11U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_79(u_bytes);
-    ntt_vector_u_b7(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_85(u_bytes);
+    ntt_vector_u_85(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -5896,9 +5886,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 5
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_b9(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_f8(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_ring_element_v_b4(Eurydice_slice serialized) {
+  return deserialize_then_decompress_5_61(serialized);
 }
 
 /**
@@ -5907,18 +5897,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+compute_message_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_4f(&result, &product););
-  invert_ntt_montgomery_8f(&result);
-  result = subtract_reduce_ef_da(v, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+                      ntt_multiply_ef_61(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_42(&result, &product););
+  invert_ntt_montgomery_42(&result);
+  result = subtract_reduce_ef_61(v, result);
   return result;
 }
 
@@ -5932,18 +5922,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_unpacked_9d(IndCpaPrivateKeyUnpacked_01 *secret_key,
+static void decrypt_unpacked_37(IndCpaPrivateKeyUnpacked_39 *secret_key,
                                 uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
-  deserialize_then_decompress_u_25(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_b9(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U];
+  deserialize_then_decompress_u_1e(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      deserialize_then_decompress_ring_element_v_b4(
           Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                           (size_t)1408U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
+      compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_dd(message, ret0);
+  compress_then_serialize_message_61(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5957,22 +5947,22 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext,
-                        uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
-  deserialize_secret_key_540(secret_key, secret_as_ntt);
+static void decrypt_37(Eurydice_slice secret_key, uint8_t *ciphertext,
+                       uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
+  deserialize_secret_key_42(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[4U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  IndCpaPrivateKeyUnpacked_01 secret_key_unpacked;
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  IndCpaPrivateKeyUnpacked_39 secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  decrypt_unpacked_9d(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  uint8_t ret0[32U];
+  decrypt_unpacked_37(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5985,8 +5975,8 @@ with const generics
 - K= 4
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_a9_16(Eurydice_slice input, uint8_t ret[32U]) {
-  PRF_96(input, ret);
+static KRML_MUSTINLINE void PRF_a9_44(Eurydice_slice input, uint8_t ret[32U]) {
+  PRF_9e(input, ret);
 }
 
 /**
@@ -6011,9 +6001,9 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_7f0(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
+void libcrux_ml_kem_ind_cca_decapsulate_a10(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t),
       (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6029,9 +6019,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_750(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_37(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -6039,7 +6029,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  G_a9_9f(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
+  G_a9_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -6047,31 +6037,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1600U];
-  libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_af(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
+  PRF_a9_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_740(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_160(Eurydice_array_to_slice(
-                 (size_t)32U, implicit_rejection_shared_secret0, uint8_t),
-             implicit_rejection_shared_secret);
+  kdf_d8_5e(Eurydice_array_to_slice((size_t)32U,
+                                    implicit_rejection_shared_secret0, uint8_t),
+            implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_160(shared_secret0, shared_secret1);
+  kdf_d8_5e(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_af(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6086,9 +6076,9 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_89(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -6099,8 +6089,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_reduced_ring_element_dc(ring_element);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        deserialize_to_reduced_ring_element_61(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -6111,16 +6101,20 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_89(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_05(););
-  deserialize_ring_elements_reduced_530(public_key, deserialized_pk);
+                  deserialized_pk[i] = ZERO_ef_61(););
+  deserialize_ring_elements_reduced_89(public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[2U];
+  memcpy(
+      result, deserialized_pk,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(
-      ret, deserialized_pk,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      ret, result,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -6130,25 +6124,25 @@ with const generics
 - K= 2
 - OUT_LEN= 768
 */
-static KRML_MUSTINLINE void serialize_secret_key_990(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
+static KRML_MUSTINLINE void serialize_secret_key_29(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key,
     uint8_t ret[768U]) {
   uint8_t out[768U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)2U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_2c(&re, ret0);
+    serialize_uncompressed_ring_element_61(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -6163,13 +6157,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_6c0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_mut_ba(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)768U, uint8_t);
   uint8_t ret[768U];
-  serialize_secret_key_990(t_as_ntt, ret);
+  serialize_secret_key_29(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -6186,14 +6180,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_ca0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_ba(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[800U]) {
   uint8_t public_key_serialized[800U] = {0U};
-  serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[800U];
-  memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
+  serialize_public_key_mut_ba(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
 }
 
 /**
@@ -6204,15 +6196,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
-  deserialize_ring_elements_reduced_out_cc(
+bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[2U];
+  deserialize_ring_elements_reduced_out_89(
       Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[800U];
-  serialize_public_key_ca0(
+  serialize_public_key_ba(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
                                       uint8_t, size_t),
@@ -6230,7 +6222,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void H_a9_410(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
 
@@ -6242,14 +6234,14 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_70(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_ad(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) {
   uint8_t t[32U];
-  H_a9_410(Eurydice_array_to_subslice2(
-               private_key->value, (size_t)384U * (size_t)2U,
-               (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
-           t);
+  H_a9_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
+          t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
       (size_t)768U * (size_t)2U + (size_t)64U, uint8_t);
@@ -6263,9 +6255,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $2size_t
 */
-typedef struct IndCpaPrivateKeyUnpacked_d6_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
-} IndCpaPrivateKeyUnpacked_d6;
+typedef struct IndCpaPrivateKeyUnpacked_94_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
+} IndCpaPrivateKeyUnpacked_94;
 
 /**
 This function found in impl {(core::default::Default for
@@ -6278,10 +6270,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static IndCpaPrivateKeyUnpacked_d6 default_1a_3c0(void) {
-  IndCpaPrivateKeyUnpacked_d6 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_05();
-  lit.secret_as_ntt[1U] = ZERO_ef_05();
+static IndCpaPrivateKeyUnpacked_94 default_1a_89(void) {
+  IndCpaPrivateKeyUnpacked_94 lit;
+  lit.secret_as_ntt[0U] = ZERO_ef_61();
+  lit.secret_as_ntt[1U] = ZERO_ef_61();
   return lit;
 }
 
@@ -6291,11 +6283,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $2size_t
 */
-typedef struct IndCpaPublicKeyUnpacked_d6_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U];
+typedef struct IndCpaPublicKeyUnpacked_94_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[2U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U];
-} IndCpaPublicKeyUnpacked_d6;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[2U][2U];
+} IndCpaPublicKeyUnpacked_94;
 
 /**
 This function found in impl {(core::default::Default for
@@ -6308,20 +6300,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static IndCpaPublicKeyUnpacked_d6 default_8d_890(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U];
+static IndCpaPublicKeyUnpacked_94 default_8d_89(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_05(););
+                  uu____0[i] = ZERO_ef_61(););
   uint8_t uu____1[32U] = {0U};
-  IndCpaPublicKeyUnpacked_d6 lit;
+  IndCpaPublicKeyUnpacked_94 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_05();
-  lit.A[0U][1U] = ZERO_ef_05();
-  lit.A[1U][0U] = ZERO_ef_05();
-  lit.A[1U][1U] = ZERO_ef_05();
+  lit.A[0U][0U] = ZERO_ef_61();
+  lit.A[0U][1U] = ZERO_ef_61();
+  lit.A[1U][0U] = ZERO_ef_61();
+  lit.A[1U][1U] = ZERO_ef_61();
   return lit;
 }
 
@@ -6334,7 +6326,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void G_a9_9f0(Eurydice_slice input, uint8_t ret[64U]) {
+static KRML_MUSTINLINE void G_a9_fd(Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_avx2_G(input, ret);
 }
 
@@ -6348,7 +6340,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_750(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_f8(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -6359,7 +6351,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_750(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)2U;
   uint8_t ret0[64U];
-  G_a9_9f0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
+  G_a9_fd(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
 
@@ -6370,8 +6362,8 @@ generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-shake128_init_absorb_final_960(uint8_t input[2U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_29 state =
+shake128_init_absorb_final_fd(uint8_t input[2U][34U]) {
+  libcrux_sha3_generic_keccak_KeccakState_55 state =
       libcrux_sha3_avx2_x4_incremental_init();
   libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
       &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t),
@@ -6392,11 +6384,11 @@ generics
 - K= 2
 */
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-shake128_init_absorb_final_a9_c10(uint8_t input[2U][34U]) {
+shake128_init_absorb_final_a9_fd(uint8_t input[2U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[2U][34U];
   memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U]));
-  return shake128_init_absorb_final_960(copy_of_input);
+  return shake128_init_absorb_final_fd(copy_of_input);
 }
 
 /**
@@ -6405,7 +6397,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with
 const generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_080(
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_fd(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) {
   uint8_t out[2U][504U] = {{0U}};
   uint8_t out0[504U] = {0U};
@@ -6436,9 +6428,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with
 const generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_7a0(
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_fd(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) {
-  shake128_squeeze_first_three_blocks_080(self, ret);
+  shake128_squeeze_first_three_blocks_fd(self, ret);
 }
 
 /**
@@ -6489,7 +6481,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 - N= 504
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe1(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_29(
     uint8_t randomness[2U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR2(
@@ -6527,7 +6519,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_010(
+static KRML_MUSTINLINE void shake128_squeeze_next_block_fd(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) {
   uint8_t out[2U][168U] = {{0U}};
   uint8_t out0[168U] = {0U};
@@ -6558,9 +6550,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_9f0(
+static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_fd(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) {
-  shake128_squeeze_next_block_010(self, ret);
+  shake128_squeeze_next_block_fd(self, ret);
 }
 
 /**
@@ -6611,7 +6603,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 2
 - N= 168
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe2(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_290(
     uint8_t randomness[2U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR2(
@@ -6649,9 +6641,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 2
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b40(
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c0(
     int16_t s[272U]) {
-  return from_i16_array_ef_ef(
+  return from_i16_array_ef_61(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -6661,46 +6653,46 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void sample_from_xof_900(
+static KRML_MUSTINLINE void sample_from_xof_6c0(
     uint8_t seeds[2U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
   size_t sampled_coefficients[2U] = {0U};
   int16_t out[2U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[2U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U]));
   libcrux_sha3_avx2_x4_incremental_KeccakState xof_state =
-      shake128_init_absorb_final_a9_c10(copy_of_seeds);
+      shake128_init_absorb_final_a9_fd(copy_of_seeds);
   uint8_t randomness0[2U][504U];
-  shake128_squeeze_first_three_blocks_a9_7a0(&xof_state, randomness0);
+  shake128_squeeze_first_three_blocks_a9_fd(&xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[2U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
-  bool done = sample_from_uniform_distribution_next_fe1(
+  bool done = sample_from_uniform_distribution_next_29(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[2U][168U];
-      shake128_squeeze_next_block_a9_9f0(&xof_state, randomness);
+      shake128_squeeze_next_block_a9_fd(&xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[2U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)2U * sizeof(uint8_t[168U]));
-      done = sample_from_uniform_distribution_next_fe2(
+      done = sample_from_uniform_distribution_next_290(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[2U][272U];
   memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  ret0[i] = closure_b40(copy_of_out[i]););
+                  ret0[i] = closure_6c0(copy_of_out[i]););
   memcpy(
       ret, ret0,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -6709,8 +6701,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
 libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void sample_matrix_A_ee0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U],
+static KRML_MUSTINLINE void sample_matrix_A_6c0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[2U],
     uint8_t seed[34U], bool transpose) {
   KRML_MAYBE_FOR2(
       i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0;
@@ -6725,25 +6717,23 @@ static KRML_MUSTINLINE void sample_matrix_A_ee0(
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_seeds[2U][34U];
       memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U]));
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U];
-      sample_from_xof_900(copy_of_seeds, sampled);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[2U];
+      sample_from_xof_6c0(copy_of_seeds, sampled);
       for (size_t i = (size_t)0U;
            i < Eurydice_slice_len(
                    Eurydice_array_to_slice(
                        (size_t)2U, sampled,
-                       libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                       libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
            i++) {
         size_t j = i;
-        libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j];
+        libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
         if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
         }
-      }
-
-  );
+      });
 }
 
 /**
@@ -6752,8 +6742,8 @@ with const generics
 - K= 2
 - LEN= 192
 */
-static KRML_MUSTINLINE void PRFxN_fb0(uint8_t (*input)[33U],
-                                      uint8_t ret[2U][192U]) {
+static KRML_MUSTINLINE void PRFxN_49(uint8_t (*input)[33U],
+                                     uint8_t ret[2U][192U]) {
   uint8_t out[2U][192U] = {{0U}};
   uint8_t out0[192U] = {0U};
   uint8_t out1[192U] = {0U};
@@ -6787,9 +6777,9 @@ with const generics
 - K= 2
 - LEN= 192
 */
-static KRML_MUSTINLINE void PRFxN_a9_b20(uint8_t (*input)[33U],
-                                         uint8_t ret[2U][192U]) {
-  PRFxN_fb0(input, ret);
+static KRML_MUSTINLINE void PRFxN_a9_49(uint8_t (*input)[33U],
+                                        uint8_t ret[2U][192U]) {
+  PRFxN_49(input, ret);
 }
 
 /**
@@ -6798,9 +6788,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - ETA= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-sample_from_binomial_distribution_d70(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_3_20(randomness);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+sample_from_binomial_distribution_ab(Eurydice_slice randomness) {
+  return sample_from_binomial_distribution_3_61(randomness);
 }
 
 /**
@@ -6811,8 +6801,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b40(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -6821,16 +6811,18 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[2U][192U];
-  PRFxN_a9_b20(prf_inputs, prf_outputs);
+  PRFxN_a9_49(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-      re_as_ntt[i0] = sample_from_binomial_distribution_d70(
+      re_as_ntt[i0] = sample_from_binomial_distribution_ab(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6840,10 +6832,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t
 
 */
-typedef struct tuple_74_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U];
+typedef struct tuple_40_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[2U];
   uint8_t snd;
-} tuple_74;
+} tuple_40;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out
@@ -6853,27 +6845,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810(
+static KRML_MUSTINLINE tuple_40 sample_vector_cbd_then_ntt_out_b40(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_05(););
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
+                  re_as_ntt[i] = ZERO_ef_61(););
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_b00(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_b40(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[2U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_74 result;
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_40 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -6887,9 +6879,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_4f0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
+static KRML_MUSTINLINE void add_to_ring_element_ef_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
                                   (size_t)16U, self->coefficients, __m256i),
@@ -6907,37 +6899,37 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_As_plus_e_2d0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) {
+static KRML_MUSTINLINE void compute_As_plus_e_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[2U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)2U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_05();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)2U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_4f0(&t_as_ntt[i0], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          ntt_multiply_ef_61(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_89(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_61(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6950,47 +6942,47 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static void generate_keypair_unpacked_a40(
+static void generate_keypair_unpacked_220(
     Eurydice_slice key_generation_seed,
-    IndCpaPrivateKeyUnpacked_d6 *private_key,
-    IndCpaPublicKeyUnpacked_d6 *public_key) {
+    IndCpaPrivateKeyUnpacked_94 *private_key,
+    IndCpaPublicKeyUnpacked_94 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_750(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_f8(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[2U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret);
-  sample_matrix_A_ee0(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  sample_matrix_A_6c0(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_b00(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_b40(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[2U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_810(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compute_As_plus_e_2d0(public_key->t_as_ntt, public_key->A,
-                        private_key->secret_as_ntt, error_as_ntt);
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  compute_As_plus_e_89(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
-  core_result_Result_00 dst;
+  core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  core_result_unwrap_26_33(dst, uu____5);
+  core_result_unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7006,18 +6998,18 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a(
+static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bb(
     Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0();
-  IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890();
-  generate_keypair_unpacked_a40(key_generation_seed, &private_key, &public_key);
+  IndCpaPrivateKeyUnpacked_94 private_key = default_1a_89();
+  IndCpaPublicKeyUnpacked_94 public_key = default_8d_89();
+  generate_keypair_unpacked_220(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[800U];
-  serialize_public_key_ca0(
+  serialize_public_key_ba(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_990(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_29(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7026,12 +7018,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a(
   uint8_t copy_of_public_key_serialized[800U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair512 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair512 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)768U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -7041,7 +7033,7 @@ with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_1f(
+static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
   uint8_t out[1632U] = {0U};
@@ -7067,7 +7059,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_1f(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  H_a9_410(public_key, ret0);
+  H_a9_fd(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -7096,7 +7088,7 @@ with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
+libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_ind_cca_generate_keypair_d6(
     uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
@@ -7106,13 +7098,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 =
-      generate_keypair_6a(ind_cpa_keypair_randomness);
+      generate_keypair_bb(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[768U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t));
   uint8_t public_key[800U];
   memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
   uint8_t secret_key_serialized[1632U];
-  serialize_kem_secret_key_1f(
+  serialize_kem_secret_key_4d(
       Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -7120,14 +7112,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
   uint8_t copy_of_secret_key_serialized[1632U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
-      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_fa private_key =
+      libcrux_ml_kem_types_from_7f_2a(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_fa uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee(
-      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_fa(
+      uu____2, libcrux_ml_kem_types_from_5a_4d(copy_of_public_key));
 }
 
 /**
@@ -7140,7 +7132,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_f8(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7154,7 +7146,7 @@ with const generics
 - K= 2
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_fb1(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_490(uint8_t (*input)[33U],
                                       uint8_t ret[2U][128U]) {
   uint8_t out[2U][128U] = {{0U}};
   uint8_t out0[128U] = {0U};
@@ -7189,9 +7181,9 @@ with const generics
 - K= 2
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_a9_b21(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_a9_490(uint8_t (*input)[33U],
                                          uint8_t ret[2U][128U]) {
-  PRFxN_fb1(input, ret);
+  PRFxN_490(input, ret);
 }
 
 /**
@@ -7202,11 +7194,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_74
-sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U];
+static KRML_MUSTINLINE tuple_40
+sample_ring_element_cbd_b40(uint8_t prf_input[33U], uint8_t domain_separator) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  error_1[i] = ZERO_ef_05(););
+                  error_1[i] = ZERO_ef_61(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -7214,28 +7206,30 @@ sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[2U][128U];
-  PRFxN_a9_b21(prf_inputs, prf_outputs);
+  PRFxN_a9_490(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 =
-          sample_from_binomial_distribution_d7(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 =
+          sample_from_binomial_distribution_89(
               Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
       error_1[i0] = uu____1;);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[2U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_74 result;
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_40 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -7248,9 +7242,9 @@ with const generics
 - K= 2
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_a9_162(Eurydice_slice input,
+static KRML_MUSTINLINE void PRF_a9_490(Eurydice_slice input,
                                        uint8_t ret[128U]) {
-  PRF_960(input, ret);
+  PRF_a6(input, ret);
 }
 
 /**
@@ -7259,18 +7253,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_8f0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void invert_ntt_montgomery_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_f7(&zeta_i, re);
-  invert_ntt_at_layer_2_98(&zeta_i, re);
-  invert_ntt_at_layer_3_fe(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_a9(re);
+  invert_ntt_at_layer_1_61(&zeta_i, re);
+  invert_ntt_at_layer_2_61(&zeta_i, re);
+  invert_ntt_at_layer_3_61(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -7279,46 +7273,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_vector_u_dd0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U];
+static KRML_MUSTINLINE void compute_vector_u_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[2U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  result0[i] = ZERO_ef_05(););
+                  result[i] = ZERO_ef_61(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)2U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)2U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_4f0(&result0[i1], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_89(&result[i1], &product);
     }
-    invert_ntt_montgomery_8f0(&result0[i1]);
-    add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
+    invert_ntt_montgomery_89(&result[i1]);
+    add_error_reduce_ef_61(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
-  memcpy(
-      result, result0,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -7327,19 +7317,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_770(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+compute_ring_element_v_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_4f0(&result, &product););
-  invert_ntt_montgomery_8f0(&result);
-  result = add_message_error_reduce_ef_79(error_2, message, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+                      ntt_multiply_ef_61(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_89(&result, &product););
+  invert_ntt_montgomery_89(&result);
+  result = add_message_error_reduce_ef_61(error_2, message, result);
   return result;
 }
 
@@ -7352,23 +7342,23 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_420(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U],
+static void compress_then_serialize_u_2d(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[2U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)2U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)640U / (size_t)2U),
         (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_9e0(&re, ret);
+    compress_then_serialize_ring_element_u_a4(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -7391,57 +7381,57 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key,
+static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_810(copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U];
+  tuple_40 uu____1 = sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input0, 0U);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[2U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_74 uu____3 =
-      sample_ring_element_cbd_a00(copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U];
+  tuple_40 uu____3 =
+      sample_ring_element_cbd_b40(copy_of_prf_input, domain_separator0);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[2U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  PRF_a9_162(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
+  PRF_a9_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 =
-      sample_from_binomial_distribution_d7(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 =
+      sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U];
-  compute_vector_u_dd0(public_key->A, r_as_ntt, error_1, u);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[2U];
+  compute_vector_u_89(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      deserialize_then_decompress_message_d3(copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      compute_ring_element_v_770(public_key->t_as_ntt, r_as_ntt, &error_2,
-                                 &message_as_ring_element);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
+      deserialize_then_decompress_message_61(copy_of_message);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      compute_ring_element_v_89(public_key->t_as_ntt, r_as_ntt, &error_2,
+                                &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[2U];
   memcpy(
       uu____5, u,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  compress_then_serialize_u_420(
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  compress_then_serialize_u_2d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  compress_then_serialize_ring_element_v_d10(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
+  compress_then_serialize_ring_element_v_78(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -7464,26 +7454,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_74(Eurydice_slice public_key, uint8_t message[32U],
                        Eurydice_slice randomness, uint8_t ret[768U]) {
-  IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890();
-  deserialize_ring_elements_reduced_530(
+  IndCpaPublicKeyUnpacked_94 unpacked_public_key = default_8d_89();
+  deserialize_ring_elements_reduced_89(
       Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[2U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[2U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed, ret0);
-  sample_matrix_A_ee0(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_d6 *uu____1 = &unpacked_public_key;
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  sample_matrix_A_6c0(uu____0, ret0, false);
+  IndCpaPublicKeyUnpacked_94 *uu____1 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[768U];
-  encrypt_unpacked_a40(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
+  uint8_t ret1[768U];
+  encrypt_unpacked_740(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -7497,7 +7487,7 @@ with const generics
 - K= 2
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE void kdf_d8_16(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7524,27 +7514,27 @@ with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_64(
+  entropy_preprocess_d8_f8(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  H_a9_410(Eurydice_array_to_slice(
-               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key),
-               uint8_t),
-           ret);
+  H_a9_fd(Eurydice_array_to_slice(
+              (size_t)800U, libcrux_ml_kem_types_as_slice_fd_4d(public_key),
+              uint8_t),
+          ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  G_a9_9f0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
+  G_a9_fd(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -7552,25 +7542,25 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t);
+      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_4d(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[768U];
-  encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_74(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
-      libcrux_ml_kem_types_from_01_450(copy_of_ciphertext);
+  libcrux_ml_kem_types_MlKemCiphertext_1a ciphertext0 =
+      libcrux_ml_kem_types_from_01_d0(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_16(shared_secret, shared_secret_array);
-  libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
+  kdf_d8_4d(shared_secret, shared_secret_array);
+  libcrux_ml_kem_types_MlKemCiphertext_1a uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_ec lit;
+  tuple_41 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -7582,12 +7572,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_secret_key_54(
+static KRML_MUSTINLINE void deserialize_secret_key_89(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_05(););
+                  secret_as_ntt[i] = ZERO_ef_61(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -7598,17 +7588,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_54(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        deserialize_to_uncompressed_ring_element_6c(secret_bytes);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        deserialize_to_uncompressed_ring_element_61(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
-      ret, result,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      ret, secret_as_ntt,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -7619,12 +7605,12 @@ with const generics
 - CIPHERTEXT_SIZE= 768
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_250(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_ba(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_05(););
+                  u_as_ntt[i] = ZERO_ef_61(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t),
@@ -7642,12 +7628,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_250(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes);
-    ntt_vector_u_b70(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ee(u_bytes);
+    ntt_vector_u_ee(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -7656,18 +7642,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7d0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+compute_message_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-                      ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_4f0(&result, &product););
-  invert_ntt_montgomery_8f0(&result);
-  result = subtract_reduce_ef_da(v, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+                      ntt_multiply_ef_61(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_89(&result, &product););
+  invert_ntt_montgomery_89(&result);
+  result = subtract_reduce_ef_61(v, result);
   return result;
 }
 
@@ -7681,18 +7667,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_9d0(IndCpaPrivateKeyUnpacked_d6 *secret_key,
-                                 uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
-  deserialize_then_decompress_u_250(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      deserialize_then_decompress_ring_element_v_b90(
+static void decrypt_unpacked_4b(IndCpaPrivateKeyUnpacked_94 *secret_key,
+                                uint8_t *ciphertext, uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U];
+  deserialize_then_decompress_u_ba(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      deserialize_then_decompress_ring_element_v_42(
           Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                           (size_t)640U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
+      compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_dd(message, ret0);
+  compress_then_serialize_message_61(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7706,22 +7692,22 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_4b(Eurydice_slice secret_key, uint8_t *ciphertext,
                        uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
-  deserialize_secret_key_54(secret_key, secret_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
+  deserialize_secret_key_89(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[2U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked;
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  IndCpaPrivateKeyUnpacked_94 secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  decrypt_unpacked_9d0(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  uint8_t ret0[32U];
+  decrypt_unpacked_4b(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7734,8 +7720,8 @@ with const generics
 - K= 2
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_a9_161(Eurydice_slice input, uint8_t ret[32U]) {
-  PRF_96(input, ret);
+static KRML_MUSTINLINE void PRF_a9_49(Eurydice_slice input, uint8_t ret[32U]) {
+  PRF_9e(input, ret);
 }
 
 /**
@@ -7760,9 +7746,9 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_7f(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
+void libcrux_ml_kem_ind_cca_decapsulate_a1(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t),
       (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2);
@@ -7778,9 +7764,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_4b(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -7788,7 +7774,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  G_a9_9f0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
+  G_a9_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -7796,30 +7782,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[800U];
-  libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
-             implicit_rejection_shared_secret0);
+  PRF_a9_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
+            implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_74(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_16(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_4d(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_16(shared_secret0, shared_secret1);
+  kdf_d8_4d(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 02a4b1c04..5acac13d5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem_avx2_H
@@ -23,6 +23,7 @@ extern "C" {
 #include "libcrux_mlkem_portable.h"
 #include "libcrux_sha3.h"
 #include "libcrux_sha3_avx2.h"
+#include "libcrux_sha3_internal.h"
 
 void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input,
                                           uint8_t ret[64U]);
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 25021f8c9..5b88ac78e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -75,11 +75,11 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
     Eurydice_slice array) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
   int16_t ret[16U];
-  core_result_Result_c0 dst;
+  core_result_Result_0a dst;
   Eurydice_slice_to_array2(
       &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t),
       Eurydice_slice, int16_t[16U]);
-  core_result_unwrap_26_30(dst, ret);
+  core_result_unwrap_26_00(dst, ret);
   memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t));
   return lit;
 }
@@ -199,6 +199,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11(
   ret[21U] = r11_21.f10;
 }
 
+void libcrux_ml_kem_vector_portable_serialize_11(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[22U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -206,7 +212,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_11_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_11(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -299,13 +305,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
   return lit;
 }
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+  return libcrux_ml_kem_vector_portable_deserialize_11(a);
 }
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
@@ -1141,7 +1152,9 @@ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
   int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
+  int16_t r0 = shifted_positive_in_range >> 15U;
+  int16_t r1 = r0 & (int16_t)1;
+  return (uint8_t)r1;
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1190,8 +1203,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
   int16_t t =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           vec->elements[j], zeta);
-  vec->elements[j] = vec->elements[i] - t;
-  vec->elements[i] = vec->elements[i] + t;
+  int16_t a_minus_t = vec->elements[i] - t;
+  int16_t a_plus_t = vec->elements[i] + t;
+  vec->elements[j] = a_minus_t;
+  vec->elements[i] = a_plus_t;
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1300,8 +1315,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
     int16_t zeta, size_t i, size_t j) {
   int16_t a_minus_b = vec->elements[j] - vec->elements[i];
+  int16_t a_plus_b = vec->elements[j] + vec->elements[i];
   int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
-      vec->elements[i] + vec->elements[j]);
+      a_plus_b);
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           a_minus_b, zeta);
@@ -1415,12 +1431,11 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
 KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
-    size_t i, size_t j,
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
-  int16_t ai = a->elements[i];
-  int16_t bi = b->elements[i];
-  int16_t aj = a->elements[j];
-  int16_t bj = b->elements[j];
+    size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
+  int16_t ai = a->elements[(size_t)2U * i];
+  int16_t bi = b->elements[(size_t)2U * i];
+  int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
+  int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
   int32_t ai_bi = (int32_t)ai * (int32_t)bi;
   int32_t aj_bj_ = (int32_t)aj * (int32_t)bj;
   int16_t aj_bj =
@@ -1437,8 +1452,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
           ai_bj_aj_bi);
-  out->elements[i] = o0;
-  out->elements[j] = o1;
+  int16_t _out0[16U];
+  memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t));
+  out->elements[(size_t)2U * i] = o0;
+  out->elements[(size_t)2U * i + (size_t)1U] = o1;
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1452,22 +1469,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
   int16_t nzeta3 = -zeta3;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
       libcrux_ml_kem_vector_portable_vector_type_zero();
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0,
+                                                            (size_t)0U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0,
+                                                            (size_t)1U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1,
+                                                            (size_t)2U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1,
+                                                            (size_t)3U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2,
+                                                            (size_t)4U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2,
+                                                            (size_t)5U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3,
+                                                            (size_t)6U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3,
+                                                            (size_t)7U, &out);
   return out;
 }
 
@@ -1507,6 +1524,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1(
   ret[1U] = result1;
 }
 
+void libcrux_ml_kem_vector_portable_serialize_1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[2U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1514,7 +1537,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_1_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_1(a, ret);
 }
 
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1601,13 +1624,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
   return lit;
 }
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+  return libcrux_ml_kem_vector_portable_deserialize_1(a);
 }
 
 KRML_MUSTINLINE uint8_t_x4
@@ -1657,6 +1685,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4(
   ret[7U] = result4_7.f3;
 }
 
+void libcrux_ml_kem_vector_portable_serialize_4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[8U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1664,7 +1698,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_4_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_4(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -1734,13 +1768,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
   return lit;
 }
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+  return libcrux_ml_kem_vector_portable_deserialize_4(a);
 }
 
 KRML_MUSTINLINE uint8_t_x5
@@ -1788,6 +1827,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5(
   ret[9U] = r5_9.f4;
 }
 
+void libcrux_ml_kem_vector_portable_serialize_5(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[10U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1795,7 +1840,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_5_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_5(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -1876,13 +1921,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
   return lit;
 }
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+  return libcrux_ml_kem_vector_portable_deserialize_5(a);
 }
 
 KRML_MUSTINLINE uint8_t_x5
@@ -1956,6 +2006,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10(
   ret[19U] = r15_19.f4;
 }
 
+void libcrux_ml_kem_vector_portable_serialize_10(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[20U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1963,7 +2019,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_10_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_10(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x8
@@ -2052,13 +2108,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
   return lit;
 }
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+  return libcrux_ml_kem_vector_portable_deserialize_10(a);
 }
 
 KRML_MUSTINLINE uint8_t_x3
@@ -2126,6 +2187,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12(
   ret[23U] = r21_23.thd;
 }
 
+void libcrux_ml_kem_vector_portable_serialize_12(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[24U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2133,7 +2200,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 void libcrux_ml_kem_vector_portable_serialize_12_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_12(a, ret);
 }
 
 KRML_MUSTINLINE int16_t_x2
@@ -2191,13 +2258,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
   return lit;
 }
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+  return libcrux_ml_kem_vector_portable_deserialize_12(a);
 }
 
 KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(
@@ -2290,8 +2362,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_1b(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_ef_8c(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
   lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
   lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
   lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
@@ -2317,9 +2389,9 @@ libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_reduced_ring_element_a5(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_to_reduced_ring_element_8c(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -2340,9 +2412,9 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d0(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -2353,8 +2425,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_a5(ring_element);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        deserialize_to_reduced_ring_element_8c(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -2365,16 +2437,20 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_531(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_d0(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_da(public_key, deserialized_pk);
+                  deserialized_pk[i] = ZERO_ef_8c(););
+  deserialize_ring_elements_reduced_d0(public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[4U];
+  memcpy(
+      result, deserialized_pk,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(
-      ret, deserialized_pk,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, result,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -2383,7 +2459,7 @@ with const generics
 - SHIFT_BY= 15
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+shift_right_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -2402,8 +2478,8 @@ with const generics
 - SHIFT_BY= 15
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_0d_9d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return shift_right_95(v);
+shift_right_0d_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+  return shift_right_ef(v);
 }
 
 /**
@@ -2413,10 +2489,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_representative_7c(
+to_unsigned_representative_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      shift_right_0d_9d(a);
+      shift_right_0d_ef(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
       libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -2430,10 +2506,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_field_modulus_b0(
+to_unsigned_field_modulus_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      to_unsigned_representative_7c(a);
+      to_unsigned_representative_8c(a);
   return result;
 }
 
@@ -2443,14 +2519,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8b(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        to_unsigned_field_modulus_b0(re->coefficients[i0]);
+        to_unsigned_field_modulus_8c(re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -2470,25 +2546,25 @@ with const generics
 - K= 4
 - OUT_LEN= 1536
 */
-static KRML_MUSTINLINE void serialize_secret_key_5a(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
+static KRML_MUSTINLINE void serialize_secret_key_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key,
     uint8_t ret[1536U]) {
   uint8_t out[1536U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)4U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_8b(&re, ret0);
+    serialize_uncompressed_ring_element_8c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -2503,13 +2579,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_3c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_mut_00(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1536U, uint8_t);
   uint8_t ret[1536U];
-  serialize_secret_key_5a(t_as_ntt, ret);
+  serialize_secret_key_ff(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -2526,14 +2602,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-static KRML_MUSTINLINE void serialize_public_key_07(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_00(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
   uint8_t public_key_serialized[1568U] = {0U};
-  serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1568U];
-  memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  serialize_public_key_mut_00(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -2544,15 +2618,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
 - PUBLIC_KEY_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
-  deserialize_ring_elements_reduced_out_531(
+bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[4U];
+  deserialize_ring_elements_reduced_out_d0(
       Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_07(
+  serialize_public_key_00(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
                                       uint8_t, size_t),
@@ -2570,7 +2644,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void H_f1_d5(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
 
@@ -2582,11 +2656,11 @@ with const generics
 - SECRET_KEY_SIZE= 3168
 - CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_ae(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_b5(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) {
   uint8_t t[32U];
-  H_f1_d5(Eurydice_array_to_subslice2(
+  H_f1_ac(Eurydice_array_to_subslice2(
               private_key->value, (size_t)384U * (size_t)4U,
               (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
           t);
@@ -2603,9 +2677,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $4size_t
 */
-typedef struct IndCpaPrivateKeyUnpacked_42_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
-} IndCpaPrivateKeyUnpacked_42;
+typedef struct IndCpaPrivateKeyUnpacked_af_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
+} IndCpaPrivateKeyUnpacked_af;
 
 /**
 This function found in impl {(core::default::Default for
@@ -2618,12 +2692,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static IndCpaPrivateKeyUnpacked_42 default_1a_e9(void) {
-  IndCpaPrivateKeyUnpacked_42 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_1b();
-  lit.secret_as_ntt[1U] = ZERO_ef_1b();
-  lit.secret_as_ntt[2U] = ZERO_ef_1b();
-  lit.secret_as_ntt[3U] = ZERO_ef_1b();
+static IndCpaPrivateKeyUnpacked_af default_1a_d0(void) {
+  IndCpaPrivateKeyUnpacked_af lit;
+  lit.secret_as_ntt[0U] = ZERO_ef_8c();
+  lit.secret_as_ntt[1U] = ZERO_ef_8c();
+  lit.secret_as_ntt[2U] = ZERO_ef_8c();
+  lit.secret_as_ntt[3U] = ZERO_ef_8c();
   return lit;
 }
 
@@ -2633,11 +2707,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $4size_t
 */
-typedef struct IndCpaPublicKeyUnpacked_42_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U];
+typedef struct IndCpaPublicKeyUnpacked_af_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[4U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U];
-} IndCpaPublicKeyUnpacked_42;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[4U][4U];
+} IndCpaPublicKeyUnpacked_af;
 
 /**
 This function found in impl {(core::default::Default for
@@ -2650,32 +2724,32 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static IndCpaPublicKeyUnpacked_42 default_8d_d1(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U];
+static IndCpaPublicKeyUnpacked_af default_8d_d0(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_1b(););
+                  uu____0[i] = ZERO_ef_8c(););
   uint8_t uu____1[32U] = {0U};
-  IndCpaPublicKeyUnpacked_42 lit;
+  IndCpaPublicKeyUnpacked_af lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_1b();
-  lit.A[0U][1U] = ZERO_ef_1b();
-  lit.A[0U][2U] = ZERO_ef_1b();
-  lit.A[0U][3U] = ZERO_ef_1b();
-  lit.A[1U][0U] = ZERO_ef_1b();
-  lit.A[1U][1U] = ZERO_ef_1b();
-  lit.A[1U][2U] = ZERO_ef_1b();
-  lit.A[1U][3U] = ZERO_ef_1b();
-  lit.A[2U][0U] = ZERO_ef_1b();
-  lit.A[2U][1U] = ZERO_ef_1b();
-  lit.A[2U][2U] = ZERO_ef_1b();
-  lit.A[2U][3U] = ZERO_ef_1b();
-  lit.A[3U][0U] = ZERO_ef_1b();
-  lit.A[3U][1U] = ZERO_ef_1b();
-  lit.A[3U][2U] = ZERO_ef_1b();
-  lit.A[3U][3U] = ZERO_ef_1b();
+  lit.A[0U][0U] = ZERO_ef_8c();
+  lit.A[0U][1U] = ZERO_ef_8c();
+  lit.A[0U][2U] = ZERO_ef_8c();
+  lit.A[0U][3U] = ZERO_ef_8c();
+  lit.A[1U][0U] = ZERO_ef_8c();
+  lit.A[1U][1U] = ZERO_ef_8c();
+  lit.A[1U][2U] = ZERO_ef_8c();
+  lit.A[1U][3U] = ZERO_ef_8c();
+  lit.A[2U][0U] = ZERO_ef_8c();
+  lit.A[2U][1U] = ZERO_ef_8c();
+  lit.A[2U][2U] = ZERO_ef_8c();
+  lit.A[2U][3U] = ZERO_ef_8c();
+  lit.A[3U][0U] = ZERO_ef_8c();
+  lit.A[3U][1U] = ZERO_ef_8c();
+  lit.A[3U][2U] = ZERO_ef_8c();
+  lit.A[3U][3U] = ZERO_ef_8c();
   return lit;
 }
 
@@ -2688,7 +2762,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void G_f1_87(Eurydice_slice input, uint8_t ret[64U]) {
+static KRML_MUSTINLINE void G_f1_ac(Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_portable_G(input, ret);
 }
 
@@ -2702,7 +2776,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_57(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_03(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -2713,7 +2787,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_57(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)4U;
   uint8_t ret0[64U];
-  G_f1_87(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
+  G_f1_ac(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
 
@@ -2722,9 +2796,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
 with const generics
 - $4size_t
 */
-typedef struct PortableHash_d1_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U];
-} PortableHash_d1;
+typedef struct PortableHash_44_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[4U];
+} PortableHash_44;
 
 /**
 A monomorphic instance of
@@ -2732,9 +2806,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE PortableHash_d1
-shake128_init_absorb_final_24(uint8_t input[4U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U];
+static KRML_MUSTINLINE PortableHash_44
+shake128_init_absorb_final_ac(uint8_t input[4U][34U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[4U];
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init(););
@@ -2744,12 +2818,12 @@ shake128_init_absorb_final_24(uint8_t input[4U][34U]) {
           &shake128_state[i0],
           Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)););
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U];
+  libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[4U];
   memcpy(copy_of_shake128_state, shake128_state,
-         (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
-  PortableHash_d1 lit;
+         (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
+  PortableHash_44 lit;
   memcpy(lit.shake128_state, copy_of_shake128_state,
-         (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
+         (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
   return lit;
 }
 
@@ -2763,12 +2837,12 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE PortableHash_d1
-shake128_init_absorb_final_f1_31(uint8_t input[4U][34U]) {
+static KRML_MUSTINLINE PortableHash_44
+shake128_init_absorb_final_f1_ac(uint8_t input[4U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[4U][34U];
   memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U]));
-  return shake128_init_absorb_final_24(copy_of_input);
+  return shake128_init_absorb_final_ac(copy_of_input);
 }
 
 /**
@@ -2777,8 +2851,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with
 const generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_63(
-    PortableHash_d1 *st, uint8_t ret[4U][504U]) {
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_ac(
+    PortableHash_44 *st, uint8_t ret[4U][504U]) {
   uint8_t out[4U][504U] = {{0U}};
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
@@ -2798,9 +2872,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_2f(
-    PortableHash_d1 *self, uint8_t ret[4U][504U]) {
-  shake128_squeeze_first_three_blocks_63(self, ret);
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_ac(
+    PortableHash_44 *self, uint8_t ret[4U][504U]) {
+  shake128_squeeze_first_three_blocks_ac(self, ret);
 }
 
 /**
@@ -2851,7 +2925,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 - N= 504
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_71(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff(
     uint8_t randomness[4U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR4(
@@ -2889,8 +2963,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_11(
-    PortableHash_d1 *st, uint8_t ret[4U][168U]) {
+static KRML_MUSTINLINE void shake128_squeeze_next_block_ac(
+    PortableHash_44 *st, uint8_t ret[4U][168U]) {
   uint8_t out[4U][168U] = {{0U}};
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
@@ -2910,9 +2984,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c4(
-    PortableHash_d1 *self, uint8_t ret[4U][168U]) {
-  shake128_squeeze_next_block_11(self, ret);
+static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_ac(
+    PortableHash_44 *self, uint8_t ret[4U][168U]) {
+  shake128_squeeze_next_block_ac(self, ret);
 }
 
 /**
@@ -2963,7 +3037,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 4
 - N= 168
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_710(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff0(
     uint8_t randomness[4U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR4(
@@ -3006,9 +3080,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-from_i16_array_ef_54(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+from_i16_array_ef_8c(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3028,9 +3102,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const
 generics
 - K= 4
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_eb(
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b(
     int16_t s[272U]) {
-  return from_i16_array_ef_54(
+  return from_i16_array_ef_8c(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -3041,45 +3115,45 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE void sample_from_xof_bf(
+static KRML_MUSTINLINE void sample_from_xof_2b(
     uint8_t seeds[4U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
   size_t sampled_coefficients[4U] = {0U};
   int16_t out[4U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[4U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U]));
-  PortableHash_d1 xof_state = shake128_init_absorb_final_f1_31(copy_of_seeds);
+  PortableHash_44 xof_state = shake128_init_absorb_final_f1_ac(copy_of_seeds);
   uint8_t randomness0[4U][504U];
-  shake128_squeeze_first_three_blocks_f1_2f(&xof_state, randomness0);
+  shake128_squeeze_first_three_blocks_f1_ac(&xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[4U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
-  bool done = sample_from_uniform_distribution_next_71(
+  bool done = sample_from_uniform_distribution_next_ff(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[4U][168U];
-      shake128_squeeze_next_block_f1_c4(&xof_state, randomness);
+      shake128_squeeze_next_block_f1_ac(&xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[4U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)4U * sizeof(uint8_t[168U]));
-      done = sample_from_uniform_distribution_next_710(
+      done = sample_from_uniform_distribution_next_ff0(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[4U][272U];
   memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  ret0[i] = closure_eb(copy_of_out[i]););
+                  ret0[i] = closure_2b(copy_of_out[i]););
   memcpy(
       ret, ret0,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -3089,8 +3163,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const
 generics
 - K= 4
 */
-static KRML_MUSTINLINE void sample_matrix_A_0d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U],
+static KRML_MUSTINLINE void sample_matrix_A_2b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[4U],
     uint8_t seed[34U], bool transpose) {
   KRML_MAYBE_FOR4(
       i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0;
@@ -3105,25 +3179,23 @@ static KRML_MUSTINLINE void sample_matrix_A_0d(
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_seeds[4U][34U];
       memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U]));
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U];
-      sample_from_xof_bf(copy_of_seeds, sampled);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[4U];
+      sample_from_xof_2b(copy_of_seeds, sampled);
       for (size_t i = (size_t)0U;
            i < Eurydice_slice_len(
                    Eurydice_array_to_slice(
                        (size_t)4U, sampled,
-                       libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                       libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
            i++) {
         size_t j = i;
-        libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j];
+        libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
         if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
         }
-      }
-
-  );
+      });
 }
 
 /**
@@ -3132,7 +3204,7 @@ with const generics
 - K= 4
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_af(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_44(uint8_t (*input)[33U],
                                      uint8_t ret[4U][128U]) {
   uint8_t out[4U][128U] = {{0U}};
   KRML_MAYBE_FOR4(
@@ -3153,9 +3225,9 @@ with const generics
 - K= 4
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_f1_13(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_f1_44(uint8_t (*input)[33U],
                                         uint8_t ret[4U][128U]) {
-  PRFxN_af(input, ret);
+  PRFxN_44(input, ret);
 }
 
 /**
@@ -3164,8 +3236,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-sample_from_binomial_distribution_2_48(Eurydice_slice randomness) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+sample_from_binomial_distribution_2_8c(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
@@ -3199,7 +3271,7 @@ sample_from_binomial_distribution_2_48(Eurydice_slice randomness) {
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_54(
+  return from_i16_array_ef_8c(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3209,8 +3281,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-sample_from_binomial_distribution_3_3a(Eurydice_slice randomness) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+sample_from_binomial_distribution_3_8c(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) {
@@ -3243,7 +3315,7 @@ sample_from_binomial_distribution_3_3a(Eurydice_slice randomness) {
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_54(
+  return from_i16_array_ef_8c(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3253,9 +3325,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - ETA= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-sample_from_binomial_distribution_6b(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_2_48(randomness);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+sample_from_binomial_distribution_a0(Eurydice_slice randomness) {
+  return sample_from_binomial_distribution_2_8c(randomness);
 }
 
 /**
@@ -3264,8 +3336,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_97(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_7_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
@@ -3292,7 +3364,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-montgomery_multiply_fe_ad(
+montgomery_multiply_fe_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
                                                                            fer);
@@ -3306,12 +3378,12 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    ntt_layer_int_vec_step_57(
+    ntt_layer_int_vec_step_8c(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      montgomery_multiply_fe_ad(b, zeta_r);
+      montgomery_multiply_fe_8c(b, zeta_r);
   b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
   a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
   return (
@@ -3325,8 +3397,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_bf(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -3338,7 +3410,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_bf(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          ntt_layer_int_vec_step_57(
+          ntt_layer_int_vec_step_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3355,8 +3427,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_d0(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_3_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -3373,8 +3445,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_76(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_2_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -3392,8 +3464,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_5d(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void ntt_at_layer_1_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -3418,8 +3490,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_17(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3436,17 +3508,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d8(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
-  ntt_at_layer_7_97(re);
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
+  ntt_at_layer_7_8c(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_d0(&zeta_i, re);
-  ntt_at_layer_2_76(&zeta_i, re);
-  ntt_at_layer_1_5d(&zeta_i, re);
-  poly_barrett_reduce_ef_17(re);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_8c(&zeta_i, re);
+  ntt_at_layer_2_8c(&zeta_i, re);
+  ntt_at_layer_1_8c(&zeta_i, re);
+  poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -3458,8 +3530,8 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -3468,16 +3540,18 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[4U][128U];
-  PRFxN_f1_13(prf_inputs, prf_outputs);
+  PRFxN_f1_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-      re_as_ntt[i0] = sample_from_binomial_distribution_6b(
+      re_as_ntt[i0] = sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -3487,10 +3561,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_portable_vector_type_PortableVector[4size_t], uint8_t
 
 */
-typedef struct tuple_710_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[4U];
+typedef struct tuple_dd0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[4U];
   uint8_t snd;
-} tuple_710;
+} tuple_dd0;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out
@@ -3501,27 +3575,27 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb(
+static KRML_MUSTINLINE tuple_dd0 sample_vector_cbd_then_ntt_out_3b(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_1b(););
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
+                  re_as_ntt[i] = ZERO_ef_8c(););
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_b1(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_3b(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[4U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_710 result;
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_dd0 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3535,10 +3609,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-ntt_multiply_ef_45(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3568,9 +3642,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_5d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
+static KRML_MUSTINLINE void add_to_ring_element_ef_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
@@ -3593,7 +3667,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_standard_domain_bf(
+to_standard_domain_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -3610,14 +3684,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]);
+        coefficient_normal_form = to_standard_domain_8c(self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3632,37 +3706,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_As_plus_e_c7(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) {
+static KRML_MUSTINLINE void compute_As_plus_e_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[4U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)4U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_1b();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)4U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_5d(&t_as_ntt[i0], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          ntt_multiply_ef_8c(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_d0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_8c(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -3675,47 +3749,47 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_e9(
+static void generate_keypair_unpacked_1c(
     Eurydice_slice key_generation_seed,
-    IndCpaPrivateKeyUnpacked_42 *private_key,
-    IndCpaPublicKeyUnpacked_42 *public_key) {
+    IndCpaPrivateKeyUnpacked_af *private_key,
+    IndCpaPublicKeyUnpacked_af *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_57(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_03(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[4U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret);
-  sample_matrix_A_0d(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  sample_matrix_A_2b(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_b1(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_3b(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[4U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_c7(public_key->t_as_ntt, public_key->A,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  compute_As_plus_e_d0(public_key->t_as_ntt, public_key->A,
                        private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
-  core_result_Result_00 dst;
+  core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  core_result_unwrap_26_33(dst, uu____5);
+  core_result_unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -3731,18 +3805,18 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501(
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_151(
     Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9();
-  IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1();
-  generate_keypair_unpacked_e9(key_generation_seed, &private_key, &public_key);
+  IndCpaPrivateKeyUnpacked_af private_key = default_1a_d0();
+  IndCpaPublicKeyUnpacked_af public_key = default_8d_d0();
+  generate_keypair_unpacked_1c(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1568U];
-  serialize_public_key_07(
+  serialize_public_key_00(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_ff(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -3751,12 +3825,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501(
   uint8_t copy_of_public_key_serialized[1568U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair1024 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1536U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1568U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -3766,7 +3840,7 @@ with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_d4(
+static KRML_MUSTINLINE void serialize_kem_secret_key_60(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
   uint8_t out[3168U] = {0U};
@@ -3792,7 +3866,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d4(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  H_f1_d5(public_key, ret0);
+  H_f1_ac(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -3822,7 +3896,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_f81(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -3831,13 +3905,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 =
-      generate_keypair_501(ind_cpa_keypair_randomness);
+      generate_keypair_151(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1536U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t));
   uint8_t public_key[1568U];
   memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
   uint8_t secret_key_serialized[3168U];
-  serialize_kem_secret_key_d4(
+  serialize_kem_secret_key_60(
       Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -3845,14 +3919,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[3168U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
-      libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_83 private_key =
+      libcrux_ml_kem_types_from_7f_39(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_83 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee1(
-      uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_94(
+      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
 }
 
 /**
@@ -3865,7 +3939,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_03(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3882,11 +3956,11 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_710
-sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
+static KRML_MUSTINLINE tuple_dd0
+sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  error_1[i] = ZERO_ef_1b(););
+                  error_1[i] = ZERO_ef_8c(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -3894,28 +3968,30 @@ sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[4U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[4U][128U];
-  PRFxN_f1_13(prf_inputs, prf_outputs);
+  PRFxN_f1_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 =
-          sample_from_binomial_distribution_6b(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 =
+          sample_from_binomial_distribution_a0(
               Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
       error_1[i0] = uu____1;);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[4U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_710 result;
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_dd0 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3923,7 +3999,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
 with const generics
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_f70(Eurydice_slice input, uint8_t ret[128U]) {
+static KRML_MUSTINLINE void PRF_a6(Eurydice_slice input, uint8_t ret[128U]) {
   uint8_t digest[128U] = {0U};
   libcrux_sha3_portable_shake256(
       Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input);
@@ -3940,9 +4016,9 @@ with const generics
 - K= 4
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_f1_9f0(Eurydice_slice input,
+static KRML_MUSTINLINE void PRF_f1_440(Eurydice_slice input,
                                        uint8_t ret[128U]) {
-  PRF_f70(input, ret);
+  PRF_a6(input, ret);
 }
 
 /**
@@ -3951,8 +4027,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_08(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -3972,8 +4048,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_91(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -3991,8 +4067,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_41(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -4011,7 +4087,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    inv_ntt_layer_int_vec_step_reduce_13(
+    inv_ntt_layer_int_vec_step_reduce_8c(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
@@ -4019,7 +4095,7 @@ static KRML_MUSTINLINE
       libcrux_ml_kem_vector_portable_sub_0d(b, &a);
   a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
       libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = montgomery_multiply_fe_ad(a_minus_b, zeta_r);
+  b = montgomery_multiply_fe_8c(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -4031,8 +4107,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -4046,7 +4122,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_13(
+          inv_ntt_layer_int_vec_step_reduce_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -4063,18 +4139,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_55(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void invert_ntt_montgomery_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_08(&zeta_i, re);
-  invert_ntt_at_layer_2_91(&zeta_i, re);
-  invert_ntt_at_layer_3_41(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_17(re);
+  invert_ntt_at_layer_1_8c(&zeta_i, re);
+  invert_ntt_at_layer_2_8c(&zeta_i, re);
+  invert_ntt_at_layer_3_8c(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -4088,9 +4164,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_4d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
+static KRML_MUSTINLINE void add_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
@@ -4112,46 +4188,42 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void compute_vector_u_b8(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U];
+static KRML_MUSTINLINE void compute_vector_u_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[4U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  result0[i] = ZERO_ef_1b(););
+                  result[i] = ZERO_ef_8c(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)4U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)4U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_5d(&result0[i1], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_d0(&result[i1], &product);
     }
-    invert_ntt_montgomery_55(&result0[i1]);
-    add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
+    invert_ntt_montgomery_d0(&result[i1]);
+    add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
-  memcpy(
-      result, result0,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -4161,7 +4233,7 @@ with const generics
 
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_1_78(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+decompress_1_8c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
       libcrux_ml_kem_vector_portable_ZERO_0d();
   libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
@@ -4178,9 +4250,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_message with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_message_e3(uint8_t serialized[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_message_8c(uint8_t serialized[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4190,7 +4262,7 @@ deserialize_then_decompress_message_e3(uint8_t serialized[32U]) {
                                               (size_t)2U * i0 + (size_t)2U,
                                               uint8_t));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-          decompress_1_78(coefficient_compressed);
+          decompress_1_8c(coefficient_compressed);
       re.coefficients[i0] = uu____0;);
   return re;
 }
@@ -4206,11 +4278,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-add_message_error_reduce_ef_21(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+add_message_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -4236,19 +4308,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_1e(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+compute_ring_element_v_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_5d(&result, &product););
-  invert_ntt_montgomery_55(&result);
-  result = add_message_error_reduce_ef_21(error_2, message, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+                      ntt_multiply_ef_8c(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_d0(&result, &product););
+  invert_ntt_montgomery_d0(&result);
+  result = add_message_error_reduce_ef_8c(error_2, message, result);
   return result;
 }
 
@@ -4258,7 +4330,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_61(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4279,9 +4351,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fe(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_61(a);
+  return compress_ef(a);
 }
 
 /**
@@ -4290,7 +4362,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_610(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_c4(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4311,9 +4383,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
 with const generics
 - COEFFICIENT_BITS= 11
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_fe0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_610(a);
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_c4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_c4(a);
 }
 
 /**
@@ -4322,14 +4394,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_11_a9(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
+static KRML_MUSTINLINE void compress_then_serialize_11_54(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[352U]) {
   uint8_t serialized[352U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_fe0(to_unsigned_representative_7c(re->coefficients[i0]));
+        compress_0d_c4(to_unsigned_representative_8c(re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -4347,11 +4419,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 11
 - OUT_LEN= 352
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b5(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
-  uint8_t uu____0[352U];
-  compress_then_serialize_11_a9(re, uu____0);
-  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_82(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[352U]) {
+  uint8_t result[352U];
+  compress_then_serialize_11_54(re, result);
+  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
 }
 
 /**
@@ -4363,23 +4435,23 @@ with const generics
 - COMPRESSION_FACTOR= 11
 - BLOCK_LEN= 352
 */
-static void compress_then_serialize_u_cd(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U],
+static void compress_then_serialize_u_2f(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[4U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)4U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)1408U / (size_t)4U),
         (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
-    compress_then_serialize_ring_element_u_b5(&re, ret);
+    compress_then_serialize_ring_element_u_82(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
   }
@@ -4391,7 +4463,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_611(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4412,9 +4484,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
 with const generics
 - COEFFICIENT_BITS= 4
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_fe1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_611(a);
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_d1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_d1(a);
 }
 
 /**
@@ -4423,14 +4495,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_06(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
+static KRML_MUSTINLINE void compress_then_serialize_4_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_fe1(to_unsigned_field_modulus_b0(re.coefficients[i0]));
+        compress_0d_d1(to_unsigned_field_modulus_8c(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
     Eurydice_slice_copy(
@@ -4446,7 +4518,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_612(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_f4(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
@@ -4467,9 +4539,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
 with const generics
 - COEFFICIENT_BITS= 5
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_fe2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return compress_612(a);
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_f4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return compress_f4(a);
 }
 
 /**
@@ -4478,14 +4550,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_69(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
+static KRML_MUSTINLINE void compress_then_serialize_5_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        compress_0d_fe2(to_unsigned_representative_7c(re.coefficients[i0]));
+        compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
     Eurydice_slice_copy(
@@ -4502,9 +4574,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  compress_then_serialize_5_69(re, out);
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
+  compress_then_serialize_5_8c(re, out);
 }
 
 /**
@@ -4525,57 +4597,57 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key,
+static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key,
                                 uint8_t message[32U], Eurydice_slice randomness,
                                 uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U];
+  tuple_dd0 uu____1 = sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input0, 0U);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[4U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_710 uu____3 =
-      sample_ring_element_cbd_7f(copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
+  tuple_dd0 uu____3 =
+      sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[4U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  PRF_f1_9f0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
+  PRF_f1_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 =
-      sample_from_binomial_distribution_6b(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 =
+      sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U];
-  compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[4U];
+  compute_vector_u_d0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_e3(copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_1e(public_key->t_as_ntt, r_as_ntt, &error_2,
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
+      deserialize_then_decompress_message_8c(copy_of_message);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      compute_ring_element_v_d0(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[4U];
   memcpy(
       uu____5, u,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_cd(
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  compress_then_serialize_u_2f(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_cf(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
+  compress_then_serialize_ring_element_v_8e(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -4599,26 +4671,26 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_2a1(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[1568U]) {
-  IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1();
-  deserialize_ring_elements_reduced_da(
+  IndCpaPublicKeyUnpacked_af unpacked_public_key = default_8d_d0();
+  deserialize_ring_elements_reduced_d0(
       Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[4U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed, ret0);
-  sample_matrix_A_0d(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key;
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  sample_matrix_A_2b(uu____0, ret0, false);
+  IndCpaPublicKeyUnpacked_af *uu____1 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1568U];
-  encrypt_unpacked_c3(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
+  uint8_t ret1[1568U];
+  encrypt_unpacked_2a(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4632,7 +4704,7 @@ with const generics
 - K= 4
 - CIPHERTEXT_SIZE= 1568
 */
-static KRML_MUSTINLINE void kdf_d8_19(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_60(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4659,27 +4731,27 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
+tuple_fa libcrux_ml_kem_ind_cca_encapsulate_ca1(
+    libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_62(
+  entropy_preprocess_d8_03(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  H_f1_d5(Eurydice_array_to_slice(
-              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key),
+  H_f1_ac(Eurydice_array_to_slice(
+              (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_af(public_key),
               uint8_t),
           ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  G_f1_87(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
+  G_f1_ac(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -4687,25 +4759,25 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t);
+      (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_af(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1568U];
-  encrypt_4b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_2a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
-      libcrux_ml_kem_types_from_01_45(copy_of_ciphertext);
+  libcrux_ml_kem_types_MlKemCiphertext_64 ciphertext0 =
+      libcrux_ml_kem_types_from_01_af(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_19(shared_secret, shared_secret_array);
-  libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
+  kdf_d8_60(shared_secret, shared_secret_array);
+  libcrux_ml_kem_types_MlKemCiphertext_64 uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_21 lit;
+  tuple_fa lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -4717,9 +4789,9 @@ libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_uncompressed_ring_element_07(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -4738,12 +4810,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void deserialize_secret_key_121(
+static KRML_MUSTINLINE void deserialize_secret_key_d0(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_1b(););
+                  secret_as_ntt[i] = ZERO_ef_8c(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -4754,17 +4826,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_121(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_07(secret_bytes);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        deserialize_to_uncompressed_ring_element_8c(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, result,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, secret_as_ntt,
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -4774,18 +4842,18 @@ const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_ef(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
     decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -4799,9 +4867,9 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea(
+decompress_ciphertext_coefficient_0d_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_4a(v);
+  return decompress_ciphertext_coefficient_ef(v);
 }
 
 /**
@@ -4810,16 +4878,15 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_10_5c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice(
-              (size_t)16U, re.coefficients,
-              libcrux_ml_kem_vector_portable_vector_type_PortableVector),
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_10_8c(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+  size_t _coefficients_length = Eurydice_slice_len(
+      Eurydice_array_to_slice(
+          (size_t)16U, re.coefficients,
           libcrux_ml_kem_vector_portable_vector_type_PortableVector),
-      size_t, void *);
+      libcrux_ml_kem_vector_portable_vector_type_PortableVector);
+  LowStar_Ignore_ignore(_coefficients_length, size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
@@ -4828,7 +4895,7 @@ deserialize_then_decompress_10_5c(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_ea(coefficient);
+        decompress_ciphertext_coefficient_0d_ef(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4841,18 +4908,18 @@ const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a0(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_c4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
     decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -4866,9 +4933,9 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea0(
+decompress_ciphertext_coefficient_0d_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_4a0(v);
+  return decompress_ciphertext_coefficient_c4(v);
 }
 
 /**
@@ -4877,9 +4944,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_11_77(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_11_8c(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
@@ -4888,7 +4955,7 @@ deserialize_then_decompress_11_77(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_ea0(coefficient);
+        decompress_ciphertext_coefficient_0d_c4(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4900,9 +4967,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_cd(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_77(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_ring_element_u_5e(Eurydice_slice serialized) {
+  return deserialize_then_decompress_11_8c(serialized);
 }
 
 /**
@@ -4911,17 +4978,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void ntt_vector_u_2c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void ntt_vector_u_5e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_d0(&zeta_i, re);
-  ntt_at_layer_2_76(&zeta_i, re);
-  ntt_at_layer_1_5d(&zeta_i, re);
-  poly_barrett_reduce_ef_17(re);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_8c(&zeta_i, re);
+  ntt_at_layer_2_8c(&zeta_i, re);
+  ntt_at_layer_1_8c(&zeta_i, re);
+  poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -4932,12 +4999,12 @@ with const generics
 - CIPHERTEXT_SIZE= 1568
 - U_COMPRESSION_FACTOR= 11
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_bb(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_00(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_1b(););
+                  u_as_ntt[i] = ZERO_ef_8c(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t),
@@ -4955,12 +5022,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)11U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd(u_bytes);
-    ntt_vector_u_2c(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_5e(u_bytes);
+    ntt_vector_u_5e(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -4970,18 +5037,18 @@ const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_d1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
     decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -4995,9 +5062,9 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea1(
+decompress_ciphertext_coefficient_0d_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_4a1(v);
+  return decompress_ciphertext_coefficient_d1(v);
 }
 
 /**
@@ -5006,9 +5073,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_4_b1(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_4_8c(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
@@ -5017,7 +5084,7 @@ deserialize_then_decompress_4_b1(Eurydice_slice serialized) {
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_ea1(coefficient);
+        decompress_ciphertext_coefficient_0d_d1(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5030,18 +5097,18 @@ const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a2(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+decompress_ciphertext_coefficient_f4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
     decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -5055,9 +5122,9 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea2(
+decompress_ciphertext_coefficient_0d_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_4a2(v);
+  return decompress_ciphertext_coefficient_f4(v);
 }
 
 /**
@@ -5066,9 +5133,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_5_7b(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_5_8c(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
@@ -5077,7 +5144,7 @@ deserialize_then_decompress_5_7b(Eurydice_slice serialized) {
     re.coefficients[i0] =
         libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        decompress_ciphertext_coefficient_0d_ea2(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_0d_f4(re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
   return re;
@@ -5089,9 +5156,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 5
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_ce(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_7b(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) {
+  return deserialize_then_decompress_5_8c(serialized);
 }
 
 /**
@@ -5105,9 +5172,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-subtract_reduce_ef_92(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -5130,18 +5197,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_82(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+compute_message_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_5d(&result, &product););
-  invert_ntt_montgomery_55(&result);
-  result = subtract_reduce_ef_92(v, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+                      ntt_multiply_ef_8c(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_d0(&result, &product););
+  invert_ntt_montgomery_d0(&result);
+  result = subtract_reduce_ef_8c(v, result);
   return result;
 }
 
@@ -5151,13 +5218,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_15(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void compress_then_serialize_message_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-          to_unsigned_field_modulus_b0(re.coefficients[i0]);
+          to_unsigned_field_modulus_8c(re.coefficients[i0]);
       libcrux_ml_kem_vector_portable_vector_type_PortableVector
           coefficient_compressed =
               libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
@@ -5183,18 +5250,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_unpacked_c9(IndCpaPrivateKeyUnpacked_42 *secret_key,
+static void decrypt_unpacked_7d(IndCpaPrivateKeyUnpacked_af *secret_key,
                                 uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
-  deserialize_then_decompress_u_bb(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_ce(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U];
+  deserialize_then_decompress_u_00(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      deserialize_then_decompress_ring_element_v_9f(
           Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                           (size_t)1408U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_82(&v, secret_key->secret_as_ntt, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
+      compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_15(message, ret0);
+  compress_then_serialize_message_8c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5208,22 +5275,22 @@ with const generics
 - U_COMPRESSION_FACTOR= 11
 - V_COMPRESSION_FACTOR= 5
 */
-static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext,
-                        uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
-  deserialize_secret_key_121(secret_key, secret_as_ntt);
+static void decrypt_7d(Eurydice_slice secret_key, uint8_t *ciphertext,
+                       uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
+  deserialize_secret_key_d0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[4U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  IndCpaPrivateKeyUnpacked_42 secret_key_unpacked;
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  IndCpaPrivateKeyUnpacked_af secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  decrypt_unpacked_c9(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  uint8_t ret0[32U];
+  decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5231,7 +5298,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
 with const generics
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_f7(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void PRF_9e(Eurydice_slice input, uint8_t ret[32U]) {
   uint8_t digest[32U] = {0U};
   libcrux_sha3_portable_shake256(
       Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
@@ -5248,8 +5315,8 @@ with const generics
 - K= 4
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_f1_9f(Eurydice_slice input, uint8_t ret[32U]) {
-  PRF_f7(input, ret);
+static KRML_MUSTINLINE void PRF_f1_44(Eurydice_slice input, uint8_t ret[32U]) {
+  PRF_9e(input, ret);
 }
 
 /**
@@ -5274,9 +5341,9 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
 */
-void libcrux_ml_kem_ind_cca_decapsulate_191(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
+void libcrux_ml_kem_ind_cca_decapsulate_621(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t),
       (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5292,9 +5359,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_191(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_dc1(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_7d(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -5302,7 +5369,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  G_f1_87(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
+  G_f1_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -5310,31 +5377,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_191(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1600U];
-  libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_af(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
+  PRF_f1_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_4b1(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_2a1(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_19(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_60(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_19(shared_secret0, shared_secret1);
+  kdf_d8_60(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_af(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5349,9 +5416,9 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a0(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -5362,8 +5429,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_a5(ring_element);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        deserialize_to_reduced_ring_element_8c(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -5374,16 +5441,20 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_530(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_a0(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_da0(public_key, deserialized_pk);
+                  deserialized_pk[i] = ZERO_ef_8c(););
+  deserialize_ring_elements_reduced_a0(public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[2U];
   memcpy(
-      ret, deserialized_pk,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      result, deserialized_pk,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  memcpy(
+      ret, result,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -5393,25 +5464,25 @@ with const generics
 - K= 2
 - OUT_LEN= 768
 */
-static KRML_MUSTINLINE void serialize_secret_key_5a0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
+static KRML_MUSTINLINE void serialize_secret_key_64(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key,
     uint8_t ret[768U]) {
   uint8_t out[768U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)2U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_8b(&re, ret0);
+    serialize_uncompressed_ring_element_8c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -5426,13 +5497,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_3c0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_mut_86(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)768U, uint8_t);
   uint8_t ret[768U];
-  serialize_secret_key_5a0(t_as_ntt, ret);
+  serialize_secret_key_64(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -5449,14 +5520,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-static KRML_MUSTINLINE void serialize_public_key_070(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_86(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[800U]) {
   uint8_t public_key_serialized[800U] = {0U};
-  serialize_public_key_mut_3c0(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[800U];
-  memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
+  serialize_public_key_mut_86(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
 }
 
 /**
@@ -5467,15 +5536,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 768
 - PUBLIC_KEY_SIZE= 800
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
-  deserialize_ring_elements_reduced_out_530(
+bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[2U];
+  deserialize_ring_elements_reduced_out_a0(
       Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[800U];
-  serialize_public_key_070(
+  serialize_public_key_86(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
                                       uint8_t, size_t),
@@ -5493,7 +5562,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void H_f1_d50(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
 
@@ -5505,14 +5574,14 @@ with const generics
 - SECRET_KEY_SIZE= 1632
 - CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_b4(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_fb(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) {
   uint8_t t[32U];
-  H_f1_d50(Eurydice_array_to_subslice2(
-               private_key->value, (size_t)384U * (size_t)2U,
-               (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
-           t);
+  H_f1_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
+          t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
       (size_t)768U * (size_t)2U + (size_t)64U, uint8_t);
@@ -5526,9 +5595,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $2size_t
 */
-typedef struct IndCpaPrivateKeyUnpacked_ae_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
-} IndCpaPrivateKeyUnpacked_ae;
+typedef struct IndCpaPrivateKeyUnpacked_d4_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
+} IndCpaPrivateKeyUnpacked_d4;
 
 /**
 This function found in impl {(core::default::Default for
@@ -5541,10 +5610,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static IndCpaPrivateKeyUnpacked_ae default_1a_e90(void) {
-  IndCpaPrivateKeyUnpacked_ae lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_1b();
-  lit.secret_as_ntt[1U] = ZERO_ef_1b();
+static IndCpaPrivateKeyUnpacked_d4 default_1a_a0(void) {
+  IndCpaPrivateKeyUnpacked_d4 lit;
+  lit.secret_as_ntt[0U] = ZERO_ef_8c();
+  lit.secret_as_ntt[1U] = ZERO_ef_8c();
   return lit;
 }
 
@@ -5554,11 +5623,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $2size_t
 */
-typedef struct IndCpaPublicKeyUnpacked_ae_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U];
+typedef struct IndCpaPublicKeyUnpacked_d4_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[2U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U];
-} IndCpaPublicKeyUnpacked_ae;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[2U][2U];
+} IndCpaPublicKeyUnpacked_d4;
 
 /**
 This function found in impl {(core::default::Default for
@@ -5571,20 +5640,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static IndCpaPublicKeyUnpacked_ae default_8d_d10(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U];
+static IndCpaPublicKeyUnpacked_d4 default_8d_a0(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_1b(););
+                  uu____0[i] = ZERO_ef_8c(););
   uint8_t uu____1[32U] = {0U};
-  IndCpaPublicKeyUnpacked_ae lit;
+  IndCpaPublicKeyUnpacked_d4 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_1b();
-  lit.A[0U][1U] = ZERO_ef_1b();
-  lit.A[1U][0U] = ZERO_ef_1b();
-  lit.A[1U][1U] = ZERO_ef_1b();
+  lit.A[0U][0U] = ZERO_ef_8c();
+  lit.A[0U][1U] = ZERO_ef_8c();
+  lit.A[1U][0U] = ZERO_ef_8c();
+  lit.A[1U][1U] = ZERO_ef_8c();
   return lit;
 }
 
@@ -5597,7 +5666,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void G_f1_870(Eurydice_slice input, uint8_t ret[64U]) {
+static KRML_MUSTINLINE void G_f1_fd(Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_portable_G(input, ret);
 }
 
@@ -5611,7 +5680,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_36(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_10(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -5622,7 +5691,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_36(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)2U;
   uint8_t ret0[64U];
-  G_f1_870(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
+  G_f1_fd(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
 
@@ -5631,9 +5700,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
 with const generics
 - $2size_t
 */
-typedef struct PortableHash_8b_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U];
-} PortableHash_8b;
+typedef struct PortableHash_cf_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[2U];
+} PortableHash_cf;
 
 /**
 A monomorphic instance of
@@ -5641,9 +5710,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE PortableHash_8b
-shake128_init_absorb_final_240(uint8_t input[2U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U];
+static KRML_MUSTINLINE PortableHash_cf
+shake128_init_absorb_final_fd(uint8_t input[2U][34U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[2U];
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init(););
@@ -5653,12 +5722,12 @@ shake128_init_absorb_final_240(uint8_t input[2U][34U]) {
           &shake128_state[i0],
           Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)););
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U];
+  libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[2U];
   memcpy(copy_of_shake128_state, shake128_state,
-         (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
-  PortableHash_8b lit;
+         (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
+  PortableHash_cf lit;
   memcpy(lit.shake128_state, copy_of_shake128_state,
-         (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
+         (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
   return lit;
 }
 
@@ -5672,12 +5741,12 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE PortableHash_8b
-shake128_init_absorb_final_f1_310(uint8_t input[2U][34U]) {
+static KRML_MUSTINLINE PortableHash_cf
+shake128_init_absorb_final_f1_fd(uint8_t input[2U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[2U][34U];
   memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U]));
-  return shake128_init_absorb_final_240(copy_of_input);
+  return shake128_init_absorb_final_fd(copy_of_input);
 }
 
 /**
@@ -5686,8 +5755,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with
 const generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_630(
-    PortableHash_8b *st, uint8_t ret[2U][504U]) {
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_fd(
+    PortableHash_cf *st, uint8_t ret[2U][504U]) {
   uint8_t out[2U][504U] = {{0U}};
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
@@ -5707,9 +5776,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_2f0(
-    PortableHash_8b *self, uint8_t ret[2U][504U]) {
-  shake128_squeeze_first_three_blocks_630(self, ret);
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_fd(
+    PortableHash_cf *self, uint8_t ret[2U][504U]) {
+  shake128_squeeze_first_three_blocks_fd(self, ret);
 }
 
 /**
@@ -5760,7 +5829,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 - N= 504
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_711(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_64(
     uint8_t randomness[2U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR2(
@@ -5798,8 +5867,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_110(
-    PortableHash_8b *st, uint8_t ret[2U][168U]) {
+static KRML_MUSTINLINE void shake128_squeeze_next_block_fd(
+    PortableHash_cf *st, uint8_t ret[2U][168U]) {
   uint8_t out[2U][168U] = {{0U}};
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
@@ -5819,9 +5888,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c40(
-    PortableHash_8b *self, uint8_t ret[2U][168U]) {
-  shake128_squeeze_next_block_110(self, ret);
+static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_fd(
+    PortableHash_cf *self, uint8_t ret[2U][168U]) {
+  shake128_squeeze_next_block_fd(self, ret);
 }
 
 /**
@@ -5872,7 +5941,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 2
 - N= 168
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_712(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_640(
     uint8_t randomness[2U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR2(
@@ -5911,9 +5980,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const
 generics
 - K= 2
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_eb0(
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b0(
     int16_t s[272U]) {
-  return from_i16_array_ef_54(
+  return from_i16_array_ef_8c(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -5924,45 +5993,45 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE void sample_from_xof_bf0(
+static KRML_MUSTINLINE void sample_from_xof_2b0(
     uint8_t seeds[2U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
   size_t sampled_coefficients[2U] = {0U};
   int16_t out[2U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[2U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U]));
-  PortableHash_8b xof_state = shake128_init_absorb_final_f1_310(copy_of_seeds);
+  PortableHash_cf xof_state = shake128_init_absorb_final_f1_fd(copy_of_seeds);
   uint8_t randomness0[2U][504U];
-  shake128_squeeze_first_three_blocks_f1_2f0(&xof_state, randomness0);
+  shake128_squeeze_first_three_blocks_f1_fd(&xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[2U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
-  bool done = sample_from_uniform_distribution_next_711(
+  bool done = sample_from_uniform_distribution_next_64(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[2U][168U];
-      shake128_squeeze_next_block_f1_c40(&xof_state, randomness);
+      shake128_squeeze_next_block_f1_fd(&xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[2U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)2U * sizeof(uint8_t[168U]));
-      done = sample_from_uniform_distribution_next_712(
+      done = sample_from_uniform_distribution_next_640(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[2U][272U];
   memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  ret0[i] = closure_eb0(copy_of_out[i]););
+                  ret0[i] = closure_2b0(copy_of_out[i]););
   memcpy(
       ret, ret0,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -5972,8 +6041,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const
 generics
 - K= 2
 */
-static KRML_MUSTINLINE void sample_matrix_A_0d0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U],
+static KRML_MUSTINLINE void sample_matrix_A_2b0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[2U],
     uint8_t seed[34U], bool transpose) {
   KRML_MAYBE_FOR2(
       i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0;
@@ -5988,25 +6057,23 @@ static KRML_MUSTINLINE void sample_matrix_A_0d0(
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_seeds[2U][34U];
       memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U]));
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U];
-      sample_from_xof_bf0(copy_of_seeds, sampled);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[2U];
+      sample_from_xof_2b0(copy_of_seeds, sampled);
       for (size_t i = (size_t)0U;
            i < Eurydice_slice_len(
                    Eurydice_array_to_slice(
                        (size_t)2U, sampled,
-                       libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                       libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
            i++) {
         size_t j = i;
-        libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j];
+        libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
         if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
         }
-      }
-
-  );
+      });
 }
 
 /**
@@ -6015,8 +6082,8 @@ with const generics
 - K= 2
 - LEN= 192
 */
-static KRML_MUSTINLINE void PRFxN_af0(uint8_t (*input)[33U],
-                                      uint8_t ret[2U][192U]) {
+static KRML_MUSTINLINE void PRFxN_49(uint8_t (*input)[33U],
+                                     uint8_t ret[2U][192U]) {
   uint8_t out[2U][192U] = {{0U}};
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
@@ -6036,9 +6103,9 @@ with const generics
 - K= 2
 - LEN= 192
 */
-static KRML_MUSTINLINE void PRFxN_f1_130(uint8_t (*input)[33U],
-                                         uint8_t ret[2U][192U]) {
-  PRFxN_af0(input, ret);
+static KRML_MUSTINLINE void PRFxN_f1_49(uint8_t (*input)[33U],
+                                        uint8_t ret[2U][192U]) {
+  PRFxN_49(input, ret);
 }
 
 /**
@@ -6047,9 +6114,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - ETA= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-sample_from_binomial_distribution_6b0(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_3_3a(randomness);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+sample_from_binomial_distribution_1b(Eurydice_slice randomness) {
+  return sample_from_binomial_distribution_3_8c(randomness);
 }
 
 /**
@@ -6061,8 +6128,8 @@ generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -6071,16 +6138,18 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[2U][192U];
-  PRFxN_f1_130(prf_inputs, prf_outputs);
+  PRFxN_f1_49(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-      re_as_ntt[i0] = sample_from_binomial_distribution_6b0(
+      re_as_ntt[i0] = sample_from_binomial_distribution_1b(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6090,10 +6159,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t
 
 */
-typedef struct tuple_740_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U];
+typedef struct tuple_400_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[2U];
   uint8_t snd;
-} tuple_740;
+} tuple_400;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out
@@ -6104,27 +6173,27 @@ generics
 - ETA= 3
 - ETA_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0(
+static KRML_MUSTINLINE tuple_400 sample_vector_cbd_then_ntt_out_3b0(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_1b(););
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
+                  re_as_ntt[i] = ZERO_ef_8c(););
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_b10(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_3b0(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[2U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_740 result;
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_400 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -6138,9 +6207,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_5d0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
+static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
@@ -6162,37 +6231,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_As_plus_e_c70(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) {
+static KRML_MUSTINLINE void compute_As_plus_e_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[2U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)2U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_1b();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)2U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_5d0(&t_as_ntt[i0], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          ntt_multiply_ef_8c(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_a0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_8c(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6205,47 +6274,47 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static void generate_keypair_unpacked_e90(
+static void generate_keypair_unpacked_1c0(
     Eurydice_slice key_generation_seed,
-    IndCpaPrivateKeyUnpacked_ae *private_key,
-    IndCpaPublicKeyUnpacked_ae *public_key) {
+    IndCpaPrivateKeyUnpacked_d4 *private_key,
+    IndCpaPublicKeyUnpacked_d4 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_36(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_10(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[2U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret);
-  sample_matrix_A_0d0(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  sample_matrix_A_2b0(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_b10(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_3b0(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[2U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_c70(public_key->t_as_ntt, public_key->A,
-                        private_key->secret_as_ntt, error_as_ntt);
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  compute_As_plus_e_a0(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
-  core_result_Result_00 dst;
+  core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  core_result_unwrap_26_33(dst, uu____5);
+  core_result_unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -6261,18 +6330,18 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500(
+static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_150(
     Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90();
-  IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10();
-  generate_keypair_unpacked_e90(key_generation_seed, &private_key, &public_key);
+  IndCpaPrivateKeyUnpacked_d4 private_key = default_1a_a0();
+  IndCpaPublicKeyUnpacked_d4 public_key = default_8d_a0();
+  generate_keypair_unpacked_1c0(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[800U];
-  serialize_public_key_070(
+  serialize_public_key_86(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_5a0(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_64(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6281,12 +6350,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500(
   uint8_t copy_of_public_key_serialized[800U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair512 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair512 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)768U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)800U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -6296,7 +6365,7 @@ with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_a1(
+static KRML_MUSTINLINE void serialize_kem_secret_key_30(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
   uint8_t out[1632U] = {0U};
@@ -6322,7 +6391,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a1(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  H_f1_d50(public_key, ret0);
+  H_f1_fd(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -6351,8 +6420,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 3
 - ETA1_RANDOMNESS_SIZE= 192
 */
-libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
+libcrux_ml_kem_types_MlKemKeyPair_3e
+libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6361,13 +6430,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 =
-      generate_keypair_500(ind_cpa_keypair_randomness);
+      generate_keypair_150(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[768U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t));
   uint8_t public_key[800U];
   memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
   uint8_t secret_key_serialized[1632U];
-  serialize_kem_secret_key_a1(
+  serialize_kem_secret_key_30(
       Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -6375,14 +6444,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[1632U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
-      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_fa private_key =
+      libcrux_ml_kem_types_from_7f_2a(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_fa uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee(
-      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_fa(
+      uu____2, libcrux_ml_kem_types_from_5a_4d(copy_of_public_key));
 }
 
 /**
@@ -6395,7 +6464,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_89(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_10(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6409,7 +6478,7 @@ with const generics
 - K= 2
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_af1(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_490(uint8_t (*input)[33U],
                                       uint8_t ret[2U][128U]) {
   uint8_t out[2U][128U] = {{0U}};
   KRML_MAYBE_FOR2(
@@ -6430,9 +6499,9 @@ with const generics
 - K= 2
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_f1_131(uint8_t (*input)[33U],
+static KRML_MUSTINLINE void PRFxN_f1_490(uint8_t (*input)[33U],
                                          uint8_t ret[2U][128U]) {
-  PRFxN_af1(input, ret);
+  PRFxN_490(input, ret);
 }
 
 /**
@@ -6444,11 +6513,11 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_740
-sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
+static KRML_MUSTINLINE tuple_400
+sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  error_1[i] = ZERO_ef_1b(););
+                  error_1[i] = ZERO_ef_8c(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -6456,28 +6525,30 @@ sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[2U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[2U][128U];
-  PRFxN_f1_131(prf_inputs, prf_outputs);
+  PRFxN_f1_490(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 =
-          sample_from_binomial_distribution_6b(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 =
+          sample_from_binomial_distribution_a0(
               Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
       error_1[i0] = uu____1;);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[2U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_740 result;
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_400 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -6490,9 +6561,9 @@ with const generics
 - K= 2
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_f1_9f2(Eurydice_slice input,
+static KRML_MUSTINLINE void PRF_f1_490(Eurydice_slice input,
                                        uint8_t ret[128U]) {
-  PRF_f70(input, ret);
+  PRF_a6(input, ret);
 }
 
 /**
@@ -6501,18 +6572,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_550(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void invert_ntt_montgomery_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_08(&zeta_i, re);
-  invert_ntt_at_layer_2_91(&zeta_i, re);
-  invert_ntt_at_layer_3_41(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_17(re);
+  invert_ntt_at_layer_1_8c(&zeta_i, re);
+  invert_ntt_at_layer_2_8c(&zeta_i, re);
+  invert_ntt_at_layer_3_8c(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -6521,46 +6592,42 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void compute_vector_u_b80(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U];
+static KRML_MUSTINLINE void compute_vector_u_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[2U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  result0[i] = ZERO_ef_1b(););
+                  result[i] = ZERO_ef_8c(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)2U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)2U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_5d0(&result0[i1], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_a0(&result[i1], &product);
     }
-    invert_ntt_montgomery_550(&result0[i1]);
-    add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
+    invert_ntt_montgomery_a0(&result[i1]);
+    add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
-  memcpy(
-      result, result0,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -6569,19 +6636,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_1e0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+compute_ring_element_v_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_5d0(&result, &product););
-  invert_ntt_montgomery_550(&result);
-  result = add_message_error_reduce_ef_21(error_2, message, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+                      ntt_multiply_ef_8c(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_a0(&result, &product););
+  invert_ntt_montgomery_a0(&result);
+  result = add_message_error_reduce_ef_8c(error_2, message, result);
   return result;
 }
 
@@ -6591,14 +6658,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_10_470(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
+static KRML_MUSTINLINE void compress_then_serialize_10_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_fe(to_unsigned_field_modulus_b0(re->coefficients[i0]));
+        compress_0d_ef(to_unsigned_field_modulus_8c(re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -6618,11 +6685,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 - OUT_LEN= 320
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b50(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  compress_then_serialize_10_470(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fe(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
+  uint8_t result[320U];
+  compress_then_serialize_10_ff(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -6634,23 +6701,23 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_cd0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U],
+static void compress_then_serialize_u_6d(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[2U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)2U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)640U / (size_t)2U),
         (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_b50(&re, ret);
+    compress_then_serialize_ring_element_u_fe(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -6663,9 +6730,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  compress_then_serialize_4_06(re, out);
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
+  compress_then_serialize_4_8c(re, out);
 }
 
 /**
@@ -6686,58 +6753,58 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key,
+static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_740 uu____1 =
-      sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U];
+  tuple_400 uu____1 =
+      sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input0, 0U);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[2U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_740 uu____3 =
-      sample_ring_element_cbd_7f0(copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
+  tuple_400 uu____3 =
+      sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[2U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  PRF_f1_9f2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
+  PRF_f1_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 =
-      sample_from_binomial_distribution_6b(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 =
+      sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U];
-  compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[2U];
+  compute_vector_u_a0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_e3(copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_1e0(public_key->t_as_ntt, r_as_ntt, &error_2,
-                                 &message_as_ring_element);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
+      deserialize_then_decompress_message_8c(copy_of_message);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      compute_ring_element_v_a0(public_key->t_as_ntt, r_as_ntt, &error_2,
+                                &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[2U];
   memcpy(
       uu____5, u,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_cd0(
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  compress_then_serialize_u_6d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_cf0(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
+  compress_then_serialize_ring_element_v_ff0(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -6761,26 +6828,26 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_2a0(Eurydice_slice public_key, uint8_t message[32U],
                         Eurydice_slice randomness, uint8_t ret[768U]) {
-  IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10();
-  deserialize_ring_elements_reduced_da0(
+  IndCpaPublicKeyUnpacked_d4 unpacked_public_key = default_8d_a0();
+  deserialize_ring_elements_reduced_a0(
       Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[2U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[2U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed, ret0);
-  sample_matrix_A_0d0(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_ae *uu____1 = &unpacked_public_key;
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  sample_matrix_A_2b0(uu____0, ret0, false);
+  IndCpaPublicKeyUnpacked_d4 *uu____1 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[768U];
-  encrypt_unpacked_c30(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
+  uint8_t ret1[768U];
+  encrypt_unpacked_2a0(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -6794,7 +6861,7 @@ with const generics
 - K= 2
 - CIPHERTEXT_SIZE= 768
 */
-static KRML_MUSTINLINE void kdf_d8_ab(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_30(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6821,27 +6888,27 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
+tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0(
+    libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_89(
+  entropy_preprocess_d8_10(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  H_f1_d50(Eurydice_array_to_slice(
-               (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key),
-               uint8_t),
-           ret);
+  H_f1_fd(Eurydice_array_to_slice(
+              (size_t)800U, libcrux_ml_kem_types_as_slice_fd_4d(public_key),
+              uint8_t),
+          ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  G_f1_870(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
+  G_f1_fd(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -6849,25 +6916,25 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t);
+      (size_t)800U, libcrux_ml_kem_types_as_slice_fd_4d(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[768U];
-  encrypt_4b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_2a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
-      libcrux_ml_kem_types_from_01_450(copy_of_ciphertext);
+  libcrux_ml_kem_types_MlKemCiphertext_1a ciphertext0 =
+      libcrux_ml_kem_types_from_01_d0(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_ab(shared_secret, shared_secret_array);
-  libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
+  kdf_d8_30(shared_secret, shared_secret_array);
+  libcrux_ml_kem_types_MlKemCiphertext_1a uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_ec lit;
+  tuple_41 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -6879,12 +6946,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void deserialize_secret_key_120(
+static KRML_MUSTINLINE void deserialize_secret_key_a0(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_1b(););
+                  secret_as_ntt[i] = ZERO_ef_8c(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -6895,17 +6962,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_120(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_07(secret_bytes);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        deserialize_to_uncompressed_ring_element_8c(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  memcpy(
-      ret, result,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, secret_as_ntt,
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -6914,9 +6977,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_cd0(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_5c(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_ring_element_u_0a(Eurydice_slice serialized) {
+  return deserialize_then_decompress_10_8c(serialized);
 }
 
 /**
@@ -6925,17 +6988,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void ntt_vector_u_2c0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void ntt_vector_u_0a(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_d0(&zeta_i, re);
-  ntt_at_layer_2_76(&zeta_i, re);
-  ntt_at_layer_1_5d(&zeta_i, re);
-  poly_barrett_reduce_ef_17(re);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_8c(&zeta_i, re);
+  ntt_at_layer_2_8c(&zeta_i, re);
+  ntt_at_layer_1_8c(&zeta_i, re);
+  poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -6946,12 +7009,12 @@ with const generics
 - CIPHERTEXT_SIZE= 768
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_86(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_1b(););
+                  u_as_ntt[i] = ZERO_ef_8c(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t),
@@ -6969,12 +7032,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes);
-    ntt_vector_u_2c0(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0a(u_bytes);
+    ntt_vector_u_0a(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -6983,9 +7046,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_ce0(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_b1(serialized);
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_ring_element_v_d0(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_8c(serialized);
 }
 
 /**
@@ -6994,18 +7057,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_820(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+compute_message_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_5d0(&result, &product););
-  invert_ntt_montgomery_550(&result);
-  result = subtract_reduce_ef_92(v, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+                      ntt_multiply_ef_8c(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_a0(&result, &product););
+  invert_ntt_montgomery_a0(&result);
+  result = subtract_reduce_ef_8c(v, result);
   return result;
 }
 
@@ -7019,18 +7082,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_c90(IndCpaPrivateKeyUnpacked_ae *secret_key,
-                                 uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
-  deserialize_then_decompress_u_bb0(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_ce0(
+static void decrypt_unpacked_d1(IndCpaPrivateKeyUnpacked_d4 *secret_key,
+                                uint8_t *ciphertext, uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U];
+  deserialize_then_decompress_u_86(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      deserialize_then_decompress_ring_element_v_d0(
           Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                           (size_t)640U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_820(&v, secret_key->secret_as_ntt, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
+      compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_15(message, ret0);
+  compress_then_serialize_message_8c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7044,22 +7107,22 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext,
-                        uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
-  deserialize_secret_key_120(secret_key, secret_as_ntt);
+static void decrypt_d1(Eurydice_slice secret_key, uint8_t *ciphertext,
+                       uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
+  deserialize_secret_key_a0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[2U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  IndCpaPrivateKeyUnpacked_ae secret_key_unpacked;
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  IndCpaPrivateKeyUnpacked_d4 secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  decrypt_unpacked_c90(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  uint8_t ret0[32U];
+  decrypt_unpacked_d1(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7072,8 +7135,8 @@ with const generics
 - K= 2
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_f1_9f1(Eurydice_slice input, uint8_t ret[32U]) {
-  PRF_f7(input, ret);
+static KRML_MUSTINLINE void PRF_f1_49(Eurydice_slice input, uint8_t ret[32U]) {
+  PRF_9e(input, ret);
 }
 
 /**
@@ -7098,9 +7161,9 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
 */
-void libcrux_ml_kem_ind_cca_decapsulate_190(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
+void libcrux_ml_kem_ind_cca_decapsulate_620(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t),
       (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2);
@@ -7116,9 +7179,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_190(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_dc0(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_d1(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -7126,7 +7189,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  G_f1_870(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
+  G_f1_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -7134,31 +7197,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_190(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[800U];
-  libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
-             implicit_rejection_shared_secret0);
+  PRF_f1_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
+            implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_4b0(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_2a0(uu____5, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_ab(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_30(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_ab(shared_secret0, shared_secret1);
+  kdf_d8_30(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -7173,9 +7236,9 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -7186,8 +7249,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_reduced_ring_element_a5(ring_element);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        deserialize_to_reduced_ring_element_8c(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -7198,16 +7261,20 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_53(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_1b(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_1b(););
-  deserialize_ring_elements_reduced_da1(public_key, deserialized_pk);
+                  deserialized_pk[i] = ZERO_ef_8c(););
+  deserialize_ring_elements_reduced_1b(public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
+  memcpy(
+      result, deserialized_pk,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(
-      ret, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, result,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -7217,25 +7284,25 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void serialize_secret_key_5a1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
+static KRML_MUSTINLINE void serialize_secret_key_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_8b(&re, ret0);
+    serialize_uncompressed_ring_element_8c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -7250,13 +7317,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_mut_3c1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_mut_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  serialize_secret_key_5a1(t_as_ntt, ret);
+  serialize_secret_key_89(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -7273,14 +7340,12 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void serialize_public_key_071(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void serialize_public_key_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  serialize_public_key_mut_3c1(t_as_ntt, seed_for_a, public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized);
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -7291,15 +7356,15 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
-  deserialize_ring_elements_reduced_out_53(
+bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
+  deserialize_ring_elements_reduced_out_1b(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_071(
+  serialize_public_key_6c(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -7317,7 +7382,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void H_f1_d51(Eurydice_slice input, uint8_t ret[32U]) {
+static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
 
@@ -7329,14 +7394,14 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_33(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+bool libcrux_ml_kem_ind_cca_validate_private_key_37(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
-  H_f1_d51(Eurydice_array_to_subslice2(
-               private_key->value, (size_t)384U * (size_t)3U,
-               (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
-           t);
+  H_f1_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
+          t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
       (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
@@ -7350,9 +7415,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $3size_t
 */
-typedef struct IndCpaPrivateKeyUnpacked_f8_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-} IndCpaPrivateKeyUnpacked_f8;
+typedef struct IndCpaPrivateKeyUnpacked_a0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
+} IndCpaPrivateKeyUnpacked_a0;
 
 /**
 This function found in impl {(core::default::Default for
@@ -7365,11 +7430,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static IndCpaPrivateKeyUnpacked_f8 default_1a_e91(void) {
-  IndCpaPrivateKeyUnpacked_f8 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_1b();
-  lit.secret_as_ntt[1U] = ZERO_ef_1b();
-  lit.secret_as_ntt[2U] = ZERO_ef_1b();
+static IndCpaPrivateKeyUnpacked_a0 default_1a_1b(void) {
+  IndCpaPrivateKeyUnpacked_a0 lit;
+  lit.secret_as_ntt[0U] = ZERO_ef_8c();
+  lit.secret_as_ntt[1U] = ZERO_ef_8c();
+  lit.secret_as_ntt[2U] = ZERO_ef_8c();
   return lit;
 }
 
@@ -7379,11 +7444,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $3size_t
 */
-typedef struct IndCpaPublicKeyUnpacked_f8_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
+typedef struct IndCpaPublicKeyUnpacked_a0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
-} IndCpaPublicKeyUnpacked_f8;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
+} IndCpaPublicKeyUnpacked_a0;
 
 /**
 This function found in impl {(core::default::Default for
@@ -7396,25 +7461,25 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static IndCpaPublicKeyUnpacked_f8 default_8d_d11(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U];
+static IndCpaPublicKeyUnpacked_a0 default_8d_1b(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_1b(););
+                  uu____0[i] = ZERO_ef_8c(););
   uint8_t uu____1[32U] = {0U};
-  IndCpaPublicKeyUnpacked_f8 lit;
+  IndCpaPublicKeyUnpacked_a0 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_1b();
-  lit.A[0U][1U] = ZERO_ef_1b();
-  lit.A[0U][2U] = ZERO_ef_1b();
-  lit.A[1U][0U] = ZERO_ef_1b();
-  lit.A[1U][1U] = ZERO_ef_1b();
-  lit.A[1U][2U] = ZERO_ef_1b();
-  lit.A[2U][0U] = ZERO_ef_1b();
-  lit.A[2U][1U] = ZERO_ef_1b();
-  lit.A[2U][2U] = ZERO_ef_1b();
+  lit.A[0U][0U] = ZERO_ef_8c();
+  lit.A[0U][1U] = ZERO_ef_8c();
+  lit.A[0U][2U] = ZERO_ef_8c();
+  lit.A[1U][0U] = ZERO_ef_8c();
+  lit.A[1U][1U] = ZERO_ef_8c();
+  lit.A[1U][2U] = ZERO_ef_8c();
+  lit.A[2U][0U] = ZERO_ef_8c();
+  lit.A[2U][1U] = ZERO_ef_8c();
+  lit.A[2U][2U] = ZERO_ef_8c();
   return lit;
 }
 
@@ -7427,7 +7492,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void G_f1_871(Eurydice_slice input, uint8_t ret[64U]) {
+static KRML_MUSTINLINE void G_f1_e0(Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_portable_G(input, ret);
 }
 
@@ -7441,7 +7506,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_9c(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -7452,7 +7517,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)3U;
   uint8_t ret0[64U];
-  G_f1_871(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
+  G_f1_e0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
 
@@ -7461,9 +7526,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
 with const generics
 - $3size_t
 */
-typedef struct PortableHash_58_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
-} PortableHash_58;
+typedef struct PortableHash_88_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U];
+} PortableHash_88;
 
 /**
 A monomorphic instance of
@@ -7471,9 +7536,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE PortableHash_58
-shake128_init_absorb_final_241(uint8_t input[3U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
+static KRML_MUSTINLINE PortableHash_88
+shake128_init_absorb_final_e0(uint8_t input[3U][34U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U];
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init(););
@@ -7483,12 +7548,12 @@ shake128_init_absorb_final_241(uint8_t input[3U][34U]) {
           &shake128_state[i0],
           Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)););
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U];
+  libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[3U];
   memcpy(copy_of_shake128_state, shake128_state,
-         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
-  PortableHash_58 lit;
+         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
+  PortableHash_88 lit;
   memcpy(lit.shake128_state, copy_of_shake128_state,
-         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
+         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
   return lit;
 }
 
@@ -7502,12 +7567,12 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE PortableHash_58
-shake128_init_absorb_final_f1_311(uint8_t input[3U][34U]) {
+static KRML_MUSTINLINE PortableHash_88
+shake128_init_absorb_final_f1_e0(uint8_t input[3U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[3U][34U];
   memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U]));
-  return shake128_init_absorb_final_241(copy_of_input);
+  return shake128_init_absorb_final_e0(copy_of_input);
 }
 
 /**
@@ -7516,8 +7581,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with
 const generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_631(
-    PortableHash_58 *st, uint8_t ret[3U][504U]) {
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_e0(
+    PortableHash_88 *st, uint8_t ret[3U][504U]) {
   uint8_t out[3U][504U] = {{0U}};
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
@@ -7537,9 +7602,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_2f1(
-    PortableHash_58 *self, uint8_t ret[3U][504U]) {
-  shake128_squeeze_first_three_blocks_631(self, ret);
+static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_e0(
+    PortableHash_88 *self, uint8_t ret[3U][504U]) {
+  shake128_squeeze_first_three_blocks_e0(self, ret);
 }
 
 /**
@@ -7590,7 +7655,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 - N= 504
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_713(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89(
     uint8_t randomness[3U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR3(
@@ -7628,8 +7693,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_111(
-    PortableHash_58 *st, uint8_t ret[3U][168U]) {
+static KRML_MUSTINLINE void shake128_squeeze_next_block_e0(
+    PortableHash_88 *st, uint8_t ret[3U][168U]) {
   uint8_t out[3U][168U] = {{0U}};
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
@@ -7649,9 +7714,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c41(
-    PortableHash_58 *self, uint8_t ret[3U][168U]) {
-  shake128_squeeze_next_block_111(self, ret);
+static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_e0(
+    PortableHash_88 *self, uint8_t ret[3U][168U]) {
+  shake128_squeeze_next_block_e0(self, ret);
 }
 
 /**
@@ -7702,7 +7767,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 - N= 168
 */
-static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_714(
+static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890(
     uint8_t randomness[3U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   KRML_MAYBE_FOR3(
@@ -7741,9 +7806,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
 generics
 - K= 3
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_eb1(
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b1(
     int16_t s[272U]) {
-  return from_i16_array_ef_54(
+  return from_i16_array_ef_8c(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -7754,45 +7819,45 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void sample_from_xof_bf1(
+static KRML_MUSTINLINE void sample_from_xof_2b1(
     uint8_t seeds[3U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   size_t sampled_coefficients[3U] = {0U};
   int16_t out[3U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[3U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
-  PortableHash_58 xof_state = shake128_init_absorb_final_f1_311(copy_of_seeds);
+  PortableHash_88 xof_state = shake128_init_absorb_final_f1_e0(copy_of_seeds);
   uint8_t randomness0[3U][504U];
-  shake128_squeeze_first_three_blocks_f1_2f1(&xof_state, randomness0);
+  shake128_squeeze_first_three_blocks_f1_e0(&xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[3U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
-  bool done = sample_from_uniform_distribution_next_713(
+  bool done = sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[3U][168U];
-      shake128_squeeze_next_block_f1_c41(&xof_state, randomness);
+      shake128_squeeze_next_block_f1_e0(&xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[3U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)3U * sizeof(uint8_t[168U]));
-      done = sample_from_uniform_distribution_next_714(
+      done = sample_from_uniform_distribution_next_890(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[3U][272U];
   memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  ret0[i] = closure_eb1(copy_of_out[i]););
+                  ret0[i] = closure_2b1(copy_of_out[i]););
   memcpy(
       ret, ret0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -7802,8 +7867,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void sample_matrix_A_0d1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U],
+static KRML_MUSTINLINE void sample_matrix_A_2b1(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U],
     uint8_t seed[34U], bool transpose) {
   KRML_MAYBE_FOR3(
       i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0;
@@ -7818,25 +7883,23 @@ static KRML_MUSTINLINE void sample_matrix_A_0d1(
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_seeds[3U][34U];
       memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U];
-      sample_from_xof_bf1(copy_of_seeds, sampled);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U];
+      sample_from_xof_2b1(copy_of_seeds, sampled);
       for (size_t i = (size_t)0U;
            i < Eurydice_slice_len(
                    Eurydice_array_to_slice(
                        (size_t)3U, sampled,
-                       libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                       libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
            i++) {
         size_t j = i;
-        libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j];
+        libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
         if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
         }
-      }
-
-  );
+      });
 }
 
 /**
@@ -7845,8 +7908,8 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_af2(uint8_t (*input)[33U],
-                                      uint8_t ret[3U][128U]) {
+static KRML_MUSTINLINE void PRFxN_41(uint8_t (*input)[33U],
+                                     uint8_t ret[3U][128U]) {
   uint8_t out[3U][128U] = {{0U}};
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
@@ -7866,9 +7929,9 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRFxN_f1_132(uint8_t (*input)[33U],
-                                         uint8_t ret[3U][128U]) {
-  PRFxN_af2(input, ret);
+static KRML_MUSTINLINE void PRFxN_f1_41(uint8_t (*input)[33U],
+                                        uint8_t ret[3U][128U]) {
+  PRFxN_41(input, ret);
 }
 
 /**
@@ -7880,8 +7943,8 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b1(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -7890,16 +7953,18 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[3U][128U];
-  PRFxN_f1_132(prf_inputs, prf_outputs);
+  PRFxN_f1_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-      re_as_ntt[i0] = sample_from_binomial_distribution_6b(
+      re_as_ntt[i0] = sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -7909,10 +7974,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t
 
 */
-typedef struct tuple_b00_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U];
+typedef struct tuple_230_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U];
   uint8_t snd;
-} tuple_b00;
+} tuple_230;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out
@@ -7923,27 +7988,27 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1(
+static KRML_MUSTINLINE tuple_230 sample_vector_cbd_then_ntt_out_3b1(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_1b(););
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
+                  re_as_ntt[i] = ZERO_ef_8c(););
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
   domain_separator =
-      sample_vector_cbd_then_ntt_b11(uu____0, uu____1, domain_separator);
+      sample_vector_cbd_then_ntt_3b1(uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b00 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_230 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -7957,9 +8022,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_5d1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
+static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
@@ -7981,37 +8046,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_As_plus_e_c71(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) {
+static KRML_MUSTINLINE void compute_As_plus_e_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_1b();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)3U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
-      add_to_ring_element_ef_5d1(&t_as_ntt[i0], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          ntt_multiply_ef_8c(matrix_element, &s_as_ntt[j]);
+      add_to_ring_element_ef_1b(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_8c(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -8024,47 +8089,47 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static void generate_keypair_unpacked_e91(
+static void generate_keypair_unpacked_1c1(
     Eurydice_slice key_generation_seed,
-    IndCpaPrivateKeyUnpacked_f8 *private_key,
-    IndCpaPublicKeyUnpacked_f8 *public_key) {
+    IndCpaPrivateKeyUnpacked_a0 *private_key,
+    IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_d1(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret);
-  sample_matrix_A_0d1(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  sample_matrix_A_2b1(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      sample_vector_cbd_then_ntt_b11(uu____2, copy_of_prf_input0, 0U);
+      sample_vector_cbd_then_ntt_3b1(uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input, domain_separator)
+      sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compute_As_plus_e_c71(public_key->t_as_ntt, public_key->A,
-                        private_key->secret_as_ntt, error_as_ntt);
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  compute_As_plus_e_1b(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
-  core_result_Result_00 dst;
+  core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  core_result_unwrap_26_33(dst, uu____5);
+  core_result_unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -8080,18 +8145,18 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50(
+static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_15(
     Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91();
-  IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11();
-  generate_keypair_unpacked_e91(key_generation_seed, &private_key, &public_key);
+  IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_1b();
+  IndCpaPublicKeyUnpacked_a0 public_key = default_8d_1b();
+  generate_keypair_unpacked_1c1(key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  serialize_public_key_071(
+  serialize_public_key_6c(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_5a1(private_key.secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_89(private_key.secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -8100,12 +8165,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -8115,7 +8180,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_b0(
+static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -8141,7 +8206,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b0(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  H_f1_d51(public_key, ret0);
+  H_f1_e0(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -8171,7 +8236,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -8180,13 +8245,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      generate_keypair_50(ind_cpa_keypair_randomness);
+      generate_keypair_15(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  serialize_kem_secret_key_b0(
+  serialize_kem_secret_key_d6(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -8194,14 +8259,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[2400U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
+      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee0(
-      uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_74(
+      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
 }
 
 /**
@@ -8214,7 +8279,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void entropy_preprocess_d8_a9(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness,
                                                      uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8231,11 +8296,11 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_b00
-sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
+static KRML_MUSTINLINE tuple_230
+sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  error_1[i] = ZERO_ef_1b(););
+                  error_1[i] = ZERO_ef_8c(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -8243,28 +8308,30 @@ sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
   uint8_t prf_outputs[3U][128U];
-  PRFxN_f1_132(prf_inputs, prf_outputs);
+  PRFxN_f1_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 =
-          sample_from_binomial_distribution_6b(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 =
+          sample_from_binomial_distribution_a0(
               Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
       error_1[i0] = uu____1;);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[3U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b00 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_230 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -8277,9 +8344,9 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void PRF_f1_9f4(Eurydice_slice input,
+static KRML_MUSTINLINE void PRF_f1_410(Eurydice_slice input,
                                        uint8_t ret[128U]) {
-  PRF_f70(input, ret);
+  PRF_a6(input, ret);
 }
 
 /**
@@ -8288,18 +8355,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void invert_ntt_montgomery_551(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void invert_ntt_montgomery_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_08(&zeta_i, re);
-  invert_ntt_at_layer_2_91(&zeta_i, re);
-  invert_ntt_at_layer_3_41(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_17(re);
+  invert_ntt_at_layer_1_8c(&zeta_i, re);
+  invert_ntt_at_layer_2_8c(&zeta_i, re);
+  invert_ntt_at_layer_3_8c(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -8308,46 +8375,42 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void compute_vector_u_b81(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U];
+static KRML_MUSTINLINE void compute_vector_u_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  result0[i] = ZERO_ef_1b(););
+                  result[i] = ZERO_ef_8c(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)3U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)3U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
-      add_to_ring_element_ef_5d1(&result0[i1], &product);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+      add_to_ring_element_ef_1b(&result[i1], &product);
     }
-    invert_ntt_montgomery_551(&result0[i1]);
-    add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
+    invert_ntt_montgomery_1b(&result[i1]);
+    add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, result0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -8356,19 +8419,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_1e1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+compute_ring_element_v_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
-                  add_to_ring_element_ef_5d1(&result, &product););
-  invert_ntt_montgomery_551(&result);
-  result = add_message_error_reduce_ef_21(error_2, message, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+                      ntt_multiply_ef_8c(&t_as_ntt[i0], &r_as_ntt[i0]);
+                  add_to_ring_element_ef_1b(&result, &product););
+  invert_ntt_montgomery_1b(&result);
+  result = add_message_error_reduce_ef_8c(error_2, message, result);
   return result;
 }
 
@@ -8381,23 +8444,23 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static void compress_then_serialize_u_cd1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
+static void compress_then_serialize_u_43(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    compress_then_serialize_ring_element_u_b50(&re, ret);
+    compress_then_serialize_ring_element_u_fe(&re, ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
   }
@@ -8421,59 +8484,59 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key,
+static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key,
                                  uint8_t message[32U],
                                  Eurydice_slice randomness,
                                  uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____1 =
-      sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
+  tuple_230 uu____1 =
+      sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input0, 0U);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____3 =
-      sample_ring_element_cbd_7f1(copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
+  tuple_230 uu____3 =
+      sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  PRF_f1_9f4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
+  PRF_f1_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 =
-      sample_from_binomial_distribution_6b(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 =
+      sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
-  compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
+  compute_vector_u_1b(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      deserialize_then_decompress_message_e3(copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      compute_ring_element_v_1e1(public_key->t_as_ntt, r_as_ntt, &error_2,
-                                 &message_as_ring_element);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
+      deserialize_then_decompress_message_8c(copy_of_message);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      compute_ring_element_v_1b(public_key->t_as_ntt, r_as_ntt, &error_2,
+                                &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
   memcpy(
       uu____5, u,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  compress_then_serialize_u_cd1(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  compress_then_serialize_ring_element_v_cf0(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
+  compress_then_serialize_ring_element_v_ff0(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -8497,26 +8560,26 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_2a(Eurydice_slice public_key, uint8_t message[32U],
                        Eurydice_slice randomness, uint8_t ret[1088U]) {
-  IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11();
-  deserialize_ring_elements_reduced_da1(
+  IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_1b();
+  deserialize_ring_elements_reduced_1b(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed, ret0);
-  sample_matrix_A_0d1(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key;
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  sample_matrix_A_2b1(uu____0, ret0, false);
+  IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  encrypt_unpacked_c31(uu____1, copy_of_message, randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  encrypt_unpacked_2a1(uu____1, copy_of_message, randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -8530,7 +8593,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void kdf_d8_b7(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_d6(Eurydice_slice shared_secret,
                                       uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8557,27 +8620,27 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  entropy_preprocess_d8_a9(
+  entropy_preprocess_d8_9c(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  H_f1_d51(Eurydice_array_to_slice(
-               (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key),
-               uint8_t),
-           ret);
+  H_f1_e0(Eurydice_array_to_slice(
+              (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key),
+              uint8_t),
+          ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  G_f1_871(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
+  G_f1_e0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -8585,25 +8648,25 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  encrypt_4b(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+  encrypt_2a(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_451(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  kdf_d8_b7(shared_secret, shared_secret_array);
+  kdf_d8_d6(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -8615,12 +8678,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void deserialize_secret_key_12(
+static KRML_MUSTINLINE void deserialize_secret_key_1b(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_1b(););
+                  secret_as_ntt[i] = ZERO_ef_8c(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -8631,17 +8694,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_12(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        deserialize_to_uncompressed_ring_element_07(secret_bytes);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        deserialize_to_uncompressed_ring_element_8c(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -8652,12 +8711,12 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_6c(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_1b(););
+                  u_as_ntt[i] = ZERO_ef_8c(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
@@ -8675,12 +8734,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1(
             LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
                 (size_t)10U / (size_t)8U,
         uint8_t);
-    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes);
-    ntt_vector_u_2c0(&u_as_ntt[i0]);
+    u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0a(u_bytes);
+    ntt_vector_u_0a(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -8689,18 +8748,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_821(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+compute_message_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-                      ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
-                  add_to_ring_element_ef_5d1(&result, &product););
-  invert_ntt_montgomery_551(&result);
-  result = subtract_reduce_ef_92(v, result);
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+                      ntt_multiply_ef_8c(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                  add_to_ring_element_ef_1b(&result, &product););
+  invert_ntt_montgomery_1b(&result);
+  result = subtract_reduce_ef_8c(v, result);
   return result;
 }
 
@@ -8714,18 +8773,18 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_unpacked_c91(IndCpaPrivateKeyUnpacked_f8 *secret_key,
-                                 uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
-  deserialize_then_decompress_u_bb1(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      deserialize_then_decompress_ring_element_v_ce0(
+static void decrypt_unpacked_42(IndCpaPrivateKeyUnpacked_a0 *secret_key,
+                                uint8_t *ciphertext, uint8_t ret[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
+  deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      deserialize_then_decompress_ring_element_v_d0(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      compute_message_821(&v, secret_key->secret_as_ntt, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
+      compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_15(message, ret0);
+  compress_then_serialize_message_8c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -8739,22 +8798,22 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext,
                        uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-  deserialize_secret_key_12(secret_key, secret_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
+  deserialize_secret_key_1b(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  decrypt_unpacked_c91(&secret_key_unpacked, ciphertext, result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  uint8_t ret0[32U];
+  decrypt_unpacked_42(&secret_key_unpacked, ciphertext, ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -8767,8 +8826,8 @@ with const generics
 - K= 3
 - LEN= 32
 */
-static KRML_MUSTINLINE void PRF_f1_9f3(Eurydice_slice input, uint8_t ret[32U]) {
-  PRF_f7(input, ret);
+static KRML_MUSTINLINE void PRF_f1_41(Eurydice_slice input, uint8_t ret[32U]) {
+  PRF_9e(input, ret);
 }
 
 /**
@@ -8793,8 +8852,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-void libcrux_ml_kem_ind_cca_decapsulate_19(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+void libcrux_ml_kem_ind_cca_decapsulate_62(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
@@ -8811,9 +8870,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_19(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  decrypt_dc(ind_cpa_secret_key, ciphertext->value, decrypted);
+  decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -8821,7 +8880,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  G_f1_871(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
+  G_f1_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
@@ -8829,30 +8888,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_19(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
-             implicit_rejection_shared_secret0);
+  PRF_f1_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
+            implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_4b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_2a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  kdf_d8_b7(Eurydice_array_to_slice((size_t)32U,
+  kdf_d8_d6(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  kdf_d8_b7(shared_secret0, shared_secret1);
+  kdf_d8_d6(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index e36fc4ae2..ad2c41c1f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem_portable_H
@@ -74,6 +74,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_11(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[22U]);
 
+void libcrux_ml_kem_vector_portable_serialize_11(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[22U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -99,6 +103,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes);
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -421,8 +428,7 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
 void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
-    size_t i, size_t j,
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector *out);
+    size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out);
 
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
@@ -444,6 +450,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[2U]);
 
+void libcrux_ml_kem_vector_portable_serialize_1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[2U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -455,6 +465,9 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v);
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -476,6 +489,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[8U]);
 
+void libcrux_ml_kem_vector_portable_serialize_4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[8U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -490,6 +507,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes);
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -512,6 +532,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_5(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[10U]);
 
+void libcrux_ml_kem_vector_portable_serialize_5(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[10U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -526,6 +550,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes);
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -540,6 +567,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_10(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[20U]);
 
+void libcrux_ml_kem_vector_portable_serialize_10(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[20U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -554,6 +585,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes);
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -574,6 +608,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_12(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
     uint8_t ret[24U]);
 
+void libcrux_ml_kem_vector_portable_serialize_12(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[24U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -593,6 +631,9 @@ int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes);
 
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 09a7923b5..8e5562ecc 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_sha3_H
@@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e4(buf0, buf);
+  libcrux_sha3_portable_keccakx1_96(buf0, buf);
 }
 
 /**
@@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e40(buf0, buf);
+  libcrux_sha3_portable_keccakx1_ad(buf0, buf);
 }
 
 /**
@@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256(
     Eurydice_slice digest, Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e41(buf0, buf);
+  libcrux_sha3_portable_keccakx1_ad0(buf0, buf);
 }
 
 /**
@@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e42(buf0, buf);
+  libcrux_sha3_portable_keccakx1_1e(buf0, buf);
 }
 
 /**
@@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e43(buf0, buf);
+  libcrux_sha3_portable_keccakx1_7c(buf0, buf);
 }
 
 /**
@@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128(
     Eurydice_slice digest, Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e44(buf0, buf);
+  libcrux_sha3_portable_keccakx1_c6(buf0, buf);
 }
 
 /**
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 49d6623c3..9d800b385 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "internal/libcrux_sha3_avx2.h"
@@ -46,14 +46,14 @@ with const generics
 - LEFT= 1
 - RIGHT= 63
 */
-static KRML_MUSTINLINE __m256i rotate_left_21(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_76(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i),
                          mm256_srli_epi64((int32_t)63, x, __m256i));
 }
 
 static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) {
   __m256i uu____0 = a;
-  return mm256_xor_si256(uu____0, rotate_left_21(b));
+  return mm256_xor_si256(uu____0, rotate_left_76(b));
 }
 
 /**
@@ -175,9 +175,9 @@ with types core_core_arch_x86___m256i
 with const generics
 - N= 4
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29
-new_89_71(void) {
-  libcrux_sha3_generic_keccak_KeccakState_29 lit;
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_55
+new_89_a6(void) {
+  libcrux_sha3_generic_keccak_KeccakState_55 lit;
   lit.st[0U][0U] = zero_ef();
   lit.st[0U][1U] = zero_ef();
   lit.st[0U][2U] = zero_ef();
@@ -211,7 +211,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void load_block_fe(__m256i (*s)[5U],
+static KRML_MUSTINLINE void load_block_5b(__m256i (*s)[5U],
                                           Eurydice_slice blocks[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) {
     size_t i0 = i;
@@ -331,13 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void load_block_ef_d4(__m256i (*a)[5U],
+static KRML_MUSTINLINE void load_block_ef_5b(__m256i (*a)[5U],
                                              Eurydice_slice b[4U]) {
   __m256i(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[4U];
   memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice));
-  load_block_fe(uu____0, copy_of_b);
+  load_block_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -346,7 +346,7 @@ with const generics
 - LEFT= 36
 - RIGHT= 28
 */
-static KRML_MUSTINLINE __m256i rotate_left_210(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_02(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i),
                          mm256_srli_epi64((int32_t)28, x, __m256i));
 }
@@ -357,9 +357,9 @@ with const generics
 - LEFT= 36
 - RIGHT= 28
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_13(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_02(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_210(ab);
+  return rotate_left_02(ab);
 }
 
 /**
@@ -372,8 +372,8 @@ with const generics
 - LEFT= 36
 - RIGHT= 28
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c(__m256i a, __m256i b) {
-  return _vxarq_u64_13(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_02(__m256i a, __m256i b) {
+  return _vxarq_u64_02(a, b);
 }
 
 /**
@@ -382,7 +382,7 @@ with const generics
 - LEFT= 3
 - RIGHT= 61
 */
-static KRML_MUSTINLINE __m256i rotate_left_211(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_ac(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i),
                          mm256_srli_epi64((int32_t)61, x, __m256i));
 }
@@ -393,9 +393,9 @@ with const generics
 - LEFT= 3
 - RIGHT= 61
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_130(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_ac(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_211(ab);
+  return rotate_left_ac(ab);
 }
 
 /**
@@ -408,8 +408,8 @@ with const generics
 - LEFT= 3
 - RIGHT= 61
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c0(__m256i a, __m256i b) {
-  return _vxarq_u64_130(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_ac(__m256i a, __m256i b) {
+  return _vxarq_u64_ac(a, b);
 }
 
 /**
@@ -418,7 +418,7 @@ with const generics
 - LEFT= 41
 - RIGHT= 23
 */
-static KRML_MUSTINLINE __m256i rotate_left_212(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_020(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i),
                          mm256_srli_epi64((int32_t)23, x, __m256i));
 }
@@ -429,9 +429,9 @@ with const generics
 - LEFT= 41
 - RIGHT= 23
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_131(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_020(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_212(ab);
+  return rotate_left_020(ab);
 }
 
 /**
@@ -444,8 +444,8 @@ with const generics
 - LEFT= 41
 - RIGHT= 23
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c1(__m256i a, __m256i b) {
-  return _vxarq_u64_131(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_020(__m256i a, __m256i b) {
+  return _vxarq_u64_020(a, b);
 }
 
 /**
@@ -454,7 +454,7 @@ with const generics
 - LEFT= 18
 - RIGHT= 46
 */
-static KRML_MUSTINLINE __m256i rotate_left_213(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_a9(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i),
                          mm256_srli_epi64((int32_t)46, x, __m256i));
 }
@@ -465,9 +465,9 @@ with const generics
 - LEFT= 18
 - RIGHT= 46
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_132(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_a9(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_213(ab);
+  return rotate_left_a9(ab);
 }
 
 /**
@@ -480,8 +480,8 @@ with const generics
 - LEFT= 18
 - RIGHT= 46
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c2(__m256i a, __m256i b) {
-  return _vxarq_u64_132(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_a9(__m256i a, __m256i b) {
+  return _vxarq_u64_a9(a, b);
 }
 
 /**
@@ -490,9 +490,9 @@ with const generics
 - LEFT= 1
 - RIGHT= 63
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_133(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_76(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_21(ab);
+  return rotate_left_76(ab);
 }
 
 /**
@@ -505,8 +505,8 @@ with const generics
 - LEFT= 1
 - RIGHT= 63
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c3(__m256i a, __m256i b) {
-  return _vxarq_u64_133(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_76(__m256i a, __m256i b) {
+  return _vxarq_u64_76(a, b);
 }
 
 /**
@@ -515,7 +515,7 @@ with const generics
 - LEFT= 44
 - RIGHT= 20
 */
-static KRML_MUSTINLINE __m256i rotate_left_214(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i),
                          mm256_srli_epi64((int32_t)20, x, __m256i));
 }
@@ -526,9 +526,9 @@ with const generics
 - LEFT= 44
 - RIGHT= 20
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_134(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_58(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_214(ab);
+  return rotate_left_58(ab);
 }
 
 /**
@@ -541,8 +541,8 @@ with const generics
 - LEFT= 44
 - RIGHT= 20
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c4(__m256i a, __m256i b) {
-  return _vxarq_u64_134(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_58(__m256i a, __m256i b) {
+  return _vxarq_u64_58(a, b);
 }
 
 /**
@@ -551,7 +551,7 @@ with const generics
 - LEFT= 10
 - RIGHT= 54
 */
-static KRML_MUSTINLINE __m256i rotate_left_215(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_e0(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i),
                          mm256_srli_epi64((int32_t)54, x, __m256i));
 }
@@ -562,9 +562,9 @@ with const generics
 - LEFT= 10
 - RIGHT= 54
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_135(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_e0(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_215(ab);
+  return rotate_left_e0(ab);
 }
 
 /**
@@ -577,8 +577,8 @@ with const generics
 - LEFT= 10
 - RIGHT= 54
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c5(__m256i a, __m256i b) {
-  return _vxarq_u64_135(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_e0(__m256i a, __m256i b) {
+  return _vxarq_u64_e0(a, b);
 }
 
 /**
@@ -587,7 +587,7 @@ with const generics
 - LEFT= 45
 - RIGHT= 19
 */
-static KRML_MUSTINLINE __m256i rotate_left_216(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_63(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i),
                          mm256_srli_epi64((int32_t)19, x, __m256i));
 }
@@ -598,9 +598,9 @@ with const generics
 - LEFT= 45
 - RIGHT= 19
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_136(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_63(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_216(ab);
+  return rotate_left_63(ab);
 }
 
 /**
@@ -613,8 +613,8 @@ with const generics
 - LEFT= 45
 - RIGHT= 19
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c6(__m256i a, __m256i b) {
-  return _vxarq_u64_136(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_63(__m256i a, __m256i b) {
+  return _vxarq_u64_63(a, b);
 }
 
 /**
@@ -623,7 +623,7 @@ with const generics
 - LEFT= 2
 - RIGHT= 62
 */
-static KRML_MUSTINLINE __m256i rotate_left_217(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_6a(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i),
                          mm256_srli_epi64((int32_t)62, x, __m256i));
 }
@@ -634,9 +634,9 @@ with const generics
 - LEFT= 2
 - RIGHT= 62
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_137(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_6a(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_217(ab);
+  return rotate_left_6a(ab);
 }
 
 /**
@@ -649,8 +649,8 @@ with const generics
 - LEFT= 2
 - RIGHT= 62
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c7(__m256i a, __m256i b) {
-  return _vxarq_u64_137(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_6a(__m256i a, __m256i b) {
+  return _vxarq_u64_6a(a, b);
 }
 
 /**
@@ -659,7 +659,7 @@ with const generics
 - LEFT= 62
 - RIGHT= 2
 */
-static KRML_MUSTINLINE __m256i rotate_left_218(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_ab(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i),
                          mm256_srli_epi64((int32_t)2, x, __m256i));
 }
@@ -670,9 +670,9 @@ with const generics
 - LEFT= 62
 - RIGHT= 2
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_138(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_ab(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_218(ab);
+  return rotate_left_ab(ab);
 }
 
 /**
@@ -685,8 +685,8 @@ with const generics
 - LEFT= 62
 - RIGHT= 2
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c8(__m256i a, __m256i b) {
-  return _vxarq_u64_138(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_ab(__m256i a, __m256i b) {
+  return _vxarq_u64_ab(a, b);
 }
 
 /**
@@ -695,7 +695,7 @@ with const generics
 - LEFT= 6
 - RIGHT= 58
 */
-static KRML_MUSTINLINE __m256i rotate_left_219(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_5b(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i),
                          mm256_srli_epi64((int32_t)58, x, __m256i));
 }
@@ -706,9 +706,9 @@ with const generics
 - LEFT= 6
 - RIGHT= 58
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_139(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_5b(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_219(ab);
+  return rotate_left_5b(ab);
 }
 
 /**
@@ -721,8 +721,8 @@ with const generics
 - LEFT= 6
 - RIGHT= 58
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c9(__m256i a, __m256i b) {
-  return _vxarq_u64_139(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5b(__m256i a, __m256i b) {
+  return _vxarq_u64_5b(a, b);
 }
 
 /**
@@ -731,7 +731,7 @@ with const generics
 - LEFT= 43
 - RIGHT= 21
 */
-static KRML_MUSTINLINE __m256i rotate_left_2110(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_6f(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i),
                          mm256_srli_epi64((int32_t)21, x, __m256i));
 }
@@ -742,9 +742,9 @@ with const generics
 - LEFT= 43
 - RIGHT= 21
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1310(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_6f(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2110(ab);
+  return rotate_left_6f(ab);
 }
 
 /**
@@ -757,8 +757,8 @@ with const generics
 - LEFT= 43
 - RIGHT= 21
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c10(__m256i a, __m256i b) {
-  return _vxarq_u64_1310(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_6f(__m256i a, __m256i b) {
+  return _vxarq_u64_6f(a, b);
 }
 
 /**
@@ -767,7 +767,7 @@ with const generics
 - LEFT= 15
 - RIGHT= 49
 */
-static KRML_MUSTINLINE __m256i rotate_left_2111(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_62(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i),
                          mm256_srli_epi64((int32_t)49, x, __m256i));
 }
@@ -778,9 +778,9 @@ with const generics
 - LEFT= 15
 - RIGHT= 49
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1311(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_62(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2111(ab);
+  return rotate_left_62(ab);
 }
 
 /**
@@ -793,8 +793,8 @@ with const generics
 - LEFT= 15
 - RIGHT= 49
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c11(__m256i a, __m256i b) {
-  return _vxarq_u64_1311(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_62(__m256i a, __m256i b) {
+  return _vxarq_u64_62(a, b);
 }
 
 /**
@@ -803,7 +803,7 @@ with const generics
 - LEFT= 61
 - RIGHT= 3
 */
-static KRML_MUSTINLINE __m256i rotate_left_2112(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_23(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i),
                          mm256_srli_epi64((int32_t)3, x, __m256i));
 }
@@ -814,9 +814,9 @@ with const generics
 - LEFT= 61
 - RIGHT= 3
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1312(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_23(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2112(ab);
+  return rotate_left_23(ab);
 }
 
 /**
@@ -829,8 +829,8 @@ with const generics
 - LEFT= 61
 - RIGHT= 3
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c12(__m256i a, __m256i b) {
-  return _vxarq_u64_1312(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_23(__m256i a, __m256i b) {
+  return _vxarq_u64_23(a, b);
 }
 
 /**
@@ -839,7 +839,7 @@ with const generics
 - LEFT= 28
 - RIGHT= 36
 */
-static KRML_MUSTINLINE __m256i rotate_left_2113(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_37(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i),
                          mm256_srli_epi64((int32_t)36, x, __m256i));
 }
@@ -850,9 +850,9 @@ with const generics
 - LEFT= 28
 - RIGHT= 36
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1313(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_37(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2113(ab);
+  return rotate_left_37(ab);
 }
 
 /**
@@ -865,8 +865,8 @@ with const generics
 - LEFT= 28
 - RIGHT= 36
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c13(__m256i a, __m256i b) {
-  return _vxarq_u64_1313(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_37(__m256i a, __m256i b) {
+  return _vxarq_u64_37(a, b);
 }
 
 /**
@@ -875,7 +875,7 @@ with const generics
 - LEFT= 55
 - RIGHT= 9
 */
-static KRML_MUSTINLINE __m256i rotate_left_2114(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_bb(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i),
                          mm256_srli_epi64((int32_t)9, x, __m256i));
 }
@@ -886,9 +886,9 @@ with const generics
 - LEFT= 55
 - RIGHT= 9
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1314(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_bb(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2114(ab);
+  return rotate_left_bb(ab);
 }
 
 /**
@@ -901,8 +901,8 @@ with const generics
 - LEFT= 55
 - RIGHT= 9
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c14(__m256i a, __m256i b) {
-  return _vxarq_u64_1314(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_bb(__m256i a, __m256i b) {
+  return _vxarq_u64_bb(a, b);
 }
 
 /**
@@ -911,7 +911,7 @@ with const generics
 - LEFT= 25
 - RIGHT= 39
 */
-static KRML_MUSTINLINE __m256i rotate_left_2115(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_b9(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i),
                          mm256_srli_epi64((int32_t)39, x, __m256i));
 }
@@ -922,9 +922,9 @@ with const generics
 - LEFT= 25
 - RIGHT= 39
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1315(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_b9(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2115(ab);
+  return rotate_left_b9(ab);
 }
 
 /**
@@ -937,8 +937,8 @@ with const generics
 - LEFT= 25
 - RIGHT= 39
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c15(__m256i a, __m256i b) {
-  return _vxarq_u64_1315(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_b9(__m256i a, __m256i b) {
+  return _vxarq_u64_b9(a, b);
 }
 
 /**
@@ -947,7 +947,7 @@ with const generics
 - LEFT= 21
 - RIGHT= 43
 */
-static KRML_MUSTINLINE __m256i rotate_left_2116(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_54(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i),
                          mm256_srli_epi64((int32_t)43, x, __m256i));
 }
@@ -958,9 +958,9 @@ with const generics
 - LEFT= 21
 - RIGHT= 43
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1316(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_54(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2116(ab);
+  return rotate_left_54(ab);
 }
 
 /**
@@ -973,8 +973,8 @@ with const generics
 - LEFT= 21
 - RIGHT= 43
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c16(__m256i a, __m256i b) {
-  return _vxarq_u64_1316(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_54(__m256i a, __m256i b) {
+  return _vxarq_u64_54(a, b);
 }
 
 /**
@@ -983,7 +983,7 @@ with const generics
 - LEFT= 56
 - RIGHT= 8
 */
-static KRML_MUSTINLINE __m256i rotate_left_2117(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_4c(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i),
                          mm256_srli_epi64((int32_t)8, x, __m256i));
 }
@@ -994,9 +994,9 @@ with const generics
 - LEFT= 56
 - RIGHT= 8
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1317(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_4c(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2117(ab);
+  return rotate_left_4c(ab);
 }
 
 /**
@@ -1009,8 +1009,8 @@ with const generics
 - LEFT= 56
 - RIGHT= 8
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c17(__m256i a, __m256i b) {
-  return _vxarq_u64_1317(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_4c(__m256i a, __m256i b) {
+  return _vxarq_u64_4c(a, b);
 }
 
 /**
@@ -1019,7 +1019,7 @@ with const generics
 - LEFT= 27
 - RIGHT= 37
 */
-static KRML_MUSTINLINE __m256i rotate_left_2118(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_ce(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i),
                          mm256_srli_epi64((int32_t)37, x, __m256i));
 }
@@ -1030,9 +1030,9 @@ with const generics
 - LEFT= 27
 - RIGHT= 37
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1318(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_ce(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2118(ab);
+  return rotate_left_ce(ab);
 }
 
 /**
@@ -1045,8 +1045,8 @@ with const generics
 - LEFT= 27
 - RIGHT= 37
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c18(__m256i a, __m256i b) {
-  return _vxarq_u64_1318(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_ce(__m256i a, __m256i b) {
+  return _vxarq_u64_ce(a, b);
 }
 
 /**
@@ -1055,7 +1055,7 @@ with const generics
 - LEFT= 20
 - RIGHT= 44
 */
-static KRML_MUSTINLINE __m256i rotate_left_2119(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_77(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i),
                          mm256_srli_epi64((int32_t)44, x, __m256i));
 }
@@ -1066,9 +1066,9 @@ with const generics
 - LEFT= 20
 - RIGHT= 44
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1319(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_77(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2119(ab);
+  return rotate_left_77(ab);
 }
 
 /**
@@ -1081,8 +1081,8 @@ with const generics
 - LEFT= 20
 - RIGHT= 44
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c19(__m256i a, __m256i b) {
-  return _vxarq_u64_1319(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_77(__m256i a, __m256i b) {
+  return _vxarq_u64_77(a, b);
 }
 
 /**
@@ -1091,7 +1091,7 @@ with const generics
 - LEFT= 39
 - RIGHT= 25
 */
-static KRML_MUSTINLINE __m256i rotate_left_2120(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_25(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i),
                          mm256_srli_epi64((int32_t)25, x, __m256i));
 }
@@ -1102,9 +1102,9 @@ with const generics
 - LEFT= 39
 - RIGHT= 25
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1320(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_25(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2120(ab);
+  return rotate_left_25(ab);
 }
 
 /**
@@ -1117,8 +1117,8 @@ with const generics
 - LEFT= 39
 - RIGHT= 25
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c20(__m256i a, __m256i b) {
-  return _vxarq_u64_1320(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_25(__m256i a, __m256i b) {
+  return _vxarq_u64_25(a, b);
 }
 
 /**
@@ -1127,7 +1127,7 @@ with const generics
 - LEFT= 8
 - RIGHT= 56
 */
-static KRML_MUSTINLINE __m256i rotate_left_2121(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_af(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i),
                          mm256_srli_epi64((int32_t)56, x, __m256i));
 }
@@ -1138,9 +1138,9 @@ with const generics
 - LEFT= 8
 - RIGHT= 56
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1321(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_af(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2121(ab);
+  return rotate_left_af(ab);
 }
 
 /**
@@ -1153,8 +1153,8 @@ with const generics
 - LEFT= 8
 - RIGHT= 56
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c21(__m256i a, __m256i b) {
-  return _vxarq_u64_1321(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_af(__m256i a, __m256i b) {
+  return _vxarq_u64_af(a, b);
 }
 
 /**
@@ -1163,7 +1163,7 @@ with const generics
 - LEFT= 14
 - RIGHT= 50
 */
-static KRML_MUSTINLINE __m256i rotate_left_2122(__m256i x) {
+static KRML_MUSTINLINE __m256i rotate_left_fd(__m256i x) {
   return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i),
                          mm256_srli_epi64((int32_t)50, x, __m256i));
 }
@@ -1174,9 +1174,9 @@ with const generics
 - LEFT= 14
 - RIGHT= 50
 */
-static KRML_MUSTINLINE __m256i _vxarq_u64_1322(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i _vxarq_u64_fd(__m256i a, __m256i b) {
   __m256i ab = mm256_xor_si256(a, b);
-  return rotate_left_2122(ab);
+  return rotate_left_fd(ab);
 }
 
 /**
@@ -1189,8 +1189,8 @@ with const generics
 - LEFT= 14
 - RIGHT= 50
 */
-static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c22(__m256i a, __m256i b) {
-  return _vxarq_u64_1322(a, b);
+static KRML_MUSTINLINE __m256i xor_and_rotate_ef_fd(__m256i a, __m256i b) {
+  return _vxarq_u64_fd(a, b);
 }
 
 /**
@@ -1199,8 +1199,8 @@ with types core_core_arch_x86___m256i
 with const generics
 - N= 4
 */
-static KRML_MUSTINLINE void theta_rho_1b(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void theta_rho_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U],
                            s->st[3U][0U], s->st[4U][0U]),
                    xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U],
@@ -1228,30 +1228,30 @@ static KRML_MUSTINLINE void theta_rho_1b(
       rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U],
                               c[((size_t)4U + (size_t)1U) % (size_t)5U])};
   s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]);
-  s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]);
-  s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]);
-  s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]);
-  s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]);
-  s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]);
-  s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]);
-  s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]);
-  s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]);
-  s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]);
-  s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]);
-  s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]);
-  s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]);
-  s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]);
-  s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]);
-  s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]);
-  s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]);
-  s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]);
-  s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]);
-  s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]);
-  s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]);
-  s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]);
-  s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]);
-  s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]);
-  __m256i uu____27 = xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]);
+  s->st[1U][0U] = xor_and_rotate_ef_02(s->st[1U][0U], t[0U]);
+  s->st[2U][0U] = xor_and_rotate_ef_ac(s->st[2U][0U], t[0U]);
+  s->st[3U][0U] = xor_and_rotate_ef_020(s->st[3U][0U], t[0U]);
+  s->st[4U][0U] = xor_and_rotate_ef_a9(s->st[4U][0U], t[0U]);
+  s->st[0U][1U] = xor_and_rotate_ef_76(s->st[0U][1U], t[1U]);
+  s->st[1U][1U] = xor_and_rotate_ef_58(s->st[1U][1U], t[1U]);
+  s->st[2U][1U] = xor_and_rotate_ef_e0(s->st[2U][1U], t[1U]);
+  s->st[3U][1U] = xor_and_rotate_ef_63(s->st[3U][1U], t[1U]);
+  s->st[4U][1U] = xor_and_rotate_ef_6a(s->st[4U][1U], t[1U]);
+  s->st[0U][2U] = xor_and_rotate_ef_ab(s->st[0U][2U], t[2U]);
+  s->st[1U][2U] = xor_and_rotate_ef_5b(s->st[1U][2U], t[2U]);
+  s->st[2U][2U] = xor_and_rotate_ef_6f(s->st[2U][2U], t[2U]);
+  s->st[3U][2U] = xor_and_rotate_ef_62(s->st[3U][2U], t[2U]);
+  s->st[4U][2U] = xor_and_rotate_ef_23(s->st[4U][2U], t[2U]);
+  s->st[0U][3U] = xor_and_rotate_ef_37(s->st[0U][3U], t[3U]);
+  s->st[1U][3U] = xor_and_rotate_ef_bb(s->st[1U][3U], t[3U]);
+  s->st[2U][3U] = xor_and_rotate_ef_b9(s->st[2U][3U], t[3U]);
+  s->st[3U][3U] = xor_and_rotate_ef_54(s->st[3U][3U], t[3U]);
+  s->st[4U][3U] = xor_and_rotate_ef_4c(s->st[4U][3U], t[3U]);
+  s->st[0U][4U] = xor_and_rotate_ef_ce(s->st[0U][4U], t[4U]);
+  s->st[1U][4U] = xor_and_rotate_ef_77(s->st[1U][4U], t[4U]);
+  s->st[2U][4U] = xor_and_rotate_ef_25(s->st[2U][4U], t[4U]);
+  s->st[3U][4U] = xor_and_rotate_ef_af(s->st[3U][4U], t[4U]);
+  __m256i uu____27 = xor_and_rotate_ef_fd(s->st[4U][4U], t[4U]);
   s->st[4U][4U] = uu____27;
 }
 
@@ -1261,8 +1261,8 @@ with types core_core_arch_x86___m256i
 with const generics
 - N= 4
 */
-static KRML_MUSTINLINE void pi_70(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void pi_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   __m256i old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U]));
   s->st[0U][1U] = old[1U][1U];
@@ -1297,8 +1297,8 @@ with types core_core_arch_x86___m256i
 with const generics
 - N= 4
 */
-static KRML_MUSTINLINE void chi_12(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void chi_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   __m256i old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U]));
   KRML_MAYBE_FOR5(
@@ -1315,8 +1315,8 @@ with types core_core_arch_x86___m256i
 with const generics
 - N= 4
 */
-static KRML_MUSTINLINE void iota_fe(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) {
+static KRML_MUSTINLINE void iota_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, size_t i) {
   s->st[0U][0U] = xor_constant_ef(
       s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
 }
@@ -1327,14 +1327,14 @@ with types core_core_arch_x86___m256i
 with const generics
 - N= 4
 */
-static KRML_MUSTINLINE void keccakf1600_cd(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void keccakf1600_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
     size_t i0 = i;
-    theta_rho_1b(s);
-    pi_70(s);
-    chi_12(s);
-    iota_fe(s, i0);
+    theta_rho_a6(s);
+    pi_a6(s);
+    chi_a6(s);
+    iota_a6(s, i0);
   }
 }
 
@@ -1345,13 +1345,13 @@ with const generics
 - N= 4
 - RATE= 136
 */
-static KRML_MUSTINLINE void absorb_block_32(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) {
+static KRML_MUSTINLINE void absorb_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice blocks[4U]) {
   __m256i(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[4U];
   memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice));
-  load_block_ef_d4(uu____0, uu____1);
-  keccakf1600_cd(s);
+  load_block_ef_5b(uu____0, uu____1);
+  keccakf1600_a6(s);
 }
 
 /**
@@ -1359,14 +1359,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void load_block_full_1d(__m256i (*s)[5U],
+static KRML_MUSTINLINE void load_block_full_5b(__m256i (*s)[5U],
                                                uint8_t blocks[4U][200U]) {
   Eurydice_slice buf[4U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)};
-  load_block_fe(s, buf);
+  load_block_5b(s, buf);
 }
 
 /**
@@ -1378,13 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void load_block_full_ef_e6(__m256i (*a)[5U],
+static KRML_MUSTINLINE void load_block_full_ef_5b(__m256i (*a)[5U],
                                                   uint8_t b[4U][200U]) {
   __m256i(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[4U][200U];
   memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U]));
-  load_block_full_1d(uu____0, copy_of_b);
+  load_block_full_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -1395,8 +1395,8 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) {
+static KRML_MUSTINLINE void absorb_final_fb(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[4U][200U] = {{0U}};
   KRML_MAYBE_FOR4(
@@ -1411,8 +1411,8 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f(
   __m256i(*uu____3)[5U] = s->st;
   uint8_t uu____4[4U][200U];
   memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U]));
-  load_block_full_ef_e6(uu____3, uu____4);
-  keccakf1600_cd(s);
+  load_block_full_ef_5b(uu____3, uu____4);
+  keccakf1600_a6(s);
 }
 
 /**
@@ -1420,7 +1420,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void store_block_78(__m256i (*s)[5U],
+static KRML_MUSTINLINE void store_block_5b(__m256i (*s)[5U],
                                            Eurydice_slice out[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) {
     size_t i0 = i;
@@ -1542,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U],
+static KRML_MUSTINLINE void store_block_full_5b(__m256i (*s)[5U],
                                                 uint8_t ret[4U][200U]) {
   uint8_t out0[200U] = {0U};
   uint8_t out1[200U] = {0U};
@@ -1553,7 +1553,7 @@ static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U],
       Eurydice_array_to_slice((size_t)200U, out1, uint8_t),
       Eurydice_array_to_slice((size_t)200U, out2, uint8_t),
       Eurydice_array_to_slice((size_t)200U, out3, uint8_t)};
-  store_block_78(s, buf);
+  store_block_5b(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out0[200U];
   memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t));
@@ -1580,9 +1580,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void store_block_full_ef_d1(__m256i (*a)[5U],
+static KRML_MUSTINLINE void store_block_full_ef_5b(__m256i (*a)[5U],
                                                    uint8_t ret[4U][200U]) {
-  store_block_full_61(a, ret);
+  store_block_full_5b(a, ret);
 }
 
 /**
@@ -1592,18 +1592,18 @@ with const generics
 - N= 4
 - RATE= 136
 */
-static KRML_MUSTINLINE void squeeze_first_and_last_a8(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
+static KRML_MUSTINLINE void squeeze_first_and_last_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
   uint8_t b[4U][200U];
-  store_block_full_ef_d1(s->st, b);
+  store_block_full_ef_5b(s->st, b);
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0];
-      core_ops_range_Range_b3 lit; lit.start = (size_t)0U;
+      core_ops_range_Range_08 lit; lit.start = (size_t)0U;
       lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy(
           uu____0,
           Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                     core_ops_range_Range_b3),
+                                     core_ops_range_Range_08),
           uint8_t););
 }
 
@@ -1616,9 +1616,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void store_block_ef_e3(__m256i (*a)[5U],
+static KRML_MUSTINLINE void store_block_ef_5b(__m256i (*a)[5U],
                                               Eurydice_slice b[4U]) {
-  store_block_78(a, b);
+  store_block_5b(a, b);
 }
 
 /**
@@ -1628,9 +1628,9 @@ with const generics
 - N= 4
 - RATE= 136
 */
-static KRML_MUSTINLINE void squeeze_first_block_ca(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  store_block_ef_e3(s->st, out);
+static KRML_MUSTINLINE void squeeze_first_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  store_block_ef_5b(s->st, out);
 }
 
 /**
@@ -1640,10 +1640,10 @@ with const generics
 - N= 4
 - RATE= 136
 */
-static KRML_MUSTINLINE void squeeze_next_block_66(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  keccakf1600_cd(s);
-  store_block_ef_e3(s->st, out);
+static KRML_MUSTINLINE void squeeze_next_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  keccakf1600_a6(s);
+  store_block_ef_5b(s->st, out);
 }
 
 /**
@@ -1653,19 +1653,19 @@ with const generics
 - N= 4
 - RATE= 136
 */
-static KRML_MUSTINLINE void squeeze_last_fe(
-    libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) {
-  keccakf1600_cd(&s);
+static KRML_MUSTINLINE void squeeze_last_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 s, Eurydice_slice out[4U]) {
+  keccakf1600_a6(&s);
   uint8_t b[4U][200U];
-  store_block_full_ef_d1(s.st, b);
+  store_block_full_ef_5b(s.st, b);
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0];
-      core_ops_range_Range_b3 lit; lit.start = (size_t)0U;
+      core_ops_range_Range_08 lit; lit.start = (size_t)0U;
       lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy(
           uu____0,
           Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                     core_ops_range_Range_b3),
+                                     core_ops_range_Range_08),
           uint8_t););
 }
 
@@ -1677,34 +1677,34 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U],
+static KRML_MUSTINLINE void keccak_fb(Eurydice_slice data[4U],
                                       Eurydice_slice out[4U]) {
-  libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71();
+  libcrux_sha3_generic_keccak_KeccakState_55 s = new_89_a6();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_55 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[4U];
     memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice));
     Eurydice_slice ret[4U];
     slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret);
-    absorb_block_32(uu____0, ret);
+    absorb_block_97(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
-  libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_55 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[4U];
   memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice ret[4U];
   slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem,
              ret);
-  libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret);
+  absorb_final_fb(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)136U;
   size_t last = outlen - outlen % (size_t)136U;
   if (blocks == (size_t)0U) {
-    squeeze_first_and_last_a8(&s, out);
+    squeeze_first_and_last_97(&s, out);
   } else {
     Eurydice_slice_uint8_t_4size_t__x2 uu____4 =
         split_at_mut_n_ef(out, (size_t)136U);
@@ -1712,15 +1712,15 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U],
     memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice));
     Eurydice_slice o1[4U];
     memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice));
-    squeeze_first_block_ca(&s, o0);
-    core_ops_range_Range_b3 iter =
+    squeeze_first_block_97(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -1730,12 +1730,12 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U],
         memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice));
         Eurydice_slice orest[4U];
         memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice));
-        squeeze_next_block_66(&s, o);
+        squeeze_next_block_97(&s, o);
         memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      squeeze_last_fe(s, o1);
+      squeeze_last_97(s, o1);
     }
   }
 }
@@ -1749,15 +1749,15 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1,
                                    Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  keccak_b9(buf0, buf);
+  keccak_fb(buf0, buf);
 }
 
 /**
  Initialise the [`KeccakState`].
 */
-libcrux_sha3_generic_keccak_KeccakState_29
+libcrux_sha3_generic_keccak_KeccakState_55
 libcrux_sha3_avx2_x4_incremental_init(void) {
-  return new_89_71();
+  return new_89_a6();
 }
 
 /**
@@ -1765,8 +1765,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void load_block_fe0(__m256i (*s)[5U],
-                                           Eurydice_slice blocks[4U]) {
+static KRML_MUSTINLINE void load_block_3a(__m256i (*s)[5U],
+                                          Eurydice_slice blocks[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) {
     size_t i0 = i;
     __m256i v00 = mm256_loadu_si256_u8(
@@ -1881,14 +1881,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void load_block_full_1d0(__m256i (*s)[5U],
-                                                uint8_t blocks[4U][200U]) {
+static KRML_MUSTINLINE void load_block_full_3a(__m256i (*s)[5U],
+                                               uint8_t blocks[4U][200U]) {
   Eurydice_slice buf[4U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)};
-  load_block_fe0(s, buf);
+  load_block_3a(s, buf);
 }
 
 /**
@@ -1900,13 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void load_block_full_ef_e60(__m256i (*a)[5U],
-                                                   uint8_t b[4U][200U]) {
+static KRML_MUSTINLINE void load_block_full_ef_3a(__m256i (*a)[5U],
+                                                  uint8_t b[4U][200U]) {
   __m256i(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[4U][200U];
   memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U]));
-  load_block_full_1d0(uu____0, copy_of_b);
+  load_block_full_3a(uu____0, copy_of_b);
 }
 
 /**
@@ -1917,8 +1917,8 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void absorb_final_7f0(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) {
+static KRML_MUSTINLINE void absorb_final_fb0(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[4U][200U] = {{0U}};
   KRML_MAYBE_FOR4(
@@ -1933,18 +1933,18 @@ static KRML_MUSTINLINE void absorb_final_7f0(
   __m256i(*uu____3)[5U] = s->st;
   uint8_t uu____4[4U][200U];
   memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U]));
-  load_block_full_ef_e60(uu____3, uu____4);
-  keccakf1600_cd(s);
+  load_block_full_ef_3a(uu____3, uu____4);
+  keccakf1600_a6(s);
 }
 
 /**
  Absorb
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
     Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) {
   Eurydice_slice buf[4U] = {data0, data1, data2, data3};
-  absorb_final_7f0(s, buf);
+  absorb_final_fb0(s, buf);
 }
 
 /**
@@ -1952,8 +1952,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void store_block_780(__m256i (*s)[5U],
-                                            Eurydice_slice out[4U]) {
+static KRML_MUSTINLINE void store_block_3a(__m256i (*s)[5U],
+                                           Eurydice_slice out[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) {
     size_t i0 = i;
     __m256i v0l = mm256_permute2x128_si256(
@@ -2078,9 +2078,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void store_block_ef_e30(__m256i (*a)[5U],
-                                               Eurydice_slice b[4U]) {
-  store_block_780(a, b);
+static KRML_MUSTINLINE void store_block_ef_3a(__m256i (*a)[5U],
+                                              Eurydice_slice b[4U]) {
+  store_block_3a(a, b);
 }
 
 /**
@@ -2090,9 +2090,9 @@ with const generics
 - N= 4
 - RATE= 168
 */
-static KRML_MUSTINLINE void squeeze_first_block_ca0(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  store_block_ef_e30(s->st, out);
+static KRML_MUSTINLINE void squeeze_first_block_970(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  store_block_ef_3a(s->st, out);
 }
 
 /**
@@ -2102,10 +2102,10 @@ with const generics
 - N= 4
 - RATE= 168
 */
-static KRML_MUSTINLINE void squeeze_next_block_660(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  keccakf1600_cd(s);
-  store_block_ef_e30(s->st, out);
+static KRML_MUSTINLINE void squeeze_next_block_970(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  keccakf1600_a6(s);
+  store_block_ef_3a(s->st, out);
 }
 
 /**
@@ -2115,43 +2115,43 @@ with const generics
 - N= 4
 - RATE= 168
 */
-KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
+static KRML_MUSTINLINE void squeeze_first_three_blocks_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
   Eurydice_slice_uint8_t_4size_t__x2 uu____0 =
       split_at_mut_n_ef(out, (size_t)168U);
   Eurydice_slice o0[4U];
   memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o10[4U];
   memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice));
-  squeeze_first_block_ca0(s, o0);
+  squeeze_first_block_970(s, o0);
   Eurydice_slice_uint8_t_4size_t__x2 uu____1 =
       split_at_mut_n_ef(o10, (size_t)168U);
   Eurydice_slice o1[4U];
   memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o2[4U];
   memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice));
-  squeeze_next_block_660(s, o1);
-  squeeze_next_block_660(s, o2);
+  squeeze_next_block_970(s, o1);
+  squeeze_next_block_970(s, o2);
 }
 
 /**
  Squeeze three blocks
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf);
+  squeeze_first_three_blocks_97(s, buf);
 }
 
 /**
  Squeeze another block
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  squeeze_next_block_660(s, buf);
+  squeeze_next_block_970(s, buf);
 }
 
 /**
@@ -2161,37 +2161,37 @@ with const generics
 - N= 4
 - RATE= 168
 */
-static KRML_MUSTINLINE void squeeze_first_five_blocks_0b(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
+static KRML_MUSTINLINE void squeeze_first_five_blocks_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
   Eurydice_slice_uint8_t_4size_t__x2 uu____0 =
       split_at_mut_n_ef(out, (size_t)168U);
   Eurydice_slice o0[4U];
   memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o10[4U];
   memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice));
-  squeeze_first_block_ca0(s, o0);
+  squeeze_first_block_970(s, o0);
   Eurydice_slice_uint8_t_4size_t__x2 uu____1 =
       split_at_mut_n_ef(o10, (size_t)168U);
   Eurydice_slice o1[4U];
   memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o20[4U];
   memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice));
-  squeeze_next_block_660(s, o1);
+  squeeze_next_block_970(s, o1);
   Eurydice_slice_uint8_t_4size_t__x2 uu____2 =
       split_at_mut_n_ef(o20, (size_t)168U);
   Eurydice_slice o2[4U];
   memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o30[4U];
   memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice));
-  squeeze_next_block_660(s, o2);
+  squeeze_next_block_970(s, o2);
   Eurydice_slice_uint8_t_4size_t__x2 uu____3 =
       split_at_mut_n_ef(o30, (size_t)168U);
   Eurydice_slice o3[4U];
   memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o4[4U];
   memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice));
-  squeeze_next_block_660(s, o3);
-  squeeze_next_block_660(s, o4);
+  squeeze_next_block_970(s, o3);
+  squeeze_next_block_970(s, o4);
 }
 
 /**
@@ -2199,20 +2199,20 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_0b(
 */
 KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  squeeze_first_five_blocks_0b(s, buf);
+  squeeze_first_five_blocks_97(s, buf);
 }
 
 /**
  Absorb
 */
 KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
     Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) {
   Eurydice_slice buf[4U] = {data0, data1, data2, data3};
-  libcrux_sha3_generic_keccak_absorb_final_7f(s, buf);
+  absorb_final_fb(s, buf);
 }
 
 /**
@@ -2220,10 +2220,10 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(
 */
 KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  squeeze_first_block_ca(s, buf);
+  squeeze_first_block_97(s, buf);
 }
 
 /**
@@ -2231,8 +2231,8 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
 */
 KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  squeeze_next_block_66(s, buf);
+  squeeze_next_block_97(s, buf);
 }
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 1e2e63c96..de46ad631 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_sha3_avx2_H
@@ -23,16 +23,6 @@ extern "C" {
 #include "libcrux_core.h"
 #include "libcrux_sha3_internal.h"
 
-/**
-A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
-with types core_core_arch_x86___m256i
-with const generics
-- $4size_t
-*/
-typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s {
-  __m256i st[5U][5U];
-} libcrux_sha3_generic_keccak_KeccakState_29;
-
 /**
  Perform 4 SHAKE256 operations in parallel
 */
@@ -44,56 +34,56 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1,
 /**
  Initialise the [`KeccakState`].
 */
-libcrux_sha3_generic_keccak_KeccakState_29
+libcrux_sha3_generic_keccak_KeccakState_55
 libcrux_sha3_avx2_x4_incremental_init(void);
 
 /**
  Absorb
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
     Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3);
 
 /**
  Squeeze three blocks
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3);
 
 /**
  Squeeze another block
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3);
 
 /**
  Squeeze five blocks
 */
 void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3);
 
 /**
  Absorb
 */
 void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
     Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3);
 
 /**
  Squeeze block
 */
 void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3);
 
 /**
  Squeeze next block
 */
 void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3);
 
 #if defined(__cplusplus)
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 5b4b70a94..0248f0f5e 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_sha3_internal_H
@@ -79,14 +79,14 @@ with const generics
 - RIGHT= 63
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_76(uint64_t x) {
   return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63;
 }
 
 static KRML_MUSTINLINE uint64_t
 libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) {
   uint64_t uu____0 = a;
-  return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b);
+  return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_76(b);
 }
 
 /**
@@ -183,9 +183,9 @@ with types uint64_t
 with const generics
 - $1size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s {
+typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s {
   uint64_t st[5U][5U];
-} libcrux_sha3_generic_keccak_KeccakState_48;
+} libcrux_sha3_generic_keccak_KeccakState_17;
 
 /**
  Create a new Shake128 x4 state.
@@ -200,9 +200,9 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
-libcrux_sha3_generic_keccak_new_89_cf(void) {
-  libcrux_sha3_generic_keccak_KeccakState_48 lit;
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
+libcrux_sha3_generic_keccak_new_89_04(void) {
+  libcrux_sha3_generic_keccak_KeccakState_17 lit;
   lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a();
   lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a();
   lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a();
@@ -236,18 +236,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_3a(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    core_result_Result_56 dst;
+    core_result_Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    core_result_unwrap_26_0e(dst, uu____0);
+    core_result_unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_3a(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_65(s, buf);
+  libcrux_sha3_portable_keccak_load_block_3a(s, buf);
 }
 
 /**
@@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_3a(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_3a(uu____0, copy_of_b);
 }
 
 /**
@@ -292,7 +292,7 @@ with const generics
 - RIGHT= 28
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_02(uint64_t x) {
   return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28;
 }
 
@@ -303,9 +303,9 @@ with const generics
 - RIGHT= 28
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_02(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d60(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_02(ab);
 }
 
 /**
@@ -319,8 +319,8 @@ with const generics
 - RIGHT= 28
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_02(a, b);
 }
 
 /**
@@ -330,7 +330,7 @@ with const generics
 - RIGHT= 61
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_ac(uint64_t x) {
   return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61;
 }
 
@@ -341,9 +341,9 @@ with const generics
 - RIGHT= 61
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d61(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_ac(ab);
 }
 
 /**
@@ -357,8 +357,8 @@ with const generics
 - RIGHT= 61
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b);
 }
 
 /**
@@ -368,7 +368,7 @@ with const generics
 - RIGHT= 23
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_020(uint64_t x) {
   return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23;
 }
 
@@ -379,9 +379,9 @@ with const generics
 - RIGHT= 23
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_020(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d62(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_020(ab);
 }
 
 /**
@@ -395,8 +395,8 @@ with const generics
 - RIGHT= 23
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_020(a, b);
 }
 
 /**
@@ -406,7 +406,7 @@ with const generics
 - RIGHT= 46
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_a9(uint64_t x) {
   return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46;
 }
 
@@ -417,9 +417,9 @@ with const generics
 - RIGHT= 46
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_a9(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d63(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_a9(ab);
 }
 
 /**
@@ -433,8 +433,8 @@ with const generics
 - RIGHT= 46
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_a9(a, b);
 }
 
 /**
@@ -444,9 +444,9 @@ with const generics
 - RIGHT= 63
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_76(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d6(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_76(ab);
 }
 
 /**
@@ -460,8 +460,8 @@ with const generics
 - RIGHT= 63
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_76(a, b);
 }
 
 /**
@@ -471,7 +471,7 @@ with const generics
 - RIGHT= 20
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_58(uint64_t x) {
   return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20;
 }
 
@@ -482,9 +482,9 @@ with const generics
 - RIGHT= 20
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_58(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d64(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_58(ab);
 }
 
 /**
@@ -498,8 +498,8 @@ with const generics
 - RIGHT= 20
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_58(a, b);
 }
 
 /**
@@ -509,7 +509,7 @@ with const generics
 - RIGHT= 54
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_e0(uint64_t x) {
   return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54;
 }
 
@@ -520,9 +520,9 @@ with const generics
 - RIGHT= 54
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_e0(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d65(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_e0(ab);
 }
 
 /**
@@ -536,8 +536,8 @@ with const generics
 - RIGHT= 54
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_e0(a, b);
 }
 
 /**
@@ -547,7 +547,7 @@ with const generics
 - RIGHT= 19
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_63(uint64_t x) {
   return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19;
 }
 
@@ -558,9 +558,9 @@ with const generics
 - RIGHT= 19
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_63(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d66(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_63(ab);
 }
 
 /**
@@ -574,8 +574,8 @@ with const generics
 - RIGHT= 19
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_63(a, b);
 }
 
 /**
@@ -585,7 +585,7 @@ with const generics
 - RIGHT= 62
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_6a(uint64_t x) {
   return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62;
 }
 
@@ -596,9 +596,9 @@ with const generics
 - RIGHT= 62
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_6a(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d67(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_6a(ab);
 }
 
 /**
@@ -612,8 +612,8 @@ with const generics
 - RIGHT= 62
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_6a(a, b);
 }
 
 /**
@@ -623,7 +623,7 @@ with const generics
 - RIGHT= 2
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_ab(uint64_t x) {
   return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2;
 }
 
@@ -634,9 +634,9 @@ with const generics
 - RIGHT= 2
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_ab(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d68(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_ab(ab);
 }
 
 /**
@@ -650,8 +650,8 @@ with const generics
 - RIGHT= 2
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ab(a, b);
 }
 
 /**
@@ -661,7 +661,7 @@ with const generics
 - RIGHT= 58
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_5b(uint64_t x) {
   return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58;
 }
 
@@ -672,9 +672,9 @@ with const generics
 - RIGHT= 58
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_5b(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d69(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_5b(ab);
 }
 
 /**
@@ -688,8 +688,8 @@ with const generics
 - RIGHT= 58
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_5b(a, b);
 }
 
 /**
@@ -699,7 +699,7 @@ with const generics
 - RIGHT= 21
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_6f(uint64_t x) {
   return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21;
 }
 
@@ -710,9 +710,9 @@ with const generics
 - RIGHT= 21
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_6f(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d610(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_6f(ab);
 }
 
 /**
@@ -726,8 +726,8 @@ with const generics
 - RIGHT= 21
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_6f(a, b);
 }
 
 /**
@@ -737,7 +737,7 @@ with const generics
 - RIGHT= 49
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_62(uint64_t x) {
   return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49;
 }
 
@@ -748,9 +748,9 @@ with const generics
 - RIGHT= 49
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_62(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d611(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_62(ab);
 }
 
 /**
@@ -764,8 +764,8 @@ with const generics
 - RIGHT= 49
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_62(a, b);
 }
 
 /**
@@ -775,7 +775,7 @@ with const generics
 - RIGHT= 3
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_23(uint64_t x) {
   return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3;
 }
 
@@ -786,9 +786,9 @@ with const generics
 - RIGHT= 3
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_23(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d612(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_23(ab);
 }
 
 /**
@@ -802,8 +802,8 @@ with const generics
 - RIGHT= 3
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_23(a, b);
 }
 
 /**
@@ -813,7 +813,7 @@ with const generics
 - RIGHT= 36
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_37(uint64_t x) {
   return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36;
 }
 
@@ -824,9 +824,9 @@ with const generics
 - RIGHT= 36
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_37(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d613(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_37(ab);
 }
 
 /**
@@ -840,8 +840,8 @@ with const generics
 - RIGHT= 36
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_37(a, b);
 }
 
 /**
@@ -851,7 +851,7 @@ with const generics
 - RIGHT= 9
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_bb(uint64_t x) {
   return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9;
 }
 
@@ -862,9 +862,9 @@ with const generics
 - RIGHT= 9
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_bb(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d614(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_bb(ab);
 }
 
 /**
@@ -878,8 +878,8 @@ with const generics
 - RIGHT= 9
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_bb(a, b);
 }
 
 /**
@@ -889,7 +889,7 @@ with const generics
 - RIGHT= 39
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_b9(uint64_t x) {
   return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39;
 }
 
@@ -900,9 +900,9 @@ with const generics
 - RIGHT= 39
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_b9(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d615(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_b9(ab);
 }
 
 /**
@@ -916,8 +916,8 @@ with const generics
 - RIGHT= 39
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_b9(a, b);
 }
 
 /**
@@ -927,7 +927,7 @@ with const generics
 - RIGHT= 43
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_54(uint64_t x) {
   return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43;
 }
 
@@ -938,9 +938,9 @@ with const generics
 - RIGHT= 43
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_54(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d616(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_54(ab);
 }
 
 /**
@@ -954,8 +954,8 @@ with const generics
 - RIGHT= 43
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_54(a, b);
 }
 
 /**
@@ -965,7 +965,7 @@ with const generics
 - RIGHT= 8
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_4c(uint64_t x) {
   return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8;
 }
 
@@ -976,9 +976,9 @@ with const generics
 - RIGHT= 8
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_4c(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d617(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_4c(ab);
 }
 
 /**
@@ -992,8 +992,8 @@ with const generics
 - RIGHT= 8
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_4c(a, b);
 }
 
 /**
@@ -1003,7 +1003,7 @@ with const generics
 - RIGHT= 37
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_ce(uint64_t x) {
   return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37;
 }
 
@@ -1014,9 +1014,9 @@ with const generics
 - RIGHT= 37
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_ce(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d618(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_ce(ab);
 }
 
 /**
@@ -1030,8 +1030,8 @@ with const generics
 - RIGHT= 37
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ce(a, b);
 }
 
 /**
@@ -1041,7 +1041,7 @@ with const generics
 - RIGHT= 44
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_77(uint64_t x) {
   return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44;
 }
 
@@ -1052,9 +1052,9 @@ with const generics
 - RIGHT= 44
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_77(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d619(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_77(ab);
 }
 
 /**
@@ -1068,8 +1068,8 @@ with const generics
 - RIGHT= 44
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_77(a, b);
 }
 
 /**
@@ -1079,7 +1079,7 @@ with const generics
 - RIGHT= 25
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_25(uint64_t x) {
   return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25;
 }
 
@@ -1090,9 +1090,9 @@ with const generics
 - RIGHT= 25
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_25(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d620(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_25(ab);
 }
 
 /**
@@ -1106,8 +1106,8 @@ with const generics
 - RIGHT= 25
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_25(a, b);
 }
 
 /**
@@ -1117,7 +1117,7 @@ with const generics
 - RIGHT= 56
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_af(uint64_t x) {
   return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56;
 }
 
@@ -1128,9 +1128,9 @@ with const generics
 - RIGHT= 56
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_af(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d621(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_af(ab);
 }
 
 /**
@@ -1144,8 +1144,8 @@ with const generics
 - RIGHT= 56
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_af(a, b);
 }
 
 /**
@@ -1155,7 +1155,7 @@ with const generics
 - RIGHT= 50
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_fd(uint64_t x) {
   return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50;
 }
 
@@ -1166,9 +1166,9 @@ with const generics
 - RIGHT= 50
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_fd(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d622(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_fd(ab);
 }
 
 /**
@@ -1182,8 +1182,8 @@ with const generics
 - RIGHT= 50
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_fd(a, b);
 }
 
 /**
@@ -1192,8 +1192,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   uint64_t c[5U] = {
       libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U],
                                            s->st[2U][0U], s->st[3U][0U],
@@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7(
                         c[((size_t)4U + (size_t)1U) % (size_t)5U])};
   s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]);
   s->st[1U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(s->st[1U][0U], t[0U]);
   s->st[2U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(s->st[2U][0U], t[0U]);
   s->st[3U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(s->st[3U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(s->st[3U][0U], t[0U]);
   s->st[4U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(s->st[4U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(s->st[4U][0U], t[0U]);
   s->st[0U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(s->st[0U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(s->st[0U][1U], t[1U]);
   s->st[1U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(s->st[1U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(s->st[1U][1U], t[1U]);
   s->st[2U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(s->st[2U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(s->st[2U][1U], t[1U]);
   s->st[3U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(s->st[3U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(s->st[3U][1U], t[1U]);
   s->st[4U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(s->st[4U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(s->st[4U][1U], t[1U]);
   s->st[0U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(s->st[0U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(s->st[0U][2U], t[2U]);
   s->st[1U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(s->st[1U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(s->st[1U][2U], t[2U]);
   s->st[2U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(s->st[2U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(s->st[2U][2U], t[2U]);
   s->st[3U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(s->st[3U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(s->st[3U][2U], t[2U]);
   s->st[4U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(s->st[4U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(s->st[4U][2U], t[2U]);
   s->st[0U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(s->st[0U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(s->st[0U][3U], t[3U]);
   s->st[1U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(s->st[1U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][3U], t[3U]);
   s->st[2U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(s->st[2U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(s->st[2U][3U], t[3U]);
   s->st[3U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(s->st[3U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(s->st[3U][3U], t[3U]);
   s->st[4U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(s->st[4U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(s->st[4U][3U], t[3U]);
   s->st[0U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(s->st[0U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(s->st[0U][4U], t[4U]);
   s->st[1U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(s->st[1U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(s->st[1U][4U], t[4U]);
   s->st[2U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(s->st[2U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(s->st[2U][4U], t[4U]);
   s->st[3U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(s->st[3U][4U], t[4U]);
   uint64_t uu____27 =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(s->st[4U][4U], t[4U]);
   s->st[4U][4U] = uu____27;
 }
 
@@ -1284,8 +1284,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   uint64_t old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
   s->st[0U][1U] = old[1U][1U];
@@ -1320,8 +1320,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   uint64_t old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
   KRML_MAYBE_FOR5(
@@ -1338,8 +1338,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, size_t i) {
   s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a(
       s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
 }
@@ -1350,14 +1350,14 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_theta_rho_a7(s);
-    libcrux_sha3_generic_keccak_pi_d5(s);
-    libcrux_sha3_generic_keccak_chi_3e(s);
-    libcrux_sha3_generic_keccak_iota_00(s, i0);
+    libcrux_sha3_generic_keccak_theta_rho_04(s);
+    libcrux_sha3_generic_keccak_pi_04(s);
+    libcrux_sha3_generic_keccak_chi_04(s);
+    libcrux_sha3_generic_keccak_iota_04(s, i0);
   }
 }
 
@@ -1369,8 +1369,8 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3a(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_3a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b(a, b);
+  libcrux_sha3_portable_keccak_store_block_3a(a, b);
 }
 
 /**
@@ -1431,9 +1431,9 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out);
 }
 
 /**
@@ -1443,10 +1443,10 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out);
 }
 
 /**
@@ -1454,18 +1454,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5b(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    core_result_Result_56 dst;
+    core_result_Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    core_result_unwrap_26_0e(dst, uu____0);
+    core_result_unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5b(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_650(s, buf);
+  libcrux_sha3_portable_keccak_load_block_5b(s, buf);
 }
 
 /**
@@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_5b(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -1511,8 +1511,8 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e0(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5b(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_5b(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b0(a, b);
+  libcrux_sha3_portable_keccak_store_block_5b(a, b);
 }
 
 /**
@@ -1573,9 +1573,9 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out);
 }
 
 /**
@@ -1585,10 +1585,10 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out);
 }
 
 /**
@@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_5b(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -1618,13 +1618,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_3a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_3a(uu____0, copy_of_b);
 }
 
 /**
@@ -1634,13 +1634,13 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_3a(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1648,12 +1648,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_3a(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b(s, buf);
+  libcrux_sha3_portable_keccak_store_block_3a(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -1669,10 +1669,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_3a(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_3a(a, ret);
 }
 
 /**
@@ -1683,21 +1682,21 @@ with const generics
 - RATE= 168
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_883(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_3a(s->st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1709,22 +1708,22 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_3a(s.st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1737,36 +1736,36 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e4(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U,
                                             (size_t)168U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c63(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)168U;
   size_t last = outlen - outlen % (size_t)168U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
@@ -1774,15 +1773,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c6(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -1792,12 +1791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c6(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c63(s, o1);
     }
   }
 }
@@ -1808,12 +1807,12 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
 
 /**
@@ -1821,18 +1820,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_7a(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    core_result_Result_56 dst;
+    core_result_Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    core_result_unwrap_26_0e(dst, uu____0);
+    core_result_unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -1849,13 +1848,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_7a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_7a(uu____0, copy_of_b);
 }
 
 /**
@@ -1865,13 +1864,13 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_7a(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1879,11 +1878,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_653(s, buf);
+  libcrux_sha3_portable_keccak_load_block_7a(s, buf);
 }
 
 /**
@@ -1895,13 +1894,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_7a(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b);
 }
 
 /**
@@ -1912,8 +1911,8 @@ with const generics
 - RATE= 104
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e4(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -1931,8 +1930,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_7a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1940,7 +1939,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_7a(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -1958,12 +1957,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7a(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b3(s, buf);
+  libcrux_sha3_portable_keccak_store_block_7a(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -1979,10 +1978,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_7a(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_7a(a, ret);
 }
 
 /**
@@ -1993,21 +1991,21 @@ with const generics
 - RATE= 104
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_882(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_7a(s->st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2021,9 +2019,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b3(a, b);
+  libcrux_sha3_portable_keccak_store_block_7a(a, b);
 }
 
 /**
@@ -2033,9 +2031,9 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out);
 }
 
 /**
@@ -2045,10 +2043,10 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out);
 }
 
 /**
@@ -2058,22 +2056,22 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_7a(s.st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2086,36 +2084,36 @@ with const generics
 - RATE= 104
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e3(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U,
                                             (size_t)104U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c62(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e4(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)104U;
   size_t last = outlen - outlen % (size_t)104U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U);
@@ -2123,15 +2121,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c63(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -2141,12 +2139,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c63(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c62(s, o1);
     }
   }
 }
@@ -2157,12 +2155,12 @@ with const generics
 - RATE= 104
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
 
 /**
@@ -2170,18 +2168,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    core_result_Result_56 dst;
+    core_result_Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    core_result_unwrap_26_0e(dst, uu____0);
+    core_result_unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -2198,13 +2196,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_2c(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b);
 }
 
 /**
@@ -2214,13 +2212,13 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_2c(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2228,11 +2226,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_2c(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_652(s, buf);
+  libcrux_sha3_portable_keccak_load_block_2c(s, buf);
 }
 
 /**
@@ -2244,13 +2242,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2c(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_2c(uu____0, copy_of_b);
 }
 
 /**
@@ -2261,8 +2259,8 @@ with const generics
 - RATE= 144
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e3(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -2280,8 +2278,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_2c(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2289,7 +2287,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_2c(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -2307,12 +2305,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2c(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b2(s, buf);
+  libcrux_sha3_portable_keccak_store_block_2c(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -2328,10 +2326,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_2c(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_2c(a, ret);
 }
 
 /**
@@ -2342,21 +2339,21 @@ with const generics
 - RATE= 144
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_881(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_2c(s->st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2370,9 +2367,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_2c(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b2(a, b);
+  libcrux_sha3_portable_keccak_store_block_2c(a, b);
 }
 
 /**
@@ -2382,9 +2379,9 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out);
 }
 
 /**
@@ -2394,10 +2391,10 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out);
 }
 
 /**
@@ -2407,22 +2404,22 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_2c(s.st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2435,36 +2432,36 @@ with const generics
 - RATE= 144
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e2(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U,
                                             (size_t)144U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c61(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e3(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)144U;
   size_t last = outlen - outlen % (size_t)144U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U);
@@ -2472,15 +2469,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c62(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -2490,12 +2487,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c62(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c61(s, o1);
     }
   }
 }
@@ -2506,12 +2503,12 @@ with const generics
 - RATE= 144
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
 
 /**
@@ -2521,13 +2518,13 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_5b(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2535,12 +2532,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5b(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b0(s, buf);
+  libcrux_sha3_portable_keccak_store_block_5b(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -2556,10 +2553,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_5b(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_5b(a, ret);
 }
 
 /**
@@ -2570,21 +2566,21 @@ with const generics
 - RATE= 136
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_880(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_5b(s->st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2596,22 +2592,22 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_5b(s.st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2624,36 +2620,36 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e1(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
                                             (size_t)136U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e0(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)136U;
   size_t last = outlen - outlen % (size_t)136U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
@@ -2661,15 +2657,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -2679,12 +2675,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1);
     }
   }
 }
@@ -2695,12 +2691,12 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
 
 /**
@@ -2711,8 +2707,8 @@ with const generics
 - RATE= 136
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e2(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -2730,8 +2726,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2742,36 +2738,36 @@ with const generics
 - RATE= 136
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
                                             (size_t)136U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e2(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)136U;
   size_t last = outlen - outlen % (size_t)136U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
@@ -2779,15 +2775,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -2797,12 +2793,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1);
     }
   }
 }
@@ -2813,12 +2809,12 @@ with const generics
 - RATE= 136
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
 
 /**
@@ -2826,18 +2822,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_f8(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    core_result_Result_56 dst;
+    core_result_Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    core_result_unwrap_26_0e(dst, uu____0);
+    core_result_unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -2854,13 +2850,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_f8(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_f8(uu____0, copy_of_b);
 }
 
 /**
@@ -2870,13 +2866,13 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_f8(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2884,11 +2880,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_f8(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_651(s, buf);
+  libcrux_sha3_portable_keccak_load_block_f8(s, buf);
 }
 
 /**
@@ -2900,13 +2896,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_f8(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_f8(uu____0, copy_of_b);
 }
 
 /**
@@ -2917,8 +2913,8 @@ with const generics
 - RATE= 72
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e1(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   {
@@ -2936,8 +2932,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_f8(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2945,7 +2941,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_f8(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -2963,12 +2959,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_f8(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b1(s, buf);
+  libcrux_sha3_portable_keccak_store_block_f8(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -2984,9 +2980,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_f8(
     uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e(a, ret);
+  libcrux_sha3_portable_keccak_store_block_full_f8(a, ret);
 }
 
 /**
@@ -2997,21 +2993,21 @@ with const generics
 - RATE= 72
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_88(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_f8(s->st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -3025,9 +3021,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_f8(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b1(a, b);
+  libcrux_sha3_portable_keccak_store_block_f8(a, b);
 }
 
 /**
@@ -3037,9 +3033,9 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out);
 }
 
 /**
@@ -3049,10 +3045,10 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out);
 }
 
 /**
@@ -3062,22 +3058,22 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_f8(s.st, b);
   {
     size_t i = (size_t)0U;
     Eurydice_slice uu____0 = out[i];
     uint8_t *uu____1 = b[i];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -3090,36 +3086,36 @@ with const generics
 - RATE= 72
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U,
                                             (size_t)72U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c6(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e1(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)72U;
   size_t last = outlen - outlen % (size_t)72U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U);
@@ -3127,15 +3123,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c61(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, core_option_Option_b3)
+              &iter, size_t, core_option_Option_08)
               .tag == core_option_None) {
         break;
       } else {
@@ -3145,12 +3141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c61(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c6(s, o1);
     }
   }
 }
@@ -3161,14 +3157,24 @@ with const generics
 - RATE= 72
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
 
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
+with types core_core_arch_x86___m256i
+with const generics
+- $4size_t
+*/
+typedef struct libcrux_sha3_generic_keccak_KeccakState_55_s {
+  __m256i st[5U][5U];
+} libcrux_sha3_generic_keccak_KeccakState_55;
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index d84fc7126..ed67034a0 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index bdb6771ab..063d29226 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_sha3_neon_H
@@ -51,7 +51,7 @@ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1,
                                    Eurydice_slice out0, Eurydice_slice out1);
 
 typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 state[2U];
+  libcrux_sha3_generic_keccak_KeccakState_17 state[2U];
 } libcrux_sha3_neon_x2_incremental_KeccakState;
 
 /**
diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml
index 08e55ac47..0eb5bb3f4 100644
--- a/libcrux-ml-kem/cg.yaml
+++ b/libcrux-ml-kem/cg.yaml
@@ -26,9 +26,9 @@ files:
         - [libcrux_sha3, avx2, "*"]
         - [libcrux_sha3, simd, avx2, "*"]
       monomorphizations_exact:
-        - [libcrux_sha3, generic_keccak, KeccakState_29]
-        - [libcrux_sha3, generic_keccak, absorb_final_7f ]
-        - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ]
+        - [libcrux_sha3, generic_keccak, KeccakState_55]
+        - [libcrux_sha3, generic_keccak, absorb_final_fb ]
+        - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_97 ]
       monomorphizations_of:
         - [libcrux_sha3, avx2, "*"]
         - [libcrux_sha3, simd, avx2, "*"]
@@ -59,11 +59,11 @@ files:
       monomorphizations_exact:
         - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ]
         - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768PublicKeyUnpacked ]
-        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ]
-        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ]
-        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ]
-        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ]
-        - [ libcrux_ml_kem, polynomial, PolynomialRingElement_d2 ]
+        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_63 ]
+        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_63 ]
+        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_63 ]
+        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_63 ]
+        - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f6 ]
         - [ libcrux_ml_kem, vector, avx2, SIMD256Vector ]
 
   - name: libcrux_mlkem768_portable_types
@@ -72,11 +72,11 @@ files:
       monomorphizations_exact:
         - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768KeyPairUnpacked ]
         - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768PublicKeyUnpacked ]
-        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_f8 ]
-        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_f8 ]
-        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_f8 ]
-        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_f8 ]
-        - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f0 ]
+        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ]
+        - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ]
+        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ]
+        - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ]
+        - [ libcrux_ml_kem, polynomial, PolynomialRingElement_1d ]
         - [ libcrux_ml_kem, vector, portable, vector_type, PortableVector ]
 
   # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc
index 7212fc4ed..31180a799 100644
--- a/libcrux-ml-kem/cg/benches/sha3.cc
+++ b/libcrux-ml-kem/cg/benches/sha3.cc
@@ -69,14 +69,14 @@ shake128_34_504(benchmark::State &state)
     Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)};
     Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)};
     libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init();
-    libcrux_sha3_generic_keccak_absorb_final_7f(&st, last);
-    libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out);
+    libcrux_sha3_generic_keccak_absorb_final_fb(&st, last);
+    libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(&st, out);
 
     for (auto _ : state)
     {
         libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init();
-        libcrux_sha3_generic_keccak_absorb_final_7f(&st, last);
-        libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out);
+        libcrux_sha3_generic_keccak_absorb_final_fb(&st, last);
+        libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(&st, out);
     }
 }
 
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 7599cb2f1..03c666cb2 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
-Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
-Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
-F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index c6916acab..572a1639b 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_core_H
@@ -25,30 +25,30 @@ A monomorphic instance of core.ops.range.Range
 with types size_t
 
 */
-typedef struct core_ops_range_Range_b3_s {
+typedef struct core_ops_range_Range_08_s {
   size_t start;
   size_t end;
-} core_ops_range_Range_b3;
+} core_ops_range_Range_08;
 
 #define Ok 0
 #define Err 1
 
-typedef uint8_t Result_86_tags;
+typedef uint8_t Result_a9_tags;
 
 #define None 0
 #define Some 1
 
-typedef uint8_t Option_ef_tags;
+typedef uint8_t Option_9e_tags;
 
 /**
 A monomorphic instance of core.option.Option
 with types size_t
 
 */
-typedef struct Option_b3_s {
-  Option_ef_tags tag;
+typedef struct Option_08_s {
+  Option_9e_tags tag;
   size_t f0;
-} Option_b3;
+} Option_08;
 
 static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1);
 
@@ -88,13 +88,13 @@ A monomorphic instance of core.result.Result
 with types uint8_t[24size_t], core_array_TryFromSliceError
 
 */
-typedef struct Result_6f_s {
-  Result_86_tags tag;
+typedef struct Result_b2_s {
+  Result_a9_tags tag;
   union {
     uint8_t case_Ok[24U];
     TryFromSliceError case_Err;
   } val;
-} Result_6f;
+} Result_b2;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -105,7 +105,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[24size_t], core_array_TryFromSliceError
 
 */
-static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) {
+static inline void unwrap_26_70(Result_b2 self, uint8_t ret[24U]) {
   if (self.tag == Ok) {
     uint8_t f0[24U];
     memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t));
@@ -122,13 +122,13 @@ A monomorphic instance of core.result.Result
 with types uint8_t[20size_t], core_array_TryFromSliceError
 
 */
-typedef struct Result_7a_s {
-  Result_86_tags tag;
+typedef struct Result_e1_s {
+  Result_a9_tags tag;
   union {
     uint8_t case_Ok[20U];
     TryFromSliceError case_Err;
   } val;
-} Result_7a;
+} Result_e1;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -139,7 +139,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[20size_t], core_array_TryFromSliceError
 
 */
-static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) {
+static inline void unwrap_26_20(Result_e1 self, uint8_t ret[20U]) {
   if (self.tag == Ok) {
     uint8_t f0[20U];
     memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t));
@@ -156,13 +156,13 @@ A monomorphic instance of core.result.Result
 with types uint8_t[10size_t], core_array_TryFromSliceError
 
 */
-typedef struct Result_cd_s {
-  Result_86_tags tag;
+typedef struct Result_9d_s {
+  Result_a9_tags tag;
   union {
     uint8_t case_Ok[10U];
     TryFromSliceError case_Err;
   } val;
-} Result_cd;
+} Result_9d;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -173,7 +173,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[10size_t], core_array_TryFromSliceError
 
 */
-static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) {
+static inline void unwrap_26_ce(Result_9d self, uint8_t ret[10U]) {
   if (self.tag == Ok) {
     uint8_t f0[10U];
     memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t));
@@ -198,7 +198,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 32
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_423(
+static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_9e(
     Eurydice_slice slice, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   uint8_t *uu____0 = out;
@@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4
 with const generics
 - SIZE= 1088
 */
-static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_76(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return self->value;
 }
@@ -231,9 +231,9 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
 with const generics
 - $1184size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s {
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s {
   uint8_t value[1184U];
-} libcrux_ml_kem_types_MlKemPublicKey_15;
+} libcrux_ml_kem_types_MlKemPublicKey_30;
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -244,12 +244,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
 with const generics
 - SIZE= 1184
 */
-static inline libcrux_ml_kem_types_MlKemPublicKey_15
-libcrux_ml_kem_types_from_5a_67(uint8_t value[1184U]) {
+static inline libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_types_from_5a_d0(uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
   memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_15 lit;
+  libcrux_ml_kem_types_MlKemPublicKey_30 lit;
   memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
   return lit;
 }
@@ -259,13 +259,13 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
 with const generics
 - $2400size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s {
+typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s {
   uint8_t value[2400U];
-} libcrux_ml_kem_types_MlKemPrivateKey_55;
+} libcrux_ml_kem_types_MlKemPrivateKey_d9;
 
 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
-  libcrux_ml_kem_types_MlKemPrivateKey_55 sk;
-  libcrux_ml_kem_types_MlKemPublicKey_15 pk;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 sk;
+  libcrux_ml_kem_types_MlKemPublicKey_30 pk;
 } libcrux_ml_kem_mlkem768_MlKem768KeyPair;
 
 /**
@@ -279,8 +279,8 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_types_from_3a_ee(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
-                                libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
+libcrux_ml_kem_types_from_3a_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk,
+                                libcrux_ml_kem_types_MlKemPublicKey_30 pk) {
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
 }
@@ -294,12 +294,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
 with const generics
 - SIZE= 2400
 */
-static inline libcrux_ml_kem_types_MlKemPrivateKey_55
-libcrux_ml_kem_types_from_7f_af(uint8_t value[2400U]) {
+static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
+libcrux_ml_kem_types_from_7f_28(uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
   memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 lit;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 lit;
   memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t));
   return lit;
 }
@@ -309,13 +309,13 @@ A monomorphic instance of core.result.Result
 with types uint8_t[32size_t], core_array_TryFromSliceError
 
 */
-typedef struct Result_00_s {
-  Result_86_tags tag;
+typedef struct Result_fb_s {
+  Result_a9_tags tag;
   union {
     uint8_t case_Ok[32U];
     TryFromSliceError case_Err;
   } val;
-} Result_00;
+} Result_fb;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -326,7 +326,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[32size_t], core_array_TryFromSliceError
 
 */
-static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) {
+static inline void unwrap_26_b3(Result_fb self, uint8_t ret[32U]) {
   if (self.tag == Ok) {
     uint8_t f0[32U];
     memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));
@@ -344,10 +344,10 @@ with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]],
 uint8_t[32size_t]
 
 */
-typedef struct tuple_3c_s {
+typedef struct tuple_c2_s {
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst;
   uint8_t snd[32U];
-} tuple_3c;
+} tuple_c2;
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
@@ -359,7 +359,7 @@ with const generics
 - SIZE= 1088
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
-libcrux_ml_kem_types_from_01_8c(uint8_t value[1088U]) {
+libcrux_ml_kem_types_from_01_80(uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
   memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
@@ -376,8 +376,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
 with const generics
 - SIZE= 1184
 */
-static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_02(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
+static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_d0(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *self) {
   return self->value;
 }
 
@@ -389,7 +389,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 33
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_422(
+static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_c8(
     Eurydice_slice slice, uint8_t ret[33U]) {
   uint8_t out[33U] = {0U};
   uint8_t *uu____0 = out;
@@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 34
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421(
+static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_b6(
     Eurydice_slice slice, uint8_t ret[34U]) {
   uint8_t out[34U] = {0U};
   uint8_t *uu____0 = out;
@@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
 with const generics
 - SIZE= 1088
 */
-static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c(
+static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
@@ -441,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 1120
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_420(
+static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_15(
     Eurydice_slice slice, uint8_t ret[1120U]) {
   uint8_t out[1120U] = {0U};
   uint8_t *uu____0 = out;
@@ -460,7 +460,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
 with const generics
 - LEN= 64
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_42(
+static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24(
     Eurydice_slice slice, uint8_t ret[64U]) {
   uint8_t out[64U] = {0U};
   uint8_t *uu____0 = out;
@@ -476,13 +476,13 @@ A monomorphic instance of core.result.Result
 with types int16_t[16size_t], core_array_TryFromSliceError
 
 */
-typedef struct Result_c0_s {
-  Result_86_tags tag;
+typedef struct Result_0a_s {
+  Result_a9_tags tag;
   union {
     int16_t case_Ok[16U];
     TryFromSliceError case_Err;
   } val;
-} Result_c0;
+} Result_0a;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -493,7 +493,7 @@ A monomorphic instance of core.result.unwrap_26
 with types int16_t[16size_t], core_array_TryFromSliceError
 
 */
-static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) {
+static inline void unwrap_26_00(Result_0a self, int16_t ret[16U]) {
   if (self.tag == Ok) {
     int16_t f0[16U];
     memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t));
@@ -510,13 +510,13 @@ A monomorphic instance of core.result.Result
 with types uint8_t[8size_t], core_array_TryFromSliceError
 
 */
-typedef struct Result_56_s {
-  Result_86_tags tag;
+typedef struct Result_15_s {
+  Result_a9_tags tag;
   union {
     uint8_t case_Ok[8U];
     TryFromSliceError case_Err;
   } val;
-} Result_56;
+} Result_15;
 
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
@@ -527,7 +527,7 @@ A monomorphic instance of core.result.unwrap_26
 with types uint8_t[8size_t], core_array_TryFromSliceError
 
 */
-static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) {
+static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) {
   if (self.tag == Ok) {
     uint8_t f0[8U];
     memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 2b5ee19c2..aed9b958c 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 553bb0252..ff2c1d887 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -734,12 +734,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
   uint8_t ret0[8U];
-  Result_56 dst;
+  Result_15 dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t),
       Eurydice_slice, uint8_t[8U]);
-  unwrap_26_0e(dst, ret0);
+  unwrap_26_68(dst, ret0);
   memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t));
 }
 
@@ -846,12 +846,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
   uint8_t ret0[10U];
-  Result_cd dst;
+  Result_9d dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t),
       Eurydice_slice, uint8_t[10U]);
-  unwrap_26_07(dst, ret0);
+  unwrap_26_ce(dst, ret0);
   memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t));
 }
 
@@ -989,12 +989,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
                                   uint8_t),
       upper_8);
   uint8_t ret0[20U];
-  Result_7a dst;
+  Result_e1 dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t),
       Eurydice_slice, uint8_t[20U]);
-  unwrap_26_ea(dst, ret0);
+  unwrap_26_20(dst, ret0);
   memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t));
 }
 
@@ -1151,12 +1151,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12(
                                   uint8_t),
       upper_8);
   uint8_t ret0[24U];
-  Result_6f dst;
+  Result_b2 dst;
   Eurydice_slice_to_array2(
       &dst,
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t),
       Eurydice_slice, uint8_t[24U]);
-  unwrap_26_76(dst, ret0);
+  unwrap_26_70(dst, ret0);
   memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t));
 }
 
@@ -1289,9 +1289,9 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_ZERO_ef_05(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit;
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_ZERO_ef_61(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
   lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
   lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
   lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
@@ -1318,9 +1318,9 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_23(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ab(size_t _) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -1330,11 +1330,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_61(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -1352,12 +1352,12 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
@@ -1369,18 +1369,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_61(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
   memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  memcpy(
-      ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      ret, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -1392,9 +1388,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - U_COMPRESSION_FACTOR= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ed(size_t _) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -1405,7 +1401,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1457,9 +1453,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ef(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
       vector);
 }
 
@@ -1470,16 +1466,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_61(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i),
-          __m256i),
-      size_t, void *);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
+  size_t _coefficients_length = Eurydice_slice_len(
+      Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), __m256i);
+  LowStar_Ignore_ignore(_coefficients_length, size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
@@ -1487,7 +1481,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ef(
             coefficient);
   }
   return re;
@@ -1501,7 +1495,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1553,9 +1547,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_c4(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
       vector);
 }
 
@@ -1566,11 +1560,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_61(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
@@ -1578,7 +1572,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_c4(
             coefficient);
   }
   return re;
@@ -1591,10 +1585,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ee(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_61(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s {
@@ -1609,7 +1603,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(
+static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_61(
     __m256i v, int16_t fer) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
 }
@@ -1622,9 +1616,9 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(__m256i a, __m256i b,
+libcrux_ml_kem_ntt_ntt_layer_int_vec_step_61(__m256i a, __m256i b,
                                              int16_t zeta_r) {
-  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(b, zeta_r);
+  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_61(b, zeta_r);
   b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
   a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
@@ -1638,8 +1632,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -1651,7 +1645,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_61(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -1669,8 +1663,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ba(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -1688,8 +1682,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_89(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -1708,8 +1702,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -1735,8 +1729,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -1752,24 +1746,24 @@ with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ee(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_ba(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_89(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -1782,12 +1776,12 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
@@ -1807,13 +1801,13 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(
                 (size_t)10U / (size_t)8U,
         uint8_t);
     u_as_ntt[i0] =
-        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c(
+        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ee(
             u_bytes);
-    libcrux_ml_kem_ntt_ntt_vector_u_96(&u_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_vector_u_ee(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -1824,7 +1818,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1876,9 +1870,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_d1(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
       vector);
 }
 
@@ -1889,11 +1883,11 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
@@ -1901,7 +1895,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_d1(
             coefficient);
   }
   return re;
@@ -1915,7 +1909,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
     __m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1967,9 +1961,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f4(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532(
+  return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
       vector);
 }
 
@@ -1980,11 +1974,11 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_61(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
@@ -1992,7 +1986,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f4(
             re.coefficients[i0]);
   }
   return re;
@@ -2005,10 +1999,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_42(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(serialized);
 }
 
 /**
@@ -2023,12 +2017,12 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2057,9 +2051,9 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
                                   (size_t)16U, self->coefficients, __m256i),
@@ -2078,8 +2072,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -2102,8 +2096,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -2124,8 +2118,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -2145,13 +2139,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(__m256i a,
+libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(__m256i a,
                                                                __m256i b,
                                                                int16_t zeta_r) {
   __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
   a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
       libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(a_minus_b, zeta_r);
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_61(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2164,8 +2158,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -2179,7 +2173,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2197,22 +2191,22 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -2227,10 +2221,10 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_subtract_reduce_ef_23(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2251,22 +2245,22 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_message_ee(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_matrix_compute_message_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&secret_as_ntt[i0],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_61(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_23(v, result);
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(&result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_61(v, result);
   return result;
 }
 
@@ -2277,7 +2271,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(__m256i vector) {
+libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ef(__m256i vector) {
   return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i);
 }
 
@@ -2291,9 +2285,9 @@ with const generics
 - SHIFT_BY= 15
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_c1(
+static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_ef(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(vector);
+  return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ef(vector);
 }
 
 /**
@@ -2304,8 +2298,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline __m256i
-libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(__m256i a) {
-  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_c1(a);
+libcrux_ml_kem_vector_traits_to_unsigned_representative_61(__m256i a) {
+  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_ef(a);
   __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -2319,8 +2313,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(__m256i a) {
-  return libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(a);
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(__m256i a) {
+  return libcrux_ml_kem_vector_traits_to_unsigned_representative_61(a);
 }
 
 /**
@@ -2331,12 +2325,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_db(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
+libcrux_ml_kem_serialize_compress_then_serialize_message_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
         re.coefficients[i0]);
     __m256i coefficient_compressed =
         libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
@@ -2363,20 +2357,20 @@ with const generics
 - V_COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_42(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
-      libcrux_ml_kem_matrix_compute_message_ee(&v, secret_key->secret_as_ntt,
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
+      libcrux_ml_kem_matrix_compute_message_ab(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_61(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -2391,25 +2385,25 @@ with const generics
 - V_COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_2f(Eurydice_slice secret_key,
                                                      uint8_t *ciphertext,
                                                      uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(secret_key, secret_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63
       secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  uint8_t result[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(&secret_key_unpacked, ciphertext,
-                                             result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  uint8_t ret0[32U];
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(&secret_key_unpacked, ciphertext,
+                                             ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -2422,7 +2416,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
     Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_avx2_G(input, ret);
 }
@@ -2433,7 +2427,7 @@ with const generics
 - LEN= 32
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_96(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_9e(
     Eurydice_slice input, uint8_t ret[32U]) {
   uint8_t digest[32U] = {0U};
   libcrux_sha3_portable_shake256(
@@ -2452,9 +2446,9 @@ with const generics
 - LEN= 32
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
     Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_avx2_PRF_96(input, ret);
+  libcrux_ml_kem_hash_functions_avx2_PRF_9e(input, ret);
 }
 
 /**
@@ -2469,27 +2463,27 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U];
+static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
   uint8_t uu____1[32U] = {0U};
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   return lit;
 }
 
@@ -2500,11 +2494,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_61(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -2525,9 +2519,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -2538,8 +2532,8 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_61(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -2556,9 +2550,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_96(
+libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_e0(
     uint8_t input[3U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_29 state =
+  libcrux_sha3_generic_keccak_KeccakState_55 state =
       libcrux_sha3_avx2_x4_incremental_init();
   libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
       &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t),
@@ -2580,12 +2574,12 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
-libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_c1(
+libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_e0(
     uint8_t input[3U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[3U][34U];
   memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U]));
-  return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_96(
+  return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_e0(
       copy_of_input);
 }
 
@@ -2597,7 +2591,7 @@ const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_08(
+libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) {
   uint8_t out[3U][504U] = {{0U}};
   uint8_t out0[504U] = {0U};
@@ -2633,9 +2627,9 @@ const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_7a(
+libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) {
-  libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_08(
+  libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_e0(
       self, ret);
 }
 
@@ -2689,7 +2683,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe(
+libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
     uint8_t randomness[3U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
@@ -2732,7 +2726,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_01(
+libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) {
   uint8_t out[3U][168U] = {{0U}};
   uint8_t out0[168U] = {0U};
@@ -2768,9 +2762,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_9f(
+libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_e0(
     libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) {
-  libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_01(self, ret);
+  libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_e0(self, ret);
 }
 
 /**
@@ -2823,7 +2817,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe0(
+libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed0(
     uint8_t randomness[3U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
@@ -2870,10 +2864,10 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_from_i16_array_ef_ef(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_from_i16_array_ef_61(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2891,9 +2885,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_sampling_sample_from_xof_closure_b4(int16_t s[272U]) {
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_ef(
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_sampling_sample_from_xof_closure_6c(int16_t s[272U]) {
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -2904,51 +2898,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_90(
+static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c(
     uint8_t seeds[3U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   size_t sampled_coefficients[3U] = {0U};
   int16_t out[3U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[3U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
   libcrux_sha3_avx2_x4_incremental_KeccakState xof_state =
-      libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_c1(
+      libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_e0(
           copy_of_seeds);
   uint8_t randomness0[3U][504U];
-  libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_7a(
+  libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_e0(
       &xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[3U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
-  bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe(
+  bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[3U][168U];
-      libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_9f(
+      libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_e0(
           &xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[3U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)3U * sizeof(uint8_t[168U]));
-      done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe0(
+      done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed0(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[3U][272U];
   memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret0[i] =
-        libcrux_ml_kem_sampling_sample_from_xof_closure_b4(copy_of_out[i]);
+        libcrux_ml_kem_sampling_sample_from_xof_closure_6c(copy_of_out[i]);
   }
   memcpy(
       ret, ret0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -2958,8 +2952,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ee(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U],
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[3U],
     uint8_t seed[34U], bool transpose) {
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
@@ -2978,17 +2972,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ee(
     /* Passing arrays by value in Rust generates a copy in C */
     uint8_t copy_of_seeds[3U][34U];
     memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U];
-    libcrux_ml_kem_sampling_sample_from_xof_90(copy_of_seeds, sampled);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[3U];
+    libcrux_ml_kem_sampling_sample_from_xof_6c(copy_of_seeds, sampled);
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)3U, sampled,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
       if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
@@ -3004,10 +2998,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t
 
 */
-typedef struct tuple_b00_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U];
+typedef struct tuple_230_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[3U];
   uint8_t snd;
-} tuple_b00;
+} tuple_230;
 
 /**
 A monomorphic instance of
@@ -3019,9 +3013,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_f4(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_b4(size_t _i) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -3031,7 +3025,7 @@ with const generics
 - LEN= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_fb(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_41(
     uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
   uint8_t out[3U][128U] = {{0U}};
   uint8_t out0[128U] = {0U};
@@ -3070,9 +3064,9 @@ with const generics
 - LEN= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_b2(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(
     uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
-  libcrux_ml_kem_hash_functions_avx2_PRFxN_fb(input, ret);
+  libcrux_ml_kem_hash_functions_avx2_PRFxN_41(input, ret);
 }
 
 /**
@@ -3082,8 +3076,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_4a(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_61(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -3118,7 +3112,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_4a(
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_ef(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3129,8 +3123,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_20(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_61(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -3164,7 +3158,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_20(
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_ef(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3175,10 +3169,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - ETA= 2
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
     Eurydice_slice randomness) {
-  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_4a(
+  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_61(
       randomness);
 }
 
@@ -3189,8 +3183,8 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
@@ -3211,23 +3205,23 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_13(re);
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
+  libcrux_ml_kem_ntt_ntt_at_layer_7_61(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_ba(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_61(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_89(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_61(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_d7(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_61(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
 }
 
 /**
@@ -3240,8 +3234,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b4(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -3250,19 +3244,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
     domain_separator = (uint32_t)domain_separator + 1U;
   }
   uint8_t prf_outputs[3U][128U];
-  libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_b2(prf_inputs, prf_outputs);
+  libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     re_as_ntt[i0] =
-        libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
+        libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -3276,29 +3272,29 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+static KRML_MUSTINLINE tuple_230
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_b4(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
-  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b4(
       uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b00 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_230 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3310,9 +3306,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_92(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b4(size_t _i) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -3324,12 +3320,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2= 2
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U],
+static KRML_MUSTINLINE tuple_230
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -3338,31 +3334,33 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
     domain_separator = (uint32_t)domain_separator + 1U;
   }
   uint8_t prf_outputs[3U][128U];
-  libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_b2(prf_inputs, prf_outputs);
+  libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 =
-        libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 =
+        libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
     error_1[i0] = uu____1;
   }
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[3U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  tuple_b00 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  tuple_230 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -3371,7 +3369,7 @@ with const generics
 - LEN= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_960(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a6(
     Eurydice_slice input, uint8_t ret[128U]) {
   uint8_t digest[128U] = {0U};
   libcrux_sha3_portable_shake256(
@@ -3390,9 +3388,9 @@ with const generics
 - LEN= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_160(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_410(
     Eurydice_slice input, uint8_t ret[128U]) {
-  libcrux_ml_kem_hash_functions_avx2_PRF_960(input, ret);
+  libcrux_ml_kem_hash_functions_avx2_PRF_a6(input, ret);
 }
 
 /**
@@ -3402,9 +3400,9 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_vector_u_closure_c6(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_matrix_compute_vector_u_closure_ab(size_t _i) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -3419,9 +3417,9 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
@@ -3441,49 +3439,44 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U];
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)3U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)3U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result0[i1],
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&result[i1],
                                                           &product);
     }
-    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(&result0[i1],
-                                                     &error_1[i1]);
+    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(&result[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_61(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
-  memcpy(
-      result, result0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
   memcpy(
       ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -3493,7 +3486,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_06(
+static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_61(
     __m256i vec) {
   __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
   __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
@@ -3508,11 +3501,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
     uint8_t serialized[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     __m256i coefficient_compressed =
@@ -3520,7 +3513,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
             Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                         (size_t)2U * i0 + (size_t)2U, uint8_t));
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_traits_decompress_1_06(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_61(coefficient_compressed);
   }
   return re;
 }
@@ -3537,11 +3530,11 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3565,23 +3558,23 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_ring_element_v_5b(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_05();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_matrix_compute_ring_element_v_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
+      libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&t_as_ntt[i0],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_61(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81(
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(&result);
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
       error_2, message, result);
   return result;
 }
@@ -3594,7 +3587,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3649,9 +3642,9 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_ef(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       vector);
 }
 
@@ -3663,14 +3656,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_34(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
+libcrux_ml_kem_serialize_compress_then_serialize_10_0e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_ef(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
             re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
@@ -3692,7 +3685,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3747,9 +3740,9 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e0(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_c4(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       vector);
 }
 
@@ -3761,14 +3754,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_47(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
+libcrux_ml_kem_serialize_compress_then_serialize_11_0e(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e0(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_c4(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
             re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
@@ -3789,11 +3782,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_34(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
+  uint8_t result[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_0e(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3806,23 +3799,23 @@ with const generics
 - BLOCK_LEN= 320
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(&re,
+    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(&re,
                                                                        ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -3837,7 +3830,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3892,9 +3885,9 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e1(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_d1(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       vector);
 }
 
@@ -3906,14 +3899,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_c3(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
+libcrux_ml_kem_serialize_compress_then_serialize_4_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e1(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_d1(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
             re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
@@ -3932,7 +3925,7 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
     __m256i vector) {
   __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3987,9 +3980,9 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e2(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_f4(
     __m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2(
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       vector);
 }
 
@@ -4001,14 +3994,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_de(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
+libcrux_ml_kem_serialize_compress_then_serialize_5_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_3e2(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(
+    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_f4(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
             re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
@@ -4028,9 +4021,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_c3(re, out);
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
+  libcrux_ml_kem_serialize_compress_then_serialize_4_61(re, out);
 }
 
 /**
@@ -4051,60 +4044,60 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+  tuple_230 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_b4(
       copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(
+  tuple_230 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(
       copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  libcrux_ml_kem_hash_functions_avx2_PRF_a9_160(
+  libcrux_ml_kem_hash_functions_avx2_PRF_a9_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 =
-      libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 =
+      libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_43(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
+  libcrux_ml_kem_matrix_compute_vector_u_ab(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
           copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
-      libcrux_ml_kem_matrix_compute_ring_element_v_5b(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
+      libcrux_ml_kem_matrix_compute_ring_element_v_ab(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
   memcpy(
       uu____5, u,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -4128,31 +4121,31 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_74(Eurydice_slice public_key,
                                                      uint8_t message[32U],
                                                      Eurydice_slice randomness,
                                                      uint8_t ret[1088U]) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed, ret0);
-  libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____0, ret0, false);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 =
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____0, ret0, false);
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____1 =
       &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message,
-                                             randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(uu____1, copy_of_message,
+                                             randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -4167,7 +4160,7 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_16(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_ae(
     Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
@@ -4199,8 +4192,8 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static inline void libcrux_ml_kem_ind_cca_decapsulate_a1(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
@@ -4217,10 +4210,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_2f(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -4228,7 +4221,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -4237,14 +4230,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
+  libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
@@ -4252,18 +4245,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_74(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_d8_16(
+  libcrux_ml_kem_variant_kdf_d8_ae(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_16(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_d8_ae(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4293,10 +4286,10 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_35(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_a1(private_key, ciphertext, ret);
 }
 
 /**
@@ -4308,9 +4301,9 @@ static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(private_key,
+  libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_35(private_key,
                                                             ciphertext, ret);
 }
 
@@ -4325,7 +4318,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_64(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_be(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4343,7 +4336,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
     Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
@@ -4368,28 +4361,28 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_70(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_d8_64(
+  libcrux_ml_kem_variant_entropy_preprocess_d8_be(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d0(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -4398,27 +4391,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_74(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_d8_16(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_d8_ae(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -4442,15 +4435,15 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2
+libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_cd(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_70(uu____0, copy_of_randomness);
 }
 
 /**
@@ -4461,14 +4454,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
  bytes of `randomness`.
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_cd(
       uu____0, copy_of_randomness);
 }
 
@@ -4484,12 +4477,12 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
-libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(void) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit;
-  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
-  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63
+libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab(void) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 lit;
+  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   return lit;
 }
 
@@ -4504,7 +4497,7 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -4515,7 +4508,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)3U;
   uint8_t ret0[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
@@ -4527,7 +4520,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_79(
+static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_61(
     __m256i v) {
   return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -4546,14 +4539,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_traits_to_standard_domain_79(
+        libcrux_ml_kem_vector_traits_to_standard_domain_61(
             self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
@@ -4568,40 +4561,40 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) {
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-        libcrux_ml_kem_polynomial_ZERO_ef_05();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+        libcrux_ml_kem_polynomial_ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)3U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(matrix_element,
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_61(matrix_element,
                                                        &s_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&t_as_ntt[i0],
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -4616,50 +4609,50 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
     Eurydice_slice key_generation_seed,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret);
-  libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b4(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_b4(
           copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_matrix_compute_As_plus_e_2d(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  libcrux_ml_kem_matrix_compute_As_plus_e_ab(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
-  Result_00 dst;
+  Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  unwrap_26_33(dst, uu____5);
+  unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -4671,13 +4664,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
         re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
@@ -4699,25 +4692,25 @@ with const generics
 - OUT_LEN= 1152
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_d2),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_d2);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_61(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -4733,13 +4726,13 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_99(t_as_ntt, ret);
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -4757,15 +4750,13 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a,
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(t_as_ntt, seed_for_a,
                                                      public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -4782,20 +4773,20 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
+libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab();
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -4805,12 +4796,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) {
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -4821,7 +4812,7 @@ with const generics
 - SERIALIZED_KEY_LEN= 2400
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -4847,7 +4838,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(public_key, ret0);
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -4878,7 +4869,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d6(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -4887,13 +4878,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_6a(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_bb(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -4901,14 +4892,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[2400U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
+      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee(
-      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_74(
+      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
 }
 
 /**
@@ -4924,12 +4915,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20(
+libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_d6(copy_of_randomness);
 }
 
 /**
@@ -4941,7 +4932,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6(
       copy_of_randomness);
 }
 
@@ -4957,24 +4948,24 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ae(
     Eurydice_slice shared_secret,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t kdf_input[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input);
+  libcrux_ml_kem_utils_into_padded_array_24(shared_secret, kdf_input);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret0[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_slice((size_t)1088U,
-                              libcrux_ml_kem_types_as_slice_d4_76(ciphertext),
+                              libcrux_ml_kem_types_as_slice_d4_80(ciphertext),
                               uint8_t),
       ret0);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   uint8_t ret1[32U];
-  libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
+  libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
       Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1);
   memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
 }
@@ -5002,8 +4993,8 @@ with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static inline void libcrux_ml_kem_ind_cca_decapsulate_a10(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
@@ -5020,10 +5011,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_2f(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -5031,7 +5022,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5040,14 +5031,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
+  libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
@@ -5055,18 +5046,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_74(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_33_f5(
+  libcrux_ml_kem_variant_kdf_33_ae(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_f5(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_33_ae(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5100,10 +5091,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_35(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_a10(private_key, ciphertext, ret);
 }
 
 /**
@@ -5115,9 +5106,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_35(
       private_key, ciphertext, ret);
 }
 
@@ -5132,9 +5123,9 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_e7(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_be(
     Eurydice_slice randomness, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret);
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(randomness, ret);
 }
 
 /**
@@ -5157,28 +5148,28 @@ with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_700(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_33_e7(
+  libcrux_ml_kem_variant_entropy_preprocess_33_be(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d0(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5187,27 +5178,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_74(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_33_f5(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_33_ae(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -5234,15 +5225,15 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_cd(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_700(uu____0, copy_of_randomness);
 }
 
 /**
@@ -5253,14 +5244,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
  bytes of `randomness`.
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_cd(
       uu____0, copy_of_randomness);
 }
 
@@ -5275,9 +5266,9 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_be(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret);
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(key_generation_seed, ret);
 }
 
 /**
@@ -5290,50 +5281,50 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
     Eurydice_slice key_generation_seed,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret);
-  libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b4(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_b4(
           copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
-  libcrux_ml_kem_matrix_compute_As_plus_e_2d(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  libcrux_ml_kem_matrix_compute_As_plus_e_ab(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
-  Result_00 dst;
+  Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  unwrap_26_33(dst, uu____5);
+  unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5351,21 +5342,21 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_6a0(
+libcrux_ml_kem_ind_cpa_generate_keypair_bb0(
     Eurydice_slice key_generation_seed) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab();
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5375,12 +5366,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_6a0(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -5398,7 +5389,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5407,13 +5398,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_6a0(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_bb0(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5421,14 +5412,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[2400U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
+      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee(
-      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_74(
+      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
 }
 
 /**
@@ -5445,12 +5436,12 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_c6(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_d60(copy_of_randomness);
 }
 
 /**
@@ -5462,7 +5453,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_c6(
       copy_of_randomness);
 }
 
@@ -5475,11 +5466,11 @@ with const generics
 - CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3a(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
@@ -5501,10 +5492,10 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_31(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_12(private_key,
                                                         ciphertext);
 }
 
@@ -5515,9 +5506,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_31(
       private_key, ciphertext);
 }
 
@@ -5528,10 +5519,10 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_4b(
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ab(
     size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -5542,18 +5533,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ab(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   memcpy(
-      ret, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      result, deserialized_pk,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+  memcpy(
+      ret, result,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
 /**
@@ -5565,16 +5560,16 @@ with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c0(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_ed(
     uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U];
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ab(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -5593,9 +5588,9 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_31(
     uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key);
+  return libcrux_ml_kem_ind_cca_validate_public_key_ed(public_key);
 }
 
 /**
@@ -5605,8 +5600,8 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) {
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_31(
       public_key->value);
 }
 
@@ -5632,14 +5627,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_12(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
       &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
@@ -5650,7 +5645,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
                               uint8_t),
       uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5659,30 +5654,30 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_420(
+  libcrux_ml_kem_utils_into_padded_array_15(
       Eurydice_array_to_slice(
           (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t),
       to_hash);
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
+  libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 =
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____3 =
       &key_pair->public_key.ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+          libcrux_ml_kem_types_as_ref_00_80(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -5719,10 +5714,10 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_35(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_unpacked_decapsulate_12(key_pair, ciphertext, ret);
 }
 
 /**
@@ -5736,7 +5731,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_35(
       private_key, ciphertext, ret);
 }
 
@@ -5759,11 +5754,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
+static inline tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_70(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
     uint8_t randomness[32U]) {
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
@@ -5773,7 +5768,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
                           (size_t)32U, public_key->public_key_hash, uint8_t),
                       uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_avx2_G_a9_9f(
+  libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5781,13 +5776,13 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
       Eurydice_slice_uint8_t_x2);
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 =
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____2 =
       &public_key->ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(uu____2, copy_of_randomness,
                                              pseudorandomness, ciphertext);
   uint8_t shared_secret_array[32U] = {0U};
   Eurydice_slice_copy(
@@ -5797,12 +5792,12 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -5830,16 +5825,16 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
+static inline tuple_c2
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cd(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *uu____0 =
       public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(uu____0,
+  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_70(uu____0,
                                                         copy_of_randomness);
 }
 
@@ -5852,15 +5847,15 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
  [`SHARED_SECRET_SIZE`] bytes of `randomness`.
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
+static inline tuple_c2 libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *uu____0 =
       public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cd(
       uu____0, copy_of_randomness);
 }
 
@@ -5879,9 +5874,9 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_59(size_t _j) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_05();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_d6(size_t _j) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
@@ -5899,10 +5894,10 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(
-    size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_d6(
+    size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
   }
 }
 
@@ -5918,10 +5913,10 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_clone_8d_ae(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit;
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_clone_8d_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
   __m256i ret[16U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)16U, self->coefficients, ret, __m256i, void *);
@@ -5946,7 +5941,7 @@ with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_d6(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -5956,46 +5951,46 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(
       (size_t)64U, randomness,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(i, A[i]);
+    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_d6(i, A[i]);
   }
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
     for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_ae(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+          libcrux_ml_kem_polynomial_clone_8d_61(
               &out->public_key.ind_cpa_public_key.A[j][i1]);
       A[i1][j] = uu____0;
     }
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1[3U][3U];
   memcpy(uu____1, A,
          (size_t)3U *
-             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]));
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
   memcpy(out->public_key.ind_cpa_public_key.A, uu____1,
          (size_t)3U *
-             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]));
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
   uint8_t pk_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
       out->public_key.ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice(
           (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
       pk_serialized);
   uint8_t uu____2[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2);
   memcpy(out->public_key.public_key_hash, uu____2,
          (size_t)32U * sizeof(uint8_t));
   uint8_t uu____3[32U];
-  Result_00 dst;
+  Result_fb dst;
   Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice,
                            uint8_t[32U]);
-  unwrap_26_33(dst, uu____3);
+  unwrap_26_b3(dst, uu____3);
   memcpy(out->private_key.implicit_rejection_value, uu____3,
          (size_t)32U * sizeof(uint8_t));
 }
@@ -6017,13 +6012,13 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c6(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(copy_of_randomness, out);
+  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_d6(copy_of_randomness, out);
 }
 
 /**
@@ -6036,7 +6031,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c6(
       copy_of_randomness, key_pair);
 }
 
@@ -6052,10 +6047,10 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_default_1c_9e(void) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
-  lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
+static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
+libcrux_ml_kem_ind_cca_unpacked_default_1c_ab(void) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 lit;
+  lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
   lit.public_key_hash[0U] = 0U;
   lit.public_key_hash[1U] = 0U;
   lit.public_key_hash[2U] = 0U;
@@ -6105,9 +6100,9 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0;
-  uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
+    libcrux_ml_kem_ind_cca_unpacked_default_07_ab(void) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 uu____0;
+  uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab();
   uu____0.implicit_rejection_value[0U] = 0U;
   uu____0.implicit_rejection_value[1U] = 0U;
   uu____0.implicit_rejection_value[2U] = 0U;
@@ -6143,7 +6138,7 @@ static KRML_MUSTINLINE
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){
           .private_key = uu____0,
-          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_9e()});
+          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_ab()});
 }
 
 /**
@@ -6152,16 +6147,16 @@ static KRML_MUSTINLINE
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_e2();
+  return libcrux_ml_kem_ind_cca_unpacked_default_07_ab();
 }
 
 /**
  Create a new, empty unpacked public key.
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_9e();
+  return libcrux_ml_kem_ind_cca_unpacked_default_1c_ab();
 }
 
 /**
@@ -6182,10 +6177,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(
       self->ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
                               uint8_t),
@@ -6210,10 +6205,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(
       &self->public_key, serialized);
 }
 
@@ -6224,8 +6219,8 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(key_pair,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed(key_pair,
                                                                   serialized);
 }
 
@@ -6241,28 +6236,28 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U];
+static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *self) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)3U, self->t_as_ntt, uu____0,
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2, void *);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *);
   uint8_t uu____1[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U][3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)3U, self->A, ret,
-      libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], void *);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U], void *);
   memcpy(lit.A, ret,
          (size_t)3U *
-             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]));
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
   return lit;
 }
 
@@ -6278,12 +6273,12 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_clone_28_24(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
+static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
+libcrux_ml_kem_ind_cca_unpacked_clone_28_ab(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 lit;
   lit.ind_cpa_public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(&self->ind_cpa_public_key);
+      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab(&self->ind_cpa_public_key);
   uint8_t ret[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -6306,8 +6301,8 @@ with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(
+static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_ab(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -6318,10 +6313,10 @@ libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_24(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(key_pair));
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *pk) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 uu____0 =
+      libcrux_ml_kem_ind_cca_unpacked_clone_28_ab(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_de_ab(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -6330,9 +6325,9 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(public_key,
                                                                   serialized);
 }
 
@@ -6350,33 +6345,33 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_6d(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
         *unpacked_public_key) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
       (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
   uint8_t uu____1[32U];
-  libcrux_ml_kem_utils_into_padded_array_423(
+  libcrux_ml_kem_utils_into_padded_array_9e(
       Eurydice_array_to_subslice_from((size_t)1184U, public_key->value,
                                       (size_t)1152U, uint8_t, size_t),
       uu____1);
   memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1,
          (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____2)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____2)[3U] =
       unpacked_public_key->ind_cpa_public_key.A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(
+  libcrux_ml_kem_utils_into_padded_array_b6(
       Eurydice_array_to_subslice_from((size_t)1184U, public_key->value,
                                       (size_t)1152U, uint8_t, size_t),
       ret);
-  libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____2, ret, false);
+  libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____2, ret, false);
   uint8_t uu____3[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_41(
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d0(public_key),
                               uint8_t),
       uu____3);
   memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -6397,11 +6392,11 @@ generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_a5(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_6d(public_key,
                                                        unpacked_public_key);
 }
 
@@ -6410,10 +6405,10 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_a5(
       public_key, unpacked_public_key);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
index a99ed2625..10ba95cd1 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_avx2_types_H
@@ -27,9 +27,9 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 
 */
-typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s {
+typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s {
   __m256i coefficients[16U];
-} libcrux_ml_kem_polynomial_PolynomialRingElement_d2;
+} libcrux_ml_kem_polynomial_PolynomialRingElement_f6;
 
 /**
 A monomorphic instance of
@@ -37,11 +37,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U];
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
@@ -49,12 +49,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key;
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 ind_cpa_public_key;
   uint8_t public_key_hash[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0;
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63;
 
-typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked;
 
 /**
@@ -63,9 +63,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0;
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63;
 
 /**
 A monomorphic instance of
@@ -73,15 +73,15 @@ libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63
       ind_cpa_private_key;
   uint8_t implicit_rejection_value[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0;
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63;
 
 typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key;
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key;
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 private_key;
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 public_key;
 } libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked;
 
 #if defined(__cplusplus)
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 2d7b89018..c4fac71e6 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -111,11 +111,11 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
     Eurydice_slice array) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
   int16_t ret[16U];
-  Result_c0 dst;
+  Result_0a dst;
   Eurydice_slice_to_array2(
       &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t),
       Eurydice_slice, int16_t[16U]);
-  unwrap_26_30(dst, ret);
+  unwrap_26_00(dst, ret);
   memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t));
   return lit;
 }
@@ -250,6 +250,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11(
   ret[21U] = r11_21.f10;
 }
 
+static inline void libcrux_ml_kem_vector_portable_serialize_11(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[22U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -257,7 +263,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_11_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_11(a, ret);
 }
 
 typedef struct int16_t_x8_s {
@@ -361,13 +367,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
   return lit;
 }
 
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+  return libcrux_ml_kem_vector_portable_deserialize_11(a);
 }
 
 static KRML_MUSTINLINE void
@@ -1221,7 +1232,9 @@ libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
   int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
+  int16_t r0 = shifted_positive_in_range >> 15U;
+  int16_t r1 = r0 & (int16_t)1;
+  return (uint8_t)r1;
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1271,8 +1284,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
   int16_t t =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           vec->elements[j], zeta);
-  vec->elements[j] = vec->elements[i] - t;
-  vec->elements[i] = vec->elements[i] + t;
+  int16_t a_minus_t = vec->elements[i] - t;
+  int16_t a_plus_t = vec->elements[i] + t;
+  vec->elements[j] = a_minus_t;
+  vec->elements[i] = a_plus_t;
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1381,8 +1396,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
     int16_t zeta, size_t i, size_t j) {
   int16_t a_minus_b = vec->elements[j] - vec->elements[i];
+  int16_t a_plus_b = vec->elements[j] + vec->elements[i];
   int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
-      vec->elements[i] + vec->elements[j]);
+      a_plus_b);
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
           a_minus_b, zeta);
@@ -1497,12 +1513,11 @@ static KRML_MUSTINLINE void
 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
-    size_t i, size_t j,
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
-  int16_t ai = a->elements[i];
-  int16_t bi = b->elements[i];
-  int16_t aj = a->elements[j];
-  int16_t bj = b->elements[j];
+    size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
+  int16_t ai = a->elements[(size_t)2U * i];
+  int16_t bi = b->elements[(size_t)2U * i];
+  int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
+  int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
   int32_t ai_bi = (int32_t)ai * (int32_t)bi;
   int32_t aj_bj_ = (int32_t)aj * (int32_t)bj;
   int16_t aj_bj =
@@ -1519,8 +1534,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
   int16_t o1 =
       libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
           ai_bj_aj_bi);
-  out->elements[i] = o0;
-  out->elements[j] = o1;
+  int16_t _out0[16U];
+  memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t));
+  out->elements[(size_t)2U * i] = o0;
+  out->elements[(size_t)2U * i + (size_t)1U] = o1;
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1534,22 +1551,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
   int16_t nzeta3 = -zeta3;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
       libcrux_ml_kem_vector_portable_vector_type_zero();
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
-  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
-      lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0,
+                                                            (size_t)0U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0,
+                                                            (size_t)1U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1,
+                                                            (size_t)2U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1,
+                                                            (size_t)3U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2,
+                                                            (size_t)4U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2,
+                                                            (size_t)5U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3,
+                                                            (size_t)6U, &out);
+  libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3,
+                                                            (size_t)7U, &out);
   return out;
 }
 
@@ -1590,6 +1607,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_1(
   ret[1U] = result1;
 }
 
+static inline void libcrux_ml_kem_vector_portable_serialize_1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[2U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1597,7 +1620,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_1_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_1(a, ret);
 }
 
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1684,13 +1707,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
   return lit;
 }
 
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+  return libcrux_ml_kem_vector_portable_deserialize_1(a);
 }
 
 typedef struct uint8_t_x4_s {
@@ -1748,6 +1776,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4(
   ret[7U] = result4_7.f3;
 }
 
+static inline void libcrux_ml_kem_vector_portable_serialize_4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[8U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1755,7 +1789,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_4_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_4(a, ret);
 }
 
 static KRML_MUSTINLINE int16_t_x8
@@ -1825,13 +1859,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
   return lit;
 }
 
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+  return libcrux_ml_kem_vector_portable_deserialize_4(a);
 }
 
 typedef struct uint8_t_x5_s {
@@ -1888,6 +1927,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5(
   ret[9U] = r5_9.f4;
 }
 
+static inline void libcrux_ml_kem_vector_portable_serialize_5(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[10U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1895,7 +1940,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_5_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_5(a, ret);
 }
 
 static KRML_MUSTINLINE int16_t_x8
@@ -1976,13 +2021,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
   return lit;
 }
 
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+  return libcrux_ml_kem_vector_portable_deserialize_5(a);
 }
 
 static KRML_MUSTINLINE uint8_t_x5
@@ -2057,6 +2107,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10(
   ret[19U] = r15_19.f4;
 }
 
+static inline void libcrux_ml_kem_vector_portable_serialize_10(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[20U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2064,7 +2120,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_10_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_10(a, ret);
 }
 
 static KRML_MUSTINLINE int16_t_x8
@@ -2153,13 +2209,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
   return lit;
 }
 
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+  return libcrux_ml_kem_vector_portable_deserialize_10(a);
 }
 
 typedef struct uint8_t_x3_s {
@@ -2234,6 +2295,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12(
   ret[23U] = r21_23.thd;
 }
 
+static inline void libcrux_ml_kem_vector_portable_serialize_12(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+    uint8_t ret[24U]) {
+  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2241,7 +2308,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 static inline void libcrux_ml_kem_vector_portable_serialize_12_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+  libcrux_ml_kem_vector_portable_serialize_12(a, ret);
 }
 
 typedef struct int16_t_x2_s {
@@ -2304,13 +2371,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
   return lit;
 }
 
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
+  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
-  return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+  return libcrux_ml_kem_vector_portable_deserialize_12(a);
 }
 
 static KRML_MUSTINLINE size_t
@@ -2430,10 +2502,10 @@ static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d(
   (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE +                   \
    LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768)
 
-typedef libcrux_ml_kem_types_MlKemPrivateKey_55
+typedef libcrux_ml_kem_types_MlKemPrivateKey_d9
     libcrux_ml_kem_mlkem768_MlKem768PrivateKey;
 
-typedef libcrux_ml_kem_types_MlKemPublicKey_15
+typedef libcrux_ml_kem_types_MlKemPublicKey_30
     libcrux_ml_kem_mlkem768_MlKem768PublicKey;
 
 #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \
@@ -2457,9 +2529,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_ZERO_ef_1b(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_ZERO_ef_8c(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
   lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
   lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
   lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
@@ -2485,9 +2557,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_57(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_1b(size_t _) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -2496,11 +2568,11 @@ libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8c(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -2519,12 +2591,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
     Eurydice_slice secret_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
@@ -2536,18 +2608,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8c(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
-      ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, secret_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -2558,9 +2626,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - CIPHERTEXT_SIZE= 1088
 - U_COMPRESSION_FACTOR= 10
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6c(size_t _) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -2570,18 +2638,18 @@ const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
     decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -2595,9 +2663,9 @@ generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
       v);
 }
 
@@ -2607,18 +2675,17 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_8c(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice(
-              (size_t)16U, re.coefficients,
-              libcrux_ml_kem_vector_portable_vector_type_PortableVector),
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  size_t _coefficients_length = Eurydice_slice_len(
+      Eurydice_array_to_slice(
+          (size_t)16U, re.coefficients,
           libcrux_ml_kem_vector_portable_vector_type_PortableVector),
-      size_t, void *);
+      libcrux_ml_kem_vector_portable_vector_type_PortableVector);
+  LowStar_Ignore_ignore(_coefficients_length, size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
@@ -2627,7 +2694,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ef(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2641,18 +2708,18 @@ const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_c4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
     decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -2666,9 +2733,9 @@ generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_c4(
       v);
 }
 
@@ -2678,11 +2745,11 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_8c(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
@@ -2691,7 +2758,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_c4(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2704,10 +2771,10 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8c(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
@@ -2722,7 +2789,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(
+libcrux_ml_kem_vector_traits_montgomery_multiply_fe_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
                                                                            fer);
@@ -2736,12 +2803,12 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57(
+    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_8c(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(b, zeta_r);
+      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_8c(b, zeta_r);
   b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
   a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
   return (
@@ -2755,8 +2822,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -2768,7 +2835,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -2785,8 +2852,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d0(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -2805,8 +2872,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_76(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -2826,8 +2893,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_5d(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -2854,8 +2921,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2872,24 +2939,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - VECTOR_U_COMPRESSION_FACTOR= 10
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_d0(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_76(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_5d(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -2901,12 +2968,12 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(
     uint8_t *ciphertext,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
@@ -2926,13 +2993,13 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(
                 (size_t)10U / (size_t)8U,
         uint8_t);
     u_as_ntt[i0] =
-        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9(
+        libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a(
             u_bytes);
-    libcrux_ml_kem_ntt_ntt_vector_u_62(&u_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_vector_u_0a(&u_as_ntt[i0]);
   }
   memcpy(
       ret, u_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -2942,18 +3009,18 @@ const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
     decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -2967,9 +3034,9 @@ generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
       v);
 }
 
@@ -2979,11 +3046,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_8c(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
@@ -2992,7 +3059,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_d1(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -3006,18 +3073,18 @@ const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_f4(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
     size_t i0 = i;
-    int32_t decompressed = (int32_t)v.elements[i0] *
+    int32_t decompressed = (int32_t)a.elements[i0] *
                            (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
     decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
     decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
-    v.elements[i0] = (int16_t)decompressed;
+    a.elements[i0] = (int16_t)decompressed;
   }
-  return v;
+  return a;
 }
 
 /**
@@ -3031,9 +3098,9 @@ generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2(
+  return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_f4(
       v);
 }
 
@@ -3043,11 +3110,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_df(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
@@ -3056,7 +3123,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_df(
     re.coefficients[i0] =
         libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4(
             re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
@@ -3069,10 +3136,10 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - COMPRESSION_FACTOR= 4
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d0(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_8c(serialized);
 }
 
 /**
@@ -3086,12 +3153,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_ntt_multiply_ef_45(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d out =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3121,9 +3188,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
@@ -3145,8 +3212,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -3168,8 +3235,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -3189,8 +3256,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
@@ -3211,7 +3278,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
+    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
@@ -3219,7 +3286,7 @@ static KRML_MUSTINLINE
       libcrux_ml_kem_vector_portable_sub_0d(b, &a);
   a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
       libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(a_minus_b, zeta_r);
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_8c(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -3232,8 +3299,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
   for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
@@ -3247,7 +3314,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3264,22 +3331,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -3293,10 +3360,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3319,22 +3386,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_message_d5(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_matrix_compute_message_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&secret_as_ntt[i0],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result);
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(v, result);
   return result;
 }
 
@@ -3344,7 +3411,7 @@ with const generics
 - SHIFT_BY= 15
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(
+libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -3364,9 +3431,9 @@ with const generics
 - SHIFT_BY= 15
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_shift_right_0d_9d(
+libcrux_ml_kem_vector_portable_shift_right_0d_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v);
+  return libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(v);
 }
 
 /**
@@ -3376,10 +3443,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
+libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_portable_shift_right_0d_9d(a);
+      libcrux_ml_kem_vector_portable_shift_right_0d_ef(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
       libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -3393,10 +3460,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(a);
+      libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(a);
   return result;
 }
 
@@ -3407,13 +3474,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_b1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
+libcrux_ml_kem_serialize_compress_then_serialize_message_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
             re.coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_compressed =
@@ -3441,20 +3508,20 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(ciphertext, u_as_ntt);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d0(
           Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                           (size_t)960U, uint8_t, size_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
-      libcrux_ml_kem_matrix_compute_message_d5(&v, secret_key->secret_as_ntt,
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
+      libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_b1(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_8c(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -3468,25 +3535,25 @@ with const generics
 - U_COMPRESSION_FACTOR= 10
 - V_COMPRESSION_FACTOR= 4
 */
-static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_42(Eurydice_slice secret_key,
                                                      uint8_t *ciphertext,
                                                      uint8_t ret[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
       copy_of_secret_as_ntt, secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
       secret_key_unpacked;
   memcpy(
       secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  uint8_t result[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext,
-                                             result);
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  uint8_t ret0[32U];
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(&secret_key_unpacked, ciphertext,
+                                             ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -3498,7 +3565,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_87(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e0(
     Eurydice_slice input, uint8_t ret[64U]) {
   libcrux_ml_kem_hash_functions_portable_G(input, ret);
 }
@@ -3508,7 +3575,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
 with const generics
 - LEN= 32
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f7(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_9e(
     Eurydice_slice input, uint8_t ret[32U]) {
   uint8_t digest[32U] = {0U};
   libcrux_sha3_portable_shake256(
@@ -3526,9 +3593,9 @@ with const generics
 - K= 3
 - LEN= 32
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
     Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_portable_PRF_f7(input, ret);
+  libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret);
 }
 
 /**
@@ -3542,27 +3609,27 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(void) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U];
+static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
+libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
   uint8_t uu____1[32U] = {0U};
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit;
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   return lit;
 }
 
@@ -3572,11 +3639,11 @@ libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8c(
     Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
@@ -3598,9 +3665,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(public_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -3611,8 +3678,8 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
         i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8c(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -3623,9 +3690,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
 with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_58_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
-} libcrux_ml_kem_hash_functions_portable_PortableHash_58;
+typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_88_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U];
+} libcrux_ml_kem_hash_functions_portable_PortableHash_88;
 
 /**
 A monomorphic instance of
@@ -3633,10 +3700,10 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58
-libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_24(
+static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_88
+libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0(
     uint8_t input[3U][34U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
+  libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();
   }
@@ -3647,12 +3714,12 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_24(
         Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));
   }
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U];
+  libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[3U];
   memcpy(copy_of_shake128_state, shake128_state,
-         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
-  libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit;
+         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
+  libcrux_ml_kem_hash_functions_portable_PortableHash_88 lit;
   memcpy(lit.shake128_state, copy_of_shake128_state,
-         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
+         (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
   return lit;
 }
 
@@ -3666,13 +3733,13 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58
-libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_31(
+static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_88
+libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_e0(
     uint8_t input[3U][34U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_input[3U][34U];
   memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U]));
-  return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_24(
+  return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0(
       copy_of_input);
 }
 
@@ -3683,8 +3750,8 @@ const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_63(
-    libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st,
+libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0(
+    libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st,
     uint8_t ret[3U][504U]) {
   uint8_t out[3U][504U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3707,10 +3774,10 @@ with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_2f(
-    libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self,
+libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_e0(
+    libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self,
     uint8_t ret[3U][504U]) {
-  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_63(
+  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0(
       self, ret);
 }
 
@@ -3763,7 +3830,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - N= 504
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_71(
+libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
     uint8_t randomness[3U][504U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
@@ -3805,8 +3872,8 @@ generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_11(
-    libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st,
+libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(
+    libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st,
     uint8_t ret[3U][168U]) {
   uint8_t out[3U][168U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3829,10 +3896,10 @@ generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c4(
-    libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self,
+libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_e0(
+    libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self,
     uint8_t ret[3U][168U]) {
-  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_11(self,
+  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(self,
                                                                         ret);
 }
 
@@ -3885,7 +3952,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - N= 168
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_710(
+libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(
     uint8_t randomness[3U][168U], size_t *sampled_coefficients,
     int16_t (*out)[272U]) {
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
@@ -3931,10 +3998,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_from_i16_array_ef_54(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_from_i16_array_ef_8c(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3954,9 +4021,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
 generics
 - K= 3
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_sampling_sample_from_xof_closure_eb(int16_t s[272U]) {
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_54(
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_sampling_sample_from_xof_closure_2b(int16_t s[272U]) {
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_8c(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -3967,51 +4034,51 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_bf(
+static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b(
     uint8_t seeds[3U][34U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   size_t sampled_coefficients[3U] = {0U};
   int16_t out[3U][272U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seeds[3U][34U];
   memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
-  libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state =
-      libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_31(
+  libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state =
+      libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_e0(
           copy_of_seeds);
   uint8_t randomness0[3U][504U];
-  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_2f(
+  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_e0(
       &xof_state, randomness0);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness0[3U][504U];
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
-  bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_71(
+  bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
   while (true) {
     if (done) {
       break;
     } else {
       uint8_t randomness[3U][168U];
-      libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c4(
+      libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_e0(
           &xof_state, randomness);
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[3U][168U];
       memcpy(copy_of_randomness, randomness,
              (size_t)3U * sizeof(uint8_t[168U]));
-      done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_710(
+      done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(
           copy_of_randomness, sampled_coefficients, out);
     }
   }
   /* Passing arrays by value in Rust generates a copy in C */
   int16_t copy_of_out[3U][272U];
   memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret0[i] =
-        libcrux_ml_kem_sampling_sample_from_xof_closure_eb(copy_of_out[i]);
+        libcrux_ml_kem_sampling_sample_from_xof_closure_2b(copy_of_out[i]);
   }
   memcpy(
       ret, ret0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -4021,8 +4088,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
 generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U],
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U],
     uint8_t seed[34U], bool transpose) {
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
@@ -4041,17 +4108,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0d(
     /* Passing arrays by value in Rust generates a copy in C */
     uint8_t copy_of_seeds[3U][34U];
     memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U];
-    libcrux_ml_kem_sampling_sample_from_xof_bf(copy_of_seeds, sampled);
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U];
+    libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled);
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)3U, sampled,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
       if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
@@ -4067,10 +4134,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement
 libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t
 
 */
-typedef struct tuple_b0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U];
+typedef struct tuple_23_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U];
   uint8_t snd;
-} tuple_b0;
+} tuple_23;
 
 /**
 A monomorphic instance of
@@ -4082,9 +4149,9 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_55(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_3b(size_t _i) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -4093,7 +4160,7 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_af(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_41(
     uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
   uint8_t out[3U][128U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4115,9 +4182,9 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_13(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_41(
     uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
-  libcrux_ml_kem_hash_functions_portable_PRFxN_af(input, ret);
+  libcrux_ml_kem_hash_functions_portable_PRFxN_41(input, ret);
 }
 
 /**
@@ -4126,8 +4193,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_48(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_8c(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -4162,7 +4229,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_48(
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_54(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_8c(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -4172,8 +4239,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3a(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_8c(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -4207,7 +4274,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3a(
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_54(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_8c(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -4217,10 +4284,10 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - ETA= 2
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
     Eurydice_slice randomness) {
-  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_48(
+  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_8c(
       randomness);
 }
 
@@ -4230,8 +4297,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_97(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
@@ -4253,23 +4320,23 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_97(re);
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
+  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_d0(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_8c(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_76(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_8c(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_5d(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_8c(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
 }
 
 /**
@@ -4282,8 +4349,8 @@ generics
 - ETA_RANDOMNESS_SIZE= 128
 */
 static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt,
     uint8_t prf_input[33U], uint8_t domain_separator) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -4292,19 +4359,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
     domain_separator = (uint32_t)domain_separator + 1U;
   }
   uint8_t prf_outputs[3U][128U];
-  libcrux_ml_kem_hash_functions_portable_PRFxN_f1_13(prf_inputs, prf_outputs);
+  libcrux_ml_kem_hash_functions_portable_PRFxN_f1_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     re_as_ntt[i0] =
-        libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
+        libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -4318,29 +4387,29 @@ generics
 - ETA= 2
 - ETA_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+static KRML_MUSTINLINE tuple_23
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_3b(
     uint8_t prf_input[33U], uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
-  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+  domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
       uu____0, uu____1, domain_separator);
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[3U];
   memcpy(
       copy_of_re_as_ntt, re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b0 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_23 lit;
   memcpy(
-      result.fst, copy_of_re_as_ntt,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_re_as_ntt,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -4352,9 +4421,9 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b7(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3b(size_t _i) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -4366,12 +4435,12 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - ETA2= 2
 */
-static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U],
+static KRML_MUSTINLINE tuple_23
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -4380,31 +4449,33 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
+  uint8_t _prf_inputs_init[3U][33U];
+  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
     domain_separator = (uint32_t)domain_separator + 1U;
   }
   uint8_t prf_outputs[3U][128U];
-  libcrux_ml_kem_hash_functions_portable_PRFxN_f1_13(prf_inputs, prf_outputs);
+  libcrux_ml_kem_hash_functions_portable_PRFxN_f1_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 =
-        libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 =
+        libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
     error_1[i0] = uu____1;
   }
   /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[3U];
   memcpy(
       copy_of_error_1, error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  tuple_b0 result;
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  tuple_23 lit;
   memcpy(
-      result.fst, copy_of_error_1,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  result.snd = domain_separator;
-  return result;
+      lit.fst, copy_of_error_1,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  lit.snd = domain_separator;
+  return lit;
 }
 
 /**
@@ -4412,7 +4483,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
 with const generics
 - LEN= 128
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f70(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_a6(
     Eurydice_slice input, uint8_t ret[128U]) {
   uint8_t digest[128U] = {0U};
   libcrux_sha3_portable_shake256(
@@ -4430,9 +4501,9 @@ with const generics
 - K= 3
 - LEN= 128
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9f0(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_410(
     Eurydice_slice input, uint8_t ret[128U]) {
-  libcrux_ml_kem_hash_functions_portable_PRF_f70(input, ret);
+  libcrux_ml_kem_hash_functions_portable_PRF_a6(input, ret);
 }
 
 /**
@@ -4441,9 +4512,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_vector_u_closure_a1(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_matrix_compute_vector_u_closure_1b(size_t _i) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -4457,9 +4528,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
@@ -4481,49 +4552,44 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U];
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
                     (size_t)3U, a_as_ntt,
-                    libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
-                libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
+                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]),
+                libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]);
        i0++) {
     size_t i1 = i0;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1];
     for (size_t i = (size_t)0U;
          i < Eurydice_slice_len(
                  Eurydice_array_to_slice(
                      (size_t)3U, row,
-                     libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result0[i1],
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&result[i1],
                                                           &product);
     }
-    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result0[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(&result0[i1],
-                                                     &error_1[i1]);
+    libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
-  memcpy(
-      result, result0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
   memcpy(
       ret, result,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -4533,7 +4599,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_decompress_1_d4(
+libcrux_ml_kem_vector_traits_decompress_1_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
       libcrux_ml_kem_vector_portable_ZERO_0d();
@@ -4551,11 +4617,11 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_message with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
     uint8_t serialized[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4565,7 +4631,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
                                             (size_t)2U * i0 + (size_t)2U,
                                             uint8_t));
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_traits_decompress_1_d4(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_8c(coefficient_compressed);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4582,11 +4648,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -4612,23 +4678,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_ring_element_v_c6(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_matrix_compute_ring_element_v_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
+      libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&t_as_ntt[i0],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
-    libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product);
+    libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&result, &product);
   }
-  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf(
+  libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result);
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
       error_2, message, result);
   return result;
 }
@@ -4639,7 +4705,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_61(
+libcrux_ml_kem_vector_portable_compress_compress_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4662,9 +4728,9 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe(
+libcrux_ml_kem_vector_portable_compress_0d_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_61(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_ef(a);
 }
 
 /**
@@ -4674,15 +4740,15 @@ with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_9d(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
+libcrux_ml_kem_serialize_compress_then_serialize_10_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_fe(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+        libcrux_ml_kem_vector_portable_compress_0d_ef(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
                 re->coefficients[i0]));
     uint8_t bytes[20U];
     libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
@@ -4702,7 +4768,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_610(
+libcrux_ml_kem_vector_portable_compress_compress_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4725,9 +4791,9 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe0(
+libcrux_ml_kem_vector_portable_compress_0d_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_610(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_c4(a);
 }
 
 /**
@@ -4737,15 +4803,15 @@ with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_63(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
+libcrux_ml_kem_serialize_compress_then_serialize_11_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
   uint8_t serialized[320U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_fe0(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
+        libcrux_ml_kem_vector_portable_compress_0d_c4(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(
                 re->coefficients[i0]));
     uint8_t bytes[22U];
     libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
@@ -4765,11 +4831,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - OUT_LEN= 320
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
-  uint8_t uu____0[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_9d(re, uu____0);
-  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
+  uint8_t result[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, result);
+  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -4781,23 +4847,23 @@ with const generics
 - COMPRESSION_FACTOR= 10
 - BLOCK_LEN= 320
 */
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U],
     Eurydice_slice out) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, input,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
     Eurydice_slice uu____0 = Eurydice_slice_subslice2(
         out, i0 * ((size_t)960U / (size_t)3U),
         (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
-    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(&re,
+    libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re,
                                                                        ret);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -4810,7 +4876,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_611(
+libcrux_ml_kem_vector_portable_compress_compress_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4833,9 +4899,9 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe1(
+libcrux_ml_kem_vector_portable_compress_0d_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_611(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_d1(a);
 }
 
 /**
@@ -4845,15 +4911,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_32(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
+libcrux_ml_kem_serialize_compress_then_serialize_4_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_fe1(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+        libcrux_ml_kem_vector_portable_compress_0d_d1(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
                 re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
@@ -4870,7 +4936,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_612(
+libcrux_ml_kem_vector_portable_compress_compress_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4893,9 +4959,9 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe2(
+libcrux_ml_kem_vector_portable_compress_0d_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_portable_compress_compress_612(a);
+  return libcrux_ml_kem_vector_portable_compress_compress_f4(a);
 }
 
 /**
@@ -4905,15 +4971,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_14(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
+libcrux_ml_kem_serialize_compress_then_serialize_5_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        libcrux_ml_kem_vector_portable_compress_0d_fe2(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
+        libcrux_ml_kem_vector_portable_compress_0d_f4(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(
                 re.coefficients[i0]));
     uint8_t bytes[10U];
     libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
@@ -4932,9 +4998,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - OUT_LEN= 128
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_32(re, out);
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
+  libcrux_ml_kem_serialize_compress_then_serialize_4_8c(re, out);
 }
 
 /**
@@ -4955,60 +5021,60 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+  tuple_23 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_3b(
       copy_of_prf_input0, 0U);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U];
   memcpy(
       r_as_ntt, uu____1.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(
+  tuple_23 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(
       copy_of_prf_input, domain_separator0);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
   memcpy(
       error_1, uu____3.fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
   prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
-  libcrux_ml_kem_hash_functions_portable_PRF_f1_9f0(
+  libcrux_ml_kem_hash_functions_portable_PRF_f1_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 =
-      libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 =
+      libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_90(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
+  libcrux_ml_kem_matrix_compute_vector_u_1b(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
           copy_of_message);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
-      libcrux_ml_kem_matrix_compute_ring_element_v_c6(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
+      libcrux_ml_kem_matrix_compute_ring_element_v_1b(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
   memcpy(
       uu____5, u,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -5032,31 +5098,31 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_2a(Eurydice_slice public_key,
                                                      uint8_t message[32U],
                                                      Eurydice_slice randomness,
                                                      uint8_t ret[1088U]) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
-      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
+      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
       unpacked_public_key.t_as_ntt);
   Eurydice_slice seed =
       Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] =
       unpacked_public_key.A;
   uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed, ret0);
-  libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____0, ret0, false);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____1 =
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
+  libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____0, ret0, false);
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 =
       &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t result[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____1, copy_of_message,
-                                             randomness, result);
-  memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret1[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(uu____1, copy_of_message,
+                                             randomness, ret1);
+  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -5070,7 +5136,7 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b7(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d6(
     Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
     uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
@@ -5101,8 +5167,8 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static inline void libcrux_ml_kem_ind_cca_decapsulate_62(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
@@ -5119,10 +5185,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -5130,7 +5196,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5139,14 +5205,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
+  libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
@@ -5154,18 +5220,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_d8_b7(
+  libcrux_ml_kem_variant_kdf_d8_d6(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_b7(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_d8_d6(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5195,10 +5261,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_d5(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret);
 }
 
 /**
@@ -5209,9 +5275,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
  [`MlKem768Ciphertext`].
 */
 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
+  libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35(
       private_key, ciphertext, ret);
 }
 
@@ -5225,7 +5291,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_a9(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_9c(
     Eurydice_slice randomness, uint8_t ret[32U]) {
   uint8_t out[32U] = {0U};
   Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5242,7 +5308,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_e0(
     Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
@@ -5266,28 +5332,28 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_d8_a9(
+  libcrux_ml_kem_variant_entropy_preprocess_d8_9c(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d0(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5296,27 +5362,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_d8_b7(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_d8_d6(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -5339,15 +5405,15 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2
+libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_49(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_ca(uu____0, copy_of_randomness);
 }
 
 /**
@@ -5357,14 +5423,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
  The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd(
       uu____0, copy_of_randomness);
 }
 
@@ -5379,12 +5445,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8
-libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(void) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit;
-  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
-  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
+libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b(void) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit;
+  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   return lit;
 }
 
@@ -5398,7 +5464,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
   uint8_t seed[33U] = {0U};
   Eurydice_slice_copy(
@@ -5409,7 +5475,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(
   seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
       (uint8_t)(size_t)3U;
   uint8_t ret0[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
   memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
 }
@@ -5421,7 +5487,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_standard_domain_bf(
+libcrux_ml_kem_vector_traits_to_standard_domain_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -5439,15 +5505,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_traits_to_standard_domain_bf(
+            libcrux_ml_kem_vector_traits_to_standard_domain_8c(
                 self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -5463,40 +5529,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) {
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, matrix_A,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-        libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+        libcrux_ml_kem_polynomial_ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
                   Eurydice_array_to_slice(
                       (size_t)3U, row,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-                  libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+                  libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
          i1++) {
       size_t j = i1;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_45(matrix_element,
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(matrix_element,
                                                        &s_as_ntt[j]);
-      libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&t_as_ntt[i0],
+      libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -5510,50 +5576,50 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
     Eurydice_slice key_generation_seed,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret);
-  libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_3b(
           copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_matrix_compute_As_plus_e_c7(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  libcrux_ml_kem_matrix_compute_As_plus_e_1b(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
-  Result_00 dst;
+  Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  unwrap_26_33(dst, uu____5);
+  unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5564,14 +5630,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
             re->coefficients[i0]);
     uint8_t bytes[24U];
     libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
@@ -5592,25 +5658,25 @@ with const generics
 - K= 3
 - OUT_LEN= 1152
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key,
     uint8_t ret[1152U]) {
   uint8_t out[1152U] = {0U};
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
                    (size_t)3U, key,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
-               libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+               libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
        i++) {
     size_t i0 = i;
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0];
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -5625,13 +5691,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t *serialized) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
                                                        (size_t)1152U, uint8_t);
   uint8_t ret[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(t_as_ntt, ret);
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(t_as_ntt, ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
   Eurydice_slice_copy(
@@ -5648,15 +5714,13 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_07(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
     Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
   uint8_t public_key_serialized[1184U] = {0U};
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(t_as_ntt, seed_for_a,
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a,
                                                      public_key_serialized);
-  uint8_t result[1184U];
-  memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
+  memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
 /**
@@ -5672,20 +5736,20 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
+libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b();
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5695,12 +5759,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) {
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -5710,7 +5774,7 @@ with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
     Eurydice_slice private_key, Eurydice_slice public_key,
     Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
   uint8_t out[2400U] = {0U};
@@ -5736,7 +5800,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
       out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
   uint8_t ret0[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(public_key, ret0);
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(public_key, ret0);
   Eurydice_slice_copy(
       uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
@@ -5766,7 +5830,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5775,13 +5839,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_50(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_15(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -5789,14 +5853,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[2400U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
+      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee(
-      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_74(
+      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
 }
 
 /**
@@ -5812,12 +5876,12 @@ generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1(
+libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c6(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_f8(copy_of_randomness);
 }
 
 /**
@@ -5828,7 +5892,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c6(
       copy_of_randomness);
 }
 
@@ -5843,24 +5907,24 @@ with const generics
 - K= 3
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_d6(
     Eurydice_slice shared_secret,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t kdf_input[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input);
+  libcrux_ml_kem_utils_into_padded_array_24(shared_secret, kdf_input);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret0[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_slice((size_t)1088U,
-                              libcrux_ml_kem_types_as_slice_d4_76(ciphertext),
+                              libcrux_ml_kem_types_as_slice_d4_80(ciphertext),
                               uint8_t),
       ret0);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
   uint8_t ret1[32U];
-  libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
+  libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
       Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1);
   memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
 }
@@ -5887,8 +5951,8 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static inline void libcrux_ml_kem_ind_cca_decapsulate_620(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
@@ -5905,10 +5969,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
   Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
   Eurydice_slice implicit_rejection_value = uu____2.snd;
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value,
+  libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice_copy(
       Eurydice_array_to_subslice_from(
@@ -5916,7 +5980,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
           uint8_t, size_t),
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -5925,14 +5989,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
   Eurydice_slice shared_secret0 = uu____3.fst;
   Eurydice_slice pseudorandomness = uu____3.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash);
+  libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
   Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
-  libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
+  libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
   Eurydice_slice uu____5 = ind_cpa_public_key;
@@ -5940,18 +6004,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_variant_kdf_33_de(
+  libcrux_ml_kem_variant_kdf_33_d6(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
   uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_de(shared_secret0, ciphertext, shared_secret1);
+  libcrux_ml_kem_variant_kdf_33_d6(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5985,10 +6049,10 @@ generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_35(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_d50(private_key, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_decapsulate_620(private_key, ciphertext, ret);
 }
 
 /**
@@ -5999,9 +6063,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
  [`MlKem768Ciphertext`].
 */
 static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
+  libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_35(
       private_key, ciphertext, ret);
 }
 
@@ -6015,9 +6079,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_47(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_9c(
     Eurydice_slice randomness, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret);
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(randomness, ret);
 }
 
 /**
@@ -6039,28 +6103,28 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca0(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
   uint8_t randomness0[32U];
-  libcrux_ml_kem_variant_entropy_preprocess_33_47(
+  libcrux_ml_kem_variant_entropy_preprocess_33_9c(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
       size_t);
   uint8_t ret[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d0(public_key),
                               uint8_t),
       ret);
   Eurydice_slice_copy(
       uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -6069,27 +6133,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   Eurydice_slice uu____2 = Eurydice_array_to_slice(
-      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+      (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_d0(public_key), uint8_t);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____2, copy_of_randomness,
                                     pseudorandomness, ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
-  libcrux_ml_kem_variant_kdf_33_de(shared_secret, &ciphertext0,
+  libcrux_ml_kem_variant_kdf_33_d6(shared_secret, &ciphertext0,
                                    shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -6116,15 +6180,15 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_cd(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_490(uu____0, copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_encapsulate_ca0(uu____0, copy_of_randomness);
 }
 
 /**
@@ -6134,14 +6198,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
  The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
  bytes of `randomness`.
 */
-static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
+static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
+  libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_cd(
       uu____0, copy_of_randomness);
 }
 
@@ -6155,9 +6219,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_de(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(
     Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret);
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(key_generation_seed, ret);
 }
 
 /**
@@ -6169,50 +6233,50 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
     Eurydice_slice key_generation_seed,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_de(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
   Eurydice_slice seed_for_A = uu____0.fst;
   Eurydice_slice seed_for_secret_and_error = uu____0.snd;
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       public_key->A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret);
-  libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____1, ret, true);
+  libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, true);
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error,
-                                             prf_input);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 =
+  libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
+                                            prf_input);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 =
       private_key->secret_as_ntt;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
   uint8_t domain_separator =
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
           uu____2, copy_of_prf_input0, 0U);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U];
   memcpy(
       error_as_ntt,
-      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+      libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_3b(
           copy_of_prf_input, domain_separator)
           .fst,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
-  libcrux_ml_kem_matrix_compute_As_plus_e_c7(
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
+  libcrux_ml_kem_matrix_compute_As_plus_e_1b(
       public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
       error_as_ntt);
   uint8_t uu____5[32U];
-  Result_00 dst;
+  Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
-  unwrap_26_33(dst, uu____5);
+  unwrap_26_b3(dst, uu____5);
   memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -6229,21 +6293,21 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_500(
+libcrux_ml_kem_ind_cpa_generate_keypair_150(
     Eurydice_slice key_generation_seed) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b();
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
       key_generation_seed, &private_key, &public_key);
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
       public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(private_key.secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6253,12 +6317,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_500(
   uint8_t copy_of_public_key_serialized[1184U];
   memcpy(copy_of_public_key_serialized, public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 result;
-  memcpy(result.fst, copy_of_secret_key_serialized,
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
+  memcpy(lit.fst, copy_of_secret_key_serialized,
          (size_t)1152U * sizeof(uint8_t));
-  memcpy(result.snd, copy_of_public_key_serialized,
+  memcpy(lit.snd, copy_of_public_key_serialized,
          (size_t)1184U * sizeof(uint8_t));
-  return result;
+  return lit;
 }
 
 /**
@@ -6275,7 +6339,7 @@ libcrux_ml_kem_variant_Kyber with const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
       randomness, (size_t)0U,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6284,13 +6348,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
   libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
-      libcrux_ml_kem_ind_cpa_generate_keypair_500(ind_cpa_keypair_randomness);
+      libcrux_ml_kem_ind_cpa_generate_keypair_150(ind_cpa_keypair_randomness);
   uint8_t ind_cpa_private_key[1152U];
   memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
   uint8_t public_key[1184U];
   memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
   uint8_t secret_key_serialized[2400U];
-  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
       Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
       Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
       implicit_rejection_value, secret_key_serialized);
@@ -6298,14 +6362,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
   uint8_t copy_of_secret_key_serialized[2400U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
-      libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
-  libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
+      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
-  return libcrux_ml_kem_types_from_3a_ee(
-      uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+  return libcrux_ml_kem_types_from_3a_74(
+      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
 }
 
 /**
@@ -6321,12 +6385,12 @@ generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_c6(
     uint8_t randomness[64U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness);
+  return libcrux_ml_kem_ind_cca_generate_keypair_f80(copy_of_randomness);
 }
 
 /**
@@ -6338,7 +6402,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_c6(
       copy_of_randomness);
 }
 
@@ -6350,11 +6414,11 @@ with const generics
 - SECRET_KEY_SIZE= 2400
 - CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_fd(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
   uint8_t t[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
@@ -6375,10 +6439,10 @@ generics
 - CIPHERTEXT_SIZE= 1088
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key,
+  return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key,
                                                         ciphertext);
 }
 
@@ -6388,9 +6452,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
  Returns `true` if valid, and `false` otherwise.
 */
 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
-  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31(
       private_key, ciphertext);
 }
 
@@ -6401,10 +6465,10 @@ types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const
 generics
 - K= 3
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_bc(
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1b(
     size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -6414,18 +6478,22 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(
     Eurydice_slice public_key,
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       public_key, deserialized_pk);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
+  memcpy(
+      result, deserialized_pk,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(
-      ret, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      ret, result,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
 /**
@@ -6436,16 +6504,16 @@ with const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_6c(
     uint8_t *public_key) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9(
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(
       Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
                                     uint8_t, size_t),
       deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk;
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
       uu____0,
       Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
                                       uint8_t, size_t),
@@ -6463,9 +6531,9 @@ generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_31(
     uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key);
+  return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key);
 }
 
 /**
@@ -6474,8 +6542,8 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
  Returns `true` if valid, and `false` otherwise.
 */
 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
-  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) {
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_31(
       public_key->value);
 }
 
@@ -6501,14 +6569,14 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
   uint8_t decrypted[32U];
-  libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
+  libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
       &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
@@ -6519,7 +6587,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
                               uint8_t),
       uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -6528,30 +6596,30 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
-  libcrux_ml_kem_utils_into_padded_array_420(
+  libcrux_ml_kem_utils_into_padded_array_15(
       Eurydice_array_to_slice(
           (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t),
       to_hash);
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
-  libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
+  libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 =
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 =
       &key_pair->public_key.ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+          libcrux_ml_kem_types_as_ref_00_80(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -6587,10 +6655,10 @@ generics
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(key_pair, ciphertext, ret);
+  libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(key_pair, ciphertext, ret);
 }
 
 /**
@@ -6604,7 +6672,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
         *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35(
       private_key, ciphertext, ret);
 }
 
@@ -6627,11 +6695,11 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
+static inline tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
   uint8_t to_hash[64U];
-  libcrux_ml_kem_utils_into_padded_array_42(
+  libcrux_ml_kem_utils_into_padded_array_24(
       Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash);
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
       (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
@@ -6641,7 +6709,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
                           (size_t)32U, public_key->public_key_hash, uint8_t),
                       uint8_t);
   uint8_t hashed[64U];
-  libcrux_ml_kem_hash_functions_portable_G_f1_87(
+  libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
   Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
@@ -6649,13 +6717,13 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
       Eurydice_slice_uint8_t_x2);
   Eurydice_slice shared_secret = uu____1.fst;
   Eurydice_slice pseudorandomness = uu____1.snd;
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 =
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 =
       &public_key->ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
   uint8_t ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____2, copy_of_randomness,
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(uu____2, copy_of_randomness,
                                              pseudorandomness, ciphertext);
   uint8_t shared_secret_array[32U] = {0U};
   Eurydice_slice_copy(
@@ -6665,12 +6733,12 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
          (size_t)32U * sizeof(uint8_t));
-  tuple_3c lit;
+  tuple_c2 lit;
   lit.fst = uu____5;
   memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
   return lit;
@@ -6697,16 +6765,16 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
+static inline tuple_c2
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 =
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
       public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(uu____0,
+  return libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(uu____0,
                                                         copy_of_randomness);
 }
 
@@ -6718,15 +6786,15 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
  [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
  [`SHARED_SECRET_SIZE`] bytes of `randomness`.
 */
-static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
+static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 =
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
       public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
+  return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd(
       uu____0, copy_of_randomness);
 }
 
@@ -6744,9 +6812,9 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_42(size_t _j) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_1b();
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_f8(size_t _j) {
+  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
@@ -6763,10 +6831,10 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(
-    size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_f8(
+    size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
   }
 }
 
@@ -6781,10 +6849,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_clone_8d_26(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_clone_8d_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)16U, self->coefficients, ret,
@@ -6811,7 +6879,7 @@ libcrux_ml_kem_variant_MlKem with const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f8(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
   Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -6821,46 +6889,46 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(
       (size_t)64U, randomness,
       LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
       size_t);
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(i, A[i]);
+    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_f8(i, A[i]);
   }
   for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
     size_t i1 = i0;
     for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
       size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_26(
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+          libcrux_ml_kem_polynomial_clone_8d_8c(
               &out->public_key.ind_cpa_public_key.A[j][i1]);
       A[i1][j] = uu____0;
     }
   }
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U][3U];
   memcpy(uu____1, A,
          (size_t)3U *
-             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
   memcpy(out->public_key.ind_cpa_public_key.A, uu____1,
          (size_t)3U *
-             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
   uint8_t pk_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
       out->public_key.ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice(
           (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
       pk_serialized);
   uint8_t uu____2[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2);
   memcpy(out->public_key.public_key_hash, uu____2,
          (size_t)32U * sizeof(uint8_t));
   uint8_t uu____3[32U];
-  Result_00 dst;
+  Result_fb dst;
   Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice,
                            uint8_t[32U]);
-  unwrap_26_33(dst, uu____3);
+  unwrap_26_b3(dst, uu____3);
   memcpy(out->private_key.implicit_rejection_value, uu____3,
          (size_t)32U * sizeof(uint8_t));
 }
@@ -6881,13 +6949,13 @@ const generics
 - ETA1_RANDOMNESS_SIZE= 128
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c6(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(copy_of_randomness, out);
+  libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f8(copy_of_randomness, out);
 }
 
 /**
@@ -6900,7 +6968,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[64U];
   memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c6(
       copy_of_randomness, key_pair);
 }
 
@@ -6915,10 +6983,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_default_1c_bd(void) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
-  lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
+static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+libcrux_ml_kem_ind_cca_unpacked_default_1c_1b(void) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
+  lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
   lit.public_key_hash[0U] = 0U;
   lit.public_key_hash[1U] = 0U;
   lit.public_key_hash[2U] = 0U;
@@ -6967,9 +7035,9 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_db(void) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0;
-  uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
+    libcrux_ml_kem_ind_cca_unpacked_default_07_1b(void) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0;
+  uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b();
   uu____0.implicit_rejection_value[0U] = 0U;
   uu____0.implicit_rejection_value[1U] = 0U;
   uu____0.implicit_rejection_value[2U] = 0U;
@@ -7005,7 +7073,7 @@ static KRML_MUSTINLINE
   return (CLITERAL(
       libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){
       .private_key = uu____0,
-      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_bd()});
+      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_1b()});
 }
 
 /**
@@ -7013,15 +7081,15 @@ static KRML_MUSTINLINE
 */
 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_db();
+  return libcrux_ml_kem_ind_cca_unpacked_default_07_1b();
 }
 
 /**
  Create a new, empty unpacked public key.
 */
-static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
+static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_bd();
+  return libcrux_ml_kem_ind_cca_unpacked_default_1c_1b();
 }
 
 /**
@@ -7041,10 +7109,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
       self->ind_cpa_public_key.t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
                               uint8_t),
@@ -7068,10 +7136,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(
       &self->public_key, serialized);
 }
 
@@ -7081,8 +7149,8 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(
 static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(key_pair,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c(key_pair,
                                                                   serialized);
 }
 
@@ -7097,28 +7165,28 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(
-    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U];
+static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)3U, self->t_as_ntt, uu____0,
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0, void *);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *);
   uint8_t uu____1[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit;
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)3U, self->A, ret,
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], void *);
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *);
   memcpy(lit.A, ret,
          (size_t)3U *
-             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
   return lit;
 }
 
@@ -7133,12 +7201,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_clone_28_d3(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
+static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+libcrux_ml_kem_ind_cca_unpacked_clone_28_1b(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(&self->ind_cpa_public_key);
+      libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b(&self->ind_cpa_public_key);
   uint8_t ret[32U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
       (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -7160,8 +7228,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(
+static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_1b(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -7171,10 +7239,10 @@ libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(
 */
 static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_d3(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(key_pair));
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
+      libcrux_ml_kem_ind_cca_unpacked_clone_28_1b(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_de_1b(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -7183,9 +7251,9 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
 */
 static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
-    libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(public_key,
                                                                   serialized);
 }
 
@@ -7202,33 +7270,33 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
+libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_f9(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
   Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
       (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
   uint8_t uu____1[32U];
-  libcrux_ml_kem_utils_into_padded_array_423(
+  libcrux_ml_kem_utils_into_padded_array_9e(
       Eurydice_array_to_subslice_from((size_t)1184U, public_key->value,
                                       (size_t)1152U, uint8_t, size_t),
       uu____1);
   memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1,
          (size_t)32U * sizeof(uint8_t));
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____2)[3U] =
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____2)[3U] =
       unpacked_public_key->ind_cpa_public_key.A;
   uint8_t ret[34U];
-  libcrux_ml_kem_utils_into_padded_array_421(
+  libcrux_ml_kem_utils_into_padded_array_b6(
       Eurydice_array_to_subslice_from((size_t)1184U, public_key->value,
                                       (size_t)1152U, uint8_t, size_t),
       ret);
-  libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____2, ret, false);
+  libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____2, ret, false);
   uint8_t uu____3[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_d5(
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_slice((size_t)1184U,
-                              libcrux_ml_kem_types_as_slice_fd_02(public_key),
+                              libcrux_ml_kem_types_as_slice_fd_d0(public_key),
                               uint8_t),
       uu____3);
   memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -7248,11 +7316,11 @@ const generics
 - PUBLIC_KEY_SIZE= 1184
 */
 static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a5(
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_f9(public_key,
                                                        unpacked_public_key);
 }
 
@@ -7261,10 +7329,10 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
 */
 static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
+    libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a5(
       public_key, unpacked_public_key);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
index e305985cd..1eb1f6f44 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_mlkem768_portable_types_H
@@ -29,9 +29,9 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 
 */
-typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s {
+typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
-} libcrux_ml_kem_polynomial_PolynomialRingElement_f0;
+} libcrux_ml_kem_polynomial_PolynomialRingElement_1d;
 
 /**
 A monomorphic instance of
@@ -39,11 +39,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U];
   uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8;
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0;
 
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
@@ -51,12 +51,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key;
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key;
   uint8_t public_key_hash[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8;
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0;
 
-typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
+typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked;
 
 /**
@@ -65,9 +65,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8;
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0;
 
 /**
 A monomorphic instance of
@@ -75,16 +75,16 @@ libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - $3size_t
 */
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
       ind_cpa_private_key;
   uint8_t implicit_rejection_value[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8;
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0;
 
 typedef struct
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key;
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key;
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key;
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key;
 } libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked;
 
 #if defined(__cplusplus)
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 6cdf64314..95b25f755 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_sha3_avx2_H
@@ -59,7 +59,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_21(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_76(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i));
@@ -70,7 +70,7 @@ static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a,
                                                                   __m256i b) {
   __m256i uu____0 = a;
   return libcrux_intrinsics_avx2_mm256_xor_si256(
-      uu____0, libcrux_sha3_simd_avx2_rotate_left_21(b));
+      uu____0, libcrux_sha3_simd_avx2_rotate_left_76(b));
 }
 
 /**
@@ -203,9 +203,9 @@ with types core_core_arch_x86___m256i
 with const generics
 - $4size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s {
+typedef struct libcrux_sha3_generic_keccak_KeccakState_55_s {
   __m256i st[5U][5U];
-} libcrux_sha3_generic_keccak_KeccakState_29;
+} libcrux_sha3_generic_keccak_KeccakState_55;
 
 /**
  Create a new Shake128 x4 state.
@@ -221,9 +221,9 @@ with const generics
 - N= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29
-libcrux_sha3_generic_keccak_new_89_71(void) {
-  libcrux_sha3_generic_keccak_KeccakState_29 lit;
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_55
+libcrux_sha3_generic_keccak_new_89_a6(void) {
+  libcrux_sha3_generic_keccak_KeccakState_55 lit;
   lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef();
   lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef();
   lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef();
@@ -258,7 +258,7 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_5b(
     __m256i (*s)[5U], Eurydice_slice blocks[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) {
     size_t i0 = i;
@@ -388,13 +388,13 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_d4(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_5b(
     __m256i (*a)[5U], Eurydice_slice b[4U]) {
   __m256i(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[4U];
   memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_simd_avx2_load_block_fe(uu____0, copy_of_b);
+  libcrux_sha3_simd_avx2_load_block_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -405,7 +405,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_210(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_02(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i));
@@ -418,10 +418,10 @@ with const generics
 - RIGHT= 28
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_13(__m256i a,
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_02(__m256i a,
                                                                     __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_210(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_02(ab);
 }
 
 /**
@@ -436,8 +436,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_13(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_02(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_02(a, b);
 }
 
 /**
@@ -448,7 +448,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_211(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_ac(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i));
@@ -461,10 +461,10 @@ with const generics
 - RIGHT= 61
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_130(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_ac(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_211(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_ac(ab);
 }
 
 /**
@@ -479,8 +479,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_130(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_ac(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_ac(a, b);
 }
 
 /**
@@ -491,7 +491,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_212(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_020(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i));
@@ -505,9 +505,9 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_131(__m256i a, __m256i b) {
+libcrux_sha3_simd_avx2__vxarq_u64_020(__m256i a, __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_212(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_020(ab);
 }
 
 /**
@@ -522,8 +522,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_131(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_020(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_020(a, b);
 }
 
 /**
@@ -534,7 +534,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_213(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_a9(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i));
@@ -547,10 +547,10 @@ with const generics
 - RIGHT= 46
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_132(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_a9(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_213(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_a9(ab);
 }
 
 /**
@@ -565,8 +565,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_132(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_a9(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_a9(a, b);
 }
 
 /**
@@ -576,10 +576,10 @@ with const generics
 - RIGHT= 63
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_133(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_76(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_21(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_76(ab);
 }
 
 /**
@@ -594,8 +594,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_133(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_76(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_76(a, b);
 }
 
 /**
@@ -606,7 +606,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_214(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i));
@@ -619,10 +619,10 @@ with const generics
 - RIGHT= 20
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_134(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_58(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_214(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_58(ab);
 }
 
 /**
@@ -637,8 +637,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_134(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_58(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_58(a, b);
 }
 
 /**
@@ -649,7 +649,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_215(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_e0(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i));
@@ -662,10 +662,10 @@ with const generics
 - RIGHT= 54
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_135(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_e0(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_215(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_e0(ab);
 }
 
 /**
@@ -680,8 +680,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_135(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_e0(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_e0(a, b);
 }
 
 /**
@@ -692,7 +692,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_216(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_63(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i));
@@ -705,10 +705,10 @@ with const generics
 - RIGHT= 19
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_136(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_63(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_216(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_63(ab);
 }
 
 /**
@@ -723,8 +723,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_136(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_63(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_63(a, b);
 }
 
 /**
@@ -735,7 +735,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_217(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_6a(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i));
@@ -748,10 +748,10 @@ with const generics
 - RIGHT= 62
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_137(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_6a(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_217(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_6a(ab);
 }
 
 /**
@@ -766,8 +766,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_137(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_6a(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_6a(a, b);
 }
 
 /**
@@ -778,7 +778,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_218(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_ab(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i));
@@ -791,10 +791,10 @@ with const generics
 - RIGHT= 2
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_138(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_ab(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_218(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_ab(ab);
 }
 
 /**
@@ -809,8 +809,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_138(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_ab(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_ab(a, b);
 }
 
 /**
@@ -821,7 +821,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_219(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_5b(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i));
@@ -834,10 +834,10 @@ with const generics
 - RIGHT= 58
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_139(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_5b(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_219(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_5b(ab);
 }
 
 /**
@@ -852,8 +852,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_139(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_5b(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_5b(a, b);
 }
 
 /**
@@ -864,7 +864,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2110(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_6f(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i));
@@ -877,10 +877,10 @@ with const generics
 - RIGHT= 21
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1310(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_6f(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2110(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_6f(ab);
 }
 
 /**
@@ -895,8 +895,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1310(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_6f(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_6f(a, b);
 }
 
 /**
@@ -907,7 +907,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2111(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_62(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i));
@@ -920,10 +920,10 @@ with const generics
 - RIGHT= 49
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1311(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_62(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2111(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_62(ab);
 }
 
 /**
@@ -938,8 +938,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1311(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_62(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_62(a, b);
 }
 
 /**
@@ -950,7 +950,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2112(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_23(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i));
@@ -963,10 +963,10 @@ with const generics
 - RIGHT= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1312(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_23(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2112(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_23(ab);
 }
 
 /**
@@ -981,8 +981,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1312(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_23(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_23(a, b);
 }
 
 /**
@@ -993,7 +993,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2113(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_37(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i));
@@ -1006,10 +1006,10 @@ with const generics
 - RIGHT= 36
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1313(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_37(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2113(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_37(ab);
 }
 
 /**
@@ -1024,8 +1024,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1313(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_37(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_37(a, b);
 }
 
 /**
@@ -1036,7 +1036,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2114(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_bb(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i));
@@ -1049,10 +1049,10 @@ with const generics
 - RIGHT= 9
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1314(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_bb(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2114(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_bb(ab);
 }
 
 /**
@@ -1067,8 +1067,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1314(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_bb(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_bb(a, b);
 }
 
 /**
@@ -1079,7 +1079,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2115(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_b9(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i));
@@ -1092,10 +1092,10 @@ with const generics
 - RIGHT= 39
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1315(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_b9(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2115(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_b9(ab);
 }
 
 /**
@@ -1110,8 +1110,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1315(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_b9(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_b9(a, b);
 }
 
 /**
@@ -1122,7 +1122,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2116(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_54(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i));
@@ -1135,10 +1135,10 @@ with const generics
 - RIGHT= 43
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1316(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_54(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2116(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_54(ab);
 }
 
 /**
@@ -1153,8 +1153,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1316(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_54(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_54(a, b);
 }
 
 /**
@@ -1165,7 +1165,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2117(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_4c(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i));
@@ -1178,10 +1178,10 @@ with const generics
 - RIGHT= 8
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1317(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_4c(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2117(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_4c(ab);
 }
 
 /**
@@ -1196,8 +1196,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1317(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_4c(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_4c(a, b);
 }
 
 /**
@@ -1208,7 +1208,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2118(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_ce(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i));
@@ -1221,10 +1221,10 @@ with const generics
 - RIGHT= 37
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1318(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_ce(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2118(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_ce(ab);
 }
 
 /**
@@ -1239,8 +1239,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1318(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_ce(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_ce(a, b);
 }
 
 /**
@@ -1251,7 +1251,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2119(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_77(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i));
@@ -1264,10 +1264,10 @@ with const generics
 - RIGHT= 44
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1319(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_77(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2119(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_77(ab);
 }
 
 /**
@@ -1282,8 +1282,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1319(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_77(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_77(a, b);
 }
 
 /**
@@ -1294,7 +1294,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2120(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_25(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i));
@@ -1307,10 +1307,10 @@ with const generics
 - RIGHT= 25
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1320(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_25(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2120(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_25(ab);
 }
 
 /**
@@ -1325,8 +1325,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1320(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_25(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_25(a, b);
 }
 
 /**
@@ -1337,7 +1337,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2121(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_af(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i));
@@ -1350,10 +1350,10 @@ with const generics
 - RIGHT= 56
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1321(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_af(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2121(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_af(ab);
 }
 
 /**
@@ -1368,8 +1368,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1321(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_af(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_af(a, b);
 }
 
 /**
@@ -1380,7 +1380,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_rotate_left_2122(__m256i x) {
+libcrux_sha3_simd_avx2_rotate_left_fd(__m256i x) {
   return libcrux_intrinsics_avx2_mm256_xor_si256(
       libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i),
       libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i));
@@ -1393,10 +1393,10 @@ with const generics
 - RIGHT= 50
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2__vxarq_u64_1322(__m256i a, __m256i b) {
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_fd(__m256i a,
+                                                                    __m256i b) {
   __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
-  return libcrux_sha3_simd_avx2_rotate_left_2122(ab);
+  return libcrux_sha3_simd_avx2_rotate_left_fd(ab);
 }
 
 /**
@@ -1411,8 +1411,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(__m256i a, __m256i b) {
-  return libcrux_sha3_simd_avx2__vxarq_u64_1322(a, b);
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_fd(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_fd(a, b);
 }
 
 /**
@@ -1422,8 +1422,8 @@ with const generics
 - N= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_1b(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U],
                                                   s->st[2U][0U], s->st[3U][0U],
                                                   s->st[4U][0U]),
@@ -1457,53 +1457,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_1b(
                        c[((size_t)4U + (size_t)1U) % (size_t)5U])};
   s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]);
   s->st[1U][0U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_02(s->st[1U][0U], t[0U]);
   s->st[2U][0U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_ac(s->st[2U][0U], t[0U]);
   s->st[3U][0U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_020(s->st[3U][0U], t[0U]);
   s->st[4U][0U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_a9(s->st[4U][0U], t[0U]);
   s->st[0U][1U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_76(s->st[0U][1U], t[1U]);
   s->st[1U][1U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_58(s->st[1U][1U], t[1U]);
   s->st[2U][1U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_e0(s->st[2U][1U], t[1U]);
   s->st[3U][1U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_63(s->st[3U][1U], t[1U]);
   s->st[4U][1U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_6a(s->st[4U][1U], t[1U]);
   s->st[0U][2U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_ab(s->st[0U][2U], t[2U]);
   s->st[1U][2U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5b(s->st[1U][2U], t[2U]);
   s->st[2U][2U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_6f(s->st[2U][2U], t[2U]);
   s->st[3U][2U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_62(s->st[3U][2U], t[2U]);
   s->st[4U][2U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_23(s->st[4U][2U], t[2U]);
   s->st[0U][3U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_37(s->st[0U][3U], t[3U]);
   s->st[1U][3U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_bb(s->st[1U][3U], t[3U]);
   s->st[2U][3U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_b9(s->st[2U][3U], t[3U]);
   s->st[3U][3U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_54(s->st[3U][3U], t[3U]);
   s->st[4U][3U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_4c(s->st[4U][3U], t[3U]);
   s->st[0U][4U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_ce(s->st[0U][4U], t[4U]);
   s->st[1U][4U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_77(s->st[1U][4U], t[4U]);
   s->st[2U][4U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_25(s->st[2U][4U], t[4U]);
   s->st[3U][4U] =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_af(s->st[3U][4U], t[4U]);
   __m256i uu____27 =
-      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]);
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_fd(s->st[4U][4U], t[4U]);
   s->st[4U][4U] = uu____27;
 }
 
@@ -1514,8 +1514,8 @@ with const generics
 - N= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_70(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   __m256i old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U]));
   s->st[0U][1U] = old[1U][1U];
@@ -1551,8 +1551,8 @@ with const generics
 - N= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   __m256i old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U]));
   for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
@@ -1573,8 +1573,8 @@ with const generics
 - N= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_fe(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, size_t i) {
   s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef(
       s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
 }
@@ -1586,14 +1586,14 @@ with const generics
 - N= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_cd(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
   for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_theta_rho_1b(s);
-    libcrux_sha3_generic_keccak_pi_70(s);
-    libcrux_sha3_generic_keccak_chi_12(s);
-    libcrux_sha3_generic_keccak_iota_fe(s, i0);
+    libcrux_sha3_generic_keccak_theta_rho_a6(s);
+    libcrux_sha3_generic_keccak_pi_a6(s);
+    libcrux_sha3_generic_keccak_chi_a6(s);
+    libcrux_sha3_generic_keccak_iota_a6(s, i0);
   }
 }
 
@@ -1605,13 +1605,13 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_32(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice blocks[4U]) {
   __m256i(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[4U];
   memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_simd_avx2_load_block_ef_d4(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_cd(s);
+  libcrux_sha3_simd_avx2_load_block_ef_5b(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
 }
 
 /**
@@ -1620,14 +1620,14 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_5b(
     __m256i (*s)[5U], uint8_t blocks[4U][200U]) {
   Eurydice_slice buf[4U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)};
-  libcrux_sha3_simd_avx2_load_block_fe(s, buf);
+  libcrux_sha3_simd_avx2_load_block_5b(s, buf);
 }
 
 /**
@@ -1640,13 +1640,13 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e6(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_5b(
     __m256i (*a)[5U], uint8_t b[4U][200U]) {
   __m256i(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[4U][200U];
   memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U]));
-  libcrux_sha3_simd_avx2_load_block_full_1d(uu____0, copy_of_b);
+  libcrux_sha3_simd_avx2_load_block_full_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -1658,8 +1658,8 @@ with const generics
 - DELIM= 31
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fb(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[4U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
@@ -1677,8 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f(
   __m256i(*uu____3)[5U] = s->st;
   uint8_t uu____4[4U][200U];
   memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U]));
-  libcrux_sha3_simd_avx2_load_block_full_ef_e6(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_cd(s);
+  libcrux_sha3_simd_avx2_load_block_full_ef_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
 }
 
 /**
@@ -1687,7 +1687,7 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_78(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_5b(
     __m256i (*s)[5U], Eurydice_slice out[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) {
     size_t i0 = i;
@@ -1810,7 +1810,7 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_5b(
     __m256i (*s)[5U], uint8_t ret[4U][200U]) {
   uint8_t out0[200U] = {0U};
   uint8_t out1[200U] = {0U};
@@ -1821,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61(
       Eurydice_array_to_slice((size_t)200U, out1, uint8_t),
       Eurydice_array_to_slice((size_t)200U, out2, uint8_t),
       Eurydice_array_to_slice((size_t)200U, out3, uint8_t)};
-  libcrux_sha3_simd_avx2_store_block_78(s, buf);
+  libcrux_sha3_simd_avx2_store_block_5b(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out0[200U];
   memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t));
@@ -1849,9 +1849,9 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_d1(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_5b(
     __m256i (*a)[5U], uint8_t ret[4U][200U]) {
-  libcrux_sha3_simd_avx2_store_block_full_61(a, ret);
+  libcrux_sha3_simd_avx2_store_block_full_5b(a, ret);
 }
 
 /**
@@ -1863,21 +1863,21 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_a8(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
   uint8_t b[4U][200U];
-  libcrux_sha3_simd_avx2_store_block_full_ef_d1(s->st, b);
+  libcrux_sha3_simd_avx2_store_block_full_ef_5b(s->st, b);
   for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1892,9 +1892,9 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e3(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_5b(
     __m256i (*a)[5U], Eurydice_slice b[4U]) {
-  libcrux_sha3_simd_avx2_store_block_78(a, b);
+  libcrux_sha3_simd_avx2_store_block_5b(a, b);
 }
 
 /**
@@ -1905,9 +1905,9 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_simd_avx2_store_block_ef_5b(s->st, out);
 }
 
 /**
@@ -1918,10 +1918,10 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_66(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_cd(s);
-  libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+  libcrux_sha3_simd_avx2_store_block_ef_5b(s->st, out);
 }
 
 /**
@@ -1932,22 +1932,22 @@ with const generics
 - RATE= 136
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_fe(
-    libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_cd(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 s, Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_a6(&s);
   uint8_t b[4U][200U];
-  libcrux_sha3_simd_avx2_store_block_full_ef_d1(s.st, b);
+  libcrux_sha3_simd_avx2_store_block_full_ef_5b(s.st, b);
   for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1961,36 +1961,36 @@ with const generics
 - DELIM= 31
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_fb(
     Eurydice_slice data[4U], Eurydice_slice out[4U]) {
-  libcrux_sha3_generic_keccak_KeccakState_29 s =
-      libcrux_sha3_generic_keccak_new_89_71();
+  libcrux_sha3_generic_keccak_KeccakState_55 s =
+      libcrux_sha3_generic_keccak_new_89_a6();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_55 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[4U];
     memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice));
     Eurydice_slice ret[4U];
     libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U,
                                       (size_t)136U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_32(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_97(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
-  libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_55 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[4U];
   memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice ret[4U];
   libcrux_sha3_simd_avx2_slice_n_ef(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_fb(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)136U;
   size_t last = outlen - outlen % (size_t)136U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_a8(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_97(&s, out);
   } else {
     Eurydice_slice_uint8_t_4size_t__x2 uu____4 =
         libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U);
@@ -1998,15 +1998,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9(
     memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice));
     Eurydice_slice o1[4U];
     memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_ca(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_97(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -2016,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9(
         memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice));
         Eurydice_slice orest[4U];
         memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_66(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_97(&s, o);
         memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_fe(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_97(s, o1);
     }
   }
 }
@@ -2036,19 +2036,19 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256(
     Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_keccak_b9(buf0, buf);
+  libcrux_sha3_generic_keccak_keccak_fb(buf0, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakState_29
+typedef libcrux_sha3_generic_keccak_KeccakState_55
     libcrux_sha3_avx2_x4_incremental_KeccakState;
 
 /**
  Initialise the [`KeccakState`].
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_55
 libcrux_sha3_avx2_x4_incremental_init(void) {
-  return libcrux_sha3_generic_keccak_new_89_71();
+  return libcrux_sha3_generic_keccak_new_89_a6();
 }
 
 /**
@@ -2057,7 +2057,7 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_3a(
     __m256i (*s)[5U], Eurydice_slice blocks[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) {
     size_t i0 = i;
@@ -2183,14 +2183,14 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d0(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_3a(
     __m256i (*s)[5U], uint8_t blocks[4U][200U]) {
   Eurydice_slice buf[4U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t),
       Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)};
-  libcrux_sha3_simd_avx2_load_block_fe0(s, buf);
+  libcrux_sha3_simd_avx2_load_block_3a(s, buf);
 }
 
 /**
@@ -2203,13 +2203,13 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e60(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_3a(
     __m256i (*a)[5U], uint8_t b[4U][200U]) {
   __m256i(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[4U][200U];
   memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U]));
-  libcrux_sha3_simd_avx2_load_block_full_1d0(uu____0, copy_of_b);
+  libcrux_sha3_simd_avx2_load_block_full_3a(uu____0, copy_of_b);
 }
 
 /**
@@ -2221,8 +2221,8 @@ with const generics
 - DELIM= 31
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fb0(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[4U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
@@ -2240,8 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0(
   __m256i(*uu____3)[5U] = s->st;
   uint8_t uu____4[4U][200U];
   memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U]));
-  libcrux_sha3_simd_avx2_load_block_full_ef_e60(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_cd(s);
+  libcrux_sha3_simd_avx2_load_block_full_ef_3a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
 }
 
 /**
@@ -2250,10 +2250,10 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
     Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) {
   Eurydice_slice buf[4U] = {data0, data1, data2, data3};
-  libcrux_sha3_generic_keccak_absorb_final_7f0(s, buf);
+  libcrux_sha3_generic_keccak_absorb_final_fb0(s, buf);
 }
 
 /**
@@ -2262,7 +2262,7 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_780(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_3a(
     __m256i (*s)[5U], Eurydice_slice out[4U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) {
     size_t i0 = i;
@@ -2389,9 +2389,9 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e30(
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_3a(
     __m256i (*a)[5U], Eurydice_slice b[4U]) {
-  libcrux_sha3_simd_avx2_store_block_780(a, b);
+  libcrux_sha3_simd_avx2_store_block_3a(a, b);
 }
 
 /**
@@ -2402,9 +2402,9 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca0(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_970(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_simd_avx2_store_block_ef_3a(s->st, out);
 }
 
 /**
@@ -2415,10 +2415,10 @@ with const generics
 - RATE= 168
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_660(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_cd(s);
-  libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_970(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+  libcrux_sha3_simd_avx2_store_block_ef_3a(s->st, out);
 }
 
 /**
@@ -2430,23 +2430,23 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
+libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
   Eurydice_slice_uint8_t_4size_t__x2 uu____0 =
       libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U);
   Eurydice_slice o0[4U];
   memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o10[4U];
   memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0);
+  libcrux_sha3_generic_keccak_squeeze_first_block_970(s, o0);
   Eurydice_slice_uint8_t_4size_t__x2 uu____1 =
       libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U);
   Eurydice_slice o1[4U];
   memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o2[4U];
   memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1);
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o2);
 }
 
 /**
@@ -2455,10 +2455,10 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(s, buf);
 }
 
 /**
@@ -2467,10 +2467,10 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, buf);
 }
 
 /**
@@ -2482,37 +2482,37 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) {
+libcrux_sha3_generic_keccak_squeeze_first_five_blocks_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
   Eurydice_slice_uint8_t_4size_t__x2 uu____0 =
       libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U);
   Eurydice_slice o0[4U];
   memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o10[4U];
   memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0);
+  libcrux_sha3_generic_keccak_squeeze_first_block_970(s, o0);
   Eurydice_slice_uint8_t_4size_t__x2 uu____1 =
       libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U);
   Eurydice_slice o1[4U];
   memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o20[4U];
   memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o1);
   Eurydice_slice_uint8_t_4size_t__x2 uu____2 =
       libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U);
   Eurydice_slice o2[4U];
   memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o30[4U];
   memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o2);
   Eurydice_slice_uint8_t_4size_t__x2 uu____3 =
       libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U);
   Eurydice_slice o3[4U];
   memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice));
   Eurydice_slice o4[4U];
   memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o3);
-  libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o4);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o3);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o4);
 }
 
 /**
@@ -2521,10 +2521,10 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_97(s, buf);
 }
 
 /**
@@ -2533,10 +2533,10 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
     Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) {
   Eurydice_slice buf[4U] = {data0, data1, data2, data3};
-  libcrux_sha3_generic_keccak_absorb_final_7f(s, buf);
+  libcrux_sha3_generic_keccak_absorb_final_fb(s, buf);
 }
 
 /**
@@ -2545,10 +2545,10 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_squeeze_first_block_ca(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_block_97(s, buf);
 }
 
 /**
@@ -2557,10 +2557,10 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0,
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
     Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
-  libcrux_sha3_generic_keccak_squeeze_next_block_66(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_next_block_97(s, buf);
 }
 
 #if defined(__cplusplus)
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index cfdd6e5d5..5b31b9051 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
- * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
- * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
- * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Charon: 2b71c3c42337fe17ceca860bedaafb3443e6c5e8
+ * Eurydice: dcfae68c874635956f71d4c05928841b29ad0a8b
+ * Karamel: 87384b244a98a0c41a2e14c65b872d885af7c8df
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 4b0d78759e0adf160bab80862883bd5ba7338977
  */
 
 #ifndef __libcrux_sha3_portable_H
@@ -79,14 +79,14 @@ with const generics
 - RIGHT= 63
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_76(uint64_t x) {
   return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63;
 }
 
 static KRML_MUSTINLINE uint64_t
 libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) {
   uint64_t uu____0 = a;
-  return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b);
+  return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_76(b);
 }
 
 /**
@@ -183,9 +183,9 @@ with types uint64_t
 with const generics
 - $1size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s {
+typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s {
   uint64_t st[5U][5U];
-} libcrux_sha3_generic_keccak_KeccakState_48;
+} libcrux_sha3_generic_keccak_KeccakState_17;
 
 /**
  Create a new Shake128 x4 state.
@@ -200,9 +200,9 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
-libcrux_sha3_generic_keccak_new_89_cf(void) {
-  libcrux_sha3_generic_keccak_KeccakState_48 lit;
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
+libcrux_sha3_generic_keccak_new_89_04(void) {
+  libcrux_sha3_generic_keccak_KeccakState_17 lit;
   lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a();
   lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a();
   lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a();
@@ -236,18 +236,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_f8(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    Result_56 dst;
+    Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    unwrap_26_0e(dst, uu____0);
+    unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -264,13 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_f8(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_f8(uu____0, copy_of_b);
 }
 
 /**
@@ -280,7 +280,7 @@ with const generics
 - RIGHT= 28
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_02(uint64_t x) {
   return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28;
 }
 
@@ -291,9 +291,9 @@ with const generics
 - RIGHT= 28
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_02(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d60(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_02(ab);
 }
 
 /**
@@ -307,8 +307,8 @@ with const generics
 - RIGHT= 28
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_02(a, b);
 }
 
 /**
@@ -318,7 +318,7 @@ with const generics
 - RIGHT= 61
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_ac(uint64_t x) {
   return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61;
 }
 
@@ -329,9 +329,9 @@ with const generics
 - RIGHT= 61
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d61(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_ac(ab);
 }
 
 /**
@@ -345,8 +345,8 @@ with const generics
 - RIGHT= 61
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b);
 }
 
 /**
@@ -356,7 +356,7 @@ with const generics
 - RIGHT= 23
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_020(uint64_t x) {
   return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23;
 }
 
@@ -367,9 +367,9 @@ with const generics
 - RIGHT= 23
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_020(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d62(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_020(ab);
 }
 
 /**
@@ -383,8 +383,8 @@ with const generics
 - RIGHT= 23
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_020(a, b);
 }
 
 /**
@@ -394,7 +394,7 @@ with const generics
 - RIGHT= 46
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_a9(uint64_t x) {
   return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46;
 }
 
@@ -405,9 +405,9 @@ with const generics
 - RIGHT= 46
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_a9(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d63(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_a9(ab);
 }
 
 /**
@@ -421,8 +421,8 @@ with const generics
 - RIGHT= 46
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_a9(a, b);
 }
 
 /**
@@ -432,9 +432,9 @@ with const generics
 - RIGHT= 63
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_76(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d6(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_76(ab);
 }
 
 /**
@@ -448,8 +448,8 @@ with const generics
 - RIGHT= 63
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_76(a, b);
 }
 
 /**
@@ -459,7 +459,7 @@ with const generics
 - RIGHT= 20
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_58(uint64_t x) {
   return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20;
 }
 
@@ -470,9 +470,9 @@ with const generics
 - RIGHT= 20
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_58(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d64(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_58(ab);
 }
 
 /**
@@ -486,8 +486,8 @@ with const generics
 - RIGHT= 20
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_58(a, b);
 }
 
 /**
@@ -497,7 +497,7 @@ with const generics
 - RIGHT= 54
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_e0(uint64_t x) {
   return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54;
 }
 
@@ -508,9 +508,9 @@ with const generics
 - RIGHT= 54
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_e0(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d65(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_e0(ab);
 }
 
 /**
@@ -524,8 +524,8 @@ with const generics
 - RIGHT= 54
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_e0(a, b);
 }
 
 /**
@@ -535,7 +535,7 @@ with const generics
 - RIGHT= 19
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_63(uint64_t x) {
   return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19;
 }
 
@@ -546,9 +546,9 @@ with const generics
 - RIGHT= 19
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_63(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d66(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_63(ab);
 }
 
 /**
@@ -562,8 +562,8 @@ with const generics
 - RIGHT= 19
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_63(a, b);
 }
 
 /**
@@ -573,7 +573,7 @@ with const generics
 - RIGHT= 62
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_6a(uint64_t x) {
   return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62;
 }
 
@@ -584,9 +584,9 @@ with const generics
 - RIGHT= 62
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_6a(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d67(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_6a(ab);
 }
 
 /**
@@ -600,8 +600,8 @@ with const generics
 - RIGHT= 62
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_6a(a, b);
 }
 
 /**
@@ -611,7 +611,7 @@ with const generics
 - RIGHT= 2
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_ab(uint64_t x) {
   return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2;
 }
 
@@ -622,9 +622,9 @@ with const generics
 - RIGHT= 2
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_ab(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d68(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_ab(ab);
 }
 
 /**
@@ -638,8 +638,8 @@ with const generics
 - RIGHT= 2
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ab(a, b);
 }
 
 /**
@@ -649,7 +649,7 @@ with const generics
 - RIGHT= 58
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_5b(uint64_t x) {
   return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58;
 }
 
@@ -660,9 +660,9 @@ with const generics
 - RIGHT= 58
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_5b(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d69(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_5b(ab);
 }
 
 /**
@@ -676,8 +676,8 @@ with const generics
 - RIGHT= 58
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_5b(a, b);
 }
 
 /**
@@ -687,7 +687,7 @@ with const generics
 - RIGHT= 21
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_6f(uint64_t x) {
   return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21;
 }
 
@@ -698,9 +698,9 @@ with const generics
 - RIGHT= 21
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_6f(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d610(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_6f(ab);
 }
 
 /**
@@ -714,8 +714,8 @@ with const generics
 - RIGHT= 21
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_6f(a, b);
 }
 
 /**
@@ -725,7 +725,7 @@ with const generics
 - RIGHT= 49
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_62(uint64_t x) {
   return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49;
 }
 
@@ -736,9 +736,9 @@ with const generics
 - RIGHT= 49
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_62(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d611(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_62(ab);
 }
 
 /**
@@ -752,8 +752,8 @@ with const generics
 - RIGHT= 49
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_62(a, b);
 }
 
 /**
@@ -763,7 +763,7 @@ with const generics
 - RIGHT= 3
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_23(uint64_t x) {
   return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3;
 }
 
@@ -774,9 +774,9 @@ with const generics
 - RIGHT= 3
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_23(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d612(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_23(ab);
 }
 
 /**
@@ -790,8 +790,8 @@ with const generics
 - RIGHT= 3
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_23(a, b);
 }
 
 /**
@@ -801,7 +801,7 @@ with const generics
 - RIGHT= 36
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_37(uint64_t x) {
   return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36;
 }
 
@@ -812,9 +812,9 @@ with const generics
 - RIGHT= 36
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_37(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d613(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_37(ab);
 }
 
 /**
@@ -828,8 +828,8 @@ with const generics
 - RIGHT= 36
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_37(a, b);
 }
 
 /**
@@ -839,7 +839,7 @@ with const generics
 - RIGHT= 9
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_bb(uint64_t x) {
   return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9;
 }
 
@@ -850,9 +850,9 @@ with const generics
 - RIGHT= 9
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_bb(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d614(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_bb(ab);
 }
 
 /**
@@ -866,8 +866,8 @@ with const generics
 - RIGHT= 9
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_bb(a, b);
 }
 
 /**
@@ -877,7 +877,7 @@ with const generics
 - RIGHT= 39
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_b9(uint64_t x) {
   return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39;
 }
 
@@ -888,9 +888,9 @@ with const generics
 - RIGHT= 39
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_b9(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d615(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_b9(ab);
 }
 
 /**
@@ -904,8 +904,8 @@ with const generics
 - RIGHT= 39
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_b9(a, b);
 }
 
 /**
@@ -915,7 +915,7 @@ with const generics
 - RIGHT= 43
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_54(uint64_t x) {
   return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43;
 }
 
@@ -926,9 +926,9 @@ with const generics
 - RIGHT= 43
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_54(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d616(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_54(ab);
 }
 
 /**
@@ -942,8 +942,8 @@ with const generics
 - RIGHT= 43
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_54(a, b);
 }
 
 /**
@@ -953,7 +953,7 @@ with const generics
 - RIGHT= 8
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_4c(uint64_t x) {
   return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8;
 }
 
@@ -964,9 +964,9 @@ with const generics
 - RIGHT= 8
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_4c(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d617(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_4c(ab);
 }
 
 /**
@@ -980,8 +980,8 @@ with const generics
 - RIGHT= 8
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_4c(a, b);
 }
 
 /**
@@ -991,7 +991,7 @@ with const generics
 - RIGHT= 37
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_ce(uint64_t x) {
   return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37;
 }
 
@@ -1002,9 +1002,9 @@ with const generics
 - RIGHT= 37
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_ce(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d618(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_ce(ab);
 }
 
 /**
@@ -1018,8 +1018,8 @@ with const generics
 - RIGHT= 37
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ce(a, b);
 }
 
 /**
@@ -1029,7 +1029,7 @@ with const generics
 - RIGHT= 44
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_77(uint64_t x) {
   return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44;
 }
 
@@ -1040,9 +1040,9 @@ with const generics
 - RIGHT= 44
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_77(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d619(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_77(ab);
 }
 
 /**
@@ -1056,8 +1056,8 @@ with const generics
 - RIGHT= 44
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_77(a, b);
 }
 
 /**
@@ -1067,7 +1067,7 @@ with const generics
 - RIGHT= 25
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_25(uint64_t x) {
   return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25;
 }
 
@@ -1078,9 +1078,9 @@ with const generics
 - RIGHT= 25
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_25(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d620(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_25(ab);
 }
 
 /**
@@ -1094,8 +1094,8 @@ with const generics
 - RIGHT= 25
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_25(a, b);
 }
 
 /**
@@ -1105,7 +1105,7 @@ with const generics
 - RIGHT= 56
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_af(uint64_t x) {
   return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56;
 }
 
@@ -1116,9 +1116,9 @@ with const generics
 - RIGHT= 56
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_af(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d621(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_af(ab);
 }
 
 /**
@@ -1132,8 +1132,8 @@ with const generics
 - RIGHT= 56
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_af(a, b);
 }
 
 /**
@@ -1143,7 +1143,7 @@ with const generics
 - RIGHT= 50
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) {
+libcrux_sha3_portable_keccak_rotate_left_fd(uint64_t x) {
   return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50;
 }
 
@@ -1154,9 +1154,9 @@ with const generics
 - RIGHT= 50
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) {
+libcrux_sha3_portable_keccak__vxarq_u64_fd(uint64_t a, uint64_t b) {
   uint64_t ab = a ^ b;
-  return libcrux_sha3_portable_keccak_rotate_left_d622(ab);
+  return libcrux_sha3_portable_keccak_rotate_left_fd(ab);
 }
 
 /**
@@ -1170,8 +1170,8 @@ with const generics
 - RIGHT= 50
 */
 static KRML_MUSTINLINE uint64_t
-libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) {
-  return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b);
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_fd(a, b);
 }
 
 /**
@@ -1180,8 +1180,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   uint64_t c[5U] = {
       libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U],
                                            s->st[2U][0U], s->st[3U][0U],
@@ -1216,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7(
                         c[((size_t)4U + (size_t)1U) % (size_t)5U])};
   s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]);
   s->st[1U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(s->st[1U][0U], t[0U]);
   s->st[2U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(s->st[2U][0U], t[0U]);
   s->st[3U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(s->st[3U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(s->st[3U][0U], t[0U]);
   s->st[4U][0U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(s->st[4U][0U], t[0U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(s->st[4U][0U], t[0U]);
   s->st[0U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(s->st[0U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(s->st[0U][1U], t[1U]);
   s->st[1U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(s->st[1U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(s->st[1U][1U], t[1U]);
   s->st[2U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(s->st[2U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(s->st[2U][1U], t[1U]);
   s->st[3U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(s->st[3U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(s->st[3U][1U], t[1U]);
   s->st[4U][1U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(s->st[4U][1U], t[1U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(s->st[4U][1U], t[1U]);
   s->st[0U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(s->st[0U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(s->st[0U][2U], t[2U]);
   s->st[1U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(s->st[1U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(s->st[1U][2U], t[2U]);
   s->st[2U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(s->st[2U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(s->st[2U][2U], t[2U]);
   s->st[3U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(s->st[3U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(s->st[3U][2U], t[2U]);
   s->st[4U][2U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(s->st[4U][2U], t[2U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(s->st[4U][2U], t[2U]);
   s->st[0U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(s->st[0U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(s->st[0U][3U], t[3U]);
   s->st[1U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(s->st[1U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][3U], t[3U]);
   s->st[2U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(s->st[2U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(s->st[2U][3U], t[3U]);
   s->st[3U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(s->st[3U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(s->st[3U][3U], t[3U]);
   s->st[4U][3U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(s->st[4U][3U], t[3U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(s->st[4U][3U], t[3U]);
   s->st[0U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(s->st[0U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(s->st[0U][4U], t[4U]);
   s->st[1U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(s->st[1U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(s->st[1U][4U], t[4U]);
   s->st[2U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(s->st[2U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(s->st[2U][4U], t[4U]);
   s->st[3U][4U] =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(s->st[3U][4U], t[4U]);
   uint64_t uu____27 =
-      libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]);
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(s->st[4U][4U], t[4U]);
   s->st[4U][4U] = uu____27;
 }
 
@@ -1272,8 +1272,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   uint64_t old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
   s->st[0U][1U] = old[1U][1U];
@@ -1308,8 +1308,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   uint64_t old[5U][5U];
   memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
   for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
@@ -1329,8 +1329,8 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, size_t i) {
   s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a(
       s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
 }
@@ -1341,14 +1341,14 @@ with types uint64_t
 with const generics
 - N= 1
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
   for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_theta_rho_a7(s);
-    libcrux_sha3_generic_keccak_pi_d5(s);
-    libcrux_sha3_generic_keccak_chi_3e(s);
-    libcrux_sha3_generic_keccak_iota_00(s, i0);
+    libcrux_sha3_generic_keccak_theta_rho_04(s);
+    libcrux_sha3_generic_keccak_pi_04(s);
+    libcrux_sha3_generic_keccak_chi_04(s);
+    libcrux_sha3_generic_keccak_iota_04(s, i0);
   }
 }
 
@@ -1359,13 +1359,13 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_f8(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1373,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_f8(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_65(s, buf);
+  libcrux_sha3_portable_keccak_load_block_f8(s, buf);
 }
 
 /**
@@ -1389,13 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_f8(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_f8(uu____0, copy_of_b);
 }
 
 /**
@@ -1406,8 +1406,8 @@ with const generics
 - RATE= 72
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -1425,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_f8(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1434,7 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_f8(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -1452,12 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_f8(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b(s, buf);
+  libcrux_sha3_portable_keccak_store_block_f8(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -1473,9 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_f8(
     uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e(a, ret);
+  libcrux_sha3_portable_keccak_store_block_full_f8(a, ret);
 }
 
 /**
@@ -1486,21 +1486,21 @@ with const generics
 - RATE= 72
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_88(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_f8(s->st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_f8(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b(a, b);
+  libcrux_sha3_portable_keccak_store_block_f8(a, b);
 }
 
 /**
@@ -1526,9 +1526,9 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out);
 }
 
 /**
@@ -1538,10 +1538,10 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out);
 }
 
 /**
@@ -1551,22 +1551,22 @@ with const generics
 - N= 1
 - RATE= 72
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_f8(s.st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1579,36 +1579,36 @@ with const generics
 - RATE= 72
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U,
                                             (size_t)72U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c6(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)72U;
   size_t last = outlen - outlen % (size_t)72U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U);
@@ -1616,15 +1616,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c6(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -1634,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c6(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c6(s, o1);
     }
   }
 }
@@ -1650,12 +1650,12 @@ with const generics
 - RATE= 72
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
 
 /**
@@ -1665,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e4(buf0, buf);
+  libcrux_sha3_portable_keccakx1_96(buf0, buf);
 }
 
 /**
@@ -1673,18 +1673,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5b(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    Result_56 dst;
+    Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    unwrap_26_0e(dst, uu____0);
+    unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -1701,13 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_5b(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -1717,13 +1717,13 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_5b(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1731,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5b(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_650(s, buf);
+  libcrux_sha3_portable_keccak_load_block_5b(s, buf);
 }
 
 /**
@@ -1747,13 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_5b(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_5b(uu____0, copy_of_b);
 }
 
 /**
@@ -1764,8 +1764,8 @@ with const generics
 - RATE= 136
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e0(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -1783,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -1792,7 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5b(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -1810,12 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5b(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b0(s, buf);
+  libcrux_sha3_portable_keccak_store_block_5b(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -1831,10 +1831,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_5b(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_5b(a, ret);
 }
 
 /**
@@ -1845,21 +1844,21 @@ with const generics
 - RATE= 136
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_880(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_5b(s->st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1873,9 +1872,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_5b(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b0(a, b);
+  libcrux_sha3_portable_keccak_store_block_5b(a, b);
 }
 
 /**
@@ -1885,9 +1884,9 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out);
 }
 
 /**
@@ -1897,10 +1896,10 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out);
 }
 
 /**
@@ -1910,22 +1909,22 @@ with const generics
 - N= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_5b(s.st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -1938,36 +1937,36 @@ with const generics
 - RATE= 136
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
                                             (size_t)136U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e0(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)136U;
   size_t last = outlen - outlen % (size_t)136U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
@@ -1975,15 +1974,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -1993,12 +1992,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1);
     }
   }
 }
@@ -2009,12 +2008,12 @@ with const generics
 - RATE= 136
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
 
 /**
@@ -2024,7 +2023,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e40(buf0, buf);
+  libcrux_sha3_portable_keccakx1_ad(buf0, buf);
 }
 
 /**
@@ -2035,8 +2034,8 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e1(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -2054,8 +2053,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2066,36 +2065,36 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e1(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
                                             (size_t)136U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e1(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)136U;
   size_t last = outlen - outlen % (size_t)136U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
@@ -2103,15 +2102,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -2121,12 +2120,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1);
     }
   }
 }
@@ -2137,12 +2136,12 @@ with const generics
 - RATE= 136
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
 
 /**
@@ -2152,18 +2151,18 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256(
     Eurydice_slice digest, Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e41(buf0, buf);
+  libcrux_sha3_portable_keccakx1_ad0(buf0, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakState_48
+typedef libcrux_sha3_generic_keccak_KeccakState_17
     libcrux_sha3_portable_KeccakState;
 
 /**
  Create a new SHAKE-128 state object.
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
 libcrux_sha3_portable_incremental_shake128_init(void) {
-  return libcrux_sha3_generic_keccak_new_89_cf();
+  return libcrux_sha3_generic_keccak_new_89_04();
 }
 
 /**
@@ -2171,18 +2170,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_3a(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    Result_56 dst;
+    Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    unwrap_26_0e(dst, uu____0);
+    unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -2195,11 +2194,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_3a(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_651(s, buf);
+  libcrux_sha3_portable_keccak_load_block_3a(s, buf);
 }
 
 /**
@@ -2211,13 +2210,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_3a(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_3a(uu____0, copy_of_b);
 }
 
 /**
@@ -2228,8 +2227,8 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e2(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -2247,8 +2246,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2256,9 +2255,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) {
   Eurydice_slice buf[1U] = {data0};
-  libcrux_sha3_generic_keccak_absorb_final_402(s, buf);
+  libcrux_sha3_generic_keccak_absorb_final_9e2(s, buf);
 }
 
 /**
@@ -2266,7 +2265,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3a(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -2288,9 +2287,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_3a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b1(a, b);
+  libcrux_sha3_portable_keccak_store_block_3a(a, b);
 }
 
 /**
@@ -2300,9 +2299,9 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out);
 }
 
 /**
@@ -2312,10 +2311,10 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out);
 }
 
 /**
@@ -2326,23 +2325,23 @@ with const generics
 - RATE= 168
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
   Eurydice_slice o0[1U];
   memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o10[1U];
   memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0);
+  libcrux_sha3_generic_keccak_squeeze_first_block_c61(s, o0);
   Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
   Eurydice_slice o1[1U];
   memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o2[1U];
   memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1);
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, o2);
 }
 
 /**
@@ -2350,9 +2349,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
   Eurydice_slice buf[1U] = {out0};
-  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(s, buf);
 }
 
 /**
@@ -2360,9 +2359,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
   Eurydice_slice buf[1U] = {out0};
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, buf);
 }
 
 #define libcrux_sha3_Sha224 0
@@ -2408,18 +2407,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    Result_56 dst;
+    Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    unwrap_26_0e(dst, uu____0);
+    unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -2436,13 +2435,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_2c(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b);
 }
 
 /**
@@ -2452,13 +2451,13 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_2c(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2466,11 +2465,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_2c(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_652(s, buf);
+  libcrux_sha3_portable_keccak_load_block_2c(s, buf);
 }
 
 /**
@@ -2482,13 +2481,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2c(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_2c(uu____0, copy_of_b);
 }
 
 /**
@@ -2499,8 +2498,8 @@ with const generics
 - RATE= 144
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e3(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -2518,8 +2517,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_2c(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2527,7 +2526,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_2c(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -2545,12 +2544,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2c(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b2(s, buf);
+  libcrux_sha3_portable_keccak_store_block_2c(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -2566,10 +2565,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_2c(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_2c(a, ret);
 }
 
 /**
@@ -2580,21 +2578,21 @@ with const generics
 - RATE= 144
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_881(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_2c(s->st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2608,9 +2606,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_2c(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b2(a, b);
+  libcrux_sha3_portable_keccak_store_block_2c(a, b);
 }
 
 /**
@@ -2620,9 +2618,9 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out);
 }
 
 /**
@@ -2632,10 +2630,10 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out);
 }
 
 /**
@@ -2645,22 +2643,22 @@ with const generics
 - N= 1
 - RATE= 144
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_2c(s.st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2673,36 +2671,36 @@ with const generics
 - RATE= 144
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e2(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U,
                                             (size_t)144U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c61(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e3(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)144U;
   size_t last = outlen - outlen % (size_t)144U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U);
@@ -2710,15 +2708,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c62(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -2728,12 +2726,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c62(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c61(s, o1);
     }
   }
 }
@@ -2744,12 +2742,12 @@ with const generics
 - RATE= 144
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
 
 /**
@@ -2759,7 +2757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e42(buf0, buf);
+  libcrux_sha3_portable_keccakx1_1e(buf0, buf);
 }
 
 /**
@@ -2767,18 +2765,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_7a(
     uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
     size_t i0 = i;
     uint8_t uu____0[8U];
-    Result_56 dst;
+    Result_15 dst;
     Eurydice_slice_to_array2(
         &dst,
         Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
         Eurydice_slice, uint8_t[8U]);
-    unwrap_26_0e(dst, uu____0);
+    unwrap_26_68(dst, uu____0);
     size_t uu____1 = i0 / (size_t)5U;
     size_t uu____2 = i0 % (size_t)5U;
     s[uu____1][uu____2] =
@@ -2795,13 +2793,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_7a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_7a(uu____0, copy_of_b);
 }
 
 /**
@@ -2811,13 +2809,13 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_7a(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2825,11 +2823,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a(
     uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
-  libcrux_sha3_portable_keccak_load_block_653(s, buf);
+  libcrux_sha3_portable_keccak_load_block_7a(s, buf);
 }
 
 /**
@@ -2841,13 +2839,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_7a(
     uint64_t (*a)[5U], uint8_t b[1U][200U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_b[1U][200U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b);
 }
 
 /**
@@ -2858,8 +2856,8 @@ with const generics
 - RATE= 104
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e4(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
   size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -2877,8 +2875,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404(
   uint64_t(*uu____3)[5U] = s->st;
   uint8_t uu____4[1U][200U];
   memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_full_5a_7a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -2886,7 +2884,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_7a(
     uint64_t (*s)[5U], Eurydice_slice out[1U]) {
   for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
     size_t i0 = i;
@@ -2904,12 +2902,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7a(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b3(s, buf);
+  libcrux_sha3_portable_keccak_store_block_7a(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -2925,10 +2923,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_7a(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_7a(a, ret);
 }
 
 /**
@@ -2939,21 +2936,21 @@ with const generics
 - RATE= 104
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_882(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_7a(s->st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -2967,9 +2964,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
 with const generics
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
-  libcrux_sha3_portable_keccak_store_block_9b3(a, b);
+  libcrux_sha3_portable_keccak_store_block_7a(a, b);
 }
 
 /**
@@ -2979,9 +2976,9 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out);
 }
 
 /**
@@ -2991,10 +2988,10 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
-  libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out);
 }
 
 /**
@@ -3004,22 +3001,22 @@ with const generics
 - N= 1
 - RATE= 104
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_7a(s.st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -3032,36 +3029,36 @@ with const generics
 - RATE= 104
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e3(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U,
                                             (size_t)104U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c62(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e4(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)104U;
   size_t last = outlen - outlen % (size_t)104U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U);
@@ -3069,15 +3066,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c63(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -3087,12 +3084,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c63(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c62(s, o1);
     }
   }
 }
@@ -3103,12 +3100,12 @@ with const generics
 - RATE= 104
 - DELIM= 6
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
 
 /**
@@ -3118,7 +3115,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest,
                                                          Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e43(buf0, buf);
+  libcrux_sha3_portable_keccakx1_7c(buf0, buf);
 }
 
 /**
@@ -3209,13 +3206,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_3a(
     uint64_t (*a)[5U], Eurydice_slice b[1U]) {
   uint64_t(*uu____0)[5U] = a;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_b[1U];
   memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b);
+  libcrux_sha3_portable_keccak_load_block_3a(uu____0, copy_of_b);
 }
 
 /**
@@ -3225,13 +3222,13 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
   uint64_t(*uu____0)[5U] = s->st;
   Eurydice_slice uu____1[1U];
   memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(s);
+  libcrux_sha3_portable_keccak_load_block_5a_3a(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
 }
 
 /**
@@ -3239,12 +3236,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_3a(
     uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
   uint8_t out[200U] = {0U};
   Eurydice_slice buf[1U] = {
       Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
-  libcrux_sha3_portable_keccak_store_block_9b1(s, buf);
+  libcrux_sha3_portable_keccak_store_block_3a(s, buf);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_out[200U];
   memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
@@ -3260,10 +3257,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void
-libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U],
-                                                     uint8_t ret[1U][200U]) {
-  libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret);
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_3a(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_3a(a, ret);
 }
 
 /**
@@ -3274,21 +3270,21 @@ with const generics
 - RATE= 168
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_and_last_883(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_3a(s->st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -3300,22 +3296,22 @@ with const generics
 - N= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3(
-    libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&s);
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
   uint8_t b[1U][200U];
-  libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b);
+  libcrux_sha3_portable_keccak_store_block_full_5a_3a(s.st, b);
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
     size_t i0 = i;
     Eurydice_slice uu____0 = out[i0];
     uint8_t *uu____1 = b[i0];
-    core_ops_range_Range_b3 lit;
+    core_ops_range_Range_08 lit;
     lit.start = (size_t)0U;
     lit.end = Eurydice_slice_len(out[i0], uint8_t);
     Eurydice_slice_copy(
         uu____0,
         Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
-                                   core_ops_range_Range_b3),
+                                   core_ops_range_Range_08),
         uint8_t);
   }
 }
@@ -3328,36 +3324,36 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064(
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e4(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
-  libcrux_sha3_generic_keccak_KeccakState_48 s =
-      libcrux_sha3_generic_keccak_new_89_cf();
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) {
     size_t i0 = i;
-    libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
     /* Passing arrays by value in Rust generates a copy in C */
     Eurydice_slice copy_of_data[1U];
     memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U,
                                             (size_t)168U, ret);
-    libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c63(uu____0, ret);
   }
   size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U;
-  libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice ret[1U];
   libcrux_sha3_portable_keccak_slice_n_5a(
       copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
-  libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e2(uu____2, ret);
   size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = outlen / (size_t)168U;
   size_t last = outlen - outlen % (size_t)168U;
   if (blocks == (size_t)0U) {
-    libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out);
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(&s, out);
   } else {
     Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
         libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
@@ -3365,15 +3361,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064(
     memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
     Eurydice_slice o1[1U];
     memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0);
-    core_ops_range_Range_b3 iter =
+    libcrux_sha3_generic_keccak_squeeze_first_block_c61(&s, o0);
+    core_ops_range_Range_08 iter =
         core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-            (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                                .end = blocks}),
-            core_ops_range_Range_b3, core_ops_range_Range_b3);
+            core_ops_range_Range_08, core_ops_range_Range_08);
     while (true) {
       if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-              &iter, size_t, Option_b3)
+              &iter, size_t, Option_08)
               .tag == None) {
         break;
       } else {
@@ -3383,12 +3379,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064(
         memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
         Eurydice_slice orest[1U];
         memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
-        libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o);
+        libcrux_sha3_generic_keccak_squeeze_next_block_c61(&s, o);
         memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
       }
     }
     if (last < outlen) {
-      libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1);
+      libcrux_sha3_generic_keccak_squeeze_last_c63(s, o1);
     }
   }
 }
@@ -3399,12 +3395,12 @@ with const generics
 - RATE= 168
 - DELIM= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out);
+  libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
 
 /**
@@ -3414,7 +3410,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128(
     Eurydice_slice digest, Eurydice_slice data) {
   Eurydice_slice buf0[1U] = {data};
   Eurydice_slice buf[1U] = {digest};
-  libcrux_sha3_portable_keccakx1_e44(buf0, buf);
+  libcrux_sha3_portable_keccakx1_c6(buf0, buf);
 }
 
 /**
@@ -3506,7 +3502,7 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
 }
 
 typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 state[2U];
+  libcrux_sha3_generic_keccak_KeccakState_17 state[2U];
 } libcrux_sha3_neon_x2_incremental_KeccakState;
 
 /**
@@ -3613,37 +3609,37 @@ with const generics
 - RATE= 168
 */
 static KRML_MUSTINLINE void
-libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
+libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
   Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
   Eurydice_slice o0[1U];
   memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o10[1U];
   memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0);
+  libcrux_sha3_generic_keccak_squeeze_first_block_c61(s, o0);
   Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
   Eurydice_slice o1[1U];
   memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o20[1U];
   memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, o1);
   Eurydice_slice_uint8_t_1size_t__x2 uu____2 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U);
   Eurydice_slice o2[1U];
   memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o30[1U];
   memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, o2);
   Eurydice_slice_uint8_t_1size_t__x2 uu____3 =
       libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U);
   Eurydice_slice o3[1U];
   memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice o4[1U];
   memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o3);
-  libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o4);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, o3);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c61(s, o4);
 }
 
 /**
@@ -3651,9 +3647,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
   Eurydice_slice buf[1U] = {out0};
-  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(s, buf);
 }
 
 /**
@@ -3661,17 +3657,17 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake256_absorb_final(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) {
   Eurydice_slice buf[1U] = {data};
-  libcrux_sha3_generic_keccak_absorb_final_401(s, buf);
+  libcrux_sha3_generic_keccak_absorb_final_9e1(s, buf);
 }
 
 /**
  Create a new SHAKE-256 state object.
 */
-static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
 libcrux_sha3_portable_incremental_shake256_init(void) {
-  return libcrux_sha3_generic_keccak_new_89_cf();
+  return libcrux_sha3_generic_keccak_new_89_04();
 }
 
 /**
@@ -3679,9 +3675,9 @@ libcrux_sha3_portable_incremental_shake256_init(void) {
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_first_block_c60(s, buf);
 }
 
 /**
@@ -3689,9 +3685,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
 */
 static KRML_MUSTINLINE void
 libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
-    libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c60(s, buf);
 }
 
 /**
@@ -3701,14 +3697,14 @@ with const generics
 - $1size_t
 - $136size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 inner;
+typedef struct libcrux_sha3_generic_keccak_KeccakXofState_e2_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 inner;
   uint8_t buf[1U][136U];
   size_t buf_len;
   bool sponge;
-} libcrux_sha3_generic_keccak_KeccakXofState_4f;
+} libcrux_sha3_generic_keccak_KeccakXofState_e2;
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
+typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
     libcrux_sha3_portable_incremental_Shake256Absorb;
 
 /**
@@ -3731,8 +3727,8 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
@@ -3765,15 +3761,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs0[1U];
   memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_consumed =
-      libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0);
+      libcrux_sha3_generic_keccak_fill_buffer_8b_c6(uu____0, copy_of_inputs0);
   if (input_consumed > (size_t)0U) {
     Eurydice_slice borrowed[1U];
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -3789,8 +3785,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a(
     uint64_t(*uu____2)[5U] = self->inner.st;
     Eurydice_slice uu____3[1U];
     memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_portable_keccak_load_block_5a_350(uu____2, uu____3);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_5b(uu____2, uu____3);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
     self->buf_len = (size_t)0U;
   }
   size_t input_to_consume =
@@ -3806,8 +3802,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a(
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(
         copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret);
-    libcrux_sha3_portable_keccak_load_block_5a_350(uu____4, ret);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_5b(uu____4, ret);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   return remainder;
 }
@@ -3835,15 +3831,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
   if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -3870,12 +3866,12 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
 */
 static inline void libcrux_sha3_portable_incremental_absorb_7d(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_8b_45(self, buf);
+  libcrux_sha3_generic_keccak_absorb_8b_c6(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
+typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
     libcrux_sha3_portable_incremental_Shake256Squeeze;
 
 /**
@@ -3896,15 +3892,15 @@ with const generics
 - RATE= 136
 - DELIMITER= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -3935,8 +3931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6(
   uint64_t(*uu____6)[5U] = self->inner.st;
   uint8_t uu____7[1U][200U];
   memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____6, uu____7);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____6, uu____7);
+  libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
 }
 
 /**
@@ -3947,11 +3943,11 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
 libcrux_sha3_portable_incremental_absorb_final_7d(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf);
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e(&self, buf);
   return self;
 }
 
@@ -3969,7 +3965,7 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e(
+static inline void libcrux_sha3_generic_keccak_zero_block_8b_c6(
     uint8_t ret[136U]) {
   ret[0U] = 0U;
   ret[1U] = 0U;
@@ -4123,12 +4119,12 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
-libcrux_sha3_generic_keccak_new_8b_47(void) {
-  libcrux_sha3_generic_keccak_KeccakXofState_4f lit;
-  lit.inner = libcrux_sha3_generic_keccak_new_89_cf();
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
+libcrux_sha3_generic_keccak_new_8b_c6(void) {
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 lit;
+  lit.inner = libcrux_sha3_generic_keccak_new_89_04();
   uint8_t ret[136U];
-  libcrux_sha3_generic_keccak_zero_block_8b_5e(ret);
+  libcrux_sha3_generic_keccak_zero_block_8b_c6(ret);
   memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t));
   lit.buf_len = (size_t)0U;
   lit.sponge = false;
@@ -4143,9 +4139,9 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
 libcrux_sha3_portable_incremental_new_7d(void) {
-  return libcrux_sha3_generic_keccak_new_8b_47();
+  return libcrux_sha3_generic_keccak_new_8b_c6();
 }
 
 /**
@@ -4155,14 +4151,14 @@ with const generics
 - $1size_t
 - $168size_t
 */
-typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s {
-  libcrux_sha3_generic_keccak_KeccakState_48 inner;
+typedef struct libcrux_sha3_generic_keccak_KeccakXofState_97_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 inner;
   uint8_t buf[1U][168U];
   size_t buf_len;
   bool sponge;
-} libcrux_sha3_generic_keccak_KeccakXofState_78;
+} libcrux_sha3_generic_keccak_KeccakXofState_97;
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_78
+typedef libcrux_sha3_generic_keccak_KeccakXofState_97
     libcrux_sha3_portable_incremental_Shake128Absorb;
 
 /**
@@ -4185,8 +4181,8 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
@@ -4219,15 +4215,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs0[1U];
   memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_consumed =
-      libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0);
+      libcrux_sha3_generic_keccak_fill_buffer_8b_c60(uu____0, copy_of_inputs0);
   if (input_consumed > (size_t)0U) {
     Eurydice_slice borrowed[1U];
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -4243,8 +4239,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0(
     uint64_t(*uu____2)[5U] = self->inner.st;
     Eurydice_slice uu____3[1U];
     memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
-    libcrux_sha3_portable_keccak_load_block_5a_353(uu____2, uu____3);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_3a(uu____2, uu____3);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
     self->buf_len = (size_t)0U;
   }
   size_t input_to_consume =
@@ -4260,8 +4256,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0(
     Eurydice_slice ret[1U];
     libcrux_sha3_portable_keccak_slice_n_5a(
         copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret);
-    libcrux_sha3_portable_keccak_load_block_5a_353(uu____4, ret);
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_portable_keccak_load_block_5a_3a(uu____4, ret);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   return remainder;
 }
@@ -4289,15 +4285,15 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
   if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -4321,12 +4317,12 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake128Absorb)}
 */
 static inline void libcrux_sha3_portable_incremental_absorb_1c(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_8b_450(self, buf);
+  libcrux_sha3_generic_keccak_absorb_8b_c60(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_78
+typedef libcrux_sha3_generic_keccak_KeccakXofState_97
     libcrux_sha3_portable_incremental_Shake128Squeeze;
 
 /**
@@ -4347,15 +4343,15 @@ with const generics
 - RATE= 168
 - DELIMITER= 31
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e0(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice inputs[1U]) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_inputs[1U];
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
-      libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs);
+      libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   uint8_t blocks[1U][200U] = {{0U}};
   for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
@@ -4386,8 +4382,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60(
   uint64_t(*uu____6)[5U] = self->inner.st;
   uint8_t uu____7[1U][200U];
   memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
-  libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____6, uu____7);
-  libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+  libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____6, uu____7);
+  libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
 }
 
 /**
@@ -4395,11 +4391,11 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
 libcrux_sha3::portable::incremental::Shake128Absorb)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_78
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
 libcrux_sha3_portable_incremental_absorb_final_1c(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) {
+    libcrux_sha3_generic_keccak_KeccakXofState_97 self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf);
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(&self, buf);
   return self;
 }
 
@@ -4417,7 +4413,7 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0(
+static inline void libcrux_sha3_generic_keccak_zero_block_8b_c60(
     uint8_t ret[168U]) {
   ret[0U] = 0U;
   ret[1U] = 0U;
@@ -4603,12 +4599,12 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_78
-libcrux_sha3_generic_keccak_new_8b_470(void) {
-  libcrux_sha3_generic_keccak_KeccakXofState_78 lit;
-  lit.inner = libcrux_sha3_generic_keccak_new_89_cf();
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
+libcrux_sha3_generic_keccak_new_8b_c60(void) {
+  libcrux_sha3_generic_keccak_KeccakXofState_97 lit;
+  lit.inner = libcrux_sha3_generic_keccak_new_89_04();
   uint8_t ret[168U];
-  libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret);
+  libcrux_sha3_generic_keccak_zero_block_8b_c60(ret);
   memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t));
   lit.buf_len = (size_t)0U;
   lit.sponge = false;
@@ -4620,9 +4616,9 @@ This function found in impl
 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
 libcrux_sha3::portable::incremental::Shake128Absorb)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_78
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
 libcrux_sha3_portable_incremental_new_1c(void) {
-  return libcrux_sha3_generic_keccak_new_8b_470();
+  return libcrux_sha3_generic_keccak_new_8b_c60();
 }
 
 /**
@@ -4637,7 +4633,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
 with const generics
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
     uint64_t (*state)[5U], Eurydice_slice out[1U]) {
   size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
   size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
@@ -4678,11 +4674,11 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 136
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
     Eurydice_slice out[1U]) {
   if (self->sponge) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = out_len / (size_t)136U;
@@ -4699,15 +4695,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba(
   memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice out_rest[1U];
   memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out00);
-  core_ops_range_Range_b3 iter =
+  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                              .end = blocks}),
-          core_ops_range_Range_b3, core_ops_range_Range_b3);
+          core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-            &iter, size_t, Option_b3)
+            &iter, size_t, Option_08)
             .tag == None) {
       break;
     } else {
@@ -4718,14 +4714,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba(
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
       Eurydice_slice tmp[1U];
       memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-      libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-      libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out0);
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
       memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
     }
   }
   if (last < out_len) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-    libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out_rest);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
   }
   self->sponge = true;
 }
@@ -4739,9 +4735,9 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake256Squeeze)#3}
 */
 static inline void libcrux_sha3_portable_incremental_squeeze_8a(
-    libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf);
+  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
 }
 
 /**
@@ -4756,7 +4752,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
 with const generics
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810(
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_3a(
     uint64_t (*state)[5U], Eurydice_slice out[1U]) {
   size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
   size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
@@ -4797,11 +4793,11 @@ with const generics
 - PARALLEL_LANES= 1
 - RATE= 168
 */
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
     Eurydice_slice out[1U]) {
   if (self->sponge) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
   }
   size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
   size_t blocks = out_len / (size_t)168U;
@@ -4818,15 +4814,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0(
   memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
   Eurydice_slice out_rest[1U];
   memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out00);
-  core_ops_range_Range_b3 iter =
+  libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
                                              .end = blocks}),
-          core_ops_range_Range_b3, core_ops_range_Range_b3);
+          core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-            &iter, size_t, Option_b3)
+            &iter, size_t, Option_08)
             .tag == None) {
       break;
     } else {
@@ -4837,14 +4833,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0(
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
       Eurydice_slice tmp[1U];
       memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-      libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-      libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out0);
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out0);
       memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
     }
   }
   if (last < out_len) {
-    libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner);
-    libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out_rest);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out_rest);
   }
   self->sponge = true;
 }
@@ -4858,18 +4854,18 @@ This function found in impl
 libcrux_sha3::portable::incremental::Shake128Squeeze)#1}
 */
 static inline void libcrux_sha3_portable_incremental_squeeze_10(
-    libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) {
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf);
+  libcrux_sha3_generic_keccak_squeeze_8b_c60(self, buf);
 }
 
 /**
 This function found in impl {(core::clone::Clone for
 libcrux_sha3::portable::KeccakState)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakState_48
+static inline libcrux_sha3_generic_keccak_KeccakState_17
 libcrux_sha3_portable_clone_3d(
-    libcrux_sha3_generic_keccak_KeccakState_48 *self) {
+    libcrux_sha3_generic_keccak_KeccakState_17 *self) {
   return self[0U];
 }
 

From 1b88555ac3e5744a06299c35cfe33c2b2d6122b4 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Mon, 4 Nov 2024 06:40:26 +0000
Subject: [PATCH 006/142] Proofs for Ind-cca unpacked functions

---
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       | 270 ++++++++++++------
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti      | 232 +++++++++++++--
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    |  13 +-
 .../proofs/fstar/spec/Spec.MLKEM.fst          |  71 ++++-
 libcrux-ml-kem/src/ind_cca.rs                 | 215 +++++++++++++-
 libcrux-ml-kem/src/ind_cpa.rs                 |   7 +-
 6 files changed, 677 insertions(+), 131 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index feecb5229..90b5d0f43 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -14,7 +14,7 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-let impl_2__private_key
+let impl_4__private_key
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -23,7 +23,7 @@ let impl_2__private_key
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      = self.f_private_key
 
-let impl_2__public_key
+let impl_4__public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -32,7 +32,7 @@ let impl_2__public_key
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      = self.f_public_key
 
-let impl_2__serialized_private_key
+let impl_4__serialized_private_key
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -40,11 +40,105 @@ let impl_2__serialized_private_key
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      =
+  let _:Prims.unit = admit () in
   Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not yet implemented"
       <:
       Rust_primitives.Hax.t_Never)
 
-let impl_2__new
+let transpose_a
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (ind_cpa_a:
+          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+     =
+  let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+    Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      v_K
+      (fun v__i ->
+          let v__i:usize = v__i in
+          Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+            v_K
+            (fun v__j ->
+                let v__j:usize = v__j in
+                Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+                <:
+                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          <:
+          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+  in
+  let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      v_K
+      (fun v_A i ->
+          let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+            v_K =
+            v_A
+          in
+          let i:usize = i in
+          forall (j: nat).
+            j < v i ==>
+            (forall (k: nat).
+                k < v v_K ==> Seq.index (Seq.index v_A j) k == Seq.index (Seq.index ind_cpa_a k) j))
+      v_A
+      (fun v_A i ->
+          let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+            v_K =
+            v_A
+          in
+          let i:usize = i in
+          let v__a_i:t_Array
+            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+            v_A
+          in
+          Rust_primitives.Hax.Folds.fold_range (sz 0)
+            v_K
+            (fun v_A j ->
+                let v_A:t_Array
+                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                  v_A
+                in
+                let j:usize = j in
+                (forall (k: nat). k < v i ==> Seq.index v_A k == Seq.index v__a_i k) /\
+                (forall (k: nat).
+                    k < v j ==>
+                    Seq.index (Seq.index v_A (v i)) k == Seq.index (Seq.index ind_cpa_a k) (v i)))
+            v_A
+            (fun v_A j ->
+                let v_A:t_Array
+                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                  v_A
+                in
+                let j:usize = j in
+                let v_A:t_Array
+                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+                  Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A
+                    i
+                    (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ]
+                          <:
+                          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+                        j
+                        (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement
+                              v_Vector)
+                            #FStar.Tactics.Typeclasses.solve
+                            ((ind_cpa_a.[ j ]
+                                <:
+                                t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+                                  v_K).[ i ]
+                              <:
+                              Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+                          <:
+                          Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+                      <:
+                      t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+                in
+                v_A))
+  in
+  v_A
+
+let impl_4__new
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -92,6 +186,14 @@ let unpack_public_key
     <:
     t_MlKemPublicKeyUnpacked v_K v_Vector
   in
+  let _:Prims.unit =
+    let _, seed = split public_key.f_value (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K) in
+    Lib.Sequence.eq_intro #u8 #32 (Libcrux_ml_kem.Utils.into_padded_array (sz 32) seed) seed;
+    Lib.Sequence.eq_intro #u8
+      #32
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32)
+      seed
+  in
   let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector =
     {
       unpacked_public_key with
@@ -175,6 +277,12 @@ let encapsulate
       (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector)
       (randomness: t_Array u8 (sz 32))
      =
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #32
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 64) randomness) 0 32)
+      randomness
+  in
   let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) =
     Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8)
   in
@@ -193,6 +301,9 @@ let encapsulate
         <:
         t_Slice u8)
   in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8 #64 to_hash (concat randomness public_key.f_public_key_hash)
+  in
   let hashed:t_Array u8 (sz 64) =
     Libcrux_ml_kem.Hash_functions.f_G #v_Hasher
       #v_K
@@ -222,7 +333,7 @@ let encapsulate
   <:
   (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
 
-let impl__serialized_public_key_mut
+let impl_3__serialized_public_key_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -250,7 +361,7 @@ let impl__serialized_public_key_mut
   in
   serialized
 
-let impl_2__serialized_public_key_mut
+let impl_4__serialized_public_key_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -263,7 +374,7 @@ let impl_2__serialized_public_key_mut
   let hax_temp_output, serialized:(Prims.unit &
     Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) =
     (),
-    impl__serialized_public_key_mut v_K
+    impl_3__serialized_public_key_mut v_K
       #v_Vector
       v_RANKED_BYTES_PER_RING_ELEMENT
       v_PUBLIC_KEY_SIZE
@@ -274,7 +385,7 @@ let impl_2__serialized_public_key_mut
   in
   serialized
 
-let impl__serialized_public_key
+let impl_3__serialized_public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -295,7 +406,7 @@ let impl__serialized_public_key
       <:
       t_Array u8 v_PUBLIC_KEY_SIZE)
 
-let impl_2__serialized_public_key
+let impl_4__serialized_public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -304,12 +415,14 @@ let impl_2__serialized_public_key
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      =
-  impl__serialized_public_key v_K
+  impl_3__serialized_public_key v_K
     #v_Vector
     v_RANKED_BYTES_PER_RING_ELEMENT
     v_PUBLIC_KEY_SIZE
     self.f_public_key
 
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let generate_keypair
       (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
           usize)
@@ -375,78 +488,39 @@ let generate_keypair
   in
   let _:Prims.unit = () in
   let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-    Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-      v_K
-      (fun v__i ->
-          let v__i:usize = v__i in
-          Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-            v_K
-            (fun v__j ->
-                let v__j:usize = v__j in
-                Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-                <:
-                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          <:
-          t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-  in
-  let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      v_K
-      (fun v_A temp_1_ ->
-          let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-            v_K =
-            v_A
-          in
-          let _:usize = temp_1_ in
-          true)
-      v_A
-      (fun v_A i ->
-          let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-            v_K =
-            v_A
-          in
-          let i:usize = i in
-          Rust_primitives.Hax.Folds.fold_range (sz 0)
-            v_K
-            (fun v_A temp_1_ ->
-                let v_A:t_Array
-                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-                  v_A
-                in
-                let _:usize = temp_1_ in
-                true)
-            v_A
-            (fun v_A j ->
-                let v_A:t_Array
-                  (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
-                  v_A
-                in
-                let j:usize = j in
-                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A
-                  i
-                  (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ]
-                        <:
-                        t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-                      j
-                      (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement
-                            v_Vector)
-                          #FStar.Tactics.Typeclasses.solve
-                          ((out.f_public_key.f_ind_cpa_public_key
-                                .Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ]
-                              <:
-                              t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-                                v_K).[ i ]
-                            <:
-                            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-                        <:
-                        Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-                    <:
-                    t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-                <:
-                t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-                  v_K)
-          <:
-          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+    transpose_a v_K
+      #v_Vector
+      out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
+  in
+  let _:Prims.unit =
+    let ind_cpa_keypair_randomness, _ =
+      split randomness Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE
+    in
+    let (((_, _), matrix_A_as_ntt), _), sufficient_randomness =
+      Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K ind_cpa_keypair_randomness
+    in
+    let m_v_A = Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector v_A in
+    let m_f_A =
+      Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K
+        #v_Vector
+        out.f_public_key.f_ind_cpa_public_key.f_A
+    in
+    let m_A:Spec.MLKEM.matrix v_K = createi v_K (Spec.MLKEM.matrix_A_as_ntt_i matrix_A_as_ntt) in
+    assert (forall (i: nat).
+          i < v v_K ==>
+          (forall (j: nat).
+              j < v v_K ==> Seq.index (Seq.index m_v_A i) j == Seq.index (Seq.index m_f_A j) i));
+    let lemma_aux (i: nat{i < v v_K})
+        : Lemma (sufficient_randomness ==> Seq.index m_v_A i == Seq.index m_A i) =
+      if sufficient_randomness
+      then
+        Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial)
+          #(v v_K)
+          (Seq.index m_v_A i)
+          (Seq.index m_A i)
+    in
+    Classical.forall_intro lemma_aux;
+    if sufficient_randomness then Lib.Sequence.eq_intro #(Spec.MLKEM.vector v_K) #(v v_K) m_A m_v_A
   in
   let out:t_MlKemKeyPairUnpacked v_K v_Vector =
     {
@@ -523,6 +597,10 @@ let generate_keypair
   in
   out
 
+#pop-options
+
+#push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
+
 let decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
@@ -536,6 +614,15 @@ let decapsulate
       (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
      =
+  let _:Prims.unit =
+    assert (v v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == 32 + v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K));
+    assert (v (Spec.MLKEM.v_C1_SIZE v_K +! Spec.MLKEM.v_C2_SIZE v_K) ==
+        v (Spec.MLKEM.v_C1_SIZE v_K) + v (Spec.MLKEM.v_C2_SIZE v_K));
+    assert (v (Spec.MLKEM.v_C1_SIZE v_K) == v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K) * v v_K);
+    assert (v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K) ==
+        32 * v (Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K));
+    assert (v (Spec.MLKEM.v_C2_SIZE v_K) == 32 * v (Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K))
+  in
   let decrypted:t_Array u8 (sz 32) =
     Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K
       v_CIPHERTEXT_SIZE
@@ -549,6 +636,7 @@ let decapsulate
   let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) =
     Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8)
   in
+  let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 (Seq.slice to_hash 0 32) decrypted in
   let to_hash:t_Array u8 (sz 64) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash
       ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE }
@@ -564,6 +652,9 @@ let decapsulate
         <:
         t_Slice u8)
   in
+  let _:Prims.unit =
+    Lib.Sequence.lemma_concat2 32 decrypted 32 key_pair.f_public_key.f_public_key_hash to_hash
+  in
   let hashed:t_Array u8 (sz 64) =
     Libcrux_ml_kem.Hash_functions.f_G #v_Hasher
       #v_K
@@ -580,6 +671,12 @@ let decapsulate
     Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE
       (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8)
   in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #32
+      (Seq.slice to_hash 0 32)
+      key_pair.f_private_key.f_implicit_rejection_value
+  in
   let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash
       ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE }
@@ -600,6 +697,13 @@ let decapsulate
         <:
         t_Slice u8)
   in
+  let _:Prims.unit =
+    Lib.Sequence.lemma_concat2 32
+      key_pair.f_private_key.f_implicit_rejection_value
+      (v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K))
+      ciphertext.f_value
+      to_hash
+  in
   let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) =
     Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher
       #v_K
@@ -626,3 +730,5 @@ let decapsulate
   Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret
     (implicit_rejection_shared_secret <: t_Slice u8)
     selector
+
+#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index 8a8daa153..6bccf5010 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -39,7 +39,7 @@ type t_MlKemKeyPairUnpacked
 }
 
 /// Get the serialized public key.
-val impl_2__private_key
+val impl_4__private_key
       (v_K: usize)
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -47,7 +47,7 @@ val impl_2__private_key
     : Prims.Pure (t_MlKemPrivateKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
-val impl_2__public_key
+val impl_4__public_key
       (v_K: usize)
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -55,15 +55,36 @@ val impl_2__public_key
     : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Get the serialized private key.
-val impl_2__serialized_private_key
+val impl_4__serialized_private_key
       (v_K: usize)
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_K) Prims.l_True (fun _ -> Prims.l_True)
 
+val transpose_a
+      (v_K: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (ind_cpa_a:
+          t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+    : Prims.Pure
+      (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K)
+      Prims.l_True
+      (ensures
+        fun result ->
+          let result:t_Array
+            (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K =
+            result
+          in
+          forall (i: nat).
+            i < v v_K ==>
+            (forall (j: nat).
+                j < v v_K ==>
+                Seq.index (Seq.index result i) j == Seq.index (Seq.index ind_cpa_a j) i))
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1
+let impl
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -90,7 +111,7 @@ let impl_1
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3
+let impl_1
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -128,7 +149,7 @@ let impl_3
   }
 
 /// Create a new empty unpacked key pair.
-val impl_2__new:
+val impl_4__new:
     v_K: usize ->
     #v_Vector: Type0 ->
     {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} ->
@@ -143,7 +164,28 @@ val unpack_public_key
       {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
       (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector)
-    : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
+      (ensures
+        fun unpacked_public_key_future ->
+          let unpacked_public_key_future:t_MlKemPublicKeyUnpacked v_K v_Vector =
+            unpacked_public_key_future
+          in
+          let public_key_hash, (seed, (deserialized_pk, (matrix_A, valid))) =
+            Spec.MLKEM.ind_cca_unpack_public_key v_K public_key.f_value
+          in
+          (valid ==>
+            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K
+              #v_Vector
+              unpacked_public_key_future.f_ind_cpa_public_key.f_A ==
+            matrix_A) /\
+          Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+            #v_Vector
+            unpacked_public_key_future.f_ind_cpa_public_key.f_t_as_ntt ==
+          deserialized_pk /\ unpacked_public_key_future.f_ind_cpa_public_key.f_seed_for_A == seed /\
+          unpacked_public_key_future.f_public_key_hash == public_key_hash)
 
 val encapsulate
       (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
@@ -154,11 +196,38 @@ val encapsulate
       (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
+      (ensures
+        fun temp_0_ ->
+          let ciphertext_result, shared_secret_array:(Libcrux_ml_kem.Types.t_MlKemCiphertext
+            v_CIPHERTEXT_SIZE &
+            t_Array u8 (sz 32)) =
+            temp_0_
+          in
+          let ciphertext, shared_secret =
+            Spec.MLKEM.ind_cca_unpack_encapsulate v_K
+              public_key.f_public_key_hash
+              (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                  #v_Vector
+                  public_key.f_ind_cpa_public_key.f_t_as_ntt)
+              (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K
+                  #v_Vector
+                  public_key.f_ind_cpa_public_key.f_A)
+              randomness
+          in
+          ciphertext_result.f_value == ciphertext /\ shared_secret_array == shared_secret)
 
 /// Get the serialized public key.
-val impl__serialized_public_key_mut
+val impl_3__serialized_public_key_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -166,11 +235,30 @@ val impl__serialized_public_key_mut
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
+      (ensures
+        fun serialized_future ->
+          let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE =
+            serialized_future
+          in
+          serialized_future.f_value ==
+          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                    #v_Vector
+                    self.f_ind_cpa_public_key.f_t_as_ntt))
+            self.f_ind_cpa_public_key.f_seed_for_A)
 
 /// Get the serialized public key.
-val impl_2__serialized_public_key_mut
+val impl_4__serialized_public_key_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -178,30 +266,83 @@ val impl_2__serialized_public_key_mut
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self.f_public_key
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
+      (ensures
+        fun serialized_future ->
+          let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE =
+            serialized_future
+          in
+          serialized_future.f_value ==
+          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                    #v_Vector
+                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt))
+            self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)
 
 /// Get the serialized public key.
-val impl__serialized_public_key
+val impl_3__serialized_public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
+      (ensures
+        fun res ->
+          let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in
+          res.f_value ==
+          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                    #v_Vector
+                    self.f_ind_cpa_public_key.f_t_as_ntt))
+            self.f_ind_cpa_public_key.f_seed_for_A)
 
 /// Get the serialized public key.
-val impl_2__serialized_public_key
+val impl_4__serialized_public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        (forall (i: nat).
+            i < v v_K ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self.f_public_key
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
+      (ensures
+        fun res ->
+          let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in
+          res.f_value ==
+          Seq.append (Spec.MLKEM.vector_encode_12 #v_K
+                (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                    #v_Vector
+                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt))
+            self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)
 
 /// Generate Unpacked Keys
 val generate_keypair
@@ -213,7 +354,24 @@ val generate_keypair
       {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |}
       (randomness: t_Array u8 (sz 64))
       (out: t_MlKemKeyPairUnpacked v_K v_Vector)
-    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)
+      (ensures
+        fun out_future ->
+          let out_future:t_MlKemKeyPairUnpacked v_K v_Vector = out_future in
+          let ((m_A, public_key_hash), implicit_rejection_value), valid =
+            Spec.MLKEM.ind_cca_unpack_generate_keypair v_K randomness
+          in
+          valid ==>
+          Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K
+            #v_Vector
+            out_future.f_public_key.f_ind_cpa_public_key.f_A ==
+          m_A /\ out_future.f_public_key.f_public_key_hash == public_key_hash /\
+          out_future.f_private_key.f_implicit_rejection_value == implicit_rejection_value)
 
 val decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
@@ -223,4 +381,32 @@ val decapsulate
       {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
       (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (ensures
+        fun result ->
+          let result:t_Array u8 (sz 32) = result in
+          result ==
+          Spec.MLKEM.ind_cca_unpack_decapsulate v_K
+            key_pair.f_public_key.f_public_key_hash
+            key_pair.f_private_key.f_implicit_rejection_value
+            ciphertext.f_value
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                #v_Vector
+                key_pair.f_private_key.f_ind_cpa_private_key.f_secret_as_ntt)
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                #v_Vector
+                key_pair.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K
+                #v_Vector
+                key_pair.f_public_key.f_ind_cpa_public_key.f_A))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 51c306877..32c317b57 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -165,16 +165,17 @@ val generate_keypair_unpacked
             Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) =
             temp_0_
           in
-          let ((t_as_ntt, seed_for_A), secret_as_ntt), valid =
+          let (((t_as_ntt, seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid =
             Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K key_generation_seed
           in
           (valid ==>
-            ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key_future.f_t_as_ntt
-              ) ==
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key_future.f_t_as_ntt ==
               t_as_ntt) /\ (public_key_future.f_seed_for_A == seed_for_A) /\
-            ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
-                  #v_Vector
-                  private_key_future.f_secret_as_ntt) ==
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key_future.f_A ==
+              matrix_A_as_ntt) /\
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+                #v_Vector
+                private_key_future.f_secret_as_ntt ==
               secret_as_ntt)) /\
           (forall (i: nat).
               i < v v_K ==>
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
index 7defc385c..a6114ea93 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
@@ -189,6 +189,7 @@ let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v d
 let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r =
     vector_ntt (sample_vector_cbd1 #r seed domain_sep)
 
+[@ "opaque_to_smt"]
 let vector_encode_12 (#r:rank) (v: vector r) : t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r)
   = let s: t_Array (t_Array _ (sz 384)) r = map_array (byte_encode 12) (coerce_vector_12 v) in
     flatten s
@@ -229,7 +230,7 @@ let decode_then_decompress_v (u:usize{u == sz 4 \/ u == sz 5}): t_Array u8 (sz 3
 (** IND-CPA Functions *)
 
 val ind_cpa_generate_keypair_unpacked (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) :
-                             ((((vector r) & (t_Array u8 (sz 32))) & (vector r)) & bool)
+                             (((((vector r) & (t_Array u8 (sz 32))) & (matrix r)) & (vector r)) & bool)
 let ind_cpa_generate_keypair_unpacked r randomness =
     let hashed = v_G (Seq.append randomness (Seq.create 1 (cast r <: u8))) in
     let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in
@@ -237,7 +238,7 @@ let ind_cpa_generate_keypair_unpacked r randomness =
     let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in
     let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in
     let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in
-    (((t_as_ntt,seed_for_A), secret_as_ntt), sufficient_randomness)
+    (((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), sufficient_randomness
 
 /// This function implements most of <strong>Algorithm 12</strong> of the
 /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE key generation algorithm.
@@ -249,7 +250,7 @@ let ind_cpa_generate_keypair_unpacked r randomness =
 val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) :
                              (t_MLKEMCPAKeyPair r & bool)
 let ind_cpa_generate_keypair r randomness =
-    let (((t_as_ntt,seed_for_A), secret_as_ntt), sufficient_randomness) =
+    let ((((t_as_ntt,seed_for_A), _), secret_as_ntt), sufficient_randomness) =
       ind_cpa_generate_keypair_unpacked r randomness in
     let public_key_serialized = Seq.append (vector_encode_12 #r t_as_ntt) seed_for_A in
     let secret_key_serialized = vector_encode_12 #r secret_as_ntt in
@@ -380,3 +381,67 @@ let ind_cca_decapsulate p secret_key ciphertext =
     if reencrypted = ciphertext
     then success_shared_secret, sufficient_randomness
     else rejection_shared_secret, sufficient_randomness
+
+val ind_cca_unpack_public_key (r:rank) (public_key: t_MLKEMPublicKey r) :
+                        t_Array u8 (sz 32) & (t_Array u8 (sz 32) & (vector r & (matrix r & bool)))
+let ind_cca_unpack_public_key p public_key =
+    let (ring_elements, seed) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in
+    let deserialized_pk = vector_decode_12 #p ring_elements in
+    let (matrix_A, sufficient_randomness) = sample_matrix_A_ntt seed in
+    let matrix_A = matrix_transpose #p matrix_A in
+    let public_key_hash = v_H public_key in
+    public_key_hash, (seed, (deserialized_pk, (matrix_A, sufficient_randomness)))
+
+let matrix_A_as_ntt_j (#r:rank) (matrix_A_as_ntt:matrix r) (i:usize{i <. r}) (j:usize{j <. r}) : polynomial =
+  Seq.index (Seq.index matrix_A_as_ntt (v j)) (v i)
+
+let matrix_A_as_ntt_i (#r:rank) (matrix_A_as_ntt:matrix r) (i:usize{i <. r}) : vector r =
+  createi r (matrix_A_as_ntt_j matrix_A_as_ntt i)
+
+val ind_cca_unpack_generate_keypair (r:rank) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) :
+                             ((matrix r & t_Array u8 (sz 32)) & t_Array u8 (sz 32)) & bool
+let ind_cca_unpack_generate_keypair p randomness =
+  let (ind_cpa_keypair_randomness, implicit_rejection_value) = split randomness v_CPA_KEY_GENERATION_SEED_SIZE in
+  let ((((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), sufficient_randomness) =
+    ind_cpa_generate_keypair_unpacked p ind_cpa_keypair_randomness in
+  // let m_A = 
+  // createi p (fun i -> 
+  //   createi p (fun j ->
+  //     Seq.index (Seq.index matrix_A_as_ntt j) i
+  //     ))
+  // in 
+  let m_A = createi p (matrix_A_as_ntt_i matrix_A_as_ntt) in 
+  let pk_serialized = Seq.append (vector_encode_12 t_as_ntt) seed_for_A in
+  let public_key_hash = v_H pk_serialized in
+  ((m_A, public_key_hash), implicit_rejection_value), sufficient_randomness
+
+val ind_cca_unpack_encapsulate (r:rank) (public_key_hash:t_Array u8 (sz 32))
+                    (t_as_ntt:vector r)
+                    (matrix_A_as_ntt:matrix r)
+                    (randomness:t_Array u8 v_SHARED_SECRET_SIZE) :
+                    (t_MLKEMCiphertext r & t_Array u8 v_SHARED_SECRET_SIZE)
+let ind_cca_unpack_encapsulate r public_key_hash t_as_ntt matrix_A_as_ntt randomness =
+  let to_hash = concat randomness public_key_hash in
+  let hashed = v_G to_hash in
+  let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in
+  let ciphertext = ind_cpa_encrypt_unpacked r randomness pseudorandomness t_as_ntt matrix_A_as_ntt in
+  ciphertext, shared_secret
+
+val ind_cca_unpack_decapsulate (r:rank) (public_key_hash:t_Array u8 (sz 32)) 
+                    (implicit_rejection_value:t_Array u8 (sz 32))
+                    (ciphertext: t_MLKEMCiphertext r)
+                    (secret_as_ntt:vector r)
+                    (t_as_ntt:vector r)
+                    (matrix_A_as_ntt:matrix r) :
+                    t_Array u8 v_SHARED_SECRET_SIZE
+let ind_cca_unpack_decapsulate r public_key_hash implicit_rejection_value ciphertext secret_as_ntt t_as_ntt matrix_A_as_ntt =
+  let decrypted = ind_cpa_decrypt_unpacked r ciphertext secret_as_ntt in
+  let to_hash = concat decrypted public_key_hash in
+  let hashed = v_G to_hash in
+  let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in
+  let to_hash:t_Array u8 (v_IMPLICIT_REJECTION_HASH_INPUT_SIZE r) = concat implicit_rejection_value ciphertext in
+  let implicit_rejection_shared_secret = v_PRF v_SHARED_SECRET_SIZE to_hash in
+  let expected_ciphertext = ind_cpa_encrypt_unpacked r decrypted pseudorandomness t_as_ntt matrix_A_as_ntt in
+  if ciphertext = expected_ciphertext
+  then shared_secret
+  else implicit_rejection_shared_secret
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 825da534d..3d05ce368 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -420,6 +420,19 @@ pub(crate) mod unpacked {
     }
 
     /// Generate an unpacked key from a serialized key.
+    #[hax_lib::requires(
+        fstar!("Spec.MLKEM.is_rank $K /\\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+    )]
+    #[hax_lib::ensures(|result|
+        fstar!("let (public_key_hash, (seed, (deserialized_pk, (matrix_A, valid)))) =
+            Spec.MLKEM.ind_cca_unpack_public_key $K ${public_key}.f_value in (valid ==>
+            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_A == matrix_A) /\\
+        Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_t_as_ntt == deserialized_pk /\\
+        ${unpacked_public_key}_future.f_ind_cpa_public_key.f_seed_for_A == seed /\\
+        ${unpacked_public_key}_future.f_public_key_hash == public_key_hash"))
+    ]
     #[inline(always)]
     pub(crate) fn unpack_public_key<
         const K: usize,
@@ -436,6 +449,10 @@ pub(crate) mod unpacked {
             &public_key.value[..T_AS_NTT_ENCODED_SIZE],
             &mut unpacked_public_key.ind_cpa_public_key.t_as_ntt,
         );
+        hax_lib::fstar!("let (_, seed) = split ${public_key}.f_value (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K) in
+            Lib.Sequence.eq_intro #u8 #32 (Libcrux_ml_kem.Utils.into_padded_array (sz 32) seed) seed;
+            Lib.Sequence.eq_intro #u8 #32
+                (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32) seed");
         unpacked_public_key.ind_cpa_public_key.seed_for_A =
             into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]);
         sample_matrix_A::<K, Vector, Hasher>(
@@ -446,9 +463,23 @@ pub(crate) mod unpacked {
         unpacked_public_key.public_key_hash = Hasher::H(public_key.as_slice());
     }
 
+    #[hax_lib::attributes]
     impl<const K: usize, Vector: Operations> MlKemPublicKeyUnpacked<K, Vector> {
         /// Get the serialized public key.
         #[inline(always)]
+        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+            (forall (i:nat). i < v $K ==>
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                    self.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+        #[ensures(|_|
+            fstar!("${serialized}_future.f_value == 
+                Seq.append (Spec.MLKEM.vector_encode_12 #$K
+                    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
+                        self.f_ind_cpa_public_key.f_t_as_ntt))
+                self.f_ind_cpa_public_key.f_seed_for_A)")
+        )]
         pub fn serialized_public_key_mut<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
             const PUBLIC_KEY_SIZE: usize,
@@ -465,6 +496,18 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
+        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+            (forall (i:nat). i < v $K ==>
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index
+                    self.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+        #[ensures(|res|
+            fstar!("${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K
+                            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
+                                self.f_ind_cpa_public_key.f_t_as_ntt))
+                        self.f_ind_cpa_public_key.f_seed_for_A)")
+        )]
         pub fn serialized_public_key<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
             const PUBLIC_KEY_SIZE: usize,
@@ -489,6 +532,7 @@ pub(crate) mod unpacked {
         }
     }
 
+    #[hax_lib::attributes]
     impl<const K: usize, Vector: Operations> MlKemKeyPairUnpacked<K, Vector> {
         /// Create a new empty unpacked key pair.
         #[inline(always)]
@@ -498,6 +542,19 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
+        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+            (forall (i:nat). i < v $K ==>
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+        #[ensures(|_|
+            fstar!("${serialized}_future.f_value == 
+                Seq.append (Spec.MLKEM.vector_encode_12 #$K
+                    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
+                        self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt))
+                self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)")
+        )]
         pub fn serialized_public_key_mut<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
             const PUBLIC_KEY_SIZE: usize,
@@ -513,6 +570,18 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
+        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+            (forall (i:nat). i < v $K ==>
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index
+                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+        #[ensures(|res|
+            fstar!("${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K
+                            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
+                                self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt))
+                        self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)")
+        )]
         pub fn serialized_public_key<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
             const PUBLIC_KEY_SIZE: usize,
@@ -537,6 +606,7 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         pub fn serialized_private_key(&self) -> MlKemPrivateKey<K> {
+            hax_lib::fstar!("admit()");
             todo!()
         }
     }
@@ -554,8 +624,62 @@ pub(crate) mod unpacked {
         }
     }
 
+    #[hax_lib::ensures(|result|
+        fstar!("forall (i: nat). i < v $K ==>
+            (forall (j: nat). j < v $K ==>
+                Seq.index (Seq.index $result i) j ==
+                    Seq.index (Seq.index $ind_cpa_a j) i)"))
+    ]
+    pub(crate) fn transpose_a<
+        const K: usize,
+        Vector: Operations,
+    >(
+        ind_cpa_a: [[PolynomialRingElement<Vector>; K]; K],
+    ) -> [[PolynomialRingElement<Vector>; K]; K] {
+        // We need to un-transpose the A_transpose matrix provided by IND-CPA
+        //  We would like to write the following but it is not supported by Eurydice yet.
+        //  https://github.com/AeneasVerif/eurydice/issues/39
+        //
+        //    let A = from_fn(|i| {
+        //        from_fn(|j| A_transpose[j][i])
+        //    });
+
+        #[allow(non_snake_case)]
+        let mut A = from_fn(|_i| from_fn(|_j| PolynomialRingElement::<Vector>::ZERO()));
+        for i in 0..K {
+            hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j: nat). j < v $i ==>
+            (forall (k: nat). k < v $K ==>
+                Seq.index (Seq.index $A j) k ==
+                    Seq.index (Seq.index $ind_cpa_a k) j)") });
+            let _a_i = A;
+            for j in 0..K {
+                hax_lib::loop_invariant!(|j: usize| { fstar!("(forall (k: nat). k < v $i ==>
+                    Seq.index $A k == Seq.index $_a_i k) /\\
+                (forall (k: nat). k < v $j ==>
+                  Seq.index (Seq.index $A (v $i)) k ==
+                    Seq.index (Seq.index $ind_cpa_a k) (v $i))") });
+                A[i][j] = ind_cpa_a[j][i].clone();
+            }
+        };
+        A
+    }
+
     /// Generate Unpacked Keys
     #[inline(always)]
+    #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
+    #[hax_lib::ensures(|result|
+        fstar!("let ((m_A, public_key_hash), implicit_rejection_value), valid =
+            Spec.MLKEM.ind_cca_unpack_generate_keypair $K $randomness in
+        valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector
+            ${out}_future.f_public_key.f_ind_cpa_public_key.f_A == m_A /\\
+        ${out}_future.f_public_key.f_public_key_hash == public_key_hash /\\
+        ${out}_future.f_private_key.f_implicit_rejection_value == implicit_rejection_value"))
+    ]
     pub(crate) fn generate_keypair<
         const K: usize,
         const CPA_PRIVATE_KEY_SIZE: usize,
@@ -580,21 +704,27 @@ pub(crate) mod unpacked {
             &mut out.public_key.ind_cpa_public_key,
         );
 
-        // We need to un-transpose the A_transpose matrix provided by IND-CPA
-        //  We would like to write the following but it is not supported by Eurydice yet.
-        //  https://github.com/AeneasVerif/eurydice/issues/39
-        //
-        //    let A = from_fn(|i| {
-        //        from_fn(|j| A_transpose[j][i])
-        //    });
-
         #[allow(non_snake_case)]
-        let mut A = from_fn(|_i| from_fn(|_j| PolynomialRingElement::<Vector>::ZERO()));
-        for i in 0..K {
-            for j in 0..K {
-                A[i][j] = out.public_key.ind_cpa_public_key.A[j][i].clone();
-            }
-        }
+        let A = transpose_a::<K, Vector>(out.public_key.ind_cpa_public_key.A);
+        hax_lib::fstar!("let (ind_cpa_keypair_randomness, _) = split $randomness Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE in
+        let ((((_, _), matrix_A_as_ntt), _), sufficient_randomness) =
+            Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K ind_cpa_keypair_randomness in
+        let m_v_A = Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector $A in
+        let m_f_A = Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector out.f_public_key.f_ind_cpa_public_key.f_A in
+        let m_A:Spec.MLKEM.matrix $K = createi $K (Spec.MLKEM.matrix_A_as_ntt_i matrix_A_as_ntt) in
+        assert (forall (i: nat). i < v $K ==>
+            (forall (j: nat). j < v $K ==>
+            Seq.index (Seq.index m_v_A i) j ==
+                Seq.index (Seq.index m_f_A j) i));
+        let lemma_aux (i: nat{ i < v $K }) : Lemma
+            (sufficient_randomness ==> Seq.index m_v_A i == Seq.index m_A i) =
+            if sufficient_randomness then
+            Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v $K)
+                (Seq.index m_v_A i) (Seq.index m_A i)
+        in
+        Classical.forall_intro lemma_aux;
+        if sufficient_randomness then
+            Lib.Sequence.eq_intro #(Spec.MLKEM.vector $K) #(v $K) m_A m_v_A");
         out.public_key.ind_cpa_public_key.A = A;
 
         let pk_serialized =
@@ -608,6 +738,26 @@ pub(crate) mod unpacked {
 
     // Encapsulate with Unpacked Public Key
     #[inline(always)]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+    #[hax_lib::ensures(|(ciphertext_result, shared_secret_array)|
+        fstar!("let (ciphertext, shared_secret) =
+            Spec.MLKEM.ind_cca_unpack_encapsulate $K ${public_key}.f_public_key_hash
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_t_as_ntt)
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_A)
+            $randomness in
+        ${ciphertext_result}.f_value == ciphertext /\\
+        $shared_secret_array == shared_secret"))
+    ]
     pub(crate) fn encapsulate<
         const K: usize,
         const CIPHERTEXT_SIZE: usize,
@@ -628,8 +778,12 @@ pub(crate) mod unpacked {
         public_key: &MlKemPublicKeyUnpacked<K, Vector>,
         randomness: [u8; SHARED_SECRET_SIZE],
     ) -> (MlKemCiphertext<CIPHERTEXT_SIZE>, MlKemSharedSecret) {
+        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 (Seq.slice (
+            Libcrux_ml_kem.Utils.into_padded_array (sz 64) $randomness) 0 32) $randomness");
         let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness);
         to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash);
+        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #64 $to_hash (
+            concat $randomness ${public_key}.f_public_key_hash)");
 
         let hashed = Hasher::G(&to_hash);
         let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
@@ -657,6 +811,28 @@ pub(crate) mod unpacked {
 
     // Decapsulate with Unpacked Private Key
     #[inline(always)]
+    #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+    #[hax_lib::ensures(|result|
+        fstar!("$result ==
+            Spec.MLKEM.ind_cca_unpack_decapsulate $K ${key_pair}.f_public_key.f_public_key_hash
+            ${key_pair}.f_private_key.f_implicit_rejection_value
+            ${ciphertext}.f_value
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair}.f_private_key.f_ind_cpa_private_key.f_secret_as_ntt)
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_A)"))
+    ]
     pub(crate) fn decapsulate<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -680,6 +856,11 @@ pub(crate) mod unpacked {
         key_pair: &MlKemKeyPairUnpacked<K, Vector>,
         ciphertext: &MlKemCiphertext<CIPHERTEXT_SIZE>,
     ) -> MlKemSharedSecret {
+        hax_lib::fstar!("assert (v $IMPLICIT_REJECTION_HASH_INPUT_SIZE == 32 + v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K));
+        assert (v (Spec.MLKEM.v_C1_SIZE $K +! Spec.MLKEM.v_C2_SIZE $K) == v (Spec.MLKEM.v_C1_SIZE $K) + v (Spec.MLKEM.v_C2_SIZE $K));
+        assert (v (Spec.MLKEM.v_C1_SIZE $K) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) * v $K);
+        assert (v (Spec.MLKEM.v_C1_BLOCK_SIZE $K)  == 32 * v (Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K));
+        assert (v (Spec.MLKEM.v_C2_SIZE $K) == 32 * v (Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K))");
         let decrypted = crate::ind_cpa::decrypt_unpacked::<
             K,
             CIPHERTEXT_SIZE,
@@ -690,14 +871,20 @@ pub(crate) mod unpacked {
         >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value);
 
         let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted);
+        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 (Seq.slice $to_hash 0 32) $decrypted");
         to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash);
+        hax_lib::fstar!("Lib.Sequence.lemma_concat2 32 $decrypted 32 ${key_pair}.f_public_key.f_public_key_hash $to_hash");
 
         let hashed = Hasher::G(&to_hash);
         let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
 
         let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] =
             into_padded_array(&key_pair.private_key.implicit_rejection_value);
+        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32
+            (Seq.slice $to_hash 0 32) ${key_pair}.f_private_key.f_implicit_rejection_value");
         to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref());
+        hax_lib::fstar!("Lib.Sequence.lemma_concat2 32 ${key_pair}.f_private_key.f_implicit_rejection_value
+            (v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K)) ${ciphertext}.f_value $to_hash");
         let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash);
 
         let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::<
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 7f6bb9c1d..2db713036 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -361,10 +361,11 @@ fn sample_vector_cbd_then_ntt_out<
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
     length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))]
-#[hax_lib::ensures(|_| fstar!("let (((t_as_ntt,seed_for_A), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in 
-    (valid ==> ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}_future.f_t_as_ntt) == t_as_ntt) /\\
+#[hax_lib::ensures(|_| fstar!("let ((((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in 
+    (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}_future.f_t_as_ntt == t_as_ntt) /\\
         (${public_key}_future.f_seed_for_A == seed_for_A) /\\
-        ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key}_future.f_secret_as_ntt) == secret_as_ntt)) /\\
+        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}_future.f_A == matrix_A_as_ntt) /\\
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key}_future.f_secret_as_ntt == secret_as_ntt)) /\\
     (forall (i:nat). i < v $K ==>
         Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\\
     (forall (i:nat). i < v $K ==>

From 7ed909f8033142d720fcbfe309243b9fa52d181d Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Mon, 4 Nov 2024 07:02:48 +0000
Subject: [PATCH 007/142] Remove Ind_cca.Unpacked module from ADMIT_MODULES

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst    | 8 +++++++-
 libcrux-ml-kem/proofs/fstar/extraction/Makefile           | 3 +--
 libcrux-ml-kem/src/ind_cpa.rs                             | 4 +++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index aa3f657ef..29146d11c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -382,6 +382,8 @@ let sample_vector_cbd_then_ntt_out
   <:
   (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
 
+#push-options "--z3rlimit 500 --ext context_pruning --z3refresh"
+
 let generate_keypair_unpacked
       (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize)
       (#v_Vector #v_Hasher #v_Scheme: Type0)
@@ -496,12 +498,14 @@ let generate_keypair_unpacked
     Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
   in
   let _:Prims.unit =
-    let ((t_as_ntt, seed_for_A), secret_as_ntt), valid =
+    let (((t_as_ntt, seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid =
       Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K key_generation_seed
     in
     assert (valid ==>
         ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key.f_t_as_ntt) ==
           t_as_ntt) /\ (public_key.f_seed_for_A == seed_for_A) /\
+        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.f_A == matrix_A_as_ntt
+        ) /\
         ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector private_key.f_secret_as_ntt) ==
           secret_as_ntt));
     assert ((forall (i: nat).
@@ -520,6 +524,8 @@ let generate_keypair_unpacked
   (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector &
     Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
 
+#pop-options
+
 #push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
 
 let compress_then_serialize_u
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index b7a4485d1..b054ead79 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,7 +1,6 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
-ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \
-              Libcrux_ml_kem.Vector.Avx2.fsti \
+ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
               Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
               Libcrux_ml_kem.Vector.Avx2.Sampling.fst \
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 2db713036..4891caff8 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -357,6 +357,7 @@ fn sample_vector_cbd_then_ntt_out<
 /// The NIST FIPS 203 standard can be found at
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[allow(non_snake_case)]
+#[hax_lib::fstar::options("--z3rlimit 500 --ext context_pruning --z3refresh")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
@@ -418,11 +419,12 @@ pub(crate) fn generate_keypair_unpacked<
 
     public_key.seed_for_A = seed_for_A.try_into().unwrap();
 
-    hax_lib::fstar!("let ((t_as_ntt, seed_for_A), secret_as_ntt), valid =
+    hax_lib::fstar!("let (((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid =
         Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in
         assert (valid ==>
             ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector public_key.f_t_as_ntt) ==
               t_as_ntt) /\\ (public_key.f_seed_for_A == seed_for_A) /\\
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector public_key.f_A == matrix_A_as_ntt) /\\
             ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector private_key.f_secret_as_ntt) ==
               secret_as_ntt));
         assert ((forall (i: nat). i < v $K ==>

From 168a963497f54dc2cb1434f1a6eef80c63b2c8b9 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 6 Nov 2024 06:55:20 +0000
Subject: [PATCH 008/142] boring C refresh

---
 libcrux-ml-kem/cg/code_gen.txt                |   2 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   2 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 143 +++++++++--------
 .../cg/libcrux_mlkem768_avx2_types.h          |   2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 144 +++++++++---------
 .../cg/libcrux_mlkem768_portable_types.h      |   2 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |   2 +-
 9 files changed, 143 insertions(+), 158 deletions(-)

diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 69ab3fe65..13b6368d7 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
 F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index c948f2203..30f40f051 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index f5f5ce2f6..244aa8e45 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 791e21461..7a5dafa68 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -7030,40 +7030,24 @@ static inline tuple_c2 libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(
 
 /**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types
-libcrux_ml_kem_vector_avx2_SIMD256Vector,
-libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
-with const generics
+libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure.closure with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
-- CPA_PRIVATE_KEY_SIZE= 1152
-- PRIVATE_KEY_SIZE= 2400
-- PUBLIC_KEY_SIZE= 1184
-- BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_d6(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_closure_ab(size_t _j) {
   return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
 /**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types
-libcrux_ml_kem_vector_avx2_SIMD256Vector,
-libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
-- CPA_PRIVATE_KEY_SIZE= 1152
-- PRIVATE_KEY_SIZE= 2400
-- PUBLIC_KEY_SIZE= 1184
-- BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_d6(
+static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_ab(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
@@ -7094,8 +7078,37 @@ libcrux_ml_kem_polynomial_clone_8d_61(
 }
 
 /**
- Generate Unpacked Keys
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
 */
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ind_cpa_a[3U][3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U][3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
+  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+    libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_ab(i, A[i]);
+  }
+  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+    size_t i0 = i;
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 _a_i[3U][3U];
+    memcpy(_a_i, A,
+           (size_t)3U *
+               sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
+    for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) {
+      size_t j = i1;
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
+          libcrux_ml_kem_polynomial_clone_8d_61(&ind_cpa_a[j][i0]);
+      A[i0][j] = uu____0;
+    }
+  }
+  memcpy(ret, A,
+         (size_t)3U *
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -7123,20 +7136,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_d6(
   libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U][3U];
+  memcpy(uu____0, out->public_key.ind_cpa_public_key.A,
+         (size_t)3U *
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
-  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_d6(i, A[i]);
-  }
-  for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
-    size_t i1 = i0;
-    for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-      size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_61(
-              &out->public_key.ind_cpa_public_key.A[j][i1]);
-      A[i1][j] = uu____0;
-    }
-  }
+  libcrux_ml_kem_ind_cca_unpacked_transpose_a_ab(uu____0, A);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1[3U][3U];
   memcpy(uu____1, A,
          (size_t)3U *
@@ -7231,17 +7236,17 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
 /**
 This function found in impl {(core::default::Default for
 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1])#1}
+K>[TraitClause@0, TraitClause@1])}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_09
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
-libcrux_ml_kem_ind_cca_unpacked_default_1c_ab(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_09_ab(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 lit;
   lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
   lit.public_key_hash[0U] = 0U;
@@ -7282,10 +7287,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_ab(void) {
 /**
 This function found in impl {(core::default::Default for
 libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1])#3}
+K>[TraitClause@0, TraitClause@1])#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_53
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
@@ -7293,7 +7298,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_ab(void) {
+    libcrux_ml_kem_ind_cca_unpacked_default_53_ab(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 uu____0;
   uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab();
   uu____0.implicit_rejection_value[0U] = 0U;
@@ -7331,7 +7336,7 @@ static KRML_MUSTINLINE
   return (
       CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){
           .private_key = uu____0,
-          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_ab()});
+          .public_key = libcrux_ml_kem_ind_cca_unpacked_default_09_ab()});
 }
 
 /**
@@ -7340,7 +7345,7 @@ static KRML_MUSTINLINE
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_ab();
+  return libcrux_ml_kem_ind_cca_unpacked_default_53_ab();
 }
 
 /**
@@ -7349,20 +7354,17 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_ab();
+  return libcrux_ml_kem_ind_cca_unpacked_default_09_ab();
 }
 
-/**
- Get the serialized public key.
-*/
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]}
+K>[TraitClause@0, TraitClause@1]#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types
+libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_30 with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
@@ -7370,7 +7372,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_ed(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
   libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(
@@ -7380,17 +7382,14 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(
       serialized->value);
 }
 
-/**
- Get the serialized public key.
-*/
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]#2}
+K>[TraitClause@0, TraitClause@1]#4}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types
+libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_fc with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 - K= 3
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
@@ -7398,10 +7397,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_ed(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_ed(
       &self->public_key, serialized);
 }
 
@@ -7413,7 +7412,7 @@ static inline void
 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed(key_pair,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_ed(key_pair,
                                                                   serialized);
 }
 
@@ -7457,17 +7456,17 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab(
 /**
 This function found in impl {(core::clone::Clone for
 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@2])#4}
+K>[TraitClause@0, TraitClause@2])#2}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_dd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
-libcrux_ml_kem_ind_cca_unpacked_clone_28_ab(
+libcrux_ml_kem_ind_cca_unpacked_clone_dd_ab(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 lit;
   lit.ind_cpa_public_key =
@@ -7479,23 +7478,20 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_ab(
   return lit;
 }
 
-/**
- Get the serialized public key.
-*/
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]#2}
+K>[TraitClause@0, TraitClause@1]#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_fc
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_ab(
+libcrux_ml_kem_ind_cca_unpacked_public_key_fc_ab(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -7508,8 +7504,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *pk) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_ab(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_ab(key_pair));
+      libcrux_ml_kem_ind_cca_unpacked_clone_dd_ab(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_fc_ab(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -7520,13 +7516,10 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_ed(public_key,
                                                                   serialized);
 }
 
-/**
- Generate an unpacked key from a serialized key.
-*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash,
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
index f7e64752f..fe16c7d0b 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_mlkem768_avx2_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index fe8e065e0..a5cfe8f8d 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -6965,38 +6965,22 @@ static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
 
 /**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types
-libcrux_ml_kem_vector_portable_vector_type_PortableVector,
-libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
-libcrux_ml_kem_variant_MlKem with const generics
+libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure.closure with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
-- CPA_PRIVATE_KEY_SIZE= 1152
-- PRIVATE_KEY_SIZE= 2400
-- PUBLIC_KEY_SIZE= 1184
-- BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_f8(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_closure_1b(size_t _j) {
   return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
 /**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types
-libcrux_ml_kem_vector_portable_vector_type_PortableVector,
-libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
-libcrux_ml_kem_variant_MlKem with const generics
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
 - K= 3
-- CPA_PRIVATE_KEY_SIZE= 1152
-- PRIVATE_KEY_SIZE= 2400
-- PUBLIC_KEY_SIZE= 1184
-- BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_f8(
+static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_1b(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
@@ -7029,8 +7013,36 @@ libcrux_ml_kem_polynomial_clone_8d_8c(
 }
 
 /**
- Generate Unpacked Keys
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
 */
+static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ind_cpa_a[3U][3U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
+  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+    libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_1b(i, A[i]);
+  }
+  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+    size_t i0 = i;
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d _a_i[3U][3U];
+    memcpy(_a_i, A,
+           (size_t)3U *
+               sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
+    for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) {
+      size_t j = i1;
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
+          libcrux_ml_kem_polynomial_clone_8d_8c(&ind_cpa_a[j][i0]);
+      A[i0][j] = uu____0;
+    }
+  }
+  memcpy(ret, A,
+         (size_t)3U *
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -7057,20 +7069,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f8(
   libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
       ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
       &out->public_key.ind_cpa_public_key);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U][3U];
+  memcpy(uu____0, out->public_key.ind_cpa_public_key.A,
+         (size_t)3U *
+             sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
-  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_f8(i, A[i]);
-  }
-  for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
-    size_t i1 = i0;
-    for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-      size_t j = i;
-      libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_8c(
-              &out->public_key.ind_cpa_public_key.A[j][i1]);
-      A[i1][j] = uu____0;
-    }
-  }
+  libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(uu____0, A);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U][3U];
   memcpy(uu____1, A,
          (size_t)3U *
@@ -7140,16 +7144,16 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
 /**
 This function found in impl {(core::default::Default for
 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1])#1}
+K>[TraitClause@0, TraitClause@1])}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_09
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_default_1c_1b(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_09_1b(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
   lit.public_key_hash[0U] = 0U;
@@ -7190,17 +7194,17 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_1b(void) {
 /**
 This function found in impl {(core::default::Default for
 libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1])#3}
+K>[TraitClause@0, TraitClause@1])#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_53
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
-    libcrux_ml_kem_ind_cca_unpacked_default_07_1b(void) {
+    libcrux_ml_kem_ind_cca_unpacked_default_53_1b(void) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0;
   uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b();
   uu____0.implicit_rejection_value[0U] = 0U;
@@ -7238,7 +7242,7 @@ static KRML_MUSTINLINE
   return (CLITERAL(
       libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){
       .private_key = uu____0,
-      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_1b()});
+      .public_key = libcrux_ml_kem_ind_cca_unpacked_default_09_1b()});
 }
 
 /**
@@ -7246,7 +7250,7 @@ static KRML_MUSTINLINE
 */
 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
 libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_07_1b();
+  return libcrux_ml_kem_ind_cca_unpacked_default_53_1b();
 }
 
 /**
@@ -7254,27 +7258,24 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
 */
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
-  return libcrux_ml_kem_ind_cca_unpacked_default_1c_1b();
+  return libcrux_ml_kem_ind_cca_unpacked_default_09_1b();
 }
 
-/**
- Get the serialized public key.
-*/
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]}
+K>[TraitClause@0, TraitClause@1]#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types
+libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_30 with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_6c(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
   libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
@@ -7284,27 +7285,24 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(
       serialized->value);
 }
 
-/**
- Get the serialized public key.
-*/
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]#2}
+K>[TraitClause@0, TraitClause@1]#4}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types
+libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_fc with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_6c(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_6c(
       &self->public_key, serialized);
 }
 
@@ -7315,7 +7313,7 @@ static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c(key_pair,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_6c(key_pair,
                                                                   serialized);
 }
 
@@ -7358,16 +7356,16 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b(
 /**
 This function found in impl {(core::clone::Clone for
 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@2])#4}
+K>[TraitClause@0, TraitClause@2])#2}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_dd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_clone_28_1b(
+libcrux_ml_kem_ind_cca_unpacked_clone_dd_1b(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
   lit.ind_cpa_public_key =
@@ -7379,22 +7377,19 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_1b(
   return lit;
 }
 
-/**
- Get the serialized public key.
-*/
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]#2}
+K>[TraitClause@0, TraitClause@1]#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_fc
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_1b(
+libcrux_ml_kem_ind_cca_unpacked_public_key_fc_1b(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
   return &self->public_key;
 }
@@ -7406,8 +7401,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
   libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
-      libcrux_ml_kem_ind_cca_unpacked_clone_28_1b(
-          libcrux_ml_kem_ind_cca_unpacked_public_key_de_1b(key_pair));
+      libcrux_ml_kem_ind_cca_unpacked_clone_dd_1b(
+          libcrux_ml_kem_ind_cca_unpacked_public_key_fc_1b(key_pair));
   pk[0U] = uu____0;
 }
 
@@ -7418,13 +7413,10 @@ static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(public_key,
+  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_6c(public_key,
                                                                   serialized);
 }
 
-/**
- Generate an unpacked key from a serialized key.
-*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
index 2657c84ae..3133e6233 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_mlkem768_portable_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 5c7645481..cf22f9844 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 7a3a3cfc9..0b6f7b530 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
  */
 
 #ifndef __libcrux_sha3_portable_H

From 08e01cc8eca244f238a6b59f0fa786a645c75905 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Fri, 8 Nov 2024 18:06:55 +0000
Subject: [PATCH 009/142] refreshed c

---
 libcrux-ml-kem/c/code_gen.txt                       | 2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h            | 2 +-
 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h      | 2 +-
 libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h  | 2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h       | 2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_internal.h   | 2 +-
 libcrux-ml-kem/c/libcrux_core.c                     | 2 +-
 libcrux-ml-kem/c/libcrux_core.h                     | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h                | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c       | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h       | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h                 | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c            | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h            | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c        | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h        | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h                 | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c            | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h            | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c        | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h        | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c               | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h               | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.h           | 2 +-
 libcrux-ml-kem/c/libcrux_sha3.h                     | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c                | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h                | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h            | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c                | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h                | 2 +-
 libcrux-ml-kem/cg/code_gen.txt                      | 2 +-
 libcrux-ml-kem/cg/libcrux_core.h                    | 2 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h                  | 2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h           | 2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h     | 2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h       | 2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h | 2 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h               | 2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h           | 2 +-
 42 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 69ab3fe65..d7203385c 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
 F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index bec9045cd..387722188 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 415e60735..14150c452 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index e795935db..c492eb01f 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 7f8fb03e9..cb5b1ca34 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index c21de7718..ad804647b 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 4b786c0db..fe25f9dfc 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 003c85595..17fe27b23 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 1119f346c..8180ea4d7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 1a54ebf6b..fcb4f5541 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index d5ff384b0..cb0e5a88f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 85d86f144..d57afaf6d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index dc3177ebd..7f2cd72a4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 86a9d0700..f639ac871 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 781ff4da2..4f2d872df 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index bb8088679..f8484f612 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index e1443ee16..14cf1f01f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 49e8b1dc2..1b7e86cc2 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 64e186c43..049a2a2d6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 6ab9ef817..e9ba021db 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 0e0ae18d7..53dd5e48b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 424ec0f54..00c8ec330 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index c3eef51ed..5ee93debd 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 50828fb37..5fa7218ae 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 287b05703..2e9c9a966 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 0a607c53e..458ec6c2d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "internal/libcrux_mlkem_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index f8b67001d..861d02c73 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index bdbeb3672..e5da18da0 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 2713cac33..c9cae1713 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index dff6d2cc7..b4ef2d72b 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 9fba3cfe9..8d8e7129d 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 290cb64db..52a2f06f4 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index cd8ec70fa..de686c220 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 18a089ceff3ef1a9f6876cd99a9f4f42c0fe05d9
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 13b6368d7..d7203385c 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
 F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 30f40f051..4aa72c8f8 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 244aa8e45..fa8a05d78 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 7a5dafa68..7081e1242 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
index fe16c7d0b..b939c9240 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_avx2_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index a5cfe8f8d..2762b7488 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
index 3133e6233..c2aa94056 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_mlkem768_portable_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index cf22f9844..c705717d1 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 0b6f7b530..2035978ef 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 7ed909f8033142d720fcbfe309243b9fa52d181d
+ * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
  */
 
 #ifndef __libcrux_sha3_portable_H

From f68ccf29f2f49c3a82aa674013b5808b42cc384e Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Fri, 8 Nov 2024 20:56:01 +0100
Subject: [PATCH 010/142] ml-dsa make

---
 .../Libcrux_intrinsics.Arm64_extract.fsti     |   2 +-
 .../Libcrux_intrinsics.Avx2_extract.fsti      |   2 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst   | 311 +++++---
 .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti  |  43 +-
 ...x_ml_dsa.Simd.Avx2.Encoding.Commitment.fst |  50 +-
 ..._ml_dsa.Simd.Avx2.Encoding.Commitment.fsti |   2 +-
 ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst |  98 ++-
 ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti |  18 +-
 ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst | 108 +--
 ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti |  16 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst  |  68 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti |   9 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst  |  50 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti |   6 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst          | 685 ++++++++++++------
 .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti         | 124 ++--
 ...md.Avx2.Rejection_sample.Less_than_eta.fst |  50 +-
 ...d.Avx2.Rejection_sample.Less_than_eta.fsti |   4 +-
 ...jection_sample.Less_than_field_modulus.fst |  34 +-
 ...ection_sample.Less_than_field_modulus.fsti |   2 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst  |  12 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti |  15 +-
 .../extraction/Libcrux_ml_dsa.Simd.Avx2.fsti  |  90 ++-
 .../proofs/fstar/extraction/Makefile          |   3 +
 .../extraction/Libcrux_platform.Platform.fsti |   2 +-
 25 files changed, 1156 insertions(+), 648 deletions(-)

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
index a03c287ec..d4014e6a8 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index 290b679a5..16d93fb14 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst
index 6c88f5ff3..3dd67c65e 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst
@@ -3,27 +3,30 @@ module Libcrux_ml_dsa.Simd.Avx2.Arithmetic
 open Core
 open FStar.Mul
 
-let add (lhs rhs: u8) = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 lhs rhs
+let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 lhs rhs
 
-let compute_hint (v_GAMMA2: i32) (low high: u8) =
-  let gamma2:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 v_GAMMA2 in
-  let minus_gamma2:u8 =
+let compute_hint (v_GAMMA2: i32) (low high: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 v_GAMMA2
+  in
+  let minus_gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Core.Ops.Arith.Neg.neg v_GAMMA2 <: i32)
   in
-  let low_within_bound:u8 =
+  let low_within_bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_abs_epi32
           low
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       gamma2
   in
-  let low_equals_minus_gamma2:u8 =
+  let low_equals_minus_gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_cmpeq_epi32 low minus_gamma2
   in
-  let low_equals_minus_gamma2_and_high_is_nonzero:u8 =
+  let low_equals_minus_gamma2_and_high_is_nonzero:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sign_epi32 low_equals_minus_gamma2 high
   in
-  let hints:u8 =
+  let hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_or_si256 low_within_bound
       low_equals_minus_gamma2_and_high_is_nonzero
   in
@@ -35,14 +38,19 @@ let compute_hint (v_GAMMA2: i32) (low high: u8) =
   in
   (cast (Core.Num.impl__i32__count_ones hints_mask <: u32) <: usize),
   Libcrux_intrinsics.Avx2_extract.mm256_and_si256 hints
-    (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1l <: u8)
+    (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1l <: Libcrux_intrinsics.Avx2_extract.t_Vec256
+    )
   <:
-  (usize & u8)
+  (usize & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let infinity_norm_exceeds (simd_unit: u8) (bound: i32) =
-  let absolute_values:u8 = Libcrux_intrinsics.Avx2_extract.mm256_abs_epi32 simd_unit in
-  let bound:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (bound -! 1l <: i32) in
-  let compare_with_bound:u8 =
+let infinity_norm_exceeds (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (bound: i32) =
+  let absolute_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_abs_epi32 simd_unit
+  in
+  let bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (bound -! 1l <: i32)
+  in
+  let compare_with_bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 absolute_values bound
   in
   let result:i32 =
@@ -50,36 +58,45 @@ let infinity_norm_exceeds (simd_unit: u8) (bound: i32) =
   in
   if result =. 1l then false else true
 
-let subtract (lhs rhs: u8) = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 lhs rhs
+let subtract (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 lhs rhs
 
-let shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: u8) =
-  let shifted:u8 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 v_SHIFT_BY simd_unit in
-  let quotient:u8 =
+let shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 v_SHIFT_BY simd_unit
+  in
+  let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 shifted
-      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<! 22l <: i32) <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<! 22l <: i32)
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+  in
+  let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 23l quotient
   in
-  let quotient:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 23l quotient in
-  let quotient_times_field_modulus:u8 =
+  let quotient_times_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 quotient
       (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 shifted quotient_times_field_modulus
 
-let to_unsigned_representatives (t: u8) =
-  let signs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l t in
-  let conditional_add_field_modulus:u8 =
+let to_unsigned_representatives (t: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l t
+  in
+  let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_and_si256 signs
       (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 t conditional_add_field_modulus
 
-let power2round (r: u8) =
-  let r:u8 = to_unsigned_representatives r in
-  let r1:u8 =
+let power2round (r: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let r:Libcrux_intrinsics.Avx2_extract.t_Vec256 = to_unsigned_representatives r in
+  let r1:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 r
       (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((1l <<!
               (Libcrux_ml_dsa.Constants.v_BITS_IN_LOWER_PART_OF_T -! sz 1 <: usize)
@@ -89,83 +106,119 @@ let power2round (r: u8) =
             <:
             i32)
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+  in
+  let r1:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 13l r1
+  in
+  let r0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 13l r1
+  in
+  let r0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 r r0
   in
-  let r1:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 13l r1 in
-  let r0:u8 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 13l r1 in
-  let r0:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 r r0 in
-  r0, r1 <: (u8 & u8)
+  r0, r1 <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let montgomery_multiply (lhs rhs: u8) =
-  let field_modulus:u8 =
+let montgomery_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
   in
-  let inverse_of_modulus_mod_montgomery_r:u8 =
+  let inverse_of_modulus_mod_montgomery_r:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_dsa.Simd.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R
             <:
             u64)
         <:
         i32)
   in
-  let prod02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 lhs rhs in
-  let prod13:u8 =
+  let prod02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 lhs rhs
+  in
+  let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32
           245l
           lhs
         <:
-        u8)
-      (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs <: u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let k02:u8 =
+  let k02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 prod02 inverse_of_modulus_mod_montgomery_r
   in
-  let k13:u8 =
+  let k13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 prod13 inverse_of_modulus_mod_montgomery_r
   in
-  let c02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k02 field_modulus in
-  let c13:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k13 field_modulus in
-  let res02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod02 c02 in
-  let res13:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in
-  let res02_shifted:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 in
+  let c02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k02 field_modulus
+  in
+  let c13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k13 field_modulus
+  in
+  let res02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod02 c02
+  in
+  let res13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13
+  in
+  let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02
+  in
   Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13
 
-let montgomery_multiply_by_constant (lhs: u8) (constant: i32) =
-  let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 constant in
-  let field_modulus:u8 =
+let montgomery_multiply_by_constant (lhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i32) =
+  let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 constant
+  in
+  let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
   in
-  let inverse_of_modulus_mod_montgomery_r:u8 =
+  let inverse_of_modulus_mod_montgomery_r:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_dsa.Simd.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R
             <:
             u64)
         <:
         i32)
   in
-  let prod02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 lhs rhs in
-  let prod13:u8 =
+  let prod02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 lhs rhs
+  in
+  let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32
           245l
           lhs
         <:
-        u8)
-      (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs <: u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let k02:u8 =
+  let k02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 prod02 inverse_of_modulus_mod_montgomery_r
   in
-  let k13:u8 =
+  let k13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 prod13 inverse_of_modulus_mod_montgomery_r
   in
-  let c02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k02 field_modulus in
-  let c13:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k13 field_modulus in
-  let res02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod02 c02 in
-  let res13:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in
-  let res02_shifted:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 in
+  let c02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k02 field_modulus
+  in
+  let c13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k13 field_modulus
+  in
+  let res02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod02 c02
+  in
+  let res13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13
+  in
+  let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02
+  in
   Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13
 
-let decompose (v_GAMMA2: i32) (r: u8) =
-  let r:u8 = to_unsigned_representatives r in
-  let field_modulus_halved:u8 =
+let decompose (v_GAMMA2: i32) (r: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let r:Libcrux_intrinsics.Avx2_extract.t_Vec256 = to_unsigned_representatives r in
+  let field_modulus_halved:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -!
           1l
           <:
@@ -175,83 +228,127 @@ let decompose (v_GAMMA2: i32) (r: u8) =
         i32)
   in
   let (v_ALPHA: i32):i32 = v_GAMMA2 *! 2l in
-  let ceil_of_r_by_128_:u8 =
+  let ceil_of_r_by_128_:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 r
-      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 127l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 127l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let ceil_of_r_by_128_:u8 =
+  let ceil_of_r_by_128_:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 7l ceil_of_r_by_128_
   in
-  let r1:u8 =
+  let r1:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     match v_ALPHA with
     | 190464l ->
-      let result:u8 =
+      let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
         Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_
-          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 11275l <: u8)
+          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 11275l
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
       in
-      let result:u8 =
+      let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
         Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result
-          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<! 23l <: i32) <: u8)
+          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<! 23l <: i32)
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      in
+      let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+        Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 24l result
       in
-      let result:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 24l result in
-      let mask:u8 =
+      let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
         Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
               43l
             <:
-            u8)
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
           result
       in
-      let mask:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask in
-      let not_result:u8 = Libcrux_intrinsics.Avx2_extract.mm256_xor_si256 result mask in
+      let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+        Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask
+      in
+      let not_result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+        Libcrux_intrinsics.Avx2_extract.mm256_xor_si256 result mask
+      in
       Libcrux_intrinsics.Avx2_extract.mm256_and_si256 result not_result
     | 523776l ->
-      let result:u8 =
+      let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
         Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_
-          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1025l <: u8)
+          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1025l
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
       in
-      let result:u8 =
+      let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
         Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result
-          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<! 21l <: i32) <: u8)
+          (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<! 21l <: i32)
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      in
+      let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+        Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 22l result
       in
-      let result:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 22l result in
       Libcrux_intrinsics.Avx2_extract.mm256_and_si256 result
-        (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     | _ ->
       Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
           <:
           Rust_primitives.Hax.t_Never)
   in
-  let r0:u8 =
+  let r0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 r1
-      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 v_ALPHA <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 v_ALPHA
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let r0:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 r r0 in
-  let mask:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 field_modulus_halved r0 in
-  let mask:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask in
-  let field_modulus_and_mask:u8 =
+  let r0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 r r0
+  in
+  let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 field_modulus_halved r0
+  in
+  let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask
+  in
+  let field_modulus_and_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_and_si256 mask
       (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let r0:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 r0 field_modulus_and_mask in
-  r0, r1 <: (u8 & u8)
+  let r0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 r0 field_modulus_and_mask
+  in
+  r0, r1 <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let use_hint (v_GAMMA2: i32) (r hint: u8) =
-  let r0, r1:(u8 & u8) = decompose v_GAMMA2 r in
-  let all_zeros:u8 = Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () in
-  let negate_hints:u8 = Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 all_zeros hint r0 in
-  let negate_hints:u8 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 1l negate_hints in
-  let hints:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 hint negate_hints in
-  let r1_plus_hints:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 r1 hints in
+let use_hint (v_GAMMA2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let r0, r1:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    decompose v_GAMMA2 r
+  in
+  let all_zeros:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 ()
+  in
+  let negate_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 all_zeros hint r0
+  in
+  let negate_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 1l negate_hints
+  in
+  let hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 hint negate_hints
+  in
+  let r1_plus_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 r1 hints
+  in
   match v_GAMMA2 with
   | 95232l ->
-    let max:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 43l in
-    let r1_plus_hints:u8 =
+    let max:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+      Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 43l
+    in
+    let r1_plus_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 r1_plus_hints max r1_plus_hints
     in
-    let greater_than_or_equal_to_max:u8 =
+    let greater_than_or_equal_to_max:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 r1_plus_hints max
     in
     Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 r1_plus_hints
@@ -259,7 +356,9 @@ let use_hint (v_GAMMA2: i32) (r hint: u8) =
       greater_than_or_equal_to_max
   | 261888l ->
     Libcrux_intrinsics.Avx2_extract.mm256_and_si256 r1_plus_hints
-      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   | _ ->
     Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti
index e11e02fab..a8ec4e3d7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti
@@ -3,28 +3,43 @@ module Libcrux_ml_dsa.Simd.Avx2.Arithmetic
 open Core
 open FStar.Mul
 
-val add (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val compute_hint (v_GAMMA2: i32) (low high: u8)
-    : Prims.Pure (usize & u8) Prims.l_True (fun _ -> Prims.l_True)
+val compute_hint (v_GAMMA2: i32) (low high: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure (usize & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val infinity_norm_exceeds (simd_unit: u8) (bound: i32)
+val infinity_norm_exceeds (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (bound: i32)
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
-val subtract (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val subtract (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val to_unsigned_representatives (t: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val to_unsigned_representatives (t: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val power2round (r: u8) : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+val power2round (r: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val montgomery_multiply (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val montgomery_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val montgomery_multiply_by_constant (lhs: u8) (constant: i32)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val montgomery_multiply_by_constant (lhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i32)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val decompose (v_GAMMA2: i32) (r: u8) : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+val decompose (v_GAMMA2: i32) (r: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val use_hint (v_GAMMA2: i32) (r hint: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val use_hint (v_GAMMA2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst
index fba456933..5f1406970 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst
@@ -3,30 +3,34 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment
 open Core
 open FStar.Mul
 
-let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
   let serialized:t_Array u8 (sz 19) = Rust_primitives.Hax.repeat 0uy (sz 19) in
   match cast (v_OUTPUT_SIZE <: usize) <: u8 with
   | 4uy ->
-    let adjacent_2_combined:u8 =
+    let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     in
-    let adjacent_2_combined:u8 =
+    let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined
     in
-    let adjacent_4_combined:u8 =
+    let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     in
-    let adjacent_4_combined:u8 =
+    let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
       Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
     in
-    let adjacent_4_combined:u8 =
+    let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
       Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined
         (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy 240uy
             240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy
           <:
-          u8)
+          Libcrux_intrinsics.Avx2_extract.t_Vec128)
     in
     let serialized:t_Array u8 (sz 19) =
       Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
@@ -58,33 +62,39 @@ let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
   | 6uy ->
-    let adjacent_2_combined:u8 =
+    let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     in
-    let adjacent_2_combined:u8 =
+    let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 26l adjacent_2_combined
     in
-    let adjacent_3_combined:u8 =
+    let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined
         (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
             (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
             (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y
           <:
-          u8)
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     in
-    let adjacent_3_combined:u8 =
+    let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 adjacent_3_combined
         (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 1s 1s 1s 1s 1s 1s 1s (1s <<! 4l <: i16) 1s
             1s 1s 1s 1s 1s 1s (1s <<! 4l <: i16)
           <:
-          u8)
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     in
-    let adjacent_3_combined:u8 =
+    let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 adjacent_3_combined
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 4l 0l 0l 0l 4l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 4l 0l 0l 0l 4l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    in
+    let lower_3_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+      Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_3_combined
     in
-    let lower_3_:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_3_combined in
     let serialized:t_Array u8 (sz 19) =
       Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
         ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
@@ -102,7 +112,7 @@ let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
           <:
           t_Slice u8)
     in
-    let upper_3_:u8 =
+    let upper_3_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
       Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_3_combined
     in
     let serialized:t_Array u8 (sz 19) =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti
index 74c8d9c15..58e2355b6 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti
@@ -3,5 +3,5 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment
 open Core
 open FStar.Mul
 
-val serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst
index be78d6aba..a8ea63851 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst
@@ -12,7 +12,7 @@ let deserialize_to_unsigned_when_eta_is_2_ (bytes: t_Slice u8) =
       in
       ()
   in
-  let bytes_in_simd_unit:u8 =
+  let bytes_in_simd_unit:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (cast (bytes.[ sz 2 ] <: u8) <: i32)
       (cast (bytes.[ sz 2 ] <: u8) <: i32)
       (((cast (bytes.[ sz 2 ] <: u8) <: i32) <<! 8l <: i32) |. (cast (bytes.[ sz 1 ] <: u8) <: i32)
@@ -26,15 +26,17 @@ let deserialize_to_unsigned_when_eta_is_2_ (bytes: t_Slice u8) =
       (cast (bytes.[ sz 0 ] <: u8) <: i32)
       (cast (bytes.[ sz 0 ] <: u8) <: i32)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 bytes_in_simd_unit
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 5l 2l 7l 4l 1l 6l 3l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 5l 2l 7l 4l 1l 6l 3l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
     (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK
 
       <:
-      u8)
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let deserialize_to_unsigned_when_eta_is_4_ (bytes: t_Slice u8) =
   let _:Prims.unit =
@@ -45,7 +47,7 @@ let deserialize_to_unsigned_when_eta_is_4_ (bytes: t_Slice u8) =
       in
       ()
   in
-  let bytes_in_simd_unit:u8 =
+  let bytes_in_simd_unit:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (cast (bytes.[ sz 3 ] <: u8) <: i32)
       (cast (bytes.[ sz 3 ] <: u8) <: i32)
       (cast (bytes.[ sz 2 ] <: u8) <: i32)
@@ -55,15 +57,17 @@ let deserialize_to_unsigned_when_eta_is_4_ (bytes: t_Slice u8) =
       (cast (bytes.[ sz 0 ] <: u8) <: i32)
       (cast (bytes.[ sz 0 ] <: u8) <: i32)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 bytes_in_simd_unit
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
     (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_4___COEFFICIENT_MASK
 
       <:
-      u8)
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let deserialize_to_unsigned (v_ETA: usize) (serialized: t_Slice u8) =
   match cast (v_ETA <: usize) <: u8 with
@@ -76,56 +80,67 @@ let deserialize_to_unsigned (v_ETA: usize) (serialized: t_Slice u8) =
         Rust_primitives.Hax.t_Never)
 
 let deserialize (v_ETA: usize) (serialized: t_Slice u8) =
-  let unsigned:u8 = deserialize_to_unsigned v_ETA serialized in
+  let unsigned:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    deserialize_to_unsigned v_ETA serialized
+  in
   Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (
           cast (v_ETA <: usize) <: i32)
       <:
-      u8)
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
     unsigned
 
-let serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_eta_is_2_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+     =
   let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in
-  let simd_unit_shifted:u8 =
+  let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           serialize_when_eta_is_2___ETA
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       simd_unit
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 29l 0l 29l 0l 29l 0l 29l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 29l 0l 29l 0l 29l 0l 29l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 29l adjacent_2_combined
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
           (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
           (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 adjacent_4_combined
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 0s 0s 0s 0s 0s 0s (1s <<! 6l <: i16) 1s 0s 0s
           0s 0s 0s 0s (1s <<! 6l <: i16) 1s
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_6_combined:u8 =
+  let adjacent_6_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_4_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 0l 0l 4l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 0l 0l 4l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_6_combined:u8 =
+  let adjacent_6_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_6_combined
   in
-  let adjacent_6_combined:u8 =
+  let adjacent_6_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_sllv_epi32 adjacent_6_combined
-      (Libcrux_intrinsics.Avx2_extract.mm_set_epi32 0l 0l 0l 20l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm_set_epi32 0l 0l 0l 20l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec128)
   in
-  let adjacent_6_combined:u8 =
+  let adjacent_6_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_srli_epi64 20l adjacent_6_combined
   in
   let serialized:t_Array u8 (sz 16) =
@@ -158,35 +173,42 @@ let serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
       <:
       Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
 
-let serialize_when_eta_is_4_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_eta_is_4_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+     =
   let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in
-  let simd_unit_shifted:u8 =
+  let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           serialize_when_eta_is_4___ETA
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       simd_unit
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined
       (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy 240uy
           240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec128)
   in
   let serialized:t_Array u8 (sz 16) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
@@ -218,7 +240,7 @@ let serialize_when_eta_is_4_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
       <:
       Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
 
-let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
   match cast (v_OUTPUT_SIZE <: usize) <: u8 with
   | 3uy -> serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit
   | 4uy -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti
index 45782f6dc..11a0e04cf 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti
@@ -12,22 +12,26 @@ let serialize_when_eta_is_2___ETA: i32 = 2l
 let serialize_when_eta_is_4___ETA: i32 = 4l
 
 val deserialize_to_unsigned_when_eta_is_2_ (bytes: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val deserialize_to_unsigned_when_eta_is_4_ (bytes: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val deserialize_to_unsigned (v_ETA: usize) (serialized: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val deserialize (v_ETA: usize) (serialized: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize_when_eta_is_2_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_eta_is_4_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize_when_eta_is_4_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst
index 929fa141e..c7012e6cb 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst
@@ -12,7 +12,7 @@ let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) =
       in
       ()
   in
-  let serialized_lower:u8 =
+  let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ {
             Core.Ops.Range.f_start = sz 0;
             Core.Ops.Range.f_end = sz 16
@@ -22,7 +22,7 @@ let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let serialized_upper:u8 =
+  let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ {
             Core.Ops.Range.f_start = sz 2;
             Core.Ops.Range.f_end = sz 18
@@ -32,31 +32,33 @@ let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let serialized:u8 =
+  let serialized:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_m128i serialized_upper serialized_lower
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 11y
           10y 9y (-1y) 9y 8y 7y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) 4y 3y 2y (-1y) 2y 1y 0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
       (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_when_gamma1_is_2_pow_17___GAMMA1_TIMES_2_MASK
 
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_when_gamma1_is_2_pow_17___GAMMA1
 
       <:
-      u8)
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
     coefficients
 
 let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) =
@@ -68,7 +70,7 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) =
       in
       ()
   in
-  let serialized_lower:u8 =
+  let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ {
             Core.Ops.Range.f_start = sz 0;
             Core.Ops.Range.f_end = sz 16
@@ -78,7 +80,7 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let serialized_upper:u8 =
+  let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ {
             Core.Ops.Range.f_start = sz 4;
             Core.Ops.Range.f_end = sz 20
@@ -88,31 +90,33 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let serialized:u8 =
+  let serialized:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_m128i serialized_upper serialized_lower
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 10y
           9y 8y (-1y) 8y 7y 6y (-1y) 9y 8y 7y (-1y) 7y 6y 5y (-1y) 4y 3y 2y (-1y) 2y 1y 0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
       (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_when_gamma1_is_2_pow_19___GAMMA1_TIMES_2_MASK
 
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_when_gamma1_is_2_pow_19___GAMMA1
 
       <:
-      u8)
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
     coefficients
 
 let deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) =
@@ -125,36 +129,45 @@ let deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) =
         <:
         Rust_primitives.Hax.t_Never)
 
-let serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_gamma1_is_2_pow_17_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+     =
   let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
-  let simd_unit_shifted:u8 =
+  let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           serialize_when_gamma1_is_2_pow_17___GAMMA1
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       simd_unit
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 14l 0l 14l 0l 14l 0l 14l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 14l 0l 14l 0l 14l 0l 14l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 14l adjacent_2_combined
   in
-  let every_second_element:u8 =
+  let every_second_element:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_2_combined
   in
-  let every_second_element_shifted:u8 =
+  let every_second_element_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 36l every_second_element
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_2_combined every_second_element_shifted
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 adjacent_4_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 28L 0L 28L 0L <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 28L 0L 28L 0L
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+  in
+  let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+    Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
   in
-  let lower_4_:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in
   let serialized:t_Array u8 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
       ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
@@ -172,7 +185,7 @@ let serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  let upper_4_:u8 =
+  let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined
   in
   let serialized:t_Array u8 (sz 32) =
@@ -205,31 +218,38 @@ let serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
       <:
       Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
 
-let serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_gamma1_is_2_pow_19_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+     =
   let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
-  let simd_unit_shifted:u8 =
+  let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           serialize_when_gamma1_is_2_pow_19___GAMMA1
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       simd_unit
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_2_combined
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y
           10y 9y 8y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y 10y 9y 8y 4y 3y 2y 1y
           0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+  in
+  let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+    Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
   in
-  let lower_4_:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in
   let serialized:t_Array u8 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
       ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
@@ -247,7 +267,7 @@ let serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  let upper_4_:u8 =
+  let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined
   in
   let serialized:t_Array u8 (sz 32) =
@@ -280,7 +300,7 @@ let serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
       <:
       Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
 
-let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
   match cast (v_OUTPUT_SIZE <: usize) <: u8 with
   | 18uy -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit
   | 20uy -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti
index 655c1c899..09917efd7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti
@@ -18,19 +18,23 @@ let serialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l <<! 17l
 let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = 1l <<! 19l
 
 val deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize_when_gamma1_is_2_pow_17_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize_when_gamma1_is_2_pow_19_
+      (v_OUTPUT_SIZE: usize)
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8)
+val serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
     : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst
index f60e7085a..cf9feff51 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst
@@ -3,8 +3,8 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.T0
 open Core
 open FStar.Mul
 
-let change_interval (simd_unit: u8) =
-  let interval_end:u8 =
+let change_interval (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+  let interval_end:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <<!
         (Libcrux_ml_dsa.Constants.v_BITS_IN_LOWER_PART_OF_T -! sz 1 <: usize)
         <:
@@ -38,63 +38,79 @@ let deserialize (serialized: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let serialized:u8 =
+  let serialized:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized_extended <: t_Slice u8)
   in
-  let serialized:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set_m128i serialized serialized in
-  let coefficients:u8 =
+  let serialized:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set_m128i serialized serialized
+  in
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 12y 11y (-1y) 11y 10y 9y (-1y)
           (-1y) 9y 8y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) (-1y) 4y 3y (-1y) 3y 2y 1y (-1y) (-1y) 1y
           0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 3l 6l 1l 4l 7l 2l 5l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 3l 6l 1l 4l 7l 2l 5l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
-      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__COEFFICIENT_MASK <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__COEFFICIENT_MASK
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   change_interval coefficients
 
-let serialize (simd_unit: u8) =
+let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
   let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in
-  let simd_unit:u8 = change_interval simd_unit in
-  let adjacent_2_combined:u8 =
+  let simd_unit:Libcrux_intrinsics.Avx2_extract.t_Vec256 = change_interval simd_unit in
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 19l 0l 19l 0l 19l 0l 19l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 19l 0l 19l 0l 19l 0l 19l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 19l adjacent_2_combined
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 4l 2l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 4l 2l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 6l 0l 6l 0l 6l 0l 6l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 6l 0l 6l 0l 6l 0l 6l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 6l adjacent_4_combined
   in
-  let second_4_combined:u8 =
+  let second_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_4_combined
   in
-  let least_12_bits_shifted_up:u8 =
+  let least_12_bits_shifted_up:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 52l second_4_combined
   in
-  let bits_sequential:u8 =
+  let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_4_combined least_12_bits_shifted_up
   in
-  let bits_sequential:u8 =
+  let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 bits_sequential
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 0L 0L 12L 0L <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 0L 0L 12L 0L
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+  in
+  let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+    Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 bits_sequential
   in
-  let bits_sequential:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 bits_sequential in
   let serialized:t_Array u8 (sz 16) =
     Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized bits_sequential
   in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti
index a8bc01c8f..6ecaf9832 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti
@@ -3,10 +3,13 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.T0
 open Core
 open FStar.Mul
 
-val change_interval (simd_unit: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val change_interval (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 let deserialize__COEFFICIENT_MASK: i32 = (1l <<! 13l <: i32) -! 1l
 
-val deserialize (serialized: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val deserialize (serialized: t_Slice u8)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize (simd_unit: u8) : Prims.Pure (t_Array u8 (sz 13)) Prims.l_True (fun _ -> Prims.l_True)
+val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure (t_Array u8 (sz 13)) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst
index c2206218a..5c03793af 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst
@@ -3,27 +3,35 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.T1
 open Core
 open FStar.Mul
 
-let serialize (simd_unit: u8) =
+let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
   let serialized:t_Array u8 (sz 24) = Rust_primitives.Hax.repeat 0uy (sz 24) in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 22l 0l 22l 0l 22l 0l 22l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 22l 0l 22l 0l 22l 0l 22l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_2_combined:u8 =
+  let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 22l adjacent_2_combined
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 6l 4l 0l 0l 2l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 6l 4l 0l 0l 2l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let adjacent_4_combined:u8 =
+  let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_4_combined
   in
-  let lower_4_:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in
+  let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+    Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
+  in
   let serialized:t_Array u8 (sz 24) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
       ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
@@ -41,7 +49,7 @@ let serialize (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  let upper_4_:u8 =
+  let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined
   in
   let serialized:t_Array u8 (sz 24) =
@@ -100,21 +108,27 @@ let deserialize (bytes: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let bytes_loaded:u8 =
+  let bytes_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (bytes_extended <: t_Slice u8)
   in
-  let bytes_loaded:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set_m128i bytes_loaded bytes_loaded in
-  let coefficients:u8 =
+  let bytes_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set_m128i bytes_loaded bytes_loaded
+  in
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 bytes_loaded
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 9y 8y (-1y) (-1y) 8y 7y (-1y)
           (-1y) 7y 6y (-1y) (-1y) 6y 5y (-1y) (-1y) 4y 3y (-1y) (-1y) 3y 2y (-1y) (-1y) 2y 1y (-1y)
           (-1y) 1y 0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
-    (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__COEFFICIENT_MASK <: u8)
+    (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__COEFFICIENT_MASK
+      <:
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti
index 7999a014d..53c46df38 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti
@@ -5,6 +5,8 @@ open FStar.Mul
 
 let deserialize__COEFFICIENT_MASK: i32 = (1l <<! 10l <: i32) -! 1l
 
-val serialize (simd_unit: u8) : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True)
+val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True)
 
-val deserialize (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val deserialize (bytes: t_Slice u8)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst
index 72db9fe4d..51a492f62 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst
@@ -4,55 +4,91 @@ open Core
 open FStar.Mul
 
 let ntt_at_layer_7_and_6___mul
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
-      (zeta: u8)
+      (zeta: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       (step_by: usize)
-      (field_modulus inverse_of_modulus_mod_montgomery_r: u8)
+      (field_modulus inverse_of_modulus_mod_montgomery_r: Libcrux_intrinsics.Avx2_extract.t_Vec256)
      =
-  let prod02:u8 =
-    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (re.[ index +! step_by <: usize ] <: u8) zeta
+  let prod02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (re.[ index +! step_by <: usize ]
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      zeta
   in
-  let prod13:u8 =
+  let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32
           245l
-          (re.[ index +! step_by <: usize ] <: u8)
+          (re.[ index +! step_by <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l zeta
         <:
-        u8)
-      (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l zeta <: u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let k02:u8 =
+  let k02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 prod02 inverse_of_modulus_mod_montgomery_r
   in
-  let k13:u8 =
+  let k13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 prod13 inverse_of_modulus_mod_montgomery_r
   in
-  let c02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k02 field_modulus in
-  let c13:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k13 field_modulus in
-  let res02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod02 c02 in
-  let res13:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in
-  let res02_shifted:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 in
-  let t:u8 = Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13 in
-  let re:t_Array u8 (sz 32) =
+  let c02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k02 field_modulus
+  in
+  let c13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 k13 field_modulus
+  in
+  let res02:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod02 c02
+  in
+  let res13:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13
+  in
+  let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02
+  in
+  let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
       (index +! step_by <: usize)
-      (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ index ] <: u8) t <: u8)
+      (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ index ]
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
+          t
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
       index
-      (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ index ] <: u8) t <: u8)
+      (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ index ]
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256)
+          t
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   re
 
-let butterfly_2_ (a b: u8) (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32) =
-  let a_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a in
-  let b_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b in
-  let summands:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled in
-  let zeta_multiplicands:u8 =
+let butterfly_2_
+      (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32)
+     =
+  let a_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a
+  in
+  let b_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b
+  in
+  let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled
+  in
+  let zeta_multiplicands:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 a_shuffled b_shuffled
   in
-  let zetas:u8 =
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta_b3
       zeta_b2
       zeta_a3
@@ -62,25 +98,42 @@ let butterfly_2_ (a b: u8) (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta
       zeta_a1
       zeta_a0
   in
-  let zeta_products:u8 =
+  let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply zeta_multiplicands zetas
   in
-  let add_terms:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add summands zeta_products in
-  let sub_terms:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract summands zeta_products in
-  let a_terms_shuffled:u8 =
+  let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add summands zeta_products
+  in
+  let sub_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract summands zeta_products
+  in
+  let a_terms_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 add_terms sub_terms
   in
-  let b_terms_shuffled:u8 =
+  let b_terms_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 add_terms sub_terms
   in
-  let a_out:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_terms_shuffled in
-  let b_out:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_terms_shuffled in
-  a_out, b_out <: (u8 & u8)
+  let a_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_terms_shuffled
+  in
+  let b_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_terms_shuffled
+  in
+  a_out, b_out
+  <:
+  (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let butterfly_4_ (a b: u8) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32) =
-  let summands:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a b in
-  let zeta_multiplicands:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 a b in
-  let zetas:u8 =
+let butterfly_4_
+      (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32)
+     =
+  let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a b
+  in
+  let zeta_multiplicands:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 a b
+  in
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta_b1
       zeta_b1
       zeta_a1
@@ -90,281 +143,380 @@ let butterfly_4_ (a b: u8) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32) =
       zeta_a0
       zeta_a0
   in
-  let zeta_products:u8 =
+  let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply zeta_multiplicands zetas
   in
-  let add_terms:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add summands zeta_products in
-  let sub_terms:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract summands zeta_products in
-  let a_out:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 add_terms sub_terms in
-  let b_out:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 add_terms sub_terms in
-  a_out, b_out <: (u8 & u8)
+  let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add summands zeta_products
+  in
+  let sub_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract summands zeta_products
+  in
+  let a_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 add_terms sub_terms
+  in
+  let b_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 add_terms sub_terms
+  in
+  a_out, b_out
+  <:
+  (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let butterfly_8_ (a b: u8) (zeta0 zeta1: i32) =
-  let summands:u8 =
+let butterfly_8_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32) =
+  let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_m128i (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128
           b
         <:
-        u8)
-      (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 a <: u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec128)
+      (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 a
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec128)
   in
-  let zeta_multiplicands:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l b a in
-  let zetas:u8 =
+  let zeta_multiplicands:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l b a
+  in
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 zeta1 zeta1 zeta1 zeta0 zeta0 zeta0 zeta0
   in
-  let zeta_products:u8 =
+  let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply zeta_multiplicands zetas
   in
-  let add_terms:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add summands zeta_products in
-  let sub_terms:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract summands zeta_products in
-  let a_out:u8 =
+  let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add summands zeta_products
+  in
+  let sub_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract summands zeta_products
+  in
+  let a_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_m128i (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128
           sub_terms
         <:
-        u8)
-      (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 add_terms <: u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec128)
+      (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 add_terms
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec128)
+  in
+  let b_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l sub_terms add_terms
   in
-  let b_out:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l sub_terms add_terms in
-  a_out, b_out <: (u8 & u8)
+  a_out, b_out
+  <:
+  (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let invert_ntt_at_layer_0_ (simd_unit: u8) (zeta0 zeta1 zeta2 zeta3: i32) =
-  let zetas:u8 =
+let invert_ntt_at_layer_0_
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta0 zeta1 zeta2 zeta3: i32)
+     =
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta3 0l zeta2 0l zeta1 0l zeta0 0l
   in
-  let add_by_signs:u8 =
+  let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) 1l (-1l) 1l (-1l) 1l (-1l) 1l
   in
-  let add_by:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 177l simd_unit in
-  let add_by:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs in
-  let sums:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by in
-  let products:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas in
+  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 177l simd_unit
+  in
+  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs
+  in
+  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by
+  in
+  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas
+  in
   Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l sums products
 
-let invert_ntt_at_layer_1_ (simd_unit: u8) (zeta0 zeta1: i32) =
-  let zetas:u8 =
+let invert_ntt_at_layer_1_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32) =
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 zeta1 0l 0l zeta0 zeta0 0l 0l
   in
-  let add_by_signs:u8 =
+  let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) (-1l) 1l 1l (-1l) (-1l) 1l 1l
   in
-  let add_by:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 78l simd_unit in
-  let add_by:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs in
-  let sums:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by in
-  let products:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas in
+  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 78l simd_unit
+  in
+  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs
+  in
+  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by
+  in
+  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas
+  in
   Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 204l sums products
 
-let invert_ntt_at_layer_2_ (simd_unit: u8) (zeta: i32) =
-  let zetas:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta zeta zeta zeta 0l 0l 0l 0l in
-  let add_by_signs:u8 =
+let invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i32) =
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta zeta zeta zeta 0l 0l 0l 0l
+  in
+  let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) (-1l) (-1l) (-1l) 1l 1l 1l 1l
   in
-  let add_by:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 78l simd_unit in
-  let add_by:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs in
-  let sums:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by in
-  let products:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas in
+  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 78l simd_unit
+  in
+  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs
+  in
+  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by
+  in
+  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas
+  in
   Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 240l sums products
 
 let ntt_at_layer_0___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta_0_ zeta_1_ zeta_2_ zeta_3_ zeta_4_ zeta_5_ zeta_6_ zeta_7_: i32)
      =
-  let a, b:(u8 & u8) =
-    butterfly_2_ (re.[ index ] <: u8) (re.[ index +! sz 1 <: usize ] <: u8) zeta_0_ zeta_1_ zeta_2_
-      zeta_3_ zeta_4_ zeta_5_ zeta_6_ zeta_7_
+  let a, b:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    butterfly_2_ (re.[ index ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (re.[ index +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) zeta_0_ zeta_1_
+      zeta_2_ zeta_3_ zeta_4_ zeta_5_ zeta_6_ zeta_7_
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index a
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) b
   in
   re
 
-let ntt_at_layer_0_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) =
+let ntt_at_layer_0_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 0) 2091667l 3407706l 2316500l 3817976l (-3342478l) 2244091l
       (-2446433l) (-3562462l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 2) 266997l 2434439l (-1235728l) 3513181l (-3520352l) (-3759364l)
       (-1197226l) (-3193378l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 4) 900702l 1859098l 909542l 819034l 495491l (-1613174l) (-43260l)
       (-522500l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 6) (-655327l) (-3122442l) 2031748l 3207046l (-3556995l) (-525098l)
       (-768622l) (-3595838l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 8) 342297l 286988l (-2437823l) 4108315l 3437287l (-3342277l)
       1735879l 203044l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 10) 2842341l 2691481l (-2590150l) 1265009l 4055324l 1247620l
       2486353l 1595974l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 12) (-3767016l) 1250494l 2635921l (-3548272l) (-2994039l) 1869119l
       1903435l (-1050970l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 14) (-1333058l) 1237275l (-3318210l) (-1430225l) (-451100l)
       1312455l 3306115l (-1962642l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 16) (-1279661l) 1917081l (-2546312l) (-1374803l) 1500165l 777191l
       2235880l 3406031l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 18) (-542412l) (-2831860l) (-1671176l) (-1846953l) (-2584293l)
       (-3724270l) 594136l (-3776993l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 20) (-2013608l) 2432395l 2454455l (-164721l) 1957272l 3369112l
       185531l (-1207385l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 22) (-3183426l) 162844l 1616392l 3014001l 810149l 1652634l
       (-3694233l) (-1799107l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 24) (-3038916l) 3523897l 3866901l 269760l 2213111l (-975884l)
       1717735l 472078l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 26) (-426683l) 1723600l (-1803090l) 1910376l (-1667432l)
       (-1104333l) (-260646l) (-3833893l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 28) (-2939036l) (-2235985l) (-420899l) (-2286327l) 183443l
       (-976891l) 1612842l (-3545687l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_0___round re (sz 30) (-554416l) 3919660l (-48306l) (-1362209l) 3937738l 1400424l
       (-846154l) 1976782l
   in
   re
 
 let ntt_at_layer_1___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32)
      =
-  let a, b:(u8 & u8) =
-    butterfly_4_ (re.[ index ] <: u8)
-      (re.[ index +! sz 1 <: usize ] <: u8)
+  let a, b:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    butterfly_4_ (re.[ index ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (re.[ index +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       zeta_0_
       zeta_1_
       zeta_2_
       zeta_3_
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index a
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) b
   in
   re
 
-let ntt_at_layer_1_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) =
+let ntt_at_layer_1_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 0) (-3930395l) (-1528703l) (-3677745l) (-3041255l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 2) (-1452451l) 3475950l 2176455l (-1585221l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 4) (-1257611l) 1939314l (-4083598l) (-1000202l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 6) (-3190144l) (-3157330l) (-3632928l) 126922l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 8) 3412210l (-983419l) 2147896l 2715295l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 10) (-2967645l) (-3693493l) (-411027l) (-2477047l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 12) (-671102l) (-1228525l) (-22981l) (-1308169l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 14) (-381987l) 1349076l 1852771l (-1430430l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 16) (-3343383l) 264944l 508951l 3097992l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 18) 44288l (-1100098l) 904516l 3958618l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 20) (-3724342l) (-8578l) 1653064l (-3249728l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 22) 2389356l (-210977l) 759969l (-1316856l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 24) 189548l (-3553272l) 3159746l (-1851402l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 26) (-2409325l) (-177440l) 1315589l 1341330l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 28) 1285669l (-1584928l) (-812732l) (-1439742l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_1___round re (sz 30) (-3019102l) (-3881060l) (-3628969l) 3839961l
   in
   re
 
-let ntt_at_layer_2___round (re: t_Array u8 (sz 32)) (index: usize) (zeta_0_ zeta_1_: i32) =
-  let a, b:(u8 & u8) =
-    butterfly_8_ (re.[ index ] <: u8) (re.[ index +! sz 1 <: usize ] <: u8) zeta_0_ zeta_1_
+let ntt_at_layer_2___round
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      (index: usize)
+      (zeta_0_ zeta_1_: i32)
+     =
+  let a, b:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    butterfly_8_ (re.[ index ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (re.[ index +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      zeta_0_
+      zeta_1_
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index a
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) b
   in
   re
 
-let ntt_at_layer_2_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 0) 2706023l 95776l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 2) 3077325l 3530437l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 4) (-1661693l) (-3592148l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 6) (-2537516l) 3915439l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 8) (-3861115l) (-3043716l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 10) 3574422l (-2867647l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 12) 3539968l (-300467l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 14) 2348700l (-539299l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 16) (-1699267l) (-1643818l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 18) 3505694l (-3821735l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 20) 3507263l (-2140649l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 22) (-1600420l) 3699596l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 24) 811944l 531354l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 26) 954230l 3881043l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 28) 3900724l (-2556880l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2___round re (sz 30) 2071892l (-2797779l) in
+let ntt_at_layer_2_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 0) 2706023l 95776l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 2) 3077325l 3530437l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 4) (-1661693l) (-3592148l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 6) (-2537516l) 3915439l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 8) (-3861115l) (-3043716l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 10) 3574422l (-2867647l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 12) 3539968l (-300467l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 14) 2348700l (-539299l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 16) (-1699267l) (-1643818l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 18) 3505694l (-3821735l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 20) 3507263l (-2140649l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 22) (-1600420l) 3699596l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 24) 811944l 531354l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 26) 954230l 3881043l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 28) 3900724l (-2556880l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_2___round re (sz 30) 2071892l (-2797779l)
+  in
   re
 
-let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
-  let field_modulus:u8 =
+let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
   in
-  let inverse_of_modulus_mod_montgomery_r:u8 =
+  let inverse_of_modulus_mod_montgomery_r:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_dsa.Simd.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R
             <:
             u64)
         <:
         i32)
   in
-  let zeta7:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 25847l in
-  let zeta60:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-2608894l) in
-  let zeta61:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-518909l) in
-  let re:t_Array u8 (sz 32) =
+  let zeta7:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 25847l
+  in
+  let zeta60:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-2608894l)
+  in
+  let zeta61:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-518909l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0)
       zeta7
@@ -372,7 +524,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0 +! sz 1 <: usize)
       zeta7
@@ -380,7 +532,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0 +! sz 2 <: usize)
       zeta7
@@ -388,7 +540,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0 +! sz 3 <: usize)
       zeta7
@@ -397,7 +549,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 8)
       zeta7
@@ -405,7 +557,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 8 +! sz 1 <: usize)
       zeta7
@@ -413,7 +565,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 8 +! sz 2 <: usize)
       zeta7
@@ -421,7 +573,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 8 +! sz 3 <: usize)
       zeta7
@@ -430,7 +582,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0)
       zeta60
@@ -438,7 +590,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0 +! sz 1 <: usize)
       zeta60
@@ -446,7 +598,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0 +! sz 2 <: usize)
       zeta60
@@ -454,7 +606,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 0 +! sz 3 <: usize)
       zeta60
@@ -463,7 +615,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 16)
       zeta61
@@ -471,7 +623,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 16 +! sz 1 <: usize)
       zeta61
@@ -479,7 +631,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 16 +! sz 2 <: usize)
       zeta61
@@ -487,7 +639,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 16 +! sz 3 <: usize)
       zeta61
@@ -496,7 +648,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4)
       zeta7
@@ -504,7 +656,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4 +! sz 1 <: usize)
       zeta7
@@ -512,7 +664,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4 +! sz 2 <: usize)
       zeta7
@@ -520,7 +672,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4 +! sz 3 <: usize)
       zeta7
@@ -529,7 +681,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 12)
       zeta7
@@ -537,7 +689,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 12 +! sz 1 <: usize)
       zeta7
@@ -545,7 +697,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 12 +! sz 2 <: usize)
       zeta7
@@ -553,7 +705,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 12 +! sz 3 <: usize)
       zeta7
@@ -562,7 +714,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4)
       zeta60
@@ -570,7 +722,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4 +! sz 1 <: usize)
       zeta60
@@ -578,7 +730,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4 +! sz 2 <: usize)
       zeta60
@@ -586,7 +738,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 4 +! sz 3 <: usize)
       zeta60
@@ -595,7 +747,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       inverse_of_modulus_mod_montgomery_r
   in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 20)
       zeta61
@@ -603,7 +755,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 20 +! sz 1 <: usize)
       zeta61
@@ -611,7 +763,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 20 +! sz 2 <: usize)
       zeta61
@@ -619,7 +771,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
       field_modulus
       inverse_of_modulus_mod_montgomery_r
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     ntt_at_layer_7_and_6___mul re
       (sz 20 +! sz 3 <: usize)
       zeta61
@@ -632,86 +784,155 @@ let ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32)) =
 
 let ntt_at_layer_5_to_3___round
       (v_STEP v_STEP_BY: usize)
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta: i32)
      =
-  let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 zeta in
+  let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 zeta
+  in
   let offset:usize =
     ((index *! v_STEP <: usize) *! sz 2 <: usize) /!
     Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Folds.fold_range offset
       (offset +! v_STEP_BY <: usize)
       (fun re temp_1_ ->
-          let re:t_Array u8 (sz 32) = re in
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in
           let _:usize = temp_1_ in
           true)
       re
       (fun re j ->
-          let re:t_Array u8 (sz 32) = re in
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in
           let j:usize = j in
-          let t:u8 =
+          let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
             Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply (re.[ j +! v_STEP_BY <: usize ]
                 <:
-                u8)
+                Libcrux_intrinsics.Avx2_extract.t_Vec256)
               rhs
           in
-          let re:t_Array u8 (sz 32) =
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
               (j +! v_STEP_BY <: usize)
-              (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ j ] <: u8) t <: u8)
+              (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ j ]
+                    <:
+                    Libcrux_intrinsics.Avx2_extract.t_Vec256)
+                  t
+                <:
+                Libcrux_intrinsics.Avx2_extract.t_Vec256)
           in
-          let re:t_Array u8 (sz 32) =
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
               j
-              (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ j ] <: u8) t <: u8)
+              (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ j ]
+                    <:
+                    Libcrux_intrinsics.Avx2_extract.t_Vec256)
+                  t
+                <:
+                Libcrux_intrinsics.Avx2_extract.t_Vec256)
           in
           re)
   in
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   re
 
-let ntt_at_layer_5_to_3_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 0) 237124l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 1) (-777960l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 2) (-876248l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 3) 466468l in
+let ntt_at_layer_5_to_3_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 0) 237124l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 1) (-777960l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 2) (-876248l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 3) 466468l
+  in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 0) 1826347l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 1) 2353451l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 2) (-359251l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 3) (-2091905l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 4) 3119733l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 5) (-2884855l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 6) 3111497l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 7) 2680103l in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 0) 1826347l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 1) 2353451l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 2) (-359251l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 3) (-2091905l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 4) 3119733l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 5) (-2884855l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 6) 3111497l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 7) 2680103l
+  in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 0) 2725464l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 1) 1024112l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 2) (-1079900l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 3) 3585928l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 4) (-549488l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 5) (-1119584l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 6) 2619752l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 7) (-2108549l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 8) (-2118186l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 9) (-3859737l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 10) (-1399561l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 11) (-3277672l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 12) 1757237l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 13) (-19422l) in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 14) 4010497l in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 15) 280005l in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 0) 2725464l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 1) 1024112l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 2) (-1079900l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 3) 3585928l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 4) (-549488l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 5) (-1119584l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 6) 2619752l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 7) (-2108549l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 8) (-2118186l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 9) (-3859737l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 10) (-1399561l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 11) (-3277672l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 12) 1757237l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 13) (-19422l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 14) 4010497l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 15) 280005l
+  in
   let _:Prims.unit = () in
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   re
 
-let ntt (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = ntt_at_layer_7_and_6_ re in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_5_to_3_ re in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_2_ re in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_1_ re in
-  let re:t_Array u8 (sz 32) = ntt_at_layer_0_ re in
+let ntt (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = ntt_at_layer_7_and_6_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = ntt_at_layer_5_to_3_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = ntt_at_layer_2_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = ntt_at_layer_1_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = ntt_at_layer_0_ re in
+  let _:Prims.unit = () in
   re
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti
index b0253f5ed..3e8e8ddf7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti
@@ -12,12 +12,14 @@ let ntt_at_layer_5_to_3___STEP_1: usize = sz 1 <<! 4l
 let ntt_at_layer_5_to_3___STEP_2: usize = sz 1 <<! 3l
 
 val ntt_at_layer_7_and_6___mul
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
-      (zeta: u8)
+      (zeta: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       (step_by: usize)
-      (field_modulus inverse_of_modulus_mod_montgomery_r: u8)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+      (field_modulus inverse_of_modulus_mod_montgomery_r: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 let ntt_at_layer_5_to_3___STEP_BY: usize =
   ntt_at_layer_5_to_3___STEP /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT
@@ -34,66 +36,104 @@ let ntt_at_layer_7_and_6___STEP_BY_6_: usize =
 let ntt_at_layer_7_and_6___STEP_BY_7_: usize =
   sz 2 *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT
 
-val butterfly_2_ (a b: u8) (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32)
-    : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
-
-val butterfly_4_ (a b: u8) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32)
-    : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
-
-val butterfly_8_ (a b: u8) (zeta0 zeta1: i32)
-    : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_0_ (simd_unit: u8) (zeta0 zeta1 zeta2 zeta3: i32)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_1_ (simd_unit: u8) (zeta0 zeta1: i32)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2_ (simd_unit: u8) (zeta: i32)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val butterfly_2_
+      (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val butterfly_4_
+      (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val butterfly_8_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_0_
+      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta0 zeta1 zeta2 zeta3: i32)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_1_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i32)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val ntt_at_layer_0___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta_0_ zeta_1_ zeta_2_ zeta_3_ zeta_4_ zeta_5_ zeta_6_ zeta_7_: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val ntt_at_layer_0_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+val ntt_at_layer_0_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 val ntt_at_layer_1___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val ntt_at_layer_1_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+val ntt_at_layer_1_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val ntt_at_layer_2___round (re: t_Array u8 (sz 32)) (index: usize) (zeta_0_ zeta_1_: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+val ntt_at_layer_2___round
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      (index: usize)
+      (zeta_0_ zeta_1_: i32)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
-val ntt_at_layer_2_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+val ntt_at_layer_2_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 /// This is equivalent to the pqclean 0 and 1
 /// This does 32 Montgomery multiplications (192 multiplications).
 /// This is the same as in pqclean. The only difference is locality of registers.
-val ntt_at_layer_7_and_6_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+val ntt_at_layer_7_and_6_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 val ntt_at_layer_5_to_3___round
       (v_STEP v_STEP_BY: usize)
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 /// Layer 5, 4, 3
 /// Each layer does 16 Montgomery multiplications -> 3*16 = 48 total
 /// pqclean does 4 * 4 on each layer -> 48 total | plus 4 * 4 shuffles every time (48)
-val ntt_at_layer_5_to_3_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val ntt (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+val ntt_at_layer_5_to_3_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val ntt (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst
index 51c69e1a1..67e806244 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst
@@ -3,31 +3,37 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta
 open Core
 open FStar.Mul
 
-let shift_interval (v_ETA: usize) (coefficients: u8) =
+let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
   match cast (v_ETA <: usize) <: u8 with
   | 2uy ->
-    let quotient:u8 =
+    let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 coefficients
-        (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 26l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 26l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    in
+    let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+      Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 7l quotient
     in
-    let quotient:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 7l quotient in
-    let quotient:u8 =
+    let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 quotient
-        (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 5l <: u8)
+        (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 5l
+          <:
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
     in
-    let coefficients_mod_5_:u8 =
+    let coefficients_mod_5_:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
       Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 coefficients quotient
     in
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           (cast (v_ETA <: usize) <: i32)
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       coefficients_mod_5_
   | 4uy ->
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           (cast (v_ETA <: usize) <: i32)
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       coefficients
   | _ ->
     Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
@@ -36,7 +42,7 @@ let shift_interval (v_ETA: usize) (coefficients: u8) =
         Rust_primitives.Hax.t_Never)
 
 let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) =
-  let potential_coefficients:u8 =
+  let potential_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize_to_unsigned (sz 4) input
   in
   let (interval_boundary: i32):i32 =
@@ -49,11 +55,11 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) =
           <:
           Rust_primitives.Hax.t_Never)
   in
-  let compare_with_interval_boundary:u8 =
+  let compare_with_interval_boundary:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
           interval_boundary
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
       potential_coefficients
   in
   let good:i32 =
@@ -64,7 +70,9 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) =
   in
   let good_lower_half:i32 = good &. 15l in
   let good_upper_half:i32 = good >>! 4l in
-  let shifted:u8 = shift_interval v_ETA potential_coefficients in
+  let shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    shift_interval v_ETA potential_coefficients
+  in
   let lower_shuffles:t_Array u8 (sz 16) =
     Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half
           <:
@@ -72,11 +80,13 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) =
       <:
       usize ]
   in
-  let lower_shuffles:u8 =
+  let lower_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8)
   in
-  let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 shifted in
-  let lower_coefficients:u8 =
+  let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+    Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 shifted
+  in
+  let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients lower_shuffles
   in
   let output:t_Slice i32 =
@@ -104,11 +114,13 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) =
       <:
       usize ]
   in
-  let upper_shuffles:u8 =
+  let upper_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8)
   in
-  let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l shifted in
-  let upper_coefficients:u8 =
+  let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
+    Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l shifted
+  in
+  let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles
   in
   let output:t_Slice i32 =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fsti
index 43361f3bb..b18b2e3aa 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fsti
@@ -3,8 +3,8 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta
 open Core
 open FStar.Mul
 
-val shift_interval (v_ETA: usize) (coefficients: u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+val shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32)
     : Prims.Pure (t_Slice i32 & usize) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst
index 1ff5ab537..f3d66cf87 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst
@@ -26,32 +26,36 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) =
         <:
         t_Slice u8)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_u8 (serialized_extended <: t_Slice u8)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 coefficients
-      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 5l 4l 3l 0l 2l 1l 0l <: u8)
+      (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 5l 4l 3l 0l 2l 1l 0l
+        <:
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
-  let coefficients:u8 =
+  let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients
       (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y
           (-1y) 2y 1y 0y (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y (-1y) 2y 1y 0y
         <:
-        u8)
+        Libcrux_intrinsics.Avx2_extract.t_Vec256)
   in
   Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients
     (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 bytestream_to_potential_coefficients__COEFFICIENT_MASK
 
       <:
-      u8)
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let sample (input: t_Slice u8) (output: t_Slice i32) =
-  let field_modulus:u8 =
+  let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS
   in
-  let potential_coefficients:u8 = bytestream_to_potential_coefficients input in
-  let compare_with_field_modulus:u8 =
+  let potential_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    bytestream_to_potential_coefficients input
+  in
+  let compare_with_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 field_modulus potential_coefficients
   in
   let good:i32 =
@@ -69,13 +73,13 @@ let sample (input: t_Slice u8) (output: t_Slice i32) =
       <:
       usize ]
   in
-  let lower_shuffles:u8 =
+  let lower_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8)
   in
-  let lower_coefficients:u8 =
+  let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients
   in
-  let lower_coefficients:u8 =
+  let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients lower_shuffles
   in
   let output:t_Slice i32 =
@@ -103,13 +107,13 @@ let sample (input: t_Slice u8) (output: t_Slice i32) =
       <:
       usize ]
   in
-  let upper_shuffles:u8 =
+  let upper_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8)
   in
-  let upper_coefficients:u8 =
+  let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients
   in
-  let upper_coefficients:u8 =
+  let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 =
     Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles
   in
   let output:t_Slice i32 =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti
index 185397a4b..8d297cab8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti
@@ -6,7 +6,7 @@ open FStar.Mul
 let bytestream_to_potential_coefficients__COEFFICIENT_MASK: i32 = (1l <<! 23l <: i32) -! 1l
 
 val bytestream_to_potential_coefficients (serialized: t_Slice u8)
-    : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val sample (input: t_Slice u8) (output: t_Slice i32)
     : Prims.Pure (t_Slice i32 & usize) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
index e220b31db..548a6a706 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
@@ -4,16 +4,20 @@ open Core
 open FStar.Mul
 
 let v_ZERO (_: Prims.unit) =
-  Core.Convert.f_into #u8
+  Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
     #t_AVX2SIMDUnit
     #FStar.Tactics.Typeclasses.solve
-    (Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () <: u8)
+    (Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 ()
+      <:
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let from_coefficient_array (coefficient_array: t_Slice i32) =
-  Core.Convert.f_into #u8
+  Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
     #t_AVX2SIMDUnit
     #FStar.Tactics.Typeclasses.solve
-    (Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i32 coefficient_array <: u8)
+    (Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i32 coefficient_array
+      <:
+      Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let to_coefficient_array (x: t_AVX2SIMDUnit) =
   let coefficient_array:t_Array i32 (sz 8) = Rust_primitives.Hax.repeat 0l (sz 8) in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
index 052da1273..ec092f8da 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
@@ -3,14 +3,19 @@ module Libcrux_ml_dsa.Simd.Avx2.Vector_type
 open Core
 open FStar.Mul
 
-type t_AVX2SIMDUnit = { f_coefficients:u8 }
+type t_AVX2SIMDUnit = { f_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Core.Convert.t_From t_AVX2SIMDUnit u8 =
+let impl: Core.Convert.t_From t_AVX2SIMDUnit Libcrux_intrinsics.Avx2_extract.t_Vec256 =
   {
-    f_from_pre = (fun (coefficients: u8) -> true);
-    f_from_post = (fun (coefficients: u8) (out: t_AVX2SIMDUnit) -> true);
-    f_from = fun (coefficients: u8) -> { f_coefficients = coefficients } <: t_AVX2SIMDUnit
+    f_from_pre = (fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) -> true);
+    f_from_post
+    =
+    (fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_AVX2SIMDUnit) -> true);
+    f_from
+    =
+    fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) ->
+      { f_coefficients = coefficients } <: t_AVX2SIMDUnit
   }
 
 val v_ZERO: Prims.unit -> Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti
index 46926e5bb..d14d3a5c7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti
@@ -64,14 +64,14 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lhs
                 .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
               rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_subtract_pre
     =
     (fun
@@ -93,14 +93,14 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract lhs
                 .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
               rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_montgomery_multiply_by_constant_pre
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (constant: i32) -> true);
@@ -115,14 +115,14 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_montgomery_multiply_by_constant
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (constant: i32) ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply_by_constant simd_unit
                 .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
               constant
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_montgomery_multiply_pre
     =
     (fun
@@ -144,14 +144,14 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply lhs
                 .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
               rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_shift_left_then_reduce_pre
     =
     (fun (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
@@ -166,13 +166,13 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_shift_left_then_reduce
     =
     (fun (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.shift_left_then_reduce v_SHIFT_BY
               simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_power2round_pre
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
@@ -188,15 +188,16 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_power2round
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        let lower, upper:(u8 & u8) =
+        let lower, upper:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+          Libcrux_intrinsics.Avx2_extract.t_Vec256) =
           Libcrux_ml_dsa.Simd.Avx2.Arithmetic.power2round simd_unit
               .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
         in
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           lower,
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           upper
@@ -236,15 +237,16 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_decompose
     =
     (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        let lower, upper:(u8 & u8) =
+        let lower, upper:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+          Libcrux_intrinsics.Avx2_extract.t_Vec256) =
           Libcrux_ml_dsa.Simd.Avx2.Arithmetic.decompose v_GAMMA2
             simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
         in
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           lower,
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           upper
@@ -275,13 +277,13 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         ->
-        let count, hint:(usize & u8) =
+        let count, hint:(usize & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
           Libcrux_ml_dsa.Simd.Avx2.Arithmetic.compute_hint v_GAMMA2
             low.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             high.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
         in
         count,
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           hint
@@ -311,14 +313,14 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
         ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.use_hint v_GAMMA2
               simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
               hint.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_rejection_sample_less_than_field_modulus_pre
     =
     (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
@@ -393,10 +395,12 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_gamma1_deserialize
     =
     (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized <: u8));
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_commitment_serialize_pre
     =
     (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
@@ -443,10 +447,12 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_error_deserialize
     =
     (fun (v_ETA: usize) (serialized: t_Slice u8) ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize v_ETA serialized <: u8));
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize v_ETA serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_t0_serialize_pre
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
@@ -470,10 +476,12 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_t0_deserialize
     =
     (fun (serialized: t_Slice u8) ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.deserialize serialized <: u8));
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.deserialize serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_t1_serialize_pre
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
@@ -497,10 +505,12 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_t1_deserialize
     =
     (fun (serialized: t_Slice u8) ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.deserialize serialized <: u8));
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.deserialize serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_ntt_pre
     =
     (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> true);
@@ -514,24 +524,24 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_ntt
     =
     (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) ->
-        let result:t_Array u8 (sz 32) =
+        let result:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
           Libcrux_ml_dsa.Simd.Avx2.Ntt.ntt (Core.Array.impl_23__map #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
                 (sz 32)
-                #u8
+                #Libcrux_intrinsics.Avx2_extract.t_Vec256
                 simd_units
                 (fun x ->
                     let x:Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = x in
                     x.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients)
               <:
-              t_Array u8 (sz 32))
+              t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
         in
-        Core.Array.impl_23__map #u8
+        Core.Array.impl_23__map #Libcrux_intrinsics.Avx2_extract.t_Vec256
           (sz 32)
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           result
           (fun x ->
-              let x:u8 = x in
-              Core.Convert.f_into #u8
+              let x:Libcrux_intrinsics.Avx2_extract.t_Vec256 = x in
+              Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
                 #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
                 #FStar.Tactics.Typeclasses.solve
                 x
@@ -567,7 +577,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (zeta2: i32)
         (zeta3: i32)
         ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Ntt.invert_ntt_at_layer_0_ simd_unit
@@ -577,7 +587,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
               zeta2
               zeta3
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_invert_ntt_at_layer_1_pre
     =
     (fun
@@ -602,7 +612,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         (zeta0: i32)
         (zeta1: i32)
         ->
-        Core.Convert.f_into #u8
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
           #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
           #FStar.Tactics.Typeclasses.solve
           (Libcrux_ml_dsa.Simd.Avx2.Ntt.invert_ntt_at_layer_1_ simd_unit
@@ -610,7 +620,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
               zeta0
               zeta1
             <:
-            u8));
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
     f_invert_ntt_at_layer_2_pre
     =
     (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (zeta: i32) -> true);
@@ -625,12 +635,12 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
     f_invert_ntt_at_layer_2_
     =
     fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (zeta: i32) ->
-      Core.Convert.f_into #u8
+      Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
         #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
         #FStar.Tactics.Typeclasses.solve
         (Libcrux_ml_dsa.Simd.Avx2.Ntt.invert_ntt_at_layer_2_ simd_unit
               .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
             zeta
           <:
-          u8)
+          Libcrux_intrinsics.Avx2_extract.t_Vec256)
   }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Makefile b/libcrux-ml-dsa/proofs/fstar/extraction/Makefile
index 4f7a001a8..89505ac04 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Makefile
@@ -1,3 +1,6 @@
 SLOW_MODULES += 
 ADMIT_MODULES =
+FSTAR_INCLUDE_DIRS_EXTRA += $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec \
+	      $(shell git rev-parse --show-toplevel)/libcrux-intrinsics/proofs/fstar/extraction
+
 include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
index e8713dad5..95dad6932 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 

From 7026b9fb67311ef12b92ddd92f8d49112de0b73c Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Fri, 8 Nov 2024 21:10:29 +0100
Subject: [PATCH 011/142] ml-dsa restored

---
 libcrux-ml-dsa/proofs/fstar/extraction/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Makefile b/libcrux-ml-dsa/proofs/fstar/extraction/Makefile
index 89505ac04..f88297130 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Makefile
@@ -1,6 +1,7 @@
 SLOW_MODULES += 
 ADMIT_MODULES =
 FSTAR_INCLUDE_DIRS_EXTRA += $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec \
+	      $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec \
 	      $(shell git rev-parse --show-toplevel)/libcrux-intrinsics/proofs/fstar/extraction
 
 include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base

From a081805ba904d1c30c8d362133a9c8969a98b130 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 11 Nov 2024 09:53:29 +0000
Subject: [PATCH 012/142] spec fix

---
 libcrux-ml-kem/proofs/fstar/spec/Makefile       |  2 ++
 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst | 12 ++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile
index b4ce70a38..7520f4797 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile
@@ -1 +1,3 @@
+FSTAR_INCLUDE_DIRS_EXTRA += $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec
+
 include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
index a6114ea93..6b9cea5a4 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
@@ -221,11 +221,11 @@ let decode_then_decompress_u (#r:rank) (arr: t_Array u8 (v_C1_SIZE r)): vector r
       byte_decode_then_decompress (v d) slice
     )
 
-let compress_then_encode_v (u:usize{u == sz 4 \/ u == sz 5}): polynomial -> t_Array u8 (sz 32 *! u)
-  = compress_then_byte_encode (v u)
+let compress_then_encode_v (#r:rank): polynomial -> t_Array u8 (v_C2_SIZE r)
+  = compress_then_byte_encode (v (v_VECTOR_V_COMPRESSION_FACTOR r))
 
-let decode_then_decompress_v (u:usize{u == sz 4 \/ u == sz 5}): t_Array u8 (sz 32 *! u) -> polynomial
-  = byte_decode_then_decompress (v u)
+let decode_then_decompress_v (#r:rank): t_Array u8 (v_C2_SIZE r) -> polynomial
+  = byte_decode_then_decompress (v (v_VECTOR_V_COMPRESSION_FACTOR r)) 
 
 (** IND-CPA Functions *)
 
@@ -271,7 +271,7 @@ let ind_cpa_encrypt_unpacked r message randomness t_as_ntt matrix_A_as_ntt =
     let mu = decode_then_decompress_message message in
     let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in  
     let c1 = compress_then_encode_u #r u in
-    let c2 = compress_then_encode_v (v_VECTOR_V_COMPRESSION_FACTOR r) v in
+    let c2 = compress_then_encode_v #r v in
     concat c1 c2
 
 /// This function implements <strong>Algorithm 13</strong> of the
@@ -297,7 +297,7 @@ val ind_cpa_decrypt_unpacked (r:rank)
 let ind_cpa_decrypt_unpacked r ciphertext secret_as_ntt =
     let (c1,c2) = split ciphertext (v_C1_SIZE r) in
     let u = decode_then_decompress_u #r c1 in
-    let v = decode_then_decompress_v (v_VECTOR_V_COMPRESSION_FACTOR r) c2 in
+    let v = decode_then_decompress_v #r c2 in
     let w = poly_sub v (poly_inv_ntt (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in
     compress_then_encode_message w
 

From 392604e5d11a2a4ada815d169bf926a2198498d2 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 11 Nov 2024 11:36:54 +0100
Subject: [PATCH 013/142] fstar refresh

---
 .../Libcrux_intrinsics.Arm64_extract.fsti     |  2 +-
 .../Libcrux_intrinsics.Avx2_extract.fsti      |  2 +-
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     |  6 ++++--
 .../extraction/Libcrux_ml_kem.Serialize.fst   |  4 ++--
 .../extraction/Libcrux_ml_kem.Serialize.fsti  | 21 ++++++++++---------
 libcrux-ml-kem/src/ind_cpa.rs                 |  4 ++--
 libcrux-ml-kem/src/serialize.rs               | 17 ++++++++-------
 .../extraction/Libcrux_platform.Platform.fsti |  2 +-
 8 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
index d4014e6a8..a03c287ec 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index 16d93fb14..290b679a5 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 794773f44..53bae6ddb 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -738,7 +738,8 @@ let encrypt_unpacked
   let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext
       ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize)
-      (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR
+      (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_K
+          v_V_COMPRESSION_FACTOR
           v_C2_LEN
           #v_Vector
           v
@@ -881,7 +882,8 @@ let deserialize_then_decompress_u
           let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
               i
-              (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR
+              (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_K
+                  v_U_COMPRESSION_FACTOR
                   #v_Vector
                   u_bytes
                 <:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index b6aeb2798..86f3ca4fc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -777,7 +777,7 @@ let compress_then_serialize_ring_element_u
   result
 
 let compress_then_serialize_ring_element_v
-      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+      (v_K v_COMPRESSION_FACTOR v_OUT_LEN: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
@@ -862,7 +862,7 @@ let deserialize_then_decompress_10_
   re
 
 let deserialize_then_decompress_ring_element_u
-      (v_COMPRESSION_FACTOR: usize)
+      (v_K v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 91cb4979d..95e9c748b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -81,13 +81,14 @@ val deserialize_then_decompress_ring_element_v
       (serialized: t_Slice u8)
     : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires
-        (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) &&
-        (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize))
+        Spec.MLKEM.is_rank v_K /\
+        v v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        Seq.length serialized == 32 * v v_COMPRESSION_FACTOR)
       (ensures
         fun result ->
           let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
           Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
-          Spec.MLKEM.decode_then_decompress_v v_COMPRESSION_FACTOR serialized)
+          Spec.MLKEM.decode_then_decompress_v #v_K serialized)
 
 /// Only use with public values.
 /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`.
@@ -224,22 +225,22 @@ val compress_then_serialize_ring_element_u
             (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
 
 val compress_then_serialize_ring_element_v
-      (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+      (v_K v_COMPRESSION_FACTOR v_OUT_LEN: usize)
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (out: t_Slice u8)
     : Prims.Pure (t_Slice u8)
       (requires
-        (v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5) /\
-        v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ Seq.length out == v v_OUT_LEN /\
-        coefficients_field_modulus_range re)
+        Spec.MLKEM.is_rank v_K /\
+        v v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        Seq.length out == v v_OUT_LEN /\ coefficients_field_modulus_range re)
       (ensures
         fun out_future ->
           let out_future:t_Slice u8 = out_future in
           Core.Slice.impl__len #u8 out_future == Core.Slice.impl__len #u8 out /\
           out_future ==
-          Spec.MLKEM.compress_then_encode_v v_COMPRESSION_FACTOR
+          Spec.MLKEM.compress_then_encode_v #v_K
             (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
 
 val deserialize_then_decompress_10_
@@ -251,7 +252,7 @@ val deserialize_then_decompress_10_
       (fun _ -> Prims.l_True)
 
 val deserialize_then_decompress_ring_element_u
-      (v_COMPRESSION_FACTOR: usize)
+      (v_K v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (serialized: t_Slice u8)
@@ -263,7 +264,7 @@ val deserialize_then_decompress_ring_element_u
         fun result ->
           let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
           Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
-          Spec.MLKEM.byte_decode_then_decompress (v v_COMPRESSION_FACTOR) serialized)
+          Spec.MLKEM.byte_decode_then_decompress #v_K serialized)
 
 val serialize_uncompressed_ring_element
       (#v_Vector: Type0)
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 4891caff8..2657fd040 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -682,7 +682,7 @@ pub(crate) fn encrypt_unpacked<
     );
 
     // c_2 := Encode_{dv}(Compress_q(v,d_v))
-    compress_then_serialize_ring_element_v::<V_COMPRESSION_FACTOR, C2_LEN, Vector>(
+    compress_then_serialize_ring_element_v::<K, V_COMPRESSION_FACTOR, C2_LEN, Vector>(
         v,
         &mut ciphertext[C1_LEN..],
     );
@@ -808,7 +808,7 @@ fn deserialize_then_decompress_u<
                 Spec.MLKEM.poly_ntt (Spec.MLKEM.byte_decode_then_decompress (v $U_COMPRESSION_FACTOR)
                   (Seq.slice $ciphertext (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))
                     (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))))") });
-            u_as_ntt[i]  = deserialize_then_decompress_ring_element_u::<U_COMPRESSION_FACTOR, Vector>(u_bytes);
+            u_as_ntt[i]  = deserialize_then_decompress_ring_element_u::<K, U_COMPRESSION_FACTOR, Vector>(u_bytes);
             ntt_vector_u::<U_COMPRESSION_FACTOR, Vector>(&mut u_as_ntt[i]);
         }
     }
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 18f8444b7..c8f55583e 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -325,14 +325,16 @@ fn compress_then_serialize_5<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 4 \\/ v $COMPRESSION_FACTOR == 5) /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ 
+    v $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
     Seq.length $out == v $OUT_LEN /\\ coefficients_field_modulus_range $re"))]
 #[hax_lib::ensures(|_|
     fstar!("${out_future.len()} == ${out.len()} /\\
-        ${out}_future == Spec.MLKEM.compress_then_encode_v $COMPRESSION_FACTOR
+        ${out}_future == Spec.MLKEM.compress_then_encode_v #v_K
             (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
 )]
 pub(super) fn compress_then_serialize_ring_element_v<
+    const K: usize,
     const COMPRESSION_FACTOR: usize,
     const OUT_LEN: usize,
     Vector: Operations,
@@ -399,9 +401,10 @@ fn deserialize_then_decompress_11<Vector: Operations>(
 )]
 #[hax_lib::ensures(|result|
     fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.byte_decode_then_decompress (v $COMPRESSION_FACTOR) $serialized")
+        Spec.MLKEM.byte_decode_then_decompress #v_K $serialized")
 )]
 pub(super) fn deserialize_then_decompress_ring_element_u<
+    const K: usize, 
     const COMPRESSION_FACTOR: usize,
     Vector: Operations,
 >(
@@ -457,13 +460,13 @@ fn deserialize_then_decompress_5<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(
-    (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) &&
-    serialized.len() == 32 * COMPRESSION_FACTOR
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ 
+    v $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
+    Seq.length serialized == 32 * v v_COMPRESSION_FACTOR")
 )]
 #[hax_lib::ensures(|result|
     fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.decode_then_decompress_v $COMPRESSION_FACTOR $serialized")
+        Spec.MLKEM.decode_then_decompress_v #v_K $serialized")
 )]
 pub(super) fn deserialize_then_decompress_ring_element_v<
     const COMPRESSION_FACTOR: usize,
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
index 95dad6932..e8713dad5 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 

From 5a38a61f84e48c8a40837a80252869c60517456a Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 11 Nov 2024 11:56:59 +0100
Subject: [PATCH 014/142] fstar

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst         | 3 ++-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst       | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti      | 2 +-
 libcrux-ml-kem/src/ind_cpa.rs                                  | 2 +-
 libcrux-ml-kem/src/serialize.rs                                | 1 +
 5 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 53bae6ddb..517060511 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -926,7 +926,8 @@ let decrypt_unpacked
     deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext
   in
   let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
-    Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR
+    Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_K
+      v_V_COMPRESSION_FACTOR
       #v_Vector
       (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE }
           <:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index 86f3ca4fc..9639b4628 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -241,7 +241,7 @@ let deserialize_then_decompress_message
   result
 
 let deserialize_then_decompress_ring_element_v
-      (v_COMPRESSION_FACTOR: usize)
+      (v_K v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 95e9c748b..32229facd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -75,7 +75,7 @@ val deserialize_then_decompress_message
           Spec.MLKEM.decode_then_decompress_message serialized)
 
 val deserialize_then_decompress_ring_element_v
-      (v_COMPRESSION_FACTOR: usize)
+      (v_K v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (serialized: t_Slice u8)
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 2657fd040..197228cc1 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -902,7 +902,7 @@ pub(crate) fn decrypt_unpacked<
     );
 
     // v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v)
-    let v = deserialize_then_decompress_ring_element_v::<V_COMPRESSION_FACTOR, Vector>(
+    let v = deserialize_then_decompress_ring_element_v::<K, V_COMPRESSION_FACTOR, Vector>(
         &ciphertext[VECTOR_U_ENCODED_SIZE..],
     );
 
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index c8f55583e..00009fdae 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -469,6 +469,7 @@ fn deserialize_then_decompress_5<Vector: Operations>(
         Spec.MLKEM.decode_then_decompress_v #v_K $serialized")
 )]
 pub(super) fn deserialize_then_decompress_ring_element_v<
+    const K: usize,
     const COMPRESSION_FACTOR: usize,
     Vector: Operations,
 >(

From bf1ba73aa693d6328ddd966ccf2fe881ef96d9d3 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 11 Nov 2024 15:29:48 +0100
Subject: [PATCH 015/142] fstar

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst        | 3 +--
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti     | 4 ++--
 libcrux-ml-kem/src/ind_cpa.rs                                 | 2 +-
 libcrux-ml-kem/src/serialize.rs                               | 3 +--
 5 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 517060511..8f1ab6275 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -882,8 +882,7 @@ let deserialize_then_decompress_u
           let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
               i
-              (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_K
-                  v_U_COMPRESSION_FACTOR
+              (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR
                   #v_Vector
                   u_bytes
                 <:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index 9639b4628..be626ddec 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -862,7 +862,7 @@ let deserialize_then_decompress_10_
   re
 
 let deserialize_then_decompress_ring_element_u
-      (v_K v_COMPRESSION_FACTOR: usize)
+      (v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 32229facd..a548e9301 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -252,7 +252,7 @@ val deserialize_then_decompress_10_
       (fun _ -> Prims.l_True)
 
 val deserialize_then_decompress_ring_element_u
-      (v_K v_COMPRESSION_FACTOR: usize)
+      (v_COMPRESSION_FACTOR: usize)
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (serialized: t_Slice u8)
@@ -264,7 +264,7 @@ val deserialize_then_decompress_ring_element_u
         fun result ->
           let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
           Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
-          Spec.MLKEM.byte_decode_then_decompress #v_K serialized)
+          Spec.MLKEM.byte_decode_then_decompress v_COMPRESSION_FACTOR serialized)
 
 val serialize_uncompressed_ring_element
       (#v_Vector: Type0)
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 197228cc1..d9420d15d 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -808,7 +808,7 @@ fn deserialize_then_decompress_u<
                 Spec.MLKEM.poly_ntt (Spec.MLKEM.byte_decode_then_decompress (v $U_COMPRESSION_FACTOR)
                   (Seq.slice $ciphertext (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))
                     (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))))") });
-            u_as_ntt[i]  = deserialize_then_decompress_ring_element_u::<K, U_COMPRESSION_FACTOR, Vector>(u_bytes);
+            u_as_ntt[i]  = deserialize_then_decompress_ring_element_u::<U_COMPRESSION_FACTOR, Vector>(u_bytes);
             ntt_vector_u::<U_COMPRESSION_FACTOR, Vector>(&mut u_as_ntt[i]);
         }
     }
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 00009fdae..9affaa10c 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -401,10 +401,9 @@ fn deserialize_then_decompress_11<Vector: Operations>(
 )]
 #[hax_lib::ensures(|result|
     fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.byte_decode_then_decompress #v_K $serialized")
+        Spec.MLKEM.byte_decode_then_decompress $COMPRESSION_FACTOR $serialized")
 )]
 pub(super) fn deserialize_then_decompress_ring_element_u<
-    const K: usize, 
     const COMPRESSION_FACTOR: usize,
     Vector: Operations,
 >(

From 9c7d46aeff0a1cf893ec7a6afa4884b990f6cbd4 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 11 Nov 2024 17:10:54 +0100
Subject: [PATCH 016/142] fstar

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti | 2 +-
 libcrux-ml-kem/src/serialize.rs                           | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index a548e9301..bbfabd9ce 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -82,7 +82,7 @@ val deserialize_then_decompress_ring_element_v
     : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires
         Spec.MLKEM.is_rank v_K /\
-        v v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
         Seq.length serialized == 32 * v v_COMPRESSION_FACTOR)
       (ensures
         fun result ->
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 9affaa10c..8e1e91afd 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -459,13 +459,13 @@ fn deserialize_then_decompress_5<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ 
-    v $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
-    Seq.length serialized == 32 * v v_COMPRESSION_FACTOR")
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ 
+    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+    Seq.length $serialized == 32 * v $COMPRESSION_FACTOR")
 )]
 #[hax_lib::ensures(|result|
     fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.decode_then_decompress_v #v_K $serialized")
+        Spec.MLKEM.decode_then_decompress_v #${K} $serialized")
 )]
 pub(super) fn deserialize_then_decompress_ring_element_v<
     const K: usize,

From 595517c2cffd240614b7b45357d570302b72198e Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 11 Nov 2024 19:23:27 +0100
Subject: [PATCH 017/142] fstar

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti       | 2 +-
 libcrux-ml-kem/src/serialize.rs                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index bbfabd9ce..37a31b2e7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -233,7 +233,7 @@ val compress_then_serialize_ring_element_v
     : Prims.Pure (t_Slice u8)
       (requires
         Spec.MLKEM.is_rank v_K /\
-        v v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
         Seq.length out == v v_OUT_LEN /\ coefficients_field_modulus_range re)
       (ensures
         fun out_future ->
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 8e1e91afd..6a3de2749 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -326,7 +326,7 @@ fn compress_then_serialize_5<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ 
-    v $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
+    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
     Seq.length $out == v $OUT_LEN /\\ coefficients_field_modulus_range $re"))]
 #[hax_lib::ensures(|_|
     fstar!("${out_future.len()} == ${out.len()} /\\

From 2c93acc8dab3d656dc42f32e3511abeff0eaef9c Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 12 Nov 2024 00:06:38 +0100
Subject: [PATCH 018/142] fstar

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti       | 2 +-
 libcrux-ml-kem/src/serialize.rs                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 37a31b2e7..1a700c9ce 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -264,7 +264,7 @@ val deserialize_then_decompress_ring_element_u
         fun result ->
           let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
           Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector result ==
-          Spec.MLKEM.byte_decode_then_decompress v_COMPRESSION_FACTOR serialized)
+          Spec.MLKEM.byte_decode_then_decompress (v v_COMPRESSION_FACTOR) serialized)
 
 val serialize_uncompressed_ring_element
       (#v_Vector: Type0)
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 6a3de2749..1c2b314cc 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -401,7 +401,7 @@ fn deserialize_then_decompress_11<Vector: Operations>(
 )]
 #[hax_lib::ensures(|result|
     fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.byte_decode_then_decompress $COMPRESSION_FACTOR $serialized")
+        Spec.MLKEM.byte_decode_then_decompress (v $COMPRESSION_FACTOR) $serialized")
 )]
 pub(super) fn deserialize_then_decompress_ring_element_u<
     const COMPRESSION_FACTOR: usize,

From 354e3efb827888f25d17b4c5c93077b32689902d Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 12 Nov 2024 09:51:48 +0000
Subject: [PATCH 019/142] Fix generic module failures

---
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     |   4 +
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     | 224 ++++++++++--------
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    |  17 +-
 .../extraction/Libcrux_ml_kem.Invert_ntt.fst  |  12 +
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fst   |  12 +
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti  |   3 +-
 .../proofs/fstar/extraction/Makefile          |  17 +-
 libcrux-ml-kem/src/ind_cca.rs                 |   1 +
 libcrux-ml-kem/src/ind_cpa.rs                 | 134 ++++++++---
 libcrux-ml-kem/src/invert_ntt.rs              |   3 +
 libcrux-ml-kem/src/ntt.rs                     |   6 +-
 11 files changed, 288 insertions(+), 145 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 4ebbd364b..1fbf9a9fe 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -12,6 +12,8 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+#push-options "--z3rlimit 300"
+
 let validate_private_key
       (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
       (#v_Hasher: Type0)
@@ -44,6 +46,8 @@ let validate_private_key
   in
   t =. expected
 
+#pop-options
+
 #push-options "--z3rlimit 150"
 
 let serialize_kem_secret_key
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 8f1ab6275..c61cf8bd0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -12,6 +12,53 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+#push-options "--z3rlimit 200"
+
+let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) =
+  let v__domain_separator_init:u8 = domain_separator in
+  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K =
+    Core.Clone.f_clone #(t_Array (t_Array u8 (sz 33)) v_K)
+      #FStar.Tactics.Typeclasses.solve
+      prf_inputs
+  in
+  let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      v_K
+      (fun temp_0_ i ->
+          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
+          let i:usize = i in
+          v domain_separator == v v__domain_separator_init + v i /\
+          (v i < v v_K ==>
+            (forall (j: nat).
+                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
+          (forall (j: nat).
+              j < v i ==>
+              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
+              Seq.slice (Seq.index prf_inputs j) 0 32 ==
+              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
+      (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
+      (fun temp_0_ i ->
+          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
+          let i:usize = i in
+          let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs
+              i
+              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ]
+                    <:
+                    t_Array u8 (sz 33))
+                  (sz 32)
+                  domain_separator
+                <:
+                t_Array u8 (sz 33))
+          in
+          let domain_separator:u8 = domain_separator +! 1uy in
+          domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
+  in
+  let hax_temp_output:u8 = domain_separator in
+  prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (sz 33)) v_K & u8)
+
+#pop-options
+
 #push-options "--ext context_pruning"
 
 let deserialize_secret_key
@@ -80,7 +127,7 @@ let deserialize_secret_key
 
 #pop-options
 
-#push-options "--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always"
+#push-options "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
 
 let sample_ring_element_cbd
       (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
@@ -105,40 +152,11 @@ let sample_ring_element_cbd
   in
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in
   let v__domain_separator_init:u8 = domain_separator in
-  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in
-  let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      v_K
-      (fun temp_0_ i ->
-          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
-          let i:usize = i in
-          v domain_separator == v v__domain_separator_init + v i /\
-          (v i < v v_K ==>
-            (forall (j: nat).
-                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
-          (forall (j: nat).
-              j < v i ==>
-              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
-              Seq.slice (Seq.index prf_inputs j) 0 32 ==
-              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
-      (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
-      (fun temp_0_ i ->
-          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
-          let i:usize = i in
-          let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs
-              i
-              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ]
-                    <:
-                    t_Array u8 (sz 33))
-                  (sz 32)
-                  domain_separator
-                <:
-                t_Array u8 (sz 33))
-          in
-          let domain_separator:u8 = domain_separator +! 1uy in
-          domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
+  let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) =
+    prf_input_inc v_K prf_inputs domain_separator
   in
+  let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in
+  let domain_separator:u8 = out in
   let _:Prims.unit =
     let lemma_aux (i: nat{i < v v_K})
         : Lemma
@@ -212,7 +230,60 @@ let sample_ring_element_cbd
 
 #pop-options
 
-#push-options "--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always"
+let sample_vector_cbd_then_ntt_helper_1
+      (v_K: usize)
+      (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma 
+        (requires Spec.MLKEM.is_rank v_K /\ v domain_separator < 2 * v v_K /\
+          (forall (i: nat). i < v v_K ==>
+            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\
+            Seq.slice (Seq.index prf_inputs i) 0 32 == Seq.slice prf_input 0 32))
+        (ensures prf_inputs == createi v_K
+          (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    let lemma_aux (i: nat{i < v v_K}) : Lemma
+        (prf_inputs.[ sz i ] == (Seq.append (Seq.slice prf_input 0 32) (Seq.create 1
+          (mk_int #u8_inttype (v (domain_separator +! (mk_int #u8_inttype i))))))) =
+      Lib.Sequence.eq_intro #u8 #33 prf_inputs.[ sz i ]
+        (Seq.append (Seq.slice prf_input 0 32)
+          (Seq.create 1 (mk_int #u8_inttype (v domain_separator + i))))
+    in
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
+      (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+
+let sample_vector_cbd_then_ntt_helper_2
+      (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma
+        (requires Spec.MLKEM.is_rank v_K /\ v_ETA == Spec.MLKEM.v_ETA1 v_K /\
+          v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+          v domain_separator < 2 * v v_K /\ 
+          (let prf_outputs = Spec.MLKEM.v_PRFxN v_K v_ETA_RANDOMNESS_SIZE
+            (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+              (Seq.slice prf_input 0 32) (sz (v domain_separator)))) in 
+          forall (i: nat). i < v v_K ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_as_ntt.[ sz i ] ==
+            Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd v_ETA prf_outputs.[ sz i ])))
+        (ensures Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt ==
+          (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    reveal_opaque (`%Spec.MLKEM.sample_vector_cbd_then_ntt) (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K);
+    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
+      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt)
+      (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
+        (Seq.slice prf_input 0 32) (sz (v domain_separator)))
+
+#push-options "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
 
 let sample_vector_cbd_then_ntt
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
@@ -229,61 +300,13 @@ let sample_vector_cbd_then_ntt
      =
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in
   let v__domain_separator_init:u8 = domain_separator in
-  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in
-  let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      v_K
-      (fun temp_0_ i ->
-          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
-          let i:usize = i in
-          v domain_separator == v v__domain_separator_init + v i /\
-          (v i < v v_K ==>
-            (forall (j: nat).
-                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
-          (forall (j: nat).
-              j < v i ==>
-              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
-              Seq.slice (Seq.index prf_inputs j) 0 32 ==
-              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
-      (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
-      (fun temp_0_ i ->
-          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
-          let i:usize = i in
-          let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs
-              i
-              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ]
-                    <:
-                    t_Array u8 (sz 33))
-                  (sz 32)
-                  domain_separator
-                <:
-                t_Array u8 (sz 33))
-          in
-          let domain_separator:u8 = domain_separator +! 1uy in
-          domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
+  let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) =
+    prf_input_inc v_K prf_inputs domain_separator
   in
+  let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in
+  let domain_separator:u8 = out in
   let _:Prims.unit =
-    let lemma_aux (i: nat{i < v v_K})
-        : Lemma
-        (prf_inputs.[ sz i ] ==
-          (Seq.append (Seq.slice prf_input 0 32)
-              (Seq.create 1
-                  (mk_int #u8_inttype (v (v__domain_separator_init +! (mk_int #u8_inttype i))))))) =
-      Lib.Sequence.eq_intro #u8
-        #33
-        prf_inputs.[ sz i ]
-        (Seq.append (Seq.slice prf_input 0 32)
-            (Seq.create 1 (mk_int #u8_inttype (v v__domain_separator_init + i))))
-    in
-    Classical.forall_intro lemma_aux;
-    Lib.Sequence.eq_intro #(t_Array u8 (sz 33))
-      #(v v_K)
-      prf_inputs
-      (createi v_K
-          (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
-              (Seq.slice prf_input 0 32)
-              (sz (v v__domain_separator_init))))
+    sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input v__domain_separator_init
   in
   let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array
     (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K =
@@ -304,7 +327,8 @@ let sample_vector_cbd_then_ntt
           forall (j: nat).
             j < v i ==>
             Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_as_ntt.[ sz j ] ==
-            Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd v_ETA prf_outputs.[ sz j ]))
+            Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd v_ETA prf_outputs.[ sz j ]) /\
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #v_Vector re_as_ntt.[ sz j ])
       re_as_ntt
       (fun re_as_ntt i ->
           let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
@@ -331,12 +355,13 @@ let sample_vector_cbd_then_ntt
           re_as_ntt)
   in
   let _:Prims.unit =
-    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial)
-      #(v v_K)
-      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt)
-      (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
-          (Seq.slice prf_input 0 32)
-          (sz (v v__domain_separator_init)))
+    sample_vector_cbd_then_ntt_helper_2 v_K
+      v_ETA
+      v_ETA_RANDOMNESS_SIZE
+      #v_Vector
+      re_as_ntt
+      prf_input
+      v__domain_separator_init
   in
   let hax_temp_output:u8 = domain_separator in
   re_as_ntt, hax_temp_output
@@ -526,7 +551,7 @@ let generate_keypair_unpacked
 
 #pop-options
 
-#push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
+#push-options "--z3rlimit 800 --ext context_pruning --z3refresh"
 
 let compress_then_serialize_u
       (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
@@ -804,7 +829,7 @@ let encrypt
     Lib.Sequence.eq_intro #u8
       #32
       seed
-      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (Rust_primitives.mk_usize 34) seed) 0 32)
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32)
   in
   let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
     {
@@ -825,7 +850,7 @@ let encrypt
     v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2
     v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness
 
-#push-options "--ext context_pruning"
+#push-options "--z3rlimit 800 --ext context_pruning"
 
 let deserialize_then_decompress_u
       (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
@@ -837,7 +862,7 @@ let deserialize_then_decompress_u
      =
   let _:Prims.unit =
     assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR) /!
-            Rust_primitives.mk_usize 8) ==
+            sz 8) ==
         v (Spec.MLKEM.v_C1_BLOCK_SIZE v_K))
   in
   let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
@@ -1062,6 +1087,7 @@ let serialize_secret_key
               #v_Vector
               key) ==
         Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key);
+    reveal_opaque (`%Spec.MLKEM.vector_encode_12) (Spec.MLKEM.vector_encode_12 #v_K);
     Lib.Sequence.eq_intro #u8
       #(v v_OUT_LEN)
       out
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 95fe42d89..b98871d8a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -12,6 +12,19 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+val prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8)
+    : Prims.Pure (t_Array (t_Array u8 (sz 33)) v_K & u8)
+      (requires range (v domain_separator + v v_K) u8_inttype)
+      (ensures
+        fun temp_0_ ->
+          let prf_inputs_future, ds:(t_Array (t_Array u8 (sz 33)) v_K & u8) = temp_0_ in
+          v ds == v domain_separator + v v_K /\
+          (forall (i: nat).
+              i < v v_K ==>
+              v (Seq.index (Seq.index prf_inputs_future i) 32) == v domain_separator + i /\
+              Seq.slice (Seq.index prf_inputs_future i) 0 32 ==
+              Seq.slice (Seq.index prf_inputs i) 0 32))
+
 /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
 val deserialize_secret_key
       (v_K: usize)
@@ -82,8 +95,8 @@ val sample_vector_cbd_then_ntt
             (sz (v domain_separator)) /\
           (forall (i: nat).
               i < v v_K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index re_as_ntt_future
-                    i)))
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #v_Vector
+                (Seq.index re_as_ntt_future i)))
 
 val sample_vector_cbd_then_ntt_out
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
index 9b902206b..6aaa9b19a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
@@ -29,6 +29,8 @@ let inv_ntt_layer_int_vec_step_reduce
   let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in
   a, b <: (v_Vector & v_Vector)
 
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let invert_ntt_at_layer_1_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -107,6 +109,10 @@ let invert_ntt_at_layer_1_
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
 
+#pop-options
+
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let invert_ntt_at_layer_2_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -182,6 +188,10 @@ let invert_ntt_at_layer_2_
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
 
+#pop-options
+
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let invert_ntt_at_layer_3_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -255,6 +265,8 @@ let invert_ntt_at_layer_3_
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
 
+#pop-options
+
 #push-options "--admit_smt_queries true"
 
 let invert_ntt_at_layer_4_plus
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
index 85aa31888..a325f280d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
@@ -26,6 +26,8 @@ let ntt_layer_int_vec_step
   in
   a, b <: (v_Vector & v_Vector)
 
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let ntt_at_layer_1_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -104,6 +106,10 @@ let ntt_at_layer_1_
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
 
+#pop-options
+
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let ntt_at_layer_2_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -180,6 +186,10 @@ let ntt_at_layer_2_
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
 
+#pop-options
+
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let ntt_at_layer_3_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -254,6 +264,8 @@ let ntt_at_layer_3_
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
 
+#pop-options
+
 #push-options "--admit_smt_queries true"
 
 let ntt_at_layer_4_plus
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
index ac2604ad6..da62a1f47 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
@@ -168,7 +168,8 @@ val ntt_binomially_sampled_ring_element
         fun re_future ->
           let re_future:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re_future in
           Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_future ==
-          Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re))
+          Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re) /\
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #v_Vector re_future)
 
 val ntt_vector_u
       (v_VECTOR_U_COMPRESSION_FACTOR: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index b678d1cff..da4ddeacc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,12 +1,23 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
 ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
+              Libcrux_ml_kem.Vector.Portable.fsti \
+              Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \
+              Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst \
+              Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst \
+              Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst \
+              Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst \
               Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
               Libcrux_ml_kem.Vector.Avx2.Sampling.fst \
-              Libcrux_ml_kem.Vector.Portable.Compress.fst \
-              Libcrux_ml_kem.Vector.Portable.Sampling.fst \
-              Libcrux_ml_kem.Vector.Portable.Vector_type.fst \
               Libcrux_ml_kem.Vector.Rej_sample_table.fsti \
               Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \
               Libcrux_ml_kem.Vector.Neon.Compress.fst \
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 3d05ce368..7f8128ddd 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -117,6 +117,7 @@ fn validate_public_key<
 /// Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
 /// and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 300")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index d9420d15d..cdd8e3bd0 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -164,15 +164,45 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
 
     hax_lib::fstar!("assert (Spec.MLKEM.coerce_vector_12 (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key) ==
         Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key);
+    reveal_opaque (`%Spec.MLKEM.vector_encode_12) (Spec.MLKEM.vector_encode_12 #$K);
     Lib.Sequence.eq_intro #u8 #(v $OUT_LEN) $out
         (Spec.MLKEM.vector_encode_12 #$K
             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key))");
     out
 }
 
+#[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200")]
+#[hax_lib::requires(fstar!("range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::ensures(|ds|
+    fstar!("v $ds == v $domain_separator + v $K /\\
+            (forall (i:nat). i < v $K ==>
+                v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\\
+                Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)")
+)]
+fn prf_input_inc<
+    const K: usize,
+>(
+    prf_inputs: &mut [[u8; 33]; K],
+    mut domain_separator: u8,
+) -> u8 {
+    let _domain_separator_init = domain_separator;
+    let _prf_inputs_init = prf_inputs.clone();
+    for i in 0..K {
+        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
+          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
+            prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
+          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\\
+            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
+        prf_inputs[i][32] = domain_separator;
+        domain_separator += 1;
+    }
+    domain_separator
+}
+
 /// Sample a vector of ring elements from a centered binomial distribution.
 #[inline(always)]
-#[hax_lib::fstar::options("--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always")]
+#[hax_lib::fstar::options("--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
@@ -196,16 +226,7 @@ fn sample_ring_element_cbd<
     let mut error_1 = from_fn(|_i| PolynomialRingElement::<Vector>::ZERO());
     let mut prf_inputs = [prf_input; K];
     let _domain_separator_init = domain_separator;
-    let _prf_inputs_init = prf_inputs;
-    for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
-          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
-            ${prf_inputs}.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
-          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index $prf_inputs j) 32) == v $_domain_separator_init + j /\\
-            Seq.slice (Seq.index $prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
-        prf_inputs[i][32] = domain_separator;
-        domain_separator += 1;
-    }
+    domain_separator = prf_input_inc::<K>(&mut prf_inputs, domain_separator);
     hax_lib::fstar!("let lemma_aux (i:nat{ i < v $K }) : Lemma (${prf_inputs}.[sz i] == (Seq.append (Seq.slice $prf_input 0 32) 
         (Seq.create 1 (mk_int #u8_inttype (v ($_domain_separator_init +! (mk_int #u8_inttype i))))))) =
         Lib.Sequence.eq_intro #u8 #33 ${prf_inputs}.[sz i] (Seq.append (Seq.slice $prf_input 0 32) 
@@ -230,7 +251,58 @@ fn sample_ring_element_cbd<
 /// Sample a vector of ring elements from a centered binomial distribution and
 /// convert them into their NTT representations.
 #[inline(always)]
-#[hax_lib::fstar::options("--max_fuel 10 --z3rlimit 1000 --ext context_pruning --z3refresh --split_queries always")]
+#[hax_lib::fstar::options("--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always")]
+#[cfg_attr(hax, hax_lib::fstar::before("let sample_vector_cbd_then_ntt_helper_2
+      (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma
+        (requires Spec.MLKEM.is_rank v_K /\\ v_ETA == Spec.MLKEM.v_ETA1 v_K /\\
+          v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\\
+          v domain_separator < 2 * v v_K /\\ 
+          (let prf_outputs = Spec.MLKEM.v_PRFxN v_K v_ETA_RANDOMNESS_SIZE
+            (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+              (Seq.slice prf_input 0 32) (sz (v domain_separator)))) in 
+          forall (i: nat). i < v v_K ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re_as_ntt.[ sz i ] ==
+            Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd v_ETA prf_outputs.[ sz i ])))
+        (ensures Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt ==
+          (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    reveal_opaque (`%Spec.MLKEM.sample_vector_cbd_then_ntt) (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K);
+    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
+      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt)
+      (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
+        (Seq.slice prf_input 0 32) (sz (v domain_separator)))"))]
+#[cfg_attr(hax, hax_lib::fstar::before("let sample_vector_cbd_then_ntt_helper_1
+      (v_K: usize)
+      (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma 
+        (requires Spec.MLKEM.is_rank v_K /\\ v domain_separator < 2 * v v_K /\\
+          (forall (i: nat). i < v v_K ==>
+            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\\
+            Seq.slice (Seq.index prf_inputs i) 0 32 == Seq.slice prf_input 0 32))
+        (ensures prf_inputs == createi v_K
+          (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    let lemma_aux (i: nat{i < v v_K}) : Lemma
+        (prf_inputs.[ sz i ] == (Seq.append (Seq.slice prf_input 0 32) (Seq.create 1
+          (mk_int #u8_inttype (v (domain_separator +! (mk_int #u8_inttype i))))))) =
+      Lib.Sequence.eq_intro #u8 #33 prf_inputs.[ sz i ]
+        (Seq.append (Seq.slice prf_input 0 32)
+          (Seq.create 1 (mk_int #u8_inttype (v domain_separator + i))))
+    in
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
+      (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"))]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA == Spec.MLKEM.v_ETA1 $K /\\
@@ -241,7 +313,7 @@ fn sample_ring_element_cbd<
             Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${re_as_ntt}_future ==
             Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator)) /\\
             (forall (i: nat). i < v $K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${re_as_ntt}_future i))")
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector (Seq.index ${re_as_ntt}_future i))")
 )]
 fn sample_vector_cbd_then_ntt<
     const K: usize,
@@ -256,35 +328,19 @@ fn sample_vector_cbd_then_ntt<
 ) -> u8 {
     let mut prf_inputs = [prf_input; K];
     let _domain_separator_init = domain_separator;
-    let _prf_inputs_init = prf_inputs;
-    for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
-          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
-            ${prf_inputs}.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
-          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index $prf_inputs j) 32) == v $_domain_separator_init + j /\\
-            Seq.slice (Seq.index $prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
-        prf_inputs[i][32] = domain_separator;
-        domain_separator += 1;
-    }
-    hax_lib::fstar!("let lemma_aux (i:nat{ i < v $K }) : Lemma (${prf_inputs}.[sz i] == (Seq.append (Seq.slice $prf_input 0 32) 
-        (Seq.create 1 (mk_int #u8_inttype (v ($_domain_separator_init +! (mk_int #u8_inttype i))))))) =
-        Lib.Sequence.eq_intro #u8 #33 ${prf_inputs}.[sz i] (Seq.append (Seq.slice $prf_input 0 32) 
-        (Seq.create 1 (mk_int #u8_inttype (v $_domain_separator_init + i)))) in
-
-    Classical.forall_intro lemma_aux;
-    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v $K) $prf_inputs 
-        (createi $K (Spec.MLKEM.sample_vector_cbd1_prf_input #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init))))");
+    domain_separator = prf_input_inc::<K>(&mut prf_inputs, domain_separator);
+    hax_lib::fstar!("sample_vector_cbd_then_ntt_helper_1 $K $prf_inputs $prf_input $_domain_separator_init");
     let prf_outputs: [[u8; ETA_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs);
     for i in 0..K {
         hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j:nat). j < v $i ==>
             Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector re_as_ntt.[ sz j ] ==
-              Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ])") });
+              Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ]) /\\
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector re_as_ntt.[ sz j ]") });
         re_as_ntt[i] = sample_from_binomial_distribution::<ETA, Vector>(&prf_outputs[i]);
         ntt_binomially_sampled_ring_element(&mut re_as_ntt[i]);
     }
-    hax_lib::fstar!("Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v $K)
-    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector re_as_ntt) 
-    (Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init)))");
+    hax_lib::fstar!("sample_vector_cbd_then_ntt_helper_2
+        $K $ETA $ETA_RANDOMNESS_SIZE #$:Vector re_as_ntt $prf_input $_domain_separator_init");
     domain_separator
 }
 
@@ -484,7 +540,7 @@ pub(crate) fn generate_keypair<
 }
 
 /// Call [`compress_then_serialize_ring_element_u`] on each ring element.
-#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
+#[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning --z3refresh")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\
     $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
@@ -749,7 +805,7 @@ pub(crate) fn encrypt<
     // end for
     let seed = &public_key[T_AS_NTT_ENCODED_SIZE..];
     hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed (Seq.slice
-        (Libcrux_ml_kem.Utils.into_padded_array (Rust_primitives.mk_usize 34) $seed) 0 32)");
+        (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed) 0 32)");
     sample_matrix_A::<K, Vector, Hasher>(
         &mut unpacked_public_key.A,
         into_padded_array(seed),
@@ -778,7 +834,7 @@ pub(crate) fn encrypt<
 /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element
 /// in the `ciphertext`.
 #[inline(always)]
-#[hax_lib::fstar::options("--ext context_pruning")]
+#[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
     $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))]
@@ -795,7 +851,7 @@ fn deserialize_then_decompress_u<
     ciphertext: &[u8; CIPHERTEXT_SIZE],
 ) -> [PolynomialRingElement<Vector>; K] {
     hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! $U_COMPRESSION_FACTOR ) /!
-        Rust_primitives.mk_usize 8) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))");
+        sz 8) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))");
     let mut u_as_ntt = from_fn(|_| PolynomialRingElement::<Vector>::ZERO());
     cloop! {
         for (i, u_bytes) in ciphertext
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 49fa7fea5..2770d0988 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -5,6 +5,7 @@ use crate::{
 };
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
    let invert_ntt_re_range_2 (#v_Vector: Type0)
            {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -60,6 +61,7 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::requires(fstar!("v ${*zeta_i} == 64 /\\
     invert_ntt_re_range_2 $re "))]
 #[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
@@ -100,6 +102,7 @@ pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::requires(fstar!("v ${*zeta_i} == 32 /\\
     invert_ntt_re_range_2 $re"))]
 #[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index 9008f7190..69eb1656f 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -5,6 +5,7 @@ use crate::{
 };
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
    let ntt_re_range_2 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -61,6 +62,7 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
    let ntt_re_range_3 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -109,6 +111,7 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
    let ntt_re_range_4 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -261,7 +264,8 @@ pub(crate) fn ntt_at_layer_7<Vector: Operations>(re: &mut PolynomialRingElement<
 #[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
     (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
 #[hax_lib::ensures(|_| fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
-    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"))]
+    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re) /\\
+    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector ${re}_future"))]
 pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
     re: &mut PolynomialRingElement<Vector>,
 ) {

From ae7ab07ab99df0b895a3e321c62600975e9506b8 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 12 Nov 2024 09:52:11 +0000
Subject: [PATCH 020/142] Update Spec.MLKEM.fst

---
 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
index 6b9cea5a4..5fc57dfcc 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst
@@ -263,6 +263,7 @@ val ind_cpa_encrypt_unpacked (r:rank)
                     (matrix_A_as_ntt:matrix r) :
                     t_MLKEMCiphertext r
 
+#push-options "--z3rlimit 500 --ext context_pruning"
 let ind_cpa_encrypt_unpacked r message randomness t_as_ntt matrix_A_as_ntt =
     let r_as_ntt = sample_vector_cbd_then_ntt #r randomness (sz 0) in
     let error_1 = sample_vector_cbd2 #r randomness r in
@@ -273,6 +274,7 @@ let ind_cpa_encrypt_unpacked r message randomness t_as_ntt matrix_A_as_ntt =
     let c1 = compress_then_encode_u #r u in
     let c2 = compress_then_encode_v #r v in
     concat c1 c2
+#pop-options
 
 /// This function implements <strong>Algorithm 13</strong> of the
 /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE encryption algorithm.

From 22dc07b639d145e5561b7aa6611e77341816efec Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 12 Nov 2024 10:00:56 +0000
Subject: [PATCH 021/142] Fix failure in generic serialize module

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti      | 3 ++-
 libcrux-ml-kem/src/serialize.rs                                | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 1a700c9ce..43d864e95 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -234,7 +234,8 @@ val compress_then_serialize_ring_element_v
       (requires
         Spec.MLKEM.is_rank v_K /\
         v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
-        Seq.length out == v v_OUT_LEN /\ coefficients_field_modulus_range re)
+        Seq.length out == v v_OUT_LEN /\ v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\
+        coefficients_field_modulus_range re)
       (ensures
         fun out_future ->
           let out_future:t_Slice u8 = out_future in
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 1c2b314cc..80e2252be 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -327,7 +327,8 @@ fn compress_then_serialize_5<Vector: Operations>(
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ 
     $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
-    Seq.length $out == v $OUT_LEN /\\ coefficients_field_modulus_range $re"))]
+    Seq.length $out == v $OUT_LEN /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\
+    coefficients_field_modulus_range $re"))]
 #[hax_lib::ensures(|_|
     fstar!("${out_future.len()} == ${out.len()} /\\
         ${out}_future == Spec.MLKEM.compress_then_encode_v #v_K

From d1b75ab5e85f3b8aa026c049f0b9975595d8772b Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 12 Nov 2024 11:10:06 +0000
Subject: [PATCH 022/142] Fix failure in portable compress module

---
 .../Libcrux_ml_kem.Vector.Portable.Compress.fst           | 8 ++++++++
 libcrux-ml-kem/proofs/fstar/extraction/Makefile           | 2 ++
 libcrux-ml-kem/src/vector/portable/compress.rs            | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
index a622d2ed4..19e8afbc1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
@@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Portable.Compress
 open Core
 open FStar.Mul
 
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) =
   let compressed:u64 = (cast (fe <: u16) <: u64) <<! coefficient_bits in
   let compressed:u64 = compressed +! 1664uL in
@@ -15,6 +17,10 @@ let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) =
   <:
   i16
 
+#pop-options
+
+#push-options "--z3rlimit 200 --ext context_pruning"
+
 let compress_message_coefficient (fe: u16) =
   let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in
   let _:Prims.unit = assert (v shifted == 1664 - v fe) in
@@ -55,6 +61,8 @@ let compress_message_coefficient (fe: u16) =
   in
   res
 
+#pop-options
+
 #push-options "--fuel 0 --ifuel 0 --z3rlimit 2000"
 
 let compress
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index da4ddeacc..fd1365e91 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -15,6 +15,8 @@ ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
               Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst \
               Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst \
               Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst \
+              Libcrux_ml_kem.Vector.Portable.fst \
+              Libcrux_ml_kem.Vector.Avx2.Serialize.fst \
               Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
               Libcrux_ml_kem.Vector.Avx2.Sampling.fst \
diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs
index ae3be0ab3..ef533f712 100644
--- a/libcrux-ml-kem/src/vector/portable/compress.rs
+++ b/libcrux-ml-kem/src/vector/portable/compress.rs
@@ -23,6 +23,7 @@ use crate::vector::FIELD_MODULUS;
 ///
 /// The NIST FIPS 203 standard can be found at
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))]
 #[cfg_attr(hax, hax_lib::ensures(|result|
         hax_lib::implies(833 <= fe && fe <= 2496, || result == 1) &&
@@ -78,6 +79,7 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     res
 }
 
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[cfg_attr(hax,
     hax_lib::requires(
         (coefficient_bits == 4 ||

From 69a27e493369bbddc489b454aa3149a018376539 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Wed, 13 Nov 2024 15:04:51 +0000
Subject: [PATCH 023/142] Reomve Libcrux_ml_kem.Vector.Portable from
 ADMIT_MODULES

---
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst          |  6 +++++-
 .../extraction/Libcrux_ml_kem.Serialize.fst      |  8 ++++++++
 .../extraction/Libcrux_ml_kem.Vector.Avx2.fsti   |  8 ++++++--
 ...Libcrux_ml_kem.Vector.Portable.Arithmetic.fst |  4 ++++
 .../Libcrux_ml_kem.Vector.Portable.fsti          | 16 ++++++++++------
 .../extraction/Libcrux_ml_kem.Vector.Traits.fsti | 10 +++++++---
 libcrux-ml-kem/proofs/fstar/extraction/Makefile  |  2 --
 libcrux-ml-kem/src/ind_cca.rs                    |  3 ++-
 libcrux-ml-kem/src/serialize.rs                  |  2 ++
 libcrux-ml-kem/src/vector/avx2.rs                |  8 ++++++--
 libcrux-ml-kem/src/vector/portable.rs            | 12 ++++++++----
 libcrux-ml-kem/src/vector/portable/arithmetic.rs |  1 +
 libcrux-ml-kem/src/vector/traits.rs              | 12 ++++++++----
 13 files changed, 67 insertions(+), 25 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index 69e3ecca8..8cef7b507 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -45,6 +45,8 @@ let impl_4__serialized_private_key
       <:
       Rust_primitives.Hax.t_Never)
 
+#push-options "--z3rlimit 200"
+
 let transpose_a
       (v_K: usize)
       (#v_Vector: Type0)
@@ -138,6 +140,8 @@ let transpose_a
   in
   v_A
 
+#pop-options
+
 let impl_4__new
       (v_K: usize)
       (#v_Vector: Type0)
@@ -421,7 +425,7 @@ let impl_4__serialized_public_key
     v_PUBLIC_KEY_SIZE
     self.f_public_key
 
-#push-options "--z3rlimit 200 --ext context_pruning"
+#push-options "--z3rlimit 800 --ext context_pruning"
 
 let generate_keypair
       (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index be626ddec..d76da59ca 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -21,6 +21,8 @@ let to_unsigned_field_modulus
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
+#push-options "--admit_smt_queries true"
+
 let deserialize_then_decompress_11_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -72,6 +74,8 @@ let deserialize_then_decompress_11_
   in
   re
 
+#pop-options
+
 let deserialize_then_decompress_4_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -123,6 +127,8 @@ let deserialize_then_decompress_4_
   in
   re
 
+#push-options "--admit_smt_queries true"
+
 let deserialize_then_decompress_5_
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -186,6 +192,8 @@ let deserialize_then_decompress_5_
   in
   re
 
+#pop-options
+
 let deserialize_then_decompress_message
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
index b2bed5eb4..72fb64e9e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
@@ -256,8 +256,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_decompress_ciphertext_coefficient_pre
     =
     (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
-        v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l ||
-        v_COEFFICIENT_BITS =. 11l);
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index (impl.f_repr vector) i) >= 0 /\
+            v (Seq.index (impl.f_repr vector) i) < pow2 (v v_COEFFICIENT_BITS)));
     f_decompress_ciphertext_coefficient_post
     =
     (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true);
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
index bdf22c030..84d549d13 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
@@ -310,6 +310,8 @@ let bitwise_and_with_constant
   in
   vec
 
+#push-options "--z3rlimit 300"
+
 let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
   let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in
   let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
@@ -356,6 +358,8 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta
   in
   vec
 
+#pop-options
+
 #push-options "--z3rlimit 150"
 
 let montgomery_multiply_by_constant
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
index 12bab0bbd..8ab792733 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
@@ -355,15 +355,19 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
     =
     (fun
         (v_COEFFICIENT_BITS: i32)
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
         ->
-        v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l ||
-        v_COEFFICIENT_BITS =. 11l);
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index (impl.f_repr a) i) >= 0 /\
+            v (Seq.index (impl.f_repr a) i) < pow2 (v v_COEFFICIENT_BITS)));
     f_decompress_ciphertext_coefficient_post
     =
     (fun
         (v_COEFFICIENT_BITS: i32)
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
         (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
         ->
         true);
@@ -371,10 +375,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
     =
     (fun
         (v_COEFFICIENT_BITS: i32)
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
         ->
         Libcrux_ml_kem.Vector.Portable.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS
-          v);
+          a);
     f_ntt_layer_1_step_pre
     =
     (fun
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
index 51ddaa539..7a2a775ab 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
@@ -167,11 +167,15 @@ class t_Operations (v_Self: Type0) = {
     -> Prims.Pure v_Self
         (f_compress_pre v_COEFFICIENT_BITS x0)
         (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result);
-  f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self
+  f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> a: v_Self
     -> pred:
       Type0
-        { v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l ||
-          v_COEFFICIENT_BITS =. 11l ==>
+        { (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+            v v_COEFFICIENT_BITS == 11) /\
+          (forall (i: nat).
+              i < 16 ==>
+              v (Seq.index (f_repr a) i) >= 0 /\
+              v (Seq.index (f_repr a) i) < pow2 (v v_COEFFICIENT_BITS)) ==>
           pred };
   f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0;
   f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index fd1365e91..490eac317 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,7 +1,6 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
 ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
-              Libcrux_ml_kem.Vector.Portable.fsti \
               Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \
               Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst \
               Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst \
@@ -15,7 +14,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
               Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst \
               Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst \
               Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst \
-              Libcrux_ml_kem.Vector.Portable.fst \
               Libcrux_ml_kem.Vector.Avx2.Serialize.fst \
               Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 7f8128ddd..7032b7cc5 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -625,6 +625,7 @@ pub(crate) mod unpacked {
         }
     }
 
+    #[hax_lib::fstar::options("--z3rlimit 200")]
     #[hax_lib::ensures(|result|
         fstar!("forall (i: nat). i < v $K ==>
             (forall (j: nat). j < v $K ==>
@@ -667,7 +668,7 @@ pub(crate) mod unpacked {
 
     /// Generate Unpacked Keys
     #[inline(always)]
-    #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
+    #[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning")]
     #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 80e2252be..f6b196aa7 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -375,6 +375,7 @@ fn deserialize_then_decompress_10<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(
     serialized.len() == 352
 )]
@@ -440,6 +441,7 @@ fn deserialize_then_decompress_4<Vector: Operations>(
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(
     serialized.len() == 160
 )]
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 2d6d18798..9f3035fde 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -181,8 +181,12 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 ||
-        COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)]
+    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+        v $COEFFICIENT_BITS == 5 \\/
+        v $COEFFICIENT_BITS == 10 \\/
+        v $COEFFICIENT_BITS == 11) /\\
+    (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
+        v (Seq.index (impl.f_repr $vector) i) < pow2 (v $COEFFICIENT_BITS))"))]
     #[inline(always)]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(vector: Self) -> Self {
         Self {
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index b8e46b460..5effe4b67 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -198,10 +198,14 @@ impl Operations for PortableVector {
         compress::<COEFFICIENT_BITS>(a)
     }
 
-    #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 ||
-               COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)]
-    fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(v: Self) -> Self {
-        decompress_ciphertext_coefficient::<COEFFICIENT_BITS>(v)
+    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+        v $COEFFICIENT_BITS == 5 \\/
+        v $COEFFICIENT_BITS == 10 \\/
+        v $COEFFICIENT_BITS == 11) /\\
+    (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
+        v (Seq.index (impl.f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"))]
+    fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self {
+        decompress_ciphertext_coefficient::<COEFFICIENT_BITS>(a)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
index 54a7b150f..320e51a09 100644
--- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
@@ -135,6 +135,7 @@ pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVect
 /// Note: This function is not secret independent
 /// Only use with public values.
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 300")]
 #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) ${vec}.f_elements"))]
 #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array 
                 (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"))]
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 208e58b51..50062b0f0 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -88,9 +88,13 @@ pub trait Operations: Copy + Clone + Repr {
             v $COEFFICIENT_BITS == 11) ==>
                 (forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) (v $COEFFICIENT_BITS))"))]
     fn compress<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
-    #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 ||
-        COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)]
-    fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(v: Self) -> Self;
+    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+        v $COEFFICIENT_BITS == 5 \\/
+        v $COEFFICIENT_BITS == 10 \\/
+        v $COEFFICIENT_BITS == 11) /\\
+    (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
+        v (Seq.index (f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"))]
+    fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
 
     // NTT
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
@@ -189,7 +193,7 @@ pub trait Operations: Copy + Clone {
     fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self;
     fn compress_1(v: Self) -> Self;
     fn compress<const COEFFICIENT_BITS: i32>(v: Self) -> Self;
-    fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(v: Self) -> Self;
+    fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
     fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self;
     fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self;
     fn ntt_layer_3_step(a: Self, zeta: i16) -> Self;

From 89568abdec9a2e7364ced8ef7bcb882d5daecdd5 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Thu, 14 Nov 2024 06:20:31 +0000
Subject: [PATCH 024/142] Add pre-conditions for Unpacked functions

---
 ....Ind_cca.Instantiations.Avx2.Unpacked.fsti |  78 ++++++++-
 ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 100 ++++++++++--
 ....Ind_cca.Instantiations.Neon.Unpacked.fsti |  41 ++++-
 ..._cca.Instantiations.Portable.Unpacked.fsti |  41 ++++-
 ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti |   8 +-
 ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti |   8 +-
 ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti |   8 +-
 ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti |   8 +-
 ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti |   8 +-
 ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti |   8 +-
 ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti |  16 +-
 ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti |  16 +-
 ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti |  16 +-
 .../proofs/fstar/extraction/Makefile          |  13 --
 libcrux-ml-kem/src/ind_cca/instantiations.rs  |  42 ++++-
 .../src/ind_cca/instantiations/avx2.rs        | 150 ++++++++++++++++++
 libcrux-ml-kem/src/mlkem1024.rs               |   3 +
 libcrux-ml-kem/src/mlkem512.rs                |   3 +
 libcrux-ml-kem/src/mlkem768.rs                |   6 +
 19 files changed, 521 insertions(+), 52 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
index eeb705954..398d19d09 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
@@ -20,7 +20,19 @@ val decapsulate_avx2
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Unpacked decapsulate
 val decapsulate
@@ -30,7 +42,19 @@ val decapsulate
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 val encapsulate_avx2
       (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
@@ -40,7 +64,16 @@ val encapsulate_avx2
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Unpacked encapsulate
@@ -52,7 +85,16 @@ val encapsulate
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 val generate_keypair_avx2
@@ -64,7 +106,13 @@ val generate_keypair_avx2
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
-          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Generate a key pair
 val generate_keypair
@@ -76,7 +124,13 @@ val generate_keypair
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
-          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
 val unpack_public_key_avx2
@@ -87,7 +141,11 @@ val unpack_public_key_avx2
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K
-          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
 val unpack_public_key
@@ -98,4 +156,8 @@ val unpack_public_key
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K
-          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
+      (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
index 62e566a3c..9c217d71e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
@@ -17,27 +17,65 @@ val validate_private_key_avx2
       (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 val validate_private_key
       (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 val decapsulate_avx2
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 val decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 val encapsulate_avx2
       (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
@@ -45,7 +83,17 @@ val encapsulate_avx2
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 val encapsulate
@@ -54,7 +102,17 @@ val encapsulate
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Portable generate key pair.
@@ -63,7 +121,13 @@ val generate_keypair_avx2
           usize)
       (randomness: t_Array u8 (sz 64))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 val generate_keypair
@@ -71,15 +135,31 @@ val generate_keypair
           usize)
       (randomness: t_Array u8 (sz 64))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 val validate_public_key_avx2
       (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: t_Array u8 v_PUBLIC_KEY_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 val validate_public_key
       (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: t_Array u8 v_PUBLIC_KEY_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires
+        Spec.MLKEM.is_rank v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K)
+      (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
index 9d2131a1c..757109bde 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
@@ -21,7 +21,22 @@ val decapsulate
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Unpacked encapsulate
 val encapsulate
@@ -32,7 +47,17 @@ val encapsulate
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Generate a key pair
@@ -46,7 +71,13 @@ val generate_keypair
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
           Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
@@ -59,5 +90,7 @@ val unpack_public_key
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K
           Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
       (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
index 312f66ff0..717574775 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
@@ -21,7 +21,22 @@ val decapsulate
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 (sz 32))
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+        v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Unpacked encapsulate
 val encapsulate
@@ -32,7 +47,17 @@ val encapsulate
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\
+        v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+        v_VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+        v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+        v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Generate a key pair
@@ -46,7 +71,13 @@ val generate_keypair
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
           Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
+        v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
@@ -59,5 +90,7 @@ val unpack_public_key
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K
           Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
       (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
index e456bc52c..0aa9d9adf 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
@@ -18,7 +18,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 1024 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
index c98c5408d..2396caaf2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
@@ -18,7 +18,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 1024 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
index 7a9e360d6..a572bbf31 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
@@ -18,7 +18,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 1024 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
index d5042edbf..91482e3f3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
@@ -18,7 +18,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 512 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
index a4993e55e..7d2f4a8a0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
@@ -18,7 +18,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 512 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
index 75de5d1b6..f8af3d764 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
@@ -18,7 +18,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 512 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
index 36d886da8..17bcaabb3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
@@ -18,7 +18,13 @@ val key_pair_serialized_public_key
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 3 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -28,7 +34,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 3 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 768 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
index 8230f5e69..c96c9c2b7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
@@ -19,7 +19,13 @@ val key_pair_serialized_public_key
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 3 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -29,7 +35,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 3 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 768 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
index 21e27aaf6..09f306395 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
@@ -19,7 +19,13 @@ val key_pair_serialized_public_key
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 3 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -29,7 +35,13 @@ val serialized_public_key
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 3 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Decapsulate ML-KEM 768 (unpacked)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index 490eac317..1483ebe4d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,19 +1,6 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
 ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
-              Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \
-              Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst \
-              Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst \
-              Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst \
-              Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst \
               Libcrux_ml_kem.Vector.Avx2.Serialize.fst \
               Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs
index fc2e754e2..2d3ff0205 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs
@@ -247,7 +247,6 @@ macro_rules! instantiate {
                 $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
                 $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
                 $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-            
                 $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
                 $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
                 $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
@@ -313,6 +312,11 @@ macro_rules! instantiate {
                     crate::ind_cca::unpacked::MlKemPublicKeyUnpacked<K, $vector>;
 
                 /// Get the unpacked public key.
+                #[hax_lib::requires(
+                    fstar!("Spec.MLKEM.is_rank $K /\\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+                )]
                 pub(crate) fn unpack_public_key<
                     const K: usize,
                     const T_AS_NTT_ENCODED_SIZE: usize,
@@ -333,6 +337,13 @@ macro_rules! instantiate {
                 }
 
                 /// Generate a key pair
+                #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+                    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+                    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
                 pub(crate) fn generate_keypair<
                     const K: usize,
                     const CPA_PRIVATE_KEY_SIZE: usize,
@@ -360,6 +371,19 @@ macro_rules! instantiate {
                 }
 
                 /// Unpacked encapsulate
+                #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+                    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+                    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+                    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
+                    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
+                    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+                    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+                    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
                 pub(crate) fn encapsulate<
                     const K: usize,
                     const CIPHERTEXT_SIZE: usize,
@@ -398,6 +422,22 @@ macro_rules! instantiate {
                 }
 
                 /// Unpacked decapsulate
+                #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+                    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+                    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+                    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+                    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+                    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
+                    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
+                    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+                    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+                    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+                    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
                 pub(crate) fn decapsulate<
                     const K: usize,
                     const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
index 9dff8843a..51a07386d 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
@@ -6,6 +6,13 @@ use crate::{
 #[allow(unsafe_code)]
 /// Portable generate key pair.
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
 unsafe fn generate_keypair_avx2<
     const K: usize,
     const CPA_PRIVATE_KEY_SIZE: usize,
@@ -32,6 +39,13 @@ unsafe fn generate_keypair_avx2<
 }
 
 #[allow(unsafe_code)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
 pub(crate) fn generate_keypair<
     const K: usize,
     const CPA_PRIVATE_KEY_SIZE: usize,
@@ -112,6 +126,9 @@ pub(crate) fn kyber_generate_keypair<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
 unsafe fn validate_public_key_avx2<
     const K: usize,
     const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -128,6 +145,9 @@ unsafe fn validate_public_key_avx2<
 }
 
 #[allow(unsafe_code)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
 pub(crate) fn validate_public_key<
     const K: usize,
     const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -142,6 +162,9 @@ pub(crate) fn validate_public_key<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
 unsafe fn validate_private_key_avx2<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -159,6 +182,9 @@ unsafe fn validate_private_key_avx2<
 }
 
 #[allow(unsafe_code)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
 pub(crate) fn validate_private_key<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -254,6 +280,19 @@ pub(crate) fn kyber_encapsulate<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
+    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
 unsafe fn encapsulate_avx2<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -293,6 +332,19 @@ unsafe fn encapsulate_avx2<
 }
 
 #[allow(unsafe_code)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
+    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
 pub(crate) fn encapsulate<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -424,6 +476,22 @@ pub fn kyber_decapsulate<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
 unsafe fn decapsulate_avx2<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -469,6 +537,22 @@ unsafe fn decapsulate_avx2<
 }
 
 #[allow(unsafe_code)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
 pub fn decapsulate<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -524,6 +608,11 @@ pub(crate) mod unpacked {
     /// Get the unpacked public key.
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
     #[allow(unsafe_code)]
+    #[hax_lib::requires(
+        fstar!("Spec.MLKEM.is_rank $K /\\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+    )]
     unsafe fn unpack_public_key_avx2<
         const K: usize,
         const T_AS_NTT_ENCODED_SIZE: usize,
@@ -545,6 +634,11 @@ pub(crate) mod unpacked {
 
     /// Get the unpacked public key.
     #[allow(unsafe_code)]
+    #[hax_lib::requires(
+        fstar!("Spec.MLKEM.is_rank $K /\\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+    )]
     pub(crate) fn unpack_public_key<
         const K: usize,
         const T_AS_NTT_ENCODED_SIZE: usize,
@@ -566,6 +660,11 @@ pub(crate) mod unpacked {
 
     #[allow(unsafe_code)]
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
     unsafe fn generate_keypair_avx2<
         const K: usize,
         const CPA_PRIVATE_KEY_SIZE: usize,
@@ -594,6 +693,11 @@ pub(crate) mod unpacked {
 
     /// Generate a key pair
     #[allow(unsafe_code)]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
     pub(crate) fn generate_keypair<
         const K: usize,
         const CPA_PRIVATE_KEY_SIZE: usize,
@@ -621,6 +725,17 @@ pub(crate) mod unpacked {
 
     #[allow(unsafe_code)]
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
     unsafe fn encapsulate_avx2<
         const K: usize,
         const CIPHERTEXT_SIZE: usize,
@@ -660,6 +775,17 @@ pub(crate) mod unpacked {
 
     /// Unpacked encapsulate
     #[allow(unsafe_code)]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
     pub(crate) fn encapsulate<
         const K: usize,
         const CIPHERTEXT_SIZE: usize,
@@ -699,6 +825,18 @@ pub(crate) mod unpacked {
 
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
     #[allow(unsafe_code)]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
     unsafe fn decapsulate_avx2<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -744,6 +882,18 @@ pub(crate) mod unpacked {
 
     /// Unpacked decapsulate
     #[allow(unsafe_code)]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
     pub(crate) fn decapsulate<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs
index 6bc86a8cf..9eca0e283 100644
--- a/libcrux-ml-kem/src/mlkem1024.rs
+++ b/libcrux-ml-kem/src/mlkem1024.rs
@@ -251,6 +251,9 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 4 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn serialized_public_key(
                     public_key: &MlKem1024PublicKeyUnpacked,
                     serialized: &mut MlKem1024PublicKey,
diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs
index cad3bd02b..e93e8503d 100644
--- a/libcrux-ml-kem/src/mlkem512.rs
+++ b/libcrux-ml-kem/src/mlkem512.rs
@@ -243,6 +243,9 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 2 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn serialized_public_key(
                     public_key: &MlKem512PublicKeyUnpacked,
                     serialized: &mut MlKem512PublicKey,
diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs
index 17cf7aadf..9c2255635 100644
--- a/libcrux-ml-kem/src/mlkem768.rs
+++ b/libcrux-ml-kem/src/mlkem768.rs
@@ -242,11 +242,17 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 3 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked, serialized : &mut MlKem768PublicKey) {
                     public_key.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768>(serialized);
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 3 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768>(serialized);
                 }

From 50e4b97637b4a6617918cdd933964006a058f45d Mon Sep 17 00:00:00 2001
From: Lucas Franceschino <lucas@cryspen.com>
Date: Thu, 14 Nov 2024 16:18:36 +0100
Subject: [PATCH 025/142] fix(f*/ml-kem): restore z3rlimit to 80

---
 libcrux-ml-kem/hax.py                                           | 2 ++
 .../fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst       | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti       | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti    | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti    | 2 +-
 .../extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti  | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst     | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti    | 2 +-
 .../extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst   | 2 +-
 .../extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti  | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst     | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti    | 2 +-
 .../extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst   | 2 +-
 .../extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti  | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst | 2 +-
 ...Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst          | 2 +-
 .../Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti         | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst    | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti       | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst          | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti         | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti       | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst          | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti         | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst       | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst           | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti          | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti  | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst   | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst      | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti     | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst        | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti       | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti   | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst    | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst       | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst         | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti        | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti   | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst    | 2 +-
 .../extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst       | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst         | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti        | 2 +-
 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst   | 2 +-
 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst       | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst         | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti        | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst        | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti       | 2 +-
 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti           | 2 +-
 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti           | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti         | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst    | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst    | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti     | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst    | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti   | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst   | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti  | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti     | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst    | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti   | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst      | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti     | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst     | 2 +-
 .../fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti    | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst      | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti     | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst     | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti    | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst   | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst  | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti      | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst    | 2 +-
 .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti   | 2 +-
 sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti  | 2 +-
 136 files changed, 137 insertions(+), 135 deletions(-)

diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py
index b95b864ab..8b78cdee4 100755
--- a/libcrux-ml-kem/hax.py
+++ b/libcrux-ml-kem/hax.py
@@ -97,6 +97,8 @@ def __call__(self, parser, args, values, option_string=None) -> None:
             "-i",
             include_str,
             "fstar",
+            "--z3rlimit",
+            "80",
             "--interfaces",
             interface_include,
         ]
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst
index b89424665..184d21930 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Constant_time_ops
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti
index 70d1af70f..981aa5aa1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Constant_time_ops
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti
index 76d143aad..1c3fdf673 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Constants
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
index 148a360ff..ac3f1d25d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Hash_functions.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
index 7e395a2d3..10f31d18f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Hash_functions.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
index 71ae0d8a5..34b92577f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Hash_functions.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti
index 55f0a73a9..05c34b4bc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Hash_functions
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst
index 4ae062555..8e205b0fb 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
index 398d19d09..59d9f544f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst
index 97bf551a2..f3729610d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
index 9c217d71e..c8a184dc0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst
index 1c5cfc0fe..dcdb3f339 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
index 757109bde..c2b13b5e9 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst
index 91b2b31a1..aeffe4831 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
index 04f545cda..2ac2032f9 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst
index cde5b0153..6f5ea9027 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
index 717574775..4ea263f4d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst
index d910b65f8..c8f72e2e0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
index 55c2c5874..54d121f40 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Instantiations.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst
index 675a80d0b..ca7056f6c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Multiplexing
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti
index 1a398869b..4fc70d000 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Multiplexing
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index 8cef7b507..e892e21b1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index 148d38dda..db412286b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 1fbf9a9fe..65ba7c6e0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
index 2492d1fde..3451ffc38 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cca
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
index 7f28b1fc2..58fcb60a3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cpa.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index c61cf8bd0..4484e0cc4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cpa
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index b98871d8a..102bd667f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cpa
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
index 6aaa9b19a..aeccf049f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Invert_ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
index 44512e3b1..99f466207 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Invert_ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
index ecf3bc78b..92a2c589d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Matrix
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
index 0487c22d7..8c4c95e96 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Matrix
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst
index 535743eee..abc7e4b8b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
index 0aa9d9adf..df9a73c0b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst
index 7080765e4..19d9fc0c8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti
index f8995e737..97cdb4949 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst
index f4da0ce27..27056053e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
index 2396caaf2..905114862 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst
index a7bb1aed1..0ec31a417 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti
index 19fcf2a03..b7d739c0f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst
index a2ce23c18..f5f6b44d1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
index a572bbf31..a2997c1be 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst
index 4fe97e075..eb7c7b085 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti
index 22a57aad7..f93988b73 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst
index 363d3888a..69f4ab0fc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Rand
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti
index a6890b7d0..b2175b095 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024.Rand
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst
index e3c14f8b2..c296a0efc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
index 8c51f72ac..007e5c86f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem1024
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst
index c2dec7172..74a6f26f2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
index 91482e3f3..724de7697 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst
index fb044bdcf..36a793c00 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti
index fffe20cdb..b7c71322d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst
index cb844f8f7..1f1d6a2d1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
index 7d2f4a8a0..75bff98e2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst
index d05e003a6..25c542cbc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti
index 978e3f095..690f7a8be 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst
index 300c82c69..97e089aab 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
index f8af3d764..21c0e9957 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst
index 593d9e05a..8c8453609 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti
index bc5e1ec1e..6862b8d13 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst
index e0359272f..adca30249 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Rand
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti
index 95ba62654..31ef494ee 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512.Rand
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst
index 608df6cbd..ec76cf211 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti
index 7152ea6bf..28d905063 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem512
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst
index 7e0ebd6ca..057873b12 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
index 17bcaabb3..a5ef4110d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst
index 0313c715a..509dd7d2c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti
index 3263527b3..2b74d346e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst
index ae48f86a4..8daf42a3d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
index c96c9c2b7..875b33127 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Neon.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst
index ecb81f50c..17c71a387 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti
index c167a2840..f3edcca02 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst
index 7592960a6..f950b23dd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
index 09f306395..06e305a32 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Portable.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst
index ca6be738e..ded4c9b1d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti
index 1e341d72b..570cf4ad8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst
index df3caf4a2..80ac366d4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Rand
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti
index 6d9fbe622..fb034e0f5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768.Rand
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst
index dace01345..7a9f4607c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
index 31e1114d1..d1d7c217f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Mlkem768
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
index a325f280d..2c5a30cb2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
index da62a1f47..75973c8fb 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
index 8ba1cf335..4dcc55b91 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Polynomial
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
index c8ca15dce..6ad4d7a0b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Polynomial
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst
index 201db4099..c50a5c96b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Sampling
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti
index 737a33ecc..ecaa33053 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Sampling
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index d76da59ca..3066440c8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 43d864e95..f8382da2d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index c1f102d79..bef66c535 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Types
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index ca155e3f6..0b3162012 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Types
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst
index 6ee03cd7f..54769237f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Utils
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti
index 2184222c0..389070322 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Utils
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
index e85704077..6eeb053d6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Variant
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
index df62a6132..6f960e706 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Arithmetic
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti
index b46e7aa7e..6cfb8659a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Arithmetic
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst
index f8d253a4c..849da1049 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Compress
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti
index 4a83ff83f..267f93c47 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Compress
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst
index 60d593980..504a87112 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti
index 5b5ee2e40..e2cfc07ca 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst
index 03a0012e0..b41e18824 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Sampling
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti
index 3f9eff193..767350ac5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Sampling
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
index b0c4623a5..b0c197583 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti
index 6532d0816..f91497b5d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
index 4dbe74d04..aacde9fa5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
index 72fb64e9e..f78b55e0b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Avx2
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst
index 3e4a911e1..1139236f7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Arithmetic
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti
index 9bd656a73..91b5164fe 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Arithmetic
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst
index 42233fa2d..29ffc7ec4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Compress
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti
index c2afb3843..55a0e76b6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Compress
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst
index d95f4879d..36abe54f2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti
index b676dbeec..8beabc8b6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst
index ed17864d7..2bda9f7e7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti
index c8eb22b28..7610cd889 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst
index 9df16f186..9b4625de3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Vector_type
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti
index a665f64ac..2a950fdf6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon.Vector_type
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst
index b05106d98..3408a5815 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti
index 8093d76b3..7d44e2e90 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Neon
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
index 84d549d13..9f607fddd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Arithmetic
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti
index 443d81268..6a4fc4d3d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Arithmetic
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
index 19e8afbc1..8ccf885b5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Compress
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti
index 81188c2ee..32527079f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Compress
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst
index 17c369667..72a8bfad1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti
index fac729bef..c5532bbde 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Ntt
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst
index a96ed3aee..ef246cd1f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Sampling
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti
index bc900ff73..57159cf4c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Sampling
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst
index 40e6c17a7..03cede344 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti
index 84c543aef..3e010f599 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Serialize
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst
index 962c322cf..177b2fe04 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Vector_type
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti
index fcbb04325..782ad70eb 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable.Vector_type
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
index 4b16648c9..3546b5420 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
index 8ab792733..0abe9ae41 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Portable
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti
index ce3906fea..3d4f6be0a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Rej_sample_table
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst
index 5f3adf035..69e93a949 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Traits
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
index 7a2a775ab..21e6d6a50 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Vector.Traits
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
index 968a5585c..0b77def1e 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.X86
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 

From faee7a52c502471992c1bdbdbaa27965625829e7 Mon Sep 17 00:00:00 2001
From: Lucas Franceschino <lucas@cryspen.com>
Date: Thu, 14 Nov 2024 16:18:51 +0100
Subject: [PATCH 026/142] feat: verify Avx2.Serialize

---
 libcrux-ml-kem/proofs/fstar/extraction/Makefile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index 1483ebe4d..1aa982aae 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,7 +1,6 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
 ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
-              Libcrux_ml_kem.Vector.Avx2.Serialize.fst \
               Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
               Libcrux_ml_kem.Vector.Avx2.Sampling.fst \

From e42d9da4d06d92370a608ee12cec255df150e2d4 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Thu, 14 Nov 2024 16:44:02 +0100
Subject: [PATCH 027/142] cleanup

---
 Cargo.lock                                    | 132 +++++---------
 Cargo.toml                                    |   2 +-
 .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst       |  74 ++++++++
 .../extraction/Libcrux_ml_kem.Variant.fst     | 166 ++++++++++++++++++
 libcrux-ml-kem/src/vector/portable.rs         |   4 +-
 5 files changed, 291 insertions(+), 87 deletions(-)
 create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
 create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst

diff --git a/Cargo.lock b/Cargo.lock
index ebd4add6a..6f1806187 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -29,9 +29,9 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
 
 [[package]]
 name = "anstream"
-version = "0.6.17"
+version = "0.6.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23a1e53f0f5d86382dafe1cf314783b2044280f406e7e1506368220ad11b1338"
+checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -44,9 +44,9 @@ dependencies = [
 
 [[package]]
 name = "anstyle"
-version = "1.0.9"
+version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8365de52b16c035ff4fcafe0092ba9390540e3e352870ac09933bebcaa2c8c56"
+checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
 
 [[package]]
 name = "anstyle-parse"
@@ -78,9 +78,9 @@ dependencies = [
 
 [[package]]
 name = "arbitrary"
-version = "1.3.2"
+version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110"
+checksum = "dde20b3d026af13f561bdd0f15edf01fc734f0dafcedbaf42bba506a9517f223"
 
 [[package]]
 name = "autocfg"
@@ -143,7 +143,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn 2.0.86",
+ "syn 2.0.87",
  "which",
 ]
 
@@ -191,9 +191,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.1.31"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2e7962b54006dcfcc61cb72735f4d89bb97061dd6a7ed882ec6b8ee53714c6f"
+checksum = "1aeb932158bd710538c73702db6945cb68a8fb08c519e6e12706b94263b36db8"
 dependencies = [
  "jobserver",
  "libc",
@@ -319,7 +319,7 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
 [[package]]
 name = "cpufeatures"
-version = "0.2.14"
+version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0"
+checksum = "0ca741a962e1b0bff6d724a1a0958b686406e853bb14061f218562e1896f95e6"
 dependencies = [
  "libc",
 ]
@@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -702,19 +702,9 @@ dependencies = [
 [[package]]
 name = "hax-lib"
 version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#291e34e51a0182c0f1b29f27cbafe3d40490e39a"
-dependencies = [
- "hax-lib-macros 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/?branch=main)",
- "num-bigint",
- "num-traits",
-]
-
-[[package]]
-name = "hax-lib"
-version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#4291b195f4dee2bec5568ee6a0b6fe6a108623fb"
+source = "git+https://github.com/hacspec/hax/#2b5ec0a0570e10861388481894911da7f152d1c6"
 dependencies = [
- "hax-lib-macros 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/)",
+ "hax-lib-macros",
  "num-bigint",
  "num-traits",
 ]
@@ -722,45 +712,20 @@ dependencies = [
 [[package]]
 name = "hax-lib-macros"
 version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#291e34e51a0182c0f1b29f27cbafe3d40490e39a"
+source = "git+https://github.com/hacspec/hax/#2b5ec0a0570e10861388481894911da7f152d1c6"
 dependencies = [
- "hax-lib-macros-types 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/?branch=main)",
+ "hax-lib-macros-types",
  "paste",
  "proc-macro-error",
  "proc-macro2",
  "quote",
- "syn 2.0.86",
-]
-
-[[package]]
-name = "hax-lib-macros"
-version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#4291b195f4dee2bec5568ee6a0b6fe6a108623fb"
-dependencies = [
- "hax-lib-macros-types 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/)",
- "paste",
- "proc-macro-error",
- "proc-macro2",
- "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
 name = "hax-lib-macros-types"
 version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#291e34e51a0182c0f1b29f27cbafe3d40490e39a"
-dependencies = [
- "proc-macro2",
- "quote",
- "serde",
- "serde_json",
- "uuid",
-]
-
-[[package]]
-name = "hax-lib-macros-types"
-version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#4291b195f4dee2bec5568ee6a0b6fe6a108623fb"
+source = "git+https://github.com/hacspec/hax/#2b5ec0a0570e10861388481894911da7f152d1c6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -924,9 +889,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.161"
+version = "0.2.162"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1"
+checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398"
 
 [[package]]
 name = "libcrux"
@@ -934,7 +899,7 @@ version = "0.0.2-beta.2"
 dependencies = [
  "clap",
  "getrandom",
- "hax-lib 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/?branch=main)",
+ "hax-lib",
  "hex",
  "libcrux",
  "libcrux-ecdh",
@@ -1008,7 +973,7 @@ dependencies = [
 name = "libcrux-intrinsics"
 version = "0.0.2-beta.2"
 dependencies = [
- "hax-lib 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/)",
+ "hax-lib",
 ]
 
 [[package]]
@@ -1028,7 +993,7 @@ name = "libcrux-ml-dsa"
 version = "0.0.2-beta.2"
 dependencies = [
  "criterion",
- "hax-lib 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/)",
+ "hax-lib",
  "hex",
  "libcrux-intrinsics",
  "libcrux-platform",
@@ -1044,7 +1009,7 @@ name = "libcrux-ml-kem"
 version = "0.0.2-beta.2"
 dependencies = [
  "criterion",
- "hax-lib 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/)",
+ "hax-lib",
  "hex",
  "libcrux-intrinsics",
  "libcrux-platform",
@@ -1098,7 +1063,7 @@ version = "0.0.2-beta.2"
 dependencies = [
  "cavp",
  "criterion",
- "hax-lib 0.1.0-alpha.1 (git+https://github.com/hacspec/hax/)",
+ "hax-lib",
  "hex",
  "libcrux-intrinsics",
  "libcrux-platform",
@@ -1108,13 +1073,12 @@ dependencies = [
 
 [[package]]
 name = "libfuzzer-sys"
-version = "0.4.7"
+version = "0.4.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a96cfd5557eb82f2b83fed4955246c988d331975a002961b07c81584d107e7f7"
+checksum = "9b9569d2f74e257076d8c6bfa73fb505b46b851e51ddaecc825944aa3bed17fa"
 dependencies = [
  "arbitrary",
  "cc",
- "once_cell",
 ]
 
 [[package]]
@@ -1157,9 +1121,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 
 [[package]]
 name = "minicov"
-version = "0.3.6"
+version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "def6d99771d7c499c26ad4d40eb6645eafd3a1553b35fc26ea5a489a45e82d9a"
+checksum = "f27fe9f1cc3c22e1687f9446c2083c4c5fc7f0bcf1c7a86bdbded14985895b4b"
 dependencies = [
  "cc",
  "walkdir",
@@ -1250,7 +1214,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1417,7 +1381,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
 dependencies = [
  "proc-macro2",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1557,9 +1521,9 @@ dependencies = [
 
 [[package]]
 name = "regex-automata"
-version = "0.4.8"
+version = "0.4.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "368758f23274712b504848e9d5a6f010445cc8b87a7cdb4d7cbee666c1288da3"
+checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1614,9 +1578,9 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.38"
+version = "0.38.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa260229e6538e52293eeb577aabd09945a09d6d9cc0fc550ed7529056c2e32a"
+checksum = "99e4ea3e1cdc4b559b8e5650f9c8e5998e3e5c1343b4eaf034565f32318d63c0"
 dependencies = [
  "bitflags",
  "errno",
@@ -1668,22 +1632,22 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
 
 [[package]]
 name = "serde"
-version = "1.0.214"
+version = "1.0.215"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5"
+checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.214"
+version = "1.0.215"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766"
+checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -1782,9 +1746,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.86"
+version = "2.0.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e89275301d38033efb81a6e60e3497e734dfcc62571f2854bf4b16690398824c"
+checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1903,7 +1867,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
  "wasm-bindgen-shared",
 ]
 
@@ -1937,7 +1901,7 @@ checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -1971,7 +1935,7 @@ checksum = "c97b2ef2c8d627381e51c071c2ab328eac606d3f69dd82bcbca20a9e389d95f0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2129,7 +2093,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
 
 [[package]]
@@ -2149,5 +2113,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.86",
+ "syn 2.0.87",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index 625c177a3..d30f66179 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -75,7 +75,7 @@ log = { version = "0.4", optional = true }
 # WASM API
 wasm-bindgen = { version = "0.2.87", optional = true }
 getrandom = { version = "0.2", features = ["js"], optional = true }
-hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/", branch = "main" }
+hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" }
 
 [dev-dependencies]
 libcrux = { path = ".", features = ["rand", "tests"] }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
new file mode 100644
index 000000000..25587cb96
--- /dev/null
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
@@ -0,0 +1,74 @@
+module Libcrux_ml_kem.Ind_cpa.Unpacked
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_kem.Vector.Traits in
+  ()
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+    : Core.Default.t_Default (t_IndCpaPrivateKeyUnpacked v_K v_Vector) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPrivateKeyUnpacked v_K v_Vector) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      {
+        f_secret_as_ntt
+        =
+        Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          v_K
+      }
+      <:
+      t_IndCpaPrivateKeyUnpacked v_K v_Vector
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+    : Core.Default.t_Default (t_IndCpaPublicKeyUnpacked v_K v_Vector) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPublicKeyUnpacked v_K v_Vector) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      {
+        f_t_as_ntt
+        =
+        Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
+            <:
+            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+          v_K;
+        f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32);
+        f_A
+        =
+        Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO
+                  #v_Vector
+                  ()
+                <:
+                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+              v_K
+            <:
+            t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+          v_K
+      }
+      <:
+      t_IndCpaPublicKeyUnpacked v_K v_Vector
+  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
new file mode 100644
index 000000000..f0a7f7893
--- /dev/null
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
@@ -0,0 +1,166 @@
+module Libcrux_ml_kem.Variant
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_kem.Hash_functions in
+  ()
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: t_Variant t_MlKem =
+  {
+    f_kdf_pre
+    =
+    (fun
+        (v_K: usize)
+        (v_CIPHERTEXT_SIZE: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (shared_secret: t_Slice u8)
+        (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+        ->
+        (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32);
+    f_kdf_post
+    =
+    (fun
+        (v_K: usize)
+        (v_CIPHERTEXT_SIZE: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (shared_secret: t_Slice u8)
+        (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+        (res: t_Array u8 (sz 32))
+        ->
+        res == shared_secret);
+    f_kdf
+    =
+    (fun
+        (v_K: usize)
+        (v_CIPHERTEXT_SIZE: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (shared_secret: t_Slice u8)
+        (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+        ->
+        let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+        let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in
+        out);
+    f_entropy_preprocess_pre
+    =
+    (fun
+        (v_K: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (randomness: t_Slice u8)
+        ->
+        (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32);
+    f_entropy_preprocess_post
+    =
+    (fun
+        (v_K: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (randomness: t_Slice u8)
+        (res: t_Array u8 (sz 32))
+        ->
+        res == randomness);
+    f_entropy_preprocess
+    =
+    (fun
+        (v_K: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (randomness: t_Slice u8)
+        ->
+        let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+        let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in
+        out);
+    f_cpa_keygen_seed_pre
+    =
+    (fun
+        (v_K: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i4:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (key_generation_seed: t_Slice u8)
+        ->
+        (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32);
+    f_cpa_keygen_seed_post
+    =
+    (fun
+        (v_K: usize)
+        (#v_Hasher: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i4:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+        (key_generation_seed: t_Slice u8)
+        (res: t_Array u8 (sz 64))
+        ->
+        Seq.length key_generation_seed == 32 ==>
+        res == Spec.Utils.v_G (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8))));
+    f_cpa_keygen_seed
+    =
+    fun
+      (v_K: usize)
+      (#v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+        i4:
+        Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (key_generation_seed: t_Slice u8)
+      ->
+      let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in
+      let seed:t_Array u8 (sz 33) =
+        Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed
+          ({
+              Core.Ops.Range.f_start = sz 0;
+              Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
+            }
+            <:
+            Core.Ops.Range.t_Range usize)
+          (Core.Slice.impl__copy_from_slice #u8
+              (seed.[ {
+                    Core.Ops.Range.f_start = sz 0;
+                    Core.Ops.Range.f_end
+                    =
+                    Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
+                  }
+                  <:
+                  Core.Ops.Range.t_Range usize ]
+                <:
+                t_Slice u8)
+              key_generation_seed
+            <:
+            t_Slice u8)
+      in
+      let seed:t_Array u8 (sz 33) =
+        Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed
+          Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
+          (cast (v_K <: usize) <: u8)
+      in
+      let _:Prims.unit =
+        Lib.Sequence.eq_intro #u8
+          #33
+          seed
+          (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8)))
+      in
+      Libcrux_ml_kem.Hash_functions.f_G #v_Hasher
+        #v_K
+        #FStar.Tactics.Typeclasses.solve
+        (seed <: t_Slice u8)
+  }
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index 5effe4b67..7d0752f97 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -102,8 +102,8 @@ fn deserialize_12(a: &[u8]) -> PortableVector {
     serialize::deserialize_12(a)
 }
 
-#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 400 --split_queries always""#)]
-#[hax_lib::fstar::after(interface, r#"#pop-options"#)]
+#[hax_lib::fstar::before(r#"#push-options "--z3rlimit 400 --split_queries always""#)]
+#[hax_lib::fstar::after(r#"#pop-options"#)]
 #[hax_lib::attributes] 
 impl Operations for PortableVector {
     #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))]

From 974422b6aa438b33a20b1ef66854438addad49ee Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Thu, 14 Nov 2024 18:19:54 +0100
Subject: [PATCH 028/142] fstar

---
 .../Libcrux_intrinsics.Arm64_extract.fsti     |   2 +-
 .../Libcrux_intrinsics.Avx2_extract.fsti      |   2 +-
 .../Libcrux_ml_dsa.Hash_functions.Neon.fsti   | 236 +------
 ...ibcrux_ml_dsa.Hash_functions.Portable.fsti | 306 +--------
 ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti | 288 +-------
 .../extraction/Libcrux_ml_dsa.Pre_hash.fst    |  59 ++
 .../extraction/Libcrux_ml_dsa.Pre_hash.fsti   |  56 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst  |  13 +
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti |  12 +-
 .../extraction/Libcrux_ml_dsa.Simd.Avx2.fsti  | 635 +-----------------
 .../Libcrux_ml_dsa.Simd.Portable.fsti         | 522 +-------------
 .../Libcrux_ml_kem.Hash_functions.Avx2.fsti   |  69 +-
 .../Libcrux_ml_kem.Hash_functions.Neon.fsti   |  69 +-
 ...ibcrux_ml_kem.Hash_functions.Portable.fsti |  77 +--
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       |  65 ++
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti      |  63 +-
 .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst       |   2 +-
 .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti      |  62 +-
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 144 ++++
 .../extraction/Libcrux_ml_kem.Types.fsti      | 129 +---
 .../extraction/Libcrux_ml_kem.Variant.fst     |   2 +-
 .../extraction/Libcrux_ml_kem.Variant.fsti    | 155 +----
 .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 569 ++++++++++++++++
 .../Libcrux_ml_kem.Vector.Avx2.fsti           | 567 +---------------
 .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 491 ++++++++++++++
 .../Libcrux_ml_kem.Vector.Neon.fsti           | 490 +-------------
 .../Libcrux_ml_kem.Vector.Portable.fst        | 614 +++++++++++++++++
 .../Libcrux_ml_kem.Vector.Portable.fsti       | 614 +----------------
 .../extraction/Libcrux_platform.Platform.fsti |   2 +-
 29 files changed, 2040 insertions(+), 4275 deletions(-)

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
index a03c287ec..d4014e6a8 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index 290b679a5..16d93fb14 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti
index 9ad6829f1..a7762dfe1 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti
@@ -8,6 +8,12 @@ val t_Shake128x4:Type0
 /// Neon SHAKE 256 x4 state
 val t_Shake256x4:Type0
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4
+
 /// Init the state and absorb 4 blocks in parallel.
 val init_absorb (input0 input1 input2 input3: t_Slice u8)
     : Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True)
@@ -43,239 +49,9 @@ val squeeze_next_block (state: t_Shake128x4)
       Prims.l_True
       (fun _ -> Prims.l_True)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 =
-  {
-    f_init_absorb_pre
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true
-    );
-    f_init_absorb_post
-    =
-    (fun
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out: t_Shake128x4)
-        ->
-        true);
-    f_init_absorb
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) ->
-        init_absorb input0 input1 input2 input3);
-    f_squeeze_first_five_blocks_pre
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        ->
-        true);
-    f_squeeze_first_five_blocks_post
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        (out4:
-          (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-            t_Array u8 (sz 840)))
-        ->
-        true);
-    f_squeeze_first_five_blocks
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        ->
-        let tmp0, tmp1, tmp2, tmp3, tmp4:(t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-          t_Array u8 (sz 840) &
-          t_Array u8 (sz 840)) =
-          squeeze_first_five_blocks self out0 out1 out2 out3
-        in
-        let self:t_Shake128x4 = tmp0 in
-        let out0:t_Array u8 (sz 840) = tmp1 in
-        let out1:t_Array u8 (sz 840) = tmp2 in
-        let out2:t_Array u8 (sz 840) = tmp3 in
-        let out3:t_Array u8 (sz 840) = tmp4 in
-        let _:Prims.unit = () in
-        self, out0, out1, out2, out3
-        <:
-        (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-          t_Array u8 (sz 840)));
-    f_squeeze_next_block_pre = (fun (self: t_Shake128x4) -> true);
-    f_squeeze_next_block_post
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out5:
-          (t_Shake128x4 &
-            (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-        )
-        ->
-        true);
-    f_squeeze_next_block
-    =
-    fun (self: t_Shake128x4) ->
-      let tmp0, out4:(t_Shake128x4 &
-        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) =
-        squeeze_next_block self
-      in
-      let self:t_Shake128x4 = tmp0 in
-      let hax_temp_output:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) &
-        t_Array u8 (sz 168)) =
-        out4
-      in
-      self, hax_temp_output
-      <:
-      (t_Shake128x4 &
-        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-  }
-
 val squeeze_next_block_x4 (state: t_Shake256x4)
     : Prims.Pure
       (t_Shake256x4 &
         (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
       Prims.l_True
       (fun _ -> Prims.l_True)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 =
-  {
-    f_init_absorb_x4_pre
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true
-    );
-    f_init_absorb_x4_post
-    =
-    (fun
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out: t_Shake256x4)
-        ->
-        true);
-    f_init_absorb_x4
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) ->
-        init_absorb_x4 input0 input1 input2 input3);
-    f_squeeze_first_block_x4_pre = (fun (self: t_Shake256x4) -> true);
-    f_squeeze_first_block_x4_post
-    =
-    (fun
-        (self: t_Shake256x4)
-        (out5:
-          (t_Shake256x4 &
-            (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
-        )
-        ->
-        true);
-    f_squeeze_first_block_x4
-    =
-    (fun (self: t_Shake256x4) ->
-        let tmp0, out4:(t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) =
-          squeeze_first_block_x4 self
-        in
-        let self:t_Shake256x4 = tmp0 in
-        let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) &
-          t_Array u8 (sz 136)) =
-          out4
-        in
-        self, hax_temp_output
-        <:
-        (t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))));
-    f_squeeze_next_block_x4_pre = (fun (self: t_Shake256x4) -> true);
-    f_squeeze_next_block_x4_post
-    =
-    (fun
-        (self: t_Shake256x4)
-        (out5:
-          (t_Shake256x4 &
-            (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
-        )
-        ->
-        true);
-    f_squeeze_next_block_x4
-    =
-    (fun (self: t_Shake256x4) ->
-        let tmp0, out4:(t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) =
-          squeeze_next_block_x4 self
-        in
-        let self:t_Shake256x4 = tmp0 in
-        let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) &
-          t_Array u8 (sz 136)) =
-          out4
-        in
-        self, hax_temp_output
-        <:
-        (t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))));
-    f_shake256_x4_pre
-    =
-    (fun
-        (v_OUT_LEN: usize)
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out0: t_Array u8 v_OUT_LEN)
-        (out1: t_Array u8 v_OUT_LEN)
-        (out2: t_Array u8 v_OUT_LEN)
-        (out3: t_Array u8 v_OUT_LEN)
-        ->
-        true);
-    f_shake256_x4_post
-    =
-    (fun
-        (v_OUT_LEN: usize)
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out0: t_Array u8 v_OUT_LEN)
-        (out1: t_Array u8 v_OUT_LEN)
-        (out2: t_Array u8 v_OUT_LEN)
-        (out3: t_Array u8 v_OUT_LEN)
-        (out4:
-          (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN
-          ))
-        ->
-        true);
-    f_shake256_x4
-    =
-    fun
-      (v_OUT_LEN: usize)
-      (input0: t_Slice u8)
-      (input1: t_Slice u8)
-      (input2: t_Slice u8)
-      (input3: t_Slice u8)
-      (out0: t_Array u8 v_OUT_LEN)
-      (out1: t_Array u8 v_OUT_LEN)
-      (out2: t_Array u8 v_OUT_LEN)
-      (out3: t_Array u8 v_OUT_LEN)
-      ->
-      let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN &
-        t_Array u8 v_OUT_LEN) =
-        shake256_x4 v_OUT_LEN input0 input1 input2 input3 out0 out1 out2 out3
-      in
-      let out0:t_Array u8 v_OUT_LEN = tmp0 in
-      let out1:t_Array u8 v_OUT_LEN = tmp1 in
-      let out2:t_Array u8 v_OUT_LEN = tmp2 in
-      let out3:t_Array u8 v_OUT_LEN = tmp3 in
-      let _:Prims.unit = () in
-      out0, out1, out2, out3
-      <:
-      (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN)
-  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
index c1b251529..0a59a5cc8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
@@ -21,6 +21,18 @@ val t_Shake256Absorb:Type0
 
 val t_Shake256Squeeze:Type0
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_3:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4
+
 val init_absorb (input0 input1 input2 input3: t_Slice u8)
     : Prims.Pure t_Shake128X4 Prims.l_True (fun _ -> Prims.l_True)
 
@@ -33,28 +45,6 @@ val init_absorb_x4 (input0 input1 input2 input3: t_Slice u8)
 val shake128 (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH)
     : Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128 =
-  {
-    f_shake128_pre
-    =
-    (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> true);
-    f_shake128_post
-    =
-    (fun
-        (v_OUTPUT_LENGTH: usize)
-        (input: t_Slice u8)
-        (out: t_Array u8 v_OUTPUT_LENGTH)
-        (out1: t_Array u8 v_OUTPUT_LENGTH)
-        ->
-        true);
-    f_shake128
-    =
-    fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) ->
-      let out:t_Array u8 v_OUTPUT_LENGTH = shake128 v_OUTPUT_LENGTH input out in
-      out
-  }
-
 val shake256 (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH)
     : Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -91,284 +81,12 @@ val squeeze_next_block (state: t_Shake128X4)
       Prims.l_True
       (fun _ -> Prims.l_True)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 =
-  {
-    f_init_absorb_pre
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true
-    );
-    f_init_absorb_post
-    =
-    (fun
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out: t_Shake128X4)
-        ->
-        true);
-    f_init_absorb
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) ->
-        init_absorb input0 input1 input2 input3);
-    f_squeeze_first_five_blocks_pre
-    =
-    (fun
-        (self: t_Shake128X4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        ->
-        true);
-    f_squeeze_first_five_blocks_post
-    =
-    (fun
-        (self: t_Shake128X4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        (out4:
-          (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-            t_Array u8 (sz 840)))
-        ->
-        true);
-    f_squeeze_first_five_blocks
-    =
-    (fun
-        (self: t_Shake128X4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        ->
-        let tmp0, tmp1, tmp2, tmp3, tmp4:(t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-          t_Array u8 (sz 840) &
-          t_Array u8 (sz 840)) =
-          squeeze_first_five_blocks self out0 out1 out2 out3
-        in
-        let self:t_Shake128X4 = tmp0 in
-        let out0:t_Array u8 (sz 840) = tmp1 in
-        let out1:t_Array u8 (sz 840) = tmp2 in
-        let out2:t_Array u8 (sz 840) = tmp3 in
-        let out3:t_Array u8 (sz 840) = tmp4 in
-        let _:Prims.unit = () in
-        self, out0, out1, out2, out3
-        <:
-        (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-          t_Array u8 (sz 840)));
-    f_squeeze_next_block_pre = (fun (self: t_Shake128X4) -> true);
-    f_squeeze_next_block_post
-    =
-    (fun
-        (self: t_Shake128X4)
-        (out5:
-          (t_Shake128X4 &
-            (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-        )
-        ->
-        true);
-    f_squeeze_next_block
-    =
-    fun (self: t_Shake128X4) ->
-      let tmp0, out4:(t_Shake128X4 &
-        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) =
-        squeeze_next_block self
-      in
-      let self:t_Shake128X4 = tmp0 in
-      let hax_temp_output:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) &
-        t_Array u8 (sz 168)) =
-        out4
-      in
-      self, hax_temp_output
-      <:
-      (t_Shake128X4 &
-        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-  }
-
 val squeeze_next_block_shake256 (state: t_Shake256)
     : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256 =
-  {
-    f_shake256_pre
-    =
-    (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> true);
-    f_shake256_post
-    =
-    (fun
-        (v_OUTPUT_LENGTH: usize)
-        (input: t_Slice u8)
-        (out: t_Array u8 v_OUTPUT_LENGTH)
-        (out1: t_Array u8 v_OUTPUT_LENGTH)
-        ->
-        true);
-    f_shake256
-    =
-    (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) ->
-        let out:t_Array u8 v_OUTPUT_LENGTH = shake256 v_OUTPUT_LENGTH input out in
-        out);
-    f_init_absorb_pre = (fun (input: t_Slice u8) -> true);
-    f_init_absorb_post = (fun (input: t_Slice u8) (out: t_Shake256) -> true);
-    f_init_absorb = (fun (input: t_Slice u8) -> init_absorb_shake256 input);
-    f_squeeze_first_block_pre = (fun (self: t_Shake256) -> true);
-    f_squeeze_first_block_post
-    =
-    (fun (self: t_Shake256) (out2: (t_Shake256 & t_Array u8 (sz 136))) -> true);
-    f_squeeze_first_block
-    =
-    (fun (self: t_Shake256) ->
-        let tmp0, out1:(t_Shake256 & t_Array u8 (sz 136)) = squeeze_first_block_shake256 self in
-        let self:t_Shake256 = tmp0 in
-        let hax_temp_output:t_Array u8 (sz 136) = out1 in
-        self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136)));
-    f_squeeze_next_block_pre = (fun (self: t_Shake256) -> true);
-    f_squeeze_next_block_post
-    =
-    (fun (self: t_Shake256) (out2: (t_Shake256 & t_Array u8 (sz 136))) -> true);
-    f_squeeze_next_block
-    =
-    fun (self: t_Shake256) ->
-      let tmp0, out1:(t_Shake256 & t_Array u8 (sz 136)) = squeeze_next_block_shake256 self in
-      let self:t_Shake256 = tmp0 in
-      let hax_temp_output:t_Array u8 (sz 136) = out1 in
-      self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136))
-  }
-
 val squeeze_next_block_x4 (state: t_Shake256X4)
     : Prims.Pure
       (t_Shake256X4 &
         (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
       Prims.l_True
       (fun _ -> Prims.l_True)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4 =
-  {
-    f_init_absorb_x4_pre
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true
-    );
-    f_init_absorb_x4_post
-    =
-    (fun
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out: t_Shake256X4)
-        ->
-        true);
-    f_init_absorb_x4
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) ->
-        init_absorb_x4 input0 input1 input2 input3);
-    f_squeeze_first_block_x4_pre = (fun (self: t_Shake256X4) -> true);
-    f_squeeze_first_block_x4_post
-    =
-    (fun
-        (self: t_Shake256X4)
-        (out5:
-          (t_Shake256X4 &
-            (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
-        )
-        ->
-        true);
-    f_squeeze_first_block_x4
-    =
-    (fun (self: t_Shake256X4) ->
-        let tmp0, out4:(t_Shake256X4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) =
-          squeeze_first_block_x4 self
-        in
-        let self:t_Shake256X4 = tmp0 in
-        let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) &
-          t_Array u8 (sz 136)) =
-          out4
-        in
-        self, hax_temp_output
-        <:
-        (t_Shake256X4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))));
-    f_squeeze_next_block_x4_pre = (fun (self: t_Shake256X4) -> true);
-    f_squeeze_next_block_x4_post
-    =
-    (fun
-        (self: t_Shake256X4)
-        (out5:
-          (t_Shake256X4 &
-            (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
-        )
-        ->
-        true);
-    f_squeeze_next_block_x4
-    =
-    (fun (self: t_Shake256X4) ->
-        let tmp0, out4:(t_Shake256X4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) =
-          squeeze_next_block_x4 self
-        in
-        let self:t_Shake256X4 = tmp0 in
-        let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) &
-          t_Array u8 (sz 136)) =
-          out4
-        in
-        self, hax_temp_output
-        <:
-        (t_Shake256X4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))));
-    f_shake256_x4_pre
-    =
-    (fun
-        (v_OUT_LEN: usize)
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out0: t_Array u8 v_OUT_LEN)
-        (out1: t_Array u8 v_OUT_LEN)
-        (out2: t_Array u8 v_OUT_LEN)
-        (out3: t_Array u8 v_OUT_LEN)
-        ->
-        true);
-    f_shake256_x4_post
-    =
-    (fun
-        (v_OUT_LEN: usize)
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out0: t_Array u8 v_OUT_LEN)
-        (out1: t_Array u8 v_OUT_LEN)
-        (out2: t_Array u8 v_OUT_LEN)
-        (out3: t_Array u8 v_OUT_LEN)
-        (out4:
-          (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN
-          ))
-        ->
-        true);
-    f_shake256_x4
-    =
-    fun
-      (v_OUT_LEN: usize)
-      (input0: t_Slice u8)
-      (input1: t_Slice u8)
-      (input2: t_Slice u8)
-      (input3: t_Slice u8)
-      (out0: t_Array u8 v_OUT_LEN)
-      (out1: t_Array u8 v_OUT_LEN)
-      (out2: t_Array u8 v_OUT_LEN)
-      (out3: t_Array u8 v_OUT_LEN)
-      ->
-      let out0:t_Array u8 v_OUT_LEN = shake256 v_OUT_LEN input0 out0 in
-      let out1:t_Array u8 v_OUT_LEN = shake256 v_OUT_LEN input1 out1 in
-      let out2:t_Array u8 v_OUT_LEN = shake256 v_OUT_LEN input2 out2 in
-      let out3:t_Array u8 v_OUT_LEN = shake256 v_OUT_LEN input3 out3 in
-      out0, out1, out2, out3
-      <:
-      (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN)
-  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
index 97db532b4..32174758b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
@@ -14,6 +14,15 @@ val t_Shake256x4:Type0
 /// AVX2 SHAKE 256 state
 val t_Shake256:Type0
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4
+
 /// Init the state and absorb 4 blocks in parallel.
 val init_absorb (input0 input1 input2 input3: t_Slice u8)
     : Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True)
@@ -58,291 +67,12 @@ val squeeze_next_block (state: t_Shake128x4)
       Prims.l_True
       (fun _ -> Prims.l_True)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 =
-  {
-    f_init_absorb_pre
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true
-    );
-    f_init_absorb_post
-    =
-    (fun
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out: t_Shake128x4)
-        ->
-        true);
-    f_init_absorb
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) ->
-        init_absorb input0 input1 input2 input3);
-    f_squeeze_first_five_blocks_pre
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        ->
-        true);
-    f_squeeze_first_five_blocks_post
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        (out4:
-          (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-            t_Array u8 (sz 840)))
-        ->
-        true);
-    f_squeeze_first_five_blocks
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out0: t_Array u8 (sz 840))
-        (out1: t_Array u8 (sz 840))
-        (out2: t_Array u8 (sz 840))
-        (out3: t_Array u8 (sz 840))
-        ->
-        let tmp0, tmp1, tmp2, tmp3, tmp4:(t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-          t_Array u8 (sz 840) &
-          t_Array u8 (sz 840)) =
-          squeeze_first_five_blocks self out0 out1 out2 out3
-        in
-        let self:t_Shake128x4 = tmp0 in
-        let out0:t_Array u8 (sz 840) = tmp1 in
-        let out1:t_Array u8 (sz 840) = tmp2 in
-        let out2:t_Array u8 (sz 840) = tmp3 in
-        let out3:t_Array u8 (sz 840) = tmp4 in
-        let _:Prims.unit = () in
-        self, out0, out1, out2, out3
-        <:
-        (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-          t_Array u8 (sz 840)));
-    f_squeeze_next_block_pre = (fun (self: t_Shake128x4) -> true);
-    f_squeeze_next_block_post
-    =
-    (fun
-        (self: t_Shake128x4)
-        (out5:
-          (t_Shake128x4 &
-            (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-        )
-        ->
-        true);
-    f_squeeze_next_block
-    =
-    fun (self: t_Shake128x4) ->
-      let tmp0, out4:(t_Shake128x4 &
-        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) =
-        squeeze_next_block self
-      in
-      let self:t_Shake128x4 = tmp0 in
-      let hax_temp_output:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) &
-        t_Array u8 (sz 168)) =
-        out4
-      in
-      self, hax_temp_output
-      <:
-      (t_Shake128x4 &
-        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-  }
-
 val squeeze_next_block_shake256 (state: t_Shake256)
     : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256 =
-  {
-    f_shake256_pre
-    =
-    (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> true);
-    f_shake256_post
-    =
-    (fun
-        (v_OUTPUT_LENGTH: usize)
-        (input: t_Slice u8)
-        (out: t_Array u8 v_OUTPUT_LENGTH)
-        (out1: t_Array u8 v_OUTPUT_LENGTH)
-        ->
-        true);
-    f_shake256
-    =
-    (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) ->
-        let hax_temp_output, out:(Prims.unit & t_Array u8 v_OUTPUT_LENGTH) =
-          (), shake256 v_OUTPUT_LENGTH input out <: (Prims.unit & t_Array u8 v_OUTPUT_LENGTH)
-        in
-        out);
-    f_init_absorb_pre = (fun (input: t_Slice u8) -> true);
-    f_init_absorb_post = (fun (input: t_Slice u8) (out: t_Shake256) -> true);
-    f_init_absorb = (fun (input: t_Slice u8) -> init_absorb_shake256 input);
-    f_squeeze_first_block_pre = (fun (self: t_Shake256) -> true);
-    f_squeeze_first_block_post
-    =
-    (fun (self: t_Shake256) (out2: (t_Shake256 & t_Array u8 (sz 136))) -> true);
-    f_squeeze_first_block
-    =
-    (fun (self: t_Shake256) ->
-        let tmp0, out1:(t_Shake256 & t_Array u8 (sz 136)) = squeeze_first_block_shake256 self in
-        let self:t_Shake256 = tmp0 in
-        let hax_temp_output:t_Array u8 (sz 136) = out1 in
-        self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136)));
-    f_squeeze_next_block_pre = (fun (self: t_Shake256) -> true);
-    f_squeeze_next_block_post
-    =
-    (fun (self: t_Shake256) (out2: (t_Shake256 & t_Array u8 (sz 136))) -> true);
-    f_squeeze_next_block
-    =
-    fun (self: t_Shake256) ->
-      let tmp0, out1:(t_Shake256 & t_Array u8 (sz 136)) = squeeze_next_block_shake256 self in
-      let self:t_Shake256 = tmp0 in
-      let hax_temp_output:t_Array u8 (sz 136) = out1 in
-      self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136))
-  }
-
 val squeeze_next_block_x4 (state: t_Shake256x4)
     : Prims.Pure
       (t_Shake256x4 &
         (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
       Prims.l_True
       (fun _ -> Prims.l_True)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 =
-  {
-    f_init_absorb_x4_pre
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true
-    );
-    f_init_absorb_x4_post
-    =
-    (fun
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out: t_Shake256x4)
-        ->
-        true);
-    f_init_absorb_x4
-    =
-    (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) ->
-        init_absorb_x4 input0 input1 input2 input3);
-    f_squeeze_first_block_x4_pre = (fun (self: t_Shake256x4) -> true);
-    f_squeeze_first_block_x4_post
-    =
-    (fun
-        (self: t_Shake256x4)
-        (out5:
-          (t_Shake256x4 &
-            (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
-        )
-        ->
-        true);
-    f_squeeze_first_block_x4
-    =
-    (fun (self: t_Shake256x4) ->
-        let tmp0, out4:(t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) =
-          squeeze_first_block_x4 self
-        in
-        let self:t_Shake256x4 = tmp0 in
-        let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) &
-          t_Array u8 (sz 136)) =
-          out4
-        in
-        self, hax_temp_output
-        <:
-        (t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))));
-    f_squeeze_next_block_x4_pre = (fun (self: t_Shake256x4) -> true);
-    f_squeeze_next_block_x4_post
-    =
-    (fun
-        (self: t_Shake256x4)
-        (out5:
-          (t_Shake256x4 &
-            (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
-        )
-        ->
-        true);
-    f_squeeze_next_block_x4
-    =
-    (fun (self: t_Shake256x4) ->
-        let tmp0, out4:(t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) =
-          squeeze_next_block_x4 self
-        in
-        let self:t_Shake256x4 = tmp0 in
-        let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) &
-          t_Array u8 (sz 136)) =
-          out4
-        in
-        self, hax_temp_output
-        <:
-        (t_Shake256x4 &
-          (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))));
-    f_shake256_x4_pre
-    =
-    (fun
-        (v_OUT_LEN: usize)
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out0: t_Array u8 v_OUT_LEN)
-        (out1: t_Array u8 v_OUT_LEN)
-        (out2: t_Array u8 v_OUT_LEN)
-        (out3: t_Array u8 v_OUT_LEN)
-        ->
-        true);
-    f_shake256_x4_post
-    =
-    (fun
-        (v_OUT_LEN: usize)
-        (input0: t_Slice u8)
-        (input1: t_Slice u8)
-        (input2: t_Slice u8)
-        (input3: t_Slice u8)
-        (out0: t_Array u8 v_OUT_LEN)
-        (out1: t_Array u8 v_OUT_LEN)
-        (out2: t_Array u8 v_OUT_LEN)
-        (out3: t_Array u8 v_OUT_LEN)
-        (out4:
-          (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN
-          ))
-        ->
-        true);
-    f_shake256_x4
-    =
-    fun
-      (v_OUT_LEN: usize)
-      (input0: t_Slice u8)
-      (input1: t_Slice u8)
-      (input2: t_Slice u8)
-      (input3: t_Slice u8)
-      (out0: t_Array u8 v_OUT_LEN)
-      (out1: t_Array u8 v_OUT_LEN)
-      (out2: t_Array u8 v_OUT_LEN)
-      (out3: t_Array u8 v_OUT_LEN)
-      ->
-      let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN &
-        t_Array u8 v_OUT_LEN) =
-        shake256_x4 v_OUT_LEN input0 input1 input2 input3 out0 out1 out2 out3
-      in
-      let out0:t_Array u8 v_OUT_LEN = tmp0 in
-      let out1:t_Array u8 v_OUT_LEN = tmp1 in
-      let out2:t_Array u8 v_OUT_LEN = tmp2 in
-      let out3:t_Array u8 v_OUT_LEN = tmp3 in
-      let _:Prims.unit = () in
-      out0, out1, out2, out3
-      <:
-      (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN)
-  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst
index c8f3084d4..839ac9c79 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst
@@ -28,3 +28,62 @@ let impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Arr
 
 let t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) =
   match x with | DomainSeparationError_ContextTooLongError  -> isz 0
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_2: Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError =
+  {
+    f_from_pre = (fun (e: t_DomainSeparationError) -> true);
+    f_from_post
+    =
+    (fun (e: t_DomainSeparationError) (out: Libcrux_ml_dsa.Types.t_SigningError) -> true);
+    f_from
+    =
+    fun (e: t_DomainSeparationError) ->
+      match e with
+      | DomainSeparationError_ContextTooLongError  ->
+        Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_3: Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_DomainSeparationError =
+  {
+    f_from_pre = (fun (e: t_DomainSeparationError) -> true);
+    f_from_post
+    =
+    (fun (e: t_DomainSeparationError) (out: Libcrux_ml_dsa.Types.t_VerificationError) -> true);
+    f_from
+    =
+    fun (e: t_DomainSeparationError) ->
+      match e with
+      | DomainSeparationError_ContextTooLongError  ->
+        Libcrux_ml_dsa.Types.VerificationError_ContextTooLongError
+        <:
+        Libcrux_ml_dsa.Types.t_VerificationError
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: t_PreHash t_SHAKE128_PH (sz 256) =
+  {
+    f_oid_pre = (fun (_: Prims.unit) -> true);
+    f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (sz 11)) -> true);
+    f_oid
+    =
+    (fun (_: Prims.unit) ->
+        let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11);
+        Rust_primitives.Hax.array_of_list 11 list);
+    f_hash_pre = (fun (message: t_Slice u8) -> true);
+    f_hash_post = (fun (message: t_Slice u8) (out: t_Array u8 (sz 256)) -> true);
+    f_hash
+    =
+    fun (message: t_Slice u8) ->
+      let output:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in
+      let output:t_Array u8 (sz 256) =
+        Libcrux_ml_dsa.Hash_functions.Shake128.f_shake128 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
+          #FStar.Tactics.Typeclasses.solve
+          (sz 256)
+          message
+          output
+      in
+      output
+  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti
index 2e097f642..2dc40559b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti
@@ -54,60 +54,10 @@ type t_SHAKE128_PH = | SHAKE128_PH : t_SHAKE128_PH
 let v_PRE_HASH_OID_LEN: usize = sz 11
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2: Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError =
-  {
-    f_from_pre = (fun (e: t_DomainSeparationError) -> true);
-    f_from_post
-    =
-    (fun (e: t_DomainSeparationError) (out: Libcrux_ml_dsa.Types.t_SigningError) -> true);
-    f_from
-    =
-    fun (e: t_DomainSeparationError) ->
-      match e with
-      | DomainSeparationError_ContextTooLongError  ->
-        Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError
-  }
+val impl_2:Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3: Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_DomainSeparationError =
-  {
-    f_from_pre = (fun (e: t_DomainSeparationError) -> true);
-    f_from_post
-    =
-    (fun (e: t_DomainSeparationError) (out: Libcrux_ml_dsa.Types.t_VerificationError) -> true);
-    f_from
-    =
-    fun (e: t_DomainSeparationError) ->
-      match e with
-      | DomainSeparationError_ContextTooLongError  ->
-        Libcrux_ml_dsa.Types.VerificationError_ContextTooLongError
-        <:
-        Libcrux_ml_dsa.Types.t_VerificationError
-  }
+val impl_3:Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_DomainSeparationError
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: t_PreHash t_SHAKE128_PH (sz 256) =
-  {
-    f_oid_pre = (fun (_: Prims.unit) -> true);
-    f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (sz 11)) -> true);
-    f_oid
-    =
-    (fun (_: Prims.unit) ->
-        let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in
-        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11);
-        Rust_primitives.Hax.array_of_list 11 list);
-    f_hash_pre = (fun (message: t_Slice u8) -> true);
-    f_hash_post = (fun (message: t_Slice u8) (out: t_Array u8 (sz 256)) -> true);
-    f_hash
-    =
-    fun (message: t_Slice u8) ->
-      let output:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in
-      let output:t_Array u8 (sz 256) =
-        Libcrux_ml_dsa.Hash_functions.Shake128.f_shake128 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
-          #FStar.Tactics.Typeclasses.solve
-          (sz 256)
-          message
-          output
-      in
-      output
-  }
+val impl:t_PreHash t_SHAKE128_PH (sz 256)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
index 548a6a706..36529cba7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
@@ -3,6 +3,19 @@ module Libcrux_ml_dsa.Simd.Avx2.Vector_type
 open Core
 open FStar.Mul
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Core.Convert.t_From t_AVX2SIMDUnit Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+  {
+    f_from_pre = (fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) -> true);
+    f_from_post
+    =
+    (fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_AVX2SIMDUnit) -> true);
+    f_from
+    =
+    fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) ->
+      { f_coefficients = coefficients } <: t_AVX2SIMDUnit
+  }
+
 let v_ZERO (_: Prims.unit) =
   Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
     #t_AVX2SIMDUnit
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
index ec092f8da..94b3d91c9 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
@@ -6,17 +6,7 @@ open FStar.Mul
 type t_AVX2SIMDUnit = { f_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Core.Convert.t_From t_AVX2SIMDUnit Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-  {
-    f_from_pre = (fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) -> true);
-    f_from_post
-    =
-    (fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_AVX2SIMDUnit) -> true);
-    f_from
-    =
-    fun (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) ->
-      { f_coefficients = coefficients } <: t_AVX2SIMDUnit
-  }
+val impl:Core.Convert.t_From t_AVX2SIMDUnit Libcrux_intrinsics.Avx2_extract.t_Vec256
 
 val v_ZERO: Prims.unit -> Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims.l_True)
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti
index d14d3a5c7..708395ec3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti
@@ -10,637 +10,4 @@ let _ =
   ()
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations
-Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    f_ZERO_pre = (fun (_: Prims.unit) -> true);
-    f_ZERO_post
-    =
-    (fun (_: Prims.unit) (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_dsa.Simd.Avx2.Vector_type.v_ZERO ());
-    f_from_coefficient_array_pre = (fun (coefficient_array: t_Slice i32) -> true);
-    f_from_coefficient_array_post
-    =
-    (fun
-        (coefficient_array: t_Slice i32)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_from_coefficient_array
-    =
-    (fun (coefficient_array: t_Slice i32) ->
-        Libcrux_ml_dsa.Simd.Avx2.Vector_type.from_coefficient_array coefficient_array);
-    f_to_coefficient_array_pre
-    =
-    (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_to_coefficient_array_post
-    =
-    (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (out: t_Array i32 (sz 8)) ->
-        true);
-    f_to_coefficient_array
-    =
-    (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Vector_type.to_coefficient_array self);
-    f_add_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_add_post
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_add
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lhs
-                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_subtract_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_subtract_post
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_subtract
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract lhs
-                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_montgomery_multiply_by_constant_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (constant: i32) -> true);
-    f_montgomery_multiply_by_constant_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (constant: i32)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_montgomery_multiply_by_constant
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (constant: i32) ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply_by_constant simd_unit
-                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              constant
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_montgomery_multiply_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_montgomery_multiply_post
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_montgomery_multiply
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply lhs
-                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_shift_left_then_reduce_pre
-    =
-    (fun (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_shift_left_then_reduce_post
-    =
-    (fun
-        (v_SHIFT_BY: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_shift_left_then_reduce
-    =
-    (fun (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.shift_left_then_reduce v_SHIFT_BY
-              simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_power2round_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_power2round_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out:
-          (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
-            Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit))
-        ->
-        true);
-    f_power2round
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        let lower, upper:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
-          Libcrux_intrinsics.Avx2_extract.t_Vec256) =
-          Libcrux_ml_dsa.Simd.Avx2.Arithmetic.power2round simd_unit
-              .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-        in
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          lower,
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          upper
-        <:
-        (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
-          Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
-    f_infinity_norm_exceeds_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (bound: i32) -> true);
-    f_infinity_norm_exceeds_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (bound: i32)
-        (out: bool)
-        ->
-        true);
-    f_infinity_norm_exceeds
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (bound: i32) ->
-        Libcrux_ml_dsa.Simd.Avx2.Arithmetic.infinity_norm_exceeds simd_unit
-            .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-          bound);
-    f_decompose_pre
-    =
-    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_decompose_post
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out:
-          (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
-            Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit))
-        ->
-        true);
-    f_decompose
-    =
-    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        let lower, upper:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
-          Libcrux_intrinsics.Avx2_extract.t_Vec256) =
-          Libcrux_ml_dsa.Simd.Avx2.Arithmetic.decompose v_GAMMA2
-            simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-        in
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          lower,
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          upper
-        <:
-        (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
-          Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
-    f_compute_hint_pre
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_compute_hint_post
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: (usize & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit))
-        ->
-        true);
-    f_compute_hint
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        let count, hint:(usize & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
-          Libcrux_ml_dsa.Simd.Avx2.Arithmetic.compute_hint v_GAMMA2
-            low.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            high.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-        in
-        count,
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          hint
-        <:
-        (usize & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
-    f_use_hint_pre
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_use_hint_post
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_use_hint
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.use_hint v_GAMMA2
-              simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              hint.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_rejection_sample_less_than_field_modulus_pre
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
-    f_rejection_sample_less_than_field_modulus_post
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
-    f_rejection_sample_less_than_field_modulus
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
-        let tmp0, out1:(t_Slice i32 & usize) =
-          Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.sample randomness out
-        in
-        let out:t_Slice i32 = tmp0 in
-        let hax_temp_output:usize = out1 in
-        out, hax_temp_output <: (t_Slice i32 & usize));
-    f_rejection_sample_less_than_eta_equals_2_pre
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
-    f_rejection_sample_less_than_eta_equals_2_post
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
-    f_rejection_sample_less_than_eta_equals_2_
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
-        let tmp0, out1:(t_Slice i32 & usize) =
-          Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 2) randomness out
-        in
-        let out:t_Slice i32 = tmp0 in
-        let hax_temp_output:usize = out1 in
-        out, hax_temp_output <: (t_Slice i32 & usize));
-    f_rejection_sample_less_than_eta_equals_4_pre
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
-    f_rejection_sample_less_than_eta_equals_4_post
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
-    f_rejection_sample_less_than_eta_equals_4_
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
-        let tmp0, out1:(t_Slice i32 & usize) =
-          Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 4) randomness out
-        in
-        let out:t_Slice i32 = tmp0 in
-        let hax_temp_output:usize = out1 in
-        out, hax_temp_output <: (t_Slice i32 & usize));
-    f_gamma1_serialize_pre
-    =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        true);
-    f_gamma1_serialize_post
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
-        ->
-        true);
-    f_gamma1_serialize
-    =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.serialize v_OUTPUT_SIZE
-          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
-    f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true);
-    f_gamma1_deserialize_post
-    =
-    (fun
-        (v_GAMMA1_EXPONENT: usize)
-        (serialized: t_Slice u8)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_gamma1_deserialize
-    =
-    (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_commitment_serialize_pre
-    =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        true);
-    f_commitment_serialize_post
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
-        ->
-        true);
-    f_commitment_serialize
-    =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.serialize v_OUTPUT_SIZE
-          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
-    f_error_serialize_pre
-    =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        true);
-    f_error_serialize_post
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
-        ->
-        true);
-    f_error_serialize
-    =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.serialize v_OUTPUT_SIZE
-          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
-    f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true);
-    f_error_deserialize_post
-    =
-    (fun
-        (v_ETA: usize)
-        (serialized: t_Slice u8)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_error_deserialize
-    =
-    (fun (v_ETA: usize) (serialized: t_Slice u8) ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize v_ETA serialized
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_t0_serialize_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_t0_serialize_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 (sz 13))
-        ->
-        true);
-    f_t0_serialize
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.serialize simd_unit
-            .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
-    f_t0_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
-    f_t0_deserialize_post
-    =
-    (fun (serialized: t_Slice u8) (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true
-    );
-    f_t0_deserialize
-    =
-    (fun (serialized: t_Slice u8) ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.deserialize serialized
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_t1_serialize_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
-    f_t1_serialize_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 (sz 10))
-        ->
-        true);
-    f_t1_serialize
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.serialize simd_unit
-            .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
-    f_t1_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
-    f_t1_deserialize_post
-    =
-    (fun (serialized: t_Slice u8) (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true
-    );
-    f_t1_deserialize
-    =
-    (fun (serialized: t_Slice u8) ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.deserialize serialized
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_ntt_pre
-    =
-    (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> true);
-    f_ntt_post
-    =
-    (fun
-        (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32))
-        (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32))
-        ->
-        true);
-    f_ntt
-    =
-    (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) ->
-        let result:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
-          Libcrux_ml_dsa.Simd.Avx2.Ntt.ntt (Core.Array.impl_23__map #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-                (sz 32)
-                #Libcrux_intrinsics.Avx2_extract.t_Vec256
-                simd_units
-                (fun x ->
-                    let x:Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = x in
-                    x.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients)
-              <:
-              t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
-        in
-        Core.Array.impl_23__map #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          (sz 32)
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          result
-          (fun x ->
-              let x:Libcrux_intrinsics.Avx2_extract.t_Vec256 = x in
-              Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-                #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-                #FStar.Tactics.Typeclasses.solve
-                x
-              <:
-              Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
-    f_invert_ntt_at_layer_0_pre
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (zeta2: i32)
-        (zeta3: i32)
-        ->
-        true);
-    f_invert_ntt_at_layer_0_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (zeta2: i32)
-        (zeta3: i32)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_invert_ntt_at_layer_0_
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (zeta2: i32)
-        (zeta3: i32)
-        ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Ntt.invert_ntt_at_layer_0_ simd_unit
-                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              zeta0
-              zeta1
-              zeta2
-              zeta3
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_invert_ntt_at_layer_1_pre
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        ->
-        true);
-    f_invert_ntt_at_layer_1_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_invert_ntt_at_layer_1_
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        ->
-        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-          #FStar.Tactics.Typeclasses.solve
-          (Libcrux_ml_dsa.Simd.Avx2.Ntt.invert_ntt_at_layer_1_ simd_unit
-                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-              zeta0
-              zeta1
-            <:
-            Libcrux_intrinsics.Avx2_extract.t_Vec256));
-    f_invert_ntt_at_layer_2_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (zeta: i32) -> true);
-    f_invert_ntt_at_layer_2_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (zeta: i32)
-        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        ->
-        true);
-    f_invert_ntt_at_layer_2_
-    =
-    fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (zeta: i32) ->
-      Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
-        #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-        #FStar.Tactics.Typeclasses.solve
-        (Libcrux_ml_dsa.Simd.Avx2.Ntt.invert_ntt_at_layer_2_ simd_unit
-              .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
-            zeta
-          <:
-          Libcrux_intrinsics.Avx2_extract.t_Vec256)
-  }
+val impl:Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti
index 4b05f75c3..c3bcf3d6d 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti
@@ -10,523 +10,5 @@ let _ =
   ()
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations
-Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    f_ZERO_pre = (fun (_: Prims.unit) -> true);
-    f_ZERO_post
-    =
-    (fun (_: Prims.unit) (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
-    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_dsa.Simd.Portable.Vector_type.v_ZERO ());
-    f_from_coefficient_array_pre = (fun (array: t_Slice i32) -> true);
-    f_from_coefficient_array_post
-    =
-    (fun (array: t_Slice i32) (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        true);
-    f_from_coefficient_array
-    =
-    (fun (array: t_Slice i32) ->
-        Libcrux_ml_dsa.Simd.Portable.Vector_type.from_coefficient_array array);
-    f_to_coefficient_array_pre
-    =
-    (fun (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
-    f_to_coefficient_array_post
-    =
-    (fun
-        (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array i32 (sz 8))
-        ->
-        true);
-    f_to_coefficient_array
-    =
-    (fun (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Portable.Vector_type.to_coefficient_array self);
-    f_add_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_add_post
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_add
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.add lhs rhs);
-    f_subtract_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_subtract_post
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_subtract
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract lhs rhs);
-    f_montgomery_multiply_by_constant_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (c: i32) -> true);
-    f_montgomery_multiply_by_constant_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (c: i32)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_montgomery_multiply_by_constant
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (c: i32) ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant simd_unit c);
-    f_montgomery_multiply_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_montgomery_multiply_post
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_montgomery_multiply
-    =
-    (fun
-        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply lhs rhs);
-    f_shift_left_then_reduce_pre
-    =
-    (fun
-        (v_SHIFT_BY: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_shift_left_then_reduce_post
-    =
-    (fun
-        (v_SHIFT_BY: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_shift_left_then_reduce
-    =
-    (fun
-        (v_SHIFT_BY: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.shift_left_then_reduce v_SHIFT_BY simd_unit);
-    f_power2round_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
-    f_power2round_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out:
-          (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit &
-            Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit))
-        ->
-        true);
-    f_power2round
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.power2round simd_unit);
-    f_infinity_norm_exceeds_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (bound: i32) ->
-        true);
-    f_infinity_norm_exceeds_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (bound: i32)
-        (out: bool)
-        ->
-        true);
-    f_infinity_norm_exceeds
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (bound: i32) ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.infinity_norm_exceeds simd_unit bound);
-    f_decompose_pre
-    =
-    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        true);
-    f_decompose_post
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out:
-          (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit &
-            Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit))
-        ->
-        true);
-    f_decompose
-    =
-    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.decompose v_GAMMA2 simd_unit);
-    f_compute_hint_pre
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_compute_hint_post
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: (usize & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit))
-        ->
-        true);
-    f_compute_hint
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.compute_hint v_GAMMA2 low high);
-    f_use_hint_pre
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_use_hint_post
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_use_hint
-    =
-    (fun
-        (v_GAMMA2: i32)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Arithmetic.use_hint v_GAMMA2 simd_unit hint);
-    f_rejection_sample_less_than_field_modulus_pre
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
-    f_rejection_sample_less_than_field_modulus_post
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
-    f_rejection_sample_less_than_field_modulus
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
-        let tmp0, out1:(t_Slice i32 & usize) =
-          Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_field_modulus randomness
-            out
-        in
-        let out:t_Slice i32 = tmp0 in
-        let hax_temp_output:usize = out1 in
-        out, hax_temp_output <: (t_Slice i32 & usize));
-    f_rejection_sample_less_than_eta_equals_2_pre
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
-    f_rejection_sample_less_than_eta_equals_2_post
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
-    f_rejection_sample_less_than_eta_equals_2_
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
-        let tmp0, out1:(t_Slice i32 & usize) =
-          Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_eta_equals_2_ randomness
-            out
-        in
-        let out:t_Slice i32 = tmp0 in
-        let hax_temp_output:usize = out1 in
-        out, hax_temp_output <: (t_Slice i32 & usize));
-    f_rejection_sample_less_than_eta_equals_4_pre
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
-    f_rejection_sample_less_than_eta_equals_4_post
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
-    f_rejection_sample_less_than_eta_equals_4_
-    =
-    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
-        let tmp0, out1:(t_Slice i32 & usize) =
-          Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_eta_equals_4_ randomness
-            out
-        in
-        let out:t_Slice i32 = tmp0 in
-        let hax_temp_output:usize = out1 in
-        out, hax_temp_output <: (t_Slice i32 & usize));
-    f_gamma1_serialize_pre
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_gamma1_serialize_post
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
-        ->
-        true);
-    f_gamma1_serialize
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.serialize v_OUTPUT_SIZE simd_unit);
-    f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true);
-    f_gamma1_deserialize_post
-    =
-    (fun
-        (v_GAMMA1_EXPONENT: usize)
-        (serialized: t_Slice u8)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_gamma1_deserialize
-    =
-    (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized);
-    f_commitment_serialize_pre
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_commitment_serialize_post
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
-        ->
-        true);
-    f_commitment_serialize
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.serialize v_OUTPUT_SIZE simd_unit);
-    f_error_serialize_pre
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_error_serialize_post
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
-        ->
-        true);
-    f_error_serialize
-    =
-    (fun
-        (v_OUTPUT_SIZE: usize)
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Error.serialize v_OUTPUT_SIZE simd_unit);
-    f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true);
-    f_error_deserialize_post
-    =
-    (fun
-        (v_ETA: usize)
-        (serialized: t_Slice u8)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_error_deserialize
-    =
-    (fun (v_ETA: usize) (serialized: t_Slice u8) ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Error.deserialize v_ETA serialized);
-    f_t0_serialize_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
-    f_t0_serialize_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 (sz 13))
-        ->
-        true);
-    f_t0_serialize
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.T0.serialize simd_unit);
-    f_t0_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
-    f_t0_deserialize_post
-    =
-    (fun
-        (serialized: t_Slice u8)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_t0_deserialize
-    =
-    (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T0.deserialize serialized
-    );
-    f_t1_serialize_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
-    f_t1_serialize_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 (sz 10))
-        ->
-        true);
-    f_t1_serialize
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.T1.serialize simd_unit);
-    f_t1_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
-    f_t1_deserialize_post
-    =
-    (fun
-        (serialized: t_Slice u8)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_t1_deserialize
-    =
-    (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T1.deserialize serialized
-    );
-    f_ntt_pre
-    =
-    (fun
-        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
-        ->
-        true);
-    f_ntt_post
-    =
-    (fun
-        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
-        (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
-        ->
-        true);
-    f_ntt
-    =
-    (fun
-        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Ntt.ntt simd_units);
-    f_invert_ntt_at_layer_0_pre
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (zeta2: i32)
-        (zeta3: i32)
-        ->
-        true);
-    f_invert_ntt_at_layer_0_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (zeta2: i32)
-        (zeta3: i32)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_invert_ntt_at_layer_0_
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (zeta2: i32)
-        (zeta3: i32)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_0_ simd_unit zeta0 zeta1 zeta2 zeta3);
-    f_invert_ntt_at_layer_1_pre
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        ->
-        true);
-    f_invert_ntt_at_layer_1_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_invert_ntt_at_layer_1_
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta0: i32)
-        (zeta1: i32)
-        ->
-        Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_1_ simd_unit zeta0 zeta1);
-    f_invert_ntt_at_layer_2_pre
-    =
-    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (zeta: i32) ->
-        true);
-    f_invert_ntt_at_layer_2_post
-    =
-    (fun
-        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (zeta: i32)
-        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        ->
-        true);
-    f_invert_ntt_at_layer_2_
-    =
-    fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (zeta: i32) ->
-      Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_2_ simd_unit zeta
-  }
+val impl:Libcrux_ml_dsa.Simd.Traits.t_Operations
+Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
index ac3f1d25d..336b75faa 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
@@ -8,6 +8,9 @@ open FStar.Mul
 /// All other functions don\'t actually use any members.
 val t_Simd256Hash:Type0
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K
+
 val v_G (input: t_Slice u8)
     : Prims.Pure (t_Array u8 (sz 64))
       Prims.l_True
@@ -52,69 +55,3 @@ val shake128_squeeze_next_block (v_K: usize) (st: t_Simd256Hash)
     : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)
       Prims.l_True
       (fun _ -> Prims.l_True)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K =
-  {
-    f_G_pre = (fun (input: t_Slice u8) -> true);
-    f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> out == Spec.Utils.v_G input);
-    f_G = (fun (input: t_Slice u8) -> v_G input);
-    f_H_pre = (fun (input: t_Slice u8) -> true);
-    f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> out == Spec.Utils.v_H input);
-    f_H = (fun (input: t_Slice u8) -> v_H input);
-    f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> v v_LEN < pow2 32);
-    f_PRF_post
-    =
-    (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) ->
-        v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input);
-    f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input);
-    f_PRFxN_pre
-    =
-    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) ->
-        v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4));
-    f_PRFxN_post
-    =
-    (fun
-        (v_LEN: usize)
-        (input: t_Array (t_Array u8 (sz 33)) v_K)
-        (out: t_Array (t_Array u8 v_LEN) v_K)
-        ->
-        (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
-        out == Spec.Utils.v_PRFxN v_K v_LEN input);
-    f_PRFxN
-    =
-    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input);
-    f_shake128_init_absorb_final_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true);
-    f_shake128_init_absorb_final_post
-    =
-    (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_Simd256Hash) -> true);
-    f_shake128_init_absorb_final
-    =
-    (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb_final v_K input);
-    f_shake128_squeeze_first_three_blocks_pre = (fun (self: t_Simd256Hash) -> true);
-    f_shake128_squeeze_first_three_blocks_post
-    =
-    (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true);
-    f_shake128_squeeze_first_three_blocks
-    =
-    (fun (self: t_Simd256Hash) ->
-        let tmp0, out:(t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) =
-          shake128_squeeze_first_three_blocks v_K self
-        in
-        let self:t_Simd256Hash = tmp0 in
-        let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in
-        self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K));
-    f_shake128_squeeze_next_block_pre = (fun (self: t_Simd256Hash) -> true);
-    f_shake128_squeeze_next_block_post
-    =
-    (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true);
-    f_shake128_squeeze_next_block
-    =
-    fun (self: t_Simd256Hash) ->
-      let tmp0, out:(t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) =
-        shake128_squeeze_next_block v_K self
-      in
-      let self:t_Simd256Hash = tmp0 in
-      let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in
-      self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
index 10f31d18f..7b7869c77 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
@@ -8,6 +8,9 @@ open FStar.Mul
 /// All other functions don\'t actually use any members.
 val t_Simd128Hash:Type0
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K
+
 val v_G (input: t_Slice u8)
     : Prims.Pure (t_Array u8 (sz 64))
       Prims.l_True
@@ -52,69 +55,3 @@ val shake128_squeeze_next_block (v_K: usize) (st: t_Simd128Hash)
     : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)
       Prims.l_True
       (fun _ -> Prims.l_True)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K =
-  {
-    f_G_pre = (fun (input: t_Slice u8) -> true);
-    f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> out == Spec.Utils.v_G input);
-    f_G = (fun (input: t_Slice u8) -> v_G input);
-    f_H_pre = (fun (input: t_Slice u8) -> true);
-    f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> out == Spec.Utils.v_H input);
-    f_H = (fun (input: t_Slice u8) -> v_H input);
-    f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> v v_LEN < pow2 32);
-    f_PRF_post
-    =
-    (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) ->
-        v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input);
-    f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input);
-    f_PRFxN_pre
-    =
-    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) ->
-        v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4));
-    f_PRFxN_post
-    =
-    (fun
-        (v_LEN: usize)
-        (input: t_Array (t_Array u8 (sz 33)) v_K)
-        (out: t_Array (t_Array u8 v_LEN) v_K)
-        ->
-        (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
-        out == Spec.Utils.v_PRFxN v_K v_LEN input);
-    f_PRFxN
-    =
-    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input);
-    f_shake128_init_absorb_final_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true);
-    f_shake128_init_absorb_final_post
-    =
-    (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_Simd128Hash) -> true);
-    f_shake128_init_absorb_final
-    =
-    (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb_final v_K input);
-    f_shake128_squeeze_first_three_blocks_pre = (fun (self: t_Simd128Hash) -> true);
-    f_shake128_squeeze_first_three_blocks_post
-    =
-    (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true);
-    f_shake128_squeeze_first_three_blocks
-    =
-    (fun (self: t_Simd128Hash) ->
-        let tmp0, out:(t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) =
-          shake128_squeeze_first_three_blocks v_K self
-        in
-        let self:t_Simd128Hash = tmp0 in
-        let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in
-        self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K));
-    f_shake128_squeeze_next_block_pre = (fun (self: t_Simd128Hash) -> true);
-    f_shake128_squeeze_next_block_post
-    =
-    (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true);
-    f_shake128_squeeze_next_block
-    =
-    fun (self: t_Simd128Hash) ->
-      let tmp0, out:(t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) =
-        shake128_squeeze_next_block v_K self
-      in
-      let self:t_Simd128Hash = tmp0 in
-      let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in
-      self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
index 34b92577f..37255d0af 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
@@ -8,6 +8,9 @@ open FStar.Mul
 /// All other functions don\'t actually use any members.
 val t_PortableHash (v_K: usize) : Type0
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K) v_K
+
 val v_G (input: t_Slice u8)
     : Prims.Pure (t_Array u8 (sz 64))
       Prims.l_True
@@ -52,77 +55,3 @@ val shake128_squeeze_next_block (v_K: usize) (st: t_PortableHash v_K)
     : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K)
       Prims.l_True
       (fun _ -> Prims.l_True)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K) v_K =
-  {
-    f_G_pre = (fun (input: t_Slice u8) -> true);
-    f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> out == Spec.Utils.v_G input);
-    f_G = (fun (input: t_Slice u8) -> v_G input);
-    f_H_pre = (fun (input: t_Slice u8) -> true);
-    f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> out == Spec.Utils.v_H input);
-    f_H = (fun (input: t_Slice u8) -> v_H input);
-    f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> v v_LEN < pow2 32);
-    f_PRF_post
-    =
-    (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) ->
-        v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input);
-    f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input);
-    f_PRFxN_pre
-    =
-    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) ->
-        v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4));
-    f_PRFxN_post
-    =
-    (fun
-        (v_LEN: usize)
-        (input: t_Array (t_Array u8 (sz 33)) v_K)
-        (out: t_Array (t_Array u8 v_LEN) v_K)
-        ->
-        (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==>
-        out == Spec.Utils.v_PRFxN v_K v_LEN input);
-    f_PRFxN
-    =
-    (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input);
-    f_shake128_init_absorb_final_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true);
-    f_shake128_init_absorb_final_post
-    =
-    (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_PortableHash v_K) -> true);
-    f_shake128_init_absorb_final
-    =
-    (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb_final v_K input);
-    f_shake128_squeeze_first_three_blocks_pre = (fun (self: t_PortableHash v_K) -> true);
-    f_shake128_squeeze_first_three_blocks_post
-    =
-    (fun
-        (self: t_PortableHash v_K)
-        (out1: (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K))
-        ->
-        true);
-    f_shake128_squeeze_first_three_blocks
-    =
-    (fun (self: t_PortableHash v_K) ->
-        let tmp0, out:(t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) =
-          shake128_squeeze_first_three_blocks v_K self
-        in
-        let self:t_PortableHash v_K = tmp0 in
-        let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in
-        self, hax_temp_output <: (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K));
-    f_shake128_squeeze_next_block_pre = (fun (self: t_PortableHash v_K) -> true);
-    f_shake128_squeeze_next_block_post
-    =
-    (fun
-        (self: t_PortableHash v_K)
-        (out1: (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K))
-        ->
-        true);
-    f_shake128_squeeze_next_block
-    =
-    fun (self: t_PortableHash v_K) ->
-      let tmp0, out:(t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) =
-        shake128_squeeze_next_block v_K self
-      in
-      let self:t_PortableHash v_K = tmp0 in
-      let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in
-      self, hax_temp_output <: (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K)
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index e892e21b1..5884e27b4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -142,6 +142,71 @@ let transpose_a
 
 #pop-options
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+    : Core.Default.t_Default (t_MlKemPublicKeyUnpacked v_K v_Vector) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKeyUnpacked v_K v_Vector) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      {
+        f_ind_cpa_public_key
+        =
+        Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K
+              v_Vector)
+          #FStar.Tactics.Typeclasses.solve
+          ();
+        f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32)
+      }
+      <:
+      t_MlKemPublicKeyUnpacked v_K v_Vector
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+    : Core.Default.t_Default (t_MlKemKeyPairUnpacked v_K v_Vector) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemKeyPairUnpacked v_K v_Vector) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      {
+        f_private_key
+        =
+        {
+          f_ind_cpa_private_key
+          =
+          Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K
+                v_Vector)
+            #FStar.Tactics.Typeclasses.solve
+            ();
+          f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32)
+        }
+        <:
+        t_MlKemPrivateKeyUnpacked v_K v_Vector;
+        f_public_key
+        =
+        Core.Default.f_default #(t_MlKemPublicKeyUnpacked v_K v_Vector)
+          #FStar.Tactics.Typeclasses.solve
+          ()
+      }
+      <:
+      t_MlKemKeyPairUnpacked v_K v_Vector
+  }
+
 let impl_4__new
       (v_K: usize)
       (#v_Vector: Type0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index db412286b..bb95e789b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -84,69 +84,18 @@ val transpose_a
                 Seq.index (Seq.index result i) j == Seq.index (Seq.index ind_cpa_a j) i))
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl
+val impl
       (v_K: usize)
       (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-    : Core.Default.t_Default (t_MlKemPublicKeyUnpacked v_K v_Vector) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKeyUnpacked v_K v_Vector) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      {
-        f_ind_cpa_public_key
-        =
-        Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K
-              v_Vector)
-          #FStar.Tactics.Typeclasses.solve
-          ();
-        f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32)
-      }
-      <:
-      t_MlKemPublicKeyUnpacked v_K v_Vector
-  }
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Default.t_Default (t_MlKemPublicKeyUnpacked v_K v_Vector)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1
+val impl_1
       (v_K: usize)
       (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-    : Core.Default.t_Default (t_MlKemKeyPairUnpacked v_K v_Vector) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemKeyPairUnpacked v_K v_Vector) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      {
-        f_private_key
-        =
-        {
-          f_ind_cpa_private_key
-          =
-          Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K
-                v_Vector)
-            #FStar.Tactics.Typeclasses.solve
-            ();
-          f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32)
-        }
-        <:
-        t_MlKemPrivateKeyUnpacked v_K v_Vector;
-        f_public_key
-        =
-        Core.Default.f_default #(t_MlKemPublicKeyUnpacked v_K v_Vector)
-          #FStar.Tactics.Typeclasses.solve
-          ()
-      }
-      <:
-      t_MlKemKeyPairUnpacked v_K v_Vector
-  }
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Default.t_Default (t_MlKemKeyPairUnpacked v_K v_Vector)
 
 /// Create a new empty unpacked key pair.
 val impl_4__new:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
index 25587cb96..ef0c39424 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Ind_cpa.Unpacked
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
index 58fcb60a3..d627f74c8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
@@ -24,65 +24,15 @@ type t_IndCpaPublicKeyUnpacked
 }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl
+val impl
       (v_K: usize)
       (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-    : Core.Default.t_Default (t_IndCpaPrivateKeyUnpacked v_K v_Vector) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPrivateKeyUnpacked v_K v_Vector) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      {
-        f_secret_as_ntt
-        =
-        Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          v_K
-      }
-      <:
-      t_IndCpaPrivateKeyUnpacked v_K v_Vector
-  }
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Default.t_Default (t_IndCpaPrivateKeyUnpacked v_K v_Vector)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1
+val impl_1
       (v_K: usize)
       (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-    : Core.Default.t_Default (t_IndCpaPublicKeyUnpacked v_K v_Vector) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPublicKeyUnpacked v_K v_Vector) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      {
-        f_t_as_ntt
-        =
-        Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector ()
-            <:
-            Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-          v_K;
-        f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32);
-        f_A
-        =
-        Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO
-                  #v_Vector
-                  ()
-                <:
-                Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-              v_K
-            <:
-            t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
-          v_K
-      }
-      <:
-      t_IndCpaPublicKeyUnpacked v_K v_Vector
-  }
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Default.t_Default (t_IndCpaPublicKeyUnpacked v_K v_Vector)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index bef66c535..a26d5c21b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -9,10 +9,97 @@ let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemCiphertext v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
+  }
+
 let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPrivateKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
+  }
+
 let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPublicKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
+  }
+
 let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
 
 let impl_21__from
@@ -70,3 +157,60 @@ let impl_21__sk
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
      = impl_13__as_slice v_PRIVATE_KEY_SIZE self.f_sk
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
+    f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true);
+    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_8 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
+    f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true);
+    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_15 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
+    f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true);
+    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 0b3162012..2b5e5a606 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -19,33 +19,13 @@ val impl_20__len: v_SIZE: usize -> Prims.unit
 type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
+val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemCiphertext v_SIZE
-  }
+val impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
-  }
+val impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
@@ -60,33 +40,13 @@ val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
 type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
-  }
+val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPrivateKey v_SIZE
-  }
+val impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
-  }
+val impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
@@ -101,33 +61,13 @@ val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
 type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
-  }
+val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPublicKey v_SIZE
-  }
+val impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
-  }
+val impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
@@ -198,61 +138,22 @@ val impl_21__sk
     : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
-  }
+val impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
-  }
+val impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
-  }
+val impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true);
-    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
-  }
+val impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true);
-    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
+val impl_8 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true);
-    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
+val impl_15 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
index f0a7f7893..90987de0b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
@@ -1,5 +1,5 @@
 module Libcrux_ml_kem.Variant
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
index 6eeb053d6..590a79d4c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
@@ -98,157 +98,4 @@ class t_Variant (v_Self: Type0) = {
 }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: t_Variant t_MlKem =
-  {
-    f_kdf_pre
-    =
-    (fun
-        (v_K: usize)
-        (v_CIPHERTEXT_SIZE: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (shared_secret: t_Slice u8)
-        (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-        ->
-        (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32);
-    f_kdf_post
-    =
-    (fun
-        (v_K: usize)
-        (v_CIPHERTEXT_SIZE: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (shared_secret: t_Slice u8)
-        (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-        (res: t_Array u8 (sz 32))
-        ->
-        res == shared_secret);
-    f_kdf
-    =
-    (fun
-        (v_K: usize)
-        (v_CIPHERTEXT_SIZE: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (shared_secret: t_Slice u8)
-        (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-        ->
-        let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
-        let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in
-        out);
-    f_entropy_preprocess_pre
-    =
-    (fun
-        (v_K: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (randomness: t_Slice u8)
-        ->
-        (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32);
-    f_entropy_preprocess_post
-    =
-    (fun
-        (v_K: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (randomness: t_Slice u8)
-        (res: t_Array u8 (sz 32))
-        ->
-        res == randomness);
-    f_entropy_preprocess
-    =
-    (fun
-        (v_K: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (randomness: t_Slice u8)
-        ->
-        let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
-        let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in
-        out);
-    f_cpa_keygen_seed_pre
-    =
-    (fun
-        (v_K: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (key_generation_seed: t_Slice u8)
-        ->
-        (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32);
-    f_cpa_keygen_seed_post
-    =
-    (fun
-        (v_K: usize)
-        (#v_Hasher: Type0)
-        (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-        (key_generation_seed: t_Slice u8)
-        (res: t_Array u8 (sz 64))
-        ->
-        Seq.length key_generation_seed == 32 ==>
-        res == Spec.Utils.v_G (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8))));
-    f_cpa_keygen_seed
-    =
-    fun
-      (v_K: usize)
-      (#v_Hasher: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-        i4:
-        Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-      (key_generation_seed: t_Slice u8)
-      ->
-      let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in
-      let seed:t_Array u8 (sz 33) =
-        Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed
-          ({
-              Core.Ops.Range.f_start = sz 0;
-              Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
-            }
-            <:
-            Core.Ops.Range.t_Range usize)
-          (Core.Slice.impl__copy_from_slice #u8
-              (seed.[ {
-                    Core.Ops.Range.f_start = sz 0;
-                    Core.Ops.Range.f_end
-                    =
-                    Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
-                  }
-                  <:
-                  Core.Ops.Range.t_Range usize ]
-                <:
-                t_Slice u8)
-              key_generation_seed
-            <:
-            t_Slice u8)
-      in
-      let seed:t_Array u8 (sz 33) =
-        Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed
-          Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
-          (cast (v_K <: usize) <: u8)
-      in
-      let _:Prims.unit =
-        Lib.Sequence.eq_intro #u8
-          #33
-          seed
-          (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8)))
-      in
-      Libcrux_ml_kem.Hash_functions.f_G #v_Hasher
-        #v_K
-        #FStar.Tactics.Typeclasses.solve
-        (seed <: t_Slice u8)
-  }
+val impl:t_Variant t_MlKem
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
index aacde9fa5..29d63bae8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
@@ -31,3 +31,572 @@ let vec_to_i16_array (v: t_SIMD256Vector) =
   let result:t_Array i16 (sz 16) = output in
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    f_repr_pre = (fun (x: t_SIMD256Vector) -> true);
+    f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true);
+    f_repr = fun (x: t_SIMD256Vector) -> vec_to_i16_array x
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve;
+    f_ZERO_pre = (fun (_: Prims.unit) -> true);
+    f_ZERO_post
+    =
+    (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s);
+    f_ZERO = (fun (_: Prims.unit) -> vec_zero ());
+    f_from_i16_array_pre
+    =
+    (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16);
+    f_from_i16_array_post
+    =
+    (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array);
+    f_from_i16_array = (fun (array: t_Slice i16) -> vec_from_i16_array array);
+    f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true);
+    f_to_i16_array_post
+    =
+    (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x);
+    f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x);
+    f_add_pre
+    =
+    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
+        forall i.
+          i < 16 ==>
+          Spec.Utils.is_intb (pow2 15 - 1)
+            (v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i)));
+    f_add_post
+    =
+    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) ->
+        forall i.
+          i < 16 ==>
+          (v (Seq.index (impl.f_repr result) i) ==
+            v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i)));
+    f_add
+    =
+    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.add lhs.f_elements rhs.f_elements }
+        <:
+        t_SIMD256Vector);
+    f_sub_pre
+    =
+    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
+        forall i.
+          i < 16 ==>
+          Spec.Utils.is_intb (pow2 15 - 1)
+            (v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i)));
+    f_sub_post
+    =
+    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) ->
+        forall i.
+          i < 16 ==>
+          (v (Seq.index (impl.f_repr result) i) ==
+            v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i)));
+    f_sub
+    =
+    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.sub lhs.f_elements rhs.f_elements }
+        <:
+        t_SIMD256Vector);
+    f_multiply_by_constant_pre
+    =
+    (fun (vec: t_SIMD256Vector) (c: i16) ->
+        forall i.
+          i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr vec) i) * v c));
+    f_multiply_by_constant_post
+    =
+    (fun (vec: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) ->
+        forall i.
+          i < 16 ==>
+          (v (Seq.index (impl.f_repr result) i) == v (Seq.index (impl.f_repr vec) i) * v c));
+    f_multiply_by_constant
+    =
+    (fun (vec: t_SIMD256Vector) (c: i16) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant vec.f_elements c }
+        <:
+        t_SIMD256Vector);
+    f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true);
+    f_bitwise_and_with_constant_post
+    =
+    (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) ->
+        impl.f_repr out == Spec.Utils.map_array (fun x -> x &. constant) (impl.f_repr vector));
+    f_bitwise_and_with_constant
+    =
+    (fun (vector: t_SIMD256Vector) (constant: i16) ->
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant
+        }
+        <:
+        t_SIMD256Vector);
+    f_shift_right_pre
+    =
+    (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l);
+    f_shift_right_post
+    =
+    (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
+        (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==>
+        impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr vector));
+    f_shift_right
+    =
+    (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) ->
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements
+        }
+        <:
+        t_SIMD256Vector);
+    f_cond_subtract_3329_pre
+    =
+    (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector));
+    f_cond_subtract_3329_post
+    =
+    (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
+        impl.f_repr out ==
+        Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector));
+    f_cond_subtract_3329_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements }
+        <:
+        t_SIMD256Vector);
+    f_barrett_reduce_pre
+    =
+    (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array 28296 (impl.f_repr vector));
+    f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true);
+    f_barrett_reduce
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce vector.f_elements }
+        <:
+        t_SIMD256Vector);
+    f_montgomery_multiply_by_constant_pre
+    =
+    (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 1664 constant);
+    f_montgomery_multiply_by_constant_post
+    =
+    (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true);
+    f_montgomery_multiply_by_constant
+    =
+    (fun (vector: t_SIMD256Vector) (constant: i16) ->
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements
+            constant
+        }
+        <:
+        t_SIMD256Vector);
+    f_compress_1_pre
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        forall (i: nat).
+          i < 16 ==>
+          v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329);
+    f_compress_1_post
+    =
+    (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
+        forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1);
+    f_compress_1_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Compress.compress_message_coefficient vector.f_elements
+        }
+        <:
+        t_SIMD256Vector);
+    f_compress_pre
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329
+        ));
+    f_compress_post
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) ==>
+        (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS))
+    );
+    f_compress
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS
+            vector.f_elements
+        }
+        <:
+        t_SIMD256Vector);
+    f_decompress_ciphertext_coefficient_pre
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index (impl.f_repr vector) i) >= 0 /\
+            v (Seq.index (impl.f_repr vector) i) < pow2 (v v_COEFFICIENT_BITS)));
+    f_decompress_ciphertext_coefficient_post
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true);
+    f_decompress_ciphertext_coefficient
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS
+            vector.f_elements
+        }
+        <:
+        t_SIMD256Vector);
+    f_ntt_layer_1_step_pre
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr vector));
+    f_ntt_layer_1_step_post
+    =
+    (fun
+        (vector: t_SIMD256Vector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (out: t_SIMD256Vector)
+        ->
+        Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out));
+    f_ntt_layer_1_step
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3
+        }
+        <:
+        t_SIMD256Vector);
+    f_ntt_layer_2_step_pre
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr vector));
+    f_ntt_layer_2_step_post
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) ->
+        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out));
+    f_ntt_layer_2_step
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1
+        }
+        <:
+        t_SIMD256Vector);
+    f_ntt_layer_3_step_pre
+    =
+    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
+        Spec.Utils.is_i16b 1664 zeta /\
+        Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr vector));
+    f_ntt_layer_3_step_post
+    =
+    (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) ->
+        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out));
+    f_ntt_layer_3_step
+    =
+    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
+        let _:Prims.unit = admit () in
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta }
+        <:
+        t_SIMD256Vector);
+    f_inv_ntt_layer_1_step_pre
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr vector));
+    f_inv_ntt_layer_1_step_post
+    =
+    (fun
+        (vector: t_SIMD256Vector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (out: t_SIMD256Vector)
+        ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_inv_ntt_layer_1_step
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_1_step vector.f_elements
+            zeta0
+            zeta1
+            zeta2
+            zeta3
+        }
+        <:
+        t_SIMD256Vector);
+    f_inv_ntt_layer_2_step_pre
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr vector));
+    f_inv_ntt_layer_2_step_post
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_inv_ntt_layer_2_step
+    =
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1
+        }
+        <:
+        t_SIMD256Vector);
+    f_inv_ntt_layer_3_step_pre
+    =
+    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
+        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr vector));
+    f_inv_ntt_layer_3_step_post
+    =
+    (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_inv_ntt_layer_3_step
+    =
+    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
+        let _:Prims.unit = admit () in
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta }
+        <:
+        t_SIMD256Vector);
+    f_ntt_multiply_pre
+    =
+    (fun
+        (lhs: t_SIMD256Vector)
+        (rhs: t_SIMD256Vector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs));
+    f_ntt_multiply_post
+    =
+    (fun
+        (lhs: t_SIMD256Vector)
+        (rhs: t_SIMD256Vector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (out: t_SIMD256Vector)
+        ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_ntt_multiply
+    =
+    (fun
+        (lhs: t_SIMD256Vector)
+        (rhs: t_SIMD256Vector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        let _:Prims.unit = admit () in
+        {
+          f_elements
+          =
+          Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_multiply lhs.f_elements
+            rhs.f_elements
+            zeta0
+            zeta1
+            zeta2
+            zeta3
+        }
+        <:
+        t_SIMD256Vector);
+    f_serialize_1_pre
+    =
+    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector));
+    f_serialize_1_post
+    =
+    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) ->
+        Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==>
+        Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out);
+    f_serialize_1_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements);
+    f_deserialize_1_pre
+    =
+    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2);
+    f_deserialize_1_post
+    =
+    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
+        sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out));
+    f_deserialize_1_
+    =
+    (fun (bytes: t_Slice u8) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes }
+        <:
+        t_SIMD256Vector);
+    f_serialize_4_pre
+    =
+    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector));
+    f_serialize_4_post
+    =
+    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) ->
+        Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==>
+        Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out);
+    f_serialize_4_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements);
+    f_deserialize_4_pre
+    =
+    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8);
+    f_deserialize_4_post
+    =
+    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
+        sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out));
+    f_deserialize_4_
+    =
+    (fun (bytes: t_Slice u8) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes }
+        <:
+        t_SIMD256Vector);
+    f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true);
+    f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true);
+    f_serialize_5_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
+        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements);
+    f_deserialize_5_pre
+    =
+    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10);
+    f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true);
+    f_deserialize_5_
+    =
+    (fun (bytes: t_Slice u8) ->
+        let _:Prims.unit = admit () in
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes }
+        <:
+        t_SIMD256Vector);
+    f_serialize_10_pre
+    =
+    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector));
+    f_serialize_10_post
+    =
+    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) ->
+        Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==>
+        Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out);
+    f_serialize_10_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements);
+    f_deserialize_10_pre
+    =
+    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20);
+    f_deserialize_10_post
+    =
+    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
+        sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out));
+    f_deserialize_10_
+    =
+    (fun (bytes: t_Slice u8) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes }
+        <:
+        t_SIMD256Vector);
+    f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true);
+    f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true);
+    f_serialize_11_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements);
+    f_deserialize_11_pre
+    =
+    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22);
+    f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true);
+    f_deserialize_11_
+    =
+    (fun (bytes: t_Slice u8) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes }
+        <:
+        t_SIMD256Vector);
+    f_serialize_12_pre
+    =
+    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector));
+    f_serialize_12_post
+    =
+    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) ->
+        Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==>
+        Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out);
+    f_serialize_12_
+    =
+    (fun (vector: t_SIMD256Vector) ->
+        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements);
+    f_deserialize_12_pre
+    =
+    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24);
+    f_deserialize_12_post
+    =
+    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
+        sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out));
+    f_deserialize_12_
+    =
+    (fun (bytes: t_Slice u8) ->
+        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes }
+        <:
+        t_SIMD256Vector);
+    f_rej_sample_pre
+    =
+    (fun (input: t_Slice u8) (output: t_Slice i16) ->
+        (Core.Slice.impl__len #u8 input <: usize) =. sz 24 &&
+        (Core.Slice.impl__len #i16 output <: usize) =. sz 16);
+    f_rej_sample_post
+    =
+    (fun (input: t_Slice u8) (output: t_Slice i16) (output_future, result: (t_Slice i16 & usize)) ->
+        Seq.length output_future == Seq.length output /\ v result <= 16);
+    f_rej_sample
+    =
+    fun (input: t_Slice u8) (output: t_Slice i16) ->
+      let tmp0, out:(t_Slice i16 & usize) =
+        Libcrux_ml_kem.Vector.Avx2.Sampling.rejection_sample input output
+      in
+      let output:t_Slice i16 = tmp0 in
+      let hax_temp_output:usize = out in
+      output, hax_temp_output <: (t_Slice i16 & usize)
+  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
index f78b55e0b..5d955b9ab 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
@@ -40,570 +40,7 @@ val vec_to_i16_array (v: t_SIMD256Vector)
           result == repr v)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    f_repr_pre = (fun (x: t_SIMD256Vector) -> true);
-    f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true);
-    f_repr = fun (x: t_SIMD256Vector) -> vec_to_i16_array x
-  }
+val impl:Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve;
-    f_ZERO_pre = (fun (_: Prims.unit) -> true);
-    f_ZERO_post
-    =
-    (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s);
-    f_ZERO = (fun (_: Prims.unit) -> vec_zero ());
-    f_from_i16_array_pre
-    =
-    (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16);
-    f_from_i16_array_post
-    =
-    (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array);
-    f_from_i16_array = (fun (array: t_Slice i16) -> vec_from_i16_array array);
-    f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true);
-    f_to_i16_array_post
-    =
-    (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x);
-    f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x);
-    f_add_pre
-    =
-    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
-        forall i.
-          i < 16 ==>
-          Spec.Utils.is_intb (pow2 15 - 1)
-            (v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i)));
-    f_add_post
-    =
-    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) ->
-        forall i.
-          i < 16 ==>
-          (v (Seq.index (impl.f_repr result) i) ==
-            v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i)));
-    f_add
-    =
-    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.add lhs.f_elements rhs.f_elements }
-        <:
-        t_SIMD256Vector);
-    f_sub_pre
-    =
-    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
-        forall i.
-          i < 16 ==>
-          Spec.Utils.is_intb (pow2 15 - 1)
-            (v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i)));
-    f_sub_post
-    =
-    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) ->
-        forall i.
-          i < 16 ==>
-          (v (Seq.index (impl.f_repr result) i) ==
-            v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i)));
-    f_sub
-    =
-    (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.sub lhs.f_elements rhs.f_elements }
-        <:
-        t_SIMD256Vector);
-    f_multiply_by_constant_pre
-    =
-    (fun (vec: t_SIMD256Vector) (c: i16) ->
-        forall i.
-          i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr vec) i) * v c));
-    f_multiply_by_constant_post
-    =
-    (fun (vec: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) ->
-        forall i.
-          i < 16 ==>
-          (v (Seq.index (impl.f_repr result) i) == v (Seq.index (impl.f_repr vec) i) * v c));
-    f_multiply_by_constant
-    =
-    (fun (vec: t_SIMD256Vector) (c: i16) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant vec.f_elements c }
-        <:
-        t_SIMD256Vector);
-    f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true);
-    f_bitwise_and_with_constant_post
-    =
-    (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) ->
-        impl.f_repr out == Spec.Utils.map_array (fun x -> x &. constant) (impl.f_repr vector));
-    f_bitwise_and_with_constant
-    =
-    (fun (vector: t_SIMD256Vector) (constant: i16) ->
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant
-        }
-        <:
-        t_SIMD256Vector);
-    f_shift_right_pre
-    =
-    (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l);
-    f_shift_right_post
-    =
-    (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
-        (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==>
-        impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr vector));
-    f_shift_right
-    =
-    (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) ->
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements
-        }
-        <:
-        t_SIMD256Vector);
-    f_cond_subtract_3329_pre
-    =
-    (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector));
-    f_cond_subtract_3329_post
-    =
-    (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
-        impl.f_repr out ==
-        Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector));
-    f_cond_subtract_3329_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements }
-        <:
-        t_SIMD256Vector);
-    f_barrett_reduce_pre
-    =
-    (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array 28296 (impl.f_repr vector));
-    f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true);
-    f_barrett_reduce
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce vector.f_elements }
-        <:
-        t_SIMD256Vector);
-    f_montgomery_multiply_by_constant_pre
-    =
-    (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 1664 constant);
-    f_montgomery_multiply_by_constant_post
-    =
-    (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true);
-    f_montgomery_multiply_by_constant
-    =
-    (fun (vector: t_SIMD256Vector) (constant: i16) ->
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements
-            constant
-        }
-        <:
-        t_SIMD256Vector);
-    f_compress_1_pre
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        forall (i: nat).
-          i < 16 ==>
-          v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329);
-    f_compress_1_post
-    =
-    (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
-        forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1);
-    f_compress_1_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Compress.compress_message_coefficient vector.f_elements
-        }
-        <:
-        t_SIMD256Vector);
-    f_compress_pre
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
-        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
-          v v_COEFFICIENT_BITS == 11) /\
-        (forall (i: nat).
-            i < 16 ==>
-            v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329
-        ));
-    f_compress_post
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
-        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
-          v v_COEFFICIENT_BITS == 11) ==>
-        (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS))
-    );
-    f_compress
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS
-            vector.f_elements
-        }
-        <:
-        t_SIMD256Vector);
-    f_decompress_ciphertext_coefficient_pre
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
-        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
-          v v_COEFFICIENT_BITS == 11) /\
-        (forall (i: nat).
-            i < 16 ==>
-            v (Seq.index (impl.f_repr vector) i) >= 0 /\
-            v (Seq.index (impl.f_repr vector) i) < pow2 (v v_COEFFICIENT_BITS)));
-    f_decompress_ciphertext_coefficient_post
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true);
-    f_decompress_ciphertext_coefficient
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS
-            vector.f_elements
-        }
-        <:
-        t_SIMD256Vector);
-    f_ntt_layer_1_step_pre
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
-        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr vector));
-    f_ntt_layer_1_step_post
-    =
-    (fun
-        (vector: t_SIMD256Vector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (out: t_SIMD256Vector)
-        ->
-        Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out));
-    f_ntt_layer_1_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3
-        }
-        <:
-        t_SIMD256Vector);
-    f_ntt_layer_2_step_pre
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr vector));
-    f_ntt_layer_2_step_post
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) ->
-        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out));
-    f_ntt_layer_2_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1
-        }
-        <:
-        t_SIMD256Vector);
-    f_ntt_layer_3_step_pre
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
-        Spec.Utils.is_i16b 1664 zeta /\
-        Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr vector));
-    f_ntt_layer_3_step_post
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) ->
-        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out));
-    f_ntt_layer_3_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta }
-        <:
-        t_SIMD256Vector);
-    f_inv_ntt_layer_1_step_pre
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
-        Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr vector));
-    f_inv_ntt_layer_1_step_post
-    =
-    (fun
-        (vector: t_SIMD256Vector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (out: t_SIMD256Vector)
-        ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_inv_ntt_layer_1_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_1_step vector.f_elements
-            zeta0
-            zeta1
-            zeta2
-            zeta3
-        }
-        <:
-        t_SIMD256Vector);
-    f_inv_ntt_layer_2_step_pre
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr vector));
-    f_inv_ntt_layer_2_step_post
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_inv_ntt_layer_2_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1
-        }
-        <:
-        t_SIMD256Vector);
-    f_inv_ntt_layer_3_step_pre
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
-        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr vector));
-    f_inv_ntt_layer_3_step_post
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_inv_ntt_layer_3_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta }
-        <:
-        t_SIMD256Vector);
-    f_ntt_multiply_pre
-    =
-    (fun
-        (lhs: t_SIMD256Vector)
-        (rhs: t_SIMD256Vector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs));
-    f_ntt_multiply_post
-    =
-    (fun
-        (lhs: t_SIMD256Vector)
-        (rhs: t_SIMD256Vector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (out: t_SIMD256Vector)
-        ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_ntt_multiply
-    =
-    (fun
-        (lhs: t_SIMD256Vector)
-        (rhs: t_SIMD256Vector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_multiply lhs.f_elements
-            rhs.f_elements
-            zeta0
-            zeta1
-            zeta2
-            zeta3
-        }
-        <:
-        t_SIMD256Vector);
-    f_serialize_1_pre
-    =
-    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector));
-    f_serialize_1_post
-    =
-    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) ->
-        Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==>
-        Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out);
-    f_serialize_1_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements);
-    f_deserialize_1_pre
-    =
-    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2);
-    f_deserialize_1_post
-    =
-    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
-        sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out));
-    f_deserialize_1_
-    =
-    (fun (bytes: t_Slice u8) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes }
-        <:
-        t_SIMD256Vector);
-    f_serialize_4_pre
-    =
-    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector));
-    f_serialize_4_post
-    =
-    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) ->
-        Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==>
-        Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out);
-    f_serialize_4_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements);
-    f_deserialize_4_pre
-    =
-    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8);
-    f_deserialize_4_post
-    =
-    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
-        sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out));
-    f_deserialize_4_
-    =
-    (fun (bytes: t_Slice u8) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes }
-        <:
-        t_SIMD256Vector);
-    f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true);
-    f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true);
-    f_serialize_5_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements);
-    f_deserialize_5_pre
-    =
-    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10);
-    f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true);
-    f_deserialize_5_
-    =
-    (fun (bytes: t_Slice u8) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes }
-        <:
-        t_SIMD256Vector);
-    f_serialize_10_pre
-    =
-    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector));
-    f_serialize_10_post
-    =
-    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) ->
-        Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==>
-        Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out);
-    f_serialize_10_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements);
-    f_deserialize_10_pre
-    =
-    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20);
-    f_deserialize_10_post
-    =
-    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
-        sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out));
-    f_deserialize_10_
-    =
-    (fun (bytes: t_Slice u8) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes }
-        <:
-        t_SIMD256Vector);
-    f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true);
-    f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true);
-    f_serialize_11_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements);
-    f_deserialize_11_pre
-    =
-    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22);
-    f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true);
-    f_deserialize_11_
-    =
-    (fun (bytes: t_Slice u8) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes }
-        <:
-        t_SIMD256Vector);
-    f_serialize_12_pre
-    =
-    (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector));
-    f_serialize_12_post
-    =
-    (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) ->
-        Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==>
-        Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out);
-    f_serialize_12_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements);
-    f_deserialize_12_pre
-    =
-    (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24);
-    f_deserialize_12_post
-    =
-    (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
-        sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out));
-    f_deserialize_12_
-    =
-    (fun (bytes: t_Slice u8) ->
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes }
-        <:
-        t_SIMD256Vector);
-    f_rej_sample_pre
-    =
-    (fun (input: t_Slice u8) (output: t_Slice i16) ->
-        (Core.Slice.impl__len #u8 input <: usize) =. sz 24 &&
-        (Core.Slice.impl__len #i16 output <: usize) =. sz 16);
-    f_rej_sample_post
-    =
-    (fun (input: t_Slice u8) (output: t_Slice i16) (output_future, result: (t_Slice i16 & usize)) ->
-        Seq.length output_future == Seq.length output /\ v result <= 16);
-    f_rej_sample
-    =
-    fun (input: t_Slice u8) (output: t_Slice i16) ->
-      let tmp0, out:(t_Slice i16 & usize) =
-        Libcrux_ml_kem.Vector.Avx2.Sampling.rejection_sample input output
-      in
-      let output:t_Slice i16 = tmp0 in
-      let hax_temp_output:usize = out in
-      output, hax_temp_output <: (t_Slice i16 & usize)
-  }
+val impl_3:Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst
index 3408a5815..7697d036c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst
@@ -47,3 +47,494 @@ let rej_sample (a: t_Slice u8) (result: t_Slice i16) =
   in
   let hax_temp_output:usize = sampled in
   result, hax_temp_output <: (t_Slice i16 & usize)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_repr_post
+    =
+    (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) ->
+        true);
+    f_repr
+    =
+    fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+      Libcrux_ml_kem.Vector.Neon.Vector_type.to_i16_array x
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations
+Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve;
+    f_ZERO_pre = (fun (_: Prims.unit) -> true);
+    f_ZERO_post
+    =
+    (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        impl.f_repr out == Seq.create 16 0s);
+    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ());
+    f_from_i16_array_pre
+    =
+    (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16);
+    f_from_i16_array_post
+    =
+    (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        impl.f_repr out == array);
+    f_from_i16_array
+    =
+    (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Neon.Vector_type.from_i16_array array);
+    f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_to_i16_array_post
+    =
+    (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) ->
+        out == impl.f_repr x);
+    f_to_i16_array
+    =
+    (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Vector_type.to_i16_array x);
+    f_add_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_add_post
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_add
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.add lhs rhs);
+    f_sub_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_sub_post
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_sub
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.sub lhs rhs);
+    f_multiply_by_constant_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> true);
+    f_multiply_by_constant_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (c: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_multiply_by_constant
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.multiply_by_constant v c);
+    f_bitwise_and_with_constant_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> true);
+    f_bitwise_and_with_constant_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (c: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_bitwise_and_with_constant
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.bitwise_and_with_constant v c);
+    f_shift_right_pre
+    =
+    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_shift_right_post
+    =
+    (fun
+        (v_SHIFT_BY: i32)
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_shift_right
+    =
+    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.shift_right v_SHIFT_BY v);
+    f_cond_subtract_3329_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_cond_subtract_3329_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_cond_subtract_3329_
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.cond_subtract_3329_ v);
+    f_barrett_reduce_pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_barrett_reduce_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_barrett_reduce
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.barrett_reduce v);
+    f_montgomery_multiply_by_constant_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> true);
+    f_montgomery_multiply_by_constant_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (c: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_montgomery_multiply_by_constant
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Arithmetic.montgomery_multiply_by_constant v c);
+    f_compress_1_pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_compress_1_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_compress_1_
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Compress.compress_1_ v);
+    f_compress_pre
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        true);
+    f_compress_post
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_compress
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Compress.compress v_COEFFICIENT_BITS v);
+    f_decompress_ciphertext_coefficient_pre
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        true);
+    f_decompress_ciphertext_coefficient_post
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_decompress_ciphertext_coefficient
+    =
+    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS v);
+    f_ntt_layer_1_step_pre
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        ->
+        true);
+    f_ntt_layer_1_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_ntt_layer_1_step
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_layer_1_step a zeta1 zeta2 zeta3 zeta4);
+    f_ntt_layer_2_step_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
+        true);
+    f_ntt_layer_2_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_ntt_layer_2_step
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_layer_2_step a zeta1 zeta2);
+    f_ntt_layer_3_step_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) -> true);
+    f_ntt_layer_3_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_ntt_layer_3_step
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_layer_3_step a zeta);
+    f_inv_ntt_layer_1_step_pre
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        ->
+        true);
+    f_inv_ntt_layer_1_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_inv_ntt_layer_1_step
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.inv_ntt_layer_1_step a zeta1 zeta2 zeta3 zeta4);
+    f_inv_ntt_layer_2_step_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
+        true);
+    f_inv_ntt_layer_2_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_inv_ntt_layer_2_step
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.inv_ntt_layer_2_step a zeta1 zeta2);
+    f_inv_ntt_layer_3_step_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) -> true);
+    f_inv_ntt_layer_3_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_inv_ntt_layer_3_step
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.inv_ntt_layer_3_step a zeta);
+    f_ntt_multiply_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        ->
+        true);
+    f_ntt_multiply_post
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        ->
+        true);
+    f_ntt_multiply
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (zeta4: i16)
+        ->
+        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_multiply lhs rhs zeta1 zeta2 zeta3 zeta4);
+    f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_serialize_1_post
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 2)) ->
+        true);
+    f_serialize_1_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_1_ a);
+    f_deserialize_1_pre = (fun (a: t_Slice u8) -> true);
+    f_deserialize_1_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_deserialize_1_
+    =
+    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_1_ a);
+    f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_serialize_4_post
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 8)) ->
+        true);
+    f_serialize_4_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_4_ a);
+    f_deserialize_4_pre = (fun (a: t_Slice u8) -> true);
+    f_deserialize_4_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_deserialize_4_
+    =
+    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_4_ a);
+    f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_serialize_5_post
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 10)) ->
+        true);
+    f_serialize_5_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_5_ a);
+    f_deserialize_5_pre = (fun (a: t_Slice u8) -> true);
+    f_deserialize_5_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_deserialize_5_
+    =
+    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_5_ a);
+    f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_serialize_10_post
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 20)) ->
+        true);
+    f_serialize_10_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_10_ a);
+    f_deserialize_10_pre = (fun (a: t_Slice u8) -> true);
+    f_deserialize_10_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_deserialize_10_
+    =
+    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_10_ a);
+    f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_serialize_11_post
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 22)) ->
+        true);
+    f_serialize_11_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_11_ a);
+    f_deserialize_11_pre = (fun (a: t_Slice u8) -> true);
+    f_deserialize_11_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_deserialize_11_
+    =
+    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_11_ a);
+    f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_serialize_12_post
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 24)) ->
+        true);
+    f_serialize_12_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
+        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_12_ a);
+    f_deserialize_12_pre = (fun (a: t_Slice u8) -> true);
+    f_deserialize_12_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
+    f_deserialize_12_
+    =
+    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_12_ a);
+    f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true);
+    f_rej_sample_post
+    =
+    (fun (a: t_Slice u8) (out: t_Slice i16) (out2: (t_Slice i16 & usize)) -> true);
+    f_rej_sample
+    =
+    fun (a: t_Slice u8) (out: t_Slice i16) ->
+      let tmp0, out1:(t_Slice i16 & usize) = rej_sample a out in
+      let out:t_Slice i16 = tmp0 in
+      let hax_temp_output:usize = out1 in
+      out, hax_temp_output <: (t_Slice i16 & usize)
+  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti
index 7d44e2e90..a9ba571dd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti
@@ -14,492 +14,8 @@ val rej_sample (a: t_Slice u8) (result: t_Slice i16)
     : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_repr_post
-    =
-    (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) ->
-        true);
-    f_repr
-    =
-    fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-      Libcrux_ml_kem.Vector.Neon.Vector_type.to_i16_array x
-  }
+val impl:Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations
-Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve;
-    f_ZERO_pre = (fun (_: Prims.unit) -> true);
-    f_ZERO_post
-    =
-    (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        impl.f_repr out == Seq.create 16 0s);
-    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ());
-    f_from_i16_array_pre
-    =
-    (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16);
-    f_from_i16_array_post
-    =
-    (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        impl.f_repr out == array);
-    f_from_i16_array
-    =
-    (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Neon.Vector_type.from_i16_array array);
-    f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_to_i16_array_post
-    =
-    (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) ->
-        out == impl.f_repr x);
-    f_to_i16_array
-    =
-    (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Vector_type.to_i16_array x);
-    f_add_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_add_post
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_add
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.add lhs rhs);
-    f_sub_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_sub_post
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_sub
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.sub lhs rhs);
-    f_multiply_by_constant_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> true);
-    f_multiply_by_constant_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (c: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_multiply_by_constant
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.multiply_by_constant v c);
-    f_bitwise_and_with_constant_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> true);
-    f_bitwise_and_with_constant_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (c: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_bitwise_and_with_constant
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.bitwise_and_with_constant v c);
-    f_shift_right_pre
-    =
-    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_shift_right_post
-    =
-    (fun
-        (v_SHIFT_BY: i32)
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_shift_right
-    =
-    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.shift_right v_SHIFT_BY v);
-    f_cond_subtract_3329_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_cond_subtract_3329_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_cond_subtract_3329_
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.cond_subtract_3329_ v);
-    f_barrett_reduce_pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_barrett_reduce_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_barrett_reduce
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.barrett_reduce v);
-    f_montgomery_multiply_by_constant_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> true);
-    f_montgomery_multiply_by_constant_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (c: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_montgomery_multiply_by_constant
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Arithmetic.montgomery_multiply_by_constant v c);
-    f_compress_1_pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_compress_1_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_compress_1_
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Compress.compress_1_ v);
-    f_compress_pre
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        true);
-    f_compress_post
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_compress
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Compress.compress v_COEFFICIENT_BITS v);
-    f_decompress_ciphertext_coefficient_pre
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        true);
-    f_decompress_ciphertext_coefficient_post
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_decompress_ciphertext_coefficient
-    =
-    (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS v);
-    f_ntt_layer_1_step_pre
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        ->
-        true);
-    f_ntt_layer_1_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_ntt_layer_1_step
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_layer_1_step a zeta1 zeta2 zeta3 zeta4);
-    f_ntt_layer_2_step_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
-        true);
-    f_ntt_layer_2_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_ntt_layer_2_step
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_layer_2_step a zeta1 zeta2);
-    f_ntt_layer_3_step_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) -> true);
-    f_ntt_layer_3_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_ntt_layer_3_step
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_layer_3_step a zeta);
-    f_inv_ntt_layer_1_step_pre
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        ->
-        true);
-    f_inv_ntt_layer_1_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_inv_ntt_layer_1_step
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.inv_ntt_layer_1_step a zeta1 zeta2 zeta3 zeta4);
-    f_inv_ntt_layer_2_step_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
-        true);
-    f_inv_ntt_layer_2_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_inv_ntt_layer_2_step
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta1: i16) (zeta2: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.inv_ntt_layer_2_step a zeta1 zeta2);
-    f_inv_ntt_layer_3_step_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) -> true);
-    f_inv_ntt_layer_3_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_inv_ntt_layer_3_step
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (zeta: i16) ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.inv_ntt_layer_3_step a zeta);
-    f_ntt_multiply_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        ->
-        true);
-    f_ntt_multiply_post
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        ->
-        true);
-    f_ntt_multiply
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (zeta4: i16)
-        ->
-        Libcrux_ml_kem.Vector.Neon.Ntt.ntt_multiply lhs rhs zeta1 zeta2 zeta3 zeta4);
-    f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_serialize_1_post
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 2)) ->
-        true);
-    f_serialize_1_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_1_ a);
-    f_deserialize_1_pre = (fun (a: t_Slice u8) -> true);
-    f_deserialize_1_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_deserialize_1_
-    =
-    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_1_ a);
-    f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_serialize_4_post
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 8)) ->
-        true);
-    f_serialize_4_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_4_ a);
-    f_deserialize_4_pre = (fun (a: t_Slice u8) -> true);
-    f_deserialize_4_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_deserialize_4_
-    =
-    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_4_ a);
-    f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_serialize_5_post
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 10)) ->
-        true);
-    f_serialize_5_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_5_ a);
-    f_deserialize_5_pre = (fun (a: t_Slice u8) -> true);
-    f_deserialize_5_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_deserialize_5_
-    =
-    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_5_ a);
-    f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_serialize_10_post
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 20)) ->
-        true);
-    f_serialize_10_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_10_ a);
-    f_deserialize_10_pre = (fun (a: t_Slice u8) -> true);
-    f_deserialize_10_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_deserialize_10_
-    =
-    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_10_ a);
-    f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_serialize_11_post
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 22)) ->
-        true);
-    f_serialize_11_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_11_ a);
-    f_deserialize_11_pre = (fun (a: t_Slice u8) -> true);
-    f_deserialize_11_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_deserialize_11_
-    =
-    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_11_ a);
-    f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_serialize_12_post
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 24)) ->
-        true);
-    f_serialize_12_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) ->
-        Libcrux_ml_kem.Vector.Neon.Serialize.serialize_12_ a);
-    f_deserialize_12_pre = (fun (a: t_Slice u8) -> true);
-    f_deserialize_12_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true);
-    f_deserialize_12_
-    =
-    (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_12_ a);
-    f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true);
-    f_rej_sample_post
-    =
-    (fun (a: t_Slice u8) (out: t_Slice i16) (out2: (t_Slice i16 & usize)) -> true);
-    f_rej_sample
-    =
-    fun (a: t_Slice u8) (out: t_Slice i16) ->
-      let tmp0, out1:(t_Slice i16 & usize) = rej_sample a out in
-      let out:t_Slice i16 = tmp0 in
-      let hax_temp_output:usize = out1 in
-      out, hax_temp_output <: (t_Slice i16 & usize)
-  }
+val impl_1:Libcrux_ml_kem.Vector.Traits.t_Operations
+Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
index 3546b5420..7c018d9cf 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
@@ -20,6 +20,26 @@ let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto
 let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
   Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_kem.Vector.Traits.t_Repr
+Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
+    f_repr_post
+    =
+    (fun
+        (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array i16 (sz 16))
+        ->
+        true);
+    f_repr
+    =
+    fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+      Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x
+  }
+
 let deserialize_1_ (a: t_Slice u8) =
   let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in
   let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in
@@ -57,3 +77,597 @@ let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
   let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in
   let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in
   Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a
+
+#push-options "--z3rlimit 400 --split_queries always"
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations
+Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve;
+    f_ZERO_pre = (fun (_: Prims.unit) -> true);
+    f_ZERO_post
+    =
+    (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        impl.f_repr out == Seq.create 16 0s);
+    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ());
+    f_from_i16_array_pre
+    =
+    (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16);
+    f_from_i16_array_post
+    =
+    (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        impl.f_repr out == array);
+    f_from_i16_array
+    =
+    (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Portable.Vector_type.from_i16_array array);
+    f_to_i16_array_pre
+    =
+    (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
+    f_to_i16_array_post
+    =
+    (fun
+        (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array i16 (sz 16))
+        ->
+        out == impl.f_repr x);
+    f_to_i16_array
+    =
+    (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x);
+    f_add_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        forall i.
+          i < 16 ==>
+          Spec.Utils.is_intb (pow2 15 - 1)
+            (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i)));
+    f_add_post
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        forall i.
+          i < 16 ==>
+          (v (Seq.index result.f_elements i) ==
+            v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i)));
+    f_add
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.add lhs rhs);
+    f_sub_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        forall i.
+          i < 16 ==>
+          Spec.Utils.is_intb (pow2 15 - 1)
+            (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i)));
+    f_sub_post
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        forall i.
+          i < 16 ==>
+          (v (Seq.index result.f_elements i) ==
+            v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i)));
+    f_sub
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.sub lhs rhs);
+    f_multiply_by_constant_pre
+    =
+    (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) ->
+        forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index vec.f_elements i) * v c)
+    );
+    f_multiply_by_constant_post
+    =
+    (fun
+        (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (c: i16)
+        (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        forall i.
+          i < 16 ==> (v (Seq.index result.f_elements i) == v (Seq.index vec.f_elements i) * v c));
+    f_multiply_by_constant
+    =
+    (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.multiply_by_constant vec c);
+    f_bitwise_and_with_constant_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> true);
+    f_bitwise_and_with_constant_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (c: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr v));
+    f_bitwise_and_with_constant
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.bitwise_and_with_constant v c);
+    f_shift_right_pre
+    =
+    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l);
+    f_shift_right_post
+    =
+    (fun
+        (v_SHIFT_BY: i32)
+        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==>
+        impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr v));
+    f_shift_right
+    =
+    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.shift_right v_SHIFT_BY v);
+    f_cond_subtract_3329_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr v));
+    f_cond_subtract_3329_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        impl.f_repr out ==
+        Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr v));
+    f_cond_subtract_3329_
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.cond_subtract_3329_ v);
+    f_barrett_reduce_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Spec.Utils.is_i16b_array 28296 (impl.f_repr v));
+    f_barrett_reduce_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        true);
+    f_barrett_reduce
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce v);
+    f_montgomery_multiply_by_constant_pre
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) ->
+        Spec.Utils.is_i16b 1664 r);
+    f_montgomery_multiply_by_constant_post
+    =
+    (fun
+        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (r: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        true);
+    f_montgomery_multiply_by_constant
+    =
+    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) ->
+        Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_by_constant v r);
+    f_compress_1_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        forall (i: nat).
+          i < 16 ==> v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329);
+    f_compress_1_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1);
+    f_compress_1_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Libcrux_ml_kem.Vector.Portable.Compress.compress_1_ a);
+    f_compress_pre
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329));
+    f_compress_post
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) ==>
+        (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS))
+    );
+    f_compress
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Compress.compress v_COEFFICIENT_BITS a);
+    f_decompress_ciphertext_coefficient_pre
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==>
+            v (Seq.index (impl.f_repr a) i) >= 0 /\
+            v (Seq.index (impl.f_repr a) i) < pow2 (v v_COEFFICIENT_BITS)));
+    f_decompress_ciphertext_coefficient_post
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        true);
+    f_decompress_ciphertext_coefficient
+    =
+    (fun
+        (v_COEFFICIENT_BITS: i32)
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS
+          a);
+    f_ntt_layer_1_step_pre
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr a));
+    f_ntt_layer_1_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out));
+    f_ntt_layer_1_step
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3);
+    f_ntt_layer_2_step_pre
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr a));
+    f_ntt_layer_2_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out));
+    f_ntt_layer_2_step
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_2_step a zeta0 zeta1);
+    f_ntt_layer_3_step_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
+        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr a));
+    f_ntt_layer_3_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out));
+    f_ntt_layer_3_step
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_3_step a zeta);
+    f_inv_ntt_layer_1_step_pre
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr a));
+    f_inv_ntt_layer_1_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_inv_ntt_layer_1_step
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3);
+    f_inv_ntt_layer_2_step_pre
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr a));
+    f_inv_ntt_layer_2_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_inv_ntt_layer_2_step
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_2_step a zeta0 zeta1);
+    f_inv_ntt_layer_3_step_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
+        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr a));
+    f_inv_ntt_layer_3_step_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_inv_ntt_layer_3_step
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_3_step a zeta);
+    f_ntt_multiply_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs));
+    f_ntt_multiply_post
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        ->
+        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
+    f_ntt_multiply
+    =
+    (fun
+        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (zeta0: i16)
+        (zeta1: i16)
+        (zeta2: i16)
+        (zeta3: i16)
+        ->
+        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3);
+    f_serialize_1_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Spec.MLKEM.serialize_pre 1 (impl.f_repr a));
+    f_serialize_1_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array u8 (sz 2))
+        ->
+        Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==>
+        Spec.MLKEM.serialize_post 1 (impl.f_repr a) out);
+    f_serialize_1_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a);
+    f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2);
+    f_deserialize_1_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out));
+    f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a);
+    f_serialize_4_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Spec.MLKEM.serialize_pre 4 (impl.f_repr a));
+    f_serialize_4_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array u8 (sz 8))
+        ->
+        Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==>
+        Spec.MLKEM.serialize_post 4 (impl.f_repr a) out);
+    f_serialize_4_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a);
+    f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8);
+    f_deserialize_4_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out));
+    f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a);
+    f_serialize_5_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
+    f_serialize_5_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array u8 (sz 10))
+        ->
+        true);
+    f_serialize_5_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a);
+    f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10);
+    f_deserialize_5_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
+    f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a);
+    f_serialize_10_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Spec.MLKEM.serialize_pre 10 (impl.f_repr a));
+    f_serialize_10_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array u8 (sz 20))
+        ->
+        Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==>
+        Spec.MLKEM.serialize_post 10 (impl.f_repr a) out);
+    f_serialize_10_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a);
+    f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20);
+    f_deserialize_10_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out));
+    f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a);
+    f_serialize_11_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
+    f_serialize_11_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array u8 (sz 22))
+        ->
+        true);
+    f_serialize_11_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a);
+    f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22);
+    f_deserialize_11_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
+    f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a);
+    f_serialize_12_pre
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        Spec.MLKEM.serialize_pre 12 (impl.f_repr a));
+    f_serialize_12_post
+    =
+    (fun
+        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+        (out: t_Array u8 (sz 24))
+        ->
+        Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==>
+        Spec.MLKEM.serialize_post 12 (impl.f_repr a) out);
+    f_serialize_12_
+    =
+    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a);
+    f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24);
+    f_deserialize_12_post
+    =
+    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
+        sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out));
+    f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a);
+    f_rej_sample_pre
+    =
+    (fun (a: t_Slice u8) (out: t_Slice i16) ->
+        (Core.Slice.impl__len #u8 a <: usize) =. sz 24 &&
+        (Core.Slice.impl__len #i16 out <: usize) =. sz 16);
+    f_rej_sample_post
+    =
+    (fun (a: t_Slice u8) (out: t_Slice i16) (out_future, result: (t_Slice i16 & usize)) ->
+        Seq.length out_future == Seq.length out /\ v result <= 16);
+    f_rej_sample
+    =
+    fun (a: t_Slice u8) (out: t_Slice i16) ->
+      let tmp0, out1:(t_Slice i16 & usize) =
+        Libcrux_ml_kem.Vector.Portable.Sampling.rej_sample a out
+      in
+      let out:t_Slice i16 = tmp0 in
+      let hax_temp_output:usize = out1 in
+      out, hax_temp_output <: (t_Slice i16 & usize)
+  }
+
+#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
index 0abe9ae41..c9cf458ce 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
@@ -27,24 +27,8 @@ val serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
     : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl: Libcrux_ml_kem.Vector.Traits.t_Repr
-Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
-    f_repr_post
-    =
-    (fun
-        (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array i16 (sz 16))
-        ->
-        true);
-    f_repr
-    =
-    fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-      Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x
-  }
+val impl:Libcrux_ml_kem.Vector.Traits.t_Repr
+Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
 
 val deserialize_1_ (a: t_Slice u8)
     : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
@@ -114,596 +98,6 @@ val serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
           Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==>
           Spec.MLKEM.serialize_post 4 (impl.f_repr a) out)
 
-#push-options "--z3rlimit 400 --split_queries always"
-
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations
-Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
-  {
-    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
-    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
-    _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve;
-    f_ZERO_pre = (fun (_: Prims.unit) -> true);
-    f_ZERO_post
-    =
-    (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        impl.f_repr out == Seq.create 16 0s);
-    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ());
-    f_from_i16_array_pre
-    =
-    (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16);
-    f_from_i16_array_post
-    =
-    (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        impl.f_repr out == array);
-    f_from_i16_array
-    =
-    (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Portable.Vector_type.from_i16_array array);
-    f_to_i16_array_pre
-    =
-    (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
-    f_to_i16_array_post
-    =
-    (fun
-        (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array i16 (sz 16))
-        ->
-        out == impl.f_repr x);
-    f_to_i16_array
-    =
-    (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x);
-    f_add_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        forall i.
-          i < 16 ==>
-          Spec.Utils.is_intb (pow2 15 - 1)
-            (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i)));
-    f_add_post
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        forall i.
-          i < 16 ==>
-          (v (Seq.index result.f_elements i) ==
-            v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i)));
-    f_add
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.add lhs rhs);
-    f_sub_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        forall i.
-          i < 16 ==>
-          Spec.Utils.is_intb (pow2 15 - 1)
-            (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i)));
-    f_sub_post
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        forall i.
-          i < 16 ==>
-          (v (Seq.index result.f_elements i) ==
-            v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i)));
-    f_sub
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.sub lhs rhs);
-    f_multiply_by_constant_pre
-    =
-    (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) ->
-        forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index vec.f_elements i) * v c)
-    );
-    f_multiply_by_constant_post
-    =
-    (fun
-        (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (c: i16)
-        (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        forall i.
-          i < 16 ==> (v (Seq.index result.f_elements i) == v (Seq.index vec.f_elements i) * v c));
-    f_multiply_by_constant
-    =
-    (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.multiply_by_constant vec c);
-    f_bitwise_and_with_constant_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> true);
-    f_bitwise_and_with_constant_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (c: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr v));
-    f_bitwise_and_with_constant
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.bitwise_and_with_constant v c);
-    f_shift_right_pre
-    =
-    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l);
-    f_shift_right_post
-    =
-    (fun
-        (v_SHIFT_BY: i32)
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==>
-        impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr v));
-    f_shift_right
-    =
-    (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.shift_right v_SHIFT_BY v);
-    f_cond_subtract_3329_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr v));
-    f_cond_subtract_3329_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        impl.f_repr out ==
-        Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr v));
-    f_cond_subtract_3329_
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.cond_subtract_3329_ v);
-    f_barrett_reduce_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Spec.Utils.is_i16b_array 28296 (impl.f_repr v));
-    f_barrett_reduce_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        true);
-    f_barrett_reduce
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce v);
-    f_montgomery_multiply_by_constant_pre
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) ->
-        Spec.Utils.is_i16b 1664 r);
-    f_montgomery_multiply_by_constant_post
-    =
-    (fun
-        (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (r: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        true);
-    f_montgomery_multiply_by_constant
-    =
-    (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) ->
-        Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_by_constant v r);
-    f_compress_1_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        forall (i: nat).
-          i < 16 ==> v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329);
-    f_compress_1_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1);
-    f_compress_1_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Libcrux_ml_kem.Vector.Portable.Compress.compress_1_ a);
-    f_compress_pre
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
-          v v_COEFFICIENT_BITS == 11) /\
-        (forall (i: nat).
-            i < 16 ==>
-            v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329));
-    f_compress_post
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
-          v v_COEFFICIENT_BITS == 11) ==>
-        (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS))
-    );
-    f_compress
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Compress.compress v_COEFFICIENT_BITS a);
-    f_decompress_ciphertext_coefficient_pre
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
-          v v_COEFFICIENT_BITS == 11) /\
-        (forall (i: nat).
-            i < 16 ==>
-            v (Seq.index (impl.f_repr a) i) >= 0 /\
-            v (Seq.index (impl.f_repr a) i) < pow2 (v v_COEFFICIENT_BITS)));
-    f_decompress_ciphertext_coefficient_post
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        true);
-    f_decompress_ciphertext_coefficient
-    =
-    (fun
-        (v_COEFFICIENT_BITS: i32)
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS
-          a);
-    f_ntt_layer_1_step_pre
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
-        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr a));
-    f_ntt_layer_1_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out));
-    f_ntt_layer_1_step
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3);
-    f_ntt_layer_2_step_pre
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr a));
-    f_ntt_layer_2_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out));
-    f_ntt_layer_2_step
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_2_step a zeta0 zeta1);
-    f_ntt_layer_3_step_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
-        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr a));
-    f_ntt_layer_3_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out));
-    f_ntt_layer_3_step
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_3_step a zeta);
-    f_inv_ntt_layer_1_step_pre
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
-        Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr a));
-    f_inv_ntt_layer_1_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_inv_ntt_layer_1_step
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3);
-    f_inv_ntt_layer_2_step_pre
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr a));
-    f_inv_ntt_layer_2_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_inv_ntt_layer_2_step
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_2_step a zeta0 zeta1);
-    f_inv_ntt_layer_3_step_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
-        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr a));
-    f_inv_ntt_layer_3_step_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_inv_ntt_layer_3_step
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_3_step a zeta);
-    f_ntt_multiply_pre
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
-        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs));
-    f_ntt_multiply_post
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        ->
-        Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
-    f_ntt_multiply
-    =
-    (fun
-        (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (zeta0: i16)
-        (zeta1: i16)
-        (zeta2: i16)
-        (zeta3: i16)
-        ->
-        Libcrux_ml_kem.Vector.Portable.Ntt.ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3);
-    f_serialize_1_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Spec.MLKEM.serialize_pre 1 (impl.f_repr a));
-    f_serialize_1_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array u8 (sz 2))
-        ->
-        Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==>
-        Spec.MLKEM.serialize_post 1 (impl.f_repr a) out);
-    f_serialize_1_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a);
-    f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2);
-    f_deserialize_1_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out));
-    f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a);
-    f_serialize_4_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Spec.MLKEM.serialize_pre 4 (impl.f_repr a));
-    f_serialize_4_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array u8 (sz 8))
-        ->
-        Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==>
-        Spec.MLKEM.serialize_post 4 (impl.f_repr a) out);
-    f_serialize_4_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a);
-    f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8);
-    f_deserialize_4_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out));
-    f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a);
-    f_serialize_5_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
-    f_serialize_5_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array u8 (sz 10))
-        ->
-        true);
-    f_serialize_5_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a);
-    f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10);
-    f_deserialize_5_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
-    f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a);
-    f_serialize_10_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Spec.MLKEM.serialize_pre 10 (impl.f_repr a));
-    f_serialize_10_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array u8 (sz 20))
-        ->
-        Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==>
-        Spec.MLKEM.serialize_post 10 (impl.f_repr a) out);
-    f_serialize_10_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a);
-    f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20);
-    f_deserialize_10_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out));
-    f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a);
-    f_serialize_11_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
-    f_serialize_11_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array u8 (sz 22))
-        ->
-        true);
-    f_serialize_11_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a);
-    f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22);
-    f_deserialize_11_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
-    f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a);
-    f_serialize_12_pre
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        Spec.MLKEM.serialize_pre 12 (impl.f_repr a));
-    f_serialize_12_post
-    =
-    (fun
-        (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-        (out: t_Array u8 (sz 24))
-        ->
-        Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==>
-        Spec.MLKEM.serialize_post 12 (impl.f_repr a) out);
-    f_serialize_12_
-    =
-    (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a);
-    f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24);
-    f_deserialize_12_post
-    =
-    (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
-        sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out));
-    f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a);
-    f_rej_sample_pre
-    =
-    (fun (a: t_Slice u8) (out: t_Slice i16) ->
-        (Core.Slice.impl__len #u8 a <: usize) =. sz 24 &&
-        (Core.Slice.impl__len #i16 out <: usize) =. sz 16);
-    f_rej_sample_post
-    =
-    (fun (a: t_Slice u8) (out: t_Slice i16) (out_future, result: (t_Slice i16 & usize)) ->
-        Seq.length out_future == Seq.length out /\ v result <= 16);
-    f_rej_sample
-    =
-    fun (a: t_Slice u8) (out: t_Slice i16) ->
-      let tmp0, out1:(t_Slice i16 & usize) =
-        Libcrux_ml_kem.Vector.Portable.Sampling.rej_sample a out
-      in
-      let out:t_Slice i16 = tmp0 in
-      let hax_temp_output:usize = out1 in
-      out, hax_temp_output <: (t_Slice i16 & usize)
-  }
-
-#pop-options
+val impl_1:Libcrux_ml_kem.Vector.Traits.t_Operations
+Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
index e8713dad5..95dad6932 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 

From 33f952d69f2c1397a7d2f2cccf34d1e6aefc9adf Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sat, 16 Nov 2024 07:43:57 +0000
Subject: [PATCH 029/142] fstar update

---
 .../Libcrux_intrinsics.Arm64_extract.fsti     |   2 +-
 .../Libcrux_intrinsics.Avx2_extract.fsti      |   2 +-
 ...m.Ind_cca.Instantiations.Avx2.Unpacked.fst |  22 ++
 ....Ind_cca.Instantiations.Avx2.Unpacked.fsti |  12 +
 ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst |   9 +
 ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti |   6 +
 ...m.Ind_cca.Instantiations.Neon.Unpacked.fst |  22 ++
 ....Ind_cca.Instantiations.Neon.Unpacked.fsti |  14 +
 ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst |   9 +
 ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti |  10 +-
 ...d_cca.Instantiations.Portable.Unpacked.fst |  22 ++
 ..._cca.Instantiations.Portable.Unpacked.fsti |  14 +
 ...ml_kem.Ind_cca.Instantiations.Portable.fst |   9 +
 ...l_kem.Ind_cca.Instantiations.Portable.fsti |  10 +-
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       | 261 ++++++++++++++++--
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti      |  58 +++-
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     | 156 ++++++++++-
 .../extraction/Libcrux_ml_kem.Ind_cca.fsti    |  17 ++
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     | 175 +++++++-----
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    |  32 +++
 ...Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst |  95 ++++++-
 ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti |  56 +++-
 .../Libcrux_ml_kem.Mlkem1024.Avx2.fst         |   3 +
 .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti        |   5 +
 ...Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst |  95 ++++++-
 ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti |  60 +++-
 .../Libcrux_ml_kem.Mlkem1024.Neon.fst         |   3 +
 .../Libcrux_ml_kem.Mlkem1024.Neon.fsti        |   5 +
 ...rux_ml_kem.Mlkem1024.Portable.Unpacked.fst |  95 ++++++-
 ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti |  60 +++-
 .../Libcrux_ml_kem.Mlkem1024.Portable.fst     |   5 +
 .../Libcrux_ml_kem.Mlkem1024.Portable.fsti    |   5 +
 .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst |  95 ++++++-
 ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti |  56 +++-
 .../Libcrux_ml_kem.Mlkem512.Avx2.fst          |   3 +
 .../Libcrux_ml_kem.Mlkem512.Avx2.fsti         |   5 +
 .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst |  95 ++++++-
 ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti |  60 +++-
 .../Libcrux_ml_kem.Mlkem512.Neon.fst          |   3 +
 .../Libcrux_ml_kem.Mlkem512.Neon.fsti         |   5 +
 ...crux_ml_kem.Mlkem512.Portable.Unpacked.fst |  95 ++++++-
 ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti |  60 +++-
 .../Libcrux_ml_kem.Mlkem512.Portable.fst      |   5 +
 .../Libcrux_ml_kem.Mlkem512.Portable.fsti     |   5 +
 .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst |  79 +++++-
 ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti |  48 +++-
 .../Libcrux_ml_kem.Mlkem768.Avx2.fst          |   3 +
 .../Libcrux_ml_kem.Mlkem768.Avx2.fsti         |   5 +
 .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst |  79 +++++-
 ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti |  52 +++-
 .../Libcrux_ml_kem.Mlkem768.Neon.fst          |   3 +
 .../Libcrux_ml_kem.Mlkem768.Neon.fsti         |   5 +
 ...crux_ml_kem.Mlkem768.Portable.Unpacked.fst |  79 +++++-
 ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti |  52 +++-
 .../Libcrux_ml_kem.Mlkem768.Portable.fst      |   5 +
 .../Libcrux_ml_kem.Mlkem768.Portable.fsti     |   5 +
 .../fstar/extraction/Libcrux_ml_kem.Types.fst |  14 +
 .../extraction/Libcrux_ml_kem.Types.fsti      |   7 +
 libcrux-ml-kem/src/ind_cca.rs                 |   1 +
 .../extraction/Libcrux_platform.Platform.fsti |   2 +-
 60 files changed, 2132 insertions(+), 143 deletions(-)

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
index d4014e6a8..a03c287ec 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index 16d93fb14..290b679a5 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst
index 8e205b0fb..ec082d69c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst
@@ -118,6 +118,28 @@ let generate_keypair
   in
   out
 
+let keypair_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Libcrux_ml_kem.Ind_cca.Unpacked.keys_from_private_key v_K
+      v_SECRET_KEY_SIZE
+      v_CPA_SECRET_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      v_BYTES_PER_RING_ELEMENT
+      v_T_AS_NTT_ENCODED_SIZE
+      #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpack_public_key_avx2
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
index 59d9f544f..1adbbce9c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
@@ -132,6 +132,18 @@ val generate_keypair
         v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)
       (fun _ -> Prims.l_True)
 
+/// Take a serialized private key and generate an unpacked key pair from it.
+val keypair_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpack_public_key_avx2
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst
index f3729610d..c6fa41647 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst
@@ -31,6 +31,15 @@ let validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
      = validate_private_key_avx2 v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE private_key ciphertext
 
+let validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+     =
+  Libcrux_ml_kem.Ind_cca.validate_private_key_only v_K
+    v_SECRET_KEY_SIZE
+    #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash
+    private_key
+
 let decapsulate_avx2
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
index c8a184dc0..55a5ad2a7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
@@ -33,6 +33,12 @@ val validate_private_key
         v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
       (fun _ -> Prims.l_True)
 
+/// Private key validation
+val validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 val decapsulate_avx2
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst
index dcdb3f339..591097306 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst
@@ -66,6 +66,28 @@ let generate_keypair
   in
   out
 
+let keypair_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Libcrux_ml_kem.Ind_cca.Unpacked.keys_from_private_key v_K
+      v_SECRET_KEY_SIZE
+      v_CPA_SECRET_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      v_BYTES_PER_RING_ELEMENT
+      v_T_AS_NTT_ENCODED_SIZE
+      #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpack_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
index c2b13b5e9..a7a9fbed8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
@@ -80,6 +80,20 @@ val generate_keypair
         v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
+/// Take a serialized private key and generate an unpacked key pair from it.
+val keypair_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpack_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst
index aeffe4831..30ff60795 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst
@@ -25,6 +25,15 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+     =
+  Libcrux_ml_kem.Ind_cca.validate_private_key_only v_K
+    v_SECRET_KEY_SIZE
+    #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash
+    private_key
+
 let decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
index 2ac2032f9..5a6e24ad0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
@@ -13,7 +13,7 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-/// Portable private key validation
+/// Private key validation
 val validate_private_key
       (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
@@ -24,6 +24,12 @@ val validate_private_key
         v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
       (fun _ -> Prims.l_True)
 
+/// Private key validation
+val validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Portable decapsulate
 val decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
@@ -81,7 +87,7 @@ val generate_keypair
         v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
-/// Portable public key validation
+/// Public key validation
 val validate_public_key
       (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: t_Array u8 v_PUBLIC_KEY_SIZE)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst
index 6f5ea9027..b9f62cbc3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst
@@ -66,6 +66,28 @@ let generate_keypair
   in
   out
 
+let keypair_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Libcrux_ml_kem.Ind_cca.Unpacked.keys_from_private_key v_K
+      v_SECRET_KEY_SIZE
+      v_CPA_SECRET_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      v_BYTES_PER_RING_ELEMENT
+      v_T_AS_NTT_ENCODED_SIZE
+      #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpack_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
index 4ea263f4d..0bdbc2e6d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
@@ -80,6 +80,20 @@ val generate_keypair
         v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
+/// Take a serialized private key and generate an unpacked key pair from it.
+val keypair_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpack_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst
index c8f72e2e0..414098242 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst
@@ -25,6 +25,15 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+     =
+  Libcrux_ml_kem.Ind_cca.validate_private_key_only v_K
+    v_SECRET_KEY_SIZE
+    #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K)
+    private_key
+
 let decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
index 54d121f40..202487815 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
@@ -13,7 +13,7 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-/// Portable private key validation
+/// Private key validation
 val validate_private_key
       (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
@@ -24,6 +24,12 @@ val validate_private_key
         v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K)
       (fun _ -> Prims.l_True)
 
+/// Private key validation
+val validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Portable decapsulate
 val decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
@@ -81,7 +87,7 @@ val generate_keypair
         v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K)
       (fun _ -> Prims.l_True)
 
-/// Portable public key validation
+/// Public key validation
 val validate_public_key
       (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (public_key: t_Array u8 v_PUBLIC_KEY_SIZE)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index 5884e27b4..5e641a876 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -7,6 +7,7 @@ let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
   let open Libcrux_ml_kem.Hash_functions in
+  let open Libcrux_ml_kem.Hash_functions.Portable in
   let open Libcrux_ml_kem.Ind_cpa.Unpacked in
   let open Libcrux_ml_kem.Polynomial in
   let open Libcrux_ml_kem.Types in
@@ -32,19 +33,6 @@ let impl_4__public_key
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      = self.f_public_key
 
-let impl_4__serialized_private_key
-      (v_K: usize)
-      (#v_Vector: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
-          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self: t_MlKemKeyPairUnpacked v_K v_Vector)
-     =
-  let _:Prims.unit = admit () in
-  Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not yet implemented"
-      <:
-      Rust_primitives.Hax.t_Never)
-
 #push-options "--z3rlimit 200"
 
 let transpose_a
@@ -217,6 +205,175 @@ let impl_4__new
      =
   Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) #FStar.Tactics.Typeclasses.solve ()
 
+let keys_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector)
+     =
+  let ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice
+    u8 &
+    t_Slice u8 &
+    t_Slice u8 &
+    t_Slice u8) =
+    Libcrux_ml_kem.Types.unpack_private_key v_CPA_SECRET_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8)
+  in
+  let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector =
+    {
+      key_pair with
+      f_private_key
+      =
+      {
+        key_pair.f_private_key with
+        f_ind_cpa_private_key
+        =
+        {
+          key_pair.f_private_key.f_ind_cpa_private_key with
+          Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
+          =
+          Core.Slice.impl__copy_from_slice #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement
+              v_Vector)
+            key_pair.f_private_key.f_ind_cpa_private_key
+              .Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
+            (Libcrux_ml_kem.Ind_cpa.deserialize_secret_key v_K #v_Vector ind_cpa_secret_key
+              <:
+              t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))
+        }
+        <:
+        Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector
+      }
+      <:
+      t_MlKemPrivateKeyUnpacked v_K v_Vector
+    }
+    <:
+    t_MlKemKeyPairUnpacked v_K v_Vector
+  in
+  let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector =
+    {
+      key_pair with
+      f_public_key
+      =
+      {
+        key_pair.f_public_key with
+        f_ind_cpa_public_key
+        =
+        Libcrux_ml_kem.Ind_cpa.build_unpacked_public_key_mut v_K
+          v_T_AS_NTT_ENCODED_SIZE
+          #v_Vector
+          #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K)
+          ind_cpa_public_key
+          key_pair.f_public_key.f_ind_cpa_public_key
+      }
+      <:
+      t_MlKemPublicKeyUnpacked v_K v_Vector
+    }
+    <:
+    t_MlKemKeyPairUnpacked v_K v_Vector
+  in
+  let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector =
+    {
+      key_pair with
+      f_public_key
+      =
+      {
+        key_pair.f_public_key with
+        f_public_key_hash
+        =
+        Core.Slice.impl__copy_from_slice #u8
+          key_pair.f_public_key.f_public_key_hash
+          ind_cpa_public_key_hash
+      }
+      <:
+      t_MlKemPublicKeyUnpacked v_K v_Vector
+    }
+    <:
+    t_MlKemKeyPairUnpacked v_K v_Vector
+  in
+  let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector =
+    {
+      key_pair with
+      f_private_key
+      =
+      {
+        key_pair.f_private_key with
+        f_implicit_rejection_value
+        =
+        Core.Slice.impl__copy_from_slice #u8
+          key_pair.f_private_key.f_implicit_rejection_value
+          implicit_rejection_value
+      }
+      <:
+      t_MlKemPrivateKeyUnpacked v_K v_Vector
+    }
+    <:
+    t_MlKemKeyPairUnpacked v_K v_Vector
+  in
+  let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector =
+    {
+      key_pair with
+      f_public_key
+      =
+      {
+        key_pair.f_public_key with
+        f_ind_cpa_public_key
+        =
+        {
+          key_pair.f_public_key.f_ind_cpa_public_key with
+          Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A
+          =
+          Core.Slice.impl__copy_from_slice #u8
+            key_pair.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A
+            (ind_cpa_public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE }
+                <:
+                Core.Ops.Range.t_RangeFrom usize ]
+              <:
+              t_Slice u8)
+        }
+        <:
+        Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+      }
+      <:
+      t_MlKemPublicKeyUnpacked v_K v_Vector
+    }
+    <:
+    t_MlKemKeyPairUnpacked v_K v_Vector
+  in
+  key_pair
+
+let impl_4__from_private_key
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+     =
+  let out:t_MlKemKeyPairUnpacked v_K v_Vector =
+    Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let out:t_MlKemKeyPairUnpacked v_K v_Vector =
+    keys_from_private_key v_K
+      v_SECRET_KEY_SIZE
+      v_CPA_SECRET_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      v_BYTES_PER_RING_ELEMENT
+      v_T_AS_NTT_ENCODED_SIZE
+      #v_Vector
+      private_key
+      out
+  in
+  out
+
 let unpack_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (#v_Hasher #v_Vector: Type0)
@@ -402,7 +559,7 @@ let encapsulate
   <:
   (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
 
-let impl_3__serialized_public_key_mut
+let impl_3__serialized_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -443,7 +600,7 @@ let impl_4__serialized_public_key_mut
   let hax_temp_output, serialized:(Prims.unit &
     Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) =
     (),
-    impl_3__serialized_public_key_mut v_K
+    impl_3__serialized_mut v_K
       #v_Vector
       v_RANKED_BYTES_PER_RING_ELEMENT
       v_PUBLIC_KEY_SIZE
@@ -454,7 +611,7 @@ let impl_4__serialized_public_key_mut
   in
   serialized
 
-let impl_3__serialized_public_key
+let impl_3__serialized
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -463,8 +620,8 @@ let impl_3__serialized_public_key
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
      =
-  Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE)
-    #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+  Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+    #(t_Array u8 v_PUBLIC_KEY_SIZE)
     #FStar.Tactics.Typeclasses.solve
     (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K
         v_RANKED_BYTES_PER_RING_ELEMENT
@@ -484,7 +641,7 @@ let impl_4__serialized_public_key
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      =
-  impl_3__serialized_public_key v_K
+  impl_3__serialized v_K
     #v_Vector
     v_RANKED_BYTES_PER_RING_ELEMENT
     v_PUBLIC_KEY_SIZE
@@ -668,6 +825,72 @@ let generate_keypair
 
 #pop-options
 
+let impl_4__serialized_private_key_mut
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
+          usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (self: t_MlKemKeyPairUnpacked v_K v_Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
+     =
+  let ind_cpa_private_key, ind_cpa_public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE &
+    t_Array u8 v_PUBLIC_KEY_SIZE) =
+    Libcrux_ml_kem.Ind_cpa.serialize_unpacked_secret_key v_K
+      v_CPA_PRIVATE_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      v_RANKED_BYTES_PER_RING_ELEMENT
+      #v_Vector
+      self.f_public_key.f_ind_cpa_public_key
+      self.f_private_key.f_ind_cpa_private_key
+  in
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE =
+    {
+      serialized with
+      Libcrux_ml_kem.Types.f_value
+      =
+      Libcrux_ml_kem.Ind_cca.serialize_kem_secret_key_mut v_K
+        v_PRIVATE_KEY_SIZE
+        #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K)
+        (ind_cpa_private_key <: t_Slice u8)
+        (ind_cpa_public_key <: t_Slice u8)
+        (self.f_private_key.f_implicit_rejection_value <: t_Slice u8)
+        serialized.Libcrux_ml_kem.Types.f_value
+    }
+    <:
+    Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE
+  in
+  serialized
+
+let impl_4__serialized_private_key
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
+          usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (self: t_MlKemKeyPairUnpacked v_K v_Vector)
+     =
+  let sk:Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE =
+    Core.Default.f_default #(Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let sk:Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE =
+    impl_4__serialized_private_key_mut v_K
+      #v_Vector
+      v_CPA_PRIVATE_KEY_SIZE
+      v_PRIVATE_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      v_RANKED_BYTES_PER_RING_ELEMENT
+      self
+      sk
+  in
+  sk
+
 #push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
 
 let decapsulate
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index bb95e789b..d65517d79 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -7,6 +7,7 @@ let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
   let open Libcrux_ml_kem.Hash_functions in
+  let open Libcrux_ml_kem.Hash_functions.Portable in
   let open Libcrux_ml_kem.Ind_cpa.Unpacked in
   let open Libcrux_ml_kem.Polynomial in
   let open Libcrux_ml_kem.Types in
@@ -54,14 +55,6 @@ val impl_4__public_key
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
-/// Get the serialized private key.
-val impl_4__serialized_private_key
-      (v_K: usize)
-      (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
-      (self: t_MlKemKeyPairUnpacked v_K v_Vector)
-    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_K) Prims.l_True (fun _ -> Prims.l_True)
-
 val transpose_a
       (v_K: usize)
       (#v_Vector: Type0)
@@ -105,6 +98,26 @@ val impl_4__new:
     Prims.unit
   -> Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Take a serialized private key and generate an unpacked key pair from it.
+val keys_from_private_key
+      (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector)
+    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
+/// Take a serialized private key and generate an unpacked key pair from it.
+val impl_4__from_private_key
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
+          usize)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Generate an unpacked key from a serialized key.
 val unpack_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -176,7 +189,7 @@ val encapsulate
           ciphertext_result.f_value == ciphertext /\ shared_secret_array == shared_secret)
 
 /// Get the serialized public key.
-val impl_3__serialized_public_key_mut
+val impl_3__serialized_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -238,7 +251,7 @@ val impl_4__serialized_public_key_mut
             self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)
 
 /// Get the serialized public key.
-val impl_3__serialized_public_key
+val impl_3__serialized
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
@@ -322,6 +335,31 @@ val generate_keypair
           m_A /\ out_future.f_public_key.f_public_key_hash == public_key_hash /\
           out_future.f_private_key.f_implicit_rejection_value == implicit_rejection_value)
 
+/// Get the serialized private key.
+val impl_4__serialized_private_key_mut
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
+          usize)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (self: t_MlKemKeyPairUnpacked v_K v_Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val impl_4__serialized_private_key
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
+          usize)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (self: t_MlKemKeyPairUnpacked v_K v_Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 val decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 65ba7c6e0..271d84a70 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -12,16 +12,13 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-#push-options "--z3rlimit 300"
-
-let validate_private_key
-      (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
+let validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
       (#v_Hasher: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
-      (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
      =
   let t:t_Array u8 (sz 32) =
     Libcrux_ml_kem.Hash_functions.f_H #v_Hasher
@@ -46,8 +43,132 @@ let validate_private_key
   in
   t =. expected
 
+#push-options "--z3rlimit 300"
+
+let validate_private_key
+      (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize)
+      (#v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+      (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+     = validate_private_key_only v_K v_SECRET_KEY_SIZE #v_Hasher private_key
+
 #pop-options
 
+let serialize_kem_secret_key_mut
+      (v_K v_SERIALIZED_KEY_LEN: usize)
+      (#v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (private_key public_key implicit_rejection_value: t_Slice u8)
+      (serialized: t_Array u8 v_SERIALIZED_KEY_LEN)
+     =
+  let pointer:usize = sz 0 in
+  let serialized:t_Array u8 v_SERIALIZED_KEY_LEN =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+      ({
+          Core.Ops.Range.f_start = pointer;
+          Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize
+        }
+        <:
+        Core.Ops.Range.t_Range usize)
+      (Core.Slice.impl__copy_from_slice #u8
+          (serialized.[ {
+                Core.Ops.Range.f_start = pointer;
+                Core.Ops.Range.f_end
+                =
+                pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize ]
+            <:
+            t_Slice u8)
+          private_key
+        <:
+        t_Slice u8)
+  in
+  let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in
+  let serialized:t_Array u8 v_SERIALIZED_KEY_LEN =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+      ({
+          Core.Ops.Range.f_start = pointer;
+          Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize
+        }
+        <:
+        Core.Ops.Range.t_Range usize)
+      (Core.Slice.impl__copy_from_slice #u8
+          (serialized.[ {
+                Core.Ops.Range.f_start = pointer;
+                Core.Ops.Range.f_end
+                =
+                pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize ]
+            <:
+            t_Slice u8)
+          public_key
+        <:
+        t_Slice u8)
+  in
+  let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in
+  let serialized:t_Array u8 v_SERIALIZED_KEY_LEN =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+      ({
+          Core.Ops.Range.f_start = pointer;
+          Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize
+        }
+        <:
+        Core.Ops.Range.t_Range usize)
+      (Core.Slice.impl__copy_from_slice #u8
+          (serialized.[ {
+                Core.Ops.Range.f_start = pointer;
+                Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize ]
+            <:
+            t_Slice u8)
+          (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher
+              #v_K
+              #FStar.Tactics.Typeclasses.solve
+              public_key
+            <:
+            t_Slice u8)
+        <:
+        t_Slice u8)
+  in
+  let pointer:usize = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in
+  let serialized:t_Array u8 v_SERIALIZED_KEY_LEN =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+      ({
+          Core.Ops.Range.f_start = pointer;
+          Core.Ops.Range.f_end
+          =
+          pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize
+        }
+        <:
+        Core.Ops.Range.t_Range usize)
+      (Core.Slice.impl__copy_from_slice #u8
+          (serialized.[ {
+                Core.Ops.Range.f_start = pointer;
+                Core.Ops.Range.f_end
+                =
+                pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize ]
+            <:
+            t_Slice u8)
+          implicit_rejection_value
+        <:
+        t_Slice u8)
+  in
+  serialized
+
 #push-options "--z3rlimit 150"
 
 let serialize_kem_secret_key
@@ -194,6 +315,15 @@ let serialize_kem_secret_key
       (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key)
       implicit_rejection_value
   in
+  let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+    serialize_kem_secret_key_mut v_K
+      v_SERIALIZED_KEY_LEN
+      #v_Hasher
+      private_key
+      public_key
+      implicit_rejection_value
+      out
+  in
   out
 
 #pop-options
@@ -399,16 +529,14 @@ let decapsulate
     assert (v v_CIPHERTEXT_SIZE ==
         v v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE)
   in
-  let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) =
-    Core.Slice.impl__split_at #u8
+  let ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice
+    u8 &
+    t_Slice u8 &
+    t_Slice u8 &
+    t_Slice u8) =
+    Libcrux_ml_kem.Types.unpack_private_key v_CPA_SECRET_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
       (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8)
-      v_CPA_SECRET_KEY_SIZE
-  in
-  let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) =
-    Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE
-  in
-  let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) =
-    Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
   in
   let _:Prims.unit =
     assert (ind_cpa_secret_key == slice private_key.f_value (sz 0) v_CPA_SECRET_KEY_SIZE);
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
index 3451ffc38..15a8430bd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
@@ -20,6 +20,15 @@ let v_KEY_GENERATION_SEED_SIZE: usize =
   Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +!
   Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE
 
+/// Validate an ML-KEM private key.
+/// This implements the Hash check in 7.3 3.
+val validate_private_key_only
+      (v_K v_SECRET_KEY_SIZE: usize)
+      (#v_Hasher: Type0)
+      {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Validate an ML-KEM private key.
 /// This implements the Hash check in 7.3 3.
 /// Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
@@ -37,6 +46,14 @@ val validate_private_key
       (fun _ -> Prims.l_True)
 
 /// Serialize the secret key.
+val serialize_kem_secret_key_mut
+      (v_K v_SERIALIZED_KEY_LEN: usize)
+      (#v_Hasher: Type0)
+      {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      (private_key public_key implicit_rejection_value: t_Slice u8)
+      (serialized: t_Array u8 v_SERIALIZED_KEY_LEN)
+    : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
 val serialize_kem_secret_key
       (v_K v_SERIALIZED_KEY_LEN: usize)
       (#v_Hasher: Type0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 4484e0cc4..6010993a4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -127,6 +127,83 @@ let deserialize_secret_key
 
 #pop-options
 
+let build_unpacked_public_key_mut
+      (v_K v_T_AS_NTT_ENCODED_SIZE: usize)
+      (#v_Vector #v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (public_key: t_Slice u8)
+      (unpacked_public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+     =
+  let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    {
+      unpacked_public_key with
+      Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+      =
+      Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K
+        #v_Vector
+        (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE }
+            <:
+            Core.Ops.Range.t_RangeTo usize ]
+          <:
+          t_Slice u8)
+        unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+    }
+    <:
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  in
+  let seed:t_Slice u8 =
+    public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE }
+      <:
+      Core.Ops.Range.t_RangeFrom usize ]
+  in
+  let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    {
+      unpacked_public_key with
+      Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
+      =
+      Libcrux_ml_kem.Matrix.sample_matrix_A v_K
+        #v_Vector
+        #v_Hasher
+        unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
+        (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34))
+        false
+    }
+    <:
+    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+  in
+  unpacked_public_key
+
+let build_unpacked_public_key
+      (v_K v_T_AS_NTT_ENCODED_SIZE: usize)
+      (#v_Vector #v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (public_key: t_Slice u8)
+     =
+  let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+    build_unpacked_public_key_mut v_K
+      v_T_AS_NTT_ENCODED_SIZE
+      #v_Vector
+      #v_Hasher
+      public_key
+      unpacked_public_key
+  in
+  unpacked_public_key
+
 #push-options "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
 
 let sample_ring_element_cbd
@@ -799,52 +876,7 @@ let encrypt
      =
   let _:Prims.unit = reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt in
   let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
-    Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
-      #FStar.Tactics.Typeclasses.solve
-      ()
-  in
-  let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
-    {
-      unpacked_public_key with
-      Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-      =
-      Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K
-        #v_Vector
-        (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE }
-            <:
-            Core.Ops.Range.t_RangeTo usize ]
-          <:
-          t_Slice u8)
-        unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-    }
-    <:
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
-  in
-  let seed:t_Slice u8 =
-    public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE }
-      <:
-      Core.Ops.Range.t_RangeFrom usize ]
-  in
-  let _:Prims.unit =
-    Lib.Sequence.eq_intro #u8
-      #32
-      seed
-      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32)
-  in
-  let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
-    {
-      unpacked_public_key with
-      Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
-      =
-      Libcrux_ml_kem.Matrix.sample_matrix_A v_K
-        #v_Vector
-        #v_Hasher
-        unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A
-        (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34))
-        false
-    }
-    <:
-    Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
+    build_unpacked_public_key v_K v_T_AS_NTT_ENCODED_SIZE #v_Vector #v_Hasher public_key
   in
   encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN
     v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2
@@ -1176,6 +1208,33 @@ let serialize_public_key
   in
   public_key_serialized
 
+let serialize_unpacked_secret_key
+      (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
+     =
+  let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+    serialize_public_key v_K
+      v_RANKED_BYTES_PER_RING_ELEMENT
+      v_PUBLIC_KEY_SIZE
+      #v_Vector
+      public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+      (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8)
+  in
+  let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE =
+    serialize_secret_key v_K
+      v_PRIVATE_KEY_SIZE
+      #v_Vector
+      private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
+  in
+  secret_key_serialized, public_key_serialized
+  <:
+  (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
+
 let generate_keypair
       (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
           usize)
@@ -1215,20 +1274,10 @@ let generate_keypair
   let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = tmp0 in
   let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = tmp1 in
   let _:Prims.unit = () in
-  let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
-    serialize_public_key v_K
-      v_RANKED_BYTES_PER_RING_ELEMENT
-      v_PUBLIC_KEY_SIZE
-      #v_Vector
-      public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-      (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8)
-  in
-  let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE =
-    serialize_secret_key v_K
-      v_PRIVATE_KEY_SIZE
-      #v_Vector
-      private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt
-  in
-  secret_key_serialized, public_key_serialized
-  <:
-  (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
+  serialize_unpacked_secret_key v_K
+    v_PRIVATE_KEY_SIZE
+    v_PUBLIC_KEY_SIZE
+    v_RANKED_BYTES_PER_RING_ELEMENT
+    #v_Vector
+    public_key
+    private_key
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 102bd667f..2d62a7e51 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -43,6 +43,27 @@ val deserialize_secret_key
           Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res ==
           Spec.MLKEM.vector_decode_12 #v_K secret_key)
 
+val build_unpacked_public_key_mut
+      (v_K v_T_AS_NTT_ENCODED_SIZE: usize)
+      (#v_Vector #v_Hasher: Type0)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      (public_key: t_Slice u8)
+      (unpacked_public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+    : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val build_unpacked_public_key
+      (v_K v_T_AS_NTT_ENCODED_SIZE: usize)
+      (#v_Vector #v_Hasher: Type0)
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
+      (public_key: t_Slice u8)
+    : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Sample a vector of ring elements from a centered binomial distribution.
 val sample_ring_element_cbd
       (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
@@ -459,6 +480,17 @@ val serialize_public_key
                 (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt))
             seed_for_a)
 
+/// Serialize the secret key from the unpacked key pair generation.
+val serialize_unpacked_secret_key
+      (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: usize)
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
+      (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector)
+    : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 val generate_keypair
       (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
           usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst
index abc7e4b8b..e37975ff3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst
@@ -11,6 +11,64 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4)
+    #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+    (sz 1536)
+    (sz 3168)
+    (sz 1568)
+    (sz 1536)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4)
+      #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+      (sz 1536)
+      (sz 3168)
+      (sz 1568)
+      (sz 1536)
+      key_pair
+      serialized
+  in
+  serialized
+
+let key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4)
+    #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+    (sz 1536)
+    (sz 1568)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4)
+      #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+      (sz 1536)
+      (sz 1568)
+      key_pair
+      serialized
+  in
+  serialized
+
 let serialized_public_key
       (public_key:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4)
@@ -18,7 +76,7 @@ let serialized_public_key
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) =
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 4)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4)
       #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
       (sz 1536)
       (sz 1568)
@@ -47,7 +105,7 @@ let encapsulate
     (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
@@ -73,6 +131,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
         Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
@@ -85,6 +157,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 4)
+      (sz 3168)
+      (sz 1536)
+      (sz 1568)
+      (sz 1536)
+      (sz 1536)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
       (unpacked_public_key:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
index df9a73c0b..9a5a2d8c6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
@@ -11,6 +11,44 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -61,7 +99,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 1024 Key Pair in "unpacked" form
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
@@ -70,6 +108,12 @@ val generate_key_pair
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
           Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 1024 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -82,6 +126,16 @@ val init_public_key: Prims.unit
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4)
           Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst
index 19d9fc0c8..c9b450487 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst
@@ -13,6 +13,9 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 4) (sz 3168) private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti
index 97cdb4949..763fc3d71 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 1024
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst
index 27056053e..92cd21b33 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst
@@ -11,6 +11,64 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4)
+    #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+    (sz 1536)
+    (sz 3168)
+    (sz 1568)
+    (sz 1536)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4)
+      #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+      (sz 1536)
+      (sz 3168)
+      (sz 1568)
+      (sz 1536)
+      key_pair
+      serialized
+  in
+  serialized
+
+let key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4)
+    #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+    (sz 1536)
+    (sz 1568)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4)
+      #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+      (sz 1536)
+      (sz 1568)
+      key_pair
+      serialized
+  in
+  serialized
+
 let serialized_public_key
       (public_key:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4)
@@ -18,7 +76,7 @@ let serialized_public_key
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) =
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 4)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4)
       #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
       (sz 1536)
       (sz 1568)
@@ -47,7 +105,7 @@ let encapsulate
     (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
@@ -73,6 +131,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
         Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
@@ -85,6 +157,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 4)
+      (sz 3168)
+      (sz 1536)
+      (sz 1568)
+      (sz 1536)
+      (sz 1536)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
       (unpacked_public_key:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
index 905114862..36f905cab 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
@@ -11,6 +11,44 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -61,7 +99,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 1024 Key Pair in "unpacked" form
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
@@ -72,6 +110,14 @@ val generate_key_pair
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 1024 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -88,6 +134,18 @@ val init_public_key: Prims.unit
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst
index 0ec31a417..f664c07b3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst
@@ -13,6 +13,9 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 4) (sz 3168) private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti
index b7d739c0f..097585875 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 1024
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst
index f5f6b44d1..c0f9ff42d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst
@@ -11,6 +11,64 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4)
+    #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+    (sz 1536)
+    (sz 3168)
+    (sz 1568)
+    (sz 1536)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4)
+      #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+      (sz 1536)
+      (sz 3168)
+      (sz 1568)
+      (sz 1536)
+      key_pair
+      serialized
+  in
+  serialized
+
+let key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4)
+    #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+    (sz 1536)
+    (sz 1568)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4)
+      #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+      (sz 1536)
+      (sz 1568)
+      key_pair
+      serialized
+  in
+  serialized
+
 let serialized_public_key
       (public_key:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4)
@@ -18,7 +76,7 @@ let serialized_public_key
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) =
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 4)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4)
       #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
       (sz 1536)
       (sz 1568)
@@ -47,7 +105,7 @@ let encapsulate
     (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
@@ -73,6 +131,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
         Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
@@ -85,6 +157,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 4)
+      (sz 3168)
+      (sz 1536)
+      (sz 1568)
+      (sz 1536)
+      (sz 1536)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
       (unpacked_public_key:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
index a2997c1be..3ad9c70b0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
@@ -11,6 +11,44 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -61,7 +99,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 1024 Key Pair in "unpacked" form
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
@@ -72,6 +110,14 @@ val generate_key_pair
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 1024 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -88,6 +134,18 @@ val init_public_key: Prims.unit
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst
index eb7c7b085..c093cfc37 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst
@@ -13,6 +13,11 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 4)
+    (sz 3168)
+    private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti
index f93988b73..cb06fc90f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 1024
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst
index 74a6f26f2..a63bcaf11 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst
@@ -11,6 +11,64 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2)
+    #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+    (sz 768)
+    (sz 1632)
+    (sz 800)
+    (sz 768)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2)
+      #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+      (sz 768)
+      (sz 1632)
+      (sz 800)
+      (sz 768)
+      key_pair
+      serialized
+  in
+  serialized
+
+let key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2)
+    #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+    (sz 768)
+    (sz 800)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2)
+      #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+      (sz 768)
+      (sz 800)
+      key_pair
+      serialized
+  in
+  serialized
+
 let serialized_public_key
       (public_key:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2)
@@ -19,7 +77,7 @@ let serialized_public_key
      =
   let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) =
     (),
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 2)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2)
       #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
       (sz 768)
       (sz 800)
@@ -49,7 +107,7 @@ let encapsulate
   Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768)
     (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
@@ -69,6 +127,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
         Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
@@ -81,6 +153,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 2)
+      (sz 1632)
+      (sz 768)
+      (sz 800)
+      (sz 768)
+      (sz 768)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
       (unpacked_public_key:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
index 724de7697..e04741006 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
@@ -11,6 +11,44 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -59,7 +97,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 512 Key Pair in "unpacked" form
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
@@ -68,6 +106,12 @@ val generate_key_pair
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
           Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 512 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -80,6 +124,16 @@ val init_public_key: Prims.unit
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2)
           Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst
index 36a793c00..81867e6a4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst
@@ -13,6 +13,9 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 2) (sz 1632) private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti
index b7c71322d..b138131fe 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 512
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst
index 1f1d6a2d1..1142a8c11 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst
@@ -11,6 +11,64 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2)
+    #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+    (sz 768)
+    (sz 1632)
+    (sz 800)
+    (sz 768)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2)
+      #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+      (sz 768)
+      (sz 1632)
+      (sz 800)
+      (sz 768)
+      key_pair
+      serialized
+  in
+  serialized
+
+let key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2)
+    #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+    (sz 768)
+    (sz 800)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2)
+      #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+      (sz 768)
+      (sz 800)
+      key_pair
+      serialized
+  in
+  serialized
+
 let serialized_public_key
       (public_key:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2)
@@ -19,7 +77,7 @@ let serialized_public_key
      =
   let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) =
     (),
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 2)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2)
       #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
       (sz 768)
       (sz 800)
@@ -49,7 +107,7 @@ let encapsulate
   Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768)
     (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
@@ -69,6 +127,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
         Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
@@ -81,6 +153,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 2)
+      (sz 1632)
+      (sz 768)
+      (sz 800)
+      (sz 768)
+      (sz 768)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
       (unpacked_public_key:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
index 75bff98e2..8b2b0078e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
@@ -11,6 +11,44 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -59,7 +97,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 512 Key Pair in "unpacked" form
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
@@ -70,6 +108,14 @@ val generate_key_pair
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 512 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -86,6 +132,18 @@ val init_public_key: Prims.unit
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst
index 25c542cbc..077af75fe 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst
@@ -13,6 +13,9 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 2) (sz 1632) private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti
index 690f7a8be..6886ec966 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 512
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst
index 97e089aab..ac9e84801 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst
@@ -11,6 +11,64 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2)
+    #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+    (sz 768)
+    (sz 1632)
+    (sz 800)
+    (sz 768)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2)
+      #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+      (sz 768)
+      (sz 1632)
+      (sz 800)
+      (sz 768)
+      key_pair
+      serialized
+  in
+  serialized
+
+let key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2)
+    #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+    (sz 768)
+    (sz 800)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2)
+      #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+      (sz 768)
+      (sz 800)
+      key_pair
+      serialized
+  in
+  serialized
+
 let serialized_public_key
       (public_key:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2)
@@ -19,7 +77,7 @@ let serialized_public_key
      =
   let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) =
     (),
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 2)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2)
       #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
       (sz 768)
       (sz 800)
@@ -50,7 +108,7 @@ let encapsulate
     (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
@@ -70,6 +128,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
         Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
@@ -82,6 +154,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 2)
+      (sz 1632)
+      (sz 768)
+      (sz 800)
+      (sz 768)
+      (sz 768)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
       (unpacked_public_key:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
index 21c0e9957..c6ab5ab8c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
@@ -11,6 +11,44 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -59,7 +97,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 512 Key Pair in "unpacked" form
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
@@ -70,6 +108,14 @@ val generate_key_pair
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 512 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -86,6 +132,18 @@ val init_public_key: Prims.unit
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val unpacked_public_key
       (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst
index 8c8453609..4c6c96ff8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst
@@ -13,6 +13,11 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 2)
+    (sz 1632)
+    private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti
index 6862b8d13..64d59c955 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 512
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst
index 057873b12..7788eac55 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst
@@ -11,10 +11,52 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3)
+    #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+    (sz 1152)
+    (sz 2400)
+    (sz 1184)
+    (sz 1152)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3)
+      #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+      (sz 1152)
+      (sz 2400)
+      (sz 1184)
+      (sz 1152)
+      key_pair
+      serialized
+  in
+  serialized
+
 let key_pair_serialized_public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3)
+    #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
+    (sz 1152)
+    (sz 1184)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) =
@@ -34,7 +76,7 @@ let serialized_public_key
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) =
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 3)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3)
       #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector
       (sz 1152)
       (sz 1184)
@@ -63,7 +105,7 @@ let encapsulate
     (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
@@ -83,6 +125,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
         Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
@@ -95,6 +151,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 3)
+      (sz 2400)
+      (sz 1152)
+      (sz 1184)
+      (sz 1152)
+      (sz 1152)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
index a5ef4110d..d6ffe0ba9 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
@@ -11,12 +11,30 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val key_pair_serialized_public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
-      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
       (requires
         forall (i: nat).
@@ -27,6 +45,16 @@ val key_pair_serialized_public_key
                 i))
       (fun _ -> Prims.l_True)
 
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -75,7 +103,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 768 Key Pair in "unpacked" form.
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
@@ -84,6 +112,12 @@ val generate_key_pair
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
           Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 768 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -96,6 +130,16 @@ val init_public_key: Prims.unit
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3)
           Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val public_key
       (key_pair:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst
index 509dd7d2c..ec517abff 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst
@@ -13,6 +13,9 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 3) (sz 2400) private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti
index 2b74d346e..32d3615e9 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 768
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst
index 8daf42a3d..541f0ab82 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst
@@ -12,10 +12,52 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3)
+    #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+    (sz 1152)
+    (sz 2400)
+    (sz 1184)
+    (sz 1152)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3)
+      #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+      (sz 1152)
+      (sz 2400)
+      (sz 1184)
+      (sz 1152)
+      key_pair
+      serialized
+  in
+  serialized
+
 let key_pair_serialized_public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3)
+    #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
+    (sz 1152)
+    (sz 1184)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) =
@@ -35,7 +77,7 @@ let serialized_public_key
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) =
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 3)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3)
       #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector
       (sz 1152)
       (sz 1184)
@@ -64,7 +106,7 @@ let encapsulate
     (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
@@ -84,6 +126,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
         Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
@@ -96,6 +152,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 3)
+      (sz 2400)
+      (sz 1152)
+      (sz 1184)
+      (sz 1152)
+      (sz 1152)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
index 875b33127..7ca21ec6c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
@@ -12,12 +12,30 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val key_pair_serialized_public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
       (requires
         forall (i: nat).
@@ -28,6 +46,16 @@ val key_pair_serialized_public_key
                 i))
       (fun _ -> Prims.l_True)
 
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -76,7 +104,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 768 Key Pair in "unpacked" form.
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
@@ -87,6 +115,14 @@ val generate_key_pair
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 768 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -103,6 +139,18 @@ val init_public_key: Prims.unit
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val public_key
       (key_pair:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst
index 17c71a387..d6ffc47a4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst
@@ -13,6 +13,9 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 3) (sz 2400) private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti
index f3edcca02..00fc18c11 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 768
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst
index f950b23dd..4588ae4aa 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst
@@ -12,10 +12,52 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+let key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3)
+    #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+    (sz 1152)
+    (sz 2400)
+    (sz 1184)
+    (sz 1152)
+    key_pair
+
+let key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+     =
+  let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) =
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3)
+      #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+      (sz 1152)
+      (sz 2400)
+      (sz 1184)
+      (sz 1152)
+      key_pair
+      serialized
+  in
+  serialized
+
 let key_pair_serialized_public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3)
+    #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+    (sz 1152)
+    (sz 1184)
+    key_pair
+
+let key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) =
@@ -35,7 +77,7 @@ let serialized_public_key
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
      =
   let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) =
-    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_public_key_mut (sz 3)
+    Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3)
       #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
       (sz 1152)
       (sz 1184)
@@ -64,7 +106,7 @@ let encapsulate
     (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key
     randomness
 
-let generate_key_pair
+let generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
@@ -84,6 +126,20 @@ let generate_key_pair
   in
   key_pair
 
+let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      #FStar.Tactics.Typeclasses.solve
+      ()
+  in
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    generate_key_pair_mut randomness key_pair
+  in
+  key_pair
+
 let init_key_pair (_: Prims.unit) =
   Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
         Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
@@ -96,6 +152,25 @@ let init_public_key (_: Prims.unit) =
     #FStar.Tactics.Typeclasses.solve
     ()
 
+let key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+     =
+  let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+    Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
+    Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 3)
+      (sz 2400)
+      (sz 1152)
+      (sz 1184)
+      (sz 1152)
+      (sz 1152)
+      private_key
+      key_pair
+  in
+  key_pair
+
 let public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
index 06e305a32..c72c1f97f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
@@ -12,12 +12,30 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+/// Get the serialized private key.
+val key_pair_serialized_private_key
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+/// Get the serialized private key.
+val key_pair_serialized_private_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val key_pair_serialized_public_key
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
       (requires
         forall (i: nat).
@@ -28,6 +46,16 @@ val key_pair_serialized_public_key
                 i))
       (fun _ -> Prims.l_True)
 
+/// Get the serialized public key.
+val key_pair_serialized_public_key_mut
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
+    : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the serialized public key.
 val serialized_public_key
       (public_key:
@@ -76,7 +104,7 @@ val encapsulate
       (fun _ -> Prims.l_True)
 
 /// Generate ML-KEM 768 Key Pair in "unpacked" form.
-val generate_key_pair
+val generate_key_pair_mut
       (randomness: t_Array u8 (sz 64))
       (key_pair:
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
@@ -87,6 +115,14 @@ val generate_key_pair
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Generate ML-KEM 768 Key Pair in "unpacked" form.
+val generate_key_pair (randomness: t_Array u8 (sz 64))
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Create a new, empty unpacked key.
 val init_key_pair: Prims.unit
   -> Prims.Pure
@@ -103,6 +139,18 @@ val init_public_key: Prims.unit
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// Get an unpacked key from a private key.
+val key_pair_from_private_mut
+      (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+      (key_pair:
+          Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+            Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+    : Prims.Pure
+      (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3)
+          Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 /// Get the unpacked public key.
 val public_key
       (key_pair:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst
index ded4c9b1d..ef78b1c7e 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst
@@ -13,6 +13,11 @@ let validate_private_key
     private_key
     ciphertext
 
+let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) =
+  Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 3)
+    (sz 2400)
+    private_key
+
 let decapsulate
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti
index 570cf4ad8..d503ab893 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti
@@ -10,6 +10,11 @@ val validate_private_key
       (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088))
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
+/// Validate the private key only.
+/// Returns `true` if valid, and `false` otherwise.
+val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400))
+    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
 /// Decapsulate ML-KEM 768
 /// Generates an [`MlKemSharedSecret`].
 /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`].
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index a26d5c21b..5f609549a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -158,6 +158,20 @@ let impl_21__sk
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
      = impl_13__as_slice v_PRIVATE_KEY_SIZE self.f_sk
 
+let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8) =
+  let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) =
+    Core.Slice.impl__split_at #u8 private_key v_CPA_SECRET_KEY_SIZE
+  in
+  let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) =
+    Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE
+  in
+  let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) =
+    Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
+  in
+  ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value
+  <:
+  (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
   {
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 2b5e5a606..4e7ef7185 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -137,6 +137,13 @@ val impl_21__sk
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
     : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Unpack an incoming private key into it's different parts.
+/// We have this here in types to extract into a common core for C.
+val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8)
+    : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE)
 
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index f4d780dfd..7d0004564 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -582,6 +582,7 @@ pub(crate) mod unpacked {
 
     /// Take a serialized private key and generate an unpacked key pair from it.
     #[inline(always)]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
     pub fn keys_from_private_key<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
index 95dad6932..e8713dad5 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 

From 63a1e7df93f0cfe93c2f2d6ed76b81d8d91a4494 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Sat, 16 Nov 2024 18:34:17 +0100
Subject: [PATCH 030/142] fstar

---
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti      | 18 +++++++++++++--
 .../extraction/Libcrux_ml_kem.Types.fsti      | 22 ++++++++++++++++---
 libcrux-ml-kem/src/ind_cca.rs                 | 13 ++++++++++-
 libcrux-ml-kem/src/types.rs                   | 12 ++++++++++
 4 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index d65517d79..73422b6d2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -106,7 +106,14 @@ val keys_from_private_key
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
       (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector)
-    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Take a serialized private key and generate an unpacked key pair from it.
 val impl_4__from_private_key
@@ -116,7 +123,14 @@ val impl_4__from_private_key
           usize)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
-    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Generate an unpacked key from a serialized key.
 val unpack_public_key
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 4e7ef7185..8098d307d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -137,12 +137,28 @@ val impl_21__sk
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
     : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
-/// Unpack an incoming private key into it's different parts.
+/// Unpack an incoming private key into it\'s different parts.
 /// We have this here in types to extract into a common core for C.
 val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8)
     : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Seq.length private_key >=
+        v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)
+      (ensures
+        fun result ->
+          let result:(t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) = result in
+          let
+          ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value
+          =
+            result
+          in
+          Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\
+          Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\
+          Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\
+          Seq.length implicit_rejection_value ==
+          Seq.length private_key -
+          (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE +
+            v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE)
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 7d0004564..40d434a1a 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -582,7 +582,12 @@ pub(crate) mod unpacked {
 
     /// Take a serialized private key and generate an unpacked key pair from it.
     #[inline(always)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
+    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+           v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
+           v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
+           v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
+           v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"))]
     pub fn keys_from_private_key<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -641,6 +646,12 @@ pub(crate) mod unpacked {
 
         /// Take a serialized private key and generate an unpacked key pair from it.
         #[inline(always)]
+        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+           v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
+           v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
+           v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
+           v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"))]
         pub fn from_private_key<
             const SECRET_KEY_SIZE: usize,
             const CPA_SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs
index 9d94afbdd..4ce154efb 100644
--- a/libcrux-ml-kem/src/types.rs
+++ b/libcrux-ml-kem/src/types.rs
@@ -203,6 +203,18 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
 /// Unpack an incoming private key into it's different parts.
 ///
 /// We have this here in types to extract into a common core for C.
+#[hax_lib::requires(fstar!("Seq.length private_key >= 
+                            v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + 
+                            v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE"))]
+#[hax_lib::ensures(|result| fstar!("
+           let (ind_cpa_secret_key,ind_cpa_public_key,ind_cpa_public_key_hash,implicit_rejection_value)
+               = result in
+           Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\\
+           Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\\
+           Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\\
+           Seq.length implicit_rejection_value == 
+           Seq.length private_key - 
+             (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)"))]
 pub(crate) fn unpack_private_key<const CPA_SECRET_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>(
     private_key: &[u8], // len: SECRET_KEY_SIZE
 ) -> (&[u8], &[u8], &[u8], &[u8]) {

From 86e27d8e67d62ad04ee7f367e797168ac01236fd Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 27 Nov 2024 21:33:08 +0100
Subject: [PATCH 031/142] fixes

---
 ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti |  5 ++-
 ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti |  5 ++-
 ...l_kem.Ind_cca.Instantiations.Portable.fsti |  5 ++-
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       | 18 ++++----
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     |  4 ++
 .../extraction/Libcrux_ml_kem.Ind_cca.fsti    |  5 ++-
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     |  1 +
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    | 41 +++++++++++++++++--
 libcrux-ml-kem/src/ind_cca.rs                 |  4 ++
 libcrux-ml-kem/src/ind_cca/instantiations.rs  |  3 ++
 .../src/ind_cca/instantiations/avx2.rs        |  2 +
 libcrux-ml-kem/src/ind_cpa.rs                 | 24 ++++++++++-
 12 files changed, 101 insertions(+), 16 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
index 55a5ad2a7..d31791ba7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti
@@ -37,7 +37,10 @@ val validate_private_key
 val validate_private_key_only
       (v_K v_SECRET_KEY_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K
+      )
+      (fun _ -> Prims.l_True)
 
 val decapsulate_avx2
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
index 5a6e24ad0..fd97941df 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti
@@ -28,7 +28,10 @@ val validate_private_key
 val validate_private_key_only
       (v_K v_SECRET_KEY_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K
+      )
+      (fun _ -> Prims.l_True)
 
 /// Portable decapsulate
 val decapsulate
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
index 202487815..19dc4859d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti
@@ -28,7 +28,10 @@ val validate_private_key
 val validate_private_key_only
       (v_K v_SECRET_KEY_SIZE: usize)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K
+      )
+      (fun _ -> Prims.l_True)
 
 /// Portable decapsulate
 val decapsulate
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index 5e641a876..00fca665f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -551,13 +551,17 @@ let encapsulate
   let shared_secret_array:t_Array u8 (sz 32) =
     Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret
   in
-  Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-    #(t_Array u8 v_CIPHERTEXT_SIZE)
-    #FStar.Tactics.Typeclasses.solve
-    ciphertext,
-  shared_secret_array
-  <:
-  (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+  let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) =
+    Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+      #(t_Array u8 v_CIPHERTEXT_SIZE)
+      #FStar.Tactics.Typeclasses.solve
+      ciphertext,
+    shared_secret_array
+    <:
+    (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+  in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
 let impl_3__serialized_mut
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 271d84a70..9084f94a9 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -12,6 +12,8 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+#push-options "--z3rlimit 300"
+
 let validate_private_key_only
       (v_K v_SECRET_KEY_SIZE: usize)
       (#v_Hasher: Type0)
@@ -43,6 +45,8 @@ let validate_private_key_only
   in
   t =. expected
 
+#pop-options
+
 #push-options "--z3rlimit 300"
 
 let validate_private_key
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
index 15a8430bd..1672e32c8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
@@ -27,7 +27,10 @@ val validate_private_key_only
       (#v_Hasher: Type0)
       {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
-    : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure bool
+      (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K
+      )
+      (fun _ -> Prims.l_True)
 
 /// Validate an ML-KEM private key.
 /// This implements the Hash check in 7.3 3.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 6010993a4..c82700ac7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -176,6 +176,7 @@ let build_unpacked_public_key_mut
     <:
     Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
   in
+  let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in
   unpacked_public_key
 
 let build_unpacked_public_key
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 2d62a7e51..f3ae09b9a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -51,8 +51,26 @@ val build_unpacked_public_key_mut
       (public_key: t_Slice u8)
       (unpacked_public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)
+      (ensures
+        fun unpacked_public_key_future ->
+          let unpacked_public_key_future:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked
+            v_K v_Vector =
+            unpacked_public_key_future
+          in
+          let t_as_ntt_bytes, seed_for_A = split public_key v_T_AS_NTT_ENCODED_SIZE in
+          let t_as_ntt = Spec.MLKEM.vector_decode_12 #v_K t_as_ntt_bytes in
+          let matrix_A_as_ntt, sufficient_randomness =
+            Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A
+          in
+          (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
+              #v_Vector
+              unpacked_public_key_future.f_t_as_ntt ==
+            t_as_ntt /\ unpacked_public_key_future.f_seed_for_A == seed_for_A /\
+            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector unpacked_public_key_future.f_A ==
+            matrix_A_as_ntt))
 
 val build_unpacked_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE: usize)
@@ -61,8 +79,23 @@ val build_unpacked_public_key
       {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
       (public_key: t_Slice u8)
     : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\
+        length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)
+      (ensures
+        fun result ->
+          let result:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
+            result
+          in
+          let t_as_ntt_bytes, seed_for_A = split public_key v_T_AS_NTT_ENCODED_SIZE in
+          let t_as_ntt = Spec.MLKEM.vector_decode_12 #v_K t_as_ntt_bytes in
+          let matrix_A_as_ntt, sufficient_randomness =
+            Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A
+          in
+          (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector result.f_t_as_ntt == t_as_ntt /\
+            result.f_seed_for_A == seed_for_A /\
+            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector result.f_A == matrix_A_as_ntt)
+      )
 
 /// Sample a vector of ring elements from a centered binomial distribution.
 val sample_ring_element_cbd
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 40d434a1a..7deaa7a7b 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -170,6 +170,9 @@ fn validate_private_key<
 ///
 /// This implements the Hash check in 7.3 3.
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 300")]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
 fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hasher: Hash<K>>(
     private_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
 ) -> bool {
@@ -910,6 +913,7 @@ pub(crate) mod unpacked {
 
     // Encapsulate with Unpacked Public Key
     #[inline(always)]
+    #[hax_lib::fstar::verification_status(panic_free)]
     #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs
index 98678912a..7518b8974 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs
@@ -106,6 +106,9 @@ macro_rules! instantiate {
 
             /// Private key validation
             #[inline(always)]
+            #[inline(always)]
+            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
             pub(crate) fn validate_private_key_only<
                 const K: usize,
                 const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
index 99d45cb57..b52b1d38f 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
@@ -200,6 +200,8 @@ pub(crate) fn validate_private_key<
 
 /// Private key validation
 #[inline(always)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
 pub(crate) fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize>(
     private_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
 ) -> bool {
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 6fe12da5c..984172a2e 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -676,7 +676,6 @@ fn compress_then_serialize_u<
       $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
       $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
       length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
-
 #[hax_lib::ensures(|result|
     fstar!("$result == Spec.MLKEM.ind_cpa_encrypt_unpacked $K $message $randomness
         (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_t_as_ntt)
@@ -831,6 +830,17 @@ pub(crate) fn encrypt<
     >(&unpacked_public_key, message, randomness)
 }
 
+#[inline(always)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
+#[hax_lib::ensures(|result| fstar!("
+    let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in
+    let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in 
+    let matrix_A_as_ntt, sufficient_randomness = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${result}.f_t_as_ntt == t_as_ntt /\\
+     ${result}.f_seed_for_A == seed_for_A /\\
+     Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result}.f_A == matrix_A_as_ntt)"))]
 fn build_unpacked_public_key<
     const K: usize,
     const T_AS_NTT_ENCODED_SIZE: usize,
@@ -847,6 +857,18 @@ fn build_unpacked_public_key<
     unpacked_public_key
 }
 
+#[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
+    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
+#[hax_lib::ensures(|_| fstar!("
+    let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in
+    let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in 
+    let matrix_A_as_ntt, sufficient_randomness = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_t_as_ntt == t_as_ntt /\\
+     ${unpacked_public_key}_future.f_seed_for_A == seed_for_A /\\
+     Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_A == matrix_A_as_ntt)"))]
 pub(crate) fn build_unpacked_public_key_mut<
     const K: usize,
     const T_AS_NTT_ENCODED_SIZE: usize,

From 82871a3f3586494225e27d82a1a1af060d78443e Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Thu, 28 Nov 2024 19:33:42 +0100
Subject: [PATCH 032/142] edits

---
 ....Ind_cca.Instantiations.Avx2.Unpacked.fsti |   9 +-
 ....Ind_cca.Instantiations.Neon.Unpacked.fsti |   7 +-
 ..._cca.Instantiations.Portable.Unpacked.fsti |   7 +-
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       |  30 ++-
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti      |  12 +-
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     | 204 ++++++------------
 .../extraction/Libcrux_ml_kem.Ind_cca.fsti    |  14 +-
 ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti |  16 +-
 ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti |  16 +-
 ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti |  16 +-
 ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti |  16 +-
 ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti |  16 +-
 ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti |  16 +-
 ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti |   9 +-
 ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti |   9 +-
 ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti |   9 +-
 libcrux-ml-kem/src/ind_cca.rs                 |  80 ++++---
 libcrux-ml-kem/src/ind_cca/instantiations.rs  |   8 +-
 .../src/ind_cca/instantiations/avx2.rs        |   7 +
 libcrux-ml-kem/src/mlkem1024.rs               |   6 +
 libcrux-ml-kem/src/mlkem512.rs                |   6 +
 libcrux-ml-kem/src/mlkem768.rs                |   3 +
 libcrux-ml-kem/src/types.rs                   |   3 +-
 23 files changed, 312 insertions(+), 207 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
index 1adbbce9c..b55a38fd3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti
@@ -142,7 +142,14 @@ val keypair_from_private_key
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
-          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True)
+          Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
+      (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
 val unpack_public_key_avx2
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
index a7a9fbed8..05e8e5cd5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti
@@ -91,7 +91,12 @@ val keypair_from_private_key
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
           Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
index 0bdbc2e6d..f406d6a8f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti
@@ -91,7 +91,12 @@ val keypair_from_private_key
     : Prims.Pure
       (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K
           Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+        v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)
       (fun _ -> Prims.l_True)
 
 /// Get the unpacked public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index 00fca665f..a4bb0bca2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -624,17 +624,21 @@ let impl_3__serialized
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
      =
-  Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-    #(t_Array u8 v_PUBLIC_KEY_SIZE)
-    #FStar.Tactics.Typeclasses.solve
-    (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K
-        v_RANKED_BYTES_PER_RING_ELEMENT
-        v_PUBLIC_KEY_SIZE
-        #v_Vector
-        self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-        (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8)
-      <:
-      t_Array u8 v_PUBLIC_KEY_SIZE)
+  let result:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE =
+    Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+      #(t_Array u8 v_PUBLIC_KEY_SIZE)
+      #FStar.Tactics.Typeclasses.solve
+      (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K
+          v_RANKED_BYTES_PER_RING_ELEMENT
+          v_PUBLIC_KEY_SIZE
+          #v_Vector
+          self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+          (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8)
+        <:
+        t_Array u8 v_PUBLIC_KEY_SIZE)
+  in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
 let impl_4__serialized_public_key
       (v_K: usize)
@@ -897,6 +901,8 @@ let impl_4__serialized_private_key
 
 #push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
 
+#push-options "--admit_smt_queries true"
+
 let decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
@@ -1028,3 +1034,5 @@ let decapsulate
     selector
 
 #pop-options
+
+#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index 73422b6d2..85ebcd273 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -359,7 +359,11 @@ val impl_4__serialized_private_key_mut
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K)
       (fun _ -> Prims.l_True)
 
 /// Get the serialized private key.
@@ -371,7 +375,11 @@ val impl_4__serialized_private_key
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
-      Prims.l_True
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K)
       (fun _ -> Prims.l_True)
 
 val decapsulate
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 9084f94a9..33b847072 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -61,6 +61,8 @@ let validate_private_key
 
 #pop-options
 
+#push-options "--z3rlimit 150"
+
 let serialize_kem_secret_key_mut
       (v_K v_SERIALIZED_KEY_LEN: usize)
       (#v_Hasher: Type0)
@@ -171,132 +173,18 @@ let serialize_kem_secret_key_mut
         <:
         t_Slice u8)
   in
-  serialized
-
-#push-options "--z3rlimit 150"
-
-let serialize_kem_secret_key
-      (v_K v_SERIALIZED_KEY_LEN: usize)
-      (#v_Hasher: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
-      (private_key public_key implicit_rejection_value: t_Slice u8)
-     =
-  let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in
-  let pointer:usize = sz 0 in
-  let out:t_Array u8 v_SERIALIZED_KEY_LEN =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
-      ({
-          Core.Ops.Range.f_start = pointer;
-          Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize
-        }
-        <:
-        Core.Ops.Range.t_Range usize)
-      (Core.Slice.impl__copy_from_slice #u8
-          (out.[ {
-                Core.Ops.Range.f_start = pointer;
-                Core.Ops.Range.f_end
-                =
-                pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize
-              }
-              <:
-              Core.Ops.Range.t_Range usize ]
-            <:
-            t_Slice u8)
-          private_key
-        <:
-        t_Slice u8)
-  in
-  let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in
-  let out:t_Array u8 v_SERIALIZED_KEY_LEN =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
-      ({
-          Core.Ops.Range.f_start = pointer;
-          Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize
-        }
-        <:
-        Core.Ops.Range.t_Range usize)
-      (Core.Slice.impl__copy_from_slice #u8
-          (out.[ {
-                Core.Ops.Range.f_start = pointer;
-                Core.Ops.Range.f_end
-                =
-                pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize
-              }
-              <:
-              Core.Ops.Range.t_Range usize ]
-            <:
-            t_Slice u8)
-          public_key
-        <:
-        t_Slice u8)
-  in
-  let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in
-  let out:t_Array u8 v_SERIALIZED_KEY_LEN =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
-      ({
-          Core.Ops.Range.f_start = pointer;
-          Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize
-        }
-        <:
-        Core.Ops.Range.t_Range usize)
-      (Core.Slice.impl__copy_from_slice #u8
-          (out.[ {
-                Core.Ops.Range.f_start = pointer;
-                Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize
-              }
-              <:
-              Core.Ops.Range.t_Range usize ]
-            <:
-            t_Slice u8)
-          (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher
-              #v_K
-              #FStar.Tactics.Typeclasses.solve
-              public_key
-            <:
-            t_Slice u8)
-        <:
-        t_Slice u8)
-  in
-  let pointer:usize = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in
-  let out:t_Array u8 v_SERIALIZED_KEY_LEN =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
-      ({
-          Core.Ops.Range.f_start = pointer;
-          Core.Ops.Range.f_end
-          =
-          pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize
-        }
-        <:
-        Core.Ops.Range.t_Range usize)
-      (Core.Slice.impl__copy_from_slice #u8
-          (out.[ {
-                Core.Ops.Range.f_start = pointer;
-                Core.Ops.Range.f_end
-                =
-                pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize
-              }
-              <:
-              Core.Ops.Range.t_Range usize ]
-            <:
-            t_Slice u8)
-          implicit_rejection_value
-        <:
-        t_Slice u8)
-  in
   let _:Prims.unit =
     let open Spec.Utils in
-    assert ((Seq.slice out 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)))
+    assert ((Seq.slice serialized 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)))
         `Seq.equal`
         private_key);
-    assert ((Seq.slice out
+    assert ((Seq.slice serialized
             (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K))
             (v #usize_inttype
                 (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)))
         `Seq.equal`
         public_key);
-    assert ((Seq.slice out
+    assert ((Seq.slice serialized
             (v #usize_inttype
                 (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K))
             (v #usize_inttype
@@ -304,7 +192,7 @@ let serialize_kem_secret_key
                   Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)))
         `Seq.equal`
         (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key));
-    assert (Seq.slice out
+    assert (Seq.slice serialized
           (v #usize_inttype
               (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +!
                 Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
@@ -313,12 +201,27 @@ let serialize_kem_secret_key
                 Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +!
                 Spec.MLKEM.v_SHARED_SECRET_SIZE)) ==
         implicit_rejection_value);
-    lemma_slice_append_4 out
+    lemma_slice_append_4 serialized
       private_key
       public_key
       (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key)
       implicit_rejection_value
   in
+  serialized
+
+#pop-options
+
+#push-options "--z3rlimit 150"
+
+let serialize_kem_secret_key
+      (v_K v_SERIALIZED_KEY_LEN: usize)
+      (#v_Hasher: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+      (private_key public_key implicit_rejection_value: t_Slice u8)
+     =
+  let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in
   let out:t_Array u8 v_SERIALIZED_KEY_LEN =
     serialize_kem_secret_key_mut v_K
       v_SERIALIZED_KEY_LEN
@@ -332,7 +235,7 @@ let serialize_kem_secret_key
 
 #pop-options
 
-#push-options "--z3rlimit 150"
+#push-options "--z3rlimit 300"
 
 let encapsulate
       (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
@@ -417,9 +320,13 @@ let encapsulate
       shared_secret
       ciphertext
   in
-  ciphertext, shared_secret_array
-  <:
-  (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+  let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) =
+    ciphertext, shared_secret_array
+    <:
+    (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+  in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
 #pop-options
 
@@ -454,6 +361,8 @@ let validate_public_key
   in
   public_key =. public_key_serialized
 
+#push-options "--z3rlimit 300"
+
 let generate_keypair
       (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
           usize)
@@ -503,15 +412,21 @@ let generate_keypair
       #FStar.Tactics.Typeclasses.solve
       secret_key_serialized
   in
-  Libcrux_ml_kem.Types.impl_21__from v_PRIVATE_KEY_SIZE
-    v_PUBLIC_KEY_SIZE
-    private_key
-    (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-        #(t_Array u8 v_PUBLIC_KEY_SIZE)
-        #FStar.Tactics.Typeclasses.solve
-        public_key
-      <:
-      Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+  let result:Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
+    Libcrux_ml_kem.Types.impl_21__from v_PRIVATE_KEY_SIZE
+      v_PUBLIC_KEY_SIZE
+      private_key
+      (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+          #(t_Array u8 v_PUBLIC_KEY_SIZE)
+          #FStar.Tactics.Typeclasses.solve
+          public_key
+        <:
+        Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+  in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
+
+#pop-options
 
 #push-options "--z3rlimit 500"
 
@@ -677,15 +592,20 @@ let decapsulate
       shared_secret
       ciphertext
   in
-  Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref
-        #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-        #(t_Slice u8)
-        #FStar.Tactics.Typeclasses.solve
-        ciphertext
-      <:
-      t_Slice u8)
-    (expected_ciphertext <: t_Slice u8)
-    (shared_secret <: t_Slice u8)
-    (implicit_rejection_shared_secret <: t_Slice u8)
+  let shared_secret:t_Array u8 (sz 32) =
+    Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref
+          #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+          #(t_Slice u8)
+          #FStar.Tactics.Typeclasses.solve
+          ciphertext
+        <:
+        t_Slice u8)
+      (expected_ciphertext <: t_Slice u8)
+      (shared_secret <: t_Slice u8)
+      (implicit_rejection_shared_secret <: t_Slice u8)
+  in
+  let result:t_Array u8 (sz 32) = shared_secret in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  result
 
 #pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
index 1672e32c8..057295e89 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti
@@ -55,7 +55,19 @@ val serialize_kem_secret_key_mut
       {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |}
       (private_key public_key implicit_rejection_value: t_Slice u8)
       (serialized: t_Array u8 v_SERIALIZED_KEY_LEN)
-    : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN)
+      (requires
+        Spec.MLKEM.is_rank v_K /\ v_SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+        Core.Slice.impl__len #u8 private_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+        Core.Slice.impl__len #u8 public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+        Core.Slice.impl__len #u8 implicit_rejection_value == Spec.MLKEM.v_SHARED_SECRET_SIZE)
+      (ensures
+        fun serialized_future ->
+          let serialized_future:t_Array u8 v_SERIALIZED_KEY_LEN = serialized_future in
+          serialized_future ==
+          Seq.append private_key
+            (Seq.append public_key (Seq.append (Spec.Utils.v_H public_key) implicit_rejection_value)
+            ))
 
 val serialize_kem_secret_key
       (v_K v_SERIALIZED_KEY_LEN: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
index 9a5a2d8c6..72df96050 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti
@@ -36,7 +36,13 @@ val key_pair_serialized_public_key
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -46,7 +52,13 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
index 36f905cab..3b4eb1833 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti
@@ -36,7 +36,13 @@ val key_pair_serialized_public_key
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -46,7 +52,13 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
index 3ad9c70b0..6370203e4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti
@@ -36,7 +36,13 @@ val key_pair_serialized_public_key
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4)
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -46,7 +52,13 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 4 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
index e04741006..21aeb9213 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti
@@ -36,7 +36,13 @@ val key_pair_serialized_public_key
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -46,7 +52,13 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
index 8b2b0078e..d6eab98a0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti
@@ -36,7 +36,13 @@ val key_pair_serialized_public_key
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -46,7 +52,13 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
index c6ab5ab8c..7f06b0b9c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti
@@ -36,7 +36,13 @@ val key_pair_serialized_public_key
           Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2)
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
@@ -46,7 +52,13 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))
-      Prims.l_True
+      (requires
+        forall (i: nat).
+          i < 2 ==>
+          Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key
+                  .f_ind_cpa_public_key
+                  .f_t_as_ntt
+                i))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
index d6ffe0ba9..26bf0ffd6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti
@@ -52,7 +52,14 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        (forall (i: nat).
+            i < 3 ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair
+                    .f_public_key
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
index 7ca21ec6c..3fbc5e15c 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti
@@ -53,7 +53,14 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        (forall (i: nat).
+            i < 3 ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair
+                    .f_public_key
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
index c72c1f97f..e4f2a98e1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti
@@ -53,7 +53,14 @@ val key_pair_serialized_public_key_mut
             Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))
-      Prims.l_True
+      (requires
+        (forall (i: nat).
+            i < 3 ==>
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair
+                    .f_public_key
+                    .f_ind_cpa_public_key
+                    .f_t_as_ntt
+                  i)))
       (fun _ -> Prims.l_True)
 
 /// Get the serialized public key.
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 7deaa7a7b..b735ce5dd 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -37,6 +37,16 @@ pub(crate) mod instantiations;
 /// Serialize the secret key.
 
 #[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 150")]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+    ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+    ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+    ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
+#[hax_lib::ensures(|result| fstar!("${serialized}_future == Seq.append $private_key (
+                                              Seq.append $public_key (
+                                              Seq.append (Spec.Utils.v_H $public_key) 
+                                                  $implicit_rejection_value))"))]
 fn serialize_kem_secret_key_mut<
     const K: usize,
     const SERIALIZED_KEY_LEN: usize,
@@ -56,6 +66,27 @@ fn serialize_kem_secret_key_mut<
     pointer += H_DIGEST_SIZE;
     serialized[pointer..pointer + implicit_rejection_value.len()]
         .copy_from_slice(implicit_rejection_value);
+
+    hax_lib::fstar!("let open Spec.Utils in
+    assert (Seq.slice serialized 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K)) `Seq.equal` $private_key);
+    assert (Seq.slice serialized (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K))
+                            (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K)) `Seq.equal` $public_key);
+    assert (Seq.slice serialized (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
+                                            Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K))
+                            (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
+                                            Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K +!
+                                            Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
+            `Seq.equal` Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key);
+    assert (Seq.slice serialized (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
+                                            Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K +!
+                                            Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
+                            (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
+                                            Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K +!
+                                            Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +!
+                                            Spec.MLKEM.v_SHARED_SECRET_SIZE))
+            == $implicit_rejection_value);
+    lemma_slice_append_4 serialized $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value");
+
 }
 
 
@@ -77,35 +108,6 @@ fn serialize_kem_secret_key<const K: usize, const SERIALIZED_KEY_LEN: usize, Has
 ) -> [u8; SERIALIZED_KEY_LEN] {
     let mut out = [0u8; SERIALIZED_KEY_LEN];
 
-    let mut pointer = 0;
-    out[pointer..pointer + private_key.len()].copy_from_slice(private_key);
-    pointer += private_key.len();
-    out[pointer..pointer + public_key.len()].copy_from_slice(public_key);
-    pointer += public_key.len();
-    out[pointer..pointer + H_DIGEST_SIZE].copy_from_slice(&Hasher::H(public_key));
-    pointer += H_DIGEST_SIZE;
-    out[pointer..pointer + implicit_rejection_value.len()]
-        .copy_from_slice(implicit_rejection_value);
-    hax_lib::fstar!("let open Spec.Utils in
-        assert (Seq.slice $out 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K)) `Seq.equal` $private_key);
-        assert (Seq.slice $out (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K))
-                                (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K)) `Seq.equal` $public_key);
-        assert (Seq.slice $out (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
-                                                Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K))
-                                (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
-                                                Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K +!
-                                                Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
-                `Seq.equal` Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key);
-        assert (Seq.slice $out (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
-                                                Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K +!
-                                                Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
-                                (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +!
-                                                Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K +!
-                                                Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +!
-                                                Spec.MLKEM.v_SHARED_SECRET_SIZE))
-                == $implicit_rejection_value);
-        lemma_slice_append_4 $out $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value");
-
     serialize_kem_secret_key_mut::<K, SERIALIZED_KEY_LEN, Hasher>(
         private_key,
         public_key,
@@ -190,6 +192,8 @@ fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hashe
 ///
 /// Depending on the `Vector` and `Hasher` used, this requires different hardware
 /// features
+#[hax_lib::fstar::options("--z3rlimit 300")]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
@@ -240,7 +244,8 @@ fn generate_keypair<
     MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key))
 }
 
-#[hax_lib::fstar::options("--z3rlimit 150")]
+#[hax_lib::fstar::options("--z3rlimit 300")]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -312,6 +317,7 @@ fn encapsulate<
 
 /// This code verifies on some machines, runs out of memory on others
 #[hax_lib::fstar::options("--z3rlimit 500")]
+#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
@@ -543,6 +549,7 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
+        #[hax_lib::fstar::verification_status(panic_free)]
         #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -590,7 +597,7 @@ pub(crate) mod unpacked {
            v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
            v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
            v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
-           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"))]
+           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"))]
     pub fn keys_from_private_key<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -741,6 +748,11 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         #[inline(always)]
+        #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+            $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"))]
         pub fn serialized_private_key_mut<
             const CPA_PRIVATE_KEY_SIZE: usize,
             const PRIVATE_KEY_SIZE: usize,
@@ -771,6 +783,11 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         #[inline(always)]
+        #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+            $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"))]
         pub fn serialized_private_key<
             const CPA_PRIVATE_KEY_SIZE: usize,
             const PRIVATE_KEY_SIZE: usize,
@@ -987,6 +1004,7 @@ pub(crate) mod unpacked {
 
     // Decapsulate with Unpacked Private Key
     #[inline(always)]
+    #[hax_lib::fstar::verification_status(lax)]
     #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
     #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs
index 7518b8974..3126b25db 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs
@@ -106,7 +106,6 @@ macro_rules! instantiate {
 
             /// Private key validation
             #[inline(always)]
-            #[inline(always)]
             #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
                 $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
             pub(crate) fn validate_private_key_only<
@@ -353,6 +352,13 @@ macro_rules! instantiate {
 
                 /// Take a serialized private key and generate an unpacked key pair from it.
                 #[inline(always)]
+                #[hax_lib::requires(
+                    fstar!("Spec.MLKEM.is_rank $K /\\
+                            v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
+                            v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
+                            v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
+                            v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+                            v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"))]
                 pub(crate) fn keypair_from_private_key<
                     const K: usize,
                     const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
index b52b1d38f..b13ce52e4 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
@@ -674,6 +674,13 @@ pub(crate) mod unpacked {
 
     /// Take a serialized private key and generate an unpacked key pair from it.
     #[inline(always)]
+    #[hax_lib::requires(
+        fstar!("Spec.MLKEM.is_rank $K /\\
+                v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
+                v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
+                v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
+                v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+                v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"))]
     pub(crate) fn keypair_from_private_key<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs
index b22d3ea27..52f2b8d21 100644
--- a/libcrux-ml-kem/src/mlkem1024.rs
+++ b/libcrux-ml-kem/src/mlkem1024.rs
@@ -287,11 +287,17 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 4 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem1024KeyPairUnpacked, serialized: &mut MlKem1024PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024>(serialized);
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 4 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn key_pair_serialized_public_key(key_pair: &MlKem1024KeyPairUnpacked) ->MlKem1024PublicKey {
                     key_pair.serialized_public_key::<RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024>()
                 }
diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs
index 57ca1d27c..0d82a07a8 100644
--- a/libcrux-ml-kem/src/mlkem512.rs
+++ b/libcrux-ml-kem/src/mlkem512.rs
@@ -279,11 +279,17 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 2 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem512KeyPairUnpacked, serialized: &mut MlKem512PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512>(serialized);
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("forall (i:nat). i < 2 ==>
+                    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
                 pub fn key_pair_serialized_public_key(key_pair: &MlKem512KeyPairUnpacked) ->MlKem512PublicKey {
                     key_pair.serialized_public_key::<RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512>()
                 }
diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs
index 6a2219da4..7a684b2a4 100644
--- a/libcrux-ml-kem/src/mlkem768.rs
+++ b/libcrux-ml-kem/src/mlkem768.rs
@@ -272,6 +272,9 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
+                #[hax_lib::requires(fstar!("(forall (i:nat). i < 3 ==>
+                        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
+                            ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"))]
                 pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem768KeyPairUnpacked, serialized: &mut MlKem768PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768>(serialized);
                 }
diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs
index 4ce154efb..ab5d65f86 100644
--- a/libcrux-ml-kem/src/types.rs
+++ b/libcrux-ml-kem/src/types.rs
@@ -214,7 +214,8 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
            Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\\
            Seq.length implicit_rejection_value == 
            Seq.length private_key - 
-             (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)"))]
+             (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)
+           "))]
 pub(crate) fn unpack_private_key<const CPA_SECRET_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>(
     private_key: &[u8], // len: SECRET_KEY_SIZE
 ) -> (&[u8], &[u8], &[u8], &[u8]) {

From 56e38bb66583f818b379a0b72bca1c5eb2bb8449 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Thu, 28 Nov 2024 20:19:59 +0100
Subject: [PATCH 033/142] fix

---
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     | 29 +++++++++----------
 libcrux-ml-kem/src/ind_cca.rs                 |  2 +-
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 33b847072..03e67ae8a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -428,6 +428,8 @@ let generate_keypair
 
 #pop-options
 
+#push-options "--admit_smt_queries true"
+
 #push-options "--z3rlimit 500"
 
 let decapsulate
@@ -592,20 +594,17 @@ let decapsulate
       shared_secret
       ciphertext
   in
-  let shared_secret:t_Array u8 (sz 32) =
-    Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref
-          #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-          #(t_Slice u8)
-          #FStar.Tactics.Typeclasses.solve
-          ciphertext
-        <:
-        t_Slice u8)
-      (expected_ciphertext <: t_Slice u8)
-      (shared_secret <: t_Slice u8)
-      (implicit_rejection_shared_secret <: t_Slice u8)
-  in
-  let result:t_Array u8 (sz 32) = shared_secret in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref
+        #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+        #(t_Slice u8)
+        #FStar.Tactics.Typeclasses.solve
+        ciphertext
+      <:
+      t_Slice u8)
+    (expected_ciphertext <: t_Slice u8)
+    (shared_secret <: t_Slice u8)
+    (implicit_rejection_shared_secret <: t_Slice u8)
+
+#pop-options
 
 #pop-options
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index b735ce5dd..3fef4b4fe 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -317,7 +317,7 @@ fn encapsulate<
 
 /// This code verifies on some machines, runs out of memory on others
 #[hax_lib::fstar::options("--z3rlimit 500")]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\

From 873fa487241528a776746adf8b93e6bc2dd5d58e Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 29 Nov 2024 14:15:16 +0000
Subject: [PATCH 034/142] Fix build_unpacked_public_key_mut

---
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     |  7 +-
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    |  8 +--
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 72 +++++++++++--------
 .../extraction/Libcrux_ml_kem.Types.fsti      | 38 ++++++----
 libcrux-ml-kem/src/ind_cpa.rs                 |  8 +--
 libcrux-ml-kem/src/types.rs                   | 11 +++
 6 files changed, 89 insertions(+), 55 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index c82700ac7..792dd4655 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -161,6 +161,12 @@ let build_unpacked_public_key_mut
       <:
       Core.Ops.Range.t_RangeFrom usize ]
   in
+  let _:Prims.unit =
+    Lib.Sequence.eq_intro #u8
+      #32
+      seed
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32)
+  in
   let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector =
     {
       unpacked_public_key with
@@ -176,7 +182,6 @@ let build_unpacked_public_key_mut
     <:
     Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector
   in
-  let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in
   unpacked_public_key
 
 let build_unpacked_public_key
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index f3ae09b9a..3660736b0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -62,15 +62,13 @@ val build_unpacked_public_key_mut
           in
           let t_as_ntt_bytes, seed_for_A = split public_key v_T_AS_NTT_ENCODED_SIZE in
           let t_as_ntt = Spec.MLKEM.vector_decode_12 #v_K t_as_ntt_bytes in
-          let matrix_A_as_ntt, sufficient_randomness =
-            Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A
-          in
+          let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in
           (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K
               #v_Vector
               unpacked_public_key_future.f_t_as_ntt ==
-            t_as_ntt /\ unpacked_public_key_future.f_seed_for_A == seed_for_A /\
+            t_as_ntt /\ valid ==>
             Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector unpacked_public_key_future.f_A ==
-            matrix_A_as_ntt))
+            Spec.MLKEM.matrix_transpose matrix_A_as_ntt))
 
 val build_unpacked_public_key
       (v_K v_T_AS_NTT_ENCODED_SIZE: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index 5f609549a..3a598d127 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -10,15 +10,7 @@ let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
   {
     f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
     f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
@@ -31,25 +23,27 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
   {
     f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
     f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
     f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
   }
 
-let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
-
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
   {
     f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
   }
 
+let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
   {
     f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
     f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
@@ -62,25 +56,27 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
   {
     f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
     f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
     f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
   }
 
-let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
-
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
   {
     f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
   }
 
+let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
   {
     f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
     f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
@@ -93,13 +89,23 @@ let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
   {
     f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
     f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
     f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
   }
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
+
 let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
 
 let impl_21__from
@@ -206,25 +212,31 @@ let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
   {
     f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
     f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
   {
     f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
     f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
   {
     f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
     f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
   }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 8098d307d..4f76c2ffc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -19,13 +19,13 @@ val impl_20__len: v_SIZE: usize -> Prims.unit
 type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+val impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
+val impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
@@ -40,13 +40,13 @@ val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
 type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+val impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
+val impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
@@ -61,13 +61,13 @@ val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
 type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+val impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
+val impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
@@ -147,11 +147,19 @@ val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private
       (ensures
         fun result ->
           let result:(t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) = result in
+          let ind_cpa_secret_key_s, rest = split private_key v_CPA_SECRET_KEY_SIZE in
+          let ind_cpa_public_key_s, rest = split rest v_PUBLIC_KEY_SIZE in
+          let ind_cpa_public_key_hash_s, implicit_rejection_value_s =
+            split rest Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
+          in
           let
           ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value
           =
             result
           in
+          ind_cpa_secret_key_s == ind_cpa_secret_key /\ ind_cpa_public_key_s == ind_cpa_public_key /\
+          ind_cpa_public_key_hash_s == ind_cpa_public_key_hash /\
+          implicit_rejection_value_s == implicit_rejection_value /\
           Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\
           Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\
           Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\
@@ -170,16 +178,16 @@ val impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE)
 val impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
+val impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_8 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
+val impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_15 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
+val impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
   {
     f_Error = Core.Array.t_TryFromSliceError;
     f_try_from_pre = (fun (value: t_Slice u8) -> true);
@@ -210,7 +218,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_12 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
   {
     f_Error = Core.Array.t_TryFromSliceError;
     f_try_from_pre = (fun (value: t_Slice u8) -> true);
@@ -241,7 +249,7 @@ let impl_12 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE)
   }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_19 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
   {
     f_Error = Core.Array.t_TryFromSliceError;
     f_try_from_pre = (fun (value: t_Slice u8) -> true);
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 984172a2e..cb08caf82 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -858,17 +858,15 @@ fn build_unpacked_public_key<
 }
 
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
     length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
 #[hax_lib::ensures(|_| fstar!("
     let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in
     let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in 
-    let matrix_A_as_ntt, sufficient_randomness = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
+    let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
     (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_t_as_ntt == t_as_ntt /\\
-     ${unpacked_public_key}_future.f_seed_for_A == seed_for_A /\\
-     Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_A == matrix_A_as_ntt)"))]
+    valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"))]
 pub(crate) fn build_unpacked_public_key_mut<
     const K: usize,
     const T_AS_NTT_ENCODED_SIZE: usize,
@@ -891,6 +889,8 @@ pub(crate) fn build_unpacked_public_key_mut<
     //     end for
     // end for
     let seed = &public_key[T_AS_NTT_ENCODED_SIZE..];
+    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed) 0 32)");
     sample_matrix_A::<K, Vector, Hasher>(
         &mut unpacked_public_key.A,
         into_padded_array(seed),
diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs
index ab5d65f86..f1a11eb52 100644
--- a/libcrux-ml-kem/src/types.rs
+++ b/libcrux-ml-kem/src/types.rs
@@ -11,13 +11,17 @@ macro_rules! impl_generic_struct {
             }
         }
 
+        #[hax_lib::attributes]
         impl<const SIZE: usize> AsRef<[u8]> for $name<SIZE> {
+            #[ensures(|result| fstar!("$result = self___.f_value"))]
             fn as_ref(&self) -> &[u8] {
                 &self.value
             }
         }
 
+        #[hax_lib::attributes]
         impl<const SIZE: usize> From<[u8; SIZE]> for $name<SIZE> {
+            #[ensures(|result| fstar!("${result}.f_value = $value"))]
             fn from(value: [u8; SIZE]) -> Self {
                 Self { value }
             }
@@ -207,8 +211,15 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
                             v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + 
                             v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE"))]
 #[hax_lib::ensures(|result| fstar!("
+           let (ind_cpa_secret_key_s,rest) = split $private_key $CPA_SECRET_KEY_SIZE in
+           let (ind_cpa_public_key_s,rest) = split rest $PUBLIC_KEY_SIZE in
+           let (ind_cpa_public_key_hash_s,implicit_rejection_value_s) = split rest Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in
            let (ind_cpa_secret_key,ind_cpa_public_key,ind_cpa_public_key_hash,implicit_rejection_value)
                = result in
+           ind_cpa_secret_key_s == ind_cpa_secret_key /\\
+           ind_cpa_public_key_s == ind_cpa_public_key /\\
+           ind_cpa_public_key_hash_s == ind_cpa_public_key_hash /\\
+           implicit_rejection_value_s == implicit_rejection_value /\\
            Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\\
            Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\\
            Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\\

From c2a5c69b5e7a67aa0a057fe95d4a7e523432dcb9 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 29 Nov 2024 15:42:59 +0000
Subject: [PATCH 035/142] Fix build_unpacked_public_key

---
 .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti       | 10 ++++------
 libcrux-ml-kem/src/ind_cpa.rs                          |  5 ++---
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 3660736b0..8cdc832e0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -87,13 +87,11 @@ val build_unpacked_public_key
           in
           let t_as_ntt_bytes, seed_for_A = split public_key v_T_AS_NTT_ENCODED_SIZE in
           let t_as_ntt = Spec.MLKEM.vector_decode_12 #v_K t_as_ntt_bytes in
-          let matrix_A_as_ntt, sufficient_randomness =
-            Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A
-          in
+          let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in
           (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector result.f_t_as_ntt == t_as_ntt /\
-            result.f_seed_for_A == seed_for_A /\
-            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector result.f_A == matrix_A_as_ntt)
-      )
+            valid ==>
+            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector result.f_A ==
+            Spec.MLKEM.matrix_transpose matrix_A_as_ntt))
 
 /// Sample a vector of ring elements from a centered binomial distribution.
 val sample_ring_element_cbd
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index cb08caf82..d718a11af 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -837,10 +837,9 @@ pub(crate) fn encrypt<
 #[hax_lib::ensures(|result| fstar!("
     let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in
     let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in 
-    let matrix_A_as_ntt, sufficient_randomness = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
+    let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
     (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${result}.f_t_as_ntt == t_as_ntt /\\
-     ${result}.f_seed_for_A == seed_for_A /\\
-     Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result}.f_A == matrix_A_as_ntt)"))]
+     valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result}.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"))]
 fn build_unpacked_public_key<
     const K: usize,
     const T_AS_NTT_ENCODED_SIZE: usize,

From 3e8515b28faa29e56c3f993e42486268c7c73743 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Fri, 29 Nov 2024 16:44:33 +0100
Subject: [PATCH 036/142] hand edited fixes to impl-interfaces

---
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 121 -----------------
 .../extraction/Libcrux_ml_kem.Types.fsti      | 123 +++++++++++++++---
 2 files changed, 105 insertions(+), 139 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index 3a598d127..65d0d2c8f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -9,103 +9,11 @@ let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
-
 let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
-  }
 
 let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
-  }
-
 let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
 
 let impl_21__from
@@ -211,32 +119,3 @@ let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
       { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
   }
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 4f76c2ffc..e463a273b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -19,13 +19,35 @@ val impl_20__len: v_SIZE: usize -> Prims.unit
 type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemCiphertext v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
@@ -40,13 +62,35 @@ val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
 type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPrivateKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
@@ -61,13 +105,35 @@ val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
 type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
+let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPublicKey v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
@@ -177,15 +243,6 @@ val impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE)
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
-
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
   {
@@ -278,3 +335,33 @@ let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (
         <:
         Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
   }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
+  }

From 265435c045427577ceae903a83978b9887f77b9d Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 29 Nov 2024 16:10:32 +0000
Subject: [PATCH 037/142] Remove lax/panic-free verification options from
 ind-cca

---
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       | 48 +++++++------------
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     | 36 +++++---------
 libcrux-ml-kem/src/ind_cca.rs                 |  6 ---
 3 files changed, 30 insertions(+), 60 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index a4bb0bca2..5e641a876 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -551,17 +551,13 @@ let encapsulate
   let shared_secret_array:t_Array u8 (sz 32) =
     Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret
   in
-  let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) =
-    Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
-      #(t_Array u8 v_CIPHERTEXT_SIZE)
-      #FStar.Tactics.Typeclasses.solve
-      ciphertext,
-    shared_secret_array
-    <:
-    (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+    #(t_Array u8 v_CIPHERTEXT_SIZE)
+    #FStar.Tactics.Typeclasses.solve
+    ciphertext,
+  shared_secret_array
+  <:
+  (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
 
 let impl_3__serialized_mut
       (v_K: usize)
@@ -624,21 +620,17 @@ let impl_3__serialized
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
      =
-  let result:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE =
-    Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-      #(t_Array u8 v_PUBLIC_KEY_SIZE)
-      #FStar.Tactics.Typeclasses.solve
-      (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K
-          v_RANKED_BYTES_PER_RING_ELEMENT
-          v_PUBLIC_KEY_SIZE
-          #v_Vector
-          self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
-          (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8)
-        <:
-        t_Array u8 v_PUBLIC_KEY_SIZE)
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+    #(t_Array u8 v_PUBLIC_KEY_SIZE)
+    #FStar.Tactics.Typeclasses.solve
+    (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K
+        v_RANKED_BYTES_PER_RING_ELEMENT
+        v_PUBLIC_KEY_SIZE
+        #v_Vector
+        self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt
+        (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8)
+      <:
+      t_Array u8 v_PUBLIC_KEY_SIZE)
 
 let impl_4__serialized_public_key
       (v_K: usize)
@@ -901,8 +893,6 @@ let impl_4__serialized_private_key
 
 #push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
 
-#push-options "--admit_smt_queries true"
-
 let decapsulate
       (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
           usize)
@@ -1034,5 +1024,3 @@ let decapsulate
     selector
 
 #pop-options
-
-#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index 03e67ae8a..a6ffee609 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -320,13 +320,9 @@ let encapsulate
       shared_secret
       ciphertext
   in
-  let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) =
-    ciphertext, shared_secret_array
-    <:
-    (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  ciphertext, shared_secret_array
+  <:
+  (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
 
 #pop-options
 
@@ -412,24 +408,18 @@ let generate_keypair
       #FStar.Tactics.Typeclasses.solve
       secret_key_serialized
   in
-  let result:Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
-    Libcrux_ml_kem.Types.impl_21__from v_PRIVATE_KEY_SIZE
-      v_PUBLIC_KEY_SIZE
-      private_key
-      (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-          #(t_Array u8 v_PUBLIC_KEY_SIZE)
-          #FStar.Tactics.Typeclasses.solve
-          public_key
-        <:
-        Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-  in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  result
+  Libcrux_ml_kem.Types.impl_21__from v_PRIVATE_KEY_SIZE
+    v_PUBLIC_KEY_SIZE
+    private_key
+    (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+        #(t_Array u8 v_PUBLIC_KEY_SIZE)
+        #FStar.Tactics.Typeclasses.solve
+        public_key
+      <:
+      Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
 
 #pop-options
 
-#push-options "--admit_smt_queries true"
-
 #push-options "--z3rlimit 500"
 
 let decapsulate
@@ -606,5 +596,3 @@ let decapsulate
     (implicit_rejection_shared_secret <: t_Slice u8)
 
 #pop-options
-
-#pop-options
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 3fef4b4fe..e0fa8f6a0 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -193,7 +193,6 @@ fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hashe
 /// Depending on the `Vector` and `Hasher` used, this requires different hardware
 /// features
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
@@ -245,7 +244,6 @@ fn generate_keypair<
 }
 
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -317,7 +315,6 @@ fn encapsulate<
 
 /// This code verifies on some machines, runs out of memory on others
 #[hax_lib::fstar::options("--z3rlimit 500")]
-#[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
@@ -549,7 +546,6 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[hax_lib::fstar::verification_status(panic_free)]
         #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -930,7 +926,6 @@ pub(crate) mod unpacked {
 
     // Encapsulate with Unpacked Public Key
     #[inline(always)]
-    #[hax_lib::fstar::verification_status(panic_free)]
     #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
@@ -1004,7 +999,6 @@ pub(crate) mod unpacked {
 
     // Decapsulate with Unpacked Private Key
     #[inline(always)]
-    #[hax_lib::fstar::verification_status(lax)]
     #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
     #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\

From c7df39ebbcce5dfa3ce8ba49d8563c071081d430 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Fri, 29 Nov 2024 17:48:17 +0000
Subject: [PATCH 038/142] delete stale file

---
 .../fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fst   | 11 -----------
 1 file changed, 11 deletions(-)
 delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fst

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fst
deleted file mode 100644
index 5bf547714..000000000
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fst
+++ /dev/null
@@ -1,11 +0,0 @@
-module Libcrux_ml_dsa.Simd.Traits
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
-open Core
-open FStar.Mul
-
-let montgomery_multiply_by_fer
-      (#v_S: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_S)
-      (simd_unit: v_S)
-      (fer: i32)
-     = f_montgomery_multiply_by_constant #v_S #FStar.Tactics.Typeclasses.solve simd_unit fer

From e2b08553a57289ab319d469fce5f7d21697031d8 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 29 Nov 2024 20:57:33 +0000
Subject: [PATCH 039/142] Mark serialize_unpacked_secret_key as lax

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst    | 8 ++++++++
 libcrux-ml-kem/src/ind_cpa.rs                             | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 792dd4655..8fb8e250b 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -866,6 +866,8 @@ let encrypt_unpacked
 
 #pop-options
 
+#push-options "--z3rlimit 500 --ext context_pruning"
+
 let encrypt
       (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
           usize)
@@ -888,6 +890,8 @@ let encrypt
     v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2
     v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness
 
+#pop-options
+
 #push-options "--z3rlimit 800 --ext context_pruning"
 
 let deserialize_then_decompress_u
@@ -1214,6 +1218,8 @@ let serialize_public_key
   in
   public_key_serialized
 
+#push-options "--admit_smt_queries true"
+
 let serialize_unpacked_secret_key
       (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: usize)
       (#v_Vector: Type0)
@@ -1241,6 +1247,8 @@ let serialize_unpacked_secret_key
   <:
   (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
 
+#pop-options
+
 let generate_keypair
       (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
           usize)
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index d718a11af..ed260fd96 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -536,6 +536,7 @@ pub(crate) fn generate_keypair<
 }
 
 /// Serialize the secret key from the unpacked key pair generation.
+#[hax_lib::fstar::verification_status(lax)]
 pub(crate) fn serialize_unpacked_secret_key<
     const K: usize,
     const PRIVATE_KEY_SIZE: usize,
@@ -768,6 +769,7 @@ pub(crate) fn encrypt_unpacked<
 }
 
 #[allow(non_snake_case)]
+#[hax_lib::fstar::options("--z3rlimit 500 --ext context_pruning")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA1 = Spec.MLKEM.v_ETA1 $K /\\
     $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\

From 91fae433ff651f9512255f744aad6c3f85c40f3f Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sat, 30 Nov 2024 12:07:15 +0000
Subject: [PATCH 040/142] dsa

---
 .../fstar/extraction/Libcrux_ml_dsa.Ntt.fst   | 727 +-----------------
 .../fstar/extraction/Libcrux_ml_dsa.Ntt.fsti  | 126 +--
 .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fst       | 503 ++++++++----
 .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti      | 135 ++--
 .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst          |  66 --
 .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti         |  11 -
 .../Libcrux_ml_dsa.Simd.Portable.Ntt.fst      | 434 -----------
 .../Libcrux_ml_dsa.Simd.Portable.Ntt.fsti     |  21 -
 .../Libcrux_ml_dsa.Simd.Traits.fsti           |  33 +-
 9 files changed, 442 insertions(+), 1614 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst
index 25a5d7d91..05275542e 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst
@@ -9,459 +9,22 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let invert_ntt_at_layer_0___round
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      (index: usize)
-      (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    {
-      re with
-      Libcrux_ml_dsa.Polynomial.f_simd_units
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-          .Libcrux_ml_dsa.Polynomial.f_simd_units
-        index
-        (Libcrux_ml_dsa.Simd.Traits.f_invert_ntt_at_layer_0_ #v_SIMDUnit
-            #FStar.Tactics.Typeclasses.solve
-            (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ index ] <: v_SIMDUnit)
-            zeta_0_
-            zeta_1_
-            zeta_2_
-            zeta_3_
-          <:
-          v_SIMDUnit)
-    }
-    <:
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
-  in
-  re
-
-let invert_ntt_at_layer_0_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 0) 1976782l (-846154l) 1400424l 3937738l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 1) (-1362209l) (-48306l) 3919660l (-554416l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 2) (-3545687l) 1612842l (-976891l) 183443l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 3)
-      (-2286327l)
-      (-420899l)
-      (-2235985l)
-      (-2939036l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 4)
-      (-3833893l)
-      (-260646l)
-      (-1104333l)
-      (-1667432l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 5) 1910376l (-1803090l) 1723600l (-426683l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 6) 472078l 1717735l (-975884l) 2213111l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 7) 269760l 3866901l 3523897l (-3038916l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 8) (-1799107l) (-3694233l) 1652634l 810149l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 9) 3014001l 1616392l 162844l (-3183426l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 10) (-1207385l) 185531l 3369112l 1957272l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 11) (-164721l) 2454455l 2432395l (-2013608l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 12) (-3776993l) 594136l (-3724270l) (-2584293l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 13)
-      (-1846953l)
-      (-1671176l)
-      (-2831860l)
-      (-542412l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 14) 3406031l 2235880l 777191l 1500165l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 15)
-      (-1374803l)
-      (-2546312l)
-      1917081l
-      (-1279661l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 16) (-1962642l) 3306115l 1312455l (-451100l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 17)
-      (-1430225l)
-      (-3318210l)
-      1237275l
-      (-1333058l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 18) (-1050970l) 1903435l 1869119l (-2994039l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 19) (-3548272l) 2635921l 1250494l (-3767016l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 20) 1595974l 2486353l 1247620l 4055324l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 21) 1265009l (-2590150l) 2691481l 2842341l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 22) 203044l 1735879l (-3342277l) 3437287l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 23) 4108315l (-2437823l) 286988l 342297l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 24)
-      (-3595838l)
-      (-768622l)
-      (-525098l)
-      (-3556995l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 25) 3207046l 2031748l (-3122442l) (-655327l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 26) (-522500l) (-43260l) (-1613174l) 495491l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 27) 819034l 909542l 1859098l 900702l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 28)
-      (-3193378l)
-      (-1197226l)
-      (-3759364l)
-      (-3520352l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 29) 3513181l (-1235728l) 2434439l 266997l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit
-      re
-      (sz 30)
-      (-3562462l)
-      (-2446433l)
-      2244091l
-      (-3342478l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0___round #v_SIMDUnit re (sz 31) 3817976l 2316500l 3407706l 2091667l
-  in
-  re
-
-let invert_ntt_at_layer_1___round
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      (index: usize)
-      (zeta_0_ zeta_1_: i32)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    {
-      re with
-      Libcrux_ml_dsa.Polynomial.f_simd_units
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-          .Libcrux_ml_dsa.Polynomial.f_simd_units
-        index
-        (Libcrux_ml_dsa.Simd.Traits.f_invert_ntt_at_layer_1_ #v_SIMDUnit
-            #FStar.Tactics.Typeclasses.solve
-            (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ index ] <: v_SIMDUnit)
-            zeta_0_
-            zeta_1_
-          <:
-          v_SIMDUnit)
-    }
-    <:
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
-  in
-  re
-
-let invert_ntt_at_layer_1_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 0) 3839961l (-3628969l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 1) (-3881060l) (-3019102l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 2) (-1439742l) (-812732l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 3) (-1584928l) 1285669l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 4) 1341330l 1315589l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 5) (-177440l) (-2409325l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 6) (-1851402l) 3159746l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 7) (-3553272l) 189548l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 8) (-1316856l) 759969l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 9) (-210977l) 2389356l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 10) (-3249728l) 1653064l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 11) (-8578l) (-3724342l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 12) 3958618l 904516l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 13) (-1100098l) 44288l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 14) 3097992l 508951l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 15) 264944l (-3343383l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 16) (-1430430l) 1852771l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 17) 1349076l (-381987l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 18) (-1308169l) (-22981l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 19) (-1228525l) (-671102l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 20) (-2477047l) (-411027l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 21) (-3693493l) (-2967645l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 22) 2715295l 2147896l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 23) (-983419l) 3412210l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 24) 126922l (-3632928l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 25) (-3157330l) (-3190144l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 26) (-1000202l) (-4083598l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 27) 1939314l (-1257611l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 28) (-1585221l) 2176455l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 29) 3475950l (-1452451l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 30) (-3041255l) (-3677745l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1___round #v_SIMDUnit re (sz 31) (-1528703l) (-3930395l)
-  in
-  re
-
-let invert_ntt_at_layer_2___round
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      (index: usize)
-      (zeta: i32)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    {
-      re with
-      Libcrux_ml_dsa.Polynomial.f_simd_units
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-          .Libcrux_ml_dsa.Polynomial.f_simd_units
-        index
-        (Libcrux_ml_dsa.Simd.Traits.f_invert_ntt_at_layer_2_ #v_SIMDUnit
-            #FStar.Tactics.Typeclasses.solve
-            (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ index ] <: v_SIMDUnit)
-            zeta
-          <:
-          v_SIMDUnit)
-    }
-    <:
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
-  in
-  re
-
-let invert_ntt_at_layer_2_
+let invert_ntt_montgomery
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
      =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 0) (-2797779l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 1) 2071892l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 2) (-2556880l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 3) 3900724l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 4) 3881043l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 5) 954230l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 6) 531354l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 7) 811944l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 8) 3699596l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 9) (-1600420l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 10) (-2140649l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 11) 3507263l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 12) (-3821735l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 13) 3505694l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 14) (-1643818l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 15) (-1699267l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 16) (-539299l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 17) 2348700l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 18) (-300467l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 19) 3539968l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 20) (-2867647l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 21) 3574422l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 22) (-3043716l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 23) (-3861115l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 24) 3915439l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 25) (-2537516l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 26) (-3592148l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 27) (-1661693l)
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 28) 3530437l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 29) 3077325l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 30) 95776l
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2___round #v_SIMDUnit re (sz 31) 2706023l
-  in
-  re
+  {
+    Libcrux_ml_dsa.Polynomial.f_simd_units
+    =
+    Libcrux_ml_dsa.Simd.Traits.f_invert_ntt_montgomery #v_SIMDUnit
+      #FStar.Tactics.Typeclasses.solve
+      re.Libcrux_ml_dsa.Polynomial.f_simd_units
+  }
+  <:
+  Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
 
 let ntt
       (#v_SIMDUnit: Type0)
@@ -480,276 +43,6 @@ let ntt
   <:
   Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
 
-let outer_3_plus
-      (#v_SIMDUnit: Type0)
-      (v_OFFSET v_STEP_BY: usize)
-      (v_ZETA: i32)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    Rust_primitives.Hax.Folds.fold_range v_OFFSET
-      (v_OFFSET +! v_STEP_BY <: usize)
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = re in
-          let _:usize = temp_1_ in
-          true)
-      re
-      (fun re j ->
-          let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = re in
-          let j:usize = j in
-          let a_minus_b:v_SIMDUnit =
-            Libcrux_ml_dsa.Simd.Traits.f_subtract #v_SIMDUnit
-              #FStar.Tactics.Typeclasses.solve
-              (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ j +! v_STEP_BY <: usize ] <: v_SIMDUnit)
-              (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ j ] <: v_SIMDUnit)
-          in
-          let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-            {
-              re with
-              Libcrux_ml_dsa.Polynomial.f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_dsa.Polynomial.f_simd_units
-                j
-                (Libcrux_ml_dsa.Simd.Traits.f_add #v_SIMDUnit
-                    #FStar.Tactics.Typeclasses.solve
-                    (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ j ] <: v_SIMDUnit)
-                    (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ j +! v_STEP_BY <: usize ]
-                      <:
-                      v_SIMDUnit)
-                  <:
-                  v_SIMDUnit)
-            }
-            <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
-          in
-          let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-            {
-              re with
-              Libcrux_ml_dsa.Polynomial.f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                  .Libcrux_ml_dsa.Polynomial.f_simd_units
-                (j +! v_STEP_BY <: usize)
-                (Libcrux_ml_dsa.Simd.Traits.montgomery_multiply_by_fer #v_SIMDUnit a_minus_b v_ZETA
-                  <:
-                  v_SIMDUnit)
-            }
-            <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit
-          in
-          re)
-  in
-  let hax_temp_output:Prims.unit = () <: Prims.unit in
-  re
-
-let invert_ntt_at_layer_3_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 0) (sz 1) 280005l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 2) (sz 1) 4010497l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 4) (sz 1) (-19422l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 6) (sz 1) 1757237l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 8) (sz 1) (-3277672l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 10) (sz 1) (-1399561l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 12) (sz 1) (-3859737l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 14) (sz 1) (-2118186l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 16) (sz 1) (-2108549l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 18) (sz 1) 2619752l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 20) (sz 1) (-1119584l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 22) (sz 1) (-549488l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 24) (sz 1) 3585928l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 26) (sz 1) (-1079900l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 28) (sz 1) 1024112l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 30) (sz 1) 2725464l re
-  in
-  re
-
-let invert_ntt_at_layer_4_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 0) (sz 2) 2680103l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 4) (sz 2) 3111497l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 8) (sz 2) (-2884855l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 12) (sz 2) 3119733l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 16) (sz 2) (-2091905l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 20) (sz 2) (-359251l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 24) (sz 2) 2353451l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 28) (sz 2) 1826347l re
-  in
-  re
-
-let invert_ntt_at_layer_5_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 0) (sz 4) 466468l re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 8) (sz 4) (-876248l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 16) (sz 4) (-777960l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 24) (sz 4) 237124l re
-  in
-  re
-
-let invert_ntt_at_layer_6_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 0) (sz 8) (-518909l) re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 16) (sz 8) (-2608894l) re
-  in
-  re
-
-let invert_ntt_at_layer_7_
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    outer_3_plus #v_SIMDUnit (sz 0) (sz 16) 25847l re
-  in
-  re
-
-let invert_ntt_montgomery
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_0_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_1_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_2_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_3_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_4_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_5_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_6_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    invert_ntt_at_layer_7_ #v_SIMDUnit re
-  in
-  let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      (Core.Slice.impl__len #v_SIMDUnit
-          (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit)
-        <:
-        usize)
-      (fun re temp_1_ ->
-          let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = re in
-          let _:usize = temp_1_ in
-          true)
-      re
-      (fun re i ->
-          let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = re in
-          let i:usize = i in
-          {
-            re with
-            Libcrux_ml_dsa.Polynomial.f_simd_units
-            =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
-                .Libcrux_ml_dsa.Polynomial.f_simd_units
-              i
-              (Libcrux_ml_dsa.Simd.Traits.f_montgomery_multiply_by_constant #v_SIMDUnit
-                  #FStar.Tactics.Typeclasses.solve
-                  (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ i ] <: v_SIMDUnit)
-                  41978l
-                <:
-                v_SIMDUnit)
-            <:
-            t_Array v_SIMDUnit (sz 32)
-          }
-          <:
-          Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-  in
-  re
-
 let ntt_multiply_montgomery
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti
index 15b336a66..1c6b919dc 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti
@@ -9,73 +9,7 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let invert_ntt_at_layer_3___STEP: usize = sz 8
-
-let invert_ntt_at_layer_3___STEP_BY: usize = sz 1
-
-let invert_ntt_at_layer_4___STEP: usize = sz 16
-
-let invert_ntt_at_layer_4___STEP_BY: usize = sz 2
-
-let invert_ntt_at_layer_5___STEP: usize = sz 32
-
-let invert_ntt_at_layer_5___STEP_BY: usize = sz 4
-
-let invert_ntt_at_layer_6___STEP: usize = sz 64
-
-let invert_ntt_at_layer_6___STEP_BY: usize = sz 8
-
-let invert_ntt_at_layer_7___STEP: usize = sz 128
-
-let invert_ntt_at_layer_7___STEP_BY: usize = sz 16
-
-val invert_ntt_at_layer_0___round
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      (index: usize)
-      (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_0_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_1___round
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      (index: usize)
-      (zeta_0_ zeta_1_: i32)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_1_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2___round
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      (index: usize)
-      (zeta: i32)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2_
+val invert_ntt_montgomery
       (#v_SIMDUnit: Type0)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
@@ -91,64 +25,6 @@ val ntt
       Prims.l_True
       (fun _ -> Prims.l_True)
 
-val outer_3_plus
-      (#v_SIMDUnit: Type0)
-      (v_OFFSET v_STEP_BY: usize)
-      (v_ZETA: i32)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_3_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_4_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_5_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_6_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_7_
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_montgomery
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
 val ntt_multiply_montgomery
       (#v_SIMDUnit: Type0)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst
index 53d285487..dc0b422fd 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst
@@ -4,16 +4,28 @@ open Core
 open FStar.Mul
 
 let simd_unit_invert_ntt_at_layer_0_
-      (simd_unit0 simd_unit1: u8)
+      (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32)
      =
-  let a_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit0 in
-  let b_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit1 in
-  let lo_values:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled in
-  let hi_values:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 a_shuffled b_shuffled in
-  let sums:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lo_values hi_values in
-  let differences:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract hi_values lo_values in
-  let zetas:u8 =
+  let a_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit0
+  in
+  let b_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit1
+  in
+  let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled
+  in
+  let hi_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 a_shuffled b_shuffled
+  in
+  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lo_values hi_values
+  in
+  let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract hi_values lo_values
+  in
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta13
       zeta12
       zeta03
@@ -23,104 +35,127 @@ let simd_unit_invert_ntt_at_layer_0_
       zeta01
       zeta00
   in
-  let products:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply differences zetas in
-  let a_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 sums products in
-  let b_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 sums products in
-  let a:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_shuffled in
-  let b:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_shuffled in
-  a, b <: (u8 & u8)
+  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply differences zetas
+  in
+  let a_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 sums products
+  in
+  let b_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 sums products
+  in
+  let a:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_shuffled
+  in
+  let b:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_shuffled
+  in
+  a, b <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let invert_ntt_at_layer_0___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32)
      =
-  let lhs, lhs_1_:(u8 & u8) =
-    simd_unit_invert_ntt_at_layer_0_ (re.[ index ] <: u8) (re.[ index +! sz 1 <: usize ] <: u8)
-      zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13
+  let lhs, lhs_1_:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+    Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    simd_unit_invert_ntt_at_layer_0_ (re.[ index ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (re.[ index +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) zeta00 zeta01
+      zeta02 zeta03 zeta10 zeta11 zeta12 zeta13
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_
   in
   let _:Prims.unit = () in
   re
 
-let invert_ntt_at_layer_0_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) =
+let invert_ntt_at_layer_0_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 0) 1976782l (-846154l) 1400424l 3937738l (-1362209l)
       (-48306l) 3919660l (-554416l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 2) (-3545687l) 1612842l (-976891l) 183443l (-2286327l)
       (-420899l) (-2235985l) (-2939036l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 4) (-3833893l) (-260646l) (-1104333l) (-1667432l) 1910376l
       (-1803090l) 1723600l (-426683l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 6) 472078l 1717735l (-975884l) 2213111l 269760l 3866901l
       3523897l (-3038916l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 8) (-1799107l) (-3694233l) 1652634l 810149l 3014001l
       1616392l 162844l (-3183426l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 10) (-1207385l) 185531l 3369112l 1957272l (-164721l)
       2454455l 2432395l (-2013608l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 12) (-3776993l) 594136l (-3724270l) (-2584293l) (-1846953l)
       (-1671176l) (-2831860l) (-542412l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 14) 3406031l 2235880l 777191l 1500165l (-1374803l)
       (-2546312l) 1917081l (-1279661l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 16) (-1962642l) 3306115l 1312455l (-451100l) (-1430225l)
       (-3318210l) 1237275l (-1333058l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 18) (-1050970l) 1903435l 1869119l (-2994039l) (-3548272l)
       2635921l 1250494l (-3767016l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 20) 1595974l 2486353l 1247620l 4055324l 1265009l
       (-2590150l) 2691481l 2842341l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 22) 203044l 1735879l (-3342277l) 3437287l 4108315l
       (-2437823l) 286988l 342297l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 24) (-3595838l) (-768622l) (-525098l) (-3556995l) 3207046l
       2031748l (-3122442l) (-655327l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 26) (-522500l) (-43260l) (-1613174l) 495491l 819034l
       909542l 1859098l 900702l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 28) (-3193378l) (-1197226l) (-3759364l) (-3520352l)
       3513181l (-1235728l) 2434439l 266997l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_0___round re (sz 30) (-3562462l) (-2446433l) 2244091l (-3342478l) 3817976l
       2316500l 3407706l 2091667l
   in
   re
 
-let simd_unit_invert_ntt_at_layer_1_ (simd_unit0 simd_unit1: u8) (zeta00 zeta01 zeta10 zeta11: i32) =
-  let lo_values:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 simd_unit0 simd_unit1 in
-  let hi_values:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 simd_unit0 simd_unit1 in
-  let sums:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lo_values hi_values in
-  let differences:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract hi_values lo_values in
-  let zetas:u8 =
+let simd_unit_invert_ntt_at_layer_1_
+      (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta00 zeta01 zeta10 zeta11: i32)
+     =
+  let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 simd_unit0 simd_unit1
+  in
+  let hi_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 simd_unit0 simd_unit1
+  in
+  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lo_values hi_values
+  in
+  let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract hi_values lo_values
+  in
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta11
       zeta11
       zeta01
@@ -130,246 +165,378 @@ let simd_unit_invert_ntt_at_layer_1_ (simd_unit0 simd_unit1: u8) (zeta00 zeta01
       zeta00
       zeta00
   in
-  let products:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply differences zetas in
-  let a:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 sums products in
-  let b:u8 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 sums products in
-  a, b <: (u8 & u8)
+  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply differences zetas
+  in
+  let a:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 sums products
+  in
+  let b:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 sums products
+  in
+  a, b <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
 let invert_ntt_at_layer_1___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta_00_ zeta_01_ zeta_10_ zeta_11_: i32)
      =
-  let lhs, lhs_1_:(u8 & u8) =
-    simd_unit_invert_ntt_at_layer_1_ (re.[ index ] <: u8)
-      (re.[ index +! sz 1 <: usize ] <: u8)
+  let lhs, lhs_1_:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+    Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    simd_unit_invert_ntt_at_layer_1_ (re.[ index ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (re.[ index +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       zeta_00_
       zeta_01_
       zeta_10_
       zeta_11_
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_
   in
   let _:Prims.unit = () in
   re
 
-let invert_ntt_at_layer_1_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) =
+let invert_ntt_at_layer_1_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 0) 3839961l (-3628969l) (-3881060l) (-3019102l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 2) (-1439742l) (-812732l) (-1584928l) 1285669l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 4) 1341330l 1315589l (-177440l) (-2409325l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 6) (-1851402l) 3159746l (-3553272l) 189548l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 8) (-1316856l) 759969l (-210977l) 2389356l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 10) (-3249728l) 1653064l (-8578l) (-3724342l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 12) 3958618l 904516l (-1100098l) 44288l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 14) 3097992l 508951l 264944l (-3343383l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 16) (-1430430l) 1852771l 1349076l (-381987l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 18) (-1308169l) (-22981l) (-1228525l) (-671102l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 20) (-2477047l) (-411027l) (-3693493l) (-2967645l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 22) 2715295l 2147896l (-983419l) 3412210l
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 24) 126922l (-3632928l) (-3157330l) (-3190144l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 26) (-1000202l) (-4083598l) 1939314l (-1257611l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 28) (-1585221l) 2176455l 3475950l (-1452451l)
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     invert_ntt_at_layer_1___round re (sz 30) (-3041255l) (-3677745l) (-1528703l) (-3930395l)
   in
   re
 
-let simd_unit_invert_ntt_at_layer_2_ (simd_unit0 simd_unit1: u8) (zeta0 zeta1: i32) =
-  let lo_values:u8 =
+let simd_unit_invert_ntt_at_layer_2_
+      (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta0 zeta1: i32)
+     =
+  let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l simd_unit0 simd_unit1
   in
-  let hi_values:u8 =
+  let hi_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l simd_unit0 simd_unit1
   in
-  let sums:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lo_values hi_values in
-  let differences:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract hi_values lo_values in
-  let zetas:u8 =
+  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lo_values hi_values
+  in
+  let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract hi_values lo_values
+  in
+  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 zeta1 zeta1 zeta1 zeta0 zeta0 zeta0 zeta0
   in
-  let products:u8 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply differences zetas in
-  let a:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l sums products in
-  let b:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l sums products in
-  a, b <: (u8 & u8)
+  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply differences zetas
+  in
+  let a:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l sums products
+  in
+  let b:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+    Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l sums products
+  in
+  a, b <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let invert_ntt_at_layer_2___round (re: t_Array u8 (sz 32)) (index: usize) (zeta1 zeta2: i32) =
-  let lhs, lhs_1_:(u8 & u8) =
-    simd_unit_invert_ntt_at_layer_2_ (re.[ index ] <: u8)
-      (re.[ index +! sz 1 <: usize ] <: u8)
+let invert_ntt_at_layer_2___round
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      (index: usize)
+      (zeta1 zeta2: i32)
+     =
+  let lhs, lhs_1_:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+    Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+    simd_unit_invert_ntt_at_layer_2_ (re.[ index ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (re.[ index +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       zeta1
       zeta2
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs
   in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_
   in
   let _:Prims.unit = () in
   re
 
-let invert_ntt_at_layer_2_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 0) (-2797779l) 2071892l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 2) (-2556880l) 3900724l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 4) 3881043l 954230l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 6) 531354l 811944l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 8) 3699596l (-1600420l) in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 10) (-2140649l) 3507263l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 12) (-3821735l) 3505694l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 14) (-1643818l) (-1699267l) in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 16) (-539299l) 2348700l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 18) (-300467l) 3539968l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 20) (-2867647l) 3574422l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 22) (-3043716l) (-3861115l) in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 24) 3915439l (-2537516l) in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 26) (-3592148l) (-1661693l) in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 28) 3530437l 3077325l in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2___round re (sz 30) 95776l 2706023l in
+let invert_ntt_at_layer_2_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 0) (-2797779l) 2071892l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 2) (-2556880l) 3900724l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 4) 3881043l 954230l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 6) 531354l 811944l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 8) 3699596l (-1600420l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 10) (-2140649l) 3507263l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 12) (-3821735l) 3505694l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 14) (-1643818l) (-1699267l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 16) (-539299l) 2348700l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 18) (-300467l) 3539968l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 20) (-2867647l) 3574422l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 22) (-3043716l) (-3861115l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 24) 3915439l (-2537516l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 26) (-3592148l) (-1661693l)
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 28) 3530437l 3077325l
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    invert_ntt_at_layer_2___round re (sz 30) 95776l 2706023l
+  in
   re
 
-let outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) =
+let outer_3_plus
+      (v_OFFSET v_STEP_BY: usize)
+      (v_ZETA: i32)
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+     =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Folds.fold_range v_OFFSET
       (v_OFFSET +! v_STEP_BY <: usize)
       (fun re temp_1_ ->
-          let re:t_Array u8 (sz 32) = re in
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in
           let _:usize = temp_1_ in
           true)
       re
       (fun re j ->
-          let re:t_Array u8 (sz 32) = re in
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in
           let j:usize = j in
-          let a_minus_b:u8 =
-            Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ j +! v_STEP_BY <: usize ] <: u8)
-              (re.[ j ] <: u8)
+          let a_minus_b:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
+            Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ j +! v_STEP_BY <: usize ]
+                <:
+                Libcrux_intrinsics.Avx2_extract.t_Vec256)
+              (re.[ j ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
           in
-          let re:t_Array u8 (sz 32) =
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
               j
-              (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ j ] <: u8)
-                  (re.[ j +! v_STEP_BY <: usize ] <: u8)
+              (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ j ]
+                    <:
+                    Libcrux_intrinsics.Avx2_extract.t_Vec256)
+                  (re.[ j +! v_STEP_BY <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256)
                 <:
-                u8)
+                Libcrux_intrinsics.Avx2_extract.t_Vec256)
           in
-          let re:t_Array u8 (sz 32) =
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
               (j +! v_STEP_BY <: usize)
               (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply_by_constant a_minus_b v_ZETA
                 <:
-                u8)
+                Libcrux_intrinsics.Avx2_extract.t_Vec256)
           in
           re)
   in
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   re
 
-let invert_ntt_at_layer_3_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 0) (sz 1) 280005l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 2) (sz 1) 4010497l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 4) (sz 1) (-19422l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 6) (sz 1) 1757237l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 8) (sz 1) (-3277672l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 10) (sz 1) (-1399561l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 12) (sz 1) (-3859737l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 14) (sz 1) (-2118186l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 16) (sz 1) (-2108549l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 18) (sz 1) 2619752l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 20) (sz 1) (-1119584l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 22) (sz 1) (-549488l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 24) (sz 1) 3585928l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 26) (sz 1) (-1079900l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 28) (sz 1) 1024112l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 30) (sz 1) 2725464l re in
+let invert_ntt_at_layer_3_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 0) (sz 1) 280005l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 2) (sz 1) 4010497l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 4) (sz 1) (-19422l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 6) (sz 1) 1757237l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 8) (sz 1) (-3277672l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 10) (sz 1) (-1399561l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 12) (sz 1) (-3859737l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 14) (sz 1) (-2118186l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 16) (sz 1) (-2108549l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 18) (sz 1) 2619752l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 20) (sz 1) (-1119584l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 22) (sz 1) (-549488l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 24) (sz 1) 3585928l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 26) (sz 1) (-1079900l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 28) (sz 1) 1024112l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 30) (sz 1) 2725464l re
+  in
   re
 
-let invert_ntt_at_layer_4_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 0) (sz 2) 2680103l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 4) (sz 2) 3111497l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 8) (sz 2) (-2884855l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 12) (sz 2) 3119733l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 16) (sz 2) (-2091905l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 20) (sz 2) (-359251l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 24) (sz 2) 2353451l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 28) (sz 2) 1826347l re in
+let invert_ntt_at_layer_4_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 0) (sz 2) 2680103l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 4) (sz 2) 3111497l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 8) (sz 2) (-2884855l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 12) (sz 2) 3119733l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 16) (sz 2) (-2091905l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 20) (sz 2) (-359251l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 24) (sz 2) 2353451l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 28) (sz 2) 1826347l re
+  in
   re
 
-let invert_ntt_at_layer_5_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 0) (sz 4) 466468l re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 8) (sz 4) (-876248l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 16) (sz 4) (-777960l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 24) (sz 4) 237124l re in
+let invert_ntt_at_layer_5_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 0) (sz 4) 466468l re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 8) (sz 4) (-876248l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 16) (sz 4) (-777960l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 24) (sz 4) 237124l re
+  in
   re
 
-let invert_ntt_at_layer_6_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 0) (sz 8) (-518909l) re in
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 16) (sz 8) (-2608894l) re in
+let invert_ntt_at_layer_6_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 0) (sz 8) (-518909l) re
+  in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 16) (sz 8) (-2608894l) re
+  in
   re
 
-let invert_ntt_at_layer_7_ (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = outer_3_plus (sz 0) (sz 16) 25847l re in
+let invert_ntt_at_layer_7_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+    outer_3_plus (sz 0) (sz 16) 25847l re
+  in
   re
 
-let invert_ntt_montgomery (re: t_Array u8 (sz 32)) =
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_0_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_1_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_2_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_3_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_4_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_5_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_6_ re in
-  let re:t_Array u8 (sz 32) = invert_ntt_at_layer_7_ re in
+let invert_ntt_montgomery (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_0_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_1_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_2_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_3_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_4_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_5_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_6_ re in
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = invert_ntt_at_layer_7_ re in
   let _:Prims.unit = () in
-  let re:t_Array u8 (sz 32) =
+  let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
-      (Core.Slice.impl__len #u8 (re <: t_Slice u8) <: usize)
+      (Core.Slice.impl__len #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          (re <: t_Slice Libcrux_intrinsics.Avx2_extract.t_Vec256)
+        <:
+        usize)
       (fun re temp_1_ ->
-          let re:t_Array u8 (sz 32) = re in
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in
           let _:usize = temp_1_ in
           true)
       re
       (fun re i ->
-          let re:t_Array u8 (sz 32) = re in
+          let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in
           let i:usize = i in
           Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
             i
-            (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply_by_constant (re.[ i ] <: u8)
+            (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply_by_constant (re.[ i ]
+                  <:
+                  Libcrux_intrinsics.Avx2_extract.t_Vec256)
                 41978l
               <:
-              u8)
+              Libcrux_intrinsics.Avx2_extract.t_Vec256)
           <:
-          t_Array u8 (sz 32))
+          t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
   in
   re
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti
index 9422d42f8..23e4bca7c 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti
@@ -26,57 +26,102 @@ let invert_ntt_at_layer_7___STEP_BY: usize = sz 16
 let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = 216l
 
 val simd_unit_invert_ntt_at_layer_0_
-      (simd_unit0 simd_unit1: u8)
+      (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256)
       (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32)
-    : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 val invert_ntt_at_layer_0___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_0_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val simd_unit_invert_ntt_at_layer_1_ (simd_unit0 simd_unit1: u8) (zeta00 zeta01 zeta10 zeta11: i32)
-    : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_0_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val simd_unit_invert_ntt_at_layer_1_
+      (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta00 zeta01 zeta10 zeta11: i32)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
 
 val invert_ntt_at_layer_1___round
-      (re: t_Array u8 (sz 32))
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
       (zeta_00_ zeta_01_ zeta_10_ zeta_11_: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_1_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val simd_unit_invert_ntt_at_layer_2_ (simd_unit0 simd_unit1: u8) (zeta0 zeta1: i32)
-    : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2___round (re: t_Array u8 (sz 32)) (index: usize) (zeta1 zeta2: i32)
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_3_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_4_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_5_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_6_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_7_ (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_montgomery (re: t_Array u8 (sz 32))
-    : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_1_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val simd_unit_invert_ntt_at_layer_2_
+      (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      (zeta0 zeta1: i32)
+    : Prims.Pure
+      (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_2___round
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      (index: usize)
+      (zeta1 zeta2: i32)
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_2_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val outer_3_plus
+      (v_OFFSET v_STEP_BY: usize)
+      (v_ZETA: i32)
+      (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_3_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_4_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_5_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_6_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_at_layer_7_ (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+val invert_ntt_montgomery (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+    : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst
index 51a492f62..d8d17ec4c 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst
@@ -203,72 +203,6 @@ let butterfly_8_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i
   <:
   (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256)
 
-let invert_ntt_at_layer_0_
-      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
-      (zeta0 zeta1 zeta2 zeta3: i32)
-     =
-  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta3 0l zeta2 0l zeta1 0l zeta0 0l
-  in
-  let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) 1l (-1l) 1l (-1l) 1l (-1l) 1l
-  in
-  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 177l simd_unit
-  in
-  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs
-  in
-  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by
-  in
-  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas
-  in
-  Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l sums products
-
-let invert_ntt_at_layer_1_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32) =
-  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 zeta1 0l 0l zeta0 zeta0 0l 0l
-  in
-  let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) (-1l) 1l 1l (-1l) (-1l) 1l 1l
-  in
-  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 78l simd_unit
-  in
-  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs
-  in
-  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by
-  in
-  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas
-  in
-  Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 204l sums products
-
-let invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i32) =
-  let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta zeta zeta zeta 0l 0l 0l 0l
-  in
-  let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) (-1l) (-1l) (-1l) 1l 1l 1l 1l
-  in
-  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 78l simd_unit
-  in
-  let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs
-  in
-  let sums:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 simd_unit add_by
-  in
-  let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
-    Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas
-  in
-  Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 240l sums products
-
 let ntt_at_layer_0___round
       (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti
index 3e8e8ddf7..40c8f1b32 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti
@@ -58,17 +58,6 @@ val butterfly_8_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i
       Prims.l_True
       (fun _ -> Prims.l_True)
 
-val invert_ntt_at_layer_0_
-      (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256)
-      (zeta0 zeta1 zeta2 zeta3: i32)
-    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_1_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32)
-    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i32)
-    : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
-
 val ntt_at_layer_0___round
       (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
       (index: usize)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst
index 5cddf2bbf..6e1832690 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst
@@ -3,440 +3,6 @@ module Libcrux_ml_dsa.Simd.Portable.Ntt
 open Core
 open FStar.Mul
 
-let invert_ntt_at_layer_0_
-      (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-      (zeta0 zeta1 zeta2 zeta3: i32)
-     =
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 0)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 1)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 2)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 3)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 4)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 5)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta2
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 6)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 7)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta3
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  simd_unit
-
-let invert_ntt_at_layer_1_
-      (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-      (zeta0 zeta1: i32)
-     =
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 0)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 2)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 1)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 3)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 4)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 6)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 5)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 7)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  simd_unit
-
-let invert_ntt_at_layer_2_
-      (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-      (zeta: i32)
-     =
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 0)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 4)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32
-        )
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 1)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 5)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32
-        )
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 2)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 6)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32
-        )
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let a_minus_b:i32 =
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) -!
-    (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32)
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 3)
-        ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) +!
-          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32)
-          <:
-          i32)
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
-    {
-      simd_unit with
-      Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-      =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit
-          .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients
-        (sz 7)
-        (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32
-        )
-    }
-    <:
-    Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-  in
-  simd_unit
-
 let simd_unit_ntt_at_layer_0_
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
       (zeta0 zeta1 zeta2 zeta3: i32)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti
index ae1f422e4..08682c48d 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti
@@ -23,27 +23,6 @@ let ntt_at_layer_7___STEP: usize = sz 128
 
 let ntt_at_layer_7___STEP_BY: usize = sz 16
 
-val invert_ntt_at_layer_0_
-      (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-      (zeta0 zeta1 zeta2 zeta3: i32)
-    : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_1_
-      (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-      (zeta0 zeta1: i32)
-    : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-val invert_ntt_at_layer_2_
-      (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-      (zeta: i32)
-    : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
 val simd_unit_ntt_at_layer_0_
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
       (zeta0 zeta1 zeta2 zeta3: i32)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti
index 543e2b390..280e421e6 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti
@@ -59,12 +59,6 @@ class t_Operations (v_Self: Type0) = {
     -> Prims.Pure v_Self
         (f_montgomery_multiply_pre x0 x1)
         (fun result -> f_montgomery_multiply_post x0 x1 result);
-  f_montgomery_multiply_by_constant_pre:v_Self -> i32 -> Type0;
-  f_montgomery_multiply_by_constant_post:v_Self -> i32 -> v_Self -> Type0;
-  f_montgomery_multiply_by_constant:x0: v_Self -> x1: i32
-    -> Prims.Pure v_Self
-        (f_montgomery_multiply_by_constant_pre x0 x1)
-        (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result);
   f_shift_left_then_reduce_pre:v_SHIFT_BY: i32 -> v_Self -> Type0;
   f_shift_left_then_reduce_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0;
   f_shift_left_then_reduce:v_SHIFT_BY: i32 -> x0: v_Self
@@ -152,24 +146,12 @@ class t_Operations (v_Self: Type0) = {
   f_ntt_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0;
   f_ntt:x0: t_Array v_Self (sz 32)
     -> Prims.Pure (t_Array v_Self (sz 32)) (f_ntt_pre x0) (fun result -> f_ntt_post x0 result);
-  f_invert_ntt_at_layer_0_pre:v_Self -> i32 -> i32 -> i32 -> i32 -> Type0;
-  f_invert_ntt_at_layer_0_post:v_Self -> i32 -> i32 -> i32 -> i32 -> v_Self -> Type0;
-  f_invert_ntt_at_layer_0_:x0: v_Self -> x1: i32 -> x2: i32 -> x3: i32 -> x4: i32
-    -> Prims.Pure v_Self
-        (f_invert_ntt_at_layer_0_pre x0 x1 x2 x3 x4)
-        (fun result -> f_invert_ntt_at_layer_0_post x0 x1 x2 x3 x4 result);
-  f_invert_ntt_at_layer_1_pre:v_Self -> i32 -> i32 -> Type0;
-  f_invert_ntt_at_layer_1_post:v_Self -> i32 -> i32 -> v_Self -> Type0;
-  f_invert_ntt_at_layer_1_:x0: v_Self -> x1: i32 -> x2: i32
-    -> Prims.Pure v_Self
-        (f_invert_ntt_at_layer_1_pre x0 x1 x2)
-        (fun result -> f_invert_ntt_at_layer_1_post x0 x1 x2 result);
-  f_invert_ntt_at_layer_2_pre:v_Self -> i32 -> Type0;
-  f_invert_ntt_at_layer_2_post:v_Self -> i32 -> v_Self -> Type0;
-  f_invert_ntt_at_layer_2_:x0: v_Self -> x1: i32
-    -> Prims.Pure v_Self
-        (f_invert_ntt_at_layer_2_pre x0 x1)
-        (fun result -> f_invert_ntt_at_layer_2_post x0 x1 result)
+  f_invert_ntt_montgomery_pre:t_Array v_Self (sz 32) -> Type0;
+  f_invert_ntt_montgomery_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0;
+  f_invert_ntt_montgomery:x0: t_Array v_Self (sz 32)
+    -> Prims.Pure (t_Array v_Self (sz 32))
+        (f_invert_ntt_montgomery_pre x0)
+        (fun result -> f_invert_ntt_montgomery_post x0 result)
 }
 
 let v_COEFFICIENTS_IN_SIMD_UNIT: usize = sz 8
@@ -180,6 +162,3 @@ let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = 58728449uL
 
 let v_SIMD_UNITS_IN_RING_ELEMENT: usize =
   Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! v_COEFFICIENTS_IN_SIMD_UNIT
-
-val montgomery_multiply_by_fer (#v_S: Type0) {| i1: t_Operations v_S |} (simd_unit: v_S) (fer: i32)
-    : Prims.Pure v_S Prims.l_True (fun _ -> Prims.l_True)

From 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sat, 30 Nov 2024 12:21:29 +0000
Subject: [PATCH 041/142] dsa extra

---
 .../extraction/Libcrux_ml_dsa.Simd.Avx2.fst   | 564 ++++++++++++++++++
 .../Libcrux_ml_dsa.Simd.Portable.fst          | 462 ++++++++++++++
 2 files changed, 1026 insertions(+)
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst
new file mode 100644
index 000000000..236abe5bd
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst
@@ -0,0 +1,564 @@
+module Libcrux_ml_dsa.Simd.Avx2
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Simd.Avx2.Vector_type in
+  ()
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations
+Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    f_ZERO_pre = (fun (_: Prims.unit) -> true);
+    f_ZERO_post
+    =
+    (fun (_: Prims.unit) (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_dsa.Simd.Avx2.Vector_type.v_ZERO ());
+    f_from_coefficient_array_pre = (fun (coefficient_array: t_Slice i32) -> true);
+    f_from_coefficient_array_post
+    =
+    (fun
+        (coefficient_array: t_Slice i32)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_from_coefficient_array
+    =
+    (fun (coefficient_array: t_Slice i32) ->
+        Libcrux_ml_dsa.Simd.Avx2.Vector_type.from_coefficient_array coefficient_array);
+    f_to_coefficient_array_pre
+    =
+    (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_to_coefficient_array_post
+    =
+    (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (out: t_Array i32 (sz 8)) ->
+        true);
+    f_to_coefficient_array
+    =
+    (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Avx2.Vector_type.to_coefficient_array self);
+    f_add_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_add_post
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_add
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add lhs
+                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+              rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_subtract_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_subtract_post
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_subtract
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract lhs
+                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+              rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_montgomery_multiply_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_montgomery_multiply_post
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_montgomery_multiply
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply lhs
+                .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+              rhs.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_shift_left_then_reduce_pre
+    =
+    (fun (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_shift_left_then_reduce_post
+    =
+    (fun
+        (v_SHIFT_BY: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_shift_left_then_reduce
+    =
+    (fun (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.shift_left_then_reduce v_SHIFT_BY
+              simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_power2round_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_power2round_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out:
+          (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
+            Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit))
+        ->
+        true);
+    f_power2round
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        let lower, upper:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+          Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+          Libcrux_ml_dsa.Simd.Avx2.Arithmetic.power2round simd_unit
+              .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+        in
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          lower,
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          upper
+        <:
+        (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
+          Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
+    f_infinity_norm_exceeds_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (bound: i32) -> true);
+    f_infinity_norm_exceeds_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (bound: i32)
+        (out: bool)
+        ->
+        true);
+    f_infinity_norm_exceeds
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (bound: i32) ->
+        Libcrux_ml_dsa.Simd.Avx2.Arithmetic.infinity_norm_exceeds simd_unit
+            .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+          bound);
+    f_decompose_pre
+    =
+    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_decompose_post
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out:
+          (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
+            Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit))
+        ->
+        true);
+    f_decompose
+    =
+    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        let lower, upper:(Libcrux_intrinsics.Avx2_extract.t_Vec256 &
+          Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+          Libcrux_ml_dsa.Simd.Avx2.Arithmetic.decompose v_GAMMA2
+            simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+        in
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          lower,
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          upper
+        <:
+        (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit &
+          Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
+    f_compute_hint_pre
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_compute_hint_post
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: (usize & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit))
+        ->
+        true);
+    f_compute_hint
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (low: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (high: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        let count, hint:(usize & Libcrux_intrinsics.Avx2_extract.t_Vec256) =
+          Libcrux_ml_dsa.Simd.Avx2.Arithmetic.compute_hint v_GAMMA2
+            low.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            high.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+        in
+        count,
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          hint
+        <:
+        (usize & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
+    f_use_hint_pre
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_use_hint_post
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_use_hint
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (hint: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.use_hint v_GAMMA2
+              simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+              hint.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_rejection_sample_less_than_field_modulus_pre
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
+    f_rejection_sample_less_than_field_modulus_post
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
+    f_rejection_sample_less_than_field_modulus
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
+        let tmp0, out1:(t_Slice i32 & usize) =
+          Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.sample randomness out
+        in
+        let out:t_Slice i32 = tmp0 in
+        let hax_temp_output:usize = out1 in
+        out, hax_temp_output <: (t_Slice i32 & usize));
+    f_rejection_sample_less_than_eta_equals_2_pre
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
+    f_rejection_sample_less_than_eta_equals_2_post
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
+    f_rejection_sample_less_than_eta_equals_2_
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
+        let tmp0, out1:(t_Slice i32 & usize) =
+          Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 2) randomness out
+        in
+        let out:t_Slice i32 = tmp0 in
+        let hax_temp_output:usize = out1 in
+        out, hax_temp_output <: (t_Slice i32 & usize));
+    f_rejection_sample_less_than_eta_equals_4_pre
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
+    f_rejection_sample_less_than_eta_equals_4_post
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
+    f_rejection_sample_less_than_eta_equals_4_
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
+        let tmp0, out1:(t_Slice i32 & usize) =
+          Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 4) randomness out
+        in
+        let out:t_Slice i32 = tmp0 in
+        let hax_temp_output:usize = out1 in
+        out, hax_temp_output <: (t_Slice i32 & usize));
+    f_gamma1_serialize_pre
+    =
+    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        true);
+    f_gamma1_serialize_post
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: t_Array u8 v_OUTPUT_SIZE)
+        ->
+        true);
+    f_gamma1_serialize
+    =
+    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.serialize v_OUTPUT_SIZE
+          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true);
+    f_gamma1_deserialize_post
+    =
+    (fun
+        (v_GAMMA1_EXPONENT: usize)
+        (serialized: t_Slice u8)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_gamma1_deserialize
+    =
+    (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_commitment_serialize_pre
+    =
+    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        true);
+    f_commitment_serialize_post
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: t_Array u8 v_OUTPUT_SIZE)
+        ->
+        true);
+    f_commitment_serialize
+    =
+    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.serialize v_OUTPUT_SIZE
+          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    f_error_serialize_pre
+    =
+    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        true);
+    f_error_serialize_post
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: t_Array u8 v_OUTPUT_SIZE)
+        ->
+        true);
+    f_error_serialize
+    =
+    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.serialize v_OUTPUT_SIZE
+          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true);
+    f_error_deserialize_post
+    =
+    (fun
+        (v_ETA: usize)
+        (serialized: t_Slice u8)
+        (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        ->
+        true);
+    f_error_deserialize
+    =
+    (fun (v_ETA: usize) (serialized: t_Slice u8) ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize v_ETA serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_t0_serialize_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_t0_serialize_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: t_Array u8 (sz 13))
+        ->
+        true);
+    f_t0_serialize
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.serialize simd_unit
+            .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    f_t0_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
+    f_t0_deserialize_post
+    =
+    (fun (serialized: t_Slice u8) (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true
+    );
+    f_t0_deserialize
+    =
+    (fun (serialized: t_Slice u8) ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.deserialize serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_t1_serialize_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true);
+    f_t1_serialize_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (out: t_Array u8 (sz 10))
+        ->
+        true);
+    f_t1_serialize
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.serialize simd_unit
+            .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    f_t1_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
+    f_t1_deserialize_post
+    =
+    (fun (serialized: t_Slice u8) (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true
+    );
+    f_t1_deserialize
+    =
+    (fun (serialized: t_Slice u8) ->
+        Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          #FStar.Tactics.Typeclasses.solve
+          (Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.deserialize serialized
+            <:
+            Libcrux_intrinsics.Avx2_extract.t_Vec256));
+    f_ntt_pre
+    =
+    (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> true);
+    f_ntt_post
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32))
+        (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32))
+        ->
+        true);
+    f_ntt
+    =
+    (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) ->
+        let result:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+          Libcrux_ml_dsa.Simd.Avx2.Ntt.ntt (Core.Array.impl_23__map #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+                (sz 32)
+                #Libcrux_intrinsics.Avx2_extract.t_Vec256
+                simd_units
+                (fun x ->
+                    let x:Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = x in
+                    x.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients)
+              <:
+              t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+        in
+        Core.Array.impl_23__map #Libcrux_intrinsics.Avx2_extract.t_Vec256
+          (sz 32)
+          #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+          result
+          (fun x ->
+              let x:Libcrux_intrinsics.Avx2_extract.t_Vec256 = x in
+              Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+                #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+                #FStar.Tactics.Typeclasses.solve
+                x
+              <:
+              Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit));
+    f_invert_ntt_montgomery_pre
+    =
+    (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> true);
+    f_invert_ntt_montgomery_post
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32))
+        (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32))
+        ->
+        true);
+    f_invert_ntt_montgomery
+    =
+    fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) ->
+      let result:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) =
+        Libcrux_ml_dsa.Simd.Avx2.Invntt.invert_ntt_montgomery (Core.Array.impl_23__map #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+              (sz 32)
+              #Libcrux_intrinsics.Avx2_extract.t_Vec256
+              simd_units
+              (fun x ->
+                  let x:Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = x in
+                  x.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients)
+            <:
+            t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32))
+      in
+      Core.Array.impl_23__map #Libcrux_intrinsics.Avx2_extract.t_Vec256
+        (sz 32)
+        #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+        result
+        (fun x ->
+            let x:Libcrux_intrinsics.Avx2_extract.t_Vec256 = x in
+            Core.Convert.f_into #Libcrux_intrinsics.Avx2_extract.t_Vec256
+              #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+              #FStar.Tactics.Typeclasses.solve
+              x
+            <:
+            Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst
new file mode 100644
index 000000000..b5c72724c
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst
@@ -0,0 +1,462 @@
+module Libcrux_ml_dsa.Simd.Portable
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Simd.Portable.Vector_type in
+  ()
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations
+Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
+  {
+    _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve;
+    _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve;
+    f_ZERO_pre = (fun (_: Prims.unit) -> true);
+    f_ZERO_post
+    =
+    (fun (_: Prims.unit) (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
+    f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_dsa.Simd.Portable.Vector_type.v_ZERO ());
+    f_from_coefficient_array_pre = (fun (array: t_Slice i32) -> true);
+    f_from_coefficient_array_post
+    =
+    (fun (array: t_Slice i32) (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        true);
+    f_from_coefficient_array
+    =
+    (fun (array: t_Slice i32) ->
+        Libcrux_ml_dsa.Simd.Portable.Vector_type.from_coefficient_array array);
+    f_to_coefficient_array_pre
+    =
+    (fun (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
+    f_to_coefficient_array_post
+    =
+    (fun
+        (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: t_Array i32 (sz 8))
+        ->
+        true);
+    f_to_coefficient_array
+    =
+    (fun (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Portable.Vector_type.to_coefficient_array self);
+    f_add_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_add_post
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_add
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.add lhs rhs);
+    f_subtract_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_subtract_post
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_subtract
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract lhs rhs);
+    f_montgomery_multiply_pre
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_montgomery_multiply_post
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_montgomery_multiply
+    =
+    (fun
+        (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply lhs rhs);
+    f_shift_left_then_reduce_pre
+    =
+    (fun
+        (v_SHIFT_BY: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_shift_left_then_reduce_post
+    =
+    (fun
+        (v_SHIFT_BY: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_shift_left_then_reduce
+    =
+    (fun
+        (v_SHIFT_BY: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.shift_left_then_reduce v_SHIFT_BY simd_unit);
+    f_power2round_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
+    f_power2round_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out:
+          (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit &
+            Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit))
+        ->
+        true);
+    f_power2round
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.power2round simd_unit);
+    f_infinity_norm_exceeds_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (bound: i32) ->
+        true);
+    f_infinity_norm_exceeds_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (bound: i32)
+        (out: bool)
+        ->
+        true);
+    f_infinity_norm_exceeds
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (bound: i32) ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.infinity_norm_exceeds simd_unit bound);
+    f_decompose_pre
+    =
+    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        true);
+    f_decompose_post
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out:
+          (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit &
+            Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit))
+        ->
+        true);
+    f_decompose
+    =
+    (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.decompose v_GAMMA2 simd_unit);
+    f_compute_hint_pre
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_compute_hint_post
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: (usize & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit))
+        ->
+        true);
+    f_compute_hint
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.compute_hint v_GAMMA2 low high);
+    f_use_hint_pre
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_use_hint_post
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_use_hint
+    =
+    (fun
+        (v_GAMMA2: i32)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Arithmetic.use_hint v_GAMMA2 simd_unit hint);
+    f_rejection_sample_less_than_field_modulus_pre
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
+    f_rejection_sample_less_than_field_modulus_post
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
+    f_rejection_sample_less_than_field_modulus
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
+        let tmp0, out1:(t_Slice i32 & usize) =
+          Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_field_modulus randomness
+            out
+        in
+        let out:t_Slice i32 = tmp0 in
+        let hax_temp_output:usize = out1 in
+        out, hax_temp_output <: (t_Slice i32 & usize));
+    f_rejection_sample_less_than_eta_equals_2_pre
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
+    f_rejection_sample_less_than_eta_equals_2_post
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
+    f_rejection_sample_less_than_eta_equals_2_
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
+        let tmp0, out1:(t_Slice i32 & usize) =
+          Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_eta_equals_2_ randomness
+            out
+        in
+        let out:t_Slice i32 = tmp0 in
+        let hax_temp_output:usize = out1 in
+        out, hax_temp_output <: (t_Slice i32 & usize));
+    f_rejection_sample_less_than_eta_equals_4_pre
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true);
+    f_rejection_sample_less_than_eta_equals_4_post
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true);
+    f_rejection_sample_less_than_eta_equals_4_
+    =
+    (fun (randomness: t_Slice u8) (out: t_Slice i32) ->
+        let tmp0, out1:(t_Slice i32 & usize) =
+          Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_eta_equals_4_ randomness
+            out
+        in
+        let out:t_Slice i32 = tmp0 in
+        let hax_temp_output:usize = out1 in
+        out, hax_temp_output <: (t_Slice i32 & usize));
+    f_gamma1_serialize_pre
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_gamma1_serialize_post
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: t_Array u8 v_OUTPUT_SIZE)
+        ->
+        true);
+    f_gamma1_serialize
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.serialize v_OUTPUT_SIZE simd_unit);
+    f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true);
+    f_gamma1_deserialize_post
+    =
+    (fun
+        (v_GAMMA1_EXPONENT: usize)
+        (serialized: t_Slice u8)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_gamma1_deserialize
+    =
+    (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized);
+    f_commitment_serialize_pre
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_commitment_serialize_post
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: t_Array u8 v_OUTPUT_SIZE)
+        ->
+        true);
+    f_commitment_serialize
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.serialize v_OUTPUT_SIZE simd_unit);
+    f_error_serialize_pre
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_error_serialize_post
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: t_Array u8 v_OUTPUT_SIZE)
+        ->
+        true);
+    f_error_serialize
+    =
+    (fun
+        (v_OUTPUT_SIZE: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.Error.serialize v_OUTPUT_SIZE simd_unit);
+    f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true);
+    f_error_deserialize_post
+    =
+    (fun
+        (v_ETA: usize)
+        (serialized: t_Slice u8)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_error_deserialize
+    =
+    (fun (v_ETA: usize) (serialized: t_Slice u8) ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.Error.deserialize v_ETA serialized);
+    f_t0_serialize_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
+    f_t0_serialize_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: t_Array u8 (sz 13))
+        ->
+        true);
+    f_t0_serialize
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.T0.serialize simd_unit);
+    f_t0_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
+    f_t0_deserialize_post
+    =
+    (fun
+        (serialized: t_Slice u8)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_t0_deserialize
+    =
+    (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T0.deserialize serialized
+    );
+    f_t1_serialize_pre
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true);
+    f_t1_serialize_post
+    =
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (out: t_Array u8 (sz 10))
+        ->
+        true);
+    f_t1_serialize
+    =
+    (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) ->
+        Libcrux_ml_dsa.Simd.Portable.Encoding.T1.serialize simd_unit);
+    f_t1_deserialize_pre = (fun (serialized: t_Slice u8) -> true);
+    f_t1_deserialize_post
+    =
+    (fun
+        (serialized: t_Slice u8)
+        (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        ->
+        true);
+    f_t1_deserialize
+    =
+    (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T1.deserialize serialized
+    );
+    f_ntt_pre
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        ->
+        true);
+    f_ntt_post
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        ->
+        true);
+    f_ntt
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        ->
+        Libcrux_ml_dsa.Simd.Portable.Ntt.ntt simd_units);
+    f_invert_ntt_montgomery_pre
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        ->
+        true);
+    f_invert_ntt_montgomery_post
+    =
+    (fun
+        (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32))
+        ->
+        true);
+    f_invert_ntt_montgomery
+    =
+    fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) ->
+      Libcrux_ml_dsa.Simd.Portable.Invntt.invert_ntt_montgomery simd_units
+  }

From 2ecc08ac92e56197cd05d04f3e873d8da088ad11 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sun, 1 Dec 2024 11:36:34 +0000
Subject: [PATCH 042/142] boring c code

---
 libcrux-ml-kem/cg.yaml                        |    2 -
 libcrux-ml-kem/cg/benches/mlkem768.cc         |   16 +-
 libcrux-ml-kem/cg/code_gen.txt                |    2 +-
 libcrux-ml-kem/cg/libcrux_core.h              | 2522 ++++++++++++++++-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |    2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     |  902 ++++--
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  719 +++--
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |    2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |    2 +-
 libcrux-ml-kem/cg/tests/mlkem768.cc           |    4 +-
 libcrux-ml-kem/src/ind_cpa.rs                 |   31 +-
 libcrux-ml-kem/src/utils.rs                   |   29 +
 12 files changed, 3764 insertions(+), 469 deletions(-)

diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml
index 6e2c1468e..e2aecda52 100644
--- a/libcrux-ml-kem/cg.yaml
+++ b/libcrux-ml-kem/cg.yaml
@@ -23,8 +23,6 @@ files:
         - [libcrux_sha3, simd, avx2, "*"]
       monomorphizations_exact:
         - [libcrux_sha3, generic_keccak, KeccakState_55]
-        - [libcrux_sha3, generic_keccak, absorb_final_fb ]
-        - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_97 ]
       monomorphizations_of:
         - [libcrux_sha3, avx2, "*"]
         - [libcrux_sha3, simd, avx2, "*"]
diff --git a/libcrux-ml-kem/cg/benches/mlkem768.cc b/libcrux-ml-kem/cg/benches/mlkem768.cc
index 7ce70a7e1..02c0cbbb1 100644
--- a/libcrux-ml-kem/cg/benches/mlkem768.cc
+++ b/libcrux-ml-kem/cg/benches/mlkem768.cc
@@ -35,11 +35,11 @@ kyber768_key_generation_unpacked(benchmark::State &state)
   uint8_t randomness[64];
   generate_random(randomness, 64);
   libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ;
-  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair);
+  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair);
 
   for (auto _ : state)
   {
-    libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair);
+    libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair);
   }
 }
 
@@ -66,7 +66,7 @@ kyber768_encapsulation_unpacked(benchmark::State &state)
   generate_random(randomness, 64);
 
   libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ;
-  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair);
+  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair);
 
   generate_random(randomness, 32);
   auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness);
@@ -102,7 +102,7 @@ kyber768_decapsulation_unpacked(benchmark::State &state)
   generate_random(randomness, 64);
 
   libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ;
-  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair);
+  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair);
 
   generate_random(randomness, 32);
   auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness);
@@ -201,12 +201,12 @@ kyber768_key_generation_avx2_unpacked(benchmark::State &state)
   generate_random(randomness, 64);
 
   libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ;
-  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair);
+  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair);
 
   for (auto _ : state)
   {
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ;
-    libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair);
+    libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair);
   }
 }
 
@@ -233,7 +233,7 @@ kyber768_encapsulation_avx2_unpacked(benchmark::State &state)
   generate_random(randomness, 64);
 
   libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ;
-  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair);
+  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair);
 
   generate_random(randomness, 32);
   auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness);
@@ -269,7 +269,7 @@ kyber768_decapsulation_avx2_unpacked(benchmark::State &state)
   generate_random(randomness, 64);
 
   libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ;
-  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair);
+  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair);
 
   generate_random(randomness, 32);
   auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness);
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index d7203385c..e06b07d6e 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
 F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 4aa72c8f8..eb35fc5d6 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
  */
 
 #ifndef __libcrux_core_H
@@ -209,6 +209,2430 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_9e(
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
+with const generics
+- $2400size_t
+*/
+typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s {
+  uint8_t value[2400U];
+} libcrux_ml_kem_types_MlKemPrivateKey_d9;
+
+/**
+This function found in impl {(core::default::Default for
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#7}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.default_24
+with const generics
+- SIZE= 2400
+*/
+static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
+libcrux_ml_kem_types_default_24_28(void) {
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 lit;
+  lit.value[0U] = 0U;
+  lit.value[1U] = 0U;
+  lit.value[2U] = 0U;
+  lit.value[3U] = 0U;
+  lit.value[4U] = 0U;
+  lit.value[5U] = 0U;
+  lit.value[6U] = 0U;
+  lit.value[7U] = 0U;
+  lit.value[8U] = 0U;
+  lit.value[9U] = 0U;
+  lit.value[10U] = 0U;
+  lit.value[11U] = 0U;
+  lit.value[12U] = 0U;
+  lit.value[13U] = 0U;
+  lit.value[14U] = 0U;
+  lit.value[15U] = 0U;
+  lit.value[16U] = 0U;
+  lit.value[17U] = 0U;
+  lit.value[18U] = 0U;
+  lit.value[19U] = 0U;
+  lit.value[20U] = 0U;
+  lit.value[21U] = 0U;
+  lit.value[22U] = 0U;
+  lit.value[23U] = 0U;
+  lit.value[24U] = 0U;
+  lit.value[25U] = 0U;
+  lit.value[26U] = 0U;
+  lit.value[27U] = 0U;
+  lit.value[28U] = 0U;
+  lit.value[29U] = 0U;
+  lit.value[30U] = 0U;
+  lit.value[31U] = 0U;
+  lit.value[32U] = 0U;
+  lit.value[33U] = 0U;
+  lit.value[34U] = 0U;
+  lit.value[35U] = 0U;
+  lit.value[36U] = 0U;
+  lit.value[37U] = 0U;
+  lit.value[38U] = 0U;
+  lit.value[39U] = 0U;
+  lit.value[40U] = 0U;
+  lit.value[41U] = 0U;
+  lit.value[42U] = 0U;
+  lit.value[43U] = 0U;
+  lit.value[44U] = 0U;
+  lit.value[45U] = 0U;
+  lit.value[46U] = 0U;
+  lit.value[47U] = 0U;
+  lit.value[48U] = 0U;
+  lit.value[49U] = 0U;
+  lit.value[50U] = 0U;
+  lit.value[51U] = 0U;
+  lit.value[52U] = 0U;
+  lit.value[53U] = 0U;
+  lit.value[54U] = 0U;
+  lit.value[55U] = 0U;
+  lit.value[56U] = 0U;
+  lit.value[57U] = 0U;
+  lit.value[58U] = 0U;
+  lit.value[59U] = 0U;
+  lit.value[60U] = 0U;
+  lit.value[61U] = 0U;
+  lit.value[62U] = 0U;
+  lit.value[63U] = 0U;
+  lit.value[64U] = 0U;
+  lit.value[65U] = 0U;
+  lit.value[66U] = 0U;
+  lit.value[67U] = 0U;
+  lit.value[68U] = 0U;
+  lit.value[69U] = 0U;
+  lit.value[70U] = 0U;
+  lit.value[71U] = 0U;
+  lit.value[72U] = 0U;
+  lit.value[73U] = 0U;
+  lit.value[74U] = 0U;
+  lit.value[75U] = 0U;
+  lit.value[76U] = 0U;
+  lit.value[77U] = 0U;
+  lit.value[78U] = 0U;
+  lit.value[79U] = 0U;
+  lit.value[80U] = 0U;
+  lit.value[81U] = 0U;
+  lit.value[82U] = 0U;
+  lit.value[83U] = 0U;
+  lit.value[84U] = 0U;
+  lit.value[85U] = 0U;
+  lit.value[86U] = 0U;
+  lit.value[87U] = 0U;
+  lit.value[88U] = 0U;
+  lit.value[89U] = 0U;
+  lit.value[90U] = 0U;
+  lit.value[91U] = 0U;
+  lit.value[92U] = 0U;
+  lit.value[93U] = 0U;
+  lit.value[94U] = 0U;
+  lit.value[95U] = 0U;
+  lit.value[96U] = 0U;
+  lit.value[97U] = 0U;
+  lit.value[98U] = 0U;
+  lit.value[99U] = 0U;
+  lit.value[100U] = 0U;
+  lit.value[101U] = 0U;
+  lit.value[102U] = 0U;
+  lit.value[103U] = 0U;
+  lit.value[104U] = 0U;
+  lit.value[105U] = 0U;
+  lit.value[106U] = 0U;
+  lit.value[107U] = 0U;
+  lit.value[108U] = 0U;
+  lit.value[109U] = 0U;
+  lit.value[110U] = 0U;
+  lit.value[111U] = 0U;
+  lit.value[112U] = 0U;
+  lit.value[113U] = 0U;
+  lit.value[114U] = 0U;
+  lit.value[115U] = 0U;
+  lit.value[116U] = 0U;
+  lit.value[117U] = 0U;
+  lit.value[118U] = 0U;
+  lit.value[119U] = 0U;
+  lit.value[120U] = 0U;
+  lit.value[121U] = 0U;
+  lit.value[122U] = 0U;
+  lit.value[123U] = 0U;
+  lit.value[124U] = 0U;
+  lit.value[125U] = 0U;
+  lit.value[126U] = 0U;
+  lit.value[127U] = 0U;
+  lit.value[128U] = 0U;
+  lit.value[129U] = 0U;
+  lit.value[130U] = 0U;
+  lit.value[131U] = 0U;
+  lit.value[132U] = 0U;
+  lit.value[133U] = 0U;
+  lit.value[134U] = 0U;
+  lit.value[135U] = 0U;
+  lit.value[136U] = 0U;
+  lit.value[137U] = 0U;
+  lit.value[138U] = 0U;
+  lit.value[139U] = 0U;
+  lit.value[140U] = 0U;
+  lit.value[141U] = 0U;
+  lit.value[142U] = 0U;
+  lit.value[143U] = 0U;
+  lit.value[144U] = 0U;
+  lit.value[145U] = 0U;
+  lit.value[146U] = 0U;
+  lit.value[147U] = 0U;
+  lit.value[148U] = 0U;
+  lit.value[149U] = 0U;
+  lit.value[150U] = 0U;
+  lit.value[151U] = 0U;
+  lit.value[152U] = 0U;
+  lit.value[153U] = 0U;
+  lit.value[154U] = 0U;
+  lit.value[155U] = 0U;
+  lit.value[156U] = 0U;
+  lit.value[157U] = 0U;
+  lit.value[158U] = 0U;
+  lit.value[159U] = 0U;
+  lit.value[160U] = 0U;
+  lit.value[161U] = 0U;
+  lit.value[162U] = 0U;
+  lit.value[163U] = 0U;
+  lit.value[164U] = 0U;
+  lit.value[165U] = 0U;
+  lit.value[166U] = 0U;
+  lit.value[167U] = 0U;
+  lit.value[168U] = 0U;
+  lit.value[169U] = 0U;
+  lit.value[170U] = 0U;
+  lit.value[171U] = 0U;
+  lit.value[172U] = 0U;
+  lit.value[173U] = 0U;
+  lit.value[174U] = 0U;
+  lit.value[175U] = 0U;
+  lit.value[176U] = 0U;
+  lit.value[177U] = 0U;
+  lit.value[178U] = 0U;
+  lit.value[179U] = 0U;
+  lit.value[180U] = 0U;
+  lit.value[181U] = 0U;
+  lit.value[182U] = 0U;
+  lit.value[183U] = 0U;
+  lit.value[184U] = 0U;
+  lit.value[185U] = 0U;
+  lit.value[186U] = 0U;
+  lit.value[187U] = 0U;
+  lit.value[188U] = 0U;
+  lit.value[189U] = 0U;
+  lit.value[190U] = 0U;
+  lit.value[191U] = 0U;
+  lit.value[192U] = 0U;
+  lit.value[193U] = 0U;
+  lit.value[194U] = 0U;
+  lit.value[195U] = 0U;
+  lit.value[196U] = 0U;
+  lit.value[197U] = 0U;
+  lit.value[198U] = 0U;
+  lit.value[199U] = 0U;
+  lit.value[200U] = 0U;
+  lit.value[201U] = 0U;
+  lit.value[202U] = 0U;
+  lit.value[203U] = 0U;
+  lit.value[204U] = 0U;
+  lit.value[205U] = 0U;
+  lit.value[206U] = 0U;
+  lit.value[207U] = 0U;
+  lit.value[208U] = 0U;
+  lit.value[209U] = 0U;
+  lit.value[210U] = 0U;
+  lit.value[211U] = 0U;
+  lit.value[212U] = 0U;
+  lit.value[213U] = 0U;
+  lit.value[214U] = 0U;
+  lit.value[215U] = 0U;
+  lit.value[216U] = 0U;
+  lit.value[217U] = 0U;
+  lit.value[218U] = 0U;
+  lit.value[219U] = 0U;
+  lit.value[220U] = 0U;
+  lit.value[221U] = 0U;
+  lit.value[222U] = 0U;
+  lit.value[223U] = 0U;
+  lit.value[224U] = 0U;
+  lit.value[225U] = 0U;
+  lit.value[226U] = 0U;
+  lit.value[227U] = 0U;
+  lit.value[228U] = 0U;
+  lit.value[229U] = 0U;
+  lit.value[230U] = 0U;
+  lit.value[231U] = 0U;
+  lit.value[232U] = 0U;
+  lit.value[233U] = 0U;
+  lit.value[234U] = 0U;
+  lit.value[235U] = 0U;
+  lit.value[236U] = 0U;
+  lit.value[237U] = 0U;
+  lit.value[238U] = 0U;
+  lit.value[239U] = 0U;
+  lit.value[240U] = 0U;
+  lit.value[241U] = 0U;
+  lit.value[242U] = 0U;
+  lit.value[243U] = 0U;
+  lit.value[244U] = 0U;
+  lit.value[245U] = 0U;
+  lit.value[246U] = 0U;
+  lit.value[247U] = 0U;
+  lit.value[248U] = 0U;
+  lit.value[249U] = 0U;
+  lit.value[250U] = 0U;
+  lit.value[251U] = 0U;
+  lit.value[252U] = 0U;
+  lit.value[253U] = 0U;
+  lit.value[254U] = 0U;
+  lit.value[255U] = 0U;
+  lit.value[256U] = 0U;
+  lit.value[257U] = 0U;
+  lit.value[258U] = 0U;
+  lit.value[259U] = 0U;
+  lit.value[260U] = 0U;
+  lit.value[261U] = 0U;
+  lit.value[262U] = 0U;
+  lit.value[263U] = 0U;
+  lit.value[264U] = 0U;
+  lit.value[265U] = 0U;
+  lit.value[266U] = 0U;
+  lit.value[267U] = 0U;
+  lit.value[268U] = 0U;
+  lit.value[269U] = 0U;
+  lit.value[270U] = 0U;
+  lit.value[271U] = 0U;
+  lit.value[272U] = 0U;
+  lit.value[273U] = 0U;
+  lit.value[274U] = 0U;
+  lit.value[275U] = 0U;
+  lit.value[276U] = 0U;
+  lit.value[277U] = 0U;
+  lit.value[278U] = 0U;
+  lit.value[279U] = 0U;
+  lit.value[280U] = 0U;
+  lit.value[281U] = 0U;
+  lit.value[282U] = 0U;
+  lit.value[283U] = 0U;
+  lit.value[284U] = 0U;
+  lit.value[285U] = 0U;
+  lit.value[286U] = 0U;
+  lit.value[287U] = 0U;
+  lit.value[288U] = 0U;
+  lit.value[289U] = 0U;
+  lit.value[290U] = 0U;
+  lit.value[291U] = 0U;
+  lit.value[292U] = 0U;
+  lit.value[293U] = 0U;
+  lit.value[294U] = 0U;
+  lit.value[295U] = 0U;
+  lit.value[296U] = 0U;
+  lit.value[297U] = 0U;
+  lit.value[298U] = 0U;
+  lit.value[299U] = 0U;
+  lit.value[300U] = 0U;
+  lit.value[301U] = 0U;
+  lit.value[302U] = 0U;
+  lit.value[303U] = 0U;
+  lit.value[304U] = 0U;
+  lit.value[305U] = 0U;
+  lit.value[306U] = 0U;
+  lit.value[307U] = 0U;
+  lit.value[308U] = 0U;
+  lit.value[309U] = 0U;
+  lit.value[310U] = 0U;
+  lit.value[311U] = 0U;
+  lit.value[312U] = 0U;
+  lit.value[313U] = 0U;
+  lit.value[314U] = 0U;
+  lit.value[315U] = 0U;
+  lit.value[316U] = 0U;
+  lit.value[317U] = 0U;
+  lit.value[318U] = 0U;
+  lit.value[319U] = 0U;
+  lit.value[320U] = 0U;
+  lit.value[321U] = 0U;
+  lit.value[322U] = 0U;
+  lit.value[323U] = 0U;
+  lit.value[324U] = 0U;
+  lit.value[325U] = 0U;
+  lit.value[326U] = 0U;
+  lit.value[327U] = 0U;
+  lit.value[328U] = 0U;
+  lit.value[329U] = 0U;
+  lit.value[330U] = 0U;
+  lit.value[331U] = 0U;
+  lit.value[332U] = 0U;
+  lit.value[333U] = 0U;
+  lit.value[334U] = 0U;
+  lit.value[335U] = 0U;
+  lit.value[336U] = 0U;
+  lit.value[337U] = 0U;
+  lit.value[338U] = 0U;
+  lit.value[339U] = 0U;
+  lit.value[340U] = 0U;
+  lit.value[341U] = 0U;
+  lit.value[342U] = 0U;
+  lit.value[343U] = 0U;
+  lit.value[344U] = 0U;
+  lit.value[345U] = 0U;
+  lit.value[346U] = 0U;
+  lit.value[347U] = 0U;
+  lit.value[348U] = 0U;
+  lit.value[349U] = 0U;
+  lit.value[350U] = 0U;
+  lit.value[351U] = 0U;
+  lit.value[352U] = 0U;
+  lit.value[353U] = 0U;
+  lit.value[354U] = 0U;
+  lit.value[355U] = 0U;
+  lit.value[356U] = 0U;
+  lit.value[357U] = 0U;
+  lit.value[358U] = 0U;
+  lit.value[359U] = 0U;
+  lit.value[360U] = 0U;
+  lit.value[361U] = 0U;
+  lit.value[362U] = 0U;
+  lit.value[363U] = 0U;
+  lit.value[364U] = 0U;
+  lit.value[365U] = 0U;
+  lit.value[366U] = 0U;
+  lit.value[367U] = 0U;
+  lit.value[368U] = 0U;
+  lit.value[369U] = 0U;
+  lit.value[370U] = 0U;
+  lit.value[371U] = 0U;
+  lit.value[372U] = 0U;
+  lit.value[373U] = 0U;
+  lit.value[374U] = 0U;
+  lit.value[375U] = 0U;
+  lit.value[376U] = 0U;
+  lit.value[377U] = 0U;
+  lit.value[378U] = 0U;
+  lit.value[379U] = 0U;
+  lit.value[380U] = 0U;
+  lit.value[381U] = 0U;
+  lit.value[382U] = 0U;
+  lit.value[383U] = 0U;
+  lit.value[384U] = 0U;
+  lit.value[385U] = 0U;
+  lit.value[386U] = 0U;
+  lit.value[387U] = 0U;
+  lit.value[388U] = 0U;
+  lit.value[389U] = 0U;
+  lit.value[390U] = 0U;
+  lit.value[391U] = 0U;
+  lit.value[392U] = 0U;
+  lit.value[393U] = 0U;
+  lit.value[394U] = 0U;
+  lit.value[395U] = 0U;
+  lit.value[396U] = 0U;
+  lit.value[397U] = 0U;
+  lit.value[398U] = 0U;
+  lit.value[399U] = 0U;
+  lit.value[400U] = 0U;
+  lit.value[401U] = 0U;
+  lit.value[402U] = 0U;
+  lit.value[403U] = 0U;
+  lit.value[404U] = 0U;
+  lit.value[405U] = 0U;
+  lit.value[406U] = 0U;
+  lit.value[407U] = 0U;
+  lit.value[408U] = 0U;
+  lit.value[409U] = 0U;
+  lit.value[410U] = 0U;
+  lit.value[411U] = 0U;
+  lit.value[412U] = 0U;
+  lit.value[413U] = 0U;
+  lit.value[414U] = 0U;
+  lit.value[415U] = 0U;
+  lit.value[416U] = 0U;
+  lit.value[417U] = 0U;
+  lit.value[418U] = 0U;
+  lit.value[419U] = 0U;
+  lit.value[420U] = 0U;
+  lit.value[421U] = 0U;
+  lit.value[422U] = 0U;
+  lit.value[423U] = 0U;
+  lit.value[424U] = 0U;
+  lit.value[425U] = 0U;
+  lit.value[426U] = 0U;
+  lit.value[427U] = 0U;
+  lit.value[428U] = 0U;
+  lit.value[429U] = 0U;
+  lit.value[430U] = 0U;
+  lit.value[431U] = 0U;
+  lit.value[432U] = 0U;
+  lit.value[433U] = 0U;
+  lit.value[434U] = 0U;
+  lit.value[435U] = 0U;
+  lit.value[436U] = 0U;
+  lit.value[437U] = 0U;
+  lit.value[438U] = 0U;
+  lit.value[439U] = 0U;
+  lit.value[440U] = 0U;
+  lit.value[441U] = 0U;
+  lit.value[442U] = 0U;
+  lit.value[443U] = 0U;
+  lit.value[444U] = 0U;
+  lit.value[445U] = 0U;
+  lit.value[446U] = 0U;
+  lit.value[447U] = 0U;
+  lit.value[448U] = 0U;
+  lit.value[449U] = 0U;
+  lit.value[450U] = 0U;
+  lit.value[451U] = 0U;
+  lit.value[452U] = 0U;
+  lit.value[453U] = 0U;
+  lit.value[454U] = 0U;
+  lit.value[455U] = 0U;
+  lit.value[456U] = 0U;
+  lit.value[457U] = 0U;
+  lit.value[458U] = 0U;
+  lit.value[459U] = 0U;
+  lit.value[460U] = 0U;
+  lit.value[461U] = 0U;
+  lit.value[462U] = 0U;
+  lit.value[463U] = 0U;
+  lit.value[464U] = 0U;
+  lit.value[465U] = 0U;
+  lit.value[466U] = 0U;
+  lit.value[467U] = 0U;
+  lit.value[468U] = 0U;
+  lit.value[469U] = 0U;
+  lit.value[470U] = 0U;
+  lit.value[471U] = 0U;
+  lit.value[472U] = 0U;
+  lit.value[473U] = 0U;
+  lit.value[474U] = 0U;
+  lit.value[475U] = 0U;
+  lit.value[476U] = 0U;
+  lit.value[477U] = 0U;
+  lit.value[478U] = 0U;
+  lit.value[479U] = 0U;
+  lit.value[480U] = 0U;
+  lit.value[481U] = 0U;
+  lit.value[482U] = 0U;
+  lit.value[483U] = 0U;
+  lit.value[484U] = 0U;
+  lit.value[485U] = 0U;
+  lit.value[486U] = 0U;
+  lit.value[487U] = 0U;
+  lit.value[488U] = 0U;
+  lit.value[489U] = 0U;
+  lit.value[490U] = 0U;
+  lit.value[491U] = 0U;
+  lit.value[492U] = 0U;
+  lit.value[493U] = 0U;
+  lit.value[494U] = 0U;
+  lit.value[495U] = 0U;
+  lit.value[496U] = 0U;
+  lit.value[497U] = 0U;
+  lit.value[498U] = 0U;
+  lit.value[499U] = 0U;
+  lit.value[500U] = 0U;
+  lit.value[501U] = 0U;
+  lit.value[502U] = 0U;
+  lit.value[503U] = 0U;
+  lit.value[504U] = 0U;
+  lit.value[505U] = 0U;
+  lit.value[506U] = 0U;
+  lit.value[507U] = 0U;
+  lit.value[508U] = 0U;
+  lit.value[509U] = 0U;
+  lit.value[510U] = 0U;
+  lit.value[511U] = 0U;
+  lit.value[512U] = 0U;
+  lit.value[513U] = 0U;
+  lit.value[514U] = 0U;
+  lit.value[515U] = 0U;
+  lit.value[516U] = 0U;
+  lit.value[517U] = 0U;
+  lit.value[518U] = 0U;
+  lit.value[519U] = 0U;
+  lit.value[520U] = 0U;
+  lit.value[521U] = 0U;
+  lit.value[522U] = 0U;
+  lit.value[523U] = 0U;
+  lit.value[524U] = 0U;
+  lit.value[525U] = 0U;
+  lit.value[526U] = 0U;
+  lit.value[527U] = 0U;
+  lit.value[528U] = 0U;
+  lit.value[529U] = 0U;
+  lit.value[530U] = 0U;
+  lit.value[531U] = 0U;
+  lit.value[532U] = 0U;
+  lit.value[533U] = 0U;
+  lit.value[534U] = 0U;
+  lit.value[535U] = 0U;
+  lit.value[536U] = 0U;
+  lit.value[537U] = 0U;
+  lit.value[538U] = 0U;
+  lit.value[539U] = 0U;
+  lit.value[540U] = 0U;
+  lit.value[541U] = 0U;
+  lit.value[542U] = 0U;
+  lit.value[543U] = 0U;
+  lit.value[544U] = 0U;
+  lit.value[545U] = 0U;
+  lit.value[546U] = 0U;
+  lit.value[547U] = 0U;
+  lit.value[548U] = 0U;
+  lit.value[549U] = 0U;
+  lit.value[550U] = 0U;
+  lit.value[551U] = 0U;
+  lit.value[552U] = 0U;
+  lit.value[553U] = 0U;
+  lit.value[554U] = 0U;
+  lit.value[555U] = 0U;
+  lit.value[556U] = 0U;
+  lit.value[557U] = 0U;
+  lit.value[558U] = 0U;
+  lit.value[559U] = 0U;
+  lit.value[560U] = 0U;
+  lit.value[561U] = 0U;
+  lit.value[562U] = 0U;
+  lit.value[563U] = 0U;
+  lit.value[564U] = 0U;
+  lit.value[565U] = 0U;
+  lit.value[566U] = 0U;
+  lit.value[567U] = 0U;
+  lit.value[568U] = 0U;
+  lit.value[569U] = 0U;
+  lit.value[570U] = 0U;
+  lit.value[571U] = 0U;
+  lit.value[572U] = 0U;
+  lit.value[573U] = 0U;
+  lit.value[574U] = 0U;
+  lit.value[575U] = 0U;
+  lit.value[576U] = 0U;
+  lit.value[577U] = 0U;
+  lit.value[578U] = 0U;
+  lit.value[579U] = 0U;
+  lit.value[580U] = 0U;
+  lit.value[581U] = 0U;
+  lit.value[582U] = 0U;
+  lit.value[583U] = 0U;
+  lit.value[584U] = 0U;
+  lit.value[585U] = 0U;
+  lit.value[586U] = 0U;
+  lit.value[587U] = 0U;
+  lit.value[588U] = 0U;
+  lit.value[589U] = 0U;
+  lit.value[590U] = 0U;
+  lit.value[591U] = 0U;
+  lit.value[592U] = 0U;
+  lit.value[593U] = 0U;
+  lit.value[594U] = 0U;
+  lit.value[595U] = 0U;
+  lit.value[596U] = 0U;
+  lit.value[597U] = 0U;
+  lit.value[598U] = 0U;
+  lit.value[599U] = 0U;
+  lit.value[600U] = 0U;
+  lit.value[601U] = 0U;
+  lit.value[602U] = 0U;
+  lit.value[603U] = 0U;
+  lit.value[604U] = 0U;
+  lit.value[605U] = 0U;
+  lit.value[606U] = 0U;
+  lit.value[607U] = 0U;
+  lit.value[608U] = 0U;
+  lit.value[609U] = 0U;
+  lit.value[610U] = 0U;
+  lit.value[611U] = 0U;
+  lit.value[612U] = 0U;
+  lit.value[613U] = 0U;
+  lit.value[614U] = 0U;
+  lit.value[615U] = 0U;
+  lit.value[616U] = 0U;
+  lit.value[617U] = 0U;
+  lit.value[618U] = 0U;
+  lit.value[619U] = 0U;
+  lit.value[620U] = 0U;
+  lit.value[621U] = 0U;
+  lit.value[622U] = 0U;
+  lit.value[623U] = 0U;
+  lit.value[624U] = 0U;
+  lit.value[625U] = 0U;
+  lit.value[626U] = 0U;
+  lit.value[627U] = 0U;
+  lit.value[628U] = 0U;
+  lit.value[629U] = 0U;
+  lit.value[630U] = 0U;
+  lit.value[631U] = 0U;
+  lit.value[632U] = 0U;
+  lit.value[633U] = 0U;
+  lit.value[634U] = 0U;
+  lit.value[635U] = 0U;
+  lit.value[636U] = 0U;
+  lit.value[637U] = 0U;
+  lit.value[638U] = 0U;
+  lit.value[639U] = 0U;
+  lit.value[640U] = 0U;
+  lit.value[641U] = 0U;
+  lit.value[642U] = 0U;
+  lit.value[643U] = 0U;
+  lit.value[644U] = 0U;
+  lit.value[645U] = 0U;
+  lit.value[646U] = 0U;
+  lit.value[647U] = 0U;
+  lit.value[648U] = 0U;
+  lit.value[649U] = 0U;
+  lit.value[650U] = 0U;
+  lit.value[651U] = 0U;
+  lit.value[652U] = 0U;
+  lit.value[653U] = 0U;
+  lit.value[654U] = 0U;
+  lit.value[655U] = 0U;
+  lit.value[656U] = 0U;
+  lit.value[657U] = 0U;
+  lit.value[658U] = 0U;
+  lit.value[659U] = 0U;
+  lit.value[660U] = 0U;
+  lit.value[661U] = 0U;
+  lit.value[662U] = 0U;
+  lit.value[663U] = 0U;
+  lit.value[664U] = 0U;
+  lit.value[665U] = 0U;
+  lit.value[666U] = 0U;
+  lit.value[667U] = 0U;
+  lit.value[668U] = 0U;
+  lit.value[669U] = 0U;
+  lit.value[670U] = 0U;
+  lit.value[671U] = 0U;
+  lit.value[672U] = 0U;
+  lit.value[673U] = 0U;
+  lit.value[674U] = 0U;
+  lit.value[675U] = 0U;
+  lit.value[676U] = 0U;
+  lit.value[677U] = 0U;
+  lit.value[678U] = 0U;
+  lit.value[679U] = 0U;
+  lit.value[680U] = 0U;
+  lit.value[681U] = 0U;
+  lit.value[682U] = 0U;
+  lit.value[683U] = 0U;
+  lit.value[684U] = 0U;
+  lit.value[685U] = 0U;
+  lit.value[686U] = 0U;
+  lit.value[687U] = 0U;
+  lit.value[688U] = 0U;
+  lit.value[689U] = 0U;
+  lit.value[690U] = 0U;
+  lit.value[691U] = 0U;
+  lit.value[692U] = 0U;
+  lit.value[693U] = 0U;
+  lit.value[694U] = 0U;
+  lit.value[695U] = 0U;
+  lit.value[696U] = 0U;
+  lit.value[697U] = 0U;
+  lit.value[698U] = 0U;
+  lit.value[699U] = 0U;
+  lit.value[700U] = 0U;
+  lit.value[701U] = 0U;
+  lit.value[702U] = 0U;
+  lit.value[703U] = 0U;
+  lit.value[704U] = 0U;
+  lit.value[705U] = 0U;
+  lit.value[706U] = 0U;
+  lit.value[707U] = 0U;
+  lit.value[708U] = 0U;
+  lit.value[709U] = 0U;
+  lit.value[710U] = 0U;
+  lit.value[711U] = 0U;
+  lit.value[712U] = 0U;
+  lit.value[713U] = 0U;
+  lit.value[714U] = 0U;
+  lit.value[715U] = 0U;
+  lit.value[716U] = 0U;
+  lit.value[717U] = 0U;
+  lit.value[718U] = 0U;
+  lit.value[719U] = 0U;
+  lit.value[720U] = 0U;
+  lit.value[721U] = 0U;
+  lit.value[722U] = 0U;
+  lit.value[723U] = 0U;
+  lit.value[724U] = 0U;
+  lit.value[725U] = 0U;
+  lit.value[726U] = 0U;
+  lit.value[727U] = 0U;
+  lit.value[728U] = 0U;
+  lit.value[729U] = 0U;
+  lit.value[730U] = 0U;
+  lit.value[731U] = 0U;
+  lit.value[732U] = 0U;
+  lit.value[733U] = 0U;
+  lit.value[734U] = 0U;
+  lit.value[735U] = 0U;
+  lit.value[736U] = 0U;
+  lit.value[737U] = 0U;
+  lit.value[738U] = 0U;
+  lit.value[739U] = 0U;
+  lit.value[740U] = 0U;
+  lit.value[741U] = 0U;
+  lit.value[742U] = 0U;
+  lit.value[743U] = 0U;
+  lit.value[744U] = 0U;
+  lit.value[745U] = 0U;
+  lit.value[746U] = 0U;
+  lit.value[747U] = 0U;
+  lit.value[748U] = 0U;
+  lit.value[749U] = 0U;
+  lit.value[750U] = 0U;
+  lit.value[751U] = 0U;
+  lit.value[752U] = 0U;
+  lit.value[753U] = 0U;
+  lit.value[754U] = 0U;
+  lit.value[755U] = 0U;
+  lit.value[756U] = 0U;
+  lit.value[757U] = 0U;
+  lit.value[758U] = 0U;
+  lit.value[759U] = 0U;
+  lit.value[760U] = 0U;
+  lit.value[761U] = 0U;
+  lit.value[762U] = 0U;
+  lit.value[763U] = 0U;
+  lit.value[764U] = 0U;
+  lit.value[765U] = 0U;
+  lit.value[766U] = 0U;
+  lit.value[767U] = 0U;
+  lit.value[768U] = 0U;
+  lit.value[769U] = 0U;
+  lit.value[770U] = 0U;
+  lit.value[771U] = 0U;
+  lit.value[772U] = 0U;
+  lit.value[773U] = 0U;
+  lit.value[774U] = 0U;
+  lit.value[775U] = 0U;
+  lit.value[776U] = 0U;
+  lit.value[777U] = 0U;
+  lit.value[778U] = 0U;
+  lit.value[779U] = 0U;
+  lit.value[780U] = 0U;
+  lit.value[781U] = 0U;
+  lit.value[782U] = 0U;
+  lit.value[783U] = 0U;
+  lit.value[784U] = 0U;
+  lit.value[785U] = 0U;
+  lit.value[786U] = 0U;
+  lit.value[787U] = 0U;
+  lit.value[788U] = 0U;
+  lit.value[789U] = 0U;
+  lit.value[790U] = 0U;
+  lit.value[791U] = 0U;
+  lit.value[792U] = 0U;
+  lit.value[793U] = 0U;
+  lit.value[794U] = 0U;
+  lit.value[795U] = 0U;
+  lit.value[796U] = 0U;
+  lit.value[797U] = 0U;
+  lit.value[798U] = 0U;
+  lit.value[799U] = 0U;
+  lit.value[800U] = 0U;
+  lit.value[801U] = 0U;
+  lit.value[802U] = 0U;
+  lit.value[803U] = 0U;
+  lit.value[804U] = 0U;
+  lit.value[805U] = 0U;
+  lit.value[806U] = 0U;
+  lit.value[807U] = 0U;
+  lit.value[808U] = 0U;
+  lit.value[809U] = 0U;
+  lit.value[810U] = 0U;
+  lit.value[811U] = 0U;
+  lit.value[812U] = 0U;
+  lit.value[813U] = 0U;
+  lit.value[814U] = 0U;
+  lit.value[815U] = 0U;
+  lit.value[816U] = 0U;
+  lit.value[817U] = 0U;
+  lit.value[818U] = 0U;
+  lit.value[819U] = 0U;
+  lit.value[820U] = 0U;
+  lit.value[821U] = 0U;
+  lit.value[822U] = 0U;
+  lit.value[823U] = 0U;
+  lit.value[824U] = 0U;
+  lit.value[825U] = 0U;
+  lit.value[826U] = 0U;
+  lit.value[827U] = 0U;
+  lit.value[828U] = 0U;
+  lit.value[829U] = 0U;
+  lit.value[830U] = 0U;
+  lit.value[831U] = 0U;
+  lit.value[832U] = 0U;
+  lit.value[833U] = 0U;
+  lit.value[834U] = 0U;
+  lit.value[835U] = 0U;
+  lit.value[836U] = 0U;
+  lit.value[837U] = 0U;
+  lit.value[838U] = 0U;
+  lit.value[839U] = 0U;
+  lit.value[840U] = 0U;
+  lit.value[841U] = 0U;
+  lit.value[842U] = 0U;
+  lit.value[843U] = 0U;
+  lit.value[844U] = 0U;
+  lit.value[845U] = 0U;
+  lit.value[846U] = 0U;
+  lit.value[847U] = 0U;
+  lit.value[848U] = 0U;
+  lit.value[849U] = 0U;
+  lit.value[850U] = 0U;
+  lit.value[851U] = 0U;
+  lit.value[852U] = 0U;
+  lit.value[853U] = 0U;
+  lit.value[854U] = 0U;
+  lit.value[855U] = 0U;
+  lit.value[856U] = 0U;
+  lit.value[857U] = 0U;
+  lit.value[858U] = 0U;
+  lit.value[859U] = 0U;
+  lit.value[860U] = 0U;
+  lit.value[861U] = 0U;
+  lit.value[862U] = 0U;
+  lit.value[863U] = 0U;
+  lit.value[864U] = 0U;
+  lit.value[865U] = 0U;
+  lit.value[866U] = 0U;
+  lit.value[867U] = 0U;
+  lit.value[868U] = 0U;
+  lit.value[869U] = 0U;
+  lit.value[870U] = 0U;
+  lit.value[871U] = 0U;
+  lit.value[872U] = 0U;
+  lit.value[873U] = 0U;
+  lit.value[874U] = 0U;
+  lit.value[875U] = 0U;
+  lit.value[876U] = 0U;
+  lit.value[877U] = 0U;
+  lit.value[878U] = 0U;
+  lit.value[879U] = 0U;
+  lit.value[880U] = 0U;
+  lit.value[881U] = 0U;
+  lit.value[882U] = 0U;
+  lit.value[883U] = 0U;
+  lit.value[884U] = 0U;
+  lit.value[885U] = 0U;
+  lit.value[886U] = 0U;
+  lit.value[887U] = 0U;
+  lit.value[888U] = 0U;
+  lit.value[889U] = 0U;
+  lit.value[890U] = 0U;
+  lit.value[891U] = 0U;
+  lit.value[892U] = 0U;
+  lit.value[893U] = 0U;
+  lit.value[894U] = 0U;
+  lit.value[895U] = 0U;
+  lit.value[896U] = 0U;
+  lit.value[897U] = 0U;
+  lit.value[898U] = 0U;
+  lit.value[899U] = 0U;
+  lit.value[900U] = 0U;
+  lit.value[901U] = 0U;
+  lit.value[902U] = 0U;
+  lit.value[903U] = 0U;
+  lit.value[904U] = 0U;
+  lit.value[905U] = 0U;
+  lit.value[906U] = 0U;
+  lit.value[907U] = 0U;
+  lit.value[908U] = 0U;
+  lit.value[909U] = 0U;
+  lit.value[910U] = 0U;
+  lit.value[911U] = 0U;
+  lit.value[912U] = 0U;
+  lit.value[913U] = 0U;
+  lit.value[914U] = 0U;
+  lit.value[915U] = 0U;
+  lit.value[916U] = 0U;
+  lit.value[917U] = 0U;
+  lit.value[918U] = 0U;
+  lit.value[919U] = 0U;
+  lit.value[920U] = 0U;
+  lit.value[921U] = 0U;
+  lit.value[922U] = 0U;
+  lit.value[923U] = 0U;
+  lit.value[924U] = 0U;
+  lit.value[925U] = 0U;
+  lit.value[926U] = 0U;
+  lit.value[927U] = 0U;
+  lit.value[928U] = 0U;
+  lit.value[929U] = 0U;
+  lit.value[930U] = 0U;
+  lit.value[931U] = 0U;
+  lit.value[932U] = 0U;
+  lit.value[933U] = 0U;
+  lit.value[934U] = 0U;
+  lit.value[935U] = 0U;
+  lit.value[936U] = 0U;
+  lit.value[937U] = 0U;
+  lit.value[938U] = 0U;
+  lit.value[939U] = 0U;
+  lit.value[940U] = 0U;
+  lit.value[941U] = 0U;
+  lit.value[942U] = 0U;
+  lit.value[943U] = 0U;
+  lit.value[944U] = 0U;
+  lit.value[945U] = 0U;
+  lit.value[946U] = 0U;
+  lit.value[947U] = 0U;
+  lit.value[948U] = 0U;
+  lit.value[949U] = 0U;
+  lit.value[950U] = 0U;
+  lit.value[951U] = 0U;
+  lit.value[952U] = 0U;
+  lit.value[953U] = 0U;
+  lit.value[954U] = 0U;
+  lit.value[955U] = 0U;
+  lit.value[956U] = 0U;
+  lit.value[957U] = 0U;
+  lit.value[958U] = 0U;
+  lit.value[959U] = 0U;
+  lit.value[960U] = 0U;
+  lit.value[961U] = 0U;
+  lit.value[962U] = 0U;
+  lit.value[963U] = 0U;
+  lit.value[964U] = 0U;
+  lit.value[965U] = 0U;
+  lit.value[966U] = 0U;
+  lit.value[967U] = 0U;
+  lit.value[968U] = 0U;
+  lit.value[969U] = 0U;
+  lit.value[970U] = 0U;
+  lit.value[971U] = 0U;
+  lit.value[972U] = 0U;
+  lit.value[973U] = 0U;
+  lit.value[974U] = 0U;
+  lit.value[975U] = 0U;
+  lit.value[976U] = 0U;
+  lit.value[977U] = 0U;
+  lit.value[978U] = 0U;
+  lit.value[979U] = 0U;
+  lit.value[980U] = 0U;
+  lit.value[981U] = 0U;
+  lit.value[982U] = 0U;
+  lit.value[983U] = 0U;
+  lit.value[984U] = 0U;
+  lit.value[985U] = 0U;
+  lit.value[986U] = 0U;
+  lit.value[987U] = 0U;
+  lit.value[988U] = 0U;
+  lit.value[989U] = 0U;
+  lit.value[990U] = 0U;
+  lit.value[991U] = 0U;
+  lit.value[992U] = 0U;
+  lit.value[993U] = 0U;
+  lit.value[994U] = 0U;
+  lit.value[995U] = 0U;
+  lit.value[996U] = 0U;
+  lit.value[997U] = 0U;
+  lit.value[998U] = 0U;
+  lit.value[999U] = 0U;
+  lit.value[1000U] = 0U;
+  lit.value[1001U] = 0U;
+  lit.value[1002U] = 0U;
+  lit.value[1003U] = 0U;
+  lit.value[1004U] = 0U;
+  lit.value[1005U] = 0U;
+  lit.value[1006U] = 0U;
+  lit.value[1007U] = 0U;
+  lit.value[1008U] = 0U;
+  lit.value[1009U] = 0U;
+  lit.value[1010U] = 0U;
+  lit.value[1011U] = 0U;
+  lit.value[1012U] = 0U;
+  lit.value[1013U] = 0U;
+  lit.value[1014U] = 0U;
+  lit.value[1015U] = 0U;
+  lit.value[1016U] = 0U;
+  lit.value[1017U] = 0U;
+  lit.value[1018U] = 0U;
+  lit.value[1019U] = 0U;
+  lit.value[1020U] = 0U;
+  lit.value[1021U] = 0U;
+  lit.value[1022U] = 0U;
+  lit.value[1023U] = 0U;
+  lit.value[1024U] = 0U;
+  lit.value[1025U] = 0U;
+  lit.value[1026U] = 0U;
+  lit.value[1027U] = 0U;
+  lit.value[1028U] = 0U;
+  lit.value[1029U] = 0U;
+  lit.value[1030U] = 0U;
+  lit.value[1031U] = 0U;
+  lit.value[1032U] = 0U;
+  lit.value[1033U] = 0U;
+  lit.value[1034U] = 0U;
+  lit.value[1035U] = 0U;
+  lit.value[1036U] = 0U;
+  lit.value[1037U] = 0U;
+  lit.value[1038U] = 0U;
+  lit.value[1039U] = 0U;
+  lit.value[1040U] = 0U;
+  lit.value[1041U] = 0U;
+  lit.value[1042U] = 0U;
+  lit.value[1043U] = 0U;
+  lit.value[1044U] = 0U;
+  lit.value[1045U] = 0U;
+  lit.value[1046U] = 0U;
+  lit.value[1047U] = 0U;
+  lit.value[1048U] = 0U;
+  lit.value[1049U] = 0U;
+  lit.value[1050U] = 0U;
+  lit.value[1051U] = 0U;
+  lit.value[1052U] = 0U;
+  lit.value[1053U] = 0U;
+  lit.value[1054U] = 0U;
+  lit.value[1055U] = 0U;
+  lit.value[1056U] = 0U;
+  lit.value[1057U] = 0U;
+  lit.value[1058U] = 0U;
+  lit.value[1059U] = 0U;
+  lit.value[1060U] = 0U;
+  lit.value[1061U] = 0U;
+  lit.value[1062U] = 0U;
+  lit.value[1063U] = 0U;
+  lit.value[1064U] = 0U;
+  lit.value[1065U] = 0U;
+  lit.value[1066U] = 0U;
+  lit.value[1067U] = 0U;
+  lit.value[1068U] = 0U;
+  lit.value[1069U] = 0U;
+  lit.value[1070U] = 0U;
+  lit.value[1071U] = 0U;
+  lit.value[1072U] = 0U;
+  lit.value[1073U] = 0U;
+  lit.value[1074U] = 0U;
+  lit.value[1075U] = 0U;
+  lit.value[1076U] = 0U;
+  lit.value[1077U] = 0U;
+  lit.value[1078U] = 0U;
+  lit.value[1079U] = 0U;
+  lit.value[1080U] = 0U;
+  lit.value[1081U] = 0U;
+  lit.value[1082U] = 0U;
+  lit.value[1083U] = 0U;
+  lit.value[1084U] = 0U;
+  lit.value[1085U] = 0U;
+  lit.value[1086U] = 0U;
+  lit.value[1087U] = 0U;
+  lit.value[1088U] = 0U;
+  lit.value[1089U] = 0U;
+  lit.value[1090U] = 0U;
+  lit.value[1091U] = 0U;
+  lit.value[1092U] = 0U;
+  lit.value[1093U] = 0U;
+  lit.value[1094U] = 0U;
+  lit.value[1095U] = 0U;
+  lit.value[1096U] = 0U;
+  lit.value[1097U] = 0U;
+  lit.value[1098U] = 0U;
+  lit.value[1099U] = 0U;
+  lit.value[1100U] = 0U;
+  lit.value[1101U] = 0U;
+  lit.value[1102U] = 0U;
+  lit.value[1103U] = 0U;
+  lit.value[1104U] = 0U;
+  lit.value[1105U] = 0U;
+  lit.value[1106U] = 0U;
+  lit.value[1107U] = 0U;
+  lit.value[1108U] = 0U;
+  lit.value[1109U] = 0U;
+  lit.value[1110U] = 0U;
+  lit.value[1111U] = 0U;
+  lit.value[1112U] = 0U;
+  lit.value[1113U] = 0U;
+  lit.value[1114U] = 0U;
+  lit.value[1115U] = 0U;
+  lit.value[1116U] = 0U;
+  lit.value[1117U] = 0U;
+  lit.value[1118U] = 0U;
+  lit.value[1119U] = 0U;
+  lit.value[1120U] = 0U;
+  lit.value[1121U] = 0U;
+  lit.value[1122U] = 0U;
+  lit.value[1123U] = 0U;
+  lit.value[1124U] = 0U;
+  lit.value[1125U] = 0U;
+  lit.value[1126U] = 0U;
+  lit.value[1127U] = 0U;
+  lit.value[1128U] = 0U;
+  lit.value[1129U] = 0U;
+  lit.value[1130U] = 0U;
+  lit.value[1131U] = 0U;
+  lit.value[1132U] = 0U;
+  lit.value[1133U] = 0U;
+  lit.value[1134U] = 0U;
+  lit.value[1135U] = 0U;
+  lit.value[1136U] = 0U;
+  lit.value[1137U] = 0U;
+  lit.value[1138U] = 0U;
+  lit.value[1139U] = 0U;
+  lit.value[1140U] = 0U;
+  lit.value[1141U] = 0U;
+  lit.value[1142U] = 0U;
+  lit.value[1143U] = 0U;
+  lit.value[1144U] = 0U;
+  lit.value[1145U] = 0U;
+  lit.value[1146U] = 0U;
+  lit.value[1147U] = 0U;
+  lit.value[1148U] = 0U;
+  lit.value[1149U] = 0U;
+  lit.value[1150U] = 0U;
+  lit.value[1151U] = 0U;
+  lit.value[1152U] = 0U;
+  lit.value[1153U] = 0U;
+  lit.value[1154U] = 0U;
+  lit.value[1155U] = 0U;
+  lit.value[1156U] = 0U;
+  lit.value[1157U] = 0U;
+  lit.value[1158U] = 0U;
+  lit.value[1159U] = 0U;
+  lit.value[1160U] = 0U;
+  lit.value[1161U] = 0U;
+  lit.value[1162U] = 0U;
+  lit.value[1163U] = 0U;
+  lit.value[1164U] = 0U;
+  lit.value[1165U] = 0U;
+  lit.value[1166U] = 0U;
+  lit.value[1167U] = 0U;
+  lit.value[1168U] = 0U;
+  lit.value[1169U] = 0U;
+  lit.value[1170U] = 0U;
+  lit.value[1171U] = 0U;
+  lit.value[1172U] = 0U;
+  lit.value[1173U] = 0U;
+  lit.value[1174U] = 0U;
+  lit.value[1175U] = 0U;
+  lit.value[1176U] = 0U;
+  lit.value[1177U] = 0U;
+  lit.value[1178U] = 0U;
+  lit.value[1179U] = 0U;
+  lit.value[1180U] = 0U;
+  lit.value[1181U] = 0U;
+  lit.value[1182U] = 0U;
+  lit.value[1183U] = 0U;
+  lit.value[1184U] = 0U;
+  lit.value[1185U] = 0U;
+  lit.value[1186U] = 0U;
+  lit.value[1187U] = 0U;
+  lit.value[1188U] = 0U;
+  lit.value[1189U] = 0U;
+  lit.value[1190U] = 0U;
+  lit.value[1191U] = 0U;
+  lit.value[1192U] = 0U;
+  lit.value[1193U] = 0U;
+  lit.value[1194U] = 0U;
+  lit.value[1195U] = 0U;
+  lit.value[1196U] = 0U;
+  lit.value[1197U] = 0U;
+  lit.value[1198U] = 0U;
+  lit.value[1199U] = 0U;
+  lit.value[1200U] = 0U;
+  lit.value[1201U] = 0U;
+  lit.value[1202U] = 0U;
+  lit.value[1203U] = 0U;
+  lit.value[1204U] = 0U;
+  lit.value[1205U] = 0U;
+  lit.value[1206U] = 0U;
+  lit.value[1207U] = 0U;
+  lit.value[1208U] = 0U;
+  lit.value[1209U] = 0U;
+  lit.value[1210U] = 0U;
+  lit.value[1211U] = 0U;
+  lit.value[1212U] = 0U;
+  lit.value[1213U] = 0U;
+  lit.value[1214U] = 0U;
+  lit.value[1215U] = 0U;
+  lit.value[1216U] = 0U;
+  lit.value[1217U] = 0U;
+  lit.value[1218U] = 0U;
+  lit.value[1219U] = 0U;
+  lit.value[1220U] = 0U;
+  lit.value[1221U] = 0U;
+  lit.value[1222U] = 0U;
+  lit.value[1223U] = 0U;
+  lit.value[1224U] = 0U;
+  lit.value[1225U] = 0U;
+  lit.value[1226U] = 0U;
+  lit.value[1227U] = 0U;
+  lit.value[1228U] = 0U;
+  lit.value[1229U] = 0U;
+  lit.value[1230U] = 0U;
+  lit.value[1231U] = 0U;
+  lit.value[1232U] = 0U;
+  lit.value[1233U] = 0U;
+  lit.value[1234U] = 0U;
+  lit.value[1235U] = 0U;
+  lit.value[1236U] = 0U;
+  lit.value[1237U] = 0U;
+  lit.value[1238U] = 0U;
+  lit.value[1239U] = 0U;
+  lit.value[1240U] = 0U;
+  lit.value[1241U] = 0U;
+  lit.value[1242U] = 0U;
+  lit.value[1243U] = 0U;
+  lit.value[1244U] = 0U;
+  lit.value[1245U] = 0U;
+  lit.value[1246U] = 0U;
+  lit.value[1247U] = 0U;
+  lit.value[1248U] = 0U;
+  lit.value[1249U] = 0U;
+  lit.value[1250U] = 0U;
+  lit.value[1251U] = 0U;
+  lit.value[1252U] = 0U;
+  lit.value[1253U] = 0U;
+  lit.value[1254U] = 0U;
+  lit.value[1255U] = 0U;
+  lit.value[1256U] = 0U;
+  lit.value[1257U] = 0U;
+  lit.value[1258U] = 0U;
+  lit.value[1259U] = 0U;
+  lit.value[1260U] = 0U;
+  lit.value[1261U] = 0U;
+  lit.value[1262U] = 0U;
+  lit.value[1263U] = 0U;
+  lit.value[1264U] = 0U;
+  lit.value[1265U] = 0U;
+  lit.value[1266U] = 0U;
+  lit.value[1267U] = 0U;
+  lit.value[1268U] = 0U;
+  lit.value[1269U] = 0U;
+  lit.value[1270U] = 0U;
+  lit.value[1271U] = 0U;
+  lit.value[1272U] = 0U;
+  lit.value[1273U] = 0U;
+  lit.value[1274U] = 0U;
+  lit.value[1275U] = 0U;
+  lit.value[1276U] = 0U;
+  lit.value[1277U] = 0U;
+  lit.value[1278U] = 0U;
+  lit.value[1279U] = 0U;
+  lit.value[1280U] = 0U;
+  lit.value[1281U] = 0U;
+  lit.value[1282U] = 0U;
+  lit.value[1283U] = 0U;
+  lit.value[1284U] = 0U;
+  lit.value[1285U] = 0U;
+  lit.value[1286U] = 0U;
+  lit.value[1287U] = 0U;
+  lit.value[1288U] = 0U;
+  lit.value[1289U] = 0U;
+  lit.value[1290U] = 0U;
+  lit.value[1291U] = 0U;
+  lit.value[1292U] = 0U;
+  lit.value[1293U] = 0U;
+  lit.value[1294U] = 0U;
+  lit.value[1295U] = 0U;
+  lit.value[1296U] = 0U;
+  lit.value[1297U] = 0U;
+  lit.value[1298U] = 0U;
+  lit.value[1299U] = 0U;
+  lit.value[1300U] = 0U;
+  lit.value[1301U] = 0U;
+  lit.value[1302U] = 0U;
+  lit.value[1303U] = 0U;
+  lit.value[1304U] = 0U;
+  lit.value[1305U] = 0U;
+  lit.value[1306U] = 0U;
+  lit.value[1307U] = 0U;
+  lit.value[1308U] = 0U;
+  lit.value[1309U] = 0U;
+  lit.value[1310U] = 0U;
+  lit.value[1311U] = 0U;
+  lit.value[1312U] = 0U;
+  lit.value[1313U] = 0U;
+  lit.value[1314U] = 0U;
+  lit.value[1315U] = 0U;
+  lit.value[1316U] = 0U;
+  lit.value[1317U] = 0U;
+  lit.value[1318U] = 0U;
+  lit.value[1319U] = 0U;
+  lit.value[1320U] = 0U;
+  lit.value[1321U] = 0U;
+  lit.value[1322U] = 0U;
+  lit.value[1323U] = 0U;
+  lit.value[1324U] = 0U;
+  lit.value[1325U] = 0U;
+  lit.value[1326U] = 0U;
+  lit.value[1327U] = 0U;
+  lit.value[1328U] = 0U;
+  lit.value[1329U] = 0U;
+  lit.value[1330U] = 0U;
+  lit.value[1331U] = 0U;
+  lit.value[1332U] = 0U;
+  lit.value[1333U] = 0U;
+  lit.value[1334U] = 0U;
+  lit.value[1335U] = 0U;
+  lit.value[1336U] = 0U;
+  lit.value[1337U] = 0U;
+  lit.value[1338U] = 0U;
+  lit.value[1339U] = 0U;
+  lit.value[1340U] = 0U;
+  lit.value[1341U] = 0U;
+  lit.value[1342U] = 0U;
+  lit.value[1343U] = 0U;
+  lit.value[1344U] = 0U;
+  lit.value[1345U] = 0U;
+  lit.value[1346U] = 0U;
+  lit.value[1347U] = 0U;
+  lit.value[1348U] = 0U;
+  lit.value[1349U] = 0U;
+  lit.value[1350U] = 0U;
+  lit.value[1351U] = 0U;
+  lit.value[1352U] = 0U;
+  lit.value[1353U] = 0U;
+  lit.value[1354U] = 0U;
+  lit.value[1355U] = 0U;
+  lit.value[1356U] = 0U;
+  lit.value[1357U] = 0U;
+  lit.value[1358U] = 0U;
+  lit.value[1359U] = 0U;
+  lit.value[1360U] = 0U;
+  lit.value[1361U] = 0U;
+  lit.value[1362U] = 0U;
+  lit.value[1363U] = 0U;
+  lit.value[1364U] = 0U;
+  lit.value[1365U] = 0U;
+  lit.value[1366U] = 0U;
+  lit.value[1367U] = 0U;
+  lit.value[1368U] = 0U;
+  lit.value[1369U] = 0U;
+  lit.value[1370U] = 0U;
+  lit.value[1371U] = 0U;
+  lit.value[1372U] = 0U;
+  lit.value[1373U] = 0U;
+  lit.value[1374U] = 0U;
+  lit.value[1375U] = 0U;
+  lit.value[1376U] = 0U;
+  lit.value[1377U] = 0U;
+  lit.value[1378U] = 0U;
+  lit.value[1379U] = 0U;
+  lit.value[1380U] = 0U;
+  lit.value[1381U] = 0U;
+  lit.value[1382U] = 0U;
+  lit.value[1383U] = 0U;
+  lit.value[1384U] = 0U;
+  lit.value[1385U] = 0U;
+  lit.value[1386U] = 0U;
+  lit.value[1387U] = 0U;
+  lit.value[1388U] = 0U;
+  lit.value[1389U] = 0U;
+  lit.value[1390U] = 0U;
+  lit.value[1391U] = 0U;
+  lit.value[1392U] = 0U;
+  lit.value[1393U] = 0U;
+  lit.value[1394U] = 0U;
+  lit.value[1395U] = 0U;
+  lit.value[1396U] = 0U;
+  lit.value[1397U] = 0U;
+  lit.value[1398U] = 0U;
+  lit.value[1399U] = 0U;
+  lit.value[1400U] = 0U;
+  lit.value[1401U] = 0U;
+  lit.value[1402U] = 0U;
+  lit.value[1403U] = 0U;
+  lit.value[1404U] = 0U;
+  lit.value[1405U] = 0U;
+  lit.value[1406U] = 0U;
+  lit.value[1407U] = 0U;
+  lit.value[1408U] = 0U;
+  lit.value[1409U] = 0U;
+  lit.value[1410U] = 0U;
+  lit.value[1411U] = 0U;
+  lit.value[1412U] = 0U;
+  lit.value[1413U] = 0U;
+  lit.value[1414U] = 0U;
+  lit.value[1415U] = 0U;
+  lit.value[1416U] = 0U;
+  lit.value[1417U] = 0U;
+  lit.value[1418U] = 0U;
+  lit.value[1419U] = 0U;
+  lit.value[1420U] = 0U;
+  lit.value[1421U] = 0U;
+  lit.value[1422U] = 0U;
+  lit.value[1423U] = 0U;
+  lit.value[1424U] = 0U;
+  lit.value[1425U] = 0U;
+  lit.value[1426U] = 0U;
+  lit.value[1427U] = 0U;
+  lit.value[1428U] = 0U;
+  lit.value[1429U] = 0U;
+  lit.value[1430U] = 0U;
+  lit.value[1431U] = 0U;
+  lit.value[1432U] = 0U;
+  lit.value[1433U] = 0U;
+  lit.value[1434U] = 0U;
+  lit.value[1435U] = 0U;
+  lit.value[1436U] = 0U;
+  lit.value[1437U] = 0U;
+  lit.value[1438U] = 0U;
+  lit.value[1439U] = 0U;
+  lit.value[1440U] = 0U;
+  lit.value[1441U] = 0U;
+  lit.value[1442U] = 0U;
+  lit.value[1443U] = 0U;
+  lit.value[1444U] = 0U;
+  lit.value[1445U] = 0U;
+  lit.value[1446U] = 0U;
+  lit.value[1447U] = 0U;
+  lit.value[1448U] = 0U;
+  lit.value[1449U] = 0U;
+  lit.value[1450U] = 0U;
+  lit.value[1451U] = 0U;
+  lit.value[1452U] = 0U;
+  lit.value[1453U] = 0U;
+  lit.value[1454U] = 0U;
+  lit.value[1455U] = 0U;
+  lit.value[1456U] = 0U;
+  lit.value[1457U] = 0U;
+  lit.value[1458U] = 0U;
+  lit.value[1459U] = 0U;
+  lit.value[1460U] = 0U;
+  lit.value[1461U] = 0U;
+  lit.value[1462U] = 0U;
+  lit.value[1463U] = 0U;
+  lit.value[1464U] = 0U;
+  lit.value[1465U] = 0U;
+  lit.value[1466U] = 0U;
+  lit.value[1467U] = 0U;
+  lit.value[1468U] = 0U;
+  lit.value[1469U] = 0U;
+  lit.value[1470U] = 0U;
+  lit.value[1471U] = 0U;
+  lit.value[1472U] = 0U;
+  lit.value[1473U] = 0U;
+  lit.value[1474U] = 0U;
+  lit.value[1475U] = 0U;
+  lit.value[1476U] = 0U;
+  lit.value[1477U] = 0U;
+  lit.value[1478U] = 0U;
+  lit.value[1479U] = 0U;
+  lit.value[1480U] = 0U;
+  lit.value[1481U] = 0U;
+  lit.value[1482U] = 0U;
+  lit.value[1483U] = 0U;
+  lit.value[1484U] = 0U;
+  lit.value[1485U] = 0U;
+  lit.value[1486U] = 0U;
+  lit.value[1487U] = 0U;
+  lit.value[1488U] = 0U;
+  lit.value[1489U] = 0U;
+  lit.value[1490U] = 0U;
+  lit.value[1491U] = 0U;
+  lit.value[1492U] = 0U;
+  lit.value[1493U] = 0U;
+  lit.value[1494U] = 0U;
+  lit.value[1495U] = 0U;
+  lit.value[1496U] = 0U;
+  lit.value[1497U] = 0U;
+  lit.value[1498U] = 0U;
+  lit.value[1499U] = 0U;
+  lit.value[1500U] = 0U;
+  lit.value[1501U] = 0U;
+  lit.value[1502U] = 0U;
+  lit.value[1503U] = 0U;
+  lit.value[1504U] = 0U;
+  lit.value[1505U] = 0U;
+  lit.value[1506U] = 0U;
+  lit.value[1507U] = 0U;
+  lit.value[1508U] = 0U;
+  lit.value[1509U] = 0U;
+  lit.value[1510U] = 0U;
+  lit.value[1511U] = 0U;
+  lit.value[1512U] = 0U;
+  lit.value[1513U] = 0U;
+  lit.value[1514U] = 0U;
+  lit.value[1515U] = 0U;
+  lit.value[1516U] = 0U;
+  lit.value[1517U] = 0U;
+  lit.value[1518U] = 0U;
+  lit.value[1519U] = 0U;
+  lit.value[1520U] = 0U;
+  lit.value[1521U] = 0U;
+  lit.value[1522U] = 0U;
+  lit.value[1523U] = 0U;
+  lit.value[1524U] = 0U;
+  lit.value[1525U] = 0U;
+  lit.value[1526U] = 0U;
+  lit.value[1527U] = 0U;
+  lit.value[1528U] = 0U;
+  lit.value[1529U] = 0U;
+  lit.value[1530U] = 0U;
+  lit.value[1531U] = 0U;
+  lit.value[1532U] = 0U;
+  lit.value[1533U] = 0U;
+  lit.value[1534U] = 0U;
+  lit.value[1535U] = 0U;
+  lit.value[1536U] = 0U;
+  lit.value[1537U] = 0U;
+  lit.value[1538U] = 0U;
+  lit.value[1539U] = 0U;
+  lit.value[1540U] = 0U;
+  lit.value[1541U] = 0U;
+  lit.value[1542U] = 0U;
+  lit.value[1543U] = 0U;
+  lit.value[1544U] = 0U;
+  lit.value[1545U] = 0U;
+  lit.value[1546U] = 0U;
+  lit.value[1547U] = 0U;
+  lit.value[1548U] = 0U;
+  lit.value[1549U] = 0U;
+  lit.value[1550U] = 0U;
+  lit.value[1551U] = 0U;
+  lit.value[1552U] = 0U;
+  lit.value[1553U] = 0U;
+  lit.value[1554U] = 0U;
+  lit.value[1555U] = 0U;
+  lit.value[1556U] = 0U;
+  lit.value[1557U] = 0U;
+  lit.value[1558U] = 0U;
+  lit.value[1559U] = 0U;
+  lit.value[1560U] = 0U;
+  lit.value[1561U] = 0U;
+  lit.value[1562U] = 0U;
+  lit.value[1563U] = 0U;
+  lit.value[1564U] = 0U;
+  lit.value[1565U] = 0U;
+  lit.value[1566U] = 0U;
+  lit.value[1567U] = 0U;
+  lit.value[1568U] = 0U;
+  lit.value[1569U] = 0U;
+  lit.value[1570U] = 0U;
+  lit.value[1571U] = 0U;
+  lit.value[1572U] = 0U;
+  lit.value[1573U] = 0U;
+  lit.value[1574U] = 0U;
+  lit.value[1575U] = 0U;
+  lit.value[1576U] = 0U;
+  lit.value[1577U] = 0U;
+  lit.value[1578U] = 0U;
+  lit.value[1579U] = 0U;
+  lit.value[1580U] = 0U;
+  lit.value[1581U] = 0U;
+  lit.value[1582U] = 0U;
+  lit.value[1583U] = 0U;
+  lit.value[1584U] = 0U;
+  lit.value[1585U] = 0U;
+  lit.value[1586U] = 0U;
+  lit.value[1587U] = 0U;
+  lit.value[1588U] = 0U;
+  lit.value[1589U] = 0U;
+  lit.value[1590U] = 0U;
+  lit.value[1591U] = 0U;
+  lit.value[1592U] = 0U;
+  lit.value[1593U] = 0U;
+  lit.value[1594U] = 0U;
+  lit.value[1595U] = 0U;
+  lit.value[1596U] = 0U;
+  lit.value[1597U] = 0U;
+  lit.value[1598U] = 0U;
+  lit.value[1599U] = 0U;
+  lit.value[1600U] = 0U;
+  lit.value[1601U] = 0U;
+  lit.value[1602U] = 0U;
+  lit.value[1603U] = 0U;
+  lit.value[1604U] = 0U;
+  lit.value[1605U] = 0U;
+  lit.value[1606U] = 0U;
+  lit.value[1607U] = 0U;
+  lit.value[1608U] = 0U;
+  lit.value[1609U] = 0U;
+  lit.value[1610U] = 0U;
+  lit.value[1611U] = 0U;
+  lit.value[1612U] = 0U;
+  lit.value[1613U] = 0U;
+  lit.value[1614U] = 0U;
+  lit.value[1615U] = 0U;
+  lit.value[1616U] = 0U;
+  lit.value[1617U] = 0U;
+  lit.value[1618U] = 0U;
+  lit.value[1619U] = 0U;
+  lit.value[1620U] = 0U;
+  lit.value[1621U] = 0U;
+  lit.value[1622U] = 0U;
+  lit.value[1623U] = 0U;
+  lit.value[1624U] = 0U;
+  lit.value[1625U] = 0U;
+  lit.value[1626U] = 0U;
+  lit.value[1627U] = 0U;
+  lit.value[1628U] = 0U;
+  lit.value[1629U] = 0U;
+  lit.value[1630U] = 0U;
+  lit.value[1631U] = 0U;
+  lit.value[1632U] = 0U;
+  lit.value[1633U] = 0U;
+  lit.value[1634U] = 0U;
+  lit.value[1635U] = 0U;
+  lit.value[1636U] = 0U;
+  lit.value[1637U] = 0U;
+  lit.value[1638U] = 0U;
+  lit.value[1639U] = 0U;
+  lit.value[1640U] = 0U;
+  lit.value[1641U] = 0U;
+  lit.value[1642U] = 0U;
+  lit.value[1643U] = 0U;
+  lit.value[1644U] = 0U;
+  lit.value[1645U] = 0U;
+  lit.value[1646U] = 0U;
+  lit.value[1647U] = 0U;
+  lit.value[1648U] = 0U;
+  lit.value[1649U] = 0U;
+  lit.value[1650U] = 0U;
+  lit.value[1651U] = 0U;
+  lit.value[1652U] = 0U;
+  lit.value[1653U] = 0U;
+  lit.value[1654U] = 0U;
+  lit.value[1655U] = 0U;
+  lit.value[1656U] = 0U;
+  lit.value[1657U] = 0U;
+  lit.value[1658U] = 0U;
+  lit.value[1659U] = 0U;
+  lit.value[1660U] = 0U;
+  lit.value[1661U] = 0U;
+  lit.value[1662U] = 0U;
+  lit.value[1663U] = 0U;
+  lit.value[1664U] = 0U;
+  lit.value[1665U] = 0U;
+  lit.value[1666U] = 0U;
+  lit.value[1667U] = 0U;
+  lit.value[1668U] = 0U;
+  lit.value[1669U] = 0U;
+  lit.value[1670U] = 0U;
+  lit.value[1671U] = 0U;
+  lit.value[1672U] = 0U;
+  lit.value[1673U] = 0U;
+  lit.value[1674U] = 0U;
+  lit.value[1675U] = 0U;
+  lit.value[1676U] = 0U;
+  lit.value[1677U] = 0U;
+  lit.value[1678U] = 0U;
+  lit.value[1679U] = 0U;
+  lit.value[1680U] = 0U;
+  lit.value[1681U] = 0U;
+  lit.value[1682U] = 0U;
+  lit.value[1683U] = 0U;
+  lit.value[1684U] = 0U;
+  lit.value[1685U] = 0U;
+  lit.value[1686U] = 0U;
+  lit.value[1687U] = 0U;
+  lit.value[1688U] = 0U;
+  lit.value[1689U] = 0U;
+  lit.value[1690U] = 0U;
+  lit.value[1691U] = 0U;
+  lit.value[1692U] = 0U;
+  lit.value[1693U] = 0U;
+  lit.value[1694U] = 0U;
+  lit.value[1695U] = 0U;
+  lit.value[1696U] = 0U;
+  lit.value[1697U] = 0U;
+  lit.value[1698U] = 0U;
+  lit.value[1699U] = 0U;
+  lit.value[1700U] = 0U;
+  lit.value[1701U] = 0U;
+  lit.value[1702U] = 0U;
+  lit.value[1703U] = 0U;
+  lit.value[1704U] = 0U;
+  lit.value[1705U] = 0U;
+  lit.value[1706U] = 0U;
+  lit.value[1707U] = 0U;
+  lit.value[1708U] = 0U;
+  lit.value[1709U] = 0U;
+  lit.value[1710U] = 0U;
+  lit.value[1711U] = 0U;
+  lit.value[1712U] = 0U;
+  lit.value[1713U] = 0U;
+  lit.value[1714U] = 0U;
+  lit.value[1715U] = 0U;
+  lit.value[1716U] = 0U;
+  lit.value[1717U] = 0U;
+  lit.value[1718U] = 0U;
+  lit.value[1719U] = 0U;
+  lit.value[1720U] = 0U;
+  lit.value[1721U] = 0U;
+  lit.value[1722U] = 0U;
+  lit.value[1723U] = 0U;
+  lit.value[1724U] = 0U;
+  lit.value[1725U] = 0U;
+  lit.value[1726U] = 0U;
+  lit.value[1727U] = 0U;
+  lit.value[1728U] = 0U;
+  lit.value[1729U] = 0U;
+  lit.value[1730U] = 0U;
+  lit.value[1731U] = 0U;
+  lit.value[1732U] = 0U;
+  lit.value[1733U] = 0U;
+  lit.value[1734U] = 0U;
+  lit.value[1735U] = 0U;
+  lit.value[1736U] = 0U;
+  lit.value[1737U] = 0U;
+  lit.value[1738U] = 0U;
+  lit.value[1739U] = 0U;
+  lit.value[1740U] = 0U;
+  lit.value[1741U] = 0U;
+  lit.value[1742U] = 0U;
+  lit.value[1743U] = 0U;
+  lit.value[1744U] = 0U;
+  lit.value[1745U] = 0U;
+  lit.value[1746U] = 0U;
+  lit.value[1747U] = 0U;
+  lit.value[1748U] = 0U;
+  lit.value[1749U] = 0U;
+  lit.value[1750U] = 0U;
+  lit.value[1751U] = 0U;
+  lit.value[1752U] = 0U;
+  lit.value[1753U] = 0U;
+  lit.value[1754U] = 0U;
+  lit.value[1755U] = 0U;
+  lit.value[1756U] = 0U;
+  lit.value[1757U] = 0U;
+  lit.value[1758U] = 0U;
+  lit.value[1759U] = 0U;
+  lit.value[1760U] = 0U;
+  lit.value[1761U] = 0U;
+  lit.value[1762U] = 0U;
+  lit.value[1763U] = 0U;
+  lit.value[1764U] = 0U;
+  lit.value[1765U] = 0U;
+  lit.value[1766U] = 0U;
+  lit.value[1767U] = 0U;
+  lit.value[1768U] = 0U;
+  lit.value[1769U] = 0U;
+  lit.value[1770U] = 0U;
+  lit.value[1771U] = 0U;
+  lit.value[1772U] = 0U;
+  lit.value[1773U] = 0U;
+  lit.value[1774U] = 0U;
+  lit.value[1775U] = 0U;
+  lit.value[1776U] = 0U;
+  lit.value[1777U] = 0U;
+  lit.value[1778U] = 0U;
+  lit.value[1779U] = 0U;
+  lit.value[1780U] = 0U;
+  lit.value[1781U] = 0U;
+  lit.value[1782U] = 0U;
+  lit.value[1783U] = 0U;
+  lit.value[1784U] = 0U;
+  lit.value[1785U] = 0U;
+  lit.value[1786U] = 0U;
+  lit.value[1787U] = 0U;
+  lit.value[1788U] = 0U;
+  lit.value[1789U] = 0U;
+  lit.value[1790U] = 0U;
+  lit.value[1791U] = 0U;
+  lit.value[1792U] = 0U;
+  lit.value[1793U] = 0U;
+  lit.value[1794U] = 0U;
+  lit.value[1795U] = 0U;
+  lit.value[1796U] = 0U;
+  lit.value[1797U] = 0U;
+  lit.value[1798U] = 0U;
+  lit.value[1799U] = 0U;
+  lit.value[1800U] = 0U;
+  lit.value[1801U] = 0U;
+  lit.value[1802U] = 0U;
+  lit.value[1803U] = 0U;
+  lit.value[1804U] = 0U;
+  lit.value[1805U] = 0U;
+  lit.value[1806U] = 0U;
+  lit.value[1807U] = 0U;
+  lit.value[1808U] = 0U;
+  lit.value[1809U] = 0U;
+  lit.value[1810U] = 0U;
+  lit.value[1811U] = 0U;
+  lit.value[1812U] = 0U;
+  lit.value[1813U] = 0U;
+  lit.value[1814U] = 0U;
+  lit.value[1815U] = 0U;
+  lit.value[1816U] = 0U;
+  lit.value[1817U] = 0U;
+  lit.value[1818U] = 0U;
+  lit.value[1819U] = 0U;
+  lit.value[1820U] = 0U;
+  lit.value[1821U] = 0U;
+  lit.value[1822U] = 0U;
+  lit.value[1823U] = 0U;
+  lit.value[1824U] = 0U;
+  lit.value[1825U] = 0U;
+  lit.value[1826U] = 0U;
+  lit.value[1827U] = 0U;
+  lit.value[1828U] = 0U;
+  lit.value[1829U] = 0U;
+  lit.value[1830U] = 0U;
+  lit.value[1831U] = 0U;
+  lit.value[1832U] = 0U;
+  lit.value[1833U] = 0U;
+  lit.value[1834U] = 0U;
+  lit.value[1835U] = 0U;
+  lit.value[1836U] = 0U;
+  lit.value[1837U] = 0U;
+  lit.value[1838U] = 0U;
+  lit.value[1839U] = 0U;
+  lit.value[1840U] = 0U;
+  lit.value[1841U] = 0U;
+  lit.value[1842U] = 0U;
+  lit.value[1843U] = 0U;
+  lit.value[1844U] = 0U;
+  lit.value[1845U] = 0U;
+  lit.value[1846U] = 0U;
+  lit.value[1847U] = 0U;
+  lit.value[1848U] = 0U;
+  lit.value[1849U] = 0U;
+  lit.value[1850U] = 0U;
+  lit.value[1851U] = 0U;
+  lit.value[1852U] = 0U;
+  lit.value[1853U] = 0U;
+  lit.value[1854U] = 0U;
+  lit.value[1855U] = 0U;
+  lit.value[1856U] = 0U;
+  lit.value[1857U] = 0U;
+  lit.value[1858U] = 0U;
+  lit.value[1859U] = 0U;
+  lit.value[1860U] = 0U;
+  lit.value[1861U] = 0U;
+  lit.value[1862U] = 0U;
+  lit.value[1863U] = 0U;
+  lit.value[1864U] = 0U;
+  lit.value[1865U] = 0U;
+  lit.value[1866U] = 0U;
+  lit.value[1867U] = 0U;
+  lit.value[1868U] = 0U;
+  lit.value[1869U] = 0U;
+  lit.value[1870U] = 0U;
+  lit.value[1871U] = 0U;
+  lit.value[1872U] = 0U;
+  lit.value[1873U] = 0U;
+  lit.value[1874U] = 0U;
+  lit.value[1875U] = 0U;
+  lit.value[1876U] = 0U;
+  lit.value[1877U] = 0U;
+  lit.value[1878U] = 0U;
+  lit.value[1879U] = 0U;
+  lit.value[1880U] = 0U;
+  lit.value[1881U] = 0U;
+  lit.value[1882U] = 0U;
+  lit.value[1883U] = 0U;
+  lit.value[1884U] = 0U;
+  lit.value[1885U] = 0U;
+  lit.value[1886U] = 0U;
+  lit.value[1887U] = 0U;
+  lit.value[1888U] = 0U;
+  lit.value[1889U] = 0U;
+  lit.value[1890U] = 0U;
+  lit.value[1891U] = 0U;
+  lit.value[1892U] = 0U;
+  lit.value[1893U] = 0U;
+  lit.value[1894U] = 0U;
+  lit.value[1895U] = 0U;
+  lit.value[1896U] = 0U;
+  lit.value[1897U] = 0U;
+  lit.value[1898U] = 0U;
+  lit.value[1899U] = 0U;
+  lit.value[1900U] = 0U;
+  lit.value[1901U] = 0U;
+  lit.value[1902U] = 0U;
+  lit.value[1903U] = 0U;
+  lit.value[1904U] = 0U;
+  lit.value[1905U] = 0U;
+  lit.value[1906U] = 0U;
+  lit.value[1907U] = 0U;
+  lit.value[1908U] = 0U;
+  lit.value[1909U] = 0U;
+  lit.value[1910U] = 0U;
+  lit.value[1911U] = 0U;
+  lit.value[1912U] = 0U;
+  lit.value[1913U] = 0U;
+  lit.value[1914U] = 0U;
+  lit.value[1915U] = 0U;
+  lit.value[1916U] = 0U;
+  lit.value[1917U] = 0U;
+  lit.value[1918U] = 0U;
+  lit.value[1919U] = 0U;
+  lit.value[1920U] = 0U;
+  lit.value[1921U] = 0U;
+  lit.value[1922U] = 0U;
+  lit.value[1923U] = 0U;
+  lit.value[1924U] = 0U;
+  lit.value[1925U] = 0U;
+  lit.value[1926U] = 0U;
+  lit.value[1927U] = 0U;
+  lit.value[1928U] = 0U;
+  lit.value[1929U] = 0U;
+  lit.value[1930U] = 0U;
+  lit.value[1931U] = 0U;
+  lit.value[1932U] = 0U;
+  lit.value[1933U] = 0U;
+  lit.value[1934U] = 0U;
+  lit.value[1935U] = 0U;
+  lit.value[1936U] = 0U;
+  lit.value[1937U] = 0U;
+  lit.value[1938U] = 0U;
+  lit.value[1939U] = 0U;
+  lit.value[1940U] = 0U;
+  lit.value[1941U] = 0U;
+  lit.value[1942U] = 0U;
+  lit.value[1943U] = 0U;
+  lit.value[1944U] = 0U;
+  lit.value[1945U] = 0U;
+  lit.value[1946U] = 0U;
+  lit.value[1947U] = 0U;
+  lit.value[1948U] = 0U;
+  lit.value[1949U] = 0U;
+  lit.value[1950U] = 0U;
+  lit.value[1951U] = 0U;
+  lit.value[1952U] = 0U;
+  lit.value[1953U] = 0U;
+  lit.value[1954U] = 0U;
+  lit.value[1955U] = 0U;
+  lit.value[1956U] = 0U;
+  lit.value[1957U] = 0U;
+  lit.value[1958U] = 0U;
+  lit.value[1959U] = 0U;
+  lit.value[1960U] = 0U;
+  lit.value[1961U] = 0U;
+  lit.value[1962U] = 0U;
+  lit.value[1963U] = 0U;
+  lit.value[1964U] = 0U;
+  lit.value[1965U] = 0U;
+  lit.value[1966U] = 0U;
+  lit.value[1967U] = 0U;
+  lit.value[1968U] = 0U;
+  lit.value[1969U] = 0U;
+  lit.value[1970U] = 0U;
+  lit.value[1971U] = 0U;
+  lit.value[1972U] = 0U;
+  lit.value[1973U] = 0U;
+  lit.value[1974U] = 0U;
+  lit.value[1975U] = 0U;
+  lit.value[1976U] = 0U;
+  lit.value[1977U] = 0U;
+  lit.value[1978U] = 0U;
+  lit.value[1979U] = 0U;
+  lit.value[1980U] = 0U;
+  lit.value[1981U] = 0U;
+  lit.value[1982U] = 0U;
+  lit.value[1983U] = 0U;
+  lit.value[1984U] = 0U;
+  lit.value[1985U] = 0U;
+  lit.value[1986U] = 0U;
+  lit.value[1987U] = 0U;
+  lit.value[1988U] = 0U;
+  lit.value[1989U] = 0U;
+  lit.value[1990U] = 0U;
+  lit.value[1991U] = 0U;
+  lit.value[1992U] = 0U;
+  lit.value[1993U] = 0U;
+  lit.value[1994U] = 0U;
+  lit.value[1995U] = 0U;
+  lit.value[1996U] = 0U;
+  lit.value[1997U] = 0U;
+  lit.value[1998U] = 0U;
+  lit.value[1999U] = 0U;
+  lit.value[2000U] = 0U;
+  lit.value[2001U] = 0U;
+  lit.value[2002U] = 0U;
+  lit.value[2003U] = 0U;
+  lit.value[2004U] = 0U;
+  lit.value[2005U] = 0U;
+  lit.value[2006U] = 0U;
+  lit.value[2007U] = 0U;
+  lit.value[2008U] = 0U;
+  lit.value[2009U] = 0U;
+  lit.value[2010U] = 0U;
+  lit.value[2011U] = 0U;
+  lit.value[2012U] = 0U;
+  lit.value[2013U] = 0U;
+  lit.value[2014U] = 0U;
+  lit.value[2015U] = 0U;
+  lit.value[2016U] = 0U;
+  lit.value[2017U] = 0U;
+  lit.value[2018U] = 0U;
+  lit.value[2019U] = 0U;
+  lit.value[2020U] = 0U;
+  lit.value[2021U] = 0U;
+  lit.value[2022U] = 0U;
+  lit.value[2023U] = 0U;
+  lit.value[2024U] = 0U;
+  lit.value[2025U] = 0U;
+  lit.value[2026U] = 0U;
+  lit.value[2027U] = 0U;
+  lit.value[2028U] = 0U;
+  lit.value[2029U] = 0U;
+  lit.value[2030U] = 0U;
+  lit.value[2031U] = 0U;
+  lit.value[2032U] = 0U;
+  lit.value[2033U] = 0U;
+  lit.value[2034U] = 0U;
+  lit.value[2035U] = 0U;
+  lit.value[2036U] = 0U;
+  lit.value[2037U] = 0U;
+  lit.value[2038U] = 0U;
+  lit.value[2039U] = 0U;
+  lit.value[2040U] = 0U;
+  lit.value[2041U] = 0U;
+  lit.value[2042U] = 0U;
+  lit.value[2043U] = 0U;
+  lit.value[2044U] = 0U;
+  lit.value[2045U] = 0U;
+  lit.value[2046U] = 0U;
+  lit.value[2047U] = 0U;
+  lit.value[2048U] = 0U;
+  lit.value[2049U] = 0U;
+  lit.value[2050U] = 0U;
+  lit.value[2051U] = 0U;
+  lit.value[2052U] = 0U;
+  lit.value[2053U] = 0U;
+  lit.value[2054U] = 0U;
+  lit.value[2055U] = 0U;
+  lit.value[2056U] = 0U;
+  lit.value[2057U] = 0U;
+  lit.value[2058U] = 0U;
+  lit.value[2059U] = 0U;
+  lit.value[2060U] = 0U;
+  lit.value[2061U] = 0U;
+  lit.value[2062U] = 0U;
+  lit.value[2063U] = 0U;
+  lit.value[2064U] = 0U;
+  lit.value[2065U] = 0U;
+  lit.value[2066U] = 0U;
+  lit.value[2067U] = 0U;
+  lit.value[2068U] = 0U;
+  lit.value[2069U] = 0U;
+  lit.value[2070U] = 0U;
+  lit.value[2071U] = 0U;
+  lit.value[2072U] = 0U;
+  lit.value[2073U] = 0U;
+  lit.value[2074U] = 0U;
+  lit.value[2075U] = 0U;
+  lit.value[2076U] = 0U;
+  lit.value[2077U] = 0U;
+  lit.value[2078U] = 0U;
+  lit.value[2079U] = 0U;
+  lit.value[2080U] = 0U;
+  lit.value[2081U] = 0U;
+  lit.value[2082U] = 0U;
+  lit.value[2083U] = 0U;
+  lit.value[2084U] = 0U;
+  lit.value[2085U] = 0U;
+  lit.value[2086U] = 0U;
+  lit.value[2087U] = 0U;
+  lit.value[2088U] = 0U;
+  lit.value[2089U] = 0U;
+  lit.value[2090U] = 0U;
+  lit.value[2091U] = 0U;
+  lit.value[2092U] = 0U;
+  lit.value[2093U] = 0U;
+  lit.value[2094U] = 0U;
+  lit.value[2095U] = 0U;
+  lit.value[2096U] = 0U;
+  lit.value[2097U] = 0U;
+  lit.value[2098U] = 0U;
+  lit.value[2099U] = 0U;
+  lit.value[2100U] = 0U;
+  lit.value[2101U] = 0U;
+  lit.value[2102U] = 0U;
+  lit.value[2103U] = 0U;
+  lit.value[2104U] = 0U;
+  lit.value[2105U] = 0U;
+  lit.value[2106U] = 0U;
+  lit.value[2107U] = 0U;
+  lit.value[2108U] = 0U;
+  lit.value[2109U] = 0U;
+  lit.value[2110U] = 0U;
+  lit.value[2111U] = 0U;
+  lit.value[2112U] = 0U;
+  lit.value[2113U] = 0U;
+  lit.value[2114U] = 0U;
+  lit.value[2115U] = 0U;
+  lit.value[2116U] = 0U;
+  lit.value[2117U] = 0U;
+  lit.value[2118U] = 0U;
+  lit.value[2119U] = 0U;
+  lit.value[2120U] = 0U;
+  lit.value[2121U] = 0U;
+  lit.value[2122U] = 0U;
+  lit.value[2123U] = 0U;
+  lit.value[2124U] = 0U;
+  lit.value[2125U] = 0U;
+  lit.value[2126U] = 0U;
+  lit.value[2127U] = 0U;
+  lit.value[2128U] = 0U;
+  lit.value[2129U] = 0U;
+  lit.value[2130U] = 0U;
+  lit.value[2131U] = 0U;
+  lit.value[2132U] = 0U;
+  lit.value[2133U] = 0U;
+  lit.value[2134U] = 0U;
+  lit.value[2135U] = 0U;
+  lit.value[2136U] = 0U;
+  lit.value[2137U] = 0U;
+  lit.value[2138U] = 0U;
+  lit.value[2139U] = 0U;
+  lit.value[2140U] = 0U;
+  lit.value[2141U] = 0U;
+  lit.value[2142U] = 0U;
+  lit.value[2143U] = 0U;
+  lit.value[2144U] = 0U;
+  lit.value[2145U] = 0U;
+  lit.value[2146U] = 0U;
+  lit.value[2147U] = 0U;
+  lit.value[2148U] = 0U;
+  lit.value[2149U] = 0U;
+  lit.value[2150U] = 0U;
+  lit.value[2151U] = 0U;
+  lit.value[2152U] = 0U;
+  lit.value[2153U] = 0U;
+  lit.value[2154U] = 0U;
+  lit.value[2155U] = 0U;
+  lit.value[2156U] = 0U;
+  lit.value[2157U] = 0U;
+  lit.value[2158U] = 0U;
+  lit.value[2159U] = 0U;
+  lit.value[2160U] = 0U;
+  lit.value[2161U] = 0U;
+  lit.value[2162U] = 0U;
+  lit.value[2163U] = 0U;
+  lit.value[2164U] = 0U;
+  lit.value[2165U] = 0U;
+  lit.value[2166U] = 0U;
+  lit.value[2167U] = 0U;
+  lit.value[2168U] = 0U;
+  lit.value[2169U] = 0U;
+  lit.value[2170U] = 0U;
+  lit.value[2171U] = 0U;
+  lit.value[2172U] = 0U;
+  lit.value[2173U] = 0U;
+  lit.value[2174U] = 0U;
+  lit.value[2175U] = 0U;
+  lit.value[2176U] = 0U;
+  lit.value[2177U] = 0U;
+  lit.value[2178U] = 0U;
+  lit.value[2179U] = 0U;
+  lit.value[2180U] = 0U;
+  lit.value[2181U] = 0U;
+  lit.value[2182U] = 0U;
+  lit.value[2183U] = 0U;
+  lit.value[2184U] = 0U;
+  lit.value[2185U] = 0U;
+  lit.value[2186U] = 0U;
+  lit.value[2187U] = 0U;
+  lit.value[2188U] = 0U;
+  lit.value[2189U] = 0U;
+  lit.value[2190U] = 0U;
+  lit.value[2191U] = 0U;
+  lit.value[2192U] = 0U;
+  lit.value[2193U] = 0U;
+  lit.value[2194U] = 0U;
+  lit.value[2195U] = 0U;
+  lit.value[2196U] = 0U;
+  lit.value[2197U] = 0U;
+  lit.value[2198U] = 0U;
+  lit.value[2199U] = 0U;
+  lit.value[2200U] = 0U;
+  lit.value[2201U] = 0U;
+  lit.value[2202U] = 0U;
+  lit.value[2203U] = 0U;
+  lit.value[2204U] = 0U;
+  lit.value[2205U] = 0U;
+  lit.value[2206U] = 0U;
+  lit.value[2207U] = 0U;
+  lit.value[2208U] = 0U;
+  lit.value[2209U] = 0U;
+  lit.value[2210U] = 0U;
+  lit.value[2211U] = 0U;
+  lit.value[2212U] = 0U;
+  lit.value[2213U] = 0U;
+  lit.value[2214U] = 0U;
+  lit.value[2215U] = 0U;
+  lit.value[2216U] = 0U;
+  lit.value[2217U] = 0U;
+  lit.value[2218U] = 0U;
+  lit.value[2219U] = 0U;
+  lit.value[2220U] = 0U;
+  lit.value[2221U] = 0U;
+  lit.value[2222U] = 0U;
+  lit.value[2223U] = 0U;
+  lit.value[2224U] = 0U;
+  lit.value[2225U] = 0U;
+  lit.value[2226U] = 0U;
+  lit.value[2227U] = 0U;
+  lit.value[2228U] = 0U;
+  lit.value[2229U] = 0U;
+  lit.value[2230U] = 0U;
+  lit.value[2231U] = 0U;
+  lit.value[2232U] = 0U;
+  lit.value[2233U] = 0U;
+  lit.value[2234U] = 0U;
+  lit.value[2235U] = 0U;
+  lit.value[2236U] = 0U;
+  lit.value[2237U] = 0U;
+  lit.value[2238U] = 0U;
+  lit.value[2239U] = 0U;
+  lit.value[2240U] = 0U;
+  lit.value[2241U] = 0U;
+  lit.value[2242U] = 0U;
+  lit.value[2243U] = 0U;
+  lit.value[2244U] = 0U;
+  lit.value[2245U] = 0U;
+  lit.value[2246U] = 0U;
+  lit.value[2247U] = 0U;
+  lit.value[2248U] = 0U;
+  lit.value[2249U] = 0U;
+  lit.value[2250U] = 0U;
+  lit.value[2251U] = 0U;
+  lit.value[2252U] = 0U;
+  lit.value[2253U] = 0U;
+  lit.value[2254U] = 0U;
+  lit.value[2255U] = 0U;
+  lit.value[2256U] = 0U;
+  lit.value[2257U] = 0U;
+  lit.value[2258U] = 0U;
+  lit.value[2259U] = 0U;
+  lit.value[2260U] = 0U;
+  lit.value[2261U] = 0U;
+  lit.value[2262U] = 0U;
+  lit.value[2263U] = 0U;
+  lit.value[2264U] = 0U;
+  lit.value[2265U] = 0U;
+  lit.value[2266U] = 0U;
+  lit.value[2267U] = 0U;
+  lit.value[2268U] = 0U;
+  lit.value[2269U] = 0U;
+  lit.value[2270U] = 0U;
+  lit.value[2271U] = 0U;
+  lit.value[2272U] = 0U;
+  lit.value[2273U] = 0U;
+  lit.value[2274U] = 0U;
+  lit.value[2275U] = 0U;
+  lit.value[2276U] = 0U;
+  lit.value[2277U] = 0U;
+  lit.value[2278U] = 0U;
+  lit.value[2279U] = 0U;
+  lit.value[2280U] = 0U;
+  lit.value[2281U] = 0U;
+  lit.value[2282U] = 0U;
+  lit.value[2283U] = 0U;
+  lit.value[2284U] = 0U;
+  lit.value[2285U] = 0U;
+  lit.value[2286U] = 0U;
+  lit.value[2287U] = 0U;
+  lit.value[2288U] = 0U;
+  lit.value[2289U] = 0U;
+  lit.value[2290U] = 0U;
+  lit.value[2291U] = 0U;
+  lit.value[2292U] = 0U;
+  lit.value[2293U] = 0U;
+  lit.value[2294U] = 0U;
+  lit.value[2295U] = 0U;
+  lit.value[2296U] = 0U;
+  lit.value[2297U] = 0U;
+  lit.value[2298U] = 0U;
+  lit.value[2299U] = 0U;
+  lit.value[2300U] = 0U;
+  lit.value[2301U] = 0U;
+  lit.value[2302U] = 0U;
+  lit.value[2303U] = 0U;
+  lit.value[2304U] = 0U;
+  lit.value[2305U] = 0U;
+  lit.value[2306U] = 0U;
+  lit.value[2307U] = 0U;
+  lit.value[2308U] = 0U;
+  lit.value[2309U] = 0U;
+  lit.value[2310U] = 0U;
+  lit.value[2311U] = 0U;
+  lit.value[2312U] = 0U;
+  lit.value[2313U] = 0U;
+  lit.value[2314U] = 0U;
+  lit.value[2315U] = 0U;
+  lit.value[2316U] = 0U;
+  lit.value[2317U] = 0U;
+  lit.value[2318U] = 0U;
+  lit.value[2319U] = 0U;
+  lit.value[2320U] = 0U;
+  lit.value[2321U] = 0U;
+  lit.value[2322U] = 0U;
+  lit.value[2323U] = 0U;
+  lit.value[2324U] = 0U;
+  lit.value[2325U] = 0U;
+  lit.value[2326U] = 0U;
+  lit.value[2327U] = 0U;
+  lit.value[2328U] = 0U;
+  lit.value[2329U] = 0U;
+  lit.value[2330U] = 0U;
+  lit.value[2331U] = 0U;
+  lit.value[2332U] = 0U;
+  lit.value[2333U] = 0U;
+  lit.value[2334U] = 0U;
+  lit.value[2335U] = 0U;
+  lit.value[2336U] = 0U;
+  lit.value[2337U] = 0U;
+  lit.value[2338U] = 0U;
+  lit.value[2339U] = 0U;
+  lit.value[2340U] = 0U;
+  lit.value[2341U] = 0U;
+  lit.value[2342U] = 0U;
+  lit.value[2343U] = 0U;
+  lit.value[2344U] = 0U;
+  lit.value[2345U] = 0U;
+  lit.value[2346U] = 0U;
+  lit.value[2347U] = 0U;
+  lit.value[2348U] = 0U;
+  lit.value[2349U] = 0U;
+  lit.value[2350U] = 0U;
+  lit.value[2351U] = 0U;
+  lit.value[2352U] = 0U;
+  lit.value[2353U] = 0U;
+  lit.value[2354U] = 0U;
+  lit.value[2355U] = 0U;
+  lit.value[2356U] = 0U;
+  lit.value[2357U] = 0U;
+  lit.value[2358U] = 0U;
+  lit.value[2359U] = 0U;
+  lit.value[2360U] = 0U;
+  lit.value[2361U] = 0U;
+  lit.value[2362U] = 0U;
+  lit.value[2363U] = 0U;
+  lit.value[2364U] = 0U;
+  lit.value[2365U] = 0U;
+  lit.value[2366U] = 0U;
+  lit.value[2367U] = 0U;
+  lit.value[2368U] = 0U;
+  lit.value[2369U] = 0U;
+  lit.value[2370U] = 0U;
+  lit.value[2371U] = 0U;
+  lit.value[2372U] = 0U;
+  lit.value[2373U] = 0U;
+  lit.value[2374U] = 0U;
+  lit.value[2375U] = 0U;
+  lit.value[2376U] = 0U;
+  lit.value[2377U] = 0U;
+  lit.value[2378U] = 0U;
+  lit.value[2379U] = 0U;
+  lit.value[2380U] = 0U;
+  lit.value[2381U] = 0U;
+  lit.value[2382U] = 0U;
+  lit.value[2383U] = 0U;
+  lit.value[2384U] = 0U;
+  lit.value[2385U] = 0U;
+  lit.value[2386U] = 0U;
+  lit.value[2387U] = 0U;
+  lit.value[2388U] = 0U;
+  lit.value[2389U] = 0U;
+  lit.value[2390U] = 0U;
+  lit.value[2391U] = 0U;
+  lit.value[2392U] = 0U;
+  lit.value[2393U] = 0U;
+  lit.value[2394U] = 0U;
+  lit.value[2395U] = 0U;
+  lit.value[2396U] = 0U;
+  lit.value[2397U] = 0U;
+  lit.value[2398U] = 0U;
+  lit.value[2399U] = 0U;
+  return lit;
+}
+
 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {
   uint8_t value[1088U];
 } libcrux_ml_kem_mlkem768_MlKem768Ciphertext;
@@ -237,15 +2661,15 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s {
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
+A monomorphic instance of libcrux_ml_kem.types.from_5f
 with const generics
 - SIZE= 1184
 */
 static inline libcrux_ml_kem_types_MlKemPublicKey_30
-libcrux_ml_kem_types_from_5a_d0(uint8_t value[1184U]) {
+libcrux_ml_kem_types_from_5f_d0(uint8_t value[1184U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1184U];
   memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
@@ -254,15 +2678,6 @@ libcrux_ml_kem_types_from_5a_d0(uint8_t value[1184U]) {
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
-with const generics
-- $2400size_t
-*/
-typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s {
-  uint8_t value[2400U];
-} libcrux_ml_kem_types_MlKemPrivateKey_d9;
-
 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
   libcrux_ml_kem_types_MlKemPrivateKey_d9 sk;
   libcrux_ml_kem_types_MlKemPublicKey_30 pk;
@@ -287,15 +2702,15 @@ libcrux_ml_kem_types_from_3a_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk,
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 2400
 */
 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
-libcrux_ml_kem_types_from_7f_28(uint8_t value[2400U]) {
+libcrux_ml_kem_types_from_9a_28(uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
   memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
@@ -351,15 +2766,15 @@ typedef struct tuple_c2_s {
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 1088
 */
 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
-libcrux_ml_kem_types_from_01_80(uint8_t value[1088U]) {
+libcrux_ml_kem_types_from_00_80(uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
   memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
@@ -381,6 +2796,25 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_d0(
   return self->value;
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE uint8_t libcrux_ml_kem_utils_prf_input_inc_e0(
+    uint8_t (*prf_inputs)[33U], uint8_t domain_separator) {
+  uint8_t ret[3U][33U];
+  core_array___core__clone__Clone_for__Array_T__N___20__clone(
+      (size_t)3U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[3U][33U], void *);
+  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+    size_t i0 = i;
+    prf_inputs[i0][32U] = domain_separator;
+    domain_separator = (uint32_t)domain_separator + 1U;
+  }
+  return domain_separator;
+}
+
 /**
  Pad the `slice` with `0`s at the end.
 */
@@ -421,14 +2855,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_b6(
 
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 1088
 */
-static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_80(
+static inline Eurydice_slice libcrux_ml_kem_types_as_ref_43_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
@@ -471,6 +2905,45 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24(
   memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
 }
 
+typedef struct Eurydice_slice_uint8_t_x4_s {
+  Eurydice_slice fst;
+  Eurydice_slice snd;
+  Eurydice_slice thd;
+  Eurydice_slice f3;
+} Eurydice_slice_uint8_t_x4;
+
+typedef struct Eurydice_slice_uint8_t_x2_s {
+  Eurydice_slice fst;
+  Eurydice_slice snd;
+} Eurydice_slice_uint8_t_x2;
+
+/**
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+static inline Eurydice_slice_uint8_t_x4
+libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_secret_key = uu____0.fst;
+  Eurydice_slice secret_key0 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key = uu____1.fst;
+  Eurydice_slice secret_key = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
+      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
+  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key,
+                                              .snd = ind_cpa_public_key,
+                                              .thd = ind_cpa_public_key_hash,
+                                              .f3 = implicit_rejection_value});
+}
+
 /**
 A monomorphic instance of core.result.Result
 with types int16_t[16size_t], core_array_TryFromSliceError
@@ -539,11 +3012,6 @@ static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) {
   }
 }
 
-typedef struct Eurydice_slice_uint8_t_x2_s {
-  Eurydice_slice fst;
-  Eurydice_slice snd;
-} Eurydice_slice_uint8_t_x2;
-
 typedef struct Eurydice_slice_uint8_t_1size_t__x2_s {
   Eurydice_slice fst[1U];
   Eurydice_slice snd[1U];
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index fa8a05d78..61a11d366 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 7081e1242..3281a201c 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -22,9 +22,7 @@ extern "C" {
 #include "intrinsics/libcrux_intrinsics_avx2.h"
 #include "libcrux_core.h"
 #include "libcrux_ct_ops.h"
-#include "libcrux_mlkem768_avx2_types.h"
 #include "libcrux_mlkem768_portable.h"
-#include "libcrux_mlkem768_portable_types.h"
 #include "libcrux_sha3_avx2.h"
 #include "libcrux_sha3_portable.h"
 
@@ -46,6 +44,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(
   memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
 }
 
+typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector;
+
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) {
   return libcrux_intrinsics_avx2_mm256_setzero_si256();
@@ -1830,6 +1830,15 @@ static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_rej_sample_09(
   return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+
+*/
+typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s {
+  __m256i coefficients[16U];
+} libcrux_ml_kem_polynomial_PolynomialRingElement_f6;
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -1932,6 +1941,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63;
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types
@@ -2651,11 +2670,12 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_61(
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
 - COMPRESSION_FACTOR= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_42(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
     Eurydice_slice serialized) {
   return libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(serialized);
 }
@@ -3043,7 +3063,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
                                                              d_u) */
                                                           ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_42(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
           Eurydice_array_to_subslice_from(
               (size_t)1088U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -3133,6 +3153,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
   libcrux_ml_kem_hash_functions_avx2_PRF_9e(input, ret);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U];
+  uint8_t seed_for_A[32U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63;
+
 /**
 This function found in impl {(core::default::Default for
 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked<Vector,
@@ -3678,6 +3710,54 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_6c(
   }
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_fa(
+    Eurydice_slice public_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+        *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
+      uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key, (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+    libcrux_ml_kem_ind_cpa_build_unpacked_public_key_fa(
+        Eurydice_slice public_key) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
+  libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_fa(public_key,
+                                                          &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of K.
 with types libcrux_ml_kem_polynomial_PolynomialRingElement
@@ -3938,13 +4018,8 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b4(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    size_t i0 = i;
-    prf_inputs[i0][32U] = domain_separator;
-    domain_separator = (uint32_t)domain_separator + 1U;
-  }
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4028,13 +4103,8 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    size_t i0 = i;
-    prf_inputs[i0][32U] = domain_separator;
-    domain_separator = (uint32_t)domain_separator + 1U;
-  }
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4885,12 +4955,13 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_61(
 A monomorphic instance of
 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
   libcrux_ml_kem_serialize_compress_then_serialize_4_61(re, out);
 }
@@ -4974,7 +5045,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
                                            uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78(
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -5002,30 +5073,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_74(
     Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness,
     uint8_t ret[1088U]) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
-      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)1152U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____0, ret0, false);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____1 =
+      unpacked_public_key =
+          libcrux_ml_kem_ind_cpa_build_unpacked_public_key_fa(public_key);
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____0 =
       &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(uu____1, copy_of_message,
-                                             randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret0[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(uu____0, copy_of_message,
+                                             randomness, ret0);
+  memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -5075,20 +5133,13 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a1(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
-      (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   libcrux_ml_kem_ind_cpa_decrypt_2f(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
@@ -5103,29 +5154,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a1(
   uint8_t hashed[64U];
   libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
   libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_74(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_74(uu____3, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_variant_kdf_d8_ae(
@@ -5136,7 +5187,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a1(
   libcrux_ml_kem_variant_kdf_d8_ae(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5311,7 +5362,7 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_70(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   libcrux_ml_kem_variant_kdf_d8_ae(shared_secret, &ciphertext0,
                                    shared_secret_array);
@@ -5712,39 +5763,35 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
-libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 - PRIVATE_KEY_SIZE= 1152
 - PUBLIC_KEY_SIZE= 1184
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab();
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
-      key_generation_seed, &private_key, &public_key);
+static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
+libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
   libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ
                                                     mod^{+}q) || ρ) */
-                                                 public_key.t_as_ntt,
+                                                 public_key->t_as_ntt,
                                                  Eurydice_array_to_slice(
                                                      (size_t)32U,
-                                                     public_key.seed_for_A,
+                                                     public_key->seed_for_A,
                                                      uint8_t),
                                                  public_key_serialized);
   uint8_t secret_key_serialized[1152U];
   libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q)
                                                   */
-                                                 private_key.secret_as_ntt,
+                                                 private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5763,19 +5810,44 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+with const generics
+- K= 3
+- PRIVATE_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- ETA1= 2
+- ETA1_RANDOMNESS_SIZE= 128
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
+libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab();
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
+      key_generation_seed, &private_key, &public_key);
+  return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(&public_key,
+                                                                 &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_ae(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
-  uint8_t out[2400U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -5784,7 +5856,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -5794,13 +5866,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -5809,6 +5882,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 3
+- SERIALIZED_KEY_LEN= 2400
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
+  uint8_t out[2400U] = {0U};
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_ae(
+      private_key, public_key, implicit_rejection_value, out);
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
@@ -5851,18 +5940,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_d6(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
-      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_28(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_74(
-      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
-/**
- Portable generate key pair.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -5980,20 +6066,13 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a10(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
-      (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   libcrux_ml_kem_ind_cpa_decrypt_2f(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
@@ -6008,29 +6087,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a10(
   uint8_t hashed[64U];
   libcrux_ml_kem_hash_functions_avx2_G_a9_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
   libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_74(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_74(uu____3, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_variant_kdf_33_ae(
@@ -6041,7 +6120,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a10(
   libcrux_ml_kem_variant_kdf_33_ae(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6200,7 +6279,7 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_700(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   libcrux_ml_kem_variant_kdf_33_ae(shared_secret, &ciphertext0,
                                    shared_secret_array);
@@ -6392,34 +6471,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb0(
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab();
   libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
       key_generation_seed, &private_key, &public_key);
-  uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ
-                                                    mod^{+}q) || ρ) */
-                                                 public_key.t_as_ntt,
-                                                 Eurydice_array_to_slice(
-                                                     (size_t)32U,
-                                                     public_key.seed_for_A,
-                                                     uint8_t),
-                                                 public_key_serialized);
-  uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q)
-                                                  */
-                                                 private_key.secret_as_ntt,
-                                                 secret_key_serialized);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_secret_key_serialized[1152U];
-  memcpy(copy_of_secret_key_serialized, secret_key_serialized,
-         (size_t)1152U * sizeof(uint8_t));
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_public_key_serialized[1184U];
-  memcpy(copy_of_public_key_serialized, public_key_serialized,
-         (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
-         (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
-         (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(&public_key,
+                                                                 &private_key);
 }
 
 /**
@@ -6461,13 +6514,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
-      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_28(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_74(
-      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
 /**
@@ -6529,17 +6582,15 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 - SECRET_KEY_SIZE= 2400
-- CIPHERTEXT_SIZE= 1088
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12(
-    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
       Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
@@ -6556,6 +6607,21 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CIPHERTEXT_SIZE= 1088
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_avx2 with const
@@ -6603,6 +6669,32 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
       private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
+generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_only_41(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_only_41(
+      private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with
@@ -6712,6 +6804,34 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
       public_key->value);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63
+      ind_cpa_private_key;
+  uint8_t implicit_rejection_value[32U];
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63;
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 ind_cpa_public_key;
+  uint8_t public_key_hash[32U];
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63;
+
+typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 private_key;
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 public_key;
+} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked;
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6768,7 +6888,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_12(
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_41(
@@ -6784,7 +6904,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_12(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+          libcrux_ml_kem_types_as_ref_43_80(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -6824,9 +6944,6 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_avx2_35(
   libcrux_ml_kem_ind_cca_unpacked_decapsulate_12(key_pair, ciphertext, ret);
 }
 
-/**
- Unpacked decapsulate
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.decapsulate with const
@@ -6929,7 +7046,7 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_70(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -6972,9 +7089,6 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_avx2_cd(
                                                         copy_of_randomness);
 }
 
-/**
- Unpacked encapsulate
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.encapsulate with const
@@ -7192,9 +7306,6 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_avx2_c6(
   libcrux_ml_kem_ind_cca_unpacked_generate_keypair_d6(copy_of_randomness, out);
 }
 
-/**
- Generate a key pair
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.generate_keypair with const
@@ -7223,7 +7334,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c6(
  Generate ML-KEM 768 Key Pair in "unpacked" form.
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
+static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) {
   /* Passing arrays by value in Rust generates a copy in C */
@@ -7339,6 +7450,22 @@ static KRML_MUSTINLINE
           .public_key = libcrux_ml_kem_ind_cca_unpacked_default_09_ab()});
 }
 
+/**
+ Generate ML-KEM 768 Key Pair in "unpacked" form.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
+libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
+    uint8_t randomness[64U]) {
+  libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair =
+      libcrux_ml_kem_ind_cca_unpacked_default_53_ab();
+  uint8_t uu____0[64U];
+  memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t));
+  libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(uu____0,
+                                                              &key_pair);
+  return key_pair;
+}
+
 /**
  Create a new, empty unpacked key.
 */
@@ -7358,36 +7485,409 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]#3}
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_30 with types
-libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
 - K= 3
-- RANKED_BYTES_PER_RING_ELEMENT= 1152
-- PUBLIC_KEY_SIZE= 1184
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_ed(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self,
-    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(
-      self->ind_cpa_public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
-                              uint8_t),
-      serialized->value);
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_sampling_sample_from_xof_closure_b3(int16_t s[272U]) {
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
+      Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b3(
+    uint8_t seeds[3U][34U],
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
+  size_t sampled_coefficients[3U] = {0U};
+  int16_t out[3U][272U] = {{0U}};
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seeds[3U][34U];
+  memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
+  libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state =
+      libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_e0(
+          copy_of_seeds);
+  uint8_t randomness0[3U][504U];
+  libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_e0(
+      &xof_state, randomness0);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness0[3U][504U];
+  memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
+  bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
+      copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
+  while (true) {
+    if (done) {
+      break;
+    } else {
+      uint8_t randomness[3U][168U];
+      libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_e0(
+          &xof_state, randomness);
+      /* Passing arrays by value in Rust generates a copy in C */
+      uint8_t copy_of_randomness[3U][168U];
+      memcpy(copy_of_randomness, randomness,
+             (size_t)3U * sizeof(uint8_t[168U]));
+      done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed0(
+          copy_of_randomness, sampled_coefficients, out);
+    }
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  int16_t copy_of_out[3U][272U];
+  memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[3U];
+  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+    ret0[i] =
+        libcrux_ml_kem_sampling_sample_from_xof_closure_b3(copy_of_out[i]);
+  }
+  memcpy(
+      ret, ret0,
+      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b3(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[3U],
+    uint8_t seed[34U], bool transpose) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
+    size_t i1 = i0;
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_seed[34U];
+    memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+    uint8_t seeds[3U][34U];
+    for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+      memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));
+    }
+    for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
+      size_t j = i;
+      seeds[j][32U] = (uint8_t)i1;
+      seeds[j][33U] = (uint8_t)j;
+    }
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_seeds[3U][34U];
+    memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[3U];
+    libcrux_ml_kem_sampling_sample_from_xof_b3(copy_of_seeds, sampled);
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)3U, sampled,
+                     libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
+         i++) {
+      size_t j = i;
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
+      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        A_transpose[j][i1] = sample;
+      } else {
+        A_transpose[i1][j] = sample;
+      }
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf(
+    Eurydice_slice public_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
+        *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
+      uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key, (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_b3(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- BYTES_PER_RING_ELEMENT= 1152
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) {
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
+  Eurydice_slice ind_cpa_secret_key = uu____0.fst;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
+  Eurydice_slice uu____1 = Eurydice_array_to_slice(
+      (size_t)3U,
+      /* XXX: We need to copy_from_slice here because karamel can't handle the
+         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
+      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U];
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, ret);
+  Eurydice_slice_copy(
+      uu____1,
+      Eurydice_array_to_slice(
+          (size_t)3U, ret, libcrux_ml_kem_polynomial_PolynomialRingElement_f6),
+      libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
+  libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf(
+      ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key);
+  Eurydice_slice_copy(
+      Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash,
+                              uint8_t),
+      ind_cpa_public_key_hash, uint8_t);
+  Eurydice_slice_copy(
+      Eurydice_array_to_slice(
+          (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t),
+      implicit_rejection_value, uint8_t);
+  Eurydice_slice uu____2 = Eurydice_array_to_slice(
+      (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A, uint8_t);
+  Eurydice_slice_copy(uu____2,
+                      Eurydice_slice_subslice_from(
+                          ind_cpa_public_key, (size_t)1152U, uint8_t, size_t),
+                      uint8_t);
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
-K>[TraitClause@0, TraitClause@1]#4}
-*/
-/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.keypair_from_private_key
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- BYTES_PER_RING_ELEMENT= 1152
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_keypair_from_private_key_ce(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) {
+  libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(private_key,
+                                                           key_pair);
+}
+
+/**
+ Get an unpacked key from a private key.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void
+libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_from_private_mut(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) {
+  libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_keypair_from_private_key_ce(
+      private_key, key_pair);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_fc with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
+- CPA_PRIVATE_KEY_SIZE= 1152
+- PRIVATE_KEY_SIZE= 2400
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_fc_2f(
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) {
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
+      libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(
+          &self->public_key.ind_cpa_public_key,
+          &self->private_key.ind_cpa_private_key);
+  uint8_t ind_cpa_private_key[1152U];
+  memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
+  uint8_t ind_cpa_public_key[1184U];
+  memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
+      Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
+      Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t),
+      Eurydice_array_to_slice(
+          (size_t)32U, self->private_key.implicit_rejection_value, uint8_t),
+      serialized->value);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_fc with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
+- CPA_PRIVATE_KEY_SIZE= 1152
+- PRIVATE_KEY_SIZE= 2400
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9
+libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_fc_2f(
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 sk =
+      libcrux_ml_kem_types_default_24_28();
+  libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_fc_2f(self, &sk);
+  return sk;
+}
+
+/**
+ Get the serialized private key.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
+libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_private_key(
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) {
+  return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_fc_2f(key_pair);
+}
+
+/**
+ Get the serialized private key.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void
+libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_private_key_mut(
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_fc_2f(key_pair,
+                                                                   serialized);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#3}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_30
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_ind_cca_unpacked_serialized_30_ed(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self) {
+  uint8_t ret[1184U];
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
+      self->ind_cpa_public_key.t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
+                              uint8_t),
+      ret);
+  return libcrux_ml_kem_types_from_5f_d0(ret);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_fc with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_fc_ed(
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
+  return libcrux_ml_kem_ind_cca_unpacked_serialized_30_ed(&self->public_key);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) {
+  return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_fc_ed(key_pair);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#3}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_30
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_ed(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self,
+    libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
+  libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(
+      self->ind_cpa_public_key.t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
+                              uint8_t),
+      serialized->value);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_fc with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
@@ -7400,16 +7900,13 @@ static KRML_MUSTINLINE void
 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_ed(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_ed(
-      &self->public_key, serialized);
+  libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_ed(&self->public_key,
+                                                       serialized);
 }
 
-/**
- Get the serialized public key.
-*/
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
-libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
+libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key_mut(
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
   libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_ed(key_pair,
@@ -7509,15 +8006,11 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
   pk[0U] = uu____0;
 }
 
-/**
- Get the serialized public key.
-*/
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_ed(public_key,
-                                                                  serialized);
+  libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_ed(public_key, serialized);
 }
 
 /**
@@ -7564,9 +8057,6 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_6d(
          (size_t)32U * sizeof(uint8_t));
 }
 
-/**
- Get the unpacked public key.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.unpack_public_key_avx2 with
@@ -7586,9 +8076,6 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_avx2_a5(
                                                        unpacked_public_key);
 }
 
-/**
- Get the unpacked public key.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.unpack_public_key with const
@@ -7629,6 +8116,9 @@ static inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) {
   return self[0U];
 }
 
+typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
+    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked;
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 2762b7488..34d13c6e3 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -21,7 +21,6 @@ extern "C" {
 #include "eurydice_glue.h"
 #include "libcrux_core.h"
 #include "libcrux_ct_ops.h"
-#include "libcrux_mlkem768_portable_types.h"
 #include "libcrux_sha3_portable.h"
 
 #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U)
@@ -106,6 +105,10 @@ static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) {
 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
   (62209U)
 
+typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s {
+  int16_t elements[16U];
+} libcrux_ml_kem_vector_portable_vector_type_PortableVector;
+
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
     Eurydice_slice array) {
@@ -2544,6 +2547,15 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_30
    LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE +              \
    LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+
+*/
+typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s {
+  libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
+} libcrux_ml_kem_polynomial_PolynomialRingElement_1d;
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -2644,6 +2656,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0;
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types
@@ -2690,9 +2712,9 @@ generics
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ef(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
-      v);
+      a);
 }
 
 /**
@@ -2761,9 +2783,9 @@ generics
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_c4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_c4(
-      v);
+      a);
 }
 
 /**
@@ -3074,9 +3096,9 @@ generics
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_d1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
-      v);
+      a);
 }
 
 /**
@@ -3138,9 +3160,9 @@ generics
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_f4(
-      v);
+      a);
 }
 
 /**
@@ -3173,10 +3195,11 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c(
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 3
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d0(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
     Eurydice_slice serialized) {
   return libcrux_ml_kem_serialize_deserialize_then_decompress_4_8c(serialized);
 }
@@ -3577,7 +3600,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
                                                              d_u) */
                                                           ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d0(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
           Eurydice_array_to_subslice_from(
               (size_t)1088U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -3663,6 +3686,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
   libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U];
+  uint8_t seed_for_A[32U];
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
+} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0;
+
 /**
 This function found in impl {(core::default::Default for
 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked<Vector,
@@ -4197,6 +4232,54 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b(
   }
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
+    Eurydice_slice public_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
+        *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
+      uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key, (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
+    libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(
+        Eurydice_slice public_key) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
+      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
+  libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(public_key,
+                                                          &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of K.
 with types libcrux_ml_kem_polynomial_PolynomialRingElement
@@ -4436,13 +4519,8 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    size_t i0 = i;
-    prf_inputs[i0][32U] = domain_separator;
-    domain_separator = (uint32_t)domain_separator + 1U;
-  }
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   libcrux_ml_kem_hash_functions_portable_PRFxN_f1_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4526,13 +4604,8 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t prf_input[33U],
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
   }
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    size_t i0 = i;
-    prf_inputs[i0][32U] = domain_separator;
-    domain_separator = (uint32_t)domain_separator + 1U;
-  }
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   libcrux_ml_kem_hash_functions_portable_PRFxN_f1_41(prf_inputs, prf_outputs);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -5116,11 +5189,12 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8c(
 A monomorphic instance of
 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 3
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
   libcrux_ml_kem_serialize_compress_then_serialize_4_8c(re, out);
 }
@@ -5204,7 +5278,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
                                            uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
-  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff(
+  libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -5232,30 +5306,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_2a(
     Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness,
     uint8_t ret[1088U]) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-      unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
-  libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)1152U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____0, ret0, false);
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 =
+      unpacked_public_key =
+          libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(public_key);
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____0 =
       &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(uu____1, copy_of_message,
-                                             randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret0[1088U];
+  libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(uu____0, copy_of_message,
+                                             randomness, ret0);
+  memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -5303,20 +5364,13 @@ libcrux_ml_kem_variant_MlKem with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
-      (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
@@ -5331,29 +5385,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62(
   uint8_t hashed[64U];
   libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
   libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____3, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_variant_kdf_d8_d6(
@@ -5364,7 +5418,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62(
   libcrux_ml_kem_variant_kdf_d8_d6(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5506,7 +5560,7 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   libcrux_ml_kem_variant_kdf_d8_d6(shared_secret, &ciphertext0,
                                    shared_secret_array);
@@ -5871,38 +5925,34 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
-libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
-libcrux_ml_kem_variant_MlKem with const generics
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
 - K= 3
 - PRIVATE_KEY_SIZE= 1152
 - PUBLIC_KEY_SIZE= 1184
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b();
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
-      libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
-  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
-      key_generation_seed, &private_key, &public_key);
+static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
+libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
+    libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
   libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ
                                                     mod^{+}q) || ρ) */
-                                                 public_key.t_as_ntt,
+                                                 public_key->t_as_ntt,
                                                  Eurydice_array_to_slice(
                                                      (size_t)32U,
-                                                     public_key.seed_for_A,
+                                                     public_key->seed_for_A,
                                                      uint8_t),
                                                  public_key_serialized);
   uint8_t secret_key_serialized[1152U];
   libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q)
                                                   */
-                                                 private_key.secret_as_ntt,
+                                                 private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5921,18 +5971,42 @@ libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
+libcrux_ml_kem_variant_MlKem with const generics
+- K= 3
+- PRIVATE_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- ETA1= 2
+- ETA1_RANDOMNESS_SIZE= 128
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
+libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b();
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
+      libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
+  libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
+      key_generation_seed, &private_key, &public_key);
+  return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(&public_key,
+                                                                 &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
-  uint8_t out[2400U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -5941,7 +6015,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -5951,13 +6025,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  libcrux_ml_kem_hash_functions_portable_H_f1_e0(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -5966,6 +6041,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
+with const generics
+- K= 3
+- SERIALIZED_KEY_LEN= 2400
+*/
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
+  uint8_t out[2400U] = {0U};
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
+      private_key, public_key, implicit_rejection_value, out);
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
@@ -6007,13 +6097,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
-      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_28(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_74(
-      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
 /**
@@ -6107,20 +6197,13 @@ libcrux_ml_kem_variant_Kyber with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_620(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
-      (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value,
                                     decrypted);
@@ -6135,29 +6218,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_620(
   uint8_t hashed[64U];
   libcrux_ml_kem_hash_functions_portable_G_f1_e0(
       Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
   libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
       Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
       implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted,
+  libcrux_ml_kem_ind_cpa_encrypt_2a(uu____3, copy_of_decrypted,
                                     pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_variant_kdf_33_d6(
@@ -6168,7 +6251,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_620(
   libcrux_ml_kem_variant_kdf_33_d6(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6297,7 +6380,7 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca0(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   libcrux_ml_kem_variant_kdf_33_d6(shared_secret, &ciphertext0,
                                    shared_secret_array);
@@ -6457,34 +6540,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_150(
       libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b();
   libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
       key_generation_seed, &private_key, &public_key);
-  uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ
-                                                    mod^{+}q) || ρ) */
-                                                 public_key.t_as_ntt,
-                                                 Eurydice_array_to_slice(
-                                                     (size_t)32U,
-                                                     public_key.seed_for_A,
-                                                     uint8_t),
-                                                 public_key_serialized);
-  uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q)
-                                                  */
-                                                 private_key.secret_as_ntt,
-                                                 secret_key_serialized);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_secret_key_serialized[1152U];
-  memcpy(copy_of_secret_key_serialized, secret_key_serialized,
-         (size_t)1152U * sizeof(uint8_t));
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_public_key_serialized[1184U];
-  memcpy(copy_of_public_key_serialized, public_key_serialized,
-         (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
-  memcpy(lit.fst, copy_of_secret_key_serialized,
-         (size_t)1152U * sizeof(uint8_t));
-  memcpy(lit.snd, copy_of_public_key_serialized,
-         (size_t)1184U * sizeof(uint8_t));
-  return lit;
+  return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(&public_key,
+                                                                 &private_key);
 }
 
 /**
@@ -6525,13 +6582,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
-      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_28(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_74(
-      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
 /**
@@ -6569,16 +6626,14 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 - SECRET_KEY_SIZE= 2400
-- CIPHERTEXT_SIZE= 1088
 */
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37(
-    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_e0(
       Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
@@ -6595,6 +6650,20 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CIPHERTEXT_SIZE= 1088
+*/
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
@@ -6623,6 +6692,30 @@ static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
       private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
+const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41(
+      private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with
@@ -6712,6 +6805,38 @@ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
       public_key->value);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key;
+  uint8_t public_key_hash[32U];
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0;
+
+typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked;
+
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- $3size_t
+*/
+typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s {
+  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
+      ind_cpa_private_key;
+  uint8_t implicit_rejection_value[32U];
+} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0;
+
+typedef struct
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s {
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key;
+  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key;
+} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked;
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6768,7 +6893,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(
   Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret[32U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_41(
@@ -6784,7 +6909,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(
       uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t selector =
       libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
-          libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+          libcrux_ml_kem_types_as_ref_43_80(ciphertext),
           Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
   uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -6795,9 +6920,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
-/**
- Unpacked decapsulate
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const
@@ -6819,7 +6941,7 @@ generics
 - ETA2_RANDOMNESS_SIZE= 128
 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
 */
-static inline void
+static KRML_MUSTINLINE void
 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
@@ -6898,7 +7020,7 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_shared_secret_array[32U];
   memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -6909,9 +7031,6 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
   return lit;
 }
 
-/**
- Unpacked encapsulate
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const
@@ -6930,7 +7049,7 @@ generics
 - ETA2= 2
 - ETA2_RANDOMNESS_SIZE= 128
 */
-static inline tuple_c2
+static KRML_MUSTINLINE tuple_c2
 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     uint8_t randomness[32U]) {
@@ -7102,9 +7221,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f8(
          (size_t)32U * sizeof(uint8_t));
 }
 
-/**
- Generate a key pair
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with
@@ -7117,7 +7233,7 @@ const generics
 - ETA1= 2
 - ETA1_RANDOMNESS_SIZE= 128
 */
-static inline void
+static KRML_MUSTINLINE void
 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c6(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
@@ -7130,7 +7246,8 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c6(
 /**
  Generate ML-KEM 768 Key Pair in "unpacked" form.
 */
-static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
+static inline void
+libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(
     uint8_t randomness[64U],
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
         *key_pair) {
@@ -7245,6 +7362,21 @@ static KRML_MUSTINLINE
       .public_key = libcrux_ml_kem_ind_cca_unpacked_default_09_1b()});
 }
 
+/**
+ Generate ML-KEM 768 Key Pair in "unpacked" form.
+*/
+static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
+libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
+    uint8_t randomness[64U]) {
+  libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair =
+      libcrux_ml_kem_ind_cca_unpacked_default_53_1b();
+  uint8_t uu____0[64U];
+  memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t));
+  libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(uu____0,
+                                                                  &key_pair);
+  return key_pair;
+}
+
 /**
  Create a new, empty unpacked key.
 */
@@ -7261,21 +7393,238 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
   return libcrux_ml_kem_ind_cca_unpacked_default_09_1b();
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- BYTES_PER_RING_ELEMENT= 1152
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
+        *key_pair) {
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
+  Eurydice_slice ind_cpa_secret_key = uu____0.fst;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
+  Eurydice_slice uu____1 = Eurydice_array_to_slice(
+      (size_t)3U,
+      /* XXX: We need to copy_from_slice here because karamel can't handle the
+         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
+      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U];
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, ret);
+  Eurydice_slice_copy(
+      uu____1,
+      Eurydice_array_to_slice(
+          (size_t)3U, ret, libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
+      libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
+  libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
+      ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key);
+  Eurydice_slice_copy(
+      Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash,
+                              uint8_t),
+      ind_cpa_public_key_hash, uint8_t);
+  Eurydice_slice_copy(
+      Eurydice_array_to_slice(
+          (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t),
+      implicit_rejection_value, uint8_t);
+  Eurydice_slice uu____2 = Eurydice_array_to_slice(
+      (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A, uint8_t);
+  Eurydice_slice_copy(uu____2,
+                      Eurydice_slice_subslice_from(
+                          ind_cpa_public_key, (size_t)1152U, uint8_t, size_t),
+                      uint8_t);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.keypair_from_private_key
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- BYTES_PER_RING_ELEMENT= 1152
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_ce(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
+        *key_pair) {
+  libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(private_key,
+                                                           key_pair);
+}
+
+/**
+ Get an unpacked key from a private key.
+*/
+static inline void
+libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_from_private_mut(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
+        *key_pair) {
+  libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_ce(
+      private_key, key_pair);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_fc with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 3
+- CPA_PRIVATE_KEY_SIZE= 1152
+- PRIVATE_KEY_SIZE= 2400
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_fc_42(
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) {
+  libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
+      libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(
+          &self->public_key.ind_cpa_public_key,
+          &self->private_key.ind_cpa_private_key);
+  uint8_t ind_cpa_private_key[1152U];
+  memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
+  uint8_t ind_cpa_public_key[1184U];
+  memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
+  libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
+      Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
+      Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t),
+      Eurydice_array_to_slice(
+          (size_t)32U, self->private_key.implicit_rejection_value, uint8_t),
+      serialized->value);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_fc with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 3
+- CPA_PRIVATE_KEY_SIZE= 1152
+- PRIVATE_KEY_SIZE= 2400
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9
+libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_fc_42(
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 sk =
+      libcrux_ml_kem_types_default_24_28();
+  libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_fc_42(self, &sk);
+  return sk;
+}
+
+/**
+ Get the serialized private key.
+*/
+static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
+libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key(
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
+        *key_pair) {
+  return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_fc_42(key_pair);
+}
+
+/**
+ Get the serialized private key.
+*/
+static inline void
+libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key_mut(
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) {
+  libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_fc_42(key_pair,
+                                                                   serialized);
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
 K>[TraitClause@0, TraitClause@1]#3}
 */
 /**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_30
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_ind_cca_unpacked_serialized_30_6c(
+    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
+  uint8_t ret[1184U];
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
+      self->ind_cpa_public_key.t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
+                              uint8_t),
+      ret);
+  return libcrux_ml_kem_types_from_5f_d0(ret);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#4}
+*/
+/**
 A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_30 with types
+libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_fc with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 - K= 3
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
+static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_fc_6c(
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
+  return libcrux_ml_kem_ind_cca_unpacked_serialized_30_6c(&self->public_key);
+}
+
+static inline libcrux_ml_kem_types_MlKemPublicKey_30
+libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
+    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
+        *key_pair) {
+  return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_fc_6c(key_pair);
+}
+
+/**
+This function found in impl
+{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
+K>[TraitClause@0, TraitClause@1]#3}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_30
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_6c(
+libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_6c(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
   libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
@@ -7302,15 +7651,12 @@ static KRML_MUSTINLINE void
 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_6c(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_6c(
-      &self->public_key, serialized);
+  libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_6c(&self->public_key,
+                                                       serialized);
 }
 
-/**
- Get the serialized public key.
-*/
 static inline void
-libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
+libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
   libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_6c(key_pair,
@@ -7406,15 +7752,11 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
   pk[0U] = uu____0;
 }
 
-/**
- Get the serialized public key.
-*/
 static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
-  libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_30_6c(public_key,
-                                                                  serialized);
+  libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_6c(public_key, serialized);
 }
 
 /**
@@ -7460,9 +7802,6 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_f9(
          (size_t)32U * sizeof(uint8_t));
 }
 
-/**
- Get the unpacked public key.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with
@@ -7472,7 +7811,7 @@ const generics
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
 - PUBLIC_KEY_SIZE= 1184
 */
-static inline void
+static KRML_MUSTINLINE void
 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a5(
     libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index c705717d1..ec647eb4a 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 2035978ef..673688674 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
  */
 
 #ifndef __libcrux_sha3_portable_H
diff --git a/libcrux-ml-kem/cg/tests/mlkem768.cc b/libcrux-ml-kem/cg/tests/mlkem768.cc
index 947171f58..d9178a7fa 100644
--- a/libcrux-ml-kem/cg/tests/mlkem768.cc
+++ b/libcrux-ml-kem/cg/tests/mlkem768.cc
@@ -106,7 +106,7 @@ TEST(MlKem768TestPortableUnpacked, ConsistencyTest)
         keygen_randomness[i] = 13;
     }
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ;
-    libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(keygen_randomness, &key_pair);
+    libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(keygen_randomness, &key_pair);
 
     uint8_t encap_randomness[32];
     for (int i = 0; i < 32; i++)
@@ -266,7 +266,7 @@ TEST(MlKem768TestAvx2Unpacked, ConsistencyTest)
         keygen_randomness[i] = 13;
     }
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ;
-    libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(keygen_randomness, &key_pair);
+    libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(keygen_randomness, &key_pair);
 
     uint8_t encap_randomness[32];
     for (int i = 0; i < 32; i++)
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index ed260fd96..6e5fcee19 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -15,7 +15,7 @@ use crate::{
         deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element,
         serialize_uncompressed_ring_element,
     },
-    utils::into_padded_array,
+    utils::{into_padded_array, prf_input_inc},
     variant::Variant,
     vector::Operations,
 };
@@ -171,35 +171,6 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
     out
 }
 
-#[inline(always)]
-#[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::requires(fstar!("range (v $domain_separator + v $K) u8_inttype"))]
-#[hax_lib::ensures(|ds|
-    fstar!("v $ds == v $domain_separator + v $K /\\
-            (forall (i:nat). i < v $K ==>
-                v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\\
-                Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)")
-)]
-fn prf_input_inc<
-    const K: usize,
->(
-    prf_inputs: &mut [[u8; 33]; K],
-    mut domain_separator: u8,
-) -> u8 {
-    let _domain_separator_init = domain_separator;
-    let _prf_inputs_init = prf_inputs.clone();
-    for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
-          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
-            prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
-          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\\
-            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
-        prf_inputs[i][32] = domain_separator;
-        domain_separator += 1;
-    }
-    domain_separator
-}
-
 /// Sample a vector of ring elements from a centered binomial distribution.
 #[inline(always)]
 #[hax_lib::fstar::options("--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always")]
diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs
index 62590aa13..3193ba19d 100644
--- a/libcrux-ml-kem/src/utils.rs
+++ b/libcrux-ml-kem/src/utils.rs
@@ -21,6 +21,35 @@ pub(crate) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
     out
 }
 
+#[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200")]
+#[hax_lib::requires(fstar!("range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::ensures(|ds|
+    fstar!("v $ds == v $domain_separator + v $K /\\
+            (forall (i:nat). i < v $K ==>
+                v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\\
+                Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)")
+)]
+pub(crate) fn prf_input_inc<
+    const K: usize,
+>(
+    prf_inputs: &mut [[u8; 33]; K],
+    mut domain_separator: u8,
+) -> u8 {
+    let _domain_separator_init = domain_separator;
+    let _prf_inputs_init = prf_inputs.clone();
+    for i in 0..K {
+        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
+          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
+            prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
+          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\\
+            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
+        prf_inputs[i][32] = domain_separator;
+        domain_separator += 1;
+    }
+    domain_separator
+}
+
 // C extraction:
 //
 // This is only enabled when extracting.

From 1591860fc1dccfd35e90ff1da4136efecb96747f Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sun, 1 Dec 2024 12:01:38 +0000
Subject: [PATCH 043/142] c code refresh

---
 libcrux-ml-kem/c/code_gen.txt                 |   2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      | 186 +++--
 .../c/internal/libcrux_mlkem_avx2.h           |  32 +-
 .../c/internal/libcrux_mlkem_portable.h       |  32 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   2 +-
 .../c/internal/libcrux_sha3_internal.h        |   2 +-
 libcrux-ml-kem/c/libcrux_core.c               | 302 +++++--
 libcrux-ml-kem/c/libcrux_core.h               |  66 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |  27 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |  10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |  24 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |  10 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |  27 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |  10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |  24 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |  10 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |  27 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |  10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |  24 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |  10 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 723 +++++++++++------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 751 +++++++++++-------
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   2 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   2 +-
 33 files changed, 1583 insertions(+), 750 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index d7203385c..72e8e591e 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
 F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 387722188..cc309c138 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __internal_libcrux_core_H
@@ -60,18 +60,6 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s {
   uint8_t snd[1184U];
 } libcrux_ml_kem_utils_extraction_helper_Keypair768;
 
-/**
-This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
-with const generics
-- SIZE= 1568
-*/
-libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5a_af(
-    uint8_t value[1568U]);
-
 /**
 This function found in impl
 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>#21}
@@ -88,28 +76,16 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_94(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_7f_39(
+libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_9a_39(
     uint8_t value[3168U]);
 
-/**
-This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
-with const generics
-- SIZE= 1184
-*/
-libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5a_d0(
-    uint8_t value[1184U]);
-
 /**
 This function found in impl
 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>#21}
@@ -126,28 +102,16 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_74(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_7f_28(
+libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_9a_28(
     uint8_t value[2400U]);
 
-/**
-This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
-with const generics
-- SIZE= 800
-*/
-libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5a_4d(
-    uint8_t value[800U]);
-
 /**
 This function found in impl
 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>#21}
@@ -164,14 +128,14 @@ libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_types_from_3a_fa(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_7f_2a(
+libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_9a_2a(
     uint8_t value[1632U]);
 
 /**
@@ -187,26 +151,62 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_d0(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_5f
+with const generics
+- SIZE= 1184
+*/
+libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5f_d0(
+    uint8_t value[1184U]);
+
+typedef struct Eurydice_slice_uint8_t_x4_s {
+  Eurydice_slice fst;
+  Eurydice_slice snd;
+  Eurydice_slice thd;
+  Eurydice_slice f3;
+} Eurydice_slice_uint8_t_x4;
+
+/**
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_b4(
+    Eurydice_slice private_key);
+
+/**
+This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_80(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_00_80(
     uint8_t value[1088U]);
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 3
+*/
+uint8_t libcrux_ml_kem_utils_prf_input_inc_e0(uint8_t (*prf_inputs)[33U],
+                                              uint8_t domain_separator);
+
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_80(
+Eurydice_slice libcrux_ml_kem_types_as_ref_43_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self);
 
 /**
@@ -233,26 +233,55 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_4d(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.from_5f
+with const generics
+- SIZE= 800
+*/
+libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5f_4d(
+    uint8_t value[800U]);
+
+/**
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 768
+- PUBLIC_KEY_SIZE= 800
+*/
+Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_0c(
+    Eurydice_slice private_key);
+
+/**
+This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_01_d0(
+libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_00_d0(
     uint8_t value[768U]);
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 2
+*/
+uint8_t libcrux_ml_kem_utils_prf_input_inc_fd(uint8_t (*prf_inputs)[33U],
+                                              uint8_t domain_separator);
+
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_d0(
+Eurydice_slice libcrux_ml_kem_types_as_ref_43_d0(
     libcrux_ml_kem_types_MlKemCiphertext_1a *self);
 
 /**
@@ -277,6 +306,27 @@ with const generics
 uint8_t *libcrux_ml_kem_types_as_slice_fd_af(
     libcrux_ml_kem_types_MlKemPublicKey_64 *self);
 
+/**
+This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_5f
+with const generics
+- SIZE= 1568
+*/
+libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5f_af(
+    uint8_t value[1568U]);
+
+/**
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 1536
+- PUBLIC_KEY_SIZE= 1568
+*/
+Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_1f(
+    Eurydice_slice private_key);
+
 /**
 A monomorphic instance of core.result.Result
 with types uint8_t[32size_t], core_array_TryFromSliceError
@@ -314,16 +364,24 @@ void libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice,
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_01_af(
+libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_00_af(
     uint8_t value[1568U]);
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 4
+*/
+uint8_t libcrux_ml_kem_utils_prf_input_inc_ac(uint8_t (*prf_inputs)[33U],
+                                              uint8_t domain_separator);
+
 /**
  Pad the `slice` with `0`s at the end.
 */
@@ -337,14 +395,14 @@ void libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice,
 
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_af(
+Eurydice_slice libcrux_ml_kem_types_as_ref_43_af(
     libcrux_ml_kem_types_MlKemCiphertext_64 *self);
 
 /**
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 14150c452..3b4f9397e 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
@@ -43,6 +43,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key);
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key);
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -130,6 +140,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key);
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 4
+- SECRET_KEY_SIZE= 3168
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key);
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -217,6 +237,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key);
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 2
+- SECRET_KEY_SIZE= 1632
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key);
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index c492eb01f..4cddab71a 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
@@ -48,6 +48,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key);
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
+with const generics
+- K= 4
+- SECRET_KEY_SIZE= 3168
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key);
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
@@ -135,6 +145,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key);
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
+with const generics
+- K= 2
+- SECRET_KEY_SIZE= 1632
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key);
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
@@ -222,6 +242,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key);
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key);
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index cb5b1ca34..771d3a368 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index ad804647b..4701013e7 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index fe25f9dfc..ce68f6089 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "internal/libcrux_core.h"
@@ -71,25 +71,6 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
-/**
-This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
-with const generics
-- SIZE= 1568
-*/
-libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5a_af(
-    uint8_t value[1568U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_value[1568U];
-  memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_64 lit;
-  memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t));
-  return lit;
-}
-
 /**
 This function found in impl
 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>#21}
@@ -109,14 +90,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_94(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 3168
 */
-libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_7f_39(
+libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_9a_39(
     uint8_t value[3168U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[3168U];
@@ -126,25 +107,6 @@ libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_7f_39(
   return lit;
 }
 
-/**
-This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
-with const generics
-- SIZE= 1184
-*/
-libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5a_d0(
-    uint8_t value[1184U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_value[1184U];
-  memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_30 lit;
-  memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
-  return lit;
-}
-
 /**
 This function found in impl
 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>#21}
@@ -164,14 +126,14 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_74(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 2400
 */
-libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_7f_28(
+libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_9a_28(
     uint8_t value[2400U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[2400U];
@@ -181,25 +143,6 @@ libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_7f_28(
   return lit;
 }
 
-/**
-This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#16}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.types.from_5a
-with const generics
-- SIZE= 800
-*/
-libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5a_4d(
-    uint8_t value[800U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_value[800U];
-  memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t));
-  libcrux_ml_kem_types_MlKemPublicKey_52 lit;
-  memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t));
-  return lit;
-}
-
 /**
 This function found in impl
 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>#21}
@@ -218,14 +161,14 @@ libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_types_from_3a_fa(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#9}
+libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#12}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_7f
+A monomorphic instance of libcrux_ml_kem.types.from_9a
 with const generics
 - SIZE= 1632
 */
-libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_7f_2a(
+libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_9a_2a(
     uint8_t value[1632U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1632U];
@@ -250,14 +193,60 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_d0(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_5f
+with const generics
+- SIZE= 1184
 */
+libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5f_d0(
+    uint8_t value[1184U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_value[1184U];
+  memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
+  libcrux_ml_kem_types_MlKemPublicKey_30 lit;
+  memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
+  return lit;
+}
+
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+*/
+Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_b4(
+    Eurydice_slice private_key) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_secret_key = uu____0.fst;
+  Eurydice_slice secret_key0 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key = uu____1.fst;
+  Eurydice_slice secret_key = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
+      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
+  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key,
+                                              .snd = ind_cpa_public_key,
+                                              .thd = ind_cpa_public_key_hash,
+                                              .f3 = implicit_rejection_value});
+}
+
+/**
+This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 1088
 */
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_80(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_00_80(
     uint8_t value[1088U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1088U];
@@ -267,16 +256,33 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_80(
   return lit;
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 3
+*/
+uint8_t libcrux_ml_kem_utils_prf_input_inc_e0(uint8_t (*prf_inputs)[33U],
+                                              uint8_t domain_separator) {
+  uint8_t ret[3U][33U];
+  core_array___core__clone__Clone_for__Array_T__N___20__clone(
+      (size_t)3U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[3U][33U], void *);
+  KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
+                  prf_inputs[i0][32U] = domain_separator;
+                  domain_separator = (uint32_t)domain_separator + 1U;);
+  return domain_separator;
+}
+
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 1088
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_80(
+Eurydice_slice libcrux_ml_kem_types_as_ref_43_80(
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
   return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
 }
@@ -315,14 +321,60 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_4d(
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_5f
+with const generics
+- SIZE= 800
+*/
+libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5f_4d(
+    uint8_t value[800U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_value[800U];
+  memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t));
+  libcrux_ml_kem_types_MlKemPublicKey_52 lit;
+  memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 768
+- PUBLIC_KEY_SIZE= 800
+*/
+Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_0c(
+    Eurydice_slice private_key) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      private_key, (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_secret_key = uu____0.fst;
+  Eurydice_slice secret_key0 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key = uu____1.fst;
+  Eurydice_slice secret_key = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
+      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
+  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key,
+                                              .snd = ind_cpa_public_key,
+                                              .thd = ind_cpa_public_key_hash,
+                                              .f3 = implicit_rejection_value});
+}
+
+/**
+This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 768
 */
-libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_01_d0(
+libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_00_d0(
     uint8_t value[768U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[768U];
@@ -332,16 +384,33 @@ libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_01_d0(
   return lit;
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 2
+*/
+uint8_t libcrux_ml_kem_utils_prf_input_inc_fd(uint8_t (*prf_inputs)[33U],
+                                              uint8_t domain_separator) {
+  uint8_t ret[2U][33U];
+  core_array___core__clone__Clone_for__Array_T__N___20__clone(
+      (size_t)2U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[2U][33U], void *);
+  KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
+                  prf_inputs[i0][32U] = domain_separator;
+                  domain_separator = (uint32_t)domain_separator + 1U;);
+  return domain_separator;
+}
+
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 768
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_d0(
+Eurydice_slice libcrux_ml_kem_types_as_ref_43_d0(
     libcrux_ml_kem_types_MlKemCiphertext_1a *self) {
   return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t);
 }
@@ -378,6 +447,52 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_af(
   return self->value;
 }
 
+/**
+This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
+libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#19}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.types.from_5f
+with const generics
+- SIZE= 1568
+*/
+libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5f_af(
+    uint8_t value[1568U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_value[1568U];
+  memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t));
+  libcrux_ml_kem_types_MlKemPublicKey_64 lit;
+  memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
+with const generics
+- CPA_SECRET_KEY_SIZE= 1536
+- PUBLIC_KEY_SIZE= 1568
+*/
+Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_1f(
+    Eurydice_slice private_key) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      private_key, (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_secret_key = uu____0.fst;
+  Eurydice_slice secret_key0 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key = uu____1.fst;
+  Eurydice_slice secret_key = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
+      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
+  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key,
+                                              .snd = ind_cpa_public_key,
+                                              .thd = ind_cpa_public_key_hash,
+                                              .f3 = implicit_rejection_value});
+}
+
 /**
 This function found in impl {core::result::Result<T, E>[TraitClause@0,
 TraitClause@1]}
@@ -420,14 +535,14 @@ void libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice,
 
 /**
 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#5}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.from_01
+A monomorphic instance of libcrux_ml_kem.types.from_00
 with const generics
 - SIZE= 1568
 */
-libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_01_af(
+libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_00_af(
     uint8_t value[1568U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_value[1568U];
@@ -437,6 +552,23 @@ libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_01_af(
   return lit;
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
+with const generics
+- K= 4
+*/
+uint8_t libcrux_ml_kem_utils_prf_input_inc_ac(uint8_t (*prf_inputs)[33U],
+                                              uint8_t domain_separator) {
+  uint8_t ret[4U][33U];
+  core_array___core__clone__Clone_for__Array_T__N___20__clone(
+      (size_t)4U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[4U][33U], void *);
+  KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
+                  prf_inputs[i0][32U] = domain_separator;
+                  domain_separator = (uint32_t)domain_separator + 1U;);
+  return domain_separator;
+}
+
 /**
  Pad the `slice` with `0`s at the end.
 */
@@ -458,14 +590,14 @@ void libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice,
 
 /**
 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
-libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
+libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#4}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.types.as_ref_00
+A monomorphic instance of libcrux_ml_kem.types.as_ref_43
 with const generics
 - SIZE= 1568
 */
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_af(
+Eurydice_slice libcrux_ml_kem_types_as_ref_43_af(
     libcrux_ml_kem_types_MlKemCiphertext_64 *self) {
   return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t);
 }
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 17fe27b23..41bbf32c7 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_core_H
@@ -54,15 +54,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
 
 static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]);
 
-/**
-A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
-with const generics
-- $1568size_t
-*/
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_64_s {
-  uint8_t value[1568U];
-} libcrux_ml_kem_types_MlKemPublicKey_64;
-
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
 with const generics
@@ -72,19 +63,19 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey_83_s {
   uint8_t value[3168U];
 } libcrux_ml_kem_types_MlKemPrivateKey_83;
 
-typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s {
-  libcrux_ml_kem_types_MlKemPrivateKey_83 sk;
-  libcrux_ml_kem_types_MlKemPublicKey_64 pk;
-} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair;
-
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
 with const generics
-- $1184size_t
+- $1568size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s {
-  uint8_t value[1184U];
-} libcrux_ml_kem_types_MlKemPublicKey_30;
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_64_s {
+  uint8_t value[1568U];
+} libcrux_ml_kem_types_MlKemPublicKey_64;
+
+typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s {
+  libcrux_ml_kem_types_MlKemPrivateKey_83 sk;
+  libcrux_ml_kem_types_MlKemPublicKey_64 pk;
+} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
@@ -95,19 +86,19 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s {
   uint8_t value[2400U];
 } libcrux_ml_kem_types_MlKemPrivateKey_d9;
 
-typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
-  libcrux_ml_kem_types_MlKemPrivateKey_d9 sk;
-  libcrux_ml_kem_types_MlKemPublicKey_30 pk;
-} libcrux_ml_kem_mlkem768_MlKem768KeyPair;
-
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
 with const generics
-- $800size_t
+- $1184size_t
 */
-typedef struct libcrux_ml_kem_types_MlKemPublicKey_52_s {
-  uint8_t value[800U];
-} libcrux_ml_kem_types_MlKemPublicKey_52;
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s {
+  uint8_t value[1184U];
+} libcrux_ml_kem_types_MlKemPublicKey_30;
+
+typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
+  libcrux_ml_kem_types_MlKemPrivateKey_d9 sk;
+  libcrux_ml_kem_types_MlKemPublicKey_30 pk;
+} libcrux_ml_kem_mlkem768_MlKem768KeyPair;
 
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
@@ -118,6 +109,15 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey_fa_s {
   uint8_t value[1632U];
 } libcrux_ml_kem_types_MlKemPrivateKey_fa;
 
+/**
+A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
+with const generics
+- $800size_t
+*/
+typedef struct libcrux_ml_kem_types_MlKemPublicKey_52_s {
+  uint8_t value[800U];
+} libcrux_ml_kem_types_MlKemPublicKey_52;
+
 /**
 A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair
 with const generics
@@ -129,6 +129,11 @@ typedef struct libcrux_ml_kem_types_MlKemKeyPair_3e_s {
   libcrux_ml_kem_types_MlKemPublicKey_52 pk;
 } libcrux_ml_kem_types_MlKemKeyPair_3e;
 
+typedef struct Eurydice_slice_uint8_t_x2_s {
+  Eurydice_slice fst;
+  Eurydice_slice snd;
+} Eurydice_slice_uint8_t_x2;
+
 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {
   uint8_t value[1088U];
 } libcrux_ml_kem_mlkem768_MlKem768Ciphertext;
@@ -207,11 +212,6 @@ with types uint8_t[8size_t], core_array_TryFromSliceError
 */
 void core_result_unwrap_26_68(core_result_Result_15 self, uint8_t ret[8U]);
 
-typedef struct Eurydice_slice_uint8_t_x2_s {
-  Eurydice_slice fst;
-  Eurydice_slice snd;
-} Eurydice_slice_uint8_t_x2;
-
 typedef struct Eurydice_slice_uint8_t_1size_t__x2_s {
   Eurydice_slice fst[1U];
   Eurydice_slice snd[1U];
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 8180ea4d7..1458de6ac 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index fcb4f5541..363093548 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_mlkem1024_avx2.h"
@@ -151,9 +151,6 @@ tuple_fa libcrux_ml_kem_mlkem1024_avx2_encapsulate(
   return encapsulate_8f(uu____0, copy_of_randomness);
 }
 
-/**
- Portable generate key pair.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -244,6 +241,28 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
   return validate_private_key_6b(private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
+generics
+- K= 4
+- SECRET_KEY_SIZE= 3168
+*/
+static KRML_MUSTINLINE bool validate_private_key_only_44(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_5e(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
+  return validate_private_key_only_44(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index cb0e5a88f..cfc2f915e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
@@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext);
 
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key);
+
 /**
  Validate a public key.
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index d57afaf6d..b4d771a73 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_mlkem1024_portable.h"
@@ -155,6 +155,28 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
   return validate_private_key_6b(private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
+const generics
+- K= 4
+- SECRET_KEY_SIZE= 3168
+*/
+static KRML_MUSTINLINE bool validate_private_key_only_44(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_60(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem1024_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
+  return validate_private_key_only_44(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 7f2cd72a4..908abf6ae 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
@@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext);
 
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem1024_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key);
+
 /**
  Validate a public key.
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index f639ac871..a289a8989 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 4f2d872df..3c2fdb66d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_mlkem512_avx2.h"
@@ -151,9 +151,6 @@ tuple_41 libcrux_ml_kem_mlkem512_avx2_encapsulate(
   return encapsulate_35(uu____0, copy_of_randomness);
 }
 
-/**
- Portable generate key pair.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -244,6 +241,28 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
   return validate_private_key_1c(private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
+generics
+- K= 2
+- SECRET_KEY_SIZE= 1632
+*/
+static KRML_MUSTINLINE bool validate_private_key_only_49(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_4d(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem512_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
+  return validate_private_key_only_49(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index f8484f612..e364a95e1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
@@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext);
 
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem512_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key);
+
 /**
  Validate a public key.
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 14cf1f01f..a0d72c45e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_mlkem512_portable.h"
@@ -155,6 +155,28 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
   return validate_private_key_1c(private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
+const generics
+- K= 2
+- SECRET_KEY_SIZE= 1632
+*/
+static KRML_MUSTINLINE bool validate_private_key_only_49(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_30(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem512_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
+  return validate_private_key_only_49(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 1b7e86cc2..a49a44922 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem512_portable_H
@@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext);
 
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem512_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key);
+
 /**
  Validate a public key.
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 049a2a2d6..3421b1abd 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index e9ba021db..ce89c4f56 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_mlkem768_avx2.h"
@@ -151,9 +151,6 @@ tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate(
   return encapsulate_cd(uu____0, copy_of_randomness);
 }
 
-/**
- Portable generate key pair.
-*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -244,6 +241,28 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
   return validate_private_key_31(private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
+generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+*/
+static KRML_MUSTINLINE bool validate_private_key_only_41(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return validate_private_key_only_41(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 53dd5e48b..41d4fc949 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext);
 
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key);
+
 /**
  Validate a public key.
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 00c8ec330..15e054591 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_mlkem768_portable.h"
@@ -155,6 +155,28 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
   return validate_private_key_31(private_key, ciphertext);
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
+const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+*/
+static KRML_MUSTINLINE bool validate_private_key_only_41(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
+}
+
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
+  return validate_private_key_only_41(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 5ee93debd..06075ff39 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext);
 
+/**
+ Validate the private key only.
+
+ Returns `true` if valid, and `false` otherwise.
+*/
+bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key);
+
 /**
  Validate a public key.
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 5fa7218ae..83b151b39 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -1817,16 +1817,14 @@ static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 - SECRET_KEY_SIZE= 2400
-- CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_12(
-    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   H_a9_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
                                          on the types. We need to go to the
@@ -1843,6 +1841,20 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_12(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CIPHERTEXT_SIZE= 1088
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_12(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
@@ -2731,11 +2743,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b41(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   PRFxN_a9_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
@@ -2997,30 +3006,28 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
-libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 - PRIVATE_KEY_SIZE= 1152
 - PUBLIC_KEY_SIZE= 1184
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
-generate_keypair_bb1(Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_63 private_key = default_1a_ab();
-  IndCpaPublicKeyUnpacked_63 public_key = default_8d_ab();
-  generate_keypair_unpacked_221(key_generation_seed, &private_key, &public_key);
+static libcrux_ml_kem_utils_extraction_helper_Keypair768
+serialize_unpacked_secret_key_8c(IndCpaPublicKeyUnpacked_63 *public_key,
+                                 IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_ed(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
   serialize_secret_key_ed(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt,
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
       secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -3039,18 +3046,37 @@ generate_keypair_bb1(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+with const generics
+- K= 3
+- PRIVATE_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- ETA1= 2
+- ETA1_RANDOMNESS_SIZE= 128
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
+generate_keypair_bb1(Eurydice_slice key_generation_seed) {
+  IndCpaPrivateKeyUnpacked_63 private_key = default_1a_ab();
+  IndCpaPublicKeyUnpacked_63 public_key = default_8d_ab();
+  generate_keypair_unpacked_221(key_generation_seed, &private_key, &public_key);
+  return serialize_unpacked_secret_key_8c(&public_key, &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
+static KRML_MUSTINLINE void serialize_kem_secret_key_mut_ae(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
-  uint8_t out[2400U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -3059,7 +3085,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -3069,13 +3095,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  H_a9_e0(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  H_a9_e0(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -3084,6 +3111,21 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 3
+- SERIALIZED_KEY_LEN= 2400
+*/
+static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
+  uint8_t out[2400U] = {0U};
+  serialize_kem_secret_key_mut_ae(private_key, public_key,
+                                  implicit_rejection_value, out);
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
@@ -3125,13 +3167,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d61(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
-      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_28(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_74(
-      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
 /**
@@ -3152,6 +3194,46 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_be(Eurydice_slice randomness,
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa1(
+    Eurydice_slice public_key,
+    IndCpaPublicKeyUnpacked_63 *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  deserialize_ring_elements_reduced_ab(uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  sample_matrix_A_6c1(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE IndCpaPublicKeyUnpacked_63
+build_unpacked_public_key_fa1(Eurydice_slice public_key) {
+  IndCpaPublicKeyUnpacked_63 unpacked_public_key = default_8d_ab();
+  build_unpacked_public_key_mut_fa1(public_key, &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -3172,11 +3254,8 @@ sample_ring_element_cbd_b41(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   PRFxN_a9_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
@@ -4024,10 +4103,11 @@ static KRML_MUSTINLINE void compress_then_serialize_5_61(
 A monomorphic instance of
 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_78(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ed(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
   compress_then_serialize_4_61(re, out);
 }
@@ -4108,7 +4188,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
                                            uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
-  compress_then_serialize_ring_element_v_78(
+  compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -4135,29 +4215,15 @@ static KRML_MUSTINLINE void encrypt_741(Eurydice_slice public_key,
                                         uint8_t message[32U],
                                         Eurydice_slice randomness,
                                         uint8_t ret[1088U]) {
-  IndCpaPublicKeyUnpacked_63 unpacked_public_key = default_8d_ab();
-  deserialize_ring_elements_reduced_ab(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)1152U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  sample_matrix_A_6c1(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_63 *uu____1 = &unpacked_public_key;
+  IndCpaPublicKeyUnpacked_63 unpacked_public_key =
+      build_unpacked_public_key_fa1(public_key);
+  IndCpaPublicKeyUnpacked_63 *uu____0 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  encrypt_unpacked_741(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret0[1088U];
+  encrypt_unpacked_741(uu____0, copy_of_message, randomness, ret0);
+  memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -4236,7 +4302,7 @@ tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_701(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   kdf_d8_ae(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
@@ -4763,10 +4829,11 @@ deserialize_then_decompress_5_61(Eurydice_slice serialized) {
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 3
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_ring_element_v_42(Eurydice_slice serialized) {
+deserialize_then_decompress_ring_element_v_ed(Eurydice_slice serialized) {
   return deserialize_then_decompress_4_61(serialized);
 }
 
@@ -4865,7 +4932,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_2f(
   deserialize_then_decompress_u_ed(
       /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
-      deserialize_then_decompress_ring_element_v_42(
+      deserialize_then_decompress_ring_element_v_ed(
           Eurydice_array_to_subslice_from(
               (size_t)1088U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -4957,20 +5024,13 @@ with const generics
 void libcrux_ml_kem_ind_cca_decapsulate_a11(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
-      (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   decrypt_2f(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
@@ -4983,28 +5043,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_a11(
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
   G_a9_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
   libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_741(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_741(uu____3, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   kdf_d8_ae(Eurydice_array_to_slice((size_t)32U,
@@ -5014,7 +5074,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a11(
   kdf_d8_ae(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5180,16 +5240,14 @@ static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 - SECRET_KEY_SIZE= 3168
-- CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_b9(
-    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
   H_a9_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
                                          on the types. We need to go to the
@@ -5206,6 +5264,20 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_b9(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 4
+- SECRET_KEY_SIZE= 3168
+- CIPHERTEXT_SIZE= 1568
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_b9(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_5e(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
@@ -5793,11 +5865,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b4(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_ac(prf_inputs, domain_separator);
   uint8_t prf_outputs[4U][128U];
   PRFxN_a9_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
@@ -5979,30 +6048,28 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
-libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 - PRIVATE_KEY_SIZE= 1536
 - PUBLIC_KEY_SIZE= 1568
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair1024
-generate_keypair_bb0(Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_39 private_key = default_1a_42();
-  IndCpaPublicKeyUnpacked_39 public_key = default_8d_42();
-  generate_keypair_unpacked_22(key_generation_seed, &private_key, &public_key);
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024
+serialize_unpacked_secret_key_c9(IndCpaPublicKeyUnpacked_39 *public_key,
+                                 IndCpaPrivateKeyUnpacked_39 *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_1e(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
   serialize_secret_key_78(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt,
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
       secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
@@ -6021,18 +6088,37 @@ generate_keypair_bb0(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+with const generics
+- K= 4
+- PRIVATE_KEY_SIZE= 1536
+- PUBLIC_KEY_SIZE= 1568
+- RANKED_BYTES_PER_RING_ELEMENT= 1536
+- ETA1= 2
+- ETA1_RANDOMNESS_SIZE= 128
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair1024
+generate_keypair_bb0(Eurydice_slice key_generation_seed) {
+  IndCpaPrivateKeyUnpacked_39 private_key = default_1a_42();
+  IndCpaPublicKeyUnpacked_39 public_key = default_8d_42();
+  generate_keypair_unpacked_22(key_generation_seed, &private_key, &public_key);
+  return serialize_unpacked_secret_key_c9(&public_key, &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
+static KRML_MUSTINLINE void serialize_kem_secret_key_mut_5e(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
-  uint8_t out[3168U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -6041,7 +6127,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -6051,13 +6137,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  H_a9_ac(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  H_a9_ac(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -6066,6 +6153,21 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 4
+- SERIALIZED_KEY_LEN= 3168
+*/
+static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
+  uint8_t out[3168U] = {0U};
+  serialize_kem_secret_key_mut_5e(private_key, public_key,
+                                  implicit_rejection_value, out);
   memcpy(ret, out, (size_t)3168U * sizeof(uint8_t));
 }
 
@@ -6107,13 +6209,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_83 private_key =
-      libcrux_ml_kem_types_from_7f_39(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_39(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_83 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_94(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_af(copy_of_public_key));
 }
 
 /**
@@ -6134,6 +6236,46 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_6a(Eurydice_slice randomness,
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 4
+- T_AS_NTT_ENCODED_SIZE= 1536
+*/
+static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa0(
+    Eurydice_slice public_key,
+    IndCpaPublicKeyUnpacked_39 *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
+  deserialize_ring_elements_reduced_42(uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1536U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  sample_matrix_A_6c(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 4
+- T_AS_NTT_ENCODED_SIZE= 1536
+*/
+static KRML_MUSTINLINE IndCpaPublicKeyUnpacked_39
+build_unpacked_public_key_fa0(Eurydice_slice public_key) {
+  IndCpaPublicKeyUnpacked_39 unpacked_public_key = default_8d_42();
+  build_unpacked_public_key_mut_fa0(public_key, &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6154,11 +6296,8 @@ sample_ring_element_cbd_b4(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_ac(prf_inputs, domain_separator);
   uint8_t prf_outputs[4U][128U];
   PRFxN_a9_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
@@ -6363,10 +6502,11 @@ static KRML_MUSTINLINE void compress_then_serialize_u_c9(
 A monomorphic instance of
 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 4
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
   compress_then_serialize_5_61(re, out);
 }
@@ -6447,7 +6587,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
                                            (size_t)1408U, uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
-  compress_then_serialize_ring_element_v_ff(
+  compress_then_serialize_ring_element_v_1e(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -6474,29 +6614,15 @@ static KRML_MUSTINLINE void encrypt_740(Eurydice_slice public_key,
                                         uint8_t message[32U],
                                         Eurydice_slice randomness,
                                         uint8_t ret[1568U]) {
-  IndCpaPublicKeyUnpacked_39 unpacked_public_key = default_8d_42();
-  deserialize_ring_elements_reduced_42(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)1536U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1536U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[4U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  sample_matrix_A_6c(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_39 *uu____1 = &unpacked_public_key;
+  IndCpaPublicKeyUnpacked_39 unpacked_public_key =
+      build_unpacked_public_key_fa0(public_key);
+  IndCpaPublicKeyUnpacked_39 *uu____0 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1568U];
-  encrypt_unpacked_74(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
+  uint8_t ret0[1568U];
+  encrypt_unpacked_74(uu____0, copy_of_message, randomness, ret0);
+  memcpy(ret, ret0, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -6575,7 +6701,7 @@ tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700(
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_64 ciphertext0 =
-      libcrux_ml_kem_types_from_01_af(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_af(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   kdf_d8_5e(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_64 uu____5 = ciphertext0;
@@ -6693,10 +6819,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e(
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 4
 - COMPRESSION_FACTOR= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_ring_element_v_b4(Eurydice_slice serialized) {
+deserialize_then_decompress_ring_element_v_78(Eurydice_slice serialized) {
   return deserialize_then_decompress_5_61(serialized);
 }
 
@@ -6738,7 +6865,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_37(
   deserialize_then_decompress_u_1e(
       /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
-      deserialize_then_decompress_ring_element_v_b4(
+      deserialize_then_decompress_ring_element_v_78(
           Eurydice_array_to_subslice_from(
               (size_t)1568U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -6818,20 +6945,13 @@ with const generics
 void libcrux_ml_kem_ind_cca_decapsulate_a10(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t),
-      (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_1f(
+          Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   decrypt_37(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
@@ -6844,28 +6964,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_a10(
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
   G_a9_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1600U];
   libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_af(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_af(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_740(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_740(uu____3, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   kdf_d8_5e(Eurydice_array_to_slice((size_t)32U,
@@ -6875,7 +6995,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a10(
   kdf_d8_5e(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_af(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_af(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -7041,16 +7161,14 @@ static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 - SECRET_KEY_SIZE= 1632
-- CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_ad(
-    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
   H_a9_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
                                          on the types. We need to go to the
@@ -7067,6 +7185,20 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_ad(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 2
+- SECRET_KEY_SIZE= 1632
+- CIPHERTEXT_SIZE= 768
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_ad(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_4d(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
@@ -7633,11 +7765,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b40(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_fd(prf_inputs, domain_separator);
   uint8_t prf_outputs[2U][192U];
   PRFxN_a9_49(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
@@ -7819,30 +7948,28 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
-libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 - PRIVATE_KEY_SIZE= 768
 - PUBLIC_KEY_SIZE= 800
 - RANKED_BYTES_PER_RING_ELEMENT= 768
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair512
-generate_keypair_bb(Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_94 private_key = default_1a_89();
-  IndCpaPublicKeyUnpacked_94 public_key = default_8d_89();
-  generate_keypair_unpacked_220(key_generation_seed, &private_key, &public_key);
+static libcrux_ml_kem_utils_extraction_helper_Keypair512
+serialize_unpacked_secret_key_2d(IndCpaPublicKeyUnpacked_94 *public_key,
+                                 IndCpaPrivateKeyUnpacked_94 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_ba(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
   serialize_secret_key_29(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt,
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
       secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
@@ -7861,18 +7988,37 @@ generate_keypair_bb(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem
+with const generics
+- K= 2
+- PRIVATE_KEY_SIZE= 768
+- PUBLIC_KEY_SIZE= 800
+- RANKED_BYTES_PER_RING_ELEMENT= 768
+- ETA1= 3
+- ETA1_RANDOMNESS_SIZE= 192
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair512
+generate_keypair_bb(Eurydice_slice key_generation_seed) {
+  IndCpaPrivateKeyUnpacked_94 private_key = default_1a_89();
+  IndCpaPublicKeyUnpacked_94 public_key = default_8d_89();
+  generate_keypair_unpacked_220(key_generation_seed, &private_key, &public_key);
+  return serialize_unpacked_secret_key_2d(&public_key, &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
 with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
+static KRML_MUSTINLINE void serialize_kem_secret_key_mut_4d(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
-  uint8_t out[1632U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -7881,7 +8027,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -7891,13 +8037,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  H_a9_fd(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  H_a9_fd(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -7906,6 +8053,21 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
+with const generics
+- K= 2
+- SERIALIZED_KEY_LEN= 1632
+*/
+static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
+  uint8_t out[1632U] = {0U};
+  serialize_kem_secret_key_mut_4d(private_key, public_key,
+                                  implicit_rejection_value, out);
   memcpy(ret, out, (size_t)1632U * sizeof(uint8_t));
 }
 
@@ -7947,13 +8109,13 @@ libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_ind_cca_generate_keypair_d6(
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_fa private_key =
-      libcrux_ml_kem_types_from_7f_2a(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_2a(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_fa uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_fa(
-      uu____2, libcrux_ml_kem_types_from_5a_4d(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_4d(copy_of_public_key));
 }
 
 /**
@@ -7974,6 +8136,46 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_f8(Eurydice_slice randomness,
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 2
+- T_AS_NTT_ENCODED_SIZE= 768
+*/
+static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa(
+    Eurydice_slice public_key,
+    IndCpaPublicKeyUnpacked_94 *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
+  deserialize_ring_elements_reduced_89(uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)768U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  sample_matrix_A_6c0(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
+libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
+- K= 2
+- T_AS_NTT_ENCODED_SIZE= 768
+*/
+static KRML_MUSTINLINE IndCpaPublicKeyUnpacked_94
+build_unpacked_public_key_fa(Eurydice_slice public_key) {
+  IndCpaPublicKeyUnpacked_94 unpacked_public_key = default_8d_89();
+  build_unpacked_public_key_mut_fa(public_key, &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN
 with const generics
@@ -8040,11 +8242,8 @@ sample_ring_element_cbd_b40(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_fd(prf_inputs, domain_separator);
   uint8_t prf_outputs[2U][128U];
   PRFxN_a9_490(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
@@ -8207,6 +8406,19 @@ static KRML_MUSTINLINE void compress_then_serialize_u_2d(
   }
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 2
+- COMPRESSION_FACTOR= 4
+- OUT_LEN= 128
+*/
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
+  compress_then_serialize_4_61(re, out);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -8283,7 +8495,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
                                            uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
-  compress_then_serialize_ring_element_v_78(
+  compress_then_serialize_ring_element_v_ba(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -8310,29 +8522,15 @@ static KRML_MUSTINLINE void encrypt_74(Eurydice_slice public_key,
                                        uint8_t message[32U],
                                        Eurydice_slice randomness,
                                        uint8_t ret[768U]) {
-  IndCpaPublicKeyUnpacked_94 unpacked_public_key = default_8d_89();
-  deserialize_ring_elements_reduced_89(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)768U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)768U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[2U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  sample_matrix_A_6c0(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_94 *uu____1 = &unpacked_public_key;
+  IndCpaPublicKeyUnpacked_94 unpacked_public_key =
+      build_unpacked_public_key_fa(public_key);
+  IndCpaPublicKeyUnpacked_94 *uu____0 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[768U];
-  encrypt_unpacked_740(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
+  uint8_t ret0[768U];
+  encrypt_unpacked_740(uu____0, copy_of_message, randomness, ret0);
+  memcpy(ret, ret0, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -8411,7 +8609,7 @@ tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70(
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_1a ciphertext0 =
-      libcrux_ml_kem_types_from_01_d0(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_d0(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   kdf_d8_4d(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_1a uu____5 = ciphertext0;
@@ -8495,6 +8693,18 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ba(
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
+libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
+- K= 2
+- COMPRESSION_FACTOR= 4
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+deserialize_then_decompress_ring_element_v_29(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_61(serialized);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8533,7 +8743,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_4b(
   deserialize_then_decompress_u_ba(
       /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
-      deserialize_then_decompress_ring_element_v_42(
+      deserialize_then_decompress_ring_element_v_29(
           Eurydice_array_to_subslice_from(
               (size_t)768U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -8613,20 +8823,13 @@ with const generics
 void libcrux_ml_kem_ind_cca_decapsulate_a1(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t),
-      (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_0c(
+          Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   decrypt_4b(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
@@ -8639,28 +8842,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_a1(
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
   G_a9_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[800U];
   libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_d0(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_a9_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_74(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_74(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   kdf_d8_4d(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
@@ -8669,7 +8872,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a1(
   kdf_d8_4d(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_d0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 2e9c9a966..746140725 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 458ec6c2d..7aa7f360e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -2675,16 +2675,14 @@ static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 - SECRET_KEY_SIZE= 3168
-- CIPHERTEXT_SIZE= 1568
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_b5(
-    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
   H_f1_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
                                          on the types. We need to go to the
@@ -2701,6 +2699,20 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_b5(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
+with const generics
+- K= 4
+- SECRET_KEY_SIZE= 3168
+- CIPHERTEXT_SIZE= 1568
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_b5(
+    libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_60(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
@@ -3593,11 +3605,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b(
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_ac(prf_inputs, domain_separator);
   uint8_t prf_outputs[4U][128U];
   PRFxN_f1_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
@@ -3870,30 +3879,28 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
-libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]],
-libcrux_ml_kem_variant_MlKem with const generics
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
 - K= 4
 - PRIVATE_KEY_SIZE= 1536
 - PUBLIC_KEY_SIZE= 1568
 - RANKED_BYTES_PER_RING_ELEMENT= 1536
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair1024
-generate_keypair_151(Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_af private_key = default_1a_d0();
-  IndCpaPublicKeyUnpacked_af public_key = default_8d_d0();
-  generate_keypair_unpacked_1c(key_generation_seed, &private_key, &public_key);
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024
+serialize_unpacked_secret_key_2f(IndCpaPublicKeyUnpacked_af *public_key,
+                                 IndCpaPrivateKeyUnpacked_af *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_00(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
   serialize_secret_key_ff(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt,
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
       secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
@@ -3912,18 +3919,37 @@ generate_keypair_151(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]],
+libcrux_ml_kem_variant_MlKem with const generics
+- K= 4
+- PRIVATE_KEY_SIZE= 1536
+- PUBLIC_KEY_SIZE= 1568
+- RANKED_BYTES_PER_RING_ELEMENT= 1536
+- ETA1= 2
+- ETA1_RANDOMNESS_SIZE= 128
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair1024
+generate_keypair_151(Eurydice_slice key_generation_seed) {
+  IndCpaPrivateKeyUnpacked_af private_key = default_1a_d0();
+  IndCpaPublicKeyUnpacked_af public_key = default_8d_d0();
+  generate_keypair_unpacked_1c(key_generation_seed, &private_key, &public_key);
+  return serialize_unpacked_secret_key_2f(&public_key, &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
 with const generics
 - K= 4
 - SERIALIZED_KEY_LEN= 3168
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_60(
+static KRML_MUSTINLINE void serialize_kem_secret_key_mut_60(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
-  uint8_t out[3168U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -3932,7 +3958,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -3942,13 +3968,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  H_f1_ac(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  H_f1_ac(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -3957,6 +3984,21 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
+with const generics
+- K= 4
+- SERIALIZED_KEY_LEN= 3168
+*/
+static KRML_MUSTINLINE void serialize_kem_secret_key_60(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
+  uint8_t out[3168U] = {0U};
+  serialize_kem_secret_key_mut_60(private_key, public_key,
+                                  implicit_rejection_value, out);
   memcpy(ret, out, (size_t)3168U * sizeof(uint8_t));
 }
 
@@ -3998,13 +4040,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f81(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)3168U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_83 private_key =
-      libcrux_ml_kem_types_from_7f_39(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_39(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_83 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1568U];
   memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_94(
-      uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_af(copy_of_public_key));
 }
 
 /**
@@ -4025,6 +4067,48 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_03(Eurydice_slice randomness,
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const
+generics
+- K= 4
+- T_AS_NTT_ENCODED_SIZE= 1536
+*/
+static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f(
+    Eurydice_slice public_key,
+    IndCpaPublicKeyUnpacked_af *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
+  deserialize_ring_elements_reduced_d0(uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1536U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  sample_matrix_A_2b(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const
+generics
+- K= 4
+- T_AS_NTT_ENCODED_SIZE= 1536
+*/
+static KRML_MUSTINLINE IndCpaPublicKeyUnpacked_af
+build_unpacked_public_key_3f1(Eurydice_slice public_key) {
+  IndCpaPublicKeyUnpacked_af unpacked_public_key = default_8d_d0();
+  build_unpacked_public_key_mut_3f(public_key, &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -4046,11 +4130,8 @@ sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR4(
       i, (size_t)0U, (size_t)4U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[4U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)4U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_ac(prf_inputs, domain_separator);
   uint8_t prf_outputs[4U][128U];
   PRFxN_f1_44(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR4(
@@ -4704,10 +4785,11 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8c(
 A monomorphic instance of
 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 4
 - COMPRESSION_FACTOR= 5
 - OUT_LEN= 160
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8e(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_00(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
   compress_then_serialize_5_8c(re, out);
 }
@@ -4789,7 +4871,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
                                            (size_t)1408U, uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
-  compress_then_serialize_ring_element_v_8e(
+  compress_then_serialize_ring_element_v_00(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
                                                (size_t)1408U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -4817,29 +4899,15 @@ static KRML_MUSTINLINE void encrypt_2a1(Eurydice_slice public_key,
                                         uint8_t message[32U],
                                         Eurydice_slice randomness,
                                         uint8_t ret[1568U]) {
-  IndCpaPublicKeyUnpacked_af unpacked_public_key = default_8d_d0();
-  deserialize_ring_elements_reduced_d0(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)1536U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1536U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[4U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  sample_matrix_A_2b(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_af *uu____1 = &unpacked_public_key;
+  IndCpaPublicKeyUnpacked_af unpacked_public_key =
+      build_unpacked_public_key_3f1(public_key);
+  IndCpaPublicKeyUnpacked_af *uu____0 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1568U];
-  encrypt_unpacked_2a(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t));
+  uint8_t ret0[1568U];
+  encrypt_unpacked_2a(uu____0, copy_of_message, randomness, ret0);
+  memcpy(ret, ret0, (size_t)1568U * sizeof(uint8_t));
 }
 
 /**
@@ -4918,7 +4986,7 @@ tuple_fa libcrux_ml_kem_ind_cca_encapsulate_ca1(
   uint8_t copy_of_ciphertext[1568U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_64 ciphertext0 =
-      libcrux_ml_kem_types_from_01_af(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_af(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   kdf_d8_60(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_64 uu____5 = ciphertext0;
@@ -5017,8 +5085,8 @@ generics
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
 decompress_ciphertext_coefficient_0d_ef(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_ef(v);
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return decompress_ciphertext_coefficient_ef(a);
 }
 
 /**
@@ -5084,8 +5152,8 @@ generics
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
 decompress_ciphertext_coefficient_0d_c4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_c4(v);
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return decompress_ciphertext_coefficient_c4(a);
 }
 
 /**
@@ -5213,8 +5281,8 @@ generics
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
 decompress_ciphertext_coefficient_0d_d1(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_d1(v);
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return decompress_ciphertext_coefficient_d1(a);
 }
 
 /**
@@ -5273,8 +5341,8 @@ generics
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
 decompress_ciphertext_coefficient_0d_f4(
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return decompress_ciphertext_coefficient_f4(v);
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+  return decompress_ciphertext_coefficient_f4(a);
 }
 
 /**
@@ -5304,10 +5372,11 @@ deserialize_then_decompress_5_8c(Eurydice_slice serialized) {
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 4
 - COMPRESSION_FACTOR= 5
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) {
+deserialize_then_decompress_ring_element_v_ff(Eurydice_slice serialized) {
   return deserialize_then_decompress_5_8c(serialized);
 }
 
@@ -5411,7 +5480,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_7d(
   deserialize_then_decompress_u_00(
       /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
-      deserialize_then_decompress_ring_element_v_9f(
+      deserialize_then_decompress_ring_element_v_ff(
           Eurydice_array_to_subslice_from(
               (size_t)1568U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -5503,20 +5572,13 @@ libcrux_ml_kem_variant_MlKem with const generics
 void libcrux_ml_kem_ind_cca_decapsulate_621(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t),
-      (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_1f(
+          Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   decrypt_7d(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
@@ -5529,28 +5591,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_621(
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
   G_f1_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1600U];
   libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_af(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_af(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1568U];
-  encrypt_2a1(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_2a1(uu____3, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   kdf_d8_60(Eurydice_array_to_slice((size_t)32U,
@@ -5560,7 +5622,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_621(
   kdf_d8_60(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_af(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_af(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5726,16 +5788,14 @@ static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 - SECRET_KEY_SIZE= 1632
-- CIPHERTEXT_SIZE= 768
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_fb(
-    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
   H_f1_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
                                          on the types. We need to go to the
@@ -5752,6 +5812,20 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fb(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
+with const generics
+- K= 2
+- SECRET_KEY_SIZE= 1632
+- CIPHERTEXT_SIZE= 768
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_fb(
+    libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
+    libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_30(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
@@ -6305,11 +6379,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b0(
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_fd(prf_inputs, domain_separator);
   uint8_t prf_outputs[2U][192U];
   PRFxN_f1_49(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
@@ -6495,30 +6566,28 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
-libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]],
-libcrux_ml_kem_variant_MlKem with const generics
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
 - K= 2
 - PRIVATE_KEY_SIZE= 768
 - PUBLIC_KEY_SIZE= 800
 - RANKED_BYTES_PER_RING_ELEMENT= 768
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair512
-generate_keypair_150(Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_d4 private_key = default_1a_a0();
-  IndCpaPublicKeyUnpacked_d4 public_key = default_8d_a0();
-  generate_keypair_unpacked_1c0(key_generation_seed, &private_key, &public_key);
+static libcrux_ml_kem_utils_extraction_helper_Keypair512
+serialize_unpacked_secret_key_6d(IndCpaPublicKeyUnpacked_d4 *public_key,
+                                 IndCpaPrivateKeyUnpacked_d4 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_86(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
   serialize_secret_key_64(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt,
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
       secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
@@ -6537,18 +6606,37 @@ generate_keypair_150(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]],
+libcrux_ml_kem_variant_MlKem with const generics
+- K= 2
+- PRIVATE_KEY_SIZE= 768
+- PUBLIC_KEY_SIZE= 800
+- RANKED_BYTES_PER_RING_ELEMENT= 768
+- ETA1= 3
+- ETA1_RANDOMNESS_SIZE= 192
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair512
+generate_keypair_150(Eurydice_slice key_generation_seed) {
+  IndCpaPrivateKeyUnpacked_d4 private_key = default_1a_a0();
+  IndCpaPublicKeyUnpacked_d4 public_key = default_8d_a0();
+  generate_keypair_unpacked_1c0(key_generation_seed, &private_key, &public_key);
+  return serialize_unpacked_secret_key_6d(&public_key, &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
 with const generics
 - K= 2
 - SERIALIZED_KEY_LEN= 1632
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_30(
+static KRML_MUSTINLINE void serialize_kem_secret_key_mut_30(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
-  uint8_t out[1632U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -6557,7 +6645,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -6567,13 +6655,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  H_f1_fd(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  H_f1_fd(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -6582,6 +6671,21 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
+with const generics
+- K= 2
+- SERIALIZED_KEY_LEN= 1632
+*/
+static KRML_MUSTINLINE void serialize_kem_secret_key_30(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
+  uint8_t out[1632U] = {0U};
+  serialize_kem_secret_key_mut_30(private_key, public_key,
+                                  implicit_rejection_value, out);
   memcpy(ret, out, (size_t)1632U * sizeof(uint8_t));
 }
 
@@ -6623,13 +6727,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)1632U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_fa private_key =
-      libcrux_ml_kem_types_from_7f_2a(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_2a(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_fa uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[800U];
   memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_fa(
-      uu____2, libcrux_ml_kem_types_from_5a_4d(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_4d(copy_of_public_key));
 }
 
 /**
@@ -6650,6 +6754,48 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_10(Eurydice_slice randomness,
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const
+generics
+- K= 2
+- T_AS_NTT_ENCODED_SIZE= 768
+*/
+static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f0(
+    Eurydice_slice public_key,
+    IndCpaPublicKeyUnpacked_d4 *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
+  deserialize_ring_elements_reduced_a0(uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)768U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  sample_matrix_A_2b0(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const
+generics
+- K= 2
+- T_AS_NTT_ENCODED_SIZE= 768
+*/
+static KRML_MUSTINLINE IndCpaPublicKeyUnpacked_d4
+build_unpacked_public_key_3f0(Eurydice_slice public_key) {
+  IndCpaPublicKeyUnpacked_d4 unpacked_public_key = default_8d_a0();
+  build_unpacked_public_key_mut_3f0(public_key, &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN
 with const generics
@@ -6703,11 +6849,8 @@ sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR2(
       i, (size_t)0U, (size_t)2U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[2U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)2U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_fd(prf_inputs, domain_separator);
   uint8_t prf_outputs[2U][128U];
   PRFxN_f1_490(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR2(
@@ -6914,10 +7057,11 @@ static KRML_MUSTINLINE void compress_then_serialize_u_6d(
 A monomorphic instance of
 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 2
 - COMPRESSION_FACTOR= 4
 - OUT_LEN= 128
 */
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_86(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
   compress_then_serialize_4_8c(re, out);
 }
@@ -7000,7 +7144,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
                                            uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
-  compress_then_serialize_ring_element_v_ff0(
+  compress_then_serialize_ring_element_v_86(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
                                                (size_t)640U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -7028,29 +7172,15 @@ static KRML_MUSTINLINE void encrypt_2a0(Eurydice_slice public_key,
                                         uint8_t message[32U],
                                         Eurydice_slice randomness,
                                         uint8_t ret[768U]) {
-  IndCpaPublicKeyUnpacked_d4 unpacked_public_key = default_8d_a0();
-  deserialize_ring_elements_reduced_a0(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)768U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)768U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[2U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  sample_matrix_A_2b0(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_d4 *uu____1 = &unpacked_public_key;
+  IndCpaPublicKeyUnpacked_d4 unpacked_public_key =
+      build_unpacked_public_key_3f0(public_key);
+  IndCpaPublicKeyUnpacked_d4 *uu____0 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[768U];
-  encrypt_unpacked_2a0(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t));
+  uint8_t ret0[768U];
+  encrypt_unpacked_2a0(uu____0, copy_of_message, randomness, ret0);
+  memcpy(ret, ret0, (size_t)768U * sizeof(uint8_t));
 }
 
 /**
@@ -7129,7 +7259,7 @@ tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0(
   uint8_t copy_of_ciphertext[768U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemCiphertext_1a ciphertext0 =
-      libcrux_ml_kem_types_from_01_d0(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_d0(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   kdf_d8_30(shared_secret, shared_secret_array);
   libcrux_ml_kem_types_MlKemCiphertext_1a uu____5 = ciphertext0;
@@ -7247,10 +7377,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_86(
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 2
 - COMPRESSION_FACTOR= 4
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_ring_element_v_d0(Eurydice_slice serialized) {
+deserialize_then_decompress_ring_element_v_64(Eurydice_slice serialized) {
   return deserialize_then_decompress_4_8c(serialized);
 }
 
@@ -7292,7 +7423,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_d1(
   deserialize_then_decompress_u_86(
       /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
-      deserialize_then_decompress_ring_element_v_d0(
+      deserialize_then_decompress_ring_element_v_64(
           Eurydice_array_to_subslice_from(
               (size_t)768U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -7372,20 +7503,13 @@ libcrux_ml_kem_variant_MlKem with const generics
 void libcrux_ml_kem_ind_cca_decapsulate_620(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t),
-      (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_0c(
+          Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   decrypt_d1(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
@@ -7398,28 +7522,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_620(
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
   G_f1_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[800U];
   libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_d0(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[768U];
-  encrypt_2a0(uu____5, copy_of_decrypted, pseudorandomness,
+  encrypt_2a0(uu____3, copy_of_decrypted, pseudorandomness,
               expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   kdf_d8_30(Eurydice_array_to_slice((size_t)32U,
@@ -7429,7 +7553,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_620(
   kdf_d8_30(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_d0(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_d0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -7595,16 +7719,14 @@ static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 - SECRET_KEY_SIZE= 2400
-- CIPHERTEXT_SIZE= 1088
 */
-bool libcrux_ml_kem_ind_cca_validate_private_key_37(
-    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   H_f1_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
                                          on the types. We need to go to the
@@ -7621,6 +7743,20 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_37(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
+with const generics
+- K= 3
+- SECRET_KEY_SIZE= 2400
+- CIPHERTEXT_SIZE= 1088
+*/
+bool libcrux_ml_kem_ind_cca_validate_private_key_37(
+    libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
+    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
+  return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
+}
+
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
@@ -8169,11 +8305,8 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b1(
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   PRFxN_f1_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
@@ -8359,30 +8492,28 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
-with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
-libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
-libcrux_ml_kem_variant_MlKem with const generics
+ Serialize the secret key from the unpacked key pair generation.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
 - K= 3
 - PRIVATE_KEY_SIZE= 1152
 - PUBLIC_KEY_SIZE= 1184
 - RANKED_BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
 */
-static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
-generate_keypair_15(Eurydice_slice key_generation_seed) {
-  IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_1b();
-  IndCpaPublicKeyUnpacked_a0 public_key = default_8d_1b();
-  generate_keypair_unpacked_1c1(key_generation_seed, &private_key, &public_key);
+static libcrux_ml_kem_utils_extraction_helper_Keypair768
+serialize_unpacked_secret_key_43(IndCpaPublicKeyUnpacked_a0 *public_key,
+                                 IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_6c(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
   serialize_secret_key_89(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt,
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
       secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -8401,18 +8532,37 @@ generate_keypair_15(Eurydice_slice key_generation_seed) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
+libcrux_ml_kem_variant_MlKem with const generics
+- K= 3
+- PRIVATE_KEY_SIZE= 1152
+- PUBLIC_KEY_SIZE= 1184
+- RANKED_BYTES_PER_RING_ELEMENT= 1152
+- ETA1= 2
+- ETA1_RANDOMNESS_SIZE= 128
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
+generate_keypair_15(Eurydice_slice key_generation_seed) {
+  IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_1b();
+  IndCpaPublicKeyUnpacked_a0 public_key = default_8d_1b();
+  generate_keypair_unpacked_1c1(key_generation_seed, &private_key, &public_key);
+  return serialize_unpacked_secret_key_43(&public_key, &private_key);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
 with const generics
 - K= 3
 - SERIALIZED_KEY_LEN= 2400
 */
-static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
+static KRML_MUSTINLINE void serialize_kem_secret_key_mut_d6(
     Eurydice_slice private_key, Eurydice_slice public_key,
-    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
-  uint8_t out[2400U] = {0U};
+    Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
   size_t pointer = (size_t)0U;
-  uint8_t *uu____0 = out;
+  uint8_t *uu____0 = serialized;
   size_t uu____1 = pointer;
   size_t uu____2 = pointer;
   Eurydice_slice_copy(
@@ -8421,7 +8571,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
           uint8_t),
       private_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
-  uint8_t *uu____3 = out;
+  uint8_t *uu____3 = serialized;
   size_t uu____4 = pointer;
   size_t uu____5 = pointer;
   Eurydice_slice_copy(
@@ -8431,13 +8581,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
       public_key, uint8_t);
   pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
   Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
-      out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
-  uint8_t ret0[32U];
-  H_f1_e0(public_key, ret0);
+      serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
+      uint8_t);
+  uint8_t ret[32U];
+  H_f1_e0(public_key, ret);
   Eurydice_slice_copy(
-      uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
+      uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
   pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
-  uint8_t *uu____7 = out;
+  uint8_t *uu____7 = serialized;
   size_t uu____8 = pointer;
   size_t uu____9 = pointer;
   Eurydice_slice_copy(
@@ -8446,6 +8597,21 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
           uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
           uint8_t),
       implicit_rejection_value, uint8_t);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
+with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
+with const generics
+- K= 3
+- SERIALIZED_KEY_LEN= 2400
+*/
+static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
+    Eurydice_slice private_key, Eurydice_slice public_key,
+    Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
+  uint8_t out[2400U] = {0U};
+  serialize_kem_secret_key_mut_d6(private_key, public_key,
+                                  implicit_rejection_value, out);
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
@@ -8487,13 +8653,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]) {
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
          (size_t)2400U * sizeof(uint8_t));
   libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
-      libcrux_ml_kem_types_from_7f_28(copy_of_secret_key_serialized);
+      libcrux_ml_kem_types_from_9a_28(copy_of_secret_key_serialized);
   libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_public_key[1184U];
   memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
   return libcrux_ml_kem_types_from_3a_74(
-      uu____2, libcrux_ml_kem_types_from_5a_d0(copy_of_public_key));
+      uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
 /**
@@ -8514,6 +8680,48 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness,
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f1(
+    Eurydice_slice public_key,
+    IndCpaPublicKeyUnpacked_a0 *unpacked_public_key) {
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  deserialize_ring_elements_reduced_1b(uu____0, unpacked_public_key->t_as_ntt);
+  Eurydice_slice seed =
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1152U, uint8_t, size_t);
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
+      unpacked_public_key->A;
+  uint8_t ret[34U];
+  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
+  sample_matrix_A_2b1(uu____1, ret, false);
+}
+
+/**
+A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
+libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
+generics
+- K= 3
+- T_AS_NTT_ENCODED_SIZE= 1152
+*/
+static KRML_MUSTINLINE IndCpaPublicKeyUnpacked_a0
+build_unpacked_public_key_3f(Eurydice_slice public_key) {
+  IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_1b();
+  build_unpacked_public_key_mut_3f1(public_key, &unpacked_public_key);
+  return unpacked_public_key;
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -8535,11 +8743,8 @@ sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) {
   KRML_MAYBE_FOR3(
       i, (size_t)0U, (size_t)3U, (size_t)1U,
       memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)););
-  uint8_t _prf_inputs_init[3U][33U];
-  memcpy(_prf_inputs_init, prf_inputs, (size_t)3U * sizeof(uint8_t[33U]));
-  KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
-                  prf_inputs[i0][32U] = domain_separator;
-                  domain_separator = (uint32_t)domain_separator + 1U;);
+  domain_separator =
+      libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
   uint8_t prf_outputs[3U][128U];
   PRFxN_f1_41(prf_inputs, prf_outputs);
   KRML_MAYBE_FOR3(
@@ -8702,6 +8907,19 @@ static KRML_MUSTINLINE void compress_then_serialize_u_43(
   }
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 3
+- COMPRESSION_FACTOR= 4
+- OUT_LEN= 128
+*/
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
+  compress_then_serialize_4_8c(re, out);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -8780,7 +8998,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
                                            uint8_t));
   /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
-  compress_then_serialize_ring_element_v_ff0(
+  compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
                                                (size_t)960U, uint8_t, size_t));
   memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -8808,29 +9026,15 @@ static KRML_MUSTINLINE void encrypt_2a(Eurydice_slice public_key,
                                        uint8_t message[32U],
                                        Eurydice_slice randomness,
                                        uint8_t ret[1088U]) {
-  IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_1b();
-  deserialize_ring_elements_reduced_1b(
-      Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */
-                                 public_key, (size_t)1152U, uint8_t, size_t),
-      unpacked_public_key.t_as_ntt);
-  Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1152U, uint8_t, size_t);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] =
-      unpacked_public_key.A;
-  uint8_t ret0[34U];
-  libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0);
-  sample_matrix_A_2b1(uu____0, ret0, false);
-  IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key;
+  IndCpaPublicKeyUnpacked_a0 unpacked_public_key =
+      build_unpacked_public_key_3f(public_key);
+  IndCpaPublicKeyUnpacked_a0 *uu____0 = &unpacked_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
-  uint8_t ret1[1088U];
-  encrypt_unpacked_2a1(uu____1, copy_of_message, randomness, ret1);
-  memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t));
+  uint8_t ret0[1088U];
+  encrypt_unpacked_2a1(uu____0, copy_of_message, randomness, ret0);
+  memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t));
 }
 
 /**
@@ -8909,7 +9113,7 @@ tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
   uint8_t copy_of_ciphertext[1088U];
   memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
-      libcrux_ml_kem_types_from_01_80(copy_of_ciphertext);
+      libcrux_ml_kem_types_from_00_80(copy_of_ciphertext);
   uint8_t shared_secret_array[32U];
   kdf_d8_d6(shared_secret, shared_secret_array);
   libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
@@ -8993,6 +9197,18 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6c(
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
+libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
+- K= 3
+- COMPRESSION_FACTOR= 4
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+deserialize_then_decompress_ring_element_v_89(Eurydice_slice serialized) {
+  return deserialize_then_decompress_4_8c(serialized);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -9031,7 +9247,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_42(
   deserialize_then_decompress_u_6c(
       /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
-      deserialize_then_decompress_ring_element_v_d0(
+      deserialize_then_decompress_ring_element_v_89(
           Eurydice_array_to_subslice_from(
               (size_t)1088U,
               /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
@@ -9111,20 +9327,13 @@ libcrux_ml_kem_variant_MlKem with const generics
 void libcrux_ml_kem_ind_cca_decapsulate_62(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
-      Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
-      (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice_uint8_t_x4 uu____0 =
+      libcrux_ml_kem_types_unpack_private_key_b4(
+          Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
   Eurydice_slice ind_cpa_secret_key = uu____0.fst;
-  Eurydice_slice secret_key0 = uu____0.snd;
-  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
-      secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key = uu____1.fst;
-  Eurydice_slice secret_key = uu____1.snd;
-  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
-      secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
-      Eurydice_slice_uint8_t_x2);
-  Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
-  Eurydice_slice implicit_rejection_value = uu____2.snd;
+  Eurydice_slice ind_cpa_public_key = uu____0.snd;
+  Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
+  Eurydice_slice implicit_rejection_value = uu____0.f3;
   uint8_t decrypted[32U];
   decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted);
   uint8_t to_hash0[64U];
@@ -9137,28 +9346,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_62(
       ind_cpa_public_key_hash, uint8_t);
   uint8_t hashed[64U];
   G_f1_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
-  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
       LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
       Eurydice_slice_uint8_t_x2);
-  Eurydice_slice shared_secret0 = uu____3.fst;
-  Eurydice_slice pseudorandomness = uu____3.snd;
+  Eurydice_slice shared_secret0 = uu____1.fst;
+  Eurydice_slice pseudorandomness = uu____1.snd;
   uint8_t to_hash[1120U];
   libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
-  Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
+  Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
       (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
       uint8_t, size_t);
-  Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+  Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_43_80(ciphertext),
                       uint8_t);
   uint8_t implicit_rejection_shared_secret0[32U];
   PRF_f1_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
             implicit_rejection_shared_secret0);
-  Eurydice_slice uu____5 = ind_cpa_public_key;
+  Eurydice_slice uu____3 = ind_cpa_public_key;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_decrypted[32U];
   memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
   uint8_t expected_ciphertext[1088U];
-  encrypt_2a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+  encrypt_2a(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
   uint8_t implicit_rejection_shared_secret[32U];
   kdf_d8_d6(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
@@ -9167,7 +9376,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_62(
   kdf_d8_d6(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
-      libcrux_ml_kem_types_as_ref_00_80(ciphertext),
+      libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
       Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 861d02c73..f01803502 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index e5da18da0..bd2ae688c 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index c9cae1713..6b48d2f44 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index b4ef2d72b..3585d26e5 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 8d8e7129d..b7cb02704 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 52a2f06f4..4340d727d 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index de686c220..280eb16d3 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
  * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
+ * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
  */
 
 #ifndef __libcrux_sha3_neon_H

From 0a935fefb69b9ed781162b722e56547c2e7643c6 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sun, 1 Dec 2024 13:06:33 +0000
Subject: [PATCH 044/142] fstar

---
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     | 51 +------------------
 .../extraction/Libcrux_ml_kem.Ind_cpa.fsti    | 13 -----
 .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 47 +++++++++++++++++
 .../extraction/Libcrux_ml_kem.Utils.fsti      | 13 +++++
 4 files changed, 62 insertions(+), 62 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 8fb8e250b..073e16e7d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -12,53 +12,6 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-#push-options "--z3rlimit 200"
-
-let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) =
-  let v__domain_separator_init:u8 = domain_separator in
-  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K =
-    Core.Clone.f_clone #(t_Array (t_Array u8 (sz 33)) v_K)
-      #FStar.Tactics.Typeclasses.solve
-      prf_inputs
-  in
-  let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
-    Rust_primitives.Hax.Folds.fold_range (sz 0)
-      v_K
-      (fun temp_0_ i ->
-          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
-          let i:usize = i in
-          v domain_separator == v v__domain_separator_init + v i /\
-          (v i < v v_K ==>
-            (forall (j: nat).
-                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
-          (forall (j: nat).
-              j < v i ==>
-              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
-              Seq.slice (Seq.index prf_inputs j) 0 32 ==
-              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
-      (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
-      (fun temp_0_ i ->
-          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
-          let i:usize = i in
-          let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs
-              i
-              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ]
-                    <:
-                    t_Array u8 (sz 33))
-                  (sz 32)
-                  domain_separator
-                <:
-                t_Array u8 (sz 33))
-          in
-          let domain_separator:u8 = domain_separator +! 1uy in
-          domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
-  in
-  let hax_temp_output:u8 = domain_separator in
-  prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (sz 33)) v_K & u8)
-
-#pop-options
-
 #push-options "--ext context_pruning"
 
 let deserialize_secret_key
@@ -236,7 +189,7 @@ let sample_ring_element_cbd
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in
   let v__domain_separator_init:u8 = domain_separator in
   let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) =
-    prf_input_inc v_K prf_inputs domain_separator
+    Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator
   in
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in
   let domain_separator:u8 = out in
@@ -384,7 +337,7 @@ let sample_vector_cbd_then_ntt
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in
   let v__domain_separator_init:u8 = domain_separator in
   let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) =
-    prf_input_inc v_K prf_inputs domain_separator
+    Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator
   in
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in
   let domain_separator:u8 = out in
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 8cdc832e0..70c350031 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -12,19 +12,6 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-val prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8)
-    : Prims.Pure (t_Array (t_Array u8 (sz 33)) v_K & u8)
-      (requires range (v domain_separator + v v_K) u8_inttype)
-      (ensures
-        fun temp_0_ ->
-          let prf_inputs_future, ds:(t_Array (t_Array u8 (sz 33)) v_K & u8) = temp_0_ in
-          v ds == v domain_separator + v v_K /\
-          (forall (i: nat).
-              i < v v_K ==>
-              v (Seq.index (Seq.index prf_inputs_future i) 32) == v domain_separator + i /\
-              Seq.slice (Seq.index prf_inputs_future i) 0 32 ==
-              Seq.slice (Seq.index prf_inputs i) 0 32))
-
 /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
 val deserialize_secret_key
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst
index 54769237f..84b152b40 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst
@@ -3,6 +3,53 @@ module Libcrux_ml_kem.Utils
 open Core
 open FStar.Mul
 
+#push-options "--z3rlimit 200"
+
+let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) =
+  let v__domain_separator_init:u8 = domain_separator in
+  let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K =
+    Core.Clone.f_clone #(t_Array (t_Array u8 (sz 33)) v_K)
+      #FStar.Tactics.Typeclasses.solve
+      prf_inputs
+  in
+  let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      v_K
+      (fun temp_0_ i ->
+          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
+          let i:usize = i in
+          v domain_separator == v v__domain_separator_init + v i /\
+          (v i < v v_K ==>
+            (forall (j: nat).
+                (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\
+          (forall (j: nat).
+              j < v i ==>
+              v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\
+              Seq.slice (Seq.index prf_inputs j) 0 32 ==
+              Seq.slice (Seq.index v__prf_inputs_init j) 0 32))
+      (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
+      (fun temp_0_ i ->
+          let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in
+          let i:usize = i in
+          let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs
+              i
+              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ]
+                    <:
+                    t_Array u8 (sz 33))
+                  (sz 32)
+                  domain_separator
+                <:
+                t_Array u8 (sz 33))
+          in
+          let domain_separator:u8 = domain_separator +! 1uy in
+          domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K))
+  in
+  let hax_temp_output:u8 = domain_separator in
+  prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (sz 33)) v_K & u8)
+
+#pop-options
+
 let into_padded_array (v_LEN: usize) (slice: t_Slice u8) =
   let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in
   let out:t_Array u8 v_LEN =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti
index 389070322..033a1e9d3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti
@@ -3,6 +3,19 @@ module Libcrux_ml_kem.Utils
 open Core
 open FStar.Mul
 
+val prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8)
+    : Prims.Pure (t_Array (t_Array u8 (sz 33)) v_K & u8)
+      (requires range (v domain_separator + v v_K) u8_inttype)
+      (ensures
+        fun temp_0_ ->
+          let prf_inputs_future, ds:(t_Array (t_Array u8 (sz 33)) v_K & u8) = temp_0_ in
+          v ds == v domain_separator + v v_K /\
+          (forall (i: nat).
+              i < v v_K ==>
+              v (Seq.index (Seq.index prf_inputs_future i) 32) == v domain_separator + i /\
+              Seq.slice (Seq.index prf_inputs_future i) 0 32 ==
+              Seq.slice (Seq.index prf_inputs i) 0 32))
+
 /// Pad the `slice` with `0`s at the end.
 val into_padded_array (v_LEN: usize) (slice: t_Slice u8)
     : Prims.Pure (t_Array u8 v_LEN)

From e7d31cc9d00fb10b9002777a3fc8a209dba74b83 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 10:54:24 +0000
Subject: [PATCH 045/142] drop mlkem pre-verification feature

- remove old verified code
- remove pre-verification feature from ml-kem crate
- format ml-kem code
- re-extract F* code
---
 .github/workflows/mlkem.yml                   |  16 +-
 Cargo.lock                                    | 146 ++--
 libcrux-kem/Cargo.toml                        |   4 +-
 libcrux-ml-kem/Cargo.toml                     |   5 +-
 libcrux-ml-kem/README.md                      |  10 +-
 libcrux-ml-kem/benches/ml-kem.rs              |  19 +-
 libcrux-ml-kem/c.sh                           |   2 +-
 libcrux-ml-kem/hax.py                         |   2 +-
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 121 ++++
 .../extraction/Libcrux_ml_kem.Types.fsti      | 123 +---
 ...rux_ml_kem.Vector.Portable.Arithmetic.fsti |   3 -
 libcrux-ml-kem/src/cfg.rs                     |  24 -
 libcrux-ml-kem/src/constant_time_ops.rs       |  26 +-
 libcrux-ml-kem/src/hash_functions.rs          |  15 +-
 libcrux-ml-kem/src/ind_cca.rs                 |  84 ++-
 libcrux-ml-kem/src/ind_cpa.rs                 | 121 ++--
 libcrux-ml-kem/src/invert_ntt.rs              |  80 ++-
 libcrux-ml-kem/src/kem.rs                     |  28 -
 libcrux-ml-kem/src/kem/kyber.rs               | 358 ----------
 libcrux-ml-kem/src/kem/kyber/PERFORMANCE.md   |   8 -
 libcrux-ml-kem/src/kem/kyber/arithmetic.rs    | 201 ------
 libcrux-ml-kem/src/kem/kyber/compress.rs      | 135 ----
 .../src/kem/kyber/constant_time_ops.rs        |  64 --
 libcrux-ml-kem/src/kem/kyber/constants.rs     |  35 -
 .../src/kem/kyber/hash_functions.rs           | 116 ----
 libcrux-ml-kem/src/kem/kyber/helper.rs        |  59 --
 .../src/kem/kyber/implementation_notes.pdf    | Bin 348700 -> 0 bytes
 libcrux-ml-kem/src/kem/kyber/ind_cpa.rs       | 508 --------------
 libcrux-ml-kem/src/kem/kyber/kyber1024.rs     | 171 -----
 libcrux-ml-kem/src/kem/kyber/kyber512.rs      | 168 -----
 libcrux-ml-kem/src/kem/kyber/kyber768.rs      | 189 ------
 libcrux-ml-kem/src/kem/kyber/matrix.rs        | 158 -----
 libcrux-ml-kem/src/kem/kyber/ntt.rs           | 341 ----------
 libcrux-ml-kem/src/kem/kyber/sampling.rs      | 240 -------
 libcrux-ml-kem/src/kem/kyber/serialize.rs     | 623 ------------------
 libcrux-ml-kem/src/kem/kyber/types.rs         | 166 -----
 libcrux-ml-kem/src/lib.rs                     | 235 +++----
 libcrux-ml-kem/src/matrix.rs                  |   2 +-
 libcrux-ml-kem/src/mlkem1024.rs               |  24 +-
 libcrux-ml-kem/src/ntt.rs                     | 131 ++--
 libcrux-ml-kem/src/polynomial.rs              |  63 +-
 libcrux-ml-kem/src/sampling.rs                |  22 +-
 libcrux-ml-kem/src/serialize.rs               | 125 ++--
 libcrux-ml-kem/src/utils.rs                   |  18 +-
 libcrux-ml-kem/src/variant.rs                 |   6 +-
 libcrux-ml-kem/src/vector.rs                  |   2 -
 libcrux-ml-kem/src/vector/neon/arithmetic.rs  |   2 +-
 libcrux-ml-kem/src/vector/neon/vector_type.rs |   4 +-
 libcrux-ml-kem/src/vector/portable.rs         |   5 +-
 .../src/vector/portable/arithmetic.rs         | 113 ++--
 .../src/vector/portable/compress.rs           | 131 ++--
 libcrux-ml-kem/src/vector/portable/ntt.rs     |  54 +-
 .../src/vector/portable/serialize.rs          | 432 ++++++------
 libcrux-ml-kem/src/vector/traits.rs           |  18 +-
 libcrux-ml-kem/tests/acvp.rs                  |   5 +-
 libcrux-ml-kem/tests/kyber.rs                 |   2 +-
 libcrux-ml-kem/tests/ml-kem.rs                |  24 +-
 libcrux-ml-kem/tests/nistkats.rs              |  40 +-
 libcrux-ml-kem/tests/self.rs                  |  43 +-
 libcrux-psq/Cargo.toml                        |   4 +-
 60 files changed, 1261 insertions(+), 4613 deletions(-)
 delete mode 100644 libcrux-ml-kem/src/kem.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/PERFORMANCE.md
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/arithmetic.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/compress.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/constant_time_ops.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/constants.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/hash_functions.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/helper.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/implementation_notes.pdf
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/ind_cpa.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/kyber1024.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/kyber512.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/kyber768.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/matrix.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/ntt.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/sampling.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/serialize.rs
 delete mode 100644 libcrux-ml-kem/src/kem/kyber/types.rs

diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml
index 039a850f4..71401c8eb 100644
--- a/.github/workflows/mlkem.yml
+++ b/.github/workflows/mlkem.yml
@@ -85,14 +85,14 @@ jobs:
       - name: 🔨 Build
         run: |
           rustc --print=cfg
-          cargo build --verbose $RUST_TARGET_FLAG --features pre-verification
+          cargo build --verbose $RUST_TARGET_FLAG
 
       - name: 🔨 Build Release
-        run: cargo build --verbose --release $RUST_TARGET_FLAG --features pre-verification
+        run: cargo build --verbose --release $RUST_TARGET_FLAG
 
       - name: 🏃🏻 Asan MacOS
         if: ${{ matrix.os == 'macos-latest' }}
-        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin --features pre-verification
+        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
 
       # - name: ⬆ Upload build
       #   uses: ./.github/actions/upload_artifacts
@@ -135,27 +135,27 @@ jobs:
       - name: 🏃🏻‍♀️ Test
         run: |
           cargo clean
-          cargo test --verbose $RUST_TARGET_FLAG --features pre-verification
+          cargo test --verbose $RUST_TARGET_FLAG
 
       - name: 🏃🏻‍♀️ Test Release
         run: |
           cargo clean
-          cargo test --verbose --release $RUST_TARGET_FLAG --features pre-verification
+          cargo test --verbose --release $RUST_TARGET_FLAG
 
       - name: 🏃🏻‍♀️ Test Portable
         run: |
           cargo clean
-          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose $RUST_TARGET_FLAG --features pre-verification
+          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose $RUST_TARGET_FLAG
 
       - name: 🏃🏻‍♀️ Test Portable Release
         run: |
           cargo clean
-          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose --release $RUST_TARGET_FLAG --features pre-verification
+          LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo test --verbose --release $RUST_TARGET_FLAG
 
       - name: 🏃🏻‍♀️ Test Kyber
         run: |
           cargo clean
-          cargo test --features pre-verification,kyber --verbose $RUST_TARGET_FLAG
+          cargo test ,kyber --verbose $RUST_TARGET_FLAG
 
       - name: 🏃🏻‍♀️ Cargo Check Features
         if: ${{ matrix.bits == 64 }}
diff --git a/Cargo.lock b/Cargo.lock
index 753c14de6..363acf1a7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -143,7 +143,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn 2.0.87",
+ "syn 2.0.90",
  "which",
 ]
 
@@ -191,9 +191,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.2.0"
+version = "1.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1aeb932158bd710538c73702db6945cb68a8fb08c519e6e12706b94263b36db8"
+checksum = "f34d93e62b03caf570cccc334cbc6c2fceca82f39211051345108adcba3eebdc"
 dependencies = [
  "jobserver",
  "libc",
@@ -290,9 +290,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.20"
+version = "4.5.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8"
+checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -300,9 +300,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.20"
+version = "4.5.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54"
+checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec"
 dependencies = [
  "anstream",
  "anstyle",
@@ -319,14 +319,14 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
 name = "clap_lex"
-version = "0.7.2"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97"
+checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7"
 
 [[package]]
 name = "classic-mceliece-rust"
@@ -345,16 +345,6 @@ version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
 
-[[package]]
-name = "console_error_panic_hook"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a06aeb73f470f66dcdbf7223caeebb85984942f22f1adb2a088cf9668146bbbc"
-dependencies = [
- "cfg-if",
- "wasm-bindgen",
-]
-
 [[package]]
 name = "const-oid"
 version = "0.9.6"
@@ -363,9 +353,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
 [[package]]
 name = "cpufeatures"
-version = "0.2.15"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ca741a962e1b0bff6d724a1a0958b686406e853bb14061f218562e1896f95e6"
+checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3"
 dependencies = [
  "libc",
 ]
@@ -483,7 +473,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
@@ -609,12 +599,12 @@ dependencies = [
 
 [[package]]
 name = "errno"
-version = "0.3.9"
+version = "0.3.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
+checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -708,7 +698,7 @@ dependencies = [
 [[package]]
 name = "hax-lib"
 version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#2b5ec0a0570e10861388481894911da7f152d1c6"
+source = "git+https://github.com/hacspec/hax/#1c5e17c9ceee5adede0f4ea7f68bb3d8337f33a0"
 dependencies = [
  "hax-lib-macros",
  "num-bigint",
@@ -718,20 +708,20 @@ dependencies = [
 [[package]]
 name = "hax-lib-macros"
 version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#2b5ec0a0570e10861388481894911da7f152d1c6"
+source = "git+https://github.com/hacspec/hax/#1c5e17c9ceee5adede0f4ea7f68bb3d8337f33a0"
 dependencies = [
  "hax-lib-macros-types",
  "paste",
  "proc-macro-error",
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
 name = "hax-lib-macros-types"
 version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#2b5ec0a0570e10861388481894911da7f152d1c6"
+source = "git+https://github.com/hacspec/hax/#1c5e17c9ceee5adede0f4ea7f68bb3d8337f33a0"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -840,9 +830,9 @@ dependencies = [
 
 [[package]]
 name = "itoa"
-version = "1.0.11"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
+checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
 
 [[package]]
 name = "jobserver"
@@ -855,10 +845,11 @@ dependencies = [
 
 [[package]]
 name = "js-sys"
-version = "0.3.72"
+version = "0.3.74"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9"
+checksum = "a865e038f7f6ed956f788f0d7d60c541fff74c7bd74272c5d4cf15c63743e705"
 dependencies = [
+ "once_cell",
  "wasm-bindgen",
 ]
 
@@ -895,9 +886,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.162"
+version = "0.2.167"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398"
+checksum = "09d6582e104315a817dff97f75133544b2e094ee22447d2acf4a74e189ba06fc"
 
 [[package]]
 name = "libcrux"
@@ -1149,9 +1140,9 @@ dependencies = [
 
 [[package]]
 name = "libloading"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
+checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
 dependencies = [
  "cfg-if",
  "windows-targets",
@@ -1270,7 +1261,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
@@ -1391,9 +1382,9 @@ dependencies = [
 
 [[package]]
 name = "pqcrypto-internals"
-version = "0.2.6"
+version = "0.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e10cdd9eee50fe65bbd4f40211f1a492f1ee52e97a51100950b6f1fa319ab7cd"
+checksum = "62cd8ebf02b43967cda06e6a3f54d0bd9659459c3003d16aeedd07b44c6db06c"
 dependencies = [
  "cc",
  "dunce",
@@ -1437,7 +1428,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
 dependencies = [
  "proc-macro2",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
@@ -1475,9 +1466,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.89"
+version = "1.0.92"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e"
+checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0"
 dependencies = [
  "unicode-ident",
 ]
@@ -1634,9 +1625,9 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.40"
+version = "0.38.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99e4ea3e1cdc4b559b8e5650f9c8e5998e3e5c1343b4eaf034565f32318d63c0"
+checksum = "d7f649912bc1495e167a6edee79151c84b1bad49748cb4f1f1167f459f6224f6"
 dependencies = [
  "bitflags",
  "errno",
@@ -1703,14 +1694,14 @@ checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.132"
+version = "1.0.133"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03"
+checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
 dependencies = [
  "itoa",
  "memchr",
@@ -1802,9 +1793,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.87"
+version = "2.0.90"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
+checksum = "919d3b74a5dd0ccd15aeb8f93e7006bd9e14c295087c9896a110f490752bcf31"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1838,9 +1829,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.13"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"
+checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83"
 
 [[package]]
 name = "universal-hash"
@@ -1903,9 +1894,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.95"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e"
+checksum = "d15e63b4482863c109d70a7b8706c1e364eb6ea449b201a76c5b89cedcec2d5c"
 dependencies = [
  "cfg-if",
  "once_cell",
@@ -1914,36 +1905,37 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.95"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358"
+checksum = "8d36ef12e3aaca16ddd3f67922bc63e48e953f126de60bd33ccc0101ef9998cd"
 dependencies = [
  "bumpalo",
  "log",
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.45"
+version = "0.4.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc7ec4f8827a71586374db3e87abdb5a2bb3a15afed140221307c3ec06b1f63b"
+checksum = "9dfaf8f50e5f293737ee323940c7d8b08a66a95a419223d9f41610ca08b0833d"
 dependencies = [
  "cfg-if",
  "js-sys",
+ "once_cell",
  "wasm-bindgen",
  "web-sys",
 ]
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.95"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56"
+checksum = "705440e08b42d3e4b36de7d66c944be628d579796b8090bfa3471478a2260051"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1951,32 +1943,32 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.95"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68"
+checksum = "98c9ae5a76e46f4deecd0f0255cc223cfa18dc9b261213b8aa0c7b36f61b3f1d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.95"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d"
+checksum = "6ee99da9c5ba11bd675621338ef6fa52296b76b83305e9b6e5c77d4c286d6d49"
 
 [[package]]
 name = "wasm-bindgen-test"
-version = "0.3.45"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d381749acb0943d357dcbd8f0b100640679883fcdeeef04def49daf8d33a5426"
+checksum = "3d919bb60ebcecb9160afee6c71b43a58a4f0517a2de0054cd050d02cec08201"
 dependencies = [
- "console_error_panic_hook",
  "js-sys",
  "minicov",
+ "once_cell",
  "scoped-tls",
  "wasm-bindgen",
  "wasm-bindgen-futures",
@@ -1985,20 +1977,20 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-test-macro"
-version = "0.3.45"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c97b2ef2c8d627381e51c071c2ab328eac606d3f69dd82bcbca20a9e389d95f0"
+checksum = "222ebde6ea87fbfa6bdd2e9f1fd8a91d60aee5db68792632176c4e16a74fc7d8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
 name = "web-sys"
-version = "0.3.72"
+version = "0.3.74"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6488b90108c040df0fe62fa815cbdee25124641df01814dd7282749234c6112"
+checksum = "a98bc3c33f0fe7e59ad7cd041b89034fa82a7c2d4365ca538dda6cdaf513863c"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -2160,7 +2152,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
 
 [[package]]
@@ -2180,5 +2172,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.87",
+ "syn 2.0.90",
 ]
diff --git a/libcrux-kem/Cargo.toml b/libcrux-kem/Cargo.toml
index 8e8cdfaa6..f8e5ca399 100644
--- a/libcrux-kem/Cargo.toml
+++ b/libcrux-kem/Cargo.toml
@@ -20,9 +20,9 @@ libcrux-ecdh = { version = "=0.0.2-beta.2", path = "../libcrux-ecdh" }
 rand = { version = "0.8" }
 
 [features]
-tests = []                                             # Expose functions for testing.
+tests = []                       # Expose functions for testing.
 kyber = ["libcrux-ml-kem/kyber"]
-pre-verification = ["libcrux-ml-kem/pre-verification"]
+pre-verification = []
 
 [dev-dependencies]
 libcrux-kem = { path = "./", features = ["tests"] }
diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml
index 08e922560..f35410e77 100644
--- a/libcrux-ml-kem/Cargo.toml
+++ b/libcrux-ml-kem/Cargo.toml
@@ -46,9 +46,6 @@ mlkem1024 = []
 # Enable Round 3 Kyber in addition to ML-KEM
 kyber = []
 
-# Code that is not yet verified
-pre-verification = []
-
 # APIs that sample their own randomness
 rand = ["dep:rand"]
 
@@ -79,7 +76,7 @@ name = "keygen"
 required-features = ["mlkem768"]
 
 [package.metadata."docs.rs"]
-features = ["pre-verification", "kyber"]
+features = ["kyber"]
 rustdoc-args = ["--cfg", "doc_cfg"]
 
 [lints.rust]
diff --git a/libcrux-ml-kem/README.md b/libcrux-ml-kem/README.md
index ffb704662..56cdfc51c 100644
--- a/libcrux-ml-kem/README.md
+++ b/libcrux-ml-kem/README.md
@@ -52,14 +52,14 @@ By default, all ML-KEM parameter sets are enabled. If required, they are
 available individually under feature flags `mlkem512`, `mlkem768`,
 `mlkem1024`.
 
-In addition to the verified implementations of the ML-KEM variants, the
-feature flag `pre-verification` gives access to, as yet, unverified
-implementations of ML-KEM that are optimized for SIMD instruction sets.
+The implementation is optimized for the AVX2 and NEON SIMD instruction sets.
+
+Note that the NEON implementation is not yet fully verified.
 
 ### Kyber Round 3
 
-The `kyber` flag (in combination with `pre-verification`) also gives access
+The `kyber` flag also gives access
 to an, as yet, unverified implementation of Kyber as submitted in Round 3 of
 the NIST PQ competition.
 
-[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+
\ No newline at end of file
+[verified]: https://img.shields.io/badge/verified-brightgreen.svg?style=for-the-badge&logo=data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IS0tIFVwbG9hZGVkIHRvOiBTVkcgUmVwbywgd3d3LnN2Z3JlcG8uY29tLCBHZW5lcmF0b3I6IFNWRyBSZXBvIE1peGVyIFRvb2xzIC0tPg0KPHN2ZyB3aWR0aD0iODAwcHgiIGhlaWdodD0iODAwcHgiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4NCjxwYXRoIGQ9Ik05IDEyTDExIDE0TDE1IDkuOTk5OTlNMjAgMTJDMjAgMTYuNDYxMSAxNC41NCAxOS42OTM3IDEyLjY0MTQgMjAuNjgzQzEyLjQzNjEgMjAuNzkgMTIuMzMzNCAyMC44NDM1IDEyLjE5MSAyMC44NzEyQzEyLjA4IDIwLjg5MjggMTEuOTIgMjAuODkyOCAxMS44MDkgMjAuODcxMkMxMS42NjY2IDIwLjg0MzUgMTEuNTYzOSAyMC43OSAxMS4zNTg2IDIwLjY4M0M5LjQ1OTk2IDE5LjY5MzcgNCAxNi40NjExIDQgMTJWOC4yMTc1OUM0IDcuNDE4MDggNCA3LjAxODMzIDQuMTMwNzYgNi42NzQ3QzQuMjQ2MjcgNi4zNzExMyA0LjQzMzk4IDYuMTAwMjcgNC42Nzc2NiA1Ljg4NTUyQzQuOTUzNSA1LjY0MjQzIDUuMzI3OCA1LjUwMjA3IDYuMDc2NCA1LjIyMTM0TDExLjQzODIgMy4yMTA2N0MxMS42NDYxIDMuMTMyNzEgMTEuNzUgMy4wOTM3MyAxMS44NTcgMy4wNzgyN0MxMS45NTE4IDMuMDY0NTcgMTIuMDQ4MiAzLjA2NDU3IDEyLjE0MyAzLjA3ODI3QzEyLjI1IDMuMDkzNzMgMTIuMzUzOSAzLjEzMjcxIDEyLjU2MTggMy4yMTA2N0wxNy45MjM2IDUuMjIxMzRDMTguNjcyMiA1LjUwMjA3IDE5LjA0NjUgNS42NDI0MyAxOS4zMjIzIDUuODg1NTJDMTkuNTY2IDYuMTAwMjcgMTkuNzUzNyA2LjM3MTEzIDE5Ljg2OTIgNi42NzQ3QzIwIDcuMDE4MzMgMjAgNy40MTgwOCAyMCA4LjIxNzU5VjEyWiIgc3Ryb2tlPSIjMDAwMDAwIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPg0KPC9zdmc+
diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs
index ef048452d..7b86aff81 100644
--- a/libcrux-ml-kem/benches/ml-kem.rs
+++ b/libcrux-ml-kem/benches/ml-kem.rs
@@ -12,23 +12,18 @@ macro_rules! init {
         group.measurement_time(Duration::from_secs(10));
 
         use $version as version;
-        #[cfg(feature = "pre-verification")]
-        {
-            fun!("portable", version::portable, group);
-            fun_unpacked!("portable", version::portable::unpacked, group);
-        }
-        #[cfg(all(feature = "simd128", feature = "pre-verification"))]
+        fun!("portable", version::portable, group);
+        fun_unpacked!("portable", version::portable::unpacked, group);
+        #[cfg(feature = "simd128")]
         {
             fun!("neon", version::neon, group);
             fun_unpacked!("neon", version::neon::unpacked, group);
         }
-        #[cfg(all(feature = "simd256", feature = "pre-verification"))]
+        #[cfg(feature = "simd256")]
         {
             fun!("avx2", version::avx2, group);
             fun_unpacked!("avx2", version::avx2::unpacked, group);
         }
-        #[cfg(not(feature = "pre-verification"))]
-        fun!("verified", version, group);
     }};
 }
 
@@ -60,7 +55,7 @@ pub fn key_generation(c: &mut Criterion) {
                     rng.fill_bytes(&mut seed);
                     b.iter(|| {
                         let mut kp = p::init_key_pair();
-                        p::generate_key_pair(seed, &mut kp);
+                        p::generate_key_pair_mut(seed, &mut kp);
                     })
                 },
             );
@@ -141,7 +136,7 @@ pub fn encapsulation(c: &mut Criterion) {
                     b.iter_batched(
                         || {
                             let mut kp = p::init_key_pair();
-                            p::generate_key_pair(seed1, &mut kp);
+                            p::generate_key_pair_mut(seed1, &mut kp);
                             kp
                         },
                         |keypair| {
@@ -197,7 +192,7 @@ pub fn decapsulation(c: &mut Criterion) {
                 b.iter_batched(
                     || {
                         let mut keypair = p::init_key_pair();
-                        p::generate_key_pair(seed1, &mut keypair);
+                        p::generate_key_pair_mut(seed1, &mut keypair);
                         let (ciphertext, _shared_secret) =
                             p::encapsulate(&keypair.public_key, seed2);
                         (keypair, ciphertext)
diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh
index 142ece36a..822e252d8 100755
--- a/libcrux-ml-kem/c.sh
+++ b/libcrux-ml-kem/c.sh
@@ -23,7 +23,7 @@ clean=0
 config=c.yaml
 out=c
 glue=$EURYDICE_HOME/include/eurydice_glue.h
-features="--cargo-arg=--features=pre-verification"
+features=""
 eurydice_glue=1
 karamel_include=1
 unrolling=16
diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py
index 8b78cdee4..4855a507b 100755
--- a/libcrux-ml-kem/hax.py
+++ b/libcrux-ml-kem/hax.py
@@ -91,7 +91,7 @@ def __call__(self, parser, args, values, option_string=None) -> None:
             "hax",
             "-C",
             "--features",
-            "simd128,simd256,pre-verification",
+            "simd128,simd256",
             ";",
             "into",
             "-i",
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index 65d0d2c8f..3a598d127 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -9,11 +9,103 @@ let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemCiphertext v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
+  }
+
 let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPrivateKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+  }
 
 let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPublicKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
+
 let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
 
 let impl_21__from
@@ -119,3 +211,32 @@ let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
       { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
   }
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index e463a273b..4f76c2ffc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -19,35 +19,13 @@ val impl_20__len: v_SIZE: usize -> Prims.unit
 type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemCiphertext v_SIZE
-  }
+val impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
-  }
+val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
+val impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
@@ -62,35 +40,13 @@ val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
 type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPrivateKey v_SIZE
-  }
+val impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
-  }
+val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
-  }
+val impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
@@ -105,35 +61,13 @@ val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
 type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
-  }
+val impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
-  }
+val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPublicKey v_SIZE
-  }
+val impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
 
 /// A reference to the raw byte slice.
 val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
@@ -243,6 +177,15 @@ val impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE)
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
   {
@@ -335,33 +278,3 @@ let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (
         <:
         Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
   }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti
index 6a4fc4d3d..e072f08d9 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti
@@ -24,9 +24,7 @@ val get_n_least_significant_bits (n: u8) (value: u32)
 /// - result ≡ value (mod FIELD_MODULUS)
 /// - the absolute value of `result` is bound as follows:
 /// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1)
-///
 /// Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS
-///
 val barrett_reduce_element (value: i16)
     : Prims.Pure i16
       (requires Spec.Utils.is_i16b 28296 value)
@@ -43,7 +41,6 @@ val barrett_reduce_element (value: i16)
 /// `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665
 /// In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`.
 /// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664
-///
 val montgomery_reduce_element (value: i32)
     : Prims.Pure i16
       (requires Spec.Utils.is_i32b (3328 * pow2 16) value)
diff --git a/libcrux-ml-kem/src/cfg.rs b/libcrux-ml-kem/src/cfg.rs
index 8b234dbee..265dd00c0 100644
--- a/libcrux-ml-kem/src/cfg.rs
+++ b/libcrux-ml-kem/src/cfg.rs
@@ -1,28 +1,4 @@
-/// Macro to simplify feature gating of verified code that should only be enabled
-/// when unverified code is disabled.
-macro_rules! cfg_verified {
-    ($($item:item)*) => {
-        $(
-            #[cfg(not(feature = "pre-verification"))]
-            #[allow(missing_docs)]
-            $item
-        )*
-    }
-}
-
-/// Macro to simplify `pre-verification` feature gating
-macro_rules! cfg_pre_verification {
-    ($($item:item)*) => {
-        $(
-            #[cfg(feature = "pre-verification")]
-            #[cfg_attr(docsrs, doc(cfg(feature = "pre-verification")))]
-            $item
-        )*
-    }
-}
-
 /// Macro to simplify `kyber` feature gating
-#[cfg(feature = "pre-verification")]
 macro_rules! cfg_kyber {
     ($($item:item)*) => {
         $(
diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs
index 02ea01eca..7c2a9323e 100644
--- a/libcrux-ml-kem/src/constant_time_ops.rs
+++ b/libcrux-ml-kem/src/constant_time_ops.rs
@@ -65,10 +65,14 @@ fn is_non_zero(value: u8) -> u8 {
 fn compare(lhs: &[u8], rhs: &[u8]) -> u8 {
     let mut r: u8 = 0;
     for i in 0..lhs.len() {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $i <= Seq.length $lhs /\\
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "v $i <= Seq.length $lhs /\\
             (if (Seq.slice $lhs 0 (v $i) = Seq.slice $rhs 0 (v $i)) then
                 $r == 0uy
-                else ~ ($r == 0uy))") });
+                else ~ ($r == 0uy))"
+            )
+        });
         let nr = r | (lhs[i] ^ rhs[i]);
         hax_lib::fstar!("if $r =. 0uy then (
             if (Seq.index $lhs (v $i) = Seq.index $rhs (v $i)) then (
@@ -115,15 +119,19 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 {
 #[hax_lib::fstar::options("--ifuel 0 --z3rlimit 50")]
 fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] {
     let mask = is_non_zero(selector).wrapping_sub(1);
-    hax_lib::fstar!("assert (if $selector = 0uy then $mask = ones else $mask = zero);
+    hax_lib::fstar!(
+        "assert (if $selector = 0uy then $mask = ones else $mask = zero);
         lognot_lemma $mask;
-        assert (if $selector = 0uy then ~.$mask = zero else ~.$mask = ones)");
+        assert (if $selector = 0uy then ~.$mask = zero else ~.$mask = ones)"
+    );
     let mut out = [0u8; SHARED_SECRET_SIZE];
 
     for i in 0..SHARED_SECRET_SIZE {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $i <= v $SHARED_SECRET_SIZE /\\
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("v $i <= v $SHARED_SECRET_SIZE /\\
             (forall j. j < v $i ==> (if ($selector =. 0uy) then Seq.index $out j == Seq.index $lhs j else Seq.index $out j == Seq.index $rhs j)) /\\
-            (forall j. j >= v $i ==> Seq.index $out j == 0uy)") });
+            (forall j. j >= v $i ==> Seq.index $out j == 0uy)")
+        });
         hax_lib::fstar!("assert ((${out}.[ $i ] <: u8) = 0uy)");
         let outi = (lhs[i] & mask) | (rhs[i] & !mask);
         hax_lib::fstar!("if ($selector = 0uy) then (
@@ -152,12 +160,14 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] {
         out[i] = outi;
     }
 
-    hax_lib::fstar!("if ($selector =. 0uy) then (
+    hax_lib::fstar!(
+        "if ($selector =. 0uy) then (
             eq_intro $out $lhs
         )
         else (
             eq_intro $out $rhs
-        )");
+        )"
+    );
     out
 }
 
diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs
index d365818ff..7641a7266 100644
--- a/libcrux-ml-kem/src/hash_functions.rs
+++ b/libcrux-ml-kem/src/hash_functions.rs
@@ -72,11 +72,7 @@ pub(crate) trait Hash<const K: usize> {
 /// A portable implementation of [`Hash`]
 pub(crate) mod portable {
     use super::*;
-    use libcrux_sha3::portable::{
-        self,
-        incremental,
-        KeccakState,
-    };
+    use libcrux_sha3::portable::{self, incremental, KeccakState};
 
     /// The state.
     ///
@@ -152,13 +148,18 @@ pub(crate) mod portable {
 
         let mut out = [[0u8; THREE_BLOCKS]; K];
         for i in 0..K {
-            incremental::shake128_squeeze_first_three_blocks(&mut st.shake128_state[i], &mut out[i]);
+            incremental::shake128_squeeze_first_three_blocks(
+                &mut st.shake128_state[i],
+                &mut out[i],
+            );
         }
         out
     }
 
     #[inline(always)]
-    fn shake128_squeeze_next_block<const K: usize>(st: &mut PortableHash<K>) -> [[u8; BLOCK_SIZE]; K] {
+    fn shake128_squeeze_next_block<const K: usize>(
+        st: &mut PortableHash<K>,
+    ) -> [[u8; BLOCK_SIZE]; K] {
         debug_assert!(K == 2 || K == 3 || K == 4);
 
         let mut out = [[0u8; BLOCK_SIZE]; K];
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index e0fa8f6a0..33ec390e5 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -33,7 +33,6 @@ pub(crate) mod multiplexing;
 /// To use these, runtime checks must be performed before calling them.
 pub(crate) mod instantiations;
 
-
 /// Serialize the secret key.
 
 #[inline(always)]
@@ -86,10 +85,8 @@ fn serialize_kem_secret_key_mut<
                                             Spec.MLKEM.v_SHARED_SECRET_SIZE))
             == $implicit_rejection_value);
     lemma_slice_append_4 serialized $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value");
-
 }
 
-
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
@@ -201,7 +198,7 @@ fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hashe
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
 #[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_generate_keypair $K $randomness in
-                                    valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"))] 
+                                    valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"))]
 #[inline(always)]
 fn generate_keypair<
     const K: usize,
@@ -258,7 +255,7 @@ fn generate_keypair<
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
 #[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness in
-                                    valid ==> (${result}._1.f_value, ${result}._2) == expected"))] 
+                                    valid ==> (${result}._1.f_value, ${result}._2) == expected"))]
 #[inline(always)]
 fn encapsulate<
     const K: usize,
@@ -285,9 +282,11 @@ fn encapsulate<
     let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness);
     hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $randomness");
     to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice()));
-    hax_lib::fstar!("assert (Seq.slice to_hash 0 (v $H_DIGEST_SIZE) == $randomness);
+    hax_lib::fstar!(
+        "assert (Seq.slice to_hash 0 (v $H_DIGEST_SIZE) == $randomness);
         lemma_slice_append $to_hash $randomness (Spec.Utils.v_H ${public_key}.f_value);
-        assert ($to_hash == concat $randomness (Spec.Utils.v_H ${public_key}.f_value))");
+        assert ($to_hash == concat $randomness (Spec.Utils.v_H ${public_key}.f_value))"
+    );
     let hashed = Hasher::G(&to_hash);
     let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
 
@@ -332,7 +331,7 @@ fn encapsulate<
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
     $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
 #[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value in
-                                    valid ==> $result == expected"))] 
+                                    valid ==> $result == expected"))]
 #[inline(always)]
 pub(crate) fn decapsulate<
     const K: usize,
@@ -395,14 +394,18 @@ pub(crate) fn decapsulate<
         into_padded_array(implicit_rejection_value);
     hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $implicit_rejection_value");
     to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref());
-    hax_lib::fstar!("assert_norm (pow2 32 == 0x100000000);
+    hax_lib::fstar!(
+        "assert_norm (pow2 32 == 0x100000000);
         assert (v (sz 32) < pow2 32);
         assert (i4.f_PRF_pre (sz 32) $to_hash);
-        lemma_slice_append $to_hash $implicit_rejection_value ${ciphertext}.f_value");
+        lemma_slice_append $to_hash $implicit_rejection_value ${ciphertext}.f_value"
+    );
     let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash);
 
-    hax_lib::fstar!("assert ($implicit_rejection_shared_secret == Spec.Utils.v_PRF (sz 32) $to_hash);
-        assert (Seq.length $ind_cpa_public_key == v $PUBLIC_KEY_SIZE)");
+    hax_lib::fstar!(
+        "assert ($implicit_rejection_shared_secret == Spec.Utils.v_PRF (sz 32) $to_hash);
+        assert (Seq.length $ind_cpa_public_key == v $PUBLIC_KEY_SIZE)"
+    );
     let expected_ciphertext = crate::ind_cpa::encrypt::<
         K,
         CIPHERTEXT_SIZE,
@@ -425,11 +428,11 @@ pub(crate) fn decapsulate<
     let shared_secret = Scheme::kdf::<K, CIPHERTEXT_SIZE, Hasher>(shared_secret, ciphertext);
 
     let shared_secret = compare_ciphertexts_select_shared_secret_in_constant_time(
-                            ciphertext.as_ref(),
-                            &expected_ciphertext,
-                            &shared_secret,
-                            &implicit_rejection_shared_secret,
-                        );
+        ciphertext.as_ref(),
+        &expected_ciphertext,
+        &shared_secret,
+        &implicit_rejection_shared_secret,
+    );
     shared_secret
 }
 
@@ -818,10 +821,7 @@ pub(crate) mod unpacked {
                 Seq.index (Seq.index $result i) j ==
                     Seq.index (Seq.index $ind_cpa_a j) i)"))
     ]
-    pub(crate) fn transpose_a<
-        const K: usize,
-        Vector: Operations,
-    >(
+    pub(crate) fn transpose_a<const K: usize, Vector: Operations>(
         ind_cpa_a: [[PolynomialRingElement<Vector>; K]; K],
     ) -> [[PolynomialRingElement<Vector>; K]; K] {
         // We need to un-transpose the A_transpose matrix provided by IND-CPA
@@ -835,20 +835,28 @@ pub(crate) mod unpacked {
         #[allow(non_snake_case)]
         let mut A = from_fn(|_i| from_fn(|_j| PolynomialRingElement::<Vector>::ZERO()));
         for i in 0..K {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j: nat). j < v $i ==>
+            hax_lib::loop_invariant!(|i: usize| {
+                fstar!(
+                    "forall (j: nat). j < v $i ==>
             (forall (k: nat). k < v $K ==>
                 Seq.index (Seq.index $A j) k ==
-                    Seq.index (Seq.index $ind_cpa_a k) j)") });
+                    Seq.index (Seq.index $ind_cpa_a k) j)"
+                )
+            });
             let _a_i = A;
             for j in 0..K {
-                hax_lib::loop_invariant!(|j: usize| { fstar!("(forall (k: nat). k < v $i ==>
+                hax_lib::loop_invariant!(|j: usize| {
+                    fstar!(
+                        "(forall (k: nat). k < v $i ==>
                     Seq.index $A k == Seq.index $_a_i k) /\\
                 (forall (k: nat). k < v $j ==>
                   Seq.index (Seq.index $A (v $i)) k ==
-                    Seq.index (Seq.index $ind_cpa_a k) (v $i))") });
+                    Seq.index (Seq.index $ind_cpa_a k) (v $i))"
+                    )
+                });
                 A[i][j] = ind_cpa_a[j][i].clone();
             }
-        };
+        }
         A
     }
 
@@ -966,12 +974,16 @@ pub(crate) mod unpacked {
         public_key: &MlKemPublicKeyUnpacked<K, Vector>,
         randomness: [u8; SHARED_SECRET_SIZE],
     ) -> (MlKemCiphertext<CIPHERTEXT_SIZE>, MlKemSharedSecret) {
-        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 (Seq.slice (
-            Libcrux_ml_kem.Utils.into_padded_array (sz 64) $randomness) 0 32) $randomness");
+        hax_lib::fstar!(
+            "Lib.Sequence.eq_intro #u8 #32 (Seq.slice (
+            Libcrux_ml_kem.Utils.into_padded_array (sz 64) $randomness) 0 32) $randomness"
+        );
         let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness);
         to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash);
-        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #64 $to_hash (
-            concat $randomness ${public_key}.f_public_key_hash)");
+        hax_lib::fstar!(
+            "Lib.Sequence.eq_intro #u8 #64 $to_hash (
+            concat $randomness ${public_key}.f_public_key_hash)"
+        );
 
         let hashed = Hasher::G(&to_hash);
         let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
@@ -1068,11 +1080,15 @@ pub(crate) mod unpacked {
 
         let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] =
             into_padded_array(&key_pair.private_key.implicit_rejection_value);
-        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32
-            (Seq.slice $to_hash 0 32) ${key_pair}.f_private_key.f_implicit_rejection_value");
+        hax_lib::fstar!(
+            "Lib.Sequence.eq_intro #u8 #32
+            (Seq.slice $to_hash 0 32) ${key_pair}.f_private_key.f_implicit_rejection_value"
+        );
         to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref());
-        hax_lib::fstar!("Lib.Sequence.lemma_concat2 32 ${key_pair}.f_private_key.f_implicit_rejection_value
-            (v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K)) ${ciphertext}.f_value $to_hash");
+        hax_lib::fstar!(
+            "Lib.Sequence.lemma_concat2 32 ${key_pair}.f_private_key.f_implicit_rejection_value
+            (v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K)) ${ciphertext}.f_value $to_hash"
+        );
         let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash);
 
         let expected_ciphertext = ind_cpa::encrypt_unpacked::<
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 6e5fcee19..935ef0c95 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -119,9 +119,11 @@ pub(crate) fn serialize_public_key_mut<
         Vector,
     >(t_as_ntt));
     serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a);
-    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #(v $PUBLIC_KEY_SIZE) serialized
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #u8 #(v $PUBLIC_KEY_SIZE) serialized
         (Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t
-            #$K #$:Vector $t_as_ntt)) $seed_for_a)");
+            #$K #$:Vector $t_as_ntt)) $seed_for_a)"
+    );
 }
 
 /// Call [`serialize_uncompressed_ring_element`] for each ring element.
@@ -173,7 +175,9 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
 
 /// Sample a vector of ring elements from a centered binomial distribution.
 #[inline(always)]
-#[hax_lib::fstar::options("--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always")]
+#[hax_lib::fstar::options(
+    "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
+)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
@@ -208,9 +212,13 @@ fn sample_ring_element_cbd<
         (createi $K (Spec.MLKEM.sample_vector_cbd2_prf_input #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init))))");
     let prf_outputs: [[u8; ETA2_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs);
     for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j:nat). j < v $i ==>
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "forall (j:nat). j < v $i ==>
             Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${error_1}.[ sz j ] ==
-              Spec.MLKEM.sample_poly_cbd $ETA2 ${prf_outputs}.[ sz j ]") });
+              Spec.MLKEM.sample_poly_cbd $ETA2 ${prf_outputs}.[ sz j ]"
+            )
+        });
         error_1[i] = sample_from_binomial_distribution::<ETA2, Vector>(&prf_outputs[i]);
     }
     hax_lib::fstar!("Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v $K)
@@ -222,7 +230,9 @@ fn sample_ring_element_cbd<
 /// Sample a vector of ring elements from a centered binomial distribution and
 /// convert them into their NTT representations.
 #[inline(always)]
-#[hax_lib::fstar::options("--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always")]
+#[hax_lib::fstar::options(
+    "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
+)]
 #[cfg_attr(hax, hax_lib::fstar::before("let sample_vector_cbd_then_ntt_helper_2
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
       (#v_Vector: Type0)
@@ -250,7 +260,10 @@ fn sample_ring_element_cbd<
       (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt)
       (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
         (Seq.slice prf_input 0 32) (sz (v domain_separator)))"))]
-#[cfg_attr(hax, hax_lib::fstar::before("let sample_vector_cbd_then_ntt_helper_1
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::before(
+        "let sample_vector_cbd_then_ntt_helper_1
       (v_K: usize)
       (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
       (prf_input: t_Array u8 (sz 33))
@@ -273,7 +286,9 @@ fn sample_ring_element_cbd<
     Classical.forall_intro lemma_aux;
     Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
       (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
-        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"))]
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"
+    )
+)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA == Spec.MLKEM.v_ETA1 $K /\\
@@ -300,18 +315,26 @@ fn sample_vector_cbd_then_ntt<
     let mut prf_inputs = [prf_input; K];
     let _domain_separator_init = domain_separator;
     domain_separator = prf_input_inc::<K>(&mut prf_inputs, domain_separator);
-    hax_lib::fstar!("sample_vector_cbd_then_ntt_helper_1 $K $prf_inputs $prf_input $_domain_separator_init");
+    hax_lib::fstar!(
+        "sample_vector_cbd_then_ntt_helper_1 $K $prf_inputs $prf_input $_domain_separator_init"
+    );
     let prf_outputs: [[u8; ETA_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs);
     for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j:nat). j < v $i ==>
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "forall (j:nat). j < v $i ==>
             Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector re_as_ntt.[ sz j ] ==
               Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ]) /\\
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector re_as_ntt.[ sz j ]") });
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector re_as_ntt.[ sz j ]"
+            )
+        });
         re_as_ntt[i] = sample_from_binomial_distribution::<ETA, Vector>(&prf_outputs[i]);
         ntt_binomially_sampled_ring_element(&mut re_as_ntt[i]);
     }
-    hax_lib::fstar!("sample_vector_cbd_then_ntt_helper_2
-        $K $ETA $ETA_RANDOMNESS_SIZE #$:Vector re_as_ntt $prf_input $_domain_separator_init");
+    hax_lib::fstar!(
+        "sample_vector_cbd_then_ntt_helper_2
+        $K $ETA $ETA_RANDOMNESS_SIZE #$:Vector re_as_ntt $prf_input $_domain_separator_init"
+    );
     domain_separator
 }
 
@@ -416,14 +439,18 @@ pub(crate) fn generate_keypair_unpacked<
     let hashed = Scheme::cpa_keygen_seed::<K, Hasher>(key_generation_seed);
     let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32);
 
-    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed_for_A
-        (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed_for_A) 0 32)");
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #u8 #32 $seed_for_A
+        (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed_for_A) 0 32)"
+    );
     sample_matrix_A::<K, Vector, Hasher>(&mut public_key.A, into_padded_array(seed_for_A), true);
 
     hax_lib::fstar!("let (matrix_A_as_ntt, valid) = Spec.MLKEM.sample_matrix_A_ntt #$K $seed_for_A in
         assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A)");
     let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error);
-    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed_for_secret_and_error (Seq.slice $prf_input 0 32)");
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #u8 #32 $seed_for_secret_and_error (Seq.slice $prf_input 0 32)"
+    );
     let domain_separator =
         sample_vector_cbd_then_ntt::<K, ETA1, ETA1_RANDOMNESS_SIZE, Vector, Hasher>(
             &mut private_key.secret_as_ntt,
@@ -473,7 +500,7 @@ pub(crate) fn generate_keypair_unpacked<
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))]
 #[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed in 
-                                    valid ==> $result == expected"))] 
+                                    valid ==> $result == expected"))]
 #[inline(always)]
 pub(crate) fn generate_keypair<
     const K: usize,
@@ -555,9 +582,11 @@ fn compress_then_serialize_u<
     input: [PolynomialRingElement<Vector>; K],
     out: &mut [u8],
 ) {
-    hax_lib::fstar!("assert (v (sz 32 *! $COMPRESSION_FACTOR) == 32 * v $COMPRESSION_FACTOR);
+    hax_lib::fstar!(
+        "assert (v (sz 32 *! $COMPRESSION_FACTOR) == 32 * v $COMPRESSION_FACTOR);
         assert (v ($OUT_LEN /! $K) == v $OUT_LEN / v $K);
-        assert (v $OUT_LEN / v $K == 32 * v $COMPRESSION_FACTOR)");
+        assert (v $OUT_LEN / v $K == 32 * v $COMPRESSION_FACTOR)"
+    );
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     cloop! {
@@ -589,9 +618,11 @@ fn compress_then_serialize_u<
             Classical.forall_intro lemma_aux");
         }
     };
-    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #(v $OUT_LEN) out
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #u8 #(v $OUT_LEN) out
         (Spec.MLKEM.compress_then_encode_u #$K
-            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input))");
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input))"
+    );
     ()
 }
 
@@ -684,8 +715,10 @@ pub(crate) fn encrypt_unpacked<
         sample_vector_cbd_then_ntt_out::<K, ETA1, ETA1_RANDOMNESS_SIZE, Vector, Hasher>(
             prf_input, 0,
         );
-    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $randomness (Seq.slice $prf_input 0 32);
-        assert (v $domain_separator == v $K)");
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #u8 #32 $randomness (Seq.slice $prf_input 0 32);
+        assert (v $domain_separator == v $K)"
+    );
 
     // for i from 0 to k−1 do
     //     e1[i] := CBD_{η2}(PRF(r,N))
@@ -699,8 +732,10 @@ pub(crate) fn encrypt_unpacked<
 
     // e_2 := CBD{η2}(PRF(r, N))
     prf_input[32] = domain_separator;
-    hax_lib::fstar!("assert (Seq.equal $prf_input (Seq.append $randomness (Seq.create 1 $domain_separator)));
-        assert ($prf_input == Seq.append $randomness (Seq.create 1 $domain_separator))");
+    hax_lib::fstar!(
+        "assert (Seq.equal $prf_input (Seq.append $randomness (Seq.create 1 $domain_separator)));
+        assert ($prf_input == Seq.append $randomness (Seq.create 1 $domain_separator))"
+    );
     let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = Hasher::PRF(&prf_input);
     let error_2 = sample_from_binomial_distribution::<ETA2, Vector>(&prf_output);
 
@@ -715,10 +750,12 @@ pub(crate) fn encrypt_unpacked<
         &error_2,
         &message_as_ring_element,
     );
-    hax_lib::fstar!("assert ($C1_LEN = Spec.MLKEM.v_C1_SIZE v_K);
+    hax_lib::fstar!(
+        "assert ($C1_LEN = Spec.MLKEM.v_C1_SIZE v_K);
         assert ($C2_LEN = Spec.MLKEM.v_C2_SIZE v_K);
         assert ($CIPHERTEXT_SIZE == $C1_LEN +! $C2_LEN);
-        assert ($C1_LEN <=. $CIPHERTEXT_SIZE)");
+        assert ($C1_LEN <=. $CIPHERTEXT_SIZE)"
+    );
 
     let mut ciphertext = [0u8; CIPHERTEXT_SIZE];
 
@@ -733,8 +770,10 @@ pub(crate) fn encrypt_unpacked<
         v,
         &mut ciphertext[C1_LEN..],
     );
-    hax_lib::fstar!("lemma_slice_append $ciphertext (Seq.slice $ciphertext 0 (Rust_primitives.v $C1_LEN))
-        (Seq.slice $ciphertext (Rust_primitives.v $C1_LEN) (Seq.length $ciphertext))");
+    hax_lib::fstar!(
+        "lemma_slice_append $ciphertext (Seq.slice $ciphertext 0 (Rust_primitives.v $C1_LEN))
+        (Seq.slice $ciphertext (Rust_primitives.v $C1_LEN) (Seq.length $ciphertext))"
+    );
 
     ciphertext
 }
@@ -861,8 +900,10 @@ pub(crate) fn build_unpacked_public_key_mut<
     //     end for
     // end for
     let seed = &public_key[T_AS_NTT_ENCODED_SIZE..];
-    hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 $seed
-      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed) 0 32)");
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #u8 #32 $seed
+      (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) $seed) 0 32)"
+    );
     sample_matrix_A::<K, Vector, Hasher>(
         &mut unpacked_public_key.A,
         into_padded_array(seed),
@@ -889,8 +930,10 @@ fn deserialize_then_decompress_u<
 >(
     ciphertext: &[u8; CIPHERTEXT_SIZE],
 ) -> [PolynomialRingElement<Vector>; K] {
-    hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! $U_COMPRESSION_FACTOR ) /!
-        sz 8) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))");
+    hax_lib::fstar!(
+        "assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! $U_COMPRESSION_FACTOR ) /!
+        sz 8) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))"
+    );
     let mut u_as_ntt = from_fn(|_| PolynomialRingElement::<Vector>::ZERO());
     cloop! {
         for (i, u_bytes) in ciphertext
@@ -907,10 +950,12 @@ fn deserialize_then_decompress_u<
             ntt_vector_u::<U_COMPRESSION_FACTOR, Vector>(&mut u_as_ntt[i]);
         }
     }
-    hax_lib::fstar!("Lib.Sequence.eq_intro #Spec.MLKEM.polynomial #(v $K)
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #Spec.MLKEM.polynomial #(v $K)
         (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $u_as_ntt)
         (Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K
-        (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K))))))");
+        (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K))))))"
+    );
     u_as_ntt
 }
 
@@ -941,9 +986,11 @@ pub(crate) fn deserialize_secret_key<const K: usize, Vector: Operations>(
             secret_as_ntt[i] = deserialize_to_uncompressed_ring_element(secret_bytes);
         }
     }
-    hax_lib::fstar!("Lib.Sequence.eq_intro #Spec.MLKEM.polynomial #(v $K)
+    hax_lib::fstar!(
+        "Lib.Sequence.eq_intro #Spec.MLKEM.polynomial #(v $K)
         (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $secret_as_ntt)
-        (Spec.MLKEM.vector_decode_12 #$K $secret_key)");
+        (Spec.MLKEM.vector_decode_12 #$K $secret_key)"
+    );
     secret_as_ntt
 }
 
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 2770d0988..24866eb82 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -1,23 +1,29 @@
 use crate::{
     hax_utils::hax_debug_assert,
-    polynomial::{PolynomialRingElement, get_zeta},
+    polynomial::{get_zeta, PolynomialRingElement},
     vector::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR},
 };
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
    let invert_ntt_re_range_2 (#v_Vector: Type0)
            {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
            (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328
-               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+)]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
    let invert_ntt_re_range_1 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+)]
 #[hax_lib::requires(fstar!("v ${*zeta_i} == 128 /\\
     invert_ntt_re_range_1 $re"))]
 #[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
@@ -33,29 +39,35 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
-        hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4 /\\
+        hax_lib::loop_invariant!(|round: usize| {
+            fstar!(
+                "v zeta_i == v $_zeta_i_init - v $round * 4 /\\
           (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (4 * 3328)
               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+            )
+        });
         *zeta_i -= 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (4*3328) 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::inv_ntt_layer_1_step(
             re.coefficients[round],
-            get_zeta (*zeta_i),
-            get_zeta (*zeta_i - 1),
-            get_zeta (*zeta_i - 2),
-            get_zeta (*zeta_i - 3),
+            get_zeta(*zeta_i),
+            get_zeta(*zeta_i - 1),
+            get_zeta(*zeta_i - 2),
+            get_zeta(*zeta_i - 3),
         );
         *zeta_i -= 3;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
+        hax_lib::fstar!(
+            "assert (Spec.Utils.is_i16b_array_opaque 3328
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
+        );
     }
     ()
 }
@@ -76,27 +88,33 @@ pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
-        hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2 /\\
+        hax_lib::loop_invariant!(|round: usize| {
+            fstar!(
+                "v zeta_i == v $_zeta_i_init - v $round * 2 /\\
           (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque 3328
               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+            )
+        });
         *zeta_i -= 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::inv_ntt_layer_2_step(
             re.coefficients[round],
-            get_zeta (*zeta_i),
-            get_zeta (*zeta_i - 1),
+            get_zeta(*zeta_i),
+            get_zeta(*zeta_i - 1),
         );
         *zeta_i -= 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
+        hax_lib::fstar!(
+            "assert (Spec.Utils.is_i16b_array_opaque 3328
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
+        );
     }
     ()
 }
@@ -117,23 +135,31 @@ pub(crate) fn invert_ntt_at_layer_3<Vector: Operations>(
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
-        hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round /\\
+        hax_lib::loop_invariant!(|round: usize| {
+            fstar!(
+                "v zeta_i == v $_zeta_i_init - v $round /\\
           (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque 3328
               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+            )
+        });
         *zeta_i -= 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] =
-            Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i));
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+            Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta(*zeta_i));
+        hax_lib::fstar!(
+            "reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
             (Spec.Utils.is_i16b_array_opaque 3328 
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"
+        );
+        hax_lib::fstar!(
+            "assert (Spec.Utils.is_i16b_array_opaque 3328
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
+        );
     }
     ()
 }
@@ -184,7 +210,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus<Vector: Operations>(
             let (x, y) = inv_ntt_layer_int_vec_step_reduce(
                 re.coefficients[j],
                 re.coefficients[j + step_vec],
-                get_zeta (*zeta_i),
+                get_zeta(*zeta_i),
             );
             re.coefficients[j] = x;
             re.coefficients[j + step_vec] = y;
diff --git a/libcrux-ml-kem/src/kem.rs b/libcrux-ml-kem/src/kem.rs
deleted file mode 100644
index e99d4d1ee..000000000
--- a/libcrux-ml-kem/src/kem.rs
+++ /dev/null
@@ -1,28 +0,0 @@
-// hacspec code: don't let clippy touch it.
-#[allow(clippy::all)]
-pub mod kyber;
-
-// // TODO: These functions are currently exposed simply in order to make NIST KAT
-// // testing possible without an implementation of the NIST AES-CTR DRBG. Remove them
-// // (and change the visibility of the exported functions to pub(crate)) the
-// // moment we have an implementation of one. This is tracked by:
-// // https://github.com/cryspen/libcrux/issues/36
-// #[cfg(feature = "tests")]
-// pub mod deterministic {
-//     pub use super::kyber::kyber1024::decapsulate as kyber1024_decapsulate_derand;
-//     pub use super::kyber::kyber1024::encapsulate as kyber1024_encapsulate_derand;
-//     pub use super::kyber::kyber1024::generate_key_pair as kyber1024_generate_keypair_derand;
-//     pub use super::kyber::kyber512::decapsulate as kyber512_decapsulate_derand;
-//     pub use super::kyber::kyber512::encapsulate as kyber512_encapsulate_derand;
-//     pub use super::kyber::kyber512::generate_key_pair as kyber512_generate_keypair_derand;
-//     pub use super::kyber::kyber768::decapsulate as kyber768_decapsulate_derand;
-//     pub use super::kyber::kyber768::encapsulate as kyber768_encapsulate_derand;
-//     pub use super::kyber::kyber768::generate_key_pair as kyber768_generate_keypair_derand;
-// }
-
-// #[cfg(feature = "tests")]
-// pub use kyber::{
-//     kyber1024::validate_public_key as ml_kem1024_validate_public_key,
-//     kyber512::validate_public_key as ml_kem512_validate_public_key,
-//     kyber768::validate_public_key as ml_kem768_validate_public_key,
-// };
diff --git a/libcrux-ml-kem/src/kem/kyber.rs b/libcrux-ml-kem/src/kem/kyber.rs
deleted file mode 100644
index e63fb7f92..000000000
--- a/libcrux-ml-kem/src/kem/kyber.rs
+++ /dev/null
@@ -1,358 +0,0 @@
-// This module is declared here since otherwise, hax reports the following error:
-//
-// The THIR body of item
-// DefId(0:986 ~ libcrux[92b3]::kem::kyber768::parameters::COEFFICIENTS_IN_RING_ELEMENT)
-// was stolen.
-//
-// This is being tracked in https://github.com/hacspec/hacspec-v2/issues/27
-pub(crate) mod constants;
-
-/// Helpers for verification and extraction
-mod helper;
-
-mod arithmetic;
-mod compress;
-mod constant_time_ops;
-mod hash_functions;
-mod ind_cpa;
-mod matrix;
-mod ntt;
-mod sampling;
-mod serialize;
-mod types;
-
-// Variants
-#[cfg(feature = "mlkem1024")]
-pub mod kyber1024;
-#[cfg(feature = "mlkem512")]
-pub mod kyber512;
-#[cfg(feature = "mlkem768")]
-pub mod kyber768;
-
-pub use types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey};
-
-// TODO: We should make this an actual type as opposed to alias so we can enforce
-// some checks at the type level. This is being tracked in:
-// https://github.com/cryspen/libcrux/issues/123
-pub type MlKemSharedSecret = [u8; SHARED_SECRET_SIZE];
-
-use self::{
-    arithmetic::PolynomialRingElement,
-    constant_time_ops::{
-        compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time,
-    },
-    constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE},
-    hash_functions::{G, H, PRF},
-    ind_cpa::{into_padded_array, serialize_public_key},
-    serialize::deserialize_ring_elements_reduced,
-};
-
-/// Seed size for key generation
-pub(crate) const KEY_GENERATION_SEED_SIZE: usize =
-    CPA_PKE_KEY_GENERATION_SEED_SIZE + SHARED_SECRET_SIZE;
-
-/// Serialize the secret key.
-#[inline(always)]
-fn serialize_kem_secret_key<const SERIALIZED_KEY_LEN: usize>(
-    private_key: &[u8],
-    public_key: &[u8],
-    implicit_rejection_value: &[u8],
-) -> [u8; SERIALIZED_KEY_LEN] {
-    let mut out = [0u8; SERIALIZED_KEY_LEN];
-    let mut pointer = 0;
-    out[pointer..pointer + private_key.len()].copy_from_slice(private_key);
-    pointer += private_key.len();
-    out[pointer..pointer + public_key.len()].copy_from_slice(public_key);
-    pointer += public_key.len();
-    out[pointer..pointer + H_DIGEST_SIZE].copy_from_slice(&H(public_key));
-    pointer += H_DIGEST_SIZE;
-    out[pointer..pointer + implicit_rejection_value.len()]
-        .copy_from_slice(implicit_rejection_value);
-    out
-}
-
-pub(super) fn validate_public_key<
-    const K: usize,
-    const RANKED_BYTES_PER_RING_ELEMENT: usize,
-    const PUBLIC_KEY_SIZE: usize,
->(
-    public_key: &[u8; PUBLIC_KEY_SIZE],
-) -> bool {
-    let deserialized_pk = deserialize_ring_elements_reduced::<PUBLIC_KEY_SIZE, K>(
-        &public_key[..RANKED_BYTES_PER_RING_ELEMENT],
-    );
-
-    let public_key_serialized =
-        serialize_public_key::<K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE>(
-            deserialized_pk,
-            &public_key[RANKED_BYTES_PER_RING_ELEMENT..],
-        );
-
-    *public_key == public_key_serialized
-}
-
-pub struct MlKemState<const K: usize> {
-    secret_as_ntt: [PolynomialRingElement; K],
-    t_as_ntt: [PolynomialRingElement; K],
-    a_transpose: [[PolynomialRingElement; K]; K],
-    rej: [u8; 32],
-    ind_cpa_public_key_hash: [u8; 32],
-}
-
-pub(super) fn generate_keypair_unpacked<
-    const K: usize,
-    const CPA_PRIVATE_KEY_SIZE: usize,
-    const PRIVATE_KEY_SIZE: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const BYTES_PER_RING_ELEMENT: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
->(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> (MlKemState<K>, MlKemPublicKey<PUBLIC_KEY_SIZE>) {
-    let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE];
-    let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..];
-
-    let ((secret_as_ntt, t_as_ntt, a_transpose), ind_cpa_public_key) =
-        ind_cpa::generate_keypair_unpacked::<
-            K,
-            PUBLIC_KEY_SIZE,
-            BYTES_PER_RING_ELEMENT,
-            ETA1,
-            ETA1_RANDOMNESS_SIZE,
-        >(ind_cpa_keypair_randomness);
-
-    let ind_cpa_public_key_hash = H(&ind_cpa_public_key);
-
-    let rej: [u8; 32] = implicit_rejection_value.try_into().unwrap();
-    let pubkey: MlKemPublicKey<PUBLIC_KEY_SIZE> = MlKemPublicKey::from(ind_cpa_public_key);
-    (
-        MlKemState {
-            secret_as_ntt,
-            t_as_ntt,
-            a_transpose,
-            rej,
-            ind_cpa_public_key_hash,
-        },
-        pubkey,
-    )
-}
-
-pub(super) fn generate_keypair<
-    const K: usize,
-    const CPA_PRIVATE_KEY_SIZE: usize,
-    const PRIVATE_KEY_SIZE: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const BYTES_PER_RING_ELEMENT: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
->(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE> {
-    let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE];
-    let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..];
-
-    let (ind_cpa_private_key, public_key) = ind_cpa::generate_keypair::<
-        K,
-        CPA_PRIVATE_KEY_SIZE,
-        PUBLIC_KEY_SIZE,
-        BYTES_PER_RING_ELEMENT,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(ind_cpa_keypair_randomness);
-
-    let secret_key_serialized =
-        serialize_kem_secret_key(&ind_cpa_private_key, &public_key, implicit_rejection_value);
-    let private_key: MlKemPrivateKey<PRIVATE_KEY_SIZE> =
-        MlKemPrivateKey::from(secret_key_serialized);
-
-    MlKemKeyPair::from(private_key, public_key.into())
-}
-
-pub(super) fn encapsulate<
-    const K: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const T_AS_NTT_ENCODED_SIZE: usize,
-    const C1_SIZE: usize,
-    const C2_SIZE: usize,
-    const VECTOR_U_COMPRESSION_FACTOR: usize,
-    const VECTOR_V_COMPRESSION_FACTOR: usize,
-    const VECTOR_U_BLOCK_LEN: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
-    const ETA2: usize,
-    const ETA2_RANDOMNESS_SIZE: usize,
->(
-    public_key: &MlKemPublicKey<PUBLIC_KEY_SIZE>,
-    randomness: [u8; SHARED_SECRET_SIZE],
-) -> (MlKemCiphertext<CIPHERTEXT_SIZE>, MlKemSharedSecret) {
-    let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness);
-    to_hash[H_DIGEST_SIZE..].copy_from_slice(&H(public_key.as_slice()));
-
-    let hashed = G(&to_hash);
-    let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
-
-    let ciphertext = ind_cpa::encrypt::<
-        K,
-        CIPHERTEXT_SIZE,
-        T_AS_NTT_ENCODED_SIZE,
-        C1_SIZE,
-        C2_SIZE,
-        VECTOR_U_COMPRESSION_FACTOR,
-        VECTOR_V_COMPRESSION_FACTOR,
-        VECTOR_U_BLOCK_LEN,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(public_key.as_slice(), randomness, pseudorandomness);
-
-    let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE];
-    shared_secret_array.copy_from_slice(shared_secret);
-    (ciphertext.into(), shared_secret_array)
-}
-
-pub(super) fn decapsulate_unpacked<
-    const K: usize,
-    const SECRET_KEY_SIZE: usize,
-    const CPA_SECRET_KEY_SIZE: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const T_AS_NTT_ENCODED_SIZE: usize,
-    const C1_SIZE: usize,
-    const C2_SIZE: usize,
-    const VECTOR_U_COMPRESSION_FACTOR: usize,
-    const VECTOR_V_COMPRESSION_FACTOR: usize,
-    const C1_BLOCK_SIZE: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
-    const ETA2: usize,
-    const ETA2_RANDOMNESS_SIZE: usize,
-    const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize,
->(
-    state: &MlKemState<K>,
-    ciphertext: &MlKemCiphertext<CIPHERTEXT_SIZE>,
-) -> MlKemSharedSecret {
-    let secret_as_ntt: &[PolynomialRingElement; K] = &state.secret_as_ntt;
-    let t_as_ntt: &[PolynomialRingElement; K] = &state.t_as_ntt;
-    let a_transpose: &[[PolynomialRingElement; K]; K] = &state.a_transpose;
-    let implicit_rejection_value: &[u8] = &state.rej;
-    let ind_cpa_public_key_hash: &[u8] = &state.ind_cpa_public_key_hash;
-
-    let decrypted = ind_cpa::decrypt_unpacked::<
-        K,
-        CIPHERTEXT_SIZE,
-        C1_SIZE,
-        VECTOR_U_COMPRESSION_FACTOR,
-        VECTOR_V_COMPRESSION_FACTOR,
-    >(secret_as_ntt, &ciphertext.value);
-
-    let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted);
-    to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ind_cpa_public_key_hash);
-
-    let hashed = G(&to_hash);
-    let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
-
-    let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] =
-        into_padded_array(&implicit_rejection_value);
-    to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref());
-    let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = PRF(&to_hash);
-
-    let expected_ciphertext = ind_cpa::encrypt_unpacked::<
-        K,
-        CIPHERTEXT_SIZE,
-        T_AS_NTT_ENCODED_SIZE,
-        C1_SIZE,
-        C2_SIZE,
-        VECTOR_U_COMPRESSION_FACTOR,
-        VECTOR_V_COMPRESSION_FACTOR,
-        C1_BLOCK_SIZE,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(t_as_ntt, a_transpose, decrypted, pseudorandomness);
-
-    let selector = compare_ciphertexts_in_constant_time::<CIPHERTEXT_SIZE>(
-        ciphertext.as_ref(),
-        &expected_ciphertext,
-    );
-
-    select_shared_secret_in_constant_time(
-        shared_secret,
-        &implicit_rejection_shared_secret,
-        selector,
-    )
-}
-
-pub(super) fn decapsulate<
-    const K: usize,
-    const SECRET_KEY_SIZE: usize,
-    const CPA_SECRET_KEY_SIZE: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const T_AS_NTT_ENCODED_SIZE: usize,
-    const C1_SIZE: usize,
-    const C2_SIZE: usize,
-    const VECTOR_U_COMPRESSION_FACTOR: usize,
-    const VECTOR_V_COMPRESSION_FACTOR: usize,
-    const C1_BLOCK_SIZE: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
-    const ETA2: usize,
-    const ETA2_RANDOMNESS_SIZE: usize,
-    const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize,
->(
-    secret_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
-    ciphertext: &MlKemCiphertext<CIPHERTEXT_SIZE>,
-) -> MlKemSharedSecret {
-    let (ind_cpa_secret_key, secret_key) = secret_key.split_at(CPA_SECRET_KEY_SIZE);
-    let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE);
-    let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE);
-
-    let decrypted = ind_cpa::decrypt::<
-        K,
-        CIPHERTEXT_SIZE,
-        C1_SIZE,
-        VECTOR_U_COMPRESSION_FACTOR,
-        VECTOR_V_COMPRESSION_FACTOR,
-    >(ind_cpa_secret_key, &ciphertext.value);
-
-    let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted);
-    to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ind_cpa_public_key_hash);
-
-    let hashed = G(&to_hash);
-    let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
-
-    let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] =
-        into_padded_array(&implicit_rejection_value);
-    to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref());
-    let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = PRF(&to_hash);
-
-    let expected_ciphertext = ind_cpa::encrypt::<
-        K,
-        CIPHERTEXT_SIZE,
-        T_AS_NTT_ENCODED_SIZE,
-        C1_SIZE,
-        C2_SIZE,
-        VECTOR_U_COMPRESSION_FACTOR,
-        VECTOR_V_COMPRESSION_FACTOR,
-        C1_BLOCK_SIZE,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(ind_cpa_public_key, decrypted, pseudorandomness);
-
-    let selector = compare_ciphertexts_in_constant_time::<CIPHERTEXT_SIZE>(
-        ciphertext.as_ref(),
-        &expected_ciphertext,
-    );
-
-    select_shared_secret_in_constant_time(
-        shared_secret,
-        &implicit_rejection_shared_secret,
-        selector,
-    )
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/PERFORMANCE.md b/libcrux-ml-kem/src/kem/kyber/PERFORMANCE.md
deleted file mode 100644
index 93bf98dd9..000000000
--- a/libcrux-ml-kem/src/kem/kyber/PERFORMANCE.md
+++ /dev/null
@@ -1,8 +0,0 @@
-N.B.: All measurements were taken on an M1 MacBook Air with 16 GB of memory.
-
-|           |   Key Generation (µs) |   Encapsulation (µs) |   Decapsulation (µs) |
-|:----------|----------------------:|---------------------:|---------------------:|
-| libcrux   |               30.671  |              36.31   |              36.3    |
-| BoringSSL |               33.8152 |              28.7323 |              35.2664 |
-| CIRCL     |               39.785  |              44.517  |              49.626  |
-| PQClean   |               30.671  |              38.511  |              43.458  |
\ No newline at end of file
diff --git a/libcrux-ml-kem/src/kem/kyber/arithmetic.rs b/libcrux-ml-kem/src/kem/kyber/arithmetic.rs
deleted file mode 100644
index de38ff72d..000000000
--- a/libcrux-ml-kem/src/kem/kyber/arithmetic.rs
+++ /dev/null
@@ -1,201 +0,0 @@
-use crate::hax_utils::hax_debug_assert;
-
-use super::constants::{COEFFICIENTS_IN_RING_ELEMENT, FIELD_MODULUS};
-
-/// Values having this type hold a representative 'x' of the Kyber field.
-/// We use 'fe' as a shorthand for this type.
-pub(crate) type FieldElement = i32;
-
-const MONTGOMERY_SHIFT: u8 = 16;
-const MONTGOMERY_R: i32 = 1 << MONTGOMERY_SHIFT;
-
-/// If 'x' denotes a value of type `fe`, values having this type hold a
-/// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS).
-/// We use 'mfe' as a shorthand for this type
-pub(crate) type MontgomeryFieldElement = i32;
-
-/// If 'x' denotes a value of type `fe`, values having this type hold a
-/// representative y ≡ x·MONTGOMERY_R (mod FIELD_MODULUS).
-/// We use 'fer' as a shorthand for this type.
-pub(crate) type FieldElementTimesMontgomeryR = i32;
-
-#[cfg_attr(hax, hax_lib::requires(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT))]
-#[cfg_attr(hax, hax_lib::ensures(|result| result < 2u32.pow(n.into())))]
-#[inline(always)]
-pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 {
-    hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT);
-
-    value & ((1 << n) - 1)
-}
-
-const BARRETT_SHIFT: i64 = 26;
-const BARRETT_R: i64 = 1 << BARRETT_SHIFT;
-
-/// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋
-const BARRETT_MULTIPLIER: i64 = 20159;
-
-/// Signed Barrett Reduction
-///
-/// Given an input `value`, `barrett_reduce` outputs a representative `result`
-/// such that:
-///
-/// - result ≡ value (mod FIELD_MODULUS)
-/// - the absolute value of `result` is bound as follows:
-///
-/// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1)
-///
-/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`.
-
-#[cfg_attr(hax, hax_lib::requires((i64::from(value) > -BARRETT_R && i64::from(value) < BARRETT_R)))]
-#[cfg_attr(hax, hax_lib::ensures(|result| result > -FIELD_MODULUS && result < FIELD_MODULUS))]
-pub(crate) fn barrett_reduce(value: FieldElement) -> FieldElement {
-    hax_debug_assert!(
-        i64::from(value) > -BARRETT_R && i64::from(value) < BARRETT_R,
-        "value is {value}"
-    );
-
-    let t = (i64::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1);
-    let quotient = (t >> BARRETT_SHIFT) as i32;
-
-    let result = value - (quotient * FIELD_MODULUS);
-
-    hax_debug_assert!(
-        result > -FIELD_MODULUS && result < FIELD_MODULUS,
-        "value is {value}"
-    );
-
-    result
-}
-
-const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R
-
-/// Signed Montgomery Reduction
-///
-/// Given an input `value`, `montgomery_reduce` outputs a representative `o`
-/// such that:
-///
-/// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS)
-/// - the absolute value of `o` is bound as follows:
-///
-/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2)
-///
-/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`.
-#[cfg_attr(hax, hax_lib::requires(value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R))]
-#[cfg_attr(hax, hax_lib::ensures(|result| result >= -(3 * FIELD_MODULUS) / 2 && result <= (3 * FIELD_MODULUS) / 2))]
-pub(crate) fn montgomery_reduce(value: FieldElement) -> MontgomeryFieldElement {
-    // This forces hax to extract code for MONTGOMERY_R before it extracts code
-    // for this function. The removal of this line is being tracked in:
-    // https://github.com/cryspen/libcrux/issues/134
-    let _ = MONTGOMERY_R;
-
-    hax_debug_assert!(
-        value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R,
-        "value is {value}"
-    );
-
-    let t = get_n_least_significant_bits(MONTGOMERY_SHIFT, value as u32)
-        * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R;
-    let k = get_n_least_significant_bits(MONTGOMERY_SHIFT, t) as i16;
-
-    let k_times_modulus = (k as i32) * FIELD_MODULUS;
-
-    let c = k_times_modulus >> MONTGOMERY_SHIFT;
-    let value_high = value >> MONTGOMERY_SHIFT;
-
-    value_high - c
-}
-
-/// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to
-/// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to
-/// `x · y`, as follows:
-///
-///    `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)`
-///
-/// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative
-/// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`.
-#[inline(always)]
-pub(crate) fn montgomery_multiply_fe_by_fer(
-    fe: FieldElement,
-    fer: FieldElementTimesMontgomeryR,
-) -> FieldElement {
-    montgomery_reduce(fe * fer)
-}
-
-/// This is calculated as (MONTGOMERY_R)^2 mod FIELD_MODULUS
-const MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i32 = 1353;
-
-/// If x is some field element of the Kyber field and `mfe` is congruent to
-/// x · MONTGOMERY_R^{-1}, this procedure outputs a value that is congruent to
-/// `x`, as follows:
-///
-///    mfe · MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ≡ x · MONTGOMERY_R^{-1} * (MONTGOMERY_R)^2 (mod FIELD_MODULUS)
-/// => mfe · MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ≡ x · MONTGOMERY_R (mod FIELD_MODULUS)
-///
-/// `montgomery_reduce` takes the value `x · MONTGOMERY_R` and outputs a representative
-/// `x · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x (mod FIELD_MODULUS)`
-#[inline(always)]
-pub(crate) fn to_standard_domain(mfe: MontgomeryFieldElement) -> FieldElement {
-    montgomery_reduce(mfe * MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS)
-}
-
-/// Given a field element `fe` such that -FIELD_MODULUS ≤ fe < FIELD_MODULUS,
-/// output `o` such that:
-/// - `o` is congruent to `fe`
-/// - 0 ≤ `o` FIELD_MODULUS
-#[cfg_attr(hax, hax_lib::requires(fe >= -FIELD_MODULUS && fe < FIELD_MODULUS))]
-#[cfg_attr(hax, hax_lib::ensures(|result| result >= 0 && result < (FIELD_MODULUS as u16)))]
-#[inline(always)]
-pub(crate) fn to_unsigned_representative(fe: FieldElement) -> u16 {
-    hax_debug_assert!(fe >= -FIELD_MODULUS && fe < FIELD_MODULUS);
-    (fe + (FIELD_MODULUS & (fe >> 31))) as u16
-}
-
-#[derive(Clone, Copy)]
-pub struct PolynomialRingElement {
-    pub(crate) coefficients: [FieldElement; COEFFICIENTS_IN_RING_ELEMENT],
-}
-
-impl PolynomialRingElement {
-    pub const ZERO: Self = Self {
-        coefficients: [0i32; 256], // FIXME: hax issue, this is COEFFICIENTS_IN_RING_ELEMENT
-    };
-}
-
-/// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
-/// sum of their constituent coefficients.
-#[cfg_attr(hax, hax_lib::requires(
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < COEFFICIENTS_IN_RING_ELEMENT, ||
-            (lhs.coefficients[i].abs() <= ((K as i32) - 1) * FIELD_MODULUS) &&
-            (rhs.coefficients[i].abs() <= FIELD_MODULUS)
-
-))))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < result.coefficients.len(), ||
-                result.coefficients[i].abs() <= (K as i32) * FIELD_MODULUS
-))))]
-pub(crate) fn add_to_ring_element<const K: usize>(
-    mut lhs: PolynomialRingElement,
-    rhs: &PolynomialRingElement,
-) -> PolynomialRingElement {
-    hax_debug_assert!(lhs
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient.abs() <= ((K as i32) - 1) * FIELD_MODULUS));
-    hax_debug_assert!(rhs
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient.abs() < FIELD_MODULUS));
-
-    for i in 0..lhs.coefficients.len() {
-        lhs.coefficients[i] += rhs.coefficients[i];
-    }
-
-    hax_debug_assert!(lhs
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient.abs() <= (K as i32) * FIELD_MODULUS));
-
-    lhs
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/compress.rs b/libcrux-ml-kem/src/kem/kyber/compress.rs
deleted file mode 100644
index dd1ebd4d3..000000000
--- a/libcrux-ml-kem/src/kem/kyber/compress.rs
+++ /dev/null
@@ -1,135 +0,0 @@
-use crate::hax_utils::hax_debug_assert;
-
-use super::{
-    arithmetic::{get_n_least_significant_bits, FieldElement},
-    constants::FIELD_MODULUS,
-};
-
-/// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS
-/// 203 standard (Page 18, Expression 4.5), which is defined as:
-///
-/// ```plaintext
-/// Compress_d: ℤq -> ℤ_{2ᵈ}
-/// Compress_d(x) = ⌈(2ᵈ/q)·x⌋
-/// ```
-///
-/// Since `⌈x⌋ = ⌊x + 1/2⌋` we have:
-///
-/// ```plaintext
-/// Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋
-///               = ⌊(2^{d+1}·x + q) / 2q⌋
-/// ```
-///
-/// For further information about the function implementations, consult the
-/// `implementation_notes.pdf` document in this directory.
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-
-#[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-        hax_lib::implies(833 <= fe && fe <= 2596, || result == 1) &&
-        hax_lib::implies(!(833 <= fe && fe <= 2596), || result == 0)
-))]
-pub(super) fn compress_message_coefficient(fe: u16) -> u8 {
-    // The approach used here is inspired by:
-    // https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
-
-    // If 833 <= fe <= 2496,
-    // then -832 <= shifted <= 831
-    let shifted: i16 = 1664 - (fe as i16);
-
-    // If shifted < 0, then
-    // (shifted >> 15) ^ shifted = flip_bits(shifted) = -shifted - 1, and so
-    // if -832 <= shifted < 0 then 0 < shifted_positive <= 831
-    //
-    // If shifted >= 0 then
-    // (shifted >> 15) ^ shifted = shifted, and so
-    // if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831
-    let mask = shifted >> 15;
-    let shifted_to_positive = mask ^ shifted;
-
-    let shifted_positive_in_range = shifted_to_positive - 832;
-
-    // If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means
-    // the most significant bit of shifted_positive_in_range will be 1.
-    ((shifted_positive_in_range >> 15) & 1) as u8
-}
-
-#[cfg_attr(hax,
-    hax_lib::requires(
-        (coefficient_bits == 4 ||
-         coefficient_bits == 5 ||
-         coefficient_bits == 10 ||
-         coefficient_bits == 11) &&
-         fe < (FIELD_MODULUS as u16)))]
-#[cfg_attr(hax,
-     hax_lib::ensures(
-     |result| result >= 0 && result < 2i32.pow(coefficient_bits as u32)))]
-pub(super) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) -> FieldElement {
-    hax_debug_assert!(
-        coefficient_bits == 4
-            || coefficient_bits == 5
-            || coefficient_bits == 10
-            || coefficient_bits == 11
-    );
-    hax_debug_assert!(fe <= (FIELD_MODULUS as u16));
-
-    // This has to be constant time due to:
-    // https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
-    let mut compressed = (fe as u64) << coefficient_bits;
-    compressed += 1664 as u64;
-
-    compressed *= 10_321_340;
-    compressed >>= 35;
-
-    get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement
-}
-
-/// The `decompress_*` functions implement the `Decompress` function specified in the NIST FIPS
-/// 203 standard (Page 18, Expression 4.6), which is defined as:
-///
-/// ```plaintext
-/// Decompress_d: ℤ_{2ᵈ} -> ℤq
-/// Decompress_d(y) = ⌈(q/2ᵈ)·y⌋
-/// ```
-///
-/// Since `⌈x⌋ = ⌊x + 1/2⌋` we have:
-///
-/// ```plaintext
-/// Decompress_d(y) = ⌊(q/2ᵈ)·y + 1/2⌋
-///                 = ⌊(2·y·q + 2ᵈ) / 2^{d+1})⌋
-/// ```
-///
-/// For further information about the function implementations, consult the
-/// `implementation_notes.pdf` document in this directory.
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-
-#[cfg_attr(hax, hax_lib::requires((fe == 0) || (fe == 1)))]
-#[inline(always)]
-pub(super) fn decompress_message_coefficient(fe: FieldElement) -> FieldElement {
-    -fe & ((FIELD_MODULUS + 1) / 2)
-}
-
-#[cfg_attr(hax, hax_lib::requires((coefficient_bits == 4 || coefficient_bits == 5 || coefficient_bits == 10 || coefficient_bits == 11) && (fe >= 0) && (fe < 2i32.pow(coefficient_bits as u32))))]
-#[cfg_attr(hax, hax_lib::ensures(|result| result < FIELD_MODULUS))]
-pub(super) fn decompress_ciphertext_coefficient(
-    coefficient_bits: u8,
-    fe: FieldElement,
-) -> FieldElement {
-    hax_debug_assert!(
-        coefficient_bits == 4
-            || coefficient_bits == 5
-            || coefficient_bits == 10
-            || coefficient_bits == 11
-    );
-    hax_debug_assert!(fe >= 0 && fe <= 2i32.pow(coefficient_bits as u32));
-
-    let mut decompressed = (fe as u32) * (FIELD_MODULUS as u32);
-    decompressed = (decompressed << 1) + (1 << coefficient_bits);
-    decompressed >>= coefficient_bits + 1;
-
-    decompressed as FieldElement
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/constant_time_ops.rs b/libcrux-ml-kem/src/kem/kyber/constant_time_ops.rs
deleted file mode 100644
index 66b667dad..000000000
--- a/libcrux-ml-kem/src/kem/kyber/constant_time_ops.rs
+++ /dev/null
@@ -1,64 +0,0 @@
-use super::constants::SHARED_SECRET_SIZE;
-use crate::hax_utils::hax_debug_assert;
-
-// Examine the output that LLVM produces for this code from time to time to ensure
-// operations are not being optimized away/constant-timedness is not being broken.
-
-/// Return 1 if `value` is not zero and 0 otherwise.
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::implies(value == 0, || result == 0) &&
-    hax_lib::implies(value != 0, || result == 1)
-))]
-#[inline(never)] // Don't inline this to avoid that the compiler optimizes this out.
-fn is_non_zero(value: u8) -> u8 {
-    let value = value as u16;
-
-    let result = ((value | (!value).wrapping_add(1)) >> 8) & 1;
-
-    result as u8
-}
-
-/// Return 1 if the bytes of `lhs` and `rhs` do not exactly
-/// match and 0 otherwise.
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::implies(lhs == rhs, || result == 0) &&
-    hax_lib::implies(lhs != rhs, || result == 1)
-))]
-pub(crate) fn compare_ciphertexts_in_constant_time<const CIPHERTEXT_SIZE: usize>(
-    lhs: &[u8],
-    rhs: &[u8],
-) -> u8 {
-    hax_debug_assert!(lhs.len() == rhs.len());
-    hax_debug_assert!(lhs.len() == CIPHERTEXT_SIZE);
-
-    let mut r: u8 = 0;
-    for i in 0..CIPHERTEXT_SIZE {
-        r |= lhs[i] ^ rhs[i];
-    }
-
-    is_non_zero(r)
-}
-
-/// If `selector` is not zero, return the bytes in `rhs`; return the bytes in
-/// `lhs` otherwise.
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::implies(selector == 0, || result == lhs) &&
-    hax_lib::implies(selector != 0, || result == rhs)
-))]
-pub(crate) fn select_shared_secret_in_constant_time(
-    lhs: &[u8],
-    rhs: &[u8],
-    selector: u8,
-) -> [u8; SHARED_SECRET_SIZE] {
-    hax_debug_assert!(lhs.len() == rhs.len());
-    hax_debug_assert!(lhs.len() == SHARED_SECRET_SIZE);
-
-    let mask = is_non_zero(selector).wrapping_sub(1);
-    let mut out = [0u8; SHARED_SECRET_SIZE];
-
-    for i in 0..SHARED_SECRET_SIZE {
-        out[i] = (lhs[i] & mask) | (rhs[i] & !mask);
-    }
-
-    out
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/constants.rs b/libcrux-ml-kem/src/kem/kyber/constants.rs
deleted file mode 100644
index a48705a2f..000000000
--- a/libcrux-ml-kem/src/kem/kyber/constants.rs
+++ /dev/null
@@ -1,35 +0,0 @@
-/// Field modulus: 3329
-pub(crate) const FIELD_MODULUS: i32 = 3329;
-
-/// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent
-pub(crate) const BITS_PER_COEFFICIENT: usize = 12;
-
-/// Coefficients per ring element
-pub(crate) const COEFFICIENTS_IN_RING_ELEMENT: usize = 256;
-
-/// Bits required per (uncompressed) ring element
-pub(crate) const BITS_PER_RING_ELEMENT: usize = COEFFICIENTS_IN_RING_ELEMENT * 12;
-
-/// Bytes required per (uncompressed) ring element
-pub(crate) const BYTES_PER_RING_ELEMENT: usize = BITS_PER_RING_ELEMENT / 8;
-
-/// PKE message size
-pub(crate) const SHARED_SECRET_SIZE: usize = 32;
-
-pub(crate) const CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = 32;
-
-// [hax]: hacspec/hacspec-v2#27 stealing error
-//        Using these functions causes stealing errors in hax.
-// /// Compute serialized length for output size of ByteEncode
-// pub(in crate::kem::kyber) const fn serialized_len<const K: usize, const OUT_LEN: usize>() -> usize {
-//     OUT_LEN * K
-// }
-
-// /// Compute block length for output block size of ByteEncode u (c1)
-// pub(in crate::kem::kyber) const fn block_len<const FACTOR: usize>() -> usize {
-//     (COEFFICIENTS_IN_RING_ELEMENT * FACTOR) / 8
-// }
-
-// XXX: Eurydice can't handle this.
-// digest_size(Algorithm::Sha3_256);
-pub(crate) const H_DIGEST_SIZE: usize = 32;
diff --git a/libcrux-ml-kem/src/kem/kyber/hash_functions.rs b/libcrux-ml-kem/src/kem/kyber/hash_functions.rs
deleted file mode 100644
index 57e930c87..000000000
--- a/libcrux-ml-kem/src/kem/kyber/hash_functions.rs
+++ /dev/null
@@ -1,116 +0,0 @@
-#![allow(non_snake_case)]
-
-use super::constants::H_DIGEST_SIZE;
-const G_DIGEST_SIZE: usize = 64;
-
-use libcrux_sha3::portable::{
-    self,
-    incremental::{
-        shake128_absorb_final, shake128_init, shake128_squeeze_first_three_blocks,
-        shake128_squeeze_next_block,
-    },
-    KeccakState,
-};
-pub(crate) fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
-    let mut digest = [0u8; G_DIGEST_SIZE];
-    portable::sha512(&mut digest, input);
-    digest
-}
-
-pub(crate) fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
-    let mut digest = [0u8; H_DIGEST_SIZE];
-    portable::sha256(&mut digest, input);
-    digest
-}
-
-pub(crate) fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
-    let mut digest = [0u8; LEN];
-    portable::shake256(&mut digest, input);
-    digest
-}
-
-// #[inline(always)]
-// pub(crate) fn absorb<const K: usize>(input: [[u8; 34]; K]) -> Shake128StateX4 {
-//     debug_assert!(K == 2 || K == 3 || K == 4);
-
-//     let mut state = Shake128StateX4::new();
-//     // XXX: We need to do this dance to get it through hax and eurydice for now.
-//     let mut data: [&[u8]; K] = [&[0u8]; K];
-//     for i in 0..K {
-//         data[i] = &input[i] as &[u8];
-//     }
-//     state.absorb_final(data);
-//     state
-// }
-
-#[inline(always)]
-pub(crate) fn absorb<const K: usize>(input: [[u8; 34]; K]) -> [KeccakState; K] {
-    debug_assert!(K == 2 || K == 3 || K == 4);
-
-    let mut state = [shake128_init(); K];
-    for i in 0..K {
-        shake128_absorb_final(&mut state[i], &input[i]);
-    }
-    state
-}
-
-const BLOCK_SIZE: usize = 168;
-const THREE_BLOCKS: usize = BLOCK_SIZE * 3;
-
-// #[inline(always)]
-// pub(crate) fn squeeze_three_blocks<const K: usize>(
-//     xof_state: &mut Shake128StateX4,
-// ) -> [[u8; THREE_BLOCKS]; K] {
-//     let output: [[u8; THREE_BLOCKS]; K] = xof_state.squeeze_blocks();
-//     let mut out = [[0u8; THREE_BLOCKS]; K];
-//     for i in 0..K {
-//         out[i] = output[i];
-//     }
-//     out
-// }
-
-#[inline(always)]
-pub(crate) fn squeeze_three_blocks<const K: usize>(
-    xof_state: &mut [KeccakState; K],
-) -> [[u8; THREE_BLOCKS]; K] {
-    debug_assert!(K == 2 || K == 3 || K == 4);
-
-    let mut out = [[0u8; THREE_BLOCKS]; K];
-    for i in 0..K {
-        shake128_squeeze_first_three_blocks(&mut xof_state[i], &mut out[i]);
-    }
-    out
-}
-
-// #[inline(always)]
-// pub(crate) fn squeeze_block<const K: usize>(
-//     xof_state: &mut Shake128StateX4,
-// ) -> [[u8; BLOCK_SIZE]; K] {
-//     let output: [[u8; BLOCK_SIZE]; K] = xof_state.squeeze_blocks();
-//     let mut out = [[0u8; BLOCK_SIZE]; K];
-//     for i in 0..K {
-//         out[i] = output[i];
-//     }
-//     out
-// }
-
-#[inline(always)]
-pub(crate) fn squeeze_block<const K: usize>(
-    xof_state: &mut [KeccakState; K],
-) -> [[u8; BLOCK_SIZE]; K] {
-    debug_assert!(K == 2 || K == 3 || K == 4);
-
-    let mut out = [[0u8; BLOCK_SIZE]; K];
-    for i in 0..K {
-        shake128_squeeze_next_block(&mut xof_state[i], &mut out[i]);
-    }
-    out
-}
-
-/// Free the memory of the state.
-///
-/// **NOTE:** That this needs to be done manually for now.
-#[inline(always)]
-pub(crate) fn free_state<const K: usize>(_xof_state: [KeccakState; K]) {
-    // xof_state.free_memory();
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/helper.rs b/libcrux-ml-kem/src/kem/kyber/helper.rs
deleted file mode 100644
index 47fa920aa..000000000
--- a/libcrux-ml-kem/src/kem/kyber/helper.rs
+++ /dev/null
@@ -1,59 +0,0 @@
-/// The following macros are defined so that the extraction from Rust to C code
-/// can go through.
-
-#[cfg(not(hax))]
-#[doc(hidden)]
-macro_rules! cloop {
-    (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-        for $i in 0..$val.$values.len() / ($($chunk_size)*) {
-            let $chunk = &$val.$values[$i*($($chunk_size)*) .. $i*($($chunk_size)*)+($($chunk_size)*)];
-            $body
-        }
-    };
-    (for ($i:ident, $chunk:ident) in $val:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-        for $i in 0..$val.len() / ($($chunk_size)*) {
-            let $chunk = &$val[$i*($($chunk_size)*) .. $i*($($chunk_size)*)+($($chunk_size)*)];
-            $body
-        }
-    };
-    (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
-        for $i in 0..$val.len() {
-            let $item = &$val[$i];
-            $body
-        }
-    };
-    (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
-        for $i in 0..$val.len() {
-            let $item = $val[$i];
-            $body
-        }
-    };
-    (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
-        for $i in $start..$end / $step {
-            let $i = $i * $step;
-            $body
-        }
-    };
-}
-
-#[cfg(hax)]
-#[doc(hidden)]
-macro_rules! cloop {
-    (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-        for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body
-    };
-    (for ($i:ident, $chunk:ident) in $val:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-        for ($i, $chunk) in $val.chunks_exact($($chunk_size),*).enumerate() $body
-    };
-    (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
-        for ($i, $item) in $val.iter().enumerate() $body
-    };
-    (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
-        for ($i, $item) in $val.into_iter().enumerate() $body
-    };
-    (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
-        for $i in ($start..$end).step_by($step) $body
-    };
-}
-
-pub(super) use cloop;
diff --git a/libcrux-ml-kem/src/kem/kyber/implementation_notes.pdf b/libcrux-ml-kem/src/kem/kyber/implementation_notes.pdf
deleted file mode 100644
index adc84302604712f39f42c7375dde699ecc99a884..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 348700
zcma%?Q;;Ugwyn#yZQDkdZQHhuF59+kv&*(^Tm6@D*S_bzofUESjL1ktzGcjeFUK57
zt|%%_&&<FMLq5MevJS(^M8rhoU~CP;#|OhGYi4iZYDvV!#7y)*0mCS6W$S9@OvET|
zYvgJsYG&eKY6c@90OR87Y-VH!<GDGbF5|Gp1o!7f<COzDgI$SnYt7xJ5dk-hp&wxf
z!M>;r1cf&tw`ixH(2P1R8BH$?T|}YHDv6Mgkh;+{ui^MG<m<qThuh18!4!o1q`;J=
zQ?6iHl{wdPh6=`fg8l8UXR^62>d~Ssle_?f25d8%TU1lsrL79&TY4F*-Mfo(q<|X8
zFPYMgmr61<v&;e%bfAF?vF6(<a-5=MDQ%zuME!&hRVn2enmdXE)fBNLC#h1JpbfLo
z25v2lTjq7=H;z9{44_;TAW1NlKKF1TMLZf(6zu4H@7zNL;0d!K5^y?3>oI9HU=9=R
zg~T(`b>kWq817bAlUmal>_A5c%y!Ieki$!hkiSyticzEN1D)h&G2yi_OPtQdpoFTt
zPYuX2ak?7-cq3hO&~mIJ>(%~-x1gm-S8!<Oiix!;H|f8}SbUqGHm9Fy8tS$Z*E3UD
zYtM8Ro^E#gUN<q7V~rCT4Qh^1RkC|Tr>~aXiPOzP?Pi@k-=(aAnapX%<rH~kn>1!z
zz6o{8+)F-|670_T@}LRKjV+Cd$1Mc4a$KLxt=@_0$vRn@0c><IqQ<`-P0m6QpPB{|
zI;{A@>X#ryie%bH?rAu{l_AmKd8x#N$mf{H2n>xJ%Iv@HRr!*XelXDYT7bvGZo-uk
zm73rEQk^Kg_jsw<+6#w_Vlj+jt=|~=Q|j#*`9{hgy#%Cw5mb(sYtlN6moH6nFS&(_
zPI4cEtvAY|K*}CUJM@0UBZqcOM*3w5N-u%@ZT!Su8Z%ixxSy5^$E$7g%%jpLM*`Of
zJImN&q^A)5#b=-$7wLl&C!sdFh+|P5`qerhCSBb3eY`DruiDUG+;mgLw5(;p5AZYi
z)E8NBuNPwYjjYI9XZ+yixRUQ>xy;447nJ?-y!+0#)q$t<cgNkslXv|)AF#R4E5Cof
zQWzeVzp;|*l<O7I?S2WIt$0KT_jlR;9oe5#rZ0NSu~F!E?a(R#PB3bX>)WGBa3d1c
zk3albVUNb?Dwm4FP;bfo3rgFWZM|)0*=9X`0Zy3B?E2x*@iC{4x?TW`nZ4=%%awmd
z|H(5hw*Q@QEG#Un|82spXzREfNhABu)iW^?VP0{&^x3XMA~c{aS2`MsD2;HJ!%(K7
zu5B)oOqjmxJ;jPElbIb)@hIM-P_I^Wmw#m6)^C+Hhhyh{eMfPuIXKk+@v1+Lks>KM
zZQcUJFpJQ&vx<-#3D4PUG!vq57%+{hJ^Cfub9T$M(Q#OD|6DxB@AY6Bk5V};Gyibp
z(sP+o6YPF$ZAX#iGJ-8lG||0uzweT*9OaPD__ftMk2vFEn7P;|f6e~%W;5P%(&O+;
z0{~2=kxdBi*8H5zIvGT|9x{{GTB@<+YV)!azQmz&e}c*BDslMh7>AgQORUU}mDt0$
z%D2d?*`})9$F$}_9n|8xTQ;{pUJi&)BFb#r0z;*{?u{G0JpXRhVVoS9>-7%Y#s){A
z+qX#j6ELipTspWqw`ck!cS_}PnBfq7zn``rQ2Z>v+H2W8PTwWD5W;4%Ioxe&;CRtU
z3GO+hcYFK28n)93te!3w=Kj2HFcK+DmP|JC66br+i6Wgj+;Z@5eL`{ubis4-Z#@RF
z2|$8iJ4ruah@@4B6Oz)u?mF~}ryU0l3uB?@968)B&A2D?%aSAsXW<Z|lwGG0_Kqzz
z#QWJ;{~@pyr?~QkUD134BR|;S*ttnN$-c*%uUb^|ywAXh&7cJ1-_tnAR}j;8;5Fz2
zh`U2N#@O81N^qGBY~J<YNCwWt#ON;vV**ppibW3!*5Hm^0xM%DDz4Q`3?>y~ZA*`A
zlH=Z4nt>)b0Wzj8o0DeI6$loK{Qg8;G$&cELVxfT#zTJy8+4%QL$fuO$RoazZQb2|
z{#ZSfDOrlcWG2_PbZ5vVX<A7zV1bOHSa^0HrYi}qwio-s(=UWX&n~?%vyV5GB|q4c
z=tfmO*|9IR$#)%p?!X;!Inr`NJ%H1|A1KR`<o0na7W)LD?bPls;D|&P<QDab9?(V@
z`ob9;4}EtsPf%1_V+ne0uPP+yG_^A~mk>=CusMoUG|S1oy;rz}6Z2ySo8tu6L*+LT
z_rxE8OY|CtD-Gw6z@(VLh#mf*i=j@W6eDfkM%>gThP7HX56)9DF-gxgUfwZR!!2|b
zv(u~J5J3P{Gh+}Z3~z)zeo1!5Z8$^-OBrZptk!IcZJ^a-=4ATU`+N8R=4cJ9&tr^!
z(x7h57Y8hm0{Xh&4=8zb4v5d;5)E4w0E;^@yn`isC+^P&mviuh1n)b^?Ds}i57<ac
z3Zo((KoMwGu`b4~mpMkp-L9eq^7I)bMS!jDigCx!_bdIOzC(8DF#e}$L=&<KAzS&V
z#D;kagb_(cML!$)2xJWH?Oc>%@bG#vk=&#h&4rrpXPITQbvTRqizYVx+tM3#K0wD6
zgPwRhExHlWilgDy#Fu1cOy(IT3u3<g$yo=ub|<p;J%~1uh>kDwF@colREO4epmWha
zW90zSP2u`fSr|ZAP;pI48Dlvfo;45OUXg^npKm2itwVU^8OwLoL##zkNTWot?YKhc
zK(77K=qaJJTB*2cZgO`_?7dQQiY>diQV6#3Exk_)(Vdy4!t1U(qbI^#LLz0Mc+@jQ
zJ<ion-mfF_jA@GJSD)2Z5smrMU_RMVCZVKUa_;x$xNEN^4oN8^B~U2u@;YmT5M6$H
zZol5@gW?MeUu-^XB@c=lelqjE;58Vw+kyWTBag1EPbUJQcrXRqq++^ppdOCf43S53
zM!`TH;o(7%<?C-QGMOE`G{i*53mzcM5SymeM)&j}i4Q(S;@uPl4)<|MYoJHRiv^fT
z?=9?721ooktY24=!v0(d-8l;A#oOdzDe}RPztY(DX)k|03g>ewHH+iF$c*VqbjSEJ
zzt?xlUt|sbiMmR-D{a8+wAbB;X%$%m;3i^PVH7S=5?o>-3K=DTqU?z$b$QyK&W<CJ
z>YvgNZK4K+G+B@dqLKfGx#+iwlZe!^OjW_+lmKzl=U7hOV8W?#RR4w~1wXZw=anBL
zB~N@P-8UelF0n?oSWrhT7ouN~z~&-RP4-=rm0FwnsDdMNzo7i4cwk-9v|jRy@)P0~
z_WWCb)636dd2bNG#LsP+z&NVM!D1Pqe4qF>m`o^@f>#8Yc%?#SMl!zuDl~Zs+Ha&@
za7{$ZBZOBm1-wtR9=HMgJ%gvu1OWx=u@r6ydMI}T_CtU`FfUFD=J&mWusSHJpLtwZ
zQQi-*?2w)^-(JOS4n=IU(h9?@8fz26dBqbYwB-15Cs*!BIFCd+MGI#?$aGGh?;@BH
z-DW5F^Lmj_B>uE6yAlw7oQ=pXdh*h$^Y}jJ{VMK&P&W1i6u|Rg?B7gRd{f@9-%3!b
z!k;T|fJes<^VA{d#f;H>IpP5dxK*#VtW%1Je-1V~rrI2SdS;#}dTJ43^<!nGby63Y
zlSs_94Zmf^bv(_H@)M!Us!xwffR)KdCtU>YJJY9&jwfDm5qsMVL-@W0P@iiZi3q||
z27A$SX&V*CtBdkyNXcP}`Zx(4`@18^kK&z^7Pu-29mBZg56WImrG08&J`!Sm#8RG-
zB0d%4pJTtqfYaXBM{mHI38>{E(OwMLAuh_YRcSY%8lN1^zFHj#-dG>DBMGopX?(_!
zMI-(!yGXbbS}03OOnZ1}(q5Yx;DH3Mr>O#%Ipo_rn`WD4Lu{{Ho%`g{N1kO~8>q|c
z4CKeMkb!-;P<cc(@UV$#{9HpU_rdXyjST;ET86Ak8;>Wr1LZXyd~aRr%lTuPp!u5*
z#v{W>LxWTE4ZNF#fQ(5F^&GAC8KSLyTM)CCR|PcAgYS@C`5gr420?cB_@$l9WW8hZ
zs9kcaw;&A?EG_(vSGtC7V4#1!_aHxM+Dy4({Kmv+1T~HHFN4*h8tH>ck8g<SdhVk-
zMGF=7dfVO%&@(0KwBKXI)om}D*UNDCo~ATU*~Tvj;u=pYhWJ&`>Idd3(-0m2TF(*!
z@xSqhnTh3J_=lN|<G<yf8EqLC(stxOR~plabc~HaII&|qv&5BD=;^enDQ-{izhsu{
zCP~yVN=rWPo`8q2QADOi$UKgsxk|F&3kVHf!pmv|)SBKuQm=cyPfjntT3b_-NX84Q
zvOlCRh<XrHlf|i;R%Y}7OV{;NH`d=zGcR}bkqDtuFv0ax+R|$zodOtPor$kV<eMvd
z1}+phA+~N`F6Gh9y@~hNxQXF6zCza))ju^Hr8D#yq7AC_Ehw`U?=qbExCg#=H=z&P
zTKsF}El|5`BzrTMn{TJnoh)Wzj<JSL4xXw$dM^rdTrdl^A1(T+XgH)~m2u+koe%48
zag-UnHc2H1q$oWr_BNfJ9}OzUtV1ZU;qVM>u$2`U-&C#ic016giu64R$`-U|Tj5R<
zq2?#?%98}m2aSo!)LGx|E`Tkyme?BAQY{mH4K2-SD}$Z7djEGVb&uDx7xW->;IBQh
zt~de@@uP>v_lL_pH=5&WE1QtCswPt~+VpIW=7>jONEIu3K9aV^a9Vs~sGwuvMxy#`
zMVd-gP1JARgsp5Y4KLe6V^#A^%^2eNh82sCz#_0m`yj+X!ikGs1|qq^MKa9(hDinI
zfgm-}tWcu?ik!>f?GE*Xn+^aRs!bu;Q2p^oE!>vZP^wx(jGBnLJ>H(fi8v-xzGwfq
zdVgE8EZo+nr3s8M?W~<GEC&Is3=c8g0m2=)4R{I5ASydKks890#mv>sk@ef>tIyY|
zQ|pf3=c89AwZjH<%7jp$1TuR|J$frx6-^w;mi3`6cnGv_U^G6LizG1-oel;;1M|LV
zVBpp3IssidKFM-5j3jZ)wBNQEDz>lK;D#Pv0PYms5Ki@(ntl7n+S%*Hd*$2MsTE~I
zrp>wozzU$tMg+>JrgIf=!(3o}wc-Bu*r2y8AeM`UQR@BMc%|&_>kctnVWjIeWEXNy
zOsT$GbyeuI(jL)2l;6~H7o9ZJSGZ&6W!MP`D_Yu2By<R-I_^GYzm@{ZbQo@55g)uW
z%8<XuArw>qzM_Gt$_})$U{G|fBUzQJuK2AMa$<8uUL{!fFBJ<O{!BN>!;p2a{w(Hb
zHFmW9ROZ_*$gAnVTP}~Hhdcq+p|+HYr1f!z6ObU*uNR6|7`nwckxNR2IV<#ei>wN0
zI~}aS8=i7tZaiThAcofU_2j5pQJ=+(t92FGpLe5feSujeVN%6E%Y^*4_XXzF+*ew%
zUcTof-W)%>m9KyK&d5s5r_!~jSBbLo^4#;ue(&iY(MauArnJE3=nX_gYksd2klz(*
zAld!;V^pFRK`0(ni~-HM-4f#k?yokhMwiHh=4?HzSKlF0GGoG?#%L6?gPf5&-Is)%
zznK4F@92>L4maCA@D=}oVo987mGXQ~P+iQ(&Mc`R>gibd_ttE#iiNRp2zWYOl5xd=
zHCEv(4!Tjk!^N5+xYVjDMxqz-cKCC$_99sZ0rk3@1b?!t=y!*_k=;k^0r2ShCV0$m
zb?M;E^cd#FUr=OCi~PV)pA>DBqD0#8qWe2~z805IviX8N%k}x`TO3?hkn`7WU#jLe
z=RvK1gY9y~8m*4raH)>UR>&IgO`Q3vyn1&Z-v72}{pk^qu#|B)-JH>1V@~#$D!;Hw
zPxz^DAjLIVvj5UkolERnyAqX2;Ap<NveUhK>Q){v{L`##z^M^Qg35Xh7noTx3#C9p
zk7s4MILJY(Po%MO(aE#psFzpA6&@ky<pF7T#mO7lgG7$u1%yP76Ujr<xCBiQNWvn*
zV5t_{NtCvJ&%W<mAhfqk|CTRvnc%>ZL47$5)$FJ{UNLQ*$ao+piqNmnSDXSP4B`_b
zCe1A{rc_Ha&vX&qK@?|+nD`mJN&_yUiCLE8SOYF{5O>b%-)~&YV(!lW!nW1C<pBWL
ziu_h`Kmi|>h<rG7oAWfG)D3gWx!MP53kPW1Yng+t0ir7N88Qgfm%?_jYP#12k1IxG
znWQzV_cAmc_SYRoX@`Kng8D>pTB^j0OGc}U#e2sW<^D==MVA))i0v+L)A8R9hBRxw
zXCt!wF2$YM7v+|rG|fT}4kqT3zTy}TpmWD%`T`la{F?uiJb(qt>eaMGk*UN%AhsK%
zvj%i%*K;s#kwS!%AGHpv!nC*l@}LP9kUA-@u@d11{9sR(E){YUW=&Oka$ZwTpG?2%
z#xb&{U$Lpd*0R%O+<Ul6S{x<VyNY8n2ozU)w2~sVPp#ctiad;x6~PQ$i<coUr`Wqq
z9v55muN@R(REFzAwUDLV0xu&Z98s%qM`a%|&6^Kqp2Z!@JN%_YxV>)a%;hGwh7IN>
z?<t0s&tOWgj@;=$UDTbG!^I(%qyiDKV)C$3kj3ANO{|L?;@RiOsQ}HP24oI(<uV`^
zVf_^=a|;aP+M$xanx)h(MNf6xzk-fYRRJYQL*Jni`Z4y>sHDdcA?1BogZTb5z{Ns2
zzoey)ZCK2GvjOE86p4f>fR=;&9Q$k?NC&SawHR>y_O(b<MFvp3PO|ltVt;83cGMT`
zrRG5eI9Xor<%IU31u%oD88u)}*uyzQ;||t=a>SdWZx?JW6Z^yQ<P13q_}*FV`ZfC8
zd17@y7SOxj?IfWF-yQQ#zO0Qe_p0{TVs(%F{@sHQC2&H*C~}8Ue#eI98{rOPeeOJ@
z^EVT?tH{F=in7IU!($~AQiQK~=60j(WJ6-2$<qO7?y8>eh1gdpo0@|F*X<W*aZ{X*
z=eyqHLn(u7x%KkaQ_Q$-6tp<Qj=S!w1)Ruk@l&*K7}M9-&6y2Vy+n*PiosR8iTk&J
z|A^4Zu)xj@ezK2cGjhX1{bbm-3PlLi7oqD;yv4sD3p4w_APW~a`+torIx;R><NraH
zd&w1uqYJP2W}k_nO50Lhsaod=bHo-|t*ZM2bn43Iy|Zj!D8v4N;F4>A7?4=S!cx4$
zpId^5jdJY#ubU{3x`3`u@2A-eY^T%C@{O6Dm=KHEx6G5MM7HMa_~!hx0R8K<wZ84o
z*VEjTn{aXqn1I=-a?v+Q8U@x;z(HjDLFD_5!|uhg(wry#l^?kbWtY@x3oqYeLpMW-
z`_svjbFxa^e3BQbMJSSNGQ-dL>G!?kyZu3ibJx?eDgpFqE)U=1kQ;FgZw)uPc$k-u
zCsQ@9ePyCsyWg;KNzPr{m6?2ja*WKS<T3|)UR&J}bS>{)iY@}9(x6VOcJ$1caxLON
z9PHcexk<lws*j+;WCX1-Ci*t^bCRPG-xY&VlIaR49z0gJ%UtzW=Nj#_r1k@>Wmg;2
z2eH4#n0wMEOV7n{#H3{Z2VK5H=L8O?2rZx#LhfaJUExvRu%fCr6f}NlOa%4*G$dIe
zYDu#)>RC^jqQ|{q4^Cq1F%F!<U1t8ZR&UYx5Sa}WWfpw{Z<8_bwe7Yoq1fo;ZmUBZ
z4rx@WiT=CK+~Yk%8)~e*0QNMfA}q(^SeUTAIt_D?$wl^NMZr;NqQjIBj^31pyiAM6
zTqm1M%N>89zkdg-De?Yv_+?3qWcKwS9ESwa9$rqB%!QK{Y-*SA7wR2&jikC3B{<Ur
z4K>FcCxbSJz>yx9xTlNFOLw%{fQ`OO9tcR&sS(lC6GUejjL@(;R-SO2VIn5y7z8VA
zyXEg98pjC;c6F-Y8f2vtd~(^*Dy%FWmJ@s*!9AIU+4`(e^t>_)HH6Uh{;NMNq3OV;
zs0fxhRtzuvARB8B<e;oz2mnVe4>^5D1N|6piNy9IOH1YLqFfs1oOpK#@d`|j4hoY~
zl>Yt~lj76*m+=~EZWJ%wu#^s?h?xOhYA66HlUn!C<Oz*s*ZkTDMQC&5Hyt^wSpzf;
zW#&j#7>5w#bdfwz>z){b58<JN5h}7YyczXAwmTH&oz0iq>;*=48dSw9hgSX>e&#4a
z*4Z)eRBDE#`0TTa1!qzkHhKAa$D?I_XeivhI4Yej_KP2c{7f0P)g_iDswQ*go5umk
znd&O2n$~=it@JUq@n1)XZmI5Wn}on34zDVp`Ao9w>jJJs0pg7mn_iposEuCikU47Z
z*SHdltiTe#)&zAo`W9XKwF*2Xh#QY<F5gsOF%|-iW0LDtXoE;D-VjE_Y;=x(7Jn7w
zU9RC;V~BoUB9is_W$FZEVEX>`ITRz{7cvC{N%MNLN<%b5{7DVOT|)S`+sz5?%bgsR
z0{#_@fLY3LJB~VNwcCJ4viS@i>Te`#9exA)myI?cvG=^H6zO1TH{tsBM&<7ebaJJ?
zuMY^p0>qBZ94ymajeKHZ9rpDn5%XHS;JZ$gG@j*Y>iC{7M5Tj7Xh9EOk@vg)dZdw9
zoxj0DLfFW=x>Xi(^@{6MpZe}V5hm8HVAi%)oFB04M|=bN#v$N1@OOxA*PyVJ1e^4I
zcg?`HPIGV;CfNM)zc~0n1ga7en5>Zt8#YNW6*U(=t)A|$me^;~PsYw{YR{rqR6fVg
z5H|?2Ny{!%e|T}Fr8}KyA}?piWFO;874$*)G;p@{F~LF$4yu+N0|<LHFRiWhhA^jW
z>l1BkJt6HJ>e+|w+OoqR?bZG~ST*~+wrGVJ_|b_RKWIn4JwBPdt~j@EUt@lRpV{8E
zAmO#b3bQfaJu_qjf~c9Vg_e=rR+|?CB$4)YNxr{0*3ZGaym!OB_7%kQaR;Ga>PWBz
z-9#F^wF&Y1HCpm=mV@{aiRd5o;z>(5+2RsNNJ_B9BsrrJ)L9@0qJ}WWwtlFgv}6ut
zWter7l^hlH_WaT-<BUUVLB5{4`ZAA=R6QMoo{`8_kOJz(T9@Y@J<zTmRRcNU`(*@v
zWWaz+2K{yP?y3#8fw|kN(HBQ%4G1{$g=0SM0nbjIyWoz{!vo!*=PA%<zP7d$)E?cM
zwM`Y%2HYdt$7n93Eo*BIx1bW1Ybn#%j&LrSFgRj?qxYS|!_@PVJgQ`XKhNG7>jeB4
zXfg223~uanEPw{84&2M&W)xgJ{omd$MGj!>tR}3ylPHSa6AahoK_E70^l3;tT~v(p
z!bk!F>A1EXGs(brjlHY8*j9A#wRJ|I0%sRY*-2CtvOJKV7H~s$pH6E4+wzn0KnXw-
zGHSeL1_`S{_;SGJ%@Cy@R#K_~{p6llG2PQb^u3*V=FgP+9beJ7VQVn|_{V@Xq?a;n
zpHCM&&tAIpvy-MNVLJT^jMSS{NMMjIJ8z}pM(HFQD-3vXK)wokB4bl5)RLX(c-%o3
zKu`k!LC6EUO2MC0j1rI74l=l}NdC*YMO?GUO5LKFuoLLnnD&oG=)ujil^VR31|qRR
z3CtTxK;sTwb$0h-wBN+ey@`(hgCYl6T0HvKuG`tw&Vqn)=ptVR$40qE&NbpN>H+ty
z_)+E1J&`<M7*(ROf+3!gsJKavFLx?2K_hB#o)YeUS`6=k2u3W*g#$R^79*my6-(a$
zgKVew<*l=P-pPJ>gTzFuROzW!kTj$k(Qp0`tc`@((zgE(TJUI?#%}=WD1^05AXc8~
zEsM@t64|ymHI_$~%4A6!MyGRN(CPB3pay~^zK-6}d%PNGYeCvOKNV#yPAvol_8y6H
zjW7JsS`y3XoqL{}@|3T^b3!vS#JBWK3`0v~?HN|*`ko+|?pJN()!rlw5xni%&YVb}
zm3H4W`B6g5M=BUT;L!PnGiY>Muor8Y^j1Tg8Ctb#`zy92=EKK&AW;c{?{3lDpe;6V
zCyVvcRl)l{3U(tQc+gv~uxPOn6{G&6eC*P`H>S1{zT>g(SlG`{3I!~GTT^a<ZCD}-
zhP|~+5tWCzqSC4Z8FZC@b=qN}>W_e|VMo^rIDN!N4{5^|?^)82&A@KAotGbU>1R_<
zpFs#%KwRm^*3}>oWfLo-!<KAQe1fUT$xAhmQtf6IVyO-=tANz*G*McDHHbQrxF{7@
z0FsP6@FknR4VHBSaFQ~DvCjMugqJPw3RFiTQX-?9D4?Q=X%8l!EM*>ongZ?F)D3xd
zwTLXIpbssdFH5dHOs`(_8Gv>cp^_6!gbF%B8ZY4y=H<d=c~<Fz@CN&InzVR)ZNIhj
zFvVp(5<|Q=8LhqAN*48vO;P!tDrwEtL{(-fIIE0Uq<#6)sOo|u#cq<S*d&|DYb=SZ
zXJC{WTXAGYkVuyc^xj#61E>w6G_V>~PCkeRZA)asXfOy=H@KY;SEVqV%WiD(Y|Wgk
z1`xs7<o&%z;zb+f7**S+Mo;Z+Vj7P9t4#y!-Mg-8@cd|v{+jy6;nfP(ijC`t!#Y?!
z5tFwZMHzqdx9yDFw)|>Bgp-4(=93Y%gBA(k$p25vM*&<1<XLvWXeB4ytxC1KuLd1+
z;T-jWR3fe=kFEMI2o2xotD4#!4?uPP9#wjEAUb%gErwpY*&}vN#vv^=3fv#s@^V8O
z2>s%U5%c52Tgn0T*{&<hXA57#?ub4>vcJ7#{Atv!$6Q&XiP3A#yYggrQSoDdZ1*&5
zH@KcE_ICfn7=ZqMb|RAokmFv9zM~%NvHxaqZHN!dkbjjycupifHF|{or(cahv|)B{
zxH}Fd`=MRW70?<F(pF}=f1I9I&0%5F`y1l&)aPpORWm^y{vdEHqa$;8Rk1gK2D(&s
zf`q-LQxA=5AyP>hH>>}y{y=*!n+yb&MLI9kI3VIUAr-u9CrwEi#j0{xa*Lby5{7_U
z1(zU2@Dlw>N%MyKYxoB^EsfgkU-+Db`+xH}D-%2Cf6M1Lx?A?R6UcsR8q+Gm19|Ry
zjKGggzwk_rY*Fe1fi|u|&6L_uR8%Fk^uPS%Uvz!eT?)BU@cI$c!c-OH+|&S-Dm(0D
z8)Gr%0RqLjdxE+-y<XL7|0$6+ULW$9Oe0O%nOBg>o?jo*e3(77-*g&B%e^|u%?9+o
zHex)S)*{_}fZI3Y1;B8ApKK!fKdE1wV;?l(G}DD=JR`}(EUiQYD9t80V=2`TxM{&f
zt~iNCipLaP&3Mh;9MX`-9Tl#s7Y9g3yGXYkH$Le?HFo^8bjeAf<zU(KqQ;Voqkfs(
z(XH&$!5g(;JX&ub3+A51bd8uuW4MSysmJ#0+D22~a$KoNH>8Ac3=#VHT2%q};1%#p
zLTh(l<X>Q0>&@M}6)rwLPZ~&`KZmDSb8EZ;ad$Ee_lFGWSGdKPh&uCaV{3;*1pZ2w
zDypan3cOq%f-h7z^Rh8zDZrwfts4E|=HvjgUW|;wGRtE`L0ga?S-4%nZHPAvVHH>r
zctm?{oU_Ttf=5}XNA4`c7QILb#}KiFgor`@E(CeiJ}8n`P^L~lNmHD}J(sD|A0!W$
z2z;zOR=~9Q;eSFBW=(^hihvlkzJW^S_-GLLIMK+`JBSxFPmwGssW&?3NzQ37{F&RB
zvj|{J(t-@Y$N2M`$*j@-=2wmrrms~*OA)&UVL;6LU3E7qjm&R4lUKA<^hD_qoH6g^
zrcInDRX(CRv?(r1^=ckGS!;XlCoZZlYZXzcm!wV#ecWl3(d|miu{^dgBHQ}7DN!sO
zp$zv-jQe0S5dlEXFL-ey@+nlfp|E-R{x?6Rim+luE*ZKahoI47CCw>o8@wW<=2B?*
zaJ}aYXY2-Tcl=e<Kbkq)4|fM2A@`+@WXa7T^}>qh2d4ZIuW>ef+`go-K0+;!A}?HY
z(!qSs^K1bxXG2IE2<Wm5`)Um#prpL&%u&}CaN_(pF%`%erkN~`;cR2zCgd_Y+m`a^
zG2_P>A7G(lCXHw-t1t74*P`%PC_`olRsGdfrx%WvSoxZ-<Jew)vkwD?RopKIY1F6n
z?QZ;fs_wYDso>|7DL!Tg9!t&D1)G2m&sKgOy-!8^MOPhC%2ejLgBtACF=c1B*gH<%
zMF2-~kmgwuz#UUwi}c>B0S3$<5~?cg12&%)YWTQxX?~snT&<O^df(TFq~Z{w{VmBy
z_eiOx%B+=L0HFpC8ES;e!5{T4b}nm=3we4Lg{`&bC`df+gfkGFf<t0{x#<)(E9bX!
zmcXcBOLx)Y$8Z)~w@<I9tEOcv=-&`7L7*j1hZvk9{)l*>Y!NEbnihnuR*3^`YH4aD
zT=y!dk-xQBCHMc7EB`s*{3g7H$c9W*dtF0$m)E8=H*E`?SIH=^9IXlOEY=5wlDCSq
z5FY^;gd<NWy?{TRUk%a|r-o1aE>x_v@`x`}$_+M3|JWw3Pc9m+4RU0i`ZdGefs}U=
zyx^cee(bJV^3`E+{+2Kj_9MieE-*k5EG4NbBCZct>i4m{4nnSjjSx$^wpkyYtrUgn
z!mPQRxvA6{wN-_me}Hc~CkWC@do^)2V!f1*gB+|rn;P3W7c?T<LTGR#<&CB5vVdr2
z4W-9cAR9!LcR6>{zz%G=r2Kk$9mXKk*xI>5tFjhvnJ+G%F<-Q5_Fh;rPvY{OPbkKZ
zp%+1O{iNu>rRh_OU(`<Xj~3&K{e<e{wht4v6z!|i%SQsH&oNg(0S04|#S=)Z$P^;a
z#wPQ%FvE_$Q@;YBJeZ6Oy82)r>O-ACowbTE4wi*9MFSq&vjOR?KZY2HQ*#EBcbsbz
za>k~!X~jRe*Qi7@4=*BfIF=P>QnWvsZ&ANm)Z*<*hM;}856#no<ojNbhvpP2qeS~h
zuttCyHVL3|?EWHaBUd3yps`JMK>eeh8-aqU!SWqh-hY86LG20lH#Ai8HesF~qE4&y
zuhy;aX!CFD*1|y1emnN=)I?W%052g`oX|IIzbn^A>$ok0Ec`(=>e{GV9cdsQMnWhp
z<APxhaRFmLW{x;$RXn5`=JF%~SC))FhjQ2zhan8#OtVvnf%5$A)cSfb>N8$3a*EKm
zVce>>yJu_fF_IpN>FA^dzg2hJR*ml)-S~1c&!uc!P-H}?ss>vULPdQ&h#-<ucB7Z*
zAwZ+?GI4zpVM%oCH%CFP=~%rsc!aA^Yq<_%QwL6vUI{R3wDb&NF3grx-rbWcf!45h
z#D!9h#kHq2KIoyDt!cE5(=^w)5lxC5Icqrps_e3&@scbqVYxA9Pjv-C1UI}6tQ!z*
z&J>z;Ie9%i%%S)7z@8_Xu=hm`X*8J#mb<gd%HUHyUO#qaG9k4Q^u2HFgtK$*K)05m
zYu-*zZ9*U+>~#!79yy<Rzl9ygud9o4U?lu<fZp}!+uQ|?;4b<)eKvWp<6^%b0uiov
zHxSsv%;%hV0+IiHYtMCexH#!Oeh1^!dn2KVF;n;a!G`^dM8Vehw$Xd)O3`ShO?~VS
zN~_%$Up{qE?BKCYaUe-}{av5Ef8P}Bm5U0Sy!dK8-M3e({?0CDOj*Odo|S?xenCw#
zg;gTqM&iYT-rVC;1J^0(LdF5ha62N{t#uQj%yNaib>fdy<X=+j`ZM5_-i~mWQp~)&
z#1vgKMJe}Tcc&mJ?t!<g)g0Ol<uIAq8LE9K!wXFhx<@@$kT4%Q`1UP7tvxRbA4gU4
zh5LXFJ74`GKg$U)lAL%RSsIQGxu|myV^*gS0W#%85<c5uWD{A_H>gdrg&A*a>_0QO
z11vSS8NEx{p+PwowGs~{!v3Ju;IZXPV<@902tQTj_N{WDx2!mc0Vd+dbGE}%A;Ltc
z@J&6&{6It**~TQ91%{A<@CZh>MZkZT;O3!$ATs#afV|^$(2ghpdfVIEZKtfo<2moH
z3iByZUx-R@zAD-8(wG{R_X{@|9iY?oyr(akgwGd)R9Um?9HR34RTF^u2Ezcwca#)J
zS(gvZB>b@m(GjH5q!kB`sV)3P9VOOsXcB3m&HGMM8WmB_5h$$g6z7Nd><<MofM0x6
zU(Hru9%j~iy&(Npc=)|sSE6vZ21OA^)C<3b4BTz5b6bdY_UH{FVkEp@q2eS|3P>If
zB8PxltMuK1GJUj9mPOd5e98gVeaSOq8Q#Koj)m^gLUF0Ky3P@5i(rTcR+3vQg}j7A
zx^9`rtY7Y_45~?ZZrxCs#NXGWN5O0$PIHD=n++p*KOW(z=9oI9weZ693vZ!`SF?QR
z+>t#HRMaKQQ7{EQv3!1o3QA9sS@V(2@gwn(iw#-iRaJ`SH%B6K?P7hvHO>f@C!XH{
zWPSQqvhNYa0R4+t6)xXoJBcmO^--;aaOK;p4aClAumzb1Ut{xayGKdx7*A5?J&3(2
ze&#m9{SAGUT}`k_9^#m9ex}>xG;`!t9>3#YX{IqTU;d*Is8AXv`ZehoExEd#5?~o+
zmJkP-c)1WyRC^D2%;JEkwdRdWk|Bd$KbZgiEAvj(=x&8L<H{#ZP%+=M^DQ8ufYL#A
z9L$99ES&qSryl0M#_tb};g8!sCIzxKN_ff<qG5td{1MV<{?{Oae3G?$xJm>y*wnN*
z@ibCsfj&Ebw4E;`m<LIdoZ#<y31lb^d7@=75F>Hu5Mxo{<qp5mH&9V4dzhyN=xnDW
zupq(2Usxp=WTy{Ou}|U3%e&rOK?0HzR8hy<FE~s)cII03Y3<$CeKwhVXiap6EAz-*
z@NiEB2%q2hjYZ5F@ocA2ESVa9Mu?Sbzxnjsj4Y@Y&K95H=ED%5T~>?096cR*;eNyF
z^UA1{Cu-8$Mtv8{<+fI&eUrxKx;vYc*S(K<>(do`TCQJ~6LbENM9B`%%ahOd_uk~^
zi_`Dr<$uXiB&XN~JSJr;^_HJ3pdvo>w-1&f2o78{P)9WiAa(9B?n^9E_o-bY68cSy
zQ$A8J-6c4<lMeQ!-IU}Rw<?hk!@<K_3|LP0?#qWbeg~`@shG1L2r5yT-GmOB(kyJf
zf&Ln!%N%#!J1v|Htt|3kYWx9yWLCKPmlp)<zbX8j|E&Js`2V}0Z*;X>w!~5V*Xn=W
zh@{a$9(Bg6em115q)OY_;q{Jq6_9Nji;>|cw%PoAJ>zjfVCj-jO=$IHFmYS{byWyh
z`jQjj^2tBA4u{=-{ror?nOaje2O|xJpJ3QC3&AOAoj^N{V9M0nHSJ^gZse&+@6-E!
zePlNQ48V~hw3`S<y%IO_{q8^-iMYFtc)VaVh_<W{>PP`l^C6%Ki60O}S?8XBQI~#J
z&<aK^ZBm7inT2MwV;vDmt&U2Pxyslnt%;FN>_=ZJWe>4f2s1iPB6J={u%w=(kjRJh
z9X+n@3>_PH>)#BXJh;2HXcQrlshWbs(Ae~jq=XAKMnj>nVn@X>rC4Lp<nc&EEp!!H
zDie1@VX+M6=n#fR9BS$NtVWl>A0$;#YTC6-McBq5zhRN))y1<HN#ZEE;UedWr*S7%
z^(1}MJOGg(C6;x#1cjSUiZu08=b)4%jPg{+z6(?;@mCPceM((f4#&hy|6suOY<NL=
zwRZ`;SIY&W^kXN0a2f`&L1K}>K@->mJcls0z6SIjj;}j@1x2{XG3s+PbnQobdUHiq
ze>b5)s1sRcy3At!Z2N9*+q&O<#nh##GJap3WoG4;Nm6BI=&`~<lP4PQd1vOQtJ1H2
zzc(OYVodhIhP|w(vIeIhKWM8qT67YOdPJcS7YHmV1V3Q@boIO*1@(Jykz%I~nt>%D
zi!#mCwPW^uhc)BAK8(Sk03khZ!0(u&kxJM0-8LC8_&;BW*&0`2745@7i?klJI!;A|
zm=4m+v0n{=U$$gS@hlCnw8h19bHux0aU@6#j~;-ID(wKXq9=l5iylkAN=4L=;fkB$
zLa+-`rco>*DK_*=VD*iQblVw>Th~wLSVFHFJ%bc*gS}R#fRZIOwUI`()RJq~U@b?Y
z`r7BryMX$DQgQ+D!lh#6Nu5M;5p!kyvKWL4iH_+CMfHWE9JXD}3@L)nDaay*qje;>
z`jy)+G&0WP+s`wHMx}}dQOmbnr5EdcaJIe;qC8I|!iBiygM|}R^K5LJ-k_Y^^}y>Q
zM^dC1w1}+U(}pF&z8Lbp_uba5HOT1dw7#W~9%-2!xqkI>Wg-o!h!Gw3kWDngWmSK6
zstU!3`8S(Mm~$JhA4;<n77tR357}&=Dk0ZJQd&x`Ry>gD7EGuJg58xdZ3svMdl_Fn
zK%ZI~r-E3NEmS=y(kKm%gA9lM+_E(c0KxA6`-}P&HSiJ$nDlSEDX_!2!9Sa;>ICIF
zfzlY7FQJQN5F=crgxJU`*bRCwi!dTQLF|7Eu-X$>#s|&>fVCru$*04w*lt+8QMo6<
zTU6V904~}Jtv3|~EPad{X#cXpO8vx0n=F;lOKfbWRE+e!jLooHUN~iW&(4|j{9eX%
zAFcQ$$diYpK3w#w`}5%RWJP^!?AE@k)i3yd7yohZWkYTQy(gk~*%tC;fcOUR|2VMk
zjkV{t-Mw4o6zcgg^7}dP_tVAa{K)<B|6wpAhrsRq#}{1=QKe~39`iaX)2u3nqFoSG
zgO$c<RZdHeLQ8k5of+s?F67K*O|*R3e)Z8>4xW>H?co4@w2JZ_ppkuKu(&^lY(LjQ
z>I{fUTpR(B%3UEixiD?(uMjF8i}8`C%E*fB7gs2{zxV+SRVY(_l}<+!(1n08sAO9K
zV+O8XJj~9^zp_`46bAnzjhGfy!*W5YE(~e`;XVDQZZ5#Q-_3Ls6TcJL%#{Fl*2R=5
zAO4Js<-DQrvh85FDOn?X2n;fohSx+$pw7Cu>y=vkt%DSlKhAB{jDQ%(QaX+|;iDk!
z*nbZ-v?u6AzWE)EG;(gt2Nf<9nU5*_42#|;gE+3l2s>S|Qqo14UVjqB@LO0fYnCEP
zJ12I3Aumi(e(?szXl4w{25x7T*w%7TJCBOw=-mB*EgV^@D_1D4?5q(X*aiXMW}168
z(w<Drr84BGzHnnrLoLR}wF}ZMN1cjI^yh@^Fgxcb@ET6c9c34+f`V1k_xv~z9Zm_>
zL3I-z5G_bhob_wN;<PcABSQE@za5^izlpmzHSfx`M$UVRr&f`)cLeF8wm-r;q*cOk
zS4h=`xQyzq>!f?`@e+ATIoyjV>Rc;@QM9$FqG%&CNI|W5LoccMWkOY`dFzhH()|*d
z@hrj3cy*}F1~UQF)~Cn2>%!eAon)y6Ofpm65T1`^4a#Iwssq(T%7{vhJ|Dzr#l%rY
zj1B4~>^+puJb}6`lM{a{rnD`)kmpi1T-Z(?fE60PG)`1i=a6Is$q0)T+k#d)qh@V9
zikj{Al9OvJ*t=pWe1<In^5k-b>K$x7mj%>j(9b;r^`F~%Pe@t(lca6Py<M{fKh6dt
z`!EOsRkFa+*fE?plHH8%49)rxr@IyhLrECXX-&!fit8#RtB?(A5p@+96Q1!b&_;et
z{s3-hdwtFD8)sS}aZ6apDxu6hKV(|AAuot!mr_DZwXb~mXnxb{MvDU_c{^psoeDck
zx9Dp{!gEn7C6>F_yUd7;fH`J3pC|@RQ$3G5#`^{F@M#-aAlvN+DPZ;M=xQ*(<=)OF
zrNLrLv16fMqRSsvr-oLAVD@re-KdXt)=@+!w4z<D!{>PfKNRW1q^ee!KIp!vb}+KO
zRqgmUM`~SF%od;USZFEQB0lCe$N0o<7%bEunv6c^8F)Q-Oq443-7QDp^vQWhI}w)_
zZN7Ap^+nvW6>6YM)MX0dj%A=;isE68C3Yz&b5|*0!zuGXNIqy}875_m6d2Q(b5!D?
zsB<)6$Cyg51SoKFSfk`K<X&DH(Q7sEiQF)LkTe2V%cmvpZasRJy7R#n9F3waa&hI9
ztLySoqG&b%L~>fk#sK<Mkc>Ld*JLCJeuWm^^OhUSE7hW!<yT%3^}zCp@l^fwmWKLa
z`O3~1(dRDzdGHTcjfccbSkjl-iJ&`SyMCt6&rf`~^YBA6cy=IRpnZ?is*l|rZNd3D
zuhza0n|Iz&hQn7pt%UX9h@R1ixF+pKQ81n_qS5k4Me0SJZ{cU}m!g%(U|0Ex=N22~
z!{MVld{jA}$;2OZ!RE+TRdj)yWEz?m5Y6iyiWXxf?-#YCK)_SWL6P@IZmW$x-nqvq
zT2WL#UyC0g4zN^@HI?Uopqv5{(3nwkhE=dkmC-XLXM4mfraF29^uX5{jN$Q4m8Cb*
zNXoC2xJHK}!DYLom}-eYo9S$U#(6GiKXAJvc$bwiZ}`}0qszcl2#N^QuXWKamqn+f
zrg09X|NQb7n^OLUL+-Zs`EpiGLR{T#qI1+=n?15^lgSI@O1pPwMc=!3)9W_}!dErO
zeg51__K_35zZQN{p}cPWc*I65alKLO!a7)!&6d9sIa4Cpk$jFxxp=l9QCpt7`<5F6
zJg~T#`UPL9#Jeo&QF2q(cO<-fP5fh3)>O4OLb-bQY&nlwj1!GtjaQ}86V8M4pISL2
z=I2r|Dk)~4;X!*<T=BU@VtmMO`*@%AY`En7(S$?W?Y%@#qL+lr0iW}0Wk^s9)h{bV
z62cP)rj{Sc0ZhOkU_YDY%K-_CDjzC7`yhXX5ZL?nO{^G)eEgT5E;W8{)O_YANMJW7
z%JnWvlQ;Gb5ctRs5RkO#zws{{^S>zQtla<a8{mJ#zd8=2?dbk5^%>z935n=KALRXi
zS}dc$W-w-OsOD`6OucNYtEa?qypjX<T*k3y9EUr{(_U8nHt?;e^brL8&v?U2tlZNV
zuJ15gK7SZBF!%f!MgK=azvM6xMk!YN9|`@E;=}B5?n>{EU&pa~l7W0^Lh|8vlAQU7
zM|z+B*XzxTG^b4li(C%VhANhE2OK+J3b|f$33-^1pzm+FDjM?$mMWS@4z$RRD=4)h
znukZ{$=KYU!l<;B%nBZ{m?pIY&Xh&f*fdEW%VZ(FnDh}{^9a_Ks%Yx8f23^~vHB_H
zE+uKC8N}X?vRe(+RMO}9N-<AHuOt5O7m|f5bCE2n>SFowFo<|%vnBEJKHzAlTl!UQ
zRiVg&!zDZ#L9+^K$=5OQ=xdaF8w3R&zET`0paO$1eBMpu5MHg+i%WXJzpIG7HsV}x
z24ohZ9&_U&MJiE_SYIiqmR_b~c^fh2NO5V3bxmDUeB2C`s;C5K7s^$<5DnG&es0Up
z0gIxn#xao=Jk~ZeDP%aZoZt~!10)6s$M%kjr@B}39mHT0&5oQTRC!GdoRrY%pKOen
z>r)CUqj*k0%pxJRyMt?(0o`4%Hz03u=5$BGNVH~U<gWVnwtu=_|54R<`lkq44fV11
zd<<OGin7e7t^p%`%27v(>GPtFtH0=ZJRE-@x@ZKT!aojzZ-u^=czvg!T8qQ(q`{Z?
zKdTt<1e(A85&@@m)OBG72T8O20#e-sCZD;Glcw{-=;EKV<|f>`ME0fad%U^uol1qM
zCZaGr-t<4&l6bPC$5CM&Ehg-hW%L+!^kFxIzKY}O*>PHGG1nN|%D6tSCf&@Ga0OTf
zHR1^2iAJ%jYF}5=rJ!V*r!i@I@?X;ugQ=CJ`@=hyPO*&$oUdzkHGkxSsv^Ui=AaV0
zEd~3P9@V@0+VgPaSY}L6dkjON6SuGviK8uv&=RZ`*eOcnV??H3l&5}1NChA8tnmdW
z8Pcst;1CU$<oC!g0<98r1cyqOn2P}KBp4sXFlF?HnSS743L5CvKt>Mu&f|?p7+O7C
zG`7478d|~AnIP!~L8(>!-gt*Vy);(dUfXcZo-K1Zw|#5=DeJO6h%D@c^N77|vrHKB
znPRzs`}<*)cvZ+?C{lHE!G{&kCR)d&OKqkwxF?)#>A(c()>z*x@kbt54YhXi{W~Qn
zK3=YD##rHRv~`TZ=RMl?1!kv#0VxpkC?n0G;j=igaNZ$ypLxs&fAMEvl9s=G-b0CL
ze<t5QvpgmL=RD*v+TZ0@$`_{zcV@x<3f9b7!BD!z!ciuhDf5Id-hN<q&M*y5el66Q
zq$mX^R!eNer#r+USdnP2jc&^uHA4zz(P?gEDWPq%Civi!Kq-=@_*y#Q0qgKV3uSB6
zOEyYbc?3FgLbWN6%<4l)y?Izyhr0Z`sO_zpK?Y6;&Dt>8g5@5EL}YCc;#FWuafqcP
z%bCi^m%5b^tP<LKSu(}^M$T+ykSD0@>A(jLfstrHO1}O{SExL!j}JYcD&&~BSujsl
z@*~OMYa7e;1ZcXa8{n89<3UptSvI2^6D^>_bJBR__yR>N#luAzI23EllhY`(()Ota
zK}<{Y5dz6hXauQ9jc$J=jl}7N%DHS?jP%6u3uEFRSFKCvaAh;)LPMRTA)4S)%(Na?
zAm*O_1UPY{Ps>L6@NG=JnzDcRH4buqsJ$K@C|6F{dQDLH7?2&)sC0j#6k);oEz)sx
zl-!q!tiR1TL&)I4F;vDiGT@Yg9Z;ZmW{YF<O>aqnZ6A*EaX~=@L+HH7;Rc4Zx#Y@a
zI7&c|Yagc#C7zbdnG=a}+Z*D}klK!xf%FV)5*X2NPpTS+RK8mZ0fmIPS}>>X6W^e0
zNavYWlO_dvJ}QwB6Z<;SCrQeMfbF;Cq)W+x74MJ{!-ep<r@#-CXXv8}t3jwkXC**m
z4%CJsG5E$Qb`u0R2(@BSiOE5?z1iZgx-<Le;9rI-MC(Nn{kE(eNz1u>?nEi#CLN8z
z@22w^)z@HeSq6%@PtdgL;vX=s_{c(mr{IxzK~#e;?5qA@ek~UUhHwlX1WJ1=#v`w{
zVzDBTs!#!?Fh;p_B0-(~J!kZFUZ(nzQBfBaoV-LjZ|6NQLwxTL_(2|+`HWu$BEWta
z63iF-kE>an%Q&=?8XF%sN>nE_JsIJ!96=nrsKf3>+oN^)+|^XM2E4LgeUsFwCyM)o
zn9sQC;kfR^&p)|nkIlcX*2SVlWl|iNsn~A$B$<jqMnWy5{1}+$G-3g?m!P$$V>Fi4
zFYZK5gWcF`qVR+~aw+kSC|$+s=J=AJXGB#}<wArJ;lSi|Q$Fp@KHXu66>8MY)0m1A
zJ^LSf#Pq_`c6hzUn{BVmoqw<~`m~u!aJmEy@6_;danOLBv!NrWv`Xb!YJLarZ2t@_
zZN&VgR8|ypl*Wm$yV}cuhH%Rf#EC^jjG}**lJr+jne@0qj;Z{Kmu#ugJ=5m6`XiYR
z{}sjNgQz5<;0@{tB_#A+?_~pg_%WqAxl#sh&7&(|BTflh^(r|f++|s{RF50ff~9p>
z{Y8F?_2jP@7nuteee;&;n&Q)Aw6XeewQp>Wa)?Lv)}^VOmU(8qdh`9Qd$VrXy@x~(
zbv10`o`1cLhZglbr@0Yv)qxtxL4C7c9u82Aa^)7}bjxiD#$M~DeSSq*{*BQ7Xr*_*
zanH?BhYgu~Z=a%j()M?z_9Y{c`0CF~(XVzPEAH0&hFvr-z)B62LbMwo)&V5%l*ulF
z%$lP4@x&H3we}IDC-J98Z+k}rD=5DEW5iBPPfP0iAKvQf!LeVD>Fd`eTmvC4H0@+C
zCkNv6h<>xx8g$9+vjqOTgJB5Iu0CEXF!%Inj``;?ILIKKz0Ulq)uX8c45NC)xs4uk
zv`m+Itx){hvZGH<`5+z~0gPgJJ4Im90onp_S%}&8H_30FLz<j6fy92H@@LiG8)w>m
zWL1Isj`Rd-p}-2Dlh4P$JrPtFyTPV)ybExQjmSI&`^QD_c+6s|C$2_zcqABDtRI)m
z{ixSVI<{&aZwL>%^PjT6dNlj9!78Zxu{SGGeCl8Bc0;8$Q`4{ZI2ksFnk8&zY{Vw~
zbZm?1z|Rd)Ed?_nLL-)&IFg425Ki-}F&wB@9)qZcCP{vzx_BYP5a=ERYLxdD^so#C
z9N-7)g$pU5Tv$6hq4U*G#=e~UU{CZDo$a`{bJ2{PQfH3|y%O<SpRA&rSOq=)4`uHZ
zBucbx3zqF&wr$(CZQHhO+qSEA*|u%lM(^9*(eWbg`8b`iBJz9XPmVb>pW8f4O!ht$
z4a5H8%ofSoAa`!}S%T!j+)(ncAU$?gx^#E=h>X(nvNJvDzo?z-I8Va0@&m%V`*f?%
zCgmVOG3EFyGwjP1E@bvO#0ON_Bi;Y$xL6{=gv*qIlZmR#F<0@zU9<Wo6gFDLCB*Vq
zw-l4qpWwq4IGVwpQgHS%NS2b4<BS|VDXx>`B36Qzul2j*-TvcBocTj!BRzw^vS0I2
z7@)bw&gGczX`g>k900`zLa1V=b=phkI-GzU#bki6N?0MsK`yDZ)8RgdVe@@)_L5n%
z|22617PGtpg+x72>{c6)GhjR3sNSWO8ta{84VJxl@7#h?KL_5o{GgxnF$t4SXlsgs
zyRe$f@`TkykJ`8N=MTs*-YCfQNo8gFpcV5xLhJwu?9p6!<&J!=^w2PwKdyc=C#0ct
zzPJ-AG8cJ2A#xGnjff+=?apkiEDNFjFql1zAS#$`S9!{^L!c92#<?&4<_X@?{ZS>#
zgqinTxcOI?;C#a<O)t{Y8!fD5SezlkQY)aPtu~1R5+IORoj3jImtsKuy6t^0_HPE-
zc%Kx@_E90kVEc%{7h>+NJn1T1)U(bTyVM6Pz3lZWCoNvPCg}Bx3LNyc(rsjGc2{Ug
zpXYI!ES{HnSWu%ZK<_Y47BlvK$OA=IspLRLs-&DPDty%T0p_VPWe{qkegU$EgTB2F
zl7_@(TSA+MMwQ(@9HwxQ(cx#~pQby@tX^OXbufh{!~3~D;p$#$N~x1^+0pk(_7G|f
zLQxkTnEMs0aJ2~c@WKlqWlIU_<~28QpyK$lFxs7Dd|Za_$>b0T2A-jaovmP40#^QP
z`O+CGScEd(sF@5XID8dfEJ=mW>@5zK8Gd<X8XCwb-oKhC(N!E7IBKg_((W_sS7~eo
z3!fS|$YFN$)cwD103+Mic*kk4$D8k_K5g5lIF%T7!4H})yw2^SR9Ks!IZaiU>p0zW
z$3@s1cLTI!poItH@Vwei<efqb{ULYGP2GTM4N^N2O1R$l#KWoq{5ET(_`K{<h<Qja
z`Uo^LMOO-x+yWFZUIU>9b%J1HGOktYjv2R+4}V0Tz38v8YrOMb-rBP$z<&gD_ovOL
z!xjRGINH&<vMvo<AtGQAa#3PFL4<UX#||lai!<ks(|hOH6rp(^LEuAd9e|d^Y#o|7
z&)L3rA1qclql4Ay2I2&wq0j3cH!b!0giZQ%zTx-h7zF-<9>K!&zvnSV7N-9?Bsu&q
zBzf45*z>7&N3JFcu@fipPG7-o+18jfRHY1e$zyIDTN6z(ePLks>%)t%2h1!!Z)Epk
zn8>(x_A__((;=X_h0^?X2^zD?M@#Gbi$(w?8c`IB5+w)vClS2{>VFy{(4saEM%NE|
zxRcYI2!^b?d8%)3=>BHl!0)GpIeK8-$S%`4x^8v%ep%dK59gu%1H<%F!qBSprs2n}
zb1O(Okg8cxcz%V$G(Yb)0uc_S?v<goPzChD6kB}AeA-`3<q@Z~nJvsg1vCE$Ztkt?
zm&?O%FiUj?Bi)D|pHQR{g1?^oVb9yG(Gz}co4Sr%TszmS$3JQMV=f+EnmDU(v-KRJ
zNCtTsMEQ&H9L#M{z$X?G%uy#kP2Y~3V8)kfpDU1J#VRcxos%5Y9Wh|G2Z!f?m&ydd
z_?)+vBFI)d-#u({mAlyrA$)=4=c36{Wa25EGc|BV{4+~JwfXf8Ot@kl0|;j3=;aPt
z5C_WHzecVN5elX0ZlOLK*T9(I)J|}q6p$#@EBKNj@ye8k&*A0TcJF%t%Ea<7Do#U&
zI)@OBVAdAl%!WXFMmzOzKRP=ppV|9@fBewE`A%F=Yl5)d0LS7|)P~RMU$MZrESIpU
zB8F{DVxR_od^vMlL^&4>KM0LnIgF?sv{#7W%2LwY@D5kMAJU&;rP`5sDk|*M`Io3K
zVUMZFz;$=lE#lIZS2qP7YLf=hOb(9!&AH~$H!w@W>!jrkUkenIi8=N{C^bTYvJ$ot
z4KLB~TqIgXD3>*Pt+*yb^_J@#YQYt`XifL={p|By>sC?N2S2H8lH!>n*r7ze#UsS(
zURq08{4sa=B0w%sPK-40ktL58*^r^~SI4z$mkRATWT_p<Ha|$se5Z3GxXK46=HS1&
z#)I9Yu&KR};;IO=)=-J=km6MVAO-4R#94sjNLo$Q=p;-PvVQ{b>C@)om#Kof(3zYi
zCHc{ajX<@LFPBb<k^U@agQ(V9ZaSl@()D8w<WMIIoXt^>uk#4?mD6JoS7wIyBe6tw
zLM6a56cEZSOFfXZ^O?4m5^jC85RVA+-0-MO55uel@9ko|U#Kt&^Y8xqA)2m?G7>w&
z$pfP9U}@mX5VILwDn%`*Th1lyKQr{nbXj}wgMuRIsOOrudGcj0FCMR_jV}6TO;4qg
z8|Wqqg&9R>pTV9)v-LSjuVJi@{OlAj+cdsn@i#690GZt7z64(A7n3Tf!(*j=d~VM>
z(TV_TRotxPHFn{CD#auz_*+N|iKlLI6NtBa<n|C%HfJ0Btz*&leYvXK`Vd1+C-Sw;
zAi}jJPx`H~WZ?GJxJk=;P``n{{ep*L9Wmg`OAUChiTinwQdK~JU45vsKDi&DlunxK
z-5EL9Q}=~bjt{|8owNzPuH^x(liImcl1FBnl%=`AGqUJ{iPL*I_HNnSdzSZ|ShsBB
z!7j2<;gC;ZU!!=WRL|HzU25sn9GQvp?W#seyuPa1_SLJ6-F!ee-S(+`*243I>Vck>
z>nXKM<{Oe|HSzfTk#<3P4tDZX)jEG~b8NaVmBbhST#k|55u3O$p0w-A)t+4$weQ~L
z*}@&LA>VF?D$zo387B1?D}Z7@3IZt%zJ9yfn)$JZjCr=!(2>#EFX4ogEw}x0FURf+
zwXf8hz0k#hcigz@-h4j%XyrcoQXpRv)}hUb;cL|Lqkdcxf?AHmfHA6$fmol=K(g`3
z+jy;cykHKZWINaaZOeEH|20s&C5^R5hSh;ass#r+ymA8ej4mJS=R5Ia%C89TP$Y;_
zWSR)t^KoXL4fGCFML{|)tKwpK-vd{W^)JcHq}4IO5F!8JE}}n02QAl5Q=n!lrDTV5
zQj+GGB)3$+kSb%0JiRH8S39X_aP}AZSmFdlrE3V1oB^b!bRpUSNzq)Yl9zamsSEN5
zl*A+y(g{So<C!kZ_+9%HZ>#$8COq`Pi(sDGBt3Oifm43FE-&z=HD>jE7RR}u<-tv-
zhWg{dO3yG9js{ZdhVk3yXaFFXwAgE#yr21p2oWQm28Ps2CV5}~enk*ftVL{kEzv)7
z&?AvNNc-%fI$XQA$GFL6xd6{H4g>U4r*2N}R6u2(l-7|0+#-(#$Yaj2l_G7^ebaPw
zh%jvGGPh0$s$e${3}4RwZj0AOI7ciVamJli_R<U{!Q&@H-RK%Z+1_T|K6>{!b2&d<
ze%z=a)CiT5$N)ORGFa)eGG0YWP=qP7L2&4S|4tST9HmRoZL@%ds#dbYJ{cj6?>glL
z%8ZpGpUoo{-V>^gU+!<4e;LX%c3yw@%?D!lEzne(8rO&}EUWMHS<fWL;;NY>GOLb0
zlPwuSXO;iEr@oeglK*j%|8&X3Utx`g@)>-&uvd<Er;!{!t@Oiz3<$a(vNpn2!=k=1
zd$ucY>}E_{qUgAVA|IA3?(M;Hy=+m9@VAX}#CY#r8RZ(vQ8CWO)`@2)Jx?XJ2%~po
z#WqA+@>y0z9CxJ<t`cuz;J`feAJ+DzM$&@=Edosz(e!{v$|dE;+HSSeStH#xnq3&}
zfQQ7MghiG{T~OQITj^yzsjKhbw;cIUb)#LdOwARn4;_~Q$Vdh>-mkM&j~(vV`(c2<
zqjdUsa%08Aq+fJIGh4x+{KeC$YwuI8p%A)@3hZN>xeayR4j|=VBiZ1N(n;SOf+$Sd
zGMooCBGvVVT*_zsd~<lGQo`(3gndd+E<&Iyy$jLnY=~GIlO9Qsvo--$&jtdb8UqAO
zYVj?`-xr;MwTVqtnSru3<Lb?HiQ7A>53i_C$2Ph{H`W8`Ao#2d7T6y6H0^0z`GV$a
z1(PaPDq0nffXm8C$JcWA_iD?#n%HkB4oO(ebG6hlKTbfJS|O}eJ-0HSc1UjbHr-*s
zPV1;`0@vo6``LHxB@XuP%ny}5J5S3@s%&GXN2Mz+FXfxG`7G(D(kV5T9Htx!vdP8X
z>@lOGPuSK?xtyPxL6=;BVBrN;;Zw<TQxX}wfb4%?>UuS8;g54pF28rEL^W@*hpRaS
zOO}89qU{qCuAly-pNh3NPKAo1*vEGFzYP8iTRincIJ;NtP)zPp^o7Rmtlw58WDNPn
zdE68z9y_~|y2YkV5<T1JszG=6BWdRe_D~o*X02Sfr-t9&Lf*i0&zkzlJ?nPd5$RP@
zK-}M_cOt$W-wW2K2puj%q|tMBcQEOsY_j4}#jwU|xrPTaM$O#!qpCl_wT>~FefgX*
znWNs1@g0!UgR+9?Z@NKR@sJmv%QJbVaf{{ljht)C_C0Seg&-GFtp7p>?#2r*5hTxH
zHr!Fw@W2236j3taexm4m_2jePqwx44l!|hjd|1DD@&yl>{~I{|pWPbD9`+{qbaIB4
zO3pS=bh7vi^z{Ej<U2Y!<Fhj|{eNYDj0}v-|Fz9U(<W|{73t?juitLfn>|wqZr4Ab
zKS}=<&J8q>nE$q89ljHbg~4_eu4_kVLvPp2SR<8sGF7h?HV_y|;Q%fSJ`V%dj68{P
zg33%;-Z*d~GTpwc+AT7>k)lA%VL(Ya_byr4xtO{F-Q2ilg78G;q?kIHJ*Z#)F#peQ
zxR5ejQFp@xLuhBUwlLP5ppI#s@dWmFIL%XL^_&T$BX+V2`Va=q5sxxBFm^fve}q{x
z2L=3l_&E0w(};((1!0`G;tWvFs50CDU_3h)iuhmsBuV#Jf(iih^?a8|*u&fO#6%Uq
zIqVgjK*JZ;;F5Yd0RspzYF4E5fJSq`d3O|oJU~==4kO(96G-<YwVgm6Zp~`IKARJT
z#1Q{LY4bl7)(!ad67HtuV}Q`We~*D0hyfn@!(H$Z7&2jyNgLu5SUA}T{qHzR7gGDx
z@8Fz3fcrpj15u&?<n1+{^oM(r0gv`fOd--T0|<-*F~%#+xnshO{~mzt5ouCE?L+3{
zu*qrz@tnoLC_)k$0T?%`+f1Dy`i(Q9ag$=8N8ZJgA0ujjDV&j3^EC7Uw2V)Z_sJ-b
z2aJ}W&jTj}r^E+gj`5=o857M+P-fvb+8aR`2;aq9Hz2(c+8WEU-YKD{?^&!5P6II0
znIZMyaB}}78mmx)VD0;d$We|Sj`t0V&gNC!Yq9)mpV^j<(W|({jochIW?g=g_WAuj
z>wLAR`ii@aVW>N1Op_u=<N7Oo<fykRbL^-yDPy@GX11MyYj-i;D&wXg$5=&IvI73M
zi_Q9Ce8Pf{xzp}4gUqJ7<ZP56-WqLTQ*(M$Q*Az@6MVsF`<q^TI`e$?dNk~#7W;4c
zsrHiRFI&3%s?Kqg=5%3%nW_+lB{$aM%!bsK(Ae~ghpdJha9@+|D(^-;Uu&8A(nHe+
zjk?mKmD5pH>%i!S2wTBzbL#d>CO6B|yZqU-K$7h22W(db%am1!-qAx^>|u4$<f*3E
zJQ#N$iYDBbRMTnRv!&e%%oA5ESL!#~b$xrO^ZfnKqkAORjuKqohu><sPLS6b?S|LB
zi&uB=bKqs(xSN^hUy>Kvjes`qFDtK77NyaUH{a-e|7~w0HC+LZ<()~=Yo8{wqW6mK
zBJWBOJg%Njncpy2ZZ5rs`fC&~4XZb8V0ERx<#@f$cUvp!Q5$G}6)oGXO%>;{`>#G+
zr-K4?#{oZho!VU%bfxA(nXOIDwM;sMeykTUn0nHvYK33#kMnQab$QS%zCPa#=rMXT
zrBQ|*?);i`fkpRO2L><fy)?MR))Zd8)V$KQdQ&~+Qi%8KR#*uMOy|jUqH|1PK*YCF
z=Xj-y7)v^m&m>Gl*K}FU){;4j9w{;$q8GIf<Fr_9*6!=n_hBWC^~$KJ6Sbl>peamo
zBX)RpsK<}Jq>I0?BXp*Z@WWlfvTBFDalZ_{9u$k2R2rApf;xq%^X2Tt9}5zeQc2AT
zjfpv?k@24b*RprBz`%=1$R5ee1*T2eF5!wqra6Kea79_)d1z4vIMvCMs%EIx0$dZH
z4Qr1^`_h;sl}1%G68Cm4Fu?ikOoA2MAwmE&svLisvCZwJ^Fv%cCzR+9a#$VL5Q<L7
zPl;e8uXrV|G<ZxzA|^HA;Hjqu$Y<9FA;-Qs)W@tSzG>VOilAEs#Adms4|DstLz#8a
z(}&H41xU+k?my8T<od&-Fc?VER>mQ0Xi0E9+{_Qj{P$~KFz5+kh;JFOS4zA7g!%!Y
zqavn4D$oqb5qA&_bmWi^yl)R82EpV*rt^5@L*WO#yo<R*{nld$sKjnCS|#<vXtS+v
zCl8TEi<aKs{(e<Ub~}E72bsP7Jl)^iRI0JknjF_m`^Hy~X4&YNPwL{QP|WMHtIn%<
z#640vy4=p=slJ}YQDKxBR^A+cxn>meU%x$jyMDF;D2=7*>XhGi9!wfC-L8ojBiWHE
zj^ieX*FcKfvNzbQZx7if!OmE5q~Q==GHK$HM#3sSgbOr|vBVp}B$`OfKhU?s{gsYp
z7GE(8a?AewsyY{w*|qpUX54O0gmjedz6cwByx^_0R(+K?-Y^TApvp^0I#Yq88(pIM
z9t(ez@Rb~~<*f9^VINjHRvOY*+eXlRw_G9!F&M~=ku}Y)CnnGK6dK8#flXqaT4pp_
zbe3sin_i>WSuD0<!nNXjz*$V-s?bcD<qs6^0ixMFt~|z?Yb>d3Ij!!t=GWI(MfU$w
zfTlhP8$Ne({dYmf!OzcU=IW@b&mV+_NUfToxLn8npYmV_102bnD3?wJgVCCBYyU|f
zTn8I8L~sB+V4&5$(S&3$D>)b((JkBmt$|qkm!qa=y8&_LL^inTz8OMHMY!qzIjxpD
z%Z|$*m9S<p?&1x{on2BIlW~Z|%P+VhRSe|QZ}3oTdcY7IJPr75U;#iHa9uA!ce|Jn
zlHzQKn8DAS2cR49gx*H@Yna!^eGNeUtQXjWvItRf!`8Z6c}=vuSpR}utT^@1%^_7w
zD5>@y>D5uXUPtDG!9M&ai=76{tU*1nMRrN%wqQbv2QDHmSE2hI6b(*gDoi)=*PAx$
z2{j2tIJ_oeJH3N9Yb{tquPLR}e6EsY46{onKlyTELk3Bntl;vysI}#@s1DpOxd_ki
zPC=QZDW6h*S+`*|@A3KYs&@Uu!Ecc7u~e@(%Apw7@{DP2IaeN>qgyaDP}Ew8{^w+*
zvYAb1V_z^5o2+o)DCBCoZUi|@BH^~>5$f&wWKWYt$(e2A^kCv2XM}#$GK$$8fj7Df
zWzU*yjd!|QGg2Y+0(%JO2>x&A!obS@pExfz#{U|eXq`K4j-dS3_5yt`B+At9e99Zm
zHvge;v0SeyZeDaygq0CMqQRwv=g5`*dF|nW&@Ui?R1`~*?g7{{yuX{-<-*^;VjNs&
z^J35bb?kUOkROZIH?AjGKNk_@5CVCWrVJupUO)GE>2ccp-ha|stGM7|xiaD(xqibn
z!e$jY`Z{)8bzw6req<GiK@V=I9aBgo7K_I>{7Y3otllg_SYQ<lf-BR(v7GaWEKr$H
z>DnuU$UFw2TXc#(=?D}DCA}|5VDYt`MlnvDsK}DnOO!4w%5voCdoh!7h3)193*MHs
zC=Ix~R+UI7>pmht)iq9%)DpA8?<kQ>Y(pLovf&|I6+*BqDij$^5F#2{MO_BtOn7S}
zL7$9_PrHfC?QLdtgOh#p?H1RElZ^<W0rcrix=$T4{!!HZ%C~ogZR?w5FeLDvx3!`$
z!p@kwN6)qXDaQB}!k?Tj%^1iIZ|jqt=nvK2?C3b{dSBQHC(J&e-Rg|rvK}z@0$1$j
zh)>V4x)K1P{w$EspQ@Ty+#QD4q;*%T(&^6M5;dygg$<+)gdv|Pk3><DNzfNfD+I7P
zm&_f^FFhch133)<cgBg74?#OgE*US6I=w7QoXj6te+}x;uvHHx+zCXE6i7r_vAWya
zk?9g?JJWLIeG#Y<*}yY%9eFWTSDG|@oYK3E1@}GtWl0aMX8$=z&&``fjdwA93G!{}
z*NE;4iN5`f`CL2cm8!qStkIYHK5d9g2>CRE9}fZi9L%4I%C=~T+I}?+-WC97)Ww7a
z7&pB1qo1=gMW-u$<rS7htCAzv<a0_r83^7bx1<tGU``P%!T-HjWynY)x>qCV!fwe;
zStM2>tisFN0;Dj^k53lU+jDoy=T>nALr1pQ|7CfU7S1=#pS%8=erK2}y@1r0o<jGY
z9*L)VNEm^_Ul>^z_tL!~2qs4W2$Dc}2cpF7Ny7BZ9ha^jqewzHh*;OSGTPZc(bonk
z3<*j~p_f(*Ll``IPH7lI5dspA;BSx}L9WHZ0J6XkWDj9*Cn89{78?WbQh~_AZb@&~
zCq@v~x`*qo1bcF657ltBATY%J>^)pt>R%V`1u{Qqe)_!DIWMCYFKfq%_oOrST&nkB
zU#PhqQ`RrCuuP8>+V;}C*<3ch9E)nT!KGPzo~?gugGQANp=Az0Xz0&HvO<A9#4K8;
zz>$F72#ZfRB5w6p^jQB7RIS<~hyDt?26(@0gND-)uE56F<w~6}kr8XVnRry9t{n{i
zRIsjrXZcey={2ajiI+($BEKq-|M4`Vr4a`}76pw+cNyr7f&W^>4LhAwJNuStLqaBg
zc!8?r@iK_T)GA;E5I})V*M`4R6uS5Y1snn}V=U>?v!Ecz{SR-;8>2&5l&NC00V*Y2
z;kn|KNsU3%qsr{bb$r(!uswv%DeiK_KNbLvt<*Ri8ik`OkE6{d71ddOMsU^3i>4|(
zJ~lqI>)Q&G&Exsgf|<2W$n_ZWo-!T9`na1*4&qrbK%Op6;34Q>Cac^fxPNXaH8ADx
za2>_iU;~g{?mIN_A#H0`#+!<p6>vj{ZNii8-~!x3i1ez(lfbfSx{OK;FoLPl8bfd)
zM26;ETo6pd9kxg6*IG=om=OVap@#p0vF2Y-MFbQ|y?c=bIrNIZxb)?ed$=`{4yq8m
zH`+jZbr_zhktVlqMvE!q8t;)yV`MTuo09*{mmRa>N-`l~K2Q<*CFxoXp8=0@$fJQT
zd@Mze@%&MIUu+a<Tx}xMZik~Zp@AL@ZJC{3J+A;Rbq1zRg!20AcG#=DTED8pA1Qx5
z)HhB;E0Q-Blo2UtkByw#tgZh(Bz&?+GT!ee05<%qLSJ$rB#{t92v~xHwmBf7jU%WI
z5S6_dNJu-Dg^ALqmW5yW9y%SER}1E|nWp=m7c@U@AAj?WU&e>NATI#;>Vk!16O74)
z55ho%QzMG`molXJ67oi}kmD`dl4v~iCdx8`99fsbXw+2NS&!;eF5e`0y!%8B8(I44
z-zybb@`lB4Llc2d>IAhh24ShFEpQ0z%HQJI5eE7P6qK(3NOAPIy*?)bIj3m69UAuf
z%aM_?H1B((nO*Pc6uAA+7f$dRUbD74NU_|a3LayyKkUc(-so;L9E+U3f%@<szKI`&
zupS-d=enDlKNF`os7+nGNe|5Xb)Q3FVA|#C-7b%>J;9p+HanqX^9W`SR?|OwV?~qr
zEowV@^Bg$hEhw<_h)%i}8$Qqzcdth!yIX}4Zsj5}D9;thiy`CVbn9rkmh*(BLvHXk
zsK~Mq$2|hyhk+`9Que97Y{AOWAKJLMP^EMhgA8Y+yup+BpMM<z6>MCRVEhT%JcPv#
zp|m0w7K-0LNRyL{F=rO`DA996Y+IZE@(Rp5b-h?1dG!Hb8;{P^sZ9EJXe#d-pDCF%
z%GUumk`gS3=?<ZSQ+*_so&_0(Rz>}Tf-UGYg4_jKm8LW-$k5$)uRWWr1uUeD!Nk_#
zYyJIvjqGyAehyk{#Rlm%8Hz$Pl?OOASVrEX2BrC8O^)~$0C5k-f52)#6cUyd8CG0P
zz8R~eIBhZ(ni1@|g0%W2!w`N8Bb=XiVr%({(W)AIQ&rW#&adYySz%w&k1=<;Xa?;8
zp54d8p13IG@Pf(fg%=ILUF>!z*Z1+}Z0~K?jLgr+#~o92@#WG%A3W1tj9in077|2e
z)qT%(_F)e<MzvB*?`G-?mF}KF<xl5h*&c=q)3HFy%CQ8`Jue><&hLlxlKZ%6h#KP0
zT9?oBvXI!C=_^qS<c_MPhc}=1_e&o5C>glfE!=GEj?edY)~)Q-yV_aOJKWa#g8<3A
zsT3_mn{o?Zd-r@~8*_z5=7t9~jm-Cf$SS16+sEGYs+7?8X<7Ey)v8#MNh#Zs$@bXo
zh590TbzreeSxB;!@v_XvI#`uW14sAPUFS)%>NY_sA%H7R#y7U+sVuj(@)k8OGfiu?
z<p!aG-$oW1B%v|*WSd6;)BZ4f2{?QF+xW5M^N~3tT*`X})r3;@p%xd}dYx4P?74A?
zn_Uex(SwSYtF@CDmTh<LUmWxg3ihw0kzjA+GRxp_objf{R9w_o)#Yb6Z9V~B2oT9I
zKWSROUj*%)kdv};Upe^~Q0Fy7Hm%;LxHuI+lF1GPaYVR^UBWj7!ncpMv+oj7yUWTl
zw$3o~Yp<kKrXcbTpW<`naZBF>#9hA^#9onEkFwq1lJD=RbK|4@!*#Qq@+2>7TfJ`2
z#0>C72sTUSz&v8*ttdQNMeS>MSC;lJ&lQ5lGm@L%e!IZUc;qXjj+XjM>|=}SY(5C<
zHprGc@W6ZPA$-kmnvL12-WUYRcvj;qJEHmD*Wo;q@&-TZawefIw=&NK7<j-xzrfB#
ztTO)rT(bX%H5ZIb4FA2s71P4*aOAnu50nqZ*-GYwmsQ+f$2iBj{!+xGOrQY^y;)}R
zLb5Qe@akyywHrf`_;`Mw%4OcSo&%G&+vAm`aGbngJkG1xw})f>^F%&8SmB`DXnfpc
zAedORYDiupeQtbQ<blE`Pwf-9!n`B>FsY=7(7U#F!jPfEk~jKt_3-?eIPav%$99pj
zYGjz2UwWj8n?HNMici(8X<cNkgBBX3z2EP-^MbM}0$uI1H|HxGCY@9k-5sj17&`ey
z7R(aF>HKoMoP2b7nc3SIWKKL2_eLuN)nsj|$pcq)*rfaM^Z5s$9{JHhAArryD)7sb
zJ0n;nL+^wow~~LOhhwRlN*QoKS=N7wCxLC<I03x9=MI!Cx&n+k3mm=V6N*rKjieGC
zQ>57e7DOPtyN%3C?-l)O9)#Q|RNeMZ4d6oKk$1=IIa{W7-(=n&$>65(8t@!aL5)I`
zL}rQD*PkA-2td}<-wB1rMkec;C?qKH@BzR2hx+au1Dk+Q(p2^ulRde?2-0~d43>Zh
zi5r(4fo?90@v?ve%5Nluttj7!VAfx5Ydf=c;h$}zice`2oy=h;h4-|w{D;BOq9i;%
zUw5vr)AKuy2psP8H81P|&oKW2z%ZEK+@z*nURBuJ*q?h>_pg_y!~OHHIKHokpEM)y
zT)18zfaOgcWB`UC#^IkZ@B7K$@4Mb*c(?j9d-Jh6cw?DPFa|Zi*0#l5MpMs}zjkcJ
z#(;WkU%V6^LWpGzH*+o)&fK{<rwx&TT;-hVN^~$rD4>VJk~{w1;4QI;6m<kHhT%-i
z0Gfgs(jX3%ysY(pX@UcPrND6bsecTY7z{%;)o<AkG!N>*P~a@b?-0E0!9a<sE8Mc)
z-I*upx-8yb_0TlPQ31!&idBoj=R2ev>j_%92u|0ju^mn>$GGS0p;OFLR_zW@cKorB
zCnZh1{v@;#ZfOD#bx<U$!w{ec?MZ-B)*6YbPwws(GU^96akZRMij;~W#^i(`N6?CZ
z<0DipZdP?gZ<O2bsW@(qyMB(NR#%WkJ)4%rbnFILw*gBrgBJBOSuO@YuMYFJ@_laQ
zlf*u9FjGv_Kb7~@Y-)1LtOoD8=gF06sBe6@xTMTJcCaBuliLPCR@m3G+3)u2zm9;i
z>e^Gv4=P%3vA<5k^UgxsHKFaZ4CJCMUW%lQav_;(X=?aHV4@9)*=ztH*;%8zaY<^w
zDtFCnS(PWTApb3?lg0Ao!GE*&A_v#I0&Sj6zF2Drm8bGTv_WqJFR<CnhJ`UYuUm^e
zX*pBCLFc?19An$5A4~0+%$&h+wJWHCrP}rKnszde0!8`WV;EigrKF@5LI$x8=Li-|
zJhwz3l&5P|Xt~noQ<_-;ff!y2+H#f}<BXVJTHMbQObVZK9<2pQ%KE1y@shV%!(IV*
ziYm_(brDr@apV(GO{Lu%{Y92Th=OHC>5%%#qph*|Sx?SqfTV`C>$Yh8+&JMsYgciQ
zC_YaV`6RF+@z5~TG^sOLtZu}plR%L_Pxs9*B0R?y59QOa^87i_TFmUz!HjpNezSbM
zzgRZWkoJlDJOIZDyWQ#eEy!@-W^38?`&D=3qItiUyM>d>^}u~JX1xWED^ok1Uyfq^
zG0ThV0fFYfcC6lWKds$ccVTkRtjCbSQxxDYJc$s+L}Dxmd{}`#g?$ker1l~pP;x_P
zO=V-LXPbSjKfjGPv`DYA#pR7dqY`ac1{)Dg<Y4voT&EnvOuJm7%GZUIVWcP2P;w9g
z%*EYCA#96OC-b)vYFAGw2oA!;U^E}_X4pb8cvUV>2xq{Q4}i-G3R4iJ-yt6=&rAhi
zSGZ>cf{qagGxG~;lUP$kqPmuS&Sr2aSy}tVsj{Cto+t)>XP-tV^k1tr{nu<H%wCVm
z-=#yA2`~kg(wyE}F@yjsc3p@Fni25IENB^wPX?J<=7G-0G1myd5M&fl>W?(%9mrHX
z>MI$#2%6F}KEYU5d1sKWM?LfHV}4`~qvJ1qZ{kE%GBkPkk60Fw5%@Fn);dm9UI}O+
zW}&bDXsF5c*5Z~&PkHaF2L|Dn1}*0+4<6WJL(e2&4FvQDHQh?gTmR06snNySzd`bb
zne~hxw<aN|$?_3^WaaFo6G=*)N;*H>)~-Evg*_QCt3O@n5^=ECupGM|l-{ge>rxK8
z%U^(r5G0=Lo%CN!r=~PwS;I93+ItbQCj;~!?n6)ul3@dBr!AuseB&=B9C$GC!(gF3
zOS4Bd?hkwWa4#ikR<T5TXVW><e5Z48Ip&LI9h+0u1U{jwQI8BB<^dUi2sPalXd4Jb
z5eANuGZ2*0=E_7k9kN`m$1ikB0aTl5;)?IefoEljET-K;-6QPm*)g*?4_d!Hv{;$a
z_KFBn0CZ5@!yc$;QQRNkCj>U@3x*@MjfVoTl~k6JRz|XXDrFBr<6@^{=|I&{0T~f&
zPhBc);-;F7@8ugfb!ZP57xVD&Ka`FV3D(PS_QrTd3bEaBAHQS)RBC$_MSHI<fAGjJ
z#z}>Wj7WP8E6ESIdnBUs9dogfu*lqEnm7z0K0@5TZPAs*)o|$4#kIJ8=F63I4L8*f
z+T;8-5B<}$n&1xrW)&>mKEg0R;tx>SmT40Wfz)HrpO^fynvX?kCJVC3K)9zuvHBf;
zx1mLTDGa9iJ0q<Kg^TQ)zzR*5Un4+fKw8sCXGKYkowV*M+B2i1%(Vf3gK0}MzeS|&
z2+p`&G3zk(QhBa^c2dA|1QZGSn2x_}2ozeqqwlomty!nKNa|Zu<=&e)GOnRoRncBc
zHOqlI*}nMoV^`t{ei-`T#TN0`25HbXfa4nk$%=tT+|ZIO0>y+GLBel;Y3Q_^o_XkP
znnL#A$e%BQIyIfJk>1T@e%#*UD{@n^jZ;5tD4#e%`ia(*Vf*c^mwgm@IHkWzTid)V
z-Q=7(OZveB#dYGVW5`Q)P4B0#^}T@F7p1Yn&(!SEFi@@aM~m%KvV>h~pf>vN)2f4u
z3bkc&S`-o-_2sP&a@~iJ(LakhCZcVM#-DZcYk>gGA6PxS0iXYXt2q8o#qs}LAI8YS
z!v0^AcK?iO|AO=Xs&V(kS3;9K_!6J{D>Us$S}wQOI)*v$k%{N`g#ZcGe_lUf!SLz#
z5Qu3uv_9Lz0hrCDU!DEFU1sO5Xp7eM>dYTMM^OgprqxH%2~szw=p~w&*1cVxC+nCy
z`}zDP$Qj(93UE6nf*XaYLM}~SUM^0n@M`ONd_uhb$Ju7G+Lpsi8G*R|Eb}sXbo^ke
zL|gf}>`Ypnes^BC%IEVb8UEw-Kc=&G-~H<YTb(WaW`rcXheqnkiQTdBtb-E=T^d#^
zx`PY4RSFhzlEmu@f^430Fq}10VVZ05`GpXRpLSpO>Yl2yg&t02DR#md%jXSgvn^R$
z%xTr>>%#{JENLL<r=8_U@>Z|c=RL0bFVkqsFGS%OS=t|d?!RmmCI&F6OxN*f>Gchr
zpw1ZtGjsIvhm3!QDo#FoNz^jXO&T@q)~-uoR@Q7)MJAvWkto%<f<!5UhZHgF#F&$?
zsPVA<BbzC@*QKxFN3Yph+oPV5t29vDL^2kH%n#}^`{gJu*$F$IYgzkgdzWPugR>Ss
z`3Q}cP^yVh(-K&J-K%3OiEz%Xol{w}l37#PX*Ur!NB{n_oDH;h%vK#~Y7La2i^r^P
z42ZVk+{ZemCIZ)8i^wjlv@3U!iO;iQD*^o_8QB=~dqJC}SWg-SYh78<61LK)LoACF
zw>c0oJlvmPpZ7jJrBhl7IOu{7aZ_F}O^y*I_(AAORWH~~P$mt;WSG`wO-d)c3>X4%
zXUU(xlP1EhX9nI%c@vK63?=__8VeZQ9GG8jlu%;?T92ve<wc(FS>=zx(ta?c2|EZ4
zfN7V1fbI30+sH;J8UdZDCH^Pl6Y{=rP!T?+7QmBm5nBSwfYs1tYKYu->4tN03W-!X
z8P-q+yO2M}!fk&ybejXQRY5P?==B|NNR8USEvNpI);xhoM|~uy2?gnH;IKS-H)g<w
zTT4D=)G<d`S}K|TRDaW;<_KUT)DZoegG45(f{uvjR$2Oi(gcTJC2z1Quxhv-8XBvH
zvBbb)=WXLs=J+wInSfz$LI$->LK0;4W<eGy%mA;*buF)M(H&0H=!yMtKlpsx^2mg1
z@avU=Ey-|u%XYvnt;FFmmhrveq)z^bfbLO60p<7wi(4L>lXdXNeM%@%NBQSe$*~aI
zf%X~T=`cf(atf#s=kK-Q_FZMAJA_7B2>7FSjy@{1oLlDA7JVGOg7y*5&y8K1fi|u!
z-h?6RZuOmK{*@!+ZgrbV5f%n4E|mTpz^CcV>g#YRbta<#tlsi`)dtdpx*2*cS+@n{
ztm0+fFzeS$S)>fB3CA!J@{cEPx)!UI@XQ{L_89(Kp2@fF_i1YMqCmt~n@}L0)+e1R
z{G?nz{qQLGZ9L3Mj}$lw$xQZ4C9m`*XmU~~;aq3IR0gv@N->Hp|N2$=8SYmXdxqL|
zP}~>HorDV1)h>Mosf@COYsu$`AKd#tTccExT#Fbl5q8=}6KR@6i9$;|19n+`55Fi3
zIc}7FpKt}Jy>4uTe;|t`4sw9T*}VofvH{RDhgL#@Gx7aomhJE^8_NoGPgTH#q1Jo&
zun_8<a5H^ul!|Ygu5w)XMb^pq2`eVhQF&F}T|G5G`X*ucOx3Vb_&%~xKECEe>_7lv
zmlG^wjsyi+9qMr_CK(MA;Es89c*Bj|uw@GPUC5s}N9H-X^N~eG?WivCXBc)=BxuR@
zMFrASZo}cktZ#f=dNY%0`kc!hfVZCY;dXddflYm({t9|H=RP?|>gfrXVW2;qbQecx
z9EAESSZ|(uC+sZb<}#!h+OF9pRO$hZh^aFnxAFJVieV^9=cVzu%pqMN4INDO>=tiK
zOdHSLuRaye#9x`?PzC!=S$?TuVkQY`COth=sxeVvqrAjl<($M{!!r9CNI;`(j~fIO
zcfe)FnK*We>pvH+@|b^-;86tXzL#ojzch{{l{vpfRWhv!VahROlvucof+T-s7`xw0
zsrcA*N}y!H>`u|DZc{3>at98e(O;v1dQ*&v6C&{_?iNE%crEU6IWNyWfi&9N->35(
z5pdS{<r7K!oH~5xCkHF9>%a9y(MEtQj-41g>Y<!kXUETcQIXW&qN9CV35hUt$W_>m
z27Cnr5|6;1)12Xgy?NwLv|v$LWSbCfnydD;n6ElM6sv?#$n>M3IN*$cXc>@oL450f
zNZ08^VkE<k?StI|&`12m{=CnV&FOHOfkXU7MI`hk$mg-mIyf}cvgys6L4I3m6mLyL
zsSmpCz+VM7hH~I_{bkF-AjxNCIKnQD?}4zdG>A9M6L@e!H?Et{AWyXpn=I29%(aH~
zx;aU!TS+X3hf#V_|ET}QDJo+wTKzsMNHpX}CFx}+<J`0?TP+l_D)?CZNJg#@6<X_K
zDg0+vWiG6N5E(!H95ZN~PT*r6(Jl3PYMoJZ0Y7iusuqkZgQeStZod00xDgG#{M<T?
z90VmvYF*XkoYJ|{fOhh{e^nu0hfMG$#yqO<r;I~`P@pgVbee(`%oz1H20!T;JBYqT
za&+x8?SAF}@j^t(3HC$_ph~7z&PDF)P9VG4oIzh=-$+UN_DMe+Zw3{tZgUy)&Q;d$
z4v8T$h9{N*l6bDCs0h2BJZf~><<~b`CRqh9TyQ}BE0=`fmMu24`~7i#)%bJYvVb8Z
zaJqH+95U-DaM))yOrkTF9mW3ZmhnrS)(~kw(;Gf1eB@_0IozR8jX^F>CsaF3ay}H1
zOY+Oc6J;gj?n8-?FMMrF=FXWUE!V1|8=~7-;Wh5A{F<n-DP?Nf2-CdA*SSrdh9&3E
zXFd1}<ni)5frp!#cVUD5&l+y|!p0r_jI}FpXSnIkv!x7k@oUmk1GG!a`%#m9ZP<i+
zKEnX}Z^m%yaQg9&{hV6akPWum$vkyFol!jsK5UjI7o66A#3Obu9A*23CF#2C1UI|a
zf-uOV+4f!ZIz@Tj!I-ygx@Hx}&ZfGHb2p!|d9-YJ_Cg<K&AG=uj|J_PySaUi)gqk*
z7RmCuz1Jw>2AN=<lQ;UpY(4SLJ9{nimG=gSPe7MAni0R{I*V^^6A7h~&Ji=2?R);q
zMk3Tr@fF%PXK-hF>Xdld9~*G)BUPBn3II!L-DcGHN3Zw?hCWax{iE+=3>Wldqy~Mx
zB>o4x>uDEcVsZW_zQPR$q;yUCTJBs&7M%N~Gy9@`oEShOx0v5BsbtqMc>y6<joT;J
z@y#B$n9YkZ2gB-XJO%R$1WM5W{Oom43&TT$<|J;it2&N3<ECCUI}D`Z;R(TAGR(iV
z2#L9%Q~UL_4|b<GS;RlR_BnE?K{i#qac8C5cnLS12}}CJ#c?5eEa-a8N79i0U){(G
zYt_u!o%(JsfWRX!(Eo;${}{RdpaHY~Bk%t2=fB9IYsuJQaUgYnsy*!xPlXdi?E+63
zfUQx}tHZeB0DFl$#$UT$4K+3<W>0;6`drycOrvI5k~AJ(y%|oTc8aTZd#Z@2J|5`w
zNBL#n&D`qE%IbD8cOYbY+=w{1sz4ZI5UHuxrpK4EcT(%d{j{K4F=VRo)vmo=uiIfE
z(&<XB`|2Jrh`m*M-tifci5<HWmSF41jUI{S4a7Z^;U5l5*=)pN_9s)4CNfzVe}8r1
zqRH*2Bir%}&QeGS($hS7j+L2)$Am!8t`hCo&m=ik#$76)RSc_}viJlIfAQu*+=$^R
zS|Q~+{J3KxZL%yAX`7K+RUl+a>=h!4l9Eg@*7z_usPojIu_l;4Nrklc=H-075>E|7
zD~MkMqAH+UrPI=ylGW`#93bg^tJ;_PZ_Y0FX%G-Qk#f6eb#cDC#k{$zT0q3RgfN6A
z)SdFk+yn!31wsHldlD%Y!_X6)XAJ+6LfzzN&ez%A&`vD%j5D;gSX<3<g|bZ9Ec0Z=
zk=d6{dKMF&&1&gNB~MA|?UlV?0l%DObHSEv#&XNdP~+Rf7l%94Bz1-dgy@*lz7R^$
z3t%}|1lgm{0F>LxC?k|+9)G5C!X!-$pi2WYdgv!SPl4!DxVJWInBR}QYRyHKl91`E
zgK7jOIA-Jk(9{Dlmv?Vo4VA(aWb|bxt>pR*sZ!(l;3n0SuM8<?Wy*4>C&gB=R~Yzl
zM(z~X28}U1pQM+l+wqaTK)2%4K!Fm@L1K&XwyukUkKlk>nl0wq9C(1PCK!Fj7)haT
zYgttWzyX;6!XY(YuH{5X5T&<*<&s*T;A_A(U>G*lkXO!{LTSy(65FhdBQO&Uxs6v_
zsOQFzX;#j!yMU_3Cm=^dD@g}RFV88ykB*A`)!v!9y>LFT>=7qL%uU!1uF3uCPtuH2
z*ZDVnHD(eYcNH!@81ho3jT4&~BBJ@+LG}~#NM;toO~ZT?)^oceqlWkR>lOImAoo(j
zL7T5w`fnpLY2HE(t=-0pOQTAVxN=9h#l8jM8N#y7VZRX>=VnfpS<_2O03RTdd%>ha
z^aQ7S%mKxvB$O9GMr_E4cl0$);a4q<ZO8W>`=1gkt(^Fa$ulO<FcYdn)PDB?%R#+4
z!*C}`>^TsV?c4&zDfT55Ja{O!J89v052DB&&W!JAWMiBcmAELO8hyK3aH5d0Sf5n3
zTM>SXp)*P+@DT6ik_ys@n|5XbsE>aV)l?GFz{WH$DO!Wq&kQc<OQv%hpJ4P6z7x<o
zT9CZWLIG;H%Zs&M32Pb~`|E}`8y5K_2*w$d`^HK^J)xUOrlDX5_R=wjAmo{V7O*F&
z<j%=Kmv6`SqhX5I6N*8rGQmD47znav%<d+7LcRbg8=fwF`Fc3L*3R(#Xv~-{-YLWg
z;}pi5o2$VlX`STTa~1^&!mN<?T3y(S6~TQ!l^@O#^N8VulMA1aFBNoEGyVu{3Fr;s
zaLw8EpFXc7>#*68+y?bgF4RN%wgP9l)1FC=*Z%Dc!(G@6ld(;lczx4tTj3MGC1f#}
z8xmd6_yAaZH?M@$NZX{2Wa>K$H<Kbyo)Vq3`?Sz0n7~gM<O^w`$T4woPeN&xm!-db
z9Q7%jC=Z+Oz?Ht-1ffrkFDHi7roDRMNEt(*aDOQ(4p)w8w8o?BB=`~8e&pIz$bNQK
zKRS0)e(i%4t1GJ{$hGVx?=vO!I+-(r<M9__SuyV`kYqg7P8DWxpQ_-FkQ{-OK!Z{<
zatiYi425P4upuXFQxCKp0Cd?KMXrQc&z$KHWXISl|2m-+*P6Bp)X|9(@i{FQJ&igS
zdAkvELGIZ=sseBXHW?%qwOK8R6YbV{Z05cRBSv%eXp1AmW?uhm!f{P8kc_g;(FD4U
z81Zxd@E9EKxnz*hdXf>4hw&zWkzORdlQg2K96VuyvF1b^6Y><`<v0>XPNI_LClh%}
z%_RH|y(7<cBL}NQ^63`6VK;>Sdu#bEl@#DSWpKMdIpV{ML$tdEYbHy1Nri85aa8N4
z6Wk>MwOa!GDGd(3-#VI3S**Pd%xRQ9W4bb+Pc<h(4~&sCAC45g8NTLsR&(kyDG8su
zIu?Ze_L^&~-m37J@;;B4v}h*jO)g0c1*^wA6a}KbSao$Aa}-Ij#QOOyp1*~n=teQ$
zLXN164);SA5TVnVW>*-Eo)fn5FngD=a_YUm+xpYeVH-MK>bEr|7`O6W{WDtDz*=;E
z?W4iR*(;gBhtL|21<)&p0npNpEEmFacr1qCmlq1kmUX>Ny~v}nA<Ux@A%zq|x&4P7
zokF8sXeOWR$U28A@r5Lg(4N^eQN8$Zx`CRc1<I0Sw}&ueN5{5iM;~0#yDX(5Ah0SQ
zA(lc@9-?g6g8c0)ouFb00x}5wKK{Zv&1uP~@!v()HiDQxjMclKV^E{W7|?B4uIKKs
zirj3ixoRQ``a+Dy_w^`uv)2A4?L3^x6D10b!C1`G9L(8yGg|q6)jtnQTTt_MQ>yY5
zBQqeTt2%ILXOBL*?D_O&l?IrJRu>#ij@hy+;kNBNu`w?MvM;5Ib~GAwaZOHcFDcuO
zi*=$Ly2Ap;t1j+no#m_Q4D|2VnDlq-VGe4{F{(E!YbsIiD@WxjtPzhhX7b9|hpo?U
z*Z`>*)dWLKjX0QZZ8gs6W1}}gUOJ&I5khEg)P8jB66R3c&GTLqL<JM^iofdtCrYi3
z{38f1{`KJyre#$&#8!#6sYSh4-!ETgT@3wt`e4kxT|2Vqq%<}5P?YxyrPuUqME8fi
z7g`%WEPuVUc9gtz8Ao^z_CdqC!rQSqitQKVtKa5^9ZZ&+J~lwu=`)gVIVAi+tQ2jU
z*OLTM@wwI`9Jr_qI@^m`8avmX=!*bQfub{&2hLG@#p6@Gx9Fi3((1(6-l9=Eeq#JG
z0B#FSL$0J#b-~Z_6W?ugzq<@w@I99RN?uczN?{MT@$67?`x?6{X$jH|z7zl6q!Y|8
zMW165s=a80JZ%e8&|fNRN*#ht+J@P5*|DPMvg1G7w~Mu3W)v`regD2TF-ov<mwu+`
zQZ!txOSY~F5lekNom`&2@Kqsw0&@$Q5mbkfDz;nO!T@jX5Q=(b(+P1q6Gs7R2v=hL
zmfs&DHIoJehu2UyKU!EfLVv@*KU)sJUMBTmOMI@g;BOYWK+qUkJ{F^gOiW%X<zPgP
zuLe6&@is<7;aAzuzWtj7A$k!2GoP^JE_w1rBV2ihyM~};p&Y?`>Ao+*hP6rgjR{>h
zBSxfU<34R;+1{>#Smhwb<iBME;CA&I@nl<d&_9xh8gY)_3$^{W%^Iu@uB%qf-KSa*
zdWX|nIdy~%<tkCsblIUS@DYoDP#j0~f=VMvBO2xC;n!Ko2QH!bIN$v9=-T0~Mtd>)
z__;j#sq+0?2vbML@;>V9@@S!>wAX3kla7pA;e<%TX$JB(`sB^gYa@;-8Ig*XgI9k2
zE}$(0T)*XguV7B5S4(&C+G-wdOVYj>pbyU_j6SDJd7!owwCT{k4e}hw8Z!YRV&p&n
z3#h~m8TcQ7Ec1UV6#f6P<@8$fQfX5Z;de%_V5V8Avm(}u&pa!`7|Ld&82-Rpk_!VE
zh}p=Ra#DgT=jV3YOME3_5S<=I=G~t}wrab3d-vu#2i1%WW2R?wVE@Crxuu)TT@->*
zaL(EprVYxXk|~6PP};Pp=<3>^fN=`4!0@hvI|Eg0Fq?tXowv5Ku=bkISRO?zYOo_)
z=DW#}^ULRH@FkZS(TNDL0Dr?FCmB3!`9Mw%-KrmBAdxLNZx(p5=~2Q#RXPm64wr3U
zOyAYo!<b_j6VkRZo8Gwnf$sNh6;M7wKmjyHT$G-14S|Z>3|)fss#6?2K|Z>HmS=Qq
z#|1^nxB`7yYB*VGN+&H<v7rPR_bU{XH&^9H!$<QCtBl2-Y9I*DO%IUZzK;52m|I;&
zGzoHJ{auTT9mh{nCP?16*}U`~HeAsYfRq&<pg6WnjN(TyNX__h#W#^bVCoFl2$S5T
zG+trtkEAgG_8vJRatY(GJa7gO8_oF~{b@F==!|l{^}?II9jsR9=l5_I+)I<))OQQz
zOjQOGllxEsrftpkziiu7sQvq1fCzv(%oPg8i;zYh5Y3*W_Nt0UeR)6C9iK)f-AHBt
zy&=s<Tx8I21j*(Gj?H(22}1}|qQV`)GIdfmA*4Sy_onA3*G%l*K0Jo&$oHQ3Y@chk
zhMjcds#foZdMv0S1d#|1m8~Fo-05RsrBbRXHp4jP^NFveiUVs?sE?grb;MPEi?wB7
zAi)YF00`Q$u7-51YmQeUV~l_&hO7w!XKv_aG4^aXIJ$Z+)j1Esz>=tpAoRaQ*OkZP
z=165wh}$0ng1|aYB1zCBs^I|yYVSaXLQsfaK^4*fdjd98h)Tj1q|t&<Q&&ewWPbut
z)A0@b_G&rDJ&8Vd0hvN{sQFc!r$7?hVVefmoprrbWdg;Z{&hdIr_PW4I3kYyUyQv|
zlW5VltXsBi+qP}nm}MKYY}>YN+qP}HYL@HNzAyJg>=h^04;T@BJoW6YWq!GH0>t$3
zX!h~ZSvcSM>)Kqyz6Kd45DKJIai^Of^Z9V4^pFR%waCE#XUWpw^_+=q<pWE|*Y146
z^GelMa9PN+wp{SLvUyklc3$`vKP7O)7wY-;EL3!44H9}=N_>xtd%BpOoR8Gk>skAH
zB@ksqB*T1JO_FFgss4&Bj27$al~~osQY$y{ZtmuFhQgIMZJeOXd8vgp`Jsus>R$7H
zyY5uy_x(6I&RnfAx(5wAl7Pe{FCqU%1&|Y7yXfi$PdN)fLc?89v(@+9a$F(wFP?7#
z$$d(DMzBpU*FX;i$-5cQvqpP4jSTEz&J_AXd&1^e;h;;B7KiO;gzLX^xtN5z7dm9e
zMm)(5|Jkyiy~$YgG;%wdC|bYB+Rx>cSiD{>i<EXM&t5sxtU`bV#fB{Wc<cA_0Sn<l
z9(Mr>k#v>STzpg1_FSQ`D{%Q&;@w}6d}~#+h>k{qp{dbHXL@F1uHEpemiL&RtygBZ
zc|x9TzxepTH8g|I+w&*bLLz2-f?mYf4N~Q2oaS!SNG;U{&!=xZ&nNFr$_DMGW9p8a
zlszis*~&+3bwfhD9w9{pcR9>(?vtFji0UMAd@u&SwP(9H<c*Bzl}~B98hsx+vw`J^
zb%1Q*8>AFLz9tv!-QG0;C?i!tM>yXe4ePc6rl5g0@ay!!SOG36BjOT2aD==TAxbJD
z3NyHEPw!$@d2RPd<+1<ukB(e#(BDDbypI0iEq!^@Z>?Ol#^G^`M|n)V(jJhtdr3~%
zE%>X#-UCI$+0601vDgiIAeG?98`H;VnK6^=eP3^`mJUcZitT1{uba^vSvgZx&D<Oh
zB};x?1l~1lOSZaPuPXz_9Q2$GA6iFZ-<-}^q(%?S6M#VcDmBqIdUE6+DODVFe|cVM
z+z@6k%J?P&i$tMaY7b$IX~(S3DG-#YCj8T#(zX5(-DV;6tSaW3_=P{j<d;#BLuoPc
zEBLMYv75D{*Q-BvAIl%Ek8MAmTfW{)AGOjc>YXZqRnscgOKXAJSQ}CR1vRFJBk02A
zJ^<nNoA3x(@n`M^AdsTCe<Q}Px$x2eP-Uwwm^{d(Q3In)6`=z%6EZVHJnJ~Jva{(g
zh}MyeDGnN{opW>-kc1(%TZY`}I>d?c#8xHPan*Ybr+}Fk&olg`lFn#O6$;|z(B-TZ
z;6N(@#Fo}x;1}7;SPhL8KvQnpd#G!Ui;};NmaoYp$N^Ndl3FSyFt+6ciht8<Ni>t(
z%FWwM{U-_`v6tCNep!CSh7_eJlGa$5va<?TC~3(IYGTm-{|2)pZ*zP)qs4+Aqo4o<
z+ZWUjq&Kb;xmF^MmHc(Np^t$eD+<}la|S7m1jPLd%})j-8iYrdH(n~47N0C3T+Z1H
z@xq89Uw5KBU}%y=$fg&eF(o*n0t<8+Pqa(7BmCDP&=~Mi-{L2tgt`QUw1rIovFDQ0
zYmb+g(@Li3<7MOG`7MxsILkn5W@$%FGhMtxUyLhm6*8=Mp%<?^KLegg3npV%<rB08
z+^}7M^nh@n9##G%qjMBl5~+6pLW>agDp<itu4EfAJy58GI`Ya(+V`aFQGF;nWUoC^
zmluApY)?uQ*$@Ri2ri-;1pI-HbnU|0J8~`*@zhNfE9VPB6K^^XkabUHjDQ)!8&*g$
z=$WWQa@f$<>iEiqiGZ5wGk1-*oGGP)q!pyEq9p<4gmP`fDZgygL4BR_a78^5z^gLY
zQx1UXCOv||Kuy7bv<$}dN&(3_06;iU4pOlKiV^pVbkPQqV@s$73hzQ9`J{?dKma!i
zZ#vFsLzN)-p^_wo6xts&ag$GV<<*EuOy<lLl)b2^mrkV&@dwEhBM@CIS!$z6Wnf5i
zs=DB4*`%1`Hc^)7Pe`E#&a=x9IDBD9TkBm*7DM_El7*G+f6v~S8JL*=+u7T)wqzo9
zD{9Yd?OE0WO*q4gXgr+Ugw(p^AMp$oxET1SI<qxOI^%>w%FESL-aK}e`Ry!GM=#8m
z03Ubv$$w}D=B|nJSGDL(?_ZC{!|HayV;H0{Tq(MGW-<~+O%pK5L6F(HbdC6ry{Vf<
zZ0ItlG@m-xY^`pi2MizQ51q9;RNKV{nDG-p-aqGzFyZ9$Ll)|>?ukSL7>Y8h!h8c&
zTt8f*5tMBx&wc322&tF{Fx8TnbWD<Ml_`&S;<{c=9`}==f%Fz5Of{T{LIVw~^;)Lt
z{~x1d9ZAn8Rgp*#>7UOTSX$~<-!j*S{r#*|PzUoblWK&SKs20zNoHKRi~BXi4CrWj
zu<S=c6g`ySV3^ITK=U7Re|S-}judSo6JwC39z0M%6<IqB`lVDZ)N92PXQopoePofR
zjWt1(Umi{Uz!I`TdR!-|%AGY`ctVvibp2Lwi3s+GM!Vaom88qjub~}8m<0pmP=s@p
zMzENq974G+WX1>*Zt_HklAxf06S=M@Vq!BL^=<pRjp`+HyT=`J0ELD>X|s~Z<S+*L
zRHeG)pQLO+Rkj7M$xO73b-9%@jLw7~C8z5BfJ*{i)jE_xFK(C^VjA;yd=}yf7PeN&
zYwFO%$n0t#_Ou&2<&FVc-2o?Y2Ut=OH^ALqpess;u%{6n_V0$nKpuyneke>Pp2#?i
zm7K#w&R$A3Vw|@z&0Sw6i|IH7jS7Wvg6B{1&P>_^+SKC%m*g^HMMm)td$Y5kmic#D
z0ifI;aZ2-rg6+#+fSV#teM|bK>cr)~vAq{~F9G*50o~&osQwJAdxI4Jidi(DZV%d7
zQp)-{M+szW1^TEbV?44Lp$MX3=phFCkVdLSA33%7{Ss3ChdWmNP&+XEe0oYA86tRt
zM$?{c9vNL&-WBxNFEo+3y$7#vCdR5nKv}S$pf49CnbADwl>;Qh!we?~It310Np^;!
zlbMMX;)5pR0ThG(RCtZvStJ==(IpPZrCd%d31mLVer<gr9#^5H+yb}FoP~A~J`n->
zEv7;1LlR46NCVaqB`$j$QAGT3A$-p8?+%m>(An#U8T+gMeE3*EJU{}<yM$jjvdIwo
zF|r9O3<I1W=^{{FP$PNqI2;ongSf<S7;@Jk^VifCf&>BU=#+Z&GzEbM1EM@8bd<2o
zfFKQ4>cxnX$PiN;8aOS++olBvLAJ&8)wo0{nFBdT^2M5@4W`YJVW}q))CG-8Opav|
z4h#=#c}<GDK@b(i;+#3D$Oo7NhE28(0C0db#A6JEn)jF8)Kq?3yw;Jrg63OfF5>5a
za=Je1$6-O$j?S$a&92P=HhK=OdZcj$k@3WUr`V)!8%xQ!)6L{FSKQW3%)SwO;K3#F
zH|2`~6x5BZ5B|<u0WAY62NGxDA<cC9a?p7NS2@eu<o1mQ+9pZhf=fOp1BJ*iLDDcK
zn2nGAs*r*T129miXUU8ty*h=u)q{6EV13Fac2{%$981sKQ>z|2LzM>3#B=TbyP1BZ
z+Ae;C5%vh4+y1zzL)XB$`tl*_Sp|_>8*Hv#@|nW#G21K8ZfhzL0Qz7#HC0-?yL;BJ
ze+^#9Xw$#&dnRKfDP5YG+If9YwTtEVBkLIq^|w$XeY%z7QU+C_raN44s)~k{+j_Jt
zX-dKFv2*-?-)hH^tTe{BHK_trRgktf{*8B{WfNaAacR<nabgSx?wzy|CT$M^0lUJ(
z+N^tR6?8Ad`?lU9$tnU%s3SdX!T$)H_TWyTr1<+B^PjS<$RF$!i>6eb(q?{MtcvTs
zU4Ewd2Ow(UkSl>X(a};m;R4~~0lo?!5ct3uQ7F;AIKrL`cz(MXn>9i=JFoM*);$UB
z)oOv?ZfZeS3^8Dr-);5bN8?+WyB;ECB>>1NTgOFm9mnD_9}b0y+JF*-wPJ>|t5fdj
zbla3D6uAoZT&s&U-HzR-f@sR9vxVE+MdgtU@FPtch*Zx&VDU)b`iz!XK?$``79Oe4
z!JyV?p+NAfBM0++!e^q?n=){#-7#zIB8)`>{8?`Wm->H63iP}Zuj<i8UreyP&+BUI
zTiQ?I^8xFKEX0rsL14rE$x>NhIuu*i=$n~DUblu2^jK&8nS&i&n!kV&c`rwOx=2f<
zyES2V_ipW4U_3m%U;<UcC_jo5_fpoNkq`){HJb?g=JI!2x695y^viFPin5#sT4z3(
zV|38YZ8q^&1Y+IsgB4wJAs_}liQv6ZE<&Y*#-4z3P04&mKjSU1L*s0K-r$rSV?Q7@
zC9<A|0GVrEndS!=1G3C#@Z$}bGVO?Sy+}2X<3UZa_S5R;Yn8a=7cjc)u;9g0)pmz-
z;7^@=#nRNpB3pN&-rbTbbSW5C_u|y7d=40p@i9wpd!^2gW0=f49ceAbPiTu(`4*hd
zV@*nZBJ|mCPEc=-%$kmdPSBL;4Se`}F61n<novfTVb^u7fAxP;8JYHAJ47s+yBXn*
zvd$tHJ+SJPphikzq&xN*vKV`^&opDFiUPP@Qmk)Fa7vU4l?&~Jyg*z;dG)N@eIJ|Y
zjCdY*(y=_0(1Q!*wYfR5!mef?qGD4XFu<tEY3!$&Y_wVqz%tw0J2NOGTNpL*lOGpu
z&954|xVLWmMzO$v*Jcr?VXt`CiysP80!Ujey#K-*B#=fumK<>VFt+kJuP1ZX+|8bW
zIR%n|)({b=LD#YxMn1Bat9DCPzu3Cf;I)Z;$FSt7(jm?k_W|xNs>}&;@nDVC{jnd|
zTDElsPiW@6GK9*_UKBLtu^_l-1w6UYvtVtl_~dlI%3|~IZUL9ZMHb|MlH^H|ET#Gs
zDF#5KIfqJY;+VN=%5c~*acM(^l;z3rV<95p9dFNJlR5legu3FgG*%}idOwX`-y$)g
z(G`>tg1MWw-5&$NH?n`6a6>cUvcF$Iu0^YRY2e1U$*%A&M(!<z7XzmceEP1i>6WYT
zZ>9}SAbTitC)vRTB%qg71p~Kv2LY~Zy&s&IbG9_ExZUi4Q;ODdnDIJp(w+(CLfzS$
zCZ_=_HsXFj*j+@F;!&*Zgl^obbAXLMkl#&VN9k5xOnudtGxPl!z<T76$6w#}KA1#@
zUTHr{BkxJ(Vnd>Buaj(1{N@$7eNw~`=&qP4j!35D>gl%Lghp!++^TUy<r<E;Lf&>k
z^xsqF7WXdyq@$N)@|6~b$B|_%?#I{dwP=%256U@pg!#fshQ}!I?hqMlAQ_^#Q!IHZ
zIL2Nf0yG(zS-F3NVMZYU38*xq>Nq-K&35?(=QwSZR=9C9L5r8<`AA=6hi*^I=DGWn
z9C)WZ*b;O|EM7w6dQ-z-zh@fN%c{v{AkMoo<%TiGH}-g(tg$+{pB0J4U<2svwG_Au
z^c4JUzP0Enn3+}gK|i0cD7UyiWjq|0mCZQdNq7^f3E1yjFV_JD@XMiAW>!KF!o`Z3
zmsttSHkLk><<Nj{a35iY5_+r)xI6AcO8e5Cn0nO{Gh2%EKR4HIfIAjoyNTd&ql6m|
zFQ8)DYC8ln*j=~^GDF9&2E;zcxphzFh?P#>J^BMCAQ5AGXe`Enlt&8chl)hOs4=Z^
z2}xJHc+YtzIMtZKFZKL&qHJv?46($>vbCf%Ev6%Z5KI=+Zk~zz(e<q6Aq1|23^goy
z%HSykDFbB$8zv|1D{^u#WuWxdG=r~{XQ~4krCkg1vc8c1?F&e;Wo#$jjbUBs>Ssw;
z1sOgoP^vIydkOGYMMyQ%FW@463Va~^&9|zq?w$_+ZWl>@tN^bxfv`mNR^VRYHd6F7
zvA0cB)~2H6x{py5O6*lQ;<MhD1VdV(NOjhr(EXL&k|1;dAokPxbn~EOT?AepTuI2<
z`tEdWCmwgzq|`8fhmPA~z!J_ubFbW1=yK==`o&;c6V`;eiMSG(yFos;O%(6(DC4pU
z1nS=^8FJZq_b$oMbIiIZ!oOqG=~;E>)|bf>xCdjZPX`h0+mGPEoM{4x?;l`>wS1oc
z@IGMsPfS8i_W!ygX<GZ&>N$q^YxN{xFH^&r{n#H$-PS67L9|O)p6&#f2%=F_EE4id
z$=1)k!9?iu14c@q7)D0~31Q~_dVRmd3p34S%J}+<g5&G$<@x)lcNz6R8JhKD*^ysk
zLC4hpWN6lpc|Ov96jYAia#Q(xJ?KSz>+(bfW-TyC2jblMM2nO<5$zmAI^Q$@QDI#`
z*qm;#OrB36n3eg`g&*={G8VWw)-zD$j35+xtYAO4CY?ng4sRTr6L&-$BTih2p;UTU
zV$DD_x-!6iR<I8tS!lz43bxBYUJonAZt}`Q(uO0>-$+VbVIC$>P&HzL-)BJx`|4NK
zOeQ%qj43>`Y{EGAi|BJGfMY9$HXle{gt1?QHPGlO&UZd@UUBEf+AO!I{lw)gmgfkf
zc4DjpHOen)c4ZL;h)I3e{^6{661dTLlkpRd%pvdTy1=jY_~4jMd`vH(a@;bXOc1<V
zzd>&bSJ?Oba1aTMl^DprsP=w2JYM&m!T3xuy-T9<L(R4@4rf?@-d-Q&w_po3<2M5c
zs2c_6e}FrA&a0pD;r~zvSkv%W>a&ML&d<>->h*6o&?{x$-@n3e*O-(C$R51I5uV8j
zoO?`HVDjYvZ}dd|!%WEHFxBt)i%1-3+XNE#vJHi`?(3h7P4kl!#b`}mNzj<dF$5-K
zWz5s6?n?{6ZvZ3?k!|!Rh>A!I>U8juYNMv?G)SlH@7G}-H{o&)^2c;LB(#QEemj1P
zI&M9s(N}quPT5T!u4o@Jmo-&q0GbP2yh@baEaifNYJi9Og_@s)=7}*3VDfWN2Y#As
z1$Tdd$$onZ#rAb7c&8^;0<tL#$iRS#qp^acUAO5nUl<4>4vnAJ01FZp<B$vbSqe>t
zXE1|L!R8g(_#$KY2!(m6`cPef8WaIWJ-KPEw4(=Q;j$8O*T|y`KZ|Nst2e5__+7NZ
zj{b>P#jU!fi4zwtv#QeCrn9{u5pCI#>;RBG_<cYfk%txYes2;Aap4iI+*c8pay-@(
zyrhN(rXjB)j=GW8puHSQk`!>XxOHt^VrR&+JL~9=6rV*=E6`g18EN00Bev9j^K7n8
zSJ})+EwcfC#awQQ6}l#uu7;DsrTjz*ro~8?e&HZ6A^yV)wlM!7g~Yl3GoAD>(WT?z
z!Z<-7mjvE^ZbulMmZk8wtwt4L`N~}PFV!%=?iFu?Y5CdUG2|3E_;Nik9itwuv1}ii
z%IIi>F)0K)74VHDhR79jg)yjD9FejXvdvTegbV`I3|Br=BuAO2Yc!0O>x+9lOaSEy
zbwcri2FYL3&{gpZ!{V@mg-hMoi)>|kCb$hH0}_DG(#vdRz}H~|vN{6x(5D$*XtD0b
zLR1HN&{+dDG#cJwt_BvWFkOl;T71ed+NvG0@!kRWwCT&u5gt{C)7q%o*wsl7)Sm4s
zb_*@=^6-w-JXVCEl<?07*ZDAn2<Kgk{TL+ReWYad(6H5|jD3jtY#}Ebvk!~$6Bd(?
z$+%NQQG<JCNmS&Zl-l7}c}i#b#T`%M9&pMHXRk+XgddYFyP|vm1jp!ZHvQ$r&xzXl
z8aw4m^Bd&N$3qnNh$}10pySz~KS5ak%J6=%VajW?U6kNouu~p+F@Kx{iG5FH?fQE>
z$1TX7(WcJ-LYpet^?PY|2M>00l}wEX;SCrU2<QL6<3cf0CT9wU5}D3oZGjMhr9sVm
z-dalvAY5tS3=awz==+ZhD{~Z`uOL#d<x{c@wb`Z{SVGBFt;lB#08B97zeWeGA{Yfi
z&EX{>DFM5wUxn!crt3=Ec(ErxbbTu6tWMVMN0Pg`J2dL*u0}pnor^AcqHW2j)FLNs
z0wsb4L^(pbm`4sg+Hv)WlGwpHBiJ}}R-pazqP=`g2w~#S$Y%95CA#n^+?03hCMtB6
zA?C+p(t^WfBVjh7ik_%~KUXd|mTA#Yc*O2G`f1SBS2M3u|7;2H)@oCK{?%S~?=pED
z-u`OnqE=7iSCC>T=<V%+%-tE0YWqyBjk6a{pk?1*r|17ZB+?PY8lo0|EU-MWIq9Xn
zxka3QbX3&^3D^!}8mXP8=)H+J--oPhy06Dg!IQ~kd2)aRJ7AQJPY40#eua64(y3~F
z{%RSq0*f0qNX?zNyIyQrLlHD1)q)Y%-(Rf_q{JG1<bUs3v!3XHgJ(PT+8lvNQ%2@4
zf~H)AAbbQ3OMqd$^WJt5f#(D!ZGs*zIR(dwl+0t-csHJvH~2SAkW4that#1#X`*w?
zU!|@J3xz;aYxWE@$z`b01ExG!?RZ#Rtt72XK)BG$gqRVgeT%nehdR~Ixr^)hVO4cH
zU6b?A&9du-^oMKfE+;DhS7W##h1@z_&Qx%9b?wxNLMd{(piL`9)l!KP^4gPIG^4D(
zM$Bq`AE4;Wwola(3c$<u-76KVOr;wrNS#qkS;4{5wGi^wuaf{C8=`;sLYYVsOOhlp
z9bn9H&wJLN-vTBH+=t2-3!Lu6DeAIPH)7|K`p|p=oZv(`+UTw8Gmz=LP@Lk%AJi@u
z5vJPE&}E1%pw)r@eL#M-qeluE!RE~$3%n;irQ-<_E~stgbt6!DT5gdqJPB~H20N5*
zPv;I$rGMJ9UFSnUpwaUhV6Te(Sl8XB_g<c#{={UNf}W?1`f^iEt_!h&@j@TD9E>;C
zLo+qAbGQP;JT*kn@nKSu^5K%~8!<iOb#(LcgN#4u)z0UiJ@ll}Odp}>tDl0hNBvgG
zZj@7mxh;6h7B@CS4J$i-ep^7x$R|ezm&$6b)W)V1w@#_us=dzwb1Lp>wRhzWQmjBM
zyrh7mgd0=KfUk62N$t~0rr(cyR+QWLoxKdKf68B=+tPMxT#>RZIA5$>2#Yc%jZ6hz
zk-%E_AhfAt_}6jDyvNfMx%eqD7>2=Xz&cEUeE5j9g+b+Jy}-N;z1<Mj%S|FlZPLD6
zMtKj9r@1%lc-I`gACrOmP2(=|XP^rN<f3t3(aEH77>MSc8<$X1sD~Hrv0cAhZmYg1
z1QIov9a0Z;Fye*p;yW|EL(U-OF+v@nQ1A-ZwjoZr9m*qw>(YV^5zZhNPLdUvhQu>m
znzHtXTwA3cu<@O1liU1Si{pX}@x?5?J#yhF-Qttv6{ps=mTV?F;%mFG82HEv>y>t`
zrD+Io61FYvT@r7Uu&k}Wp&WWx_xMs)owKd@Xsja%4Q)nkcl3Bz5?*JjvW^y(09_g>
zuX$w`3^3!@K#5Pyz1<a?>p(5Pq~>8HdB6vgS1lU+h+0+OWcyyKO#Ic$yK$p1tbuiY
zcD#ho+)Tm@*b9xk58aXPb5okNXkH0CoGBt=WTwEH_y`_2la^~Y5g`oHNJK9{DcDn4
zLQr6XM5<x@7rok|zvU&o!6<<w8!n>jqJAzU)p}u;*++c@V5uLO+<u4y0TK#Q_F*V;
z>yH!G0N|uWxsghIU`T&&EuhH3Y@QKu1GDH$jr{a4fu3Q`^(qAkd9vlOV!6c6NyaX8
zrpU2D6&A(-UkSjPPec3Y4fBlSod1eyb#!iBe#9!+ttv7;IcB*v*9-=W3khZlyZBno
z^K3*1M^v>34D~{(OF~PD!JsC-riC>*`X_d51=7#>G;5${*6w$FI_g(Z>H8n9UKUVp
za%%WL`rl-bNfOw=XNu~kR-Q}`PPm;igBC_d=sydCmz?#D>vGx~@U*Knaax;M4y^&z
zn0EW`26MgbJt<rq_6k3hrY4rkCqC-^U<w5WyH4Fmg;p*>Rp|5c%er#!aL7yg<T>e)
zKw^JS3jOqrM180qXqZWS6IEuYqv__#Ie&4?>yPQ@RG}lElR_RNEXU<w0JV?~bkvL<
z24ZXKcr?PDIwJMtu$v_=JW}h|sKZiuy<Ri%VD7tYQ_mCY6peZyMtv3;w-LLwE!I=c
zQP#PxHMWRc!+`)7H3bp`|G<mj9B%vvz0dxiBJ)g~od5kkVA7Fz7-{>1Is;Y$km}-#
zAg!|vaVmQ9*H0>52Y_Z&RS%l-hXxkz)l*K@rL{wA8J>594ZCui&cwttdx|H0yJXl#
zF!D!t{^7BARb9Vlxym4k<3hvXtH)ppVbUf)niwm0m3>$~QT}96zoz%=p&DUaNwP>4
z0cE8teWtBGF}J*crbex#Jp;NRxJK<qhVnNwk-AI;Wf7Hn>1_C$x~5YOqSTWpD2tFz
zpZJ|!wHd8w{Nr3Y>Qa}bS|eTl6Q0qaEW5J6T&UAQn`FF*xmeP(a8K1LycE;}MZT8B
z5~zCeTF9lMbZ$#}iur}Yh=tt<Fk3fq^prRRp~s@;vL4yyP-0PY&ZMpnl3u!2iTwB3
z<a*gS_8%(Ir<d6RomoT+^Vfh8Sr(Zbp(NqGrCXe|6W(c*Jz8Tf&XkXdR(!aAgF{95
z98o-#xb)Yn_<DJRb%k|j{+0?y8-JJ$0O_TraGPY75!jq}MB%eWI{xl-mC(tU^`<&f
zm$H)~DP*eAAC+|fB%Hzuo#DoYq6Bi>y>`fcm_MtBs=l}!oUIcX{vzX<J{BZWgyDHz
zGD$S!Nw|h5aSEA7(q_0$5<MgR+}LCWvm>}6l97MRwv(+{l_Sj0m=E=86GDI7TfNwi
zT^-qj*@ynLzvMbLeB8Cs-B#h<q(<6&nz*s=9=qoD8_|*SSVF4)<zJLP+1Wfgclf@m
z)7gE$)$?}pejZKc_tFvwYZS54qnHe9u5xefct1zi+S-fVMMJS|8dlcmpaO~azuraX
z*YVD^V&OOr;zIvpF)6LSwH1`mEiY8A9@I}pwCET`lNbmPR|^Kv!psR?sE+NmF)qvg
zty;u^`KT>nEOCuQ?nevZ^zi2Ow@E%uq|HJlHHuzl1ziZZ)ij8{YM_};H~(9=MnMXk
zw2_saa#!E&j%)bBwWkuVJl4*<qK#B6J+|0g8bN#lHT+=n_<ftGWU)#+7%DWkVl}6X
zWtn?ajQ7vsxJnyMT~t~eI0_r`{p_xdSHA}p^z?R;ESjcNs*GDoJ3>%28h<ubB<8QO
z^xOX}cE4LarpxI&@m3+m-cQg-AG-xNGv3EkJQMm+)a?GM*qSHf6m=S+k~zqrP`@4L
z9?N>@CV*l-7IsI=x5H^*&A5nRW3B$o3Wx#FqgatDbKU<}+(Y+SpGK0*-;4+dOg#^P
zc{ZwQS;Fnt1QA>pPCcG^jxIy8n#%G8I;y=`v(W;|P2F!7X6T}0zvysO7S9}Kq*$Ng
zN(*OlCToiw6do8pP47ksm^ziFoFA8ylh-2_&B^O75UR4|;h9{O%FB~jB99o-FLdYc
z5ksuvNg8}D(t*GyLw{7Mw1S~uehSF-3hO=??1wi2hEDJRMyaZ3RM~LvY8hXPA74xQ
z2<e4gi-R@o{>*Z0+7Pzt=A>`@{lq_jtG8U^$|d}4$s@SO^moLZJjqJ6KqXG>gV{78
zKh&UfIG+vNr86H^*}x)YwLPELz(I#RiB6bp-*`Wq#*LN-)3*uiI~*8|kk_E%aEuIe
z9HOiS1?4#WACNAxv?}zO#eH;vK|r-o<&yM5lwKE>vl<6_v?zfgmm7~PaKBHoEv{Ur
zx6+tWk8JZ_v|9}yB?E}M<U=?~04<_sY(&3z`|o6t&c6L{Gy!-bUA#s`vtF22%yXoc
zMjBxUAABK(pdJ0?ZkKV8_(Mt@c4MGqE+0F@!$us=sxNwcweQnfLUJ0sac8pPtj{yz
z-lD0;k884;e?ty8|ELRj&LSRGI6$6WVm1J5wx@;XmMsaU@zW8#^F$Tvywj>l-`ayQ
zV~VjFTM9w?vD`P8WFjlGl2bU+*bR#MsgAY~)!;%-^w3DRI?yAgh0V?pGD~(f&o<IA
z>{ATl^<o{+pimc-<?$*_aG@hUfiYG^L@@FBRd9=^+>)5sn9$ECu0cCY*Nalva?OL~
zGNZP)8?ppy&>o-JN>EI3m>jLnBpxd!y<a9b?Fa^57CCC_;O|K5=#9U4<dDWS?M9U#
z7a_<hLe|@SISKnkBMS|JBcqa^*C7Kemi)3;5c@2XvID)E(NY>0pVvJU2Q~r%>2(8Z
z5<vbm=dKn0lo;U<&HY{XG1Z6U#zK6-ApQ_)$=YC`3J3G*9}G`;9%GXJ+suaPlYWDk
zn=$7PP~H40Kf0HnZ+<!l2sIAq4lR|>%9l*Eb~rWDoJ2amaF%+Z!#$IoyEo%XWQ!vW
z2{&5r4+$SnkvM8x$VvjpCX+Td&$RrLl2|;z;<TdU1_#nc9V^=hduo)2HZq?usYtLl
zJD;F^3#FMecl&n8>L1VE^?uUu`>Nz4{TzgE6qhzX!e_6HnA<HaTw_3tIo5m6*-=~i
zajl<}6HXSyQ6E%z^de?B!Kq)1vyw|fJIyacE8#$t;#o8>i&ObXzc2|g*y3MhcwyS9
z2=1<Gb!2p#_pm!n)W9_Plf#cYg?`1jew6h#;9yaCSxlfKbuQ=Wyz_jt!v8n8w=Ff|
z&_Vo(oSwhAJxv|<*3;fe05aXiQxya6k&$mOY?Mumr%j#f6U^cRdaK^+VadH51lnj8
zjqcIz@tyqe-KG6&$#DI6D+kzVS5qYKm#TSpQCfPF%sy_&C8kFJcJl|#OKzj*pKY1^
zl~&3+2kL&4yaz=^)W2}Q)}!y`>?nvx6xwM?BA78k<WcN|&rzTVkrRHjw3py=nfX<>
z$mv6%Dp5&hhxy`Un7BC+KS0u?XXekJz;y{L^2=eB`tfV8)=#JX+qQAX?#O>=v0*tj
zU7Ws8t!Ve$_wR&0*67FYnXlqMEh#_0IMoB+Sb5RU<<M&1&EHYwzos{9?#MfeXQ{dS
z8R)Iw`v#pl47@2R+d8#XPxFTTp%>pA5S#6i{^4`8cUNn(r(3&c_xNtc=6x1>`_^Tp
z;d`dH`2hbDudDBoY*Lx%@EZA)c<Ybe+l^A(uuxWn2tdg!?2D#XVzl?H!M}Bp>*-gP
zj{{jR{vMrg-5ev1Vz|s&l;UuwO+VY-c~Zf2UgtU1$D`xXckVIz9{{l-XR808rT$|~
zo{i(b25(PmY1?g$V0y3C61+D>x|2KQ<|7sgEOba9G`SEHz&qek(3&9bL{1$`wfK6^
z>PXPFH|mTl`S*mS;?7LD@t%H&v3$hMU*V&(==pYay?$3GU?z%4OgBzuMllN0w5I1L
zFyuE*n!Jq4%%Vp*u>S4bm_ZMiZgFXT^W!cw^{u?A)NS6r8aTXFb?V$^|FV;2f0&)r
z@A0Mn?dTl0nAzfD(YCLuaM##hZGbFH;=>ts6taow_nGTl5{W{THsL<9?AdcwJFuHE
z?Y!RDy<h)3adhg4si$w;DqElK#B4Q?dD0T*woK<$w?2X{>fZDCXnXqlxc8mp;@;a0
zImnStUzFFld#W~dP~elNJsRTjTD3lci&A;{RbehguF!&zw5Ib1nk+2A1EHwhr4fVq
zqbXKdCA!lq+>$AjYc8se=hg*bDakD4C?o_?Az^}Kza1)&&30~hm!6(am%&SdIfbzj
zf|X`*BLQc}zPso3P(Fk9{*WG%6lv#fFSLd+d*!B4^<{Iob5AVr_`RGXUJPc6eT%CL
zmJEI9><n_1lGr$DzuJp^ldEiGlYO5x;jhKHf6<|dQ-Mq=1D<%9zrG?-nR)0Z^SP&n
zc!TSh@a4O$)v!w=y;>#xKBc?7rtzs2KBvzZ+1esM%_aj;KWW+@5kXSmT=Q&c3|RDy
zAnen7Fhou9(<l1wf3KMx9j>?hA){Y2p#Ghe2dDgKF1l>8?yvIgTl(y4VxR8VHIwe!
zHu|&Z5vTn?`_o+S42vY_rfs_zES(kQH>ZR&!3d4A^H-NfsQ5Y<H>)?N7@aOmhzx(t
zV`3?tjzlVFO5nEx99^~BLhFK89bCD?@CVvom=p{L|J_oqmPcz8IEGn37JvRBaX9{z
zCZt1TQ<4=;AkCOGB!NZ0Iw?r9Ck)O16Z)W?<M3LfmJLHzO%X30RvA{O7{*=>8Lx#Z
ztbh~6U5wT$?xRM_d7u$FS_Vp-gn4d4A;O-%3XLuDK!8q3gt#71hi1iBf)qdsrVsf0
zRc|N>c|Z<fJH~?NL^&(z%9N^4-H8G=(Ca9|!ERY}{x_()pVcD-eSb9|1kZ>(S{9H7
z%a*QGkpr^W&lQ2ZBD&#-Fz!ul>&G(F7SV89CY<+IEx2DMlr1E{AKZ{1XP^_%=4*u1
z?yV`e$^$OC*62;BzHsz^PQ_-!miUA~7gyJbz<qnQaPZH45eWmX?Tj0TVd|tP!$TI-
zS|mIgnwr*kGDX^!WDLq0l1+P<G_Z?xkQ2b}Xn0JAdFlun*yJ86k*AmwjM>lIJ(SAd
zaB~Xw9-LEai%WvJC2%_KL26in;j=lyxE<wr3L`nPxQ;~i_lQ&yHGw~1y~%qmo6*8n
z{{~BFQuk-h=XF={iqvFXTHh0#4X($8_>6GG;ilfBb#NWq=XD@B8F8V3+?Ru;>%%*%
zE8$ynDCt~Vmt~Pf+oBJ4mbGJR;r8`Gr$$JEw7H%AKPq6fw7~9YTmj1>?b|EZM8A$n
zTzex5<swV>;J!}e0X=HVD$Y3(6WW|{fXxSu+1_oi)x7Rdc5K|i(ONPZ*O{8T7>_7v
z2F}?Sq0NGr`D}<|2oD>MY8ir)8e3JnBQw1@jzmr7+67XAjK1U*J5<~C&;{Xj@7c(z
z>WG4X$NFpVT8#~Z=@}u@h^u%q1mMZ$E*Mnkc!O13U6p6!rJ!b^d99RV<~r0}ki`g|
z@k(LEaEl(8S-~p^e>xrCg+O?T9h{XFN!a+tu!T7h!@<b-ByegjoB~i3^H{gcI<1uY
zVm!&*gpQ5UGDz@?rs|ecB<4UsEDEekty2KdiV>3D88ZaO>8_J3K^~Oh(D`by{-EuB
z`CEq20q-hdT`7u^M~2<m-4bd4oSuwHhl+p}jXsRagrBA8M!j=^YoK0cG4Ukj-d;GK
zMq>U8!%03U>Qi1(3~^H*X8^5_-%h(-SW<IZj44}mpBf#eT$u9$v~h<DDwY4RQBJN$
zkE5an^2S!ZE5y>kW|nxDd(v$c(XENJY?N7*Cx8ITa#m4Tv3Snp`?`7Q@#+#iFyeZV
zBw=RGuohMjD!%&4nIr*%5Nba|y-+@YH}ogjMvQt=WlN`bri;tgnd*?wdYwXDv~Gd^
z``F0?r@I7=)9%ZK4;cdlU#^SQ$MDBPjPIgk0ZwU21v>I0jw`H#og8&^_BHI>V$7|)
ziU!ga&RK!n*}#kYPSkl$&P5Ge{7((DGiFr;Q~~9x4TQ%c_?AOYv}%+L%Nz(RAoq5)
zn0<{}zH9?@@AlHBOWUU2^~5`06Kgr&U4A?)%>q7hqL={UR3|{ifmDyKu=nmTq=FBG
zPWZht4lt(RQ~J5cj-qKC`L>X5&Qm4Ze#gz6bru>;LMqm?O@cLcnWRY$04rk!-Qx~0
zCg%%Xc|SCZl+8JdN01d!Yqp!Bx``ELw-twIjSU&9V+N|SvUzO&(-X>CFpz}TBub56
z05y+hoZ&xj5m}*sx*bGe5rDyo3sVR^izslJ*WS0}OWVo7LBU1s#CJCh>$Yf_3xdy~
z1?4xBcP&EiTWul{mWuc5p~$)%pu0EN_4<h@Km>EhyI~l%!MdG3UWi&b>XmJQmCo&c
zTN2S2*#I!=&a^Dchr;INfxQ0tuv=K=e-f>K7&YRw(LwfHyi29$Sa9=VzHyv8ddSSH
z4F#-<oG1GQryjBVu64k+5;M-h2tI#(Wr$bdxB|RFWPw;+cCOyCr#D?@WRh^KGSKXh
zQ~3-kIs9UVI3`dgiPH>66*w+7QpTPt%=rXITiM+L5O~2}ZM3}kvUqfDgBjoU`zI*=
z*8vRGt8<#grw`S<Gp))IU!Fju*66X9YakM8%|NQMe3+JZ;KS33E<6`gObVa2r!3o|
zsV&Gq;Gr62%(}@H8>L4NNT@pmbFo}0Qvp3fZ-Ea-ysA&9ew`mTG)B+E*(F_4*K)yk
zX-tf^=@$|fx*d)rj)}TF&Sx{m3cbB%LOUqW`U_+tyc5?&uukSI_zF-mSmV$uP&%Wn
z2z>1ObWK%p%igP0ctI?iEVWBLoO0yaF&X#_e}~Bo%?U}!r+A8`a1_4<lV9m)r{Un7
zGqfSpSZWvZNy7y@0E9^b9+~|K@vt!-wg{Wl9v}&SShweR#tLI2UzKTn!lB+BPT67w
znD>EzngXzo_=a<XO}BL@(3+3v9kM{zz-&87=u~50>=IC^E>M|W4@JP)*y(M`ez@Vi
zAZO#vc*Q#)nPVbbX1T#_N`bxuJow{5vww?6&Jr@wop7Yn)JCn(eNTCIBQA+ssIuMX
zs=3X0=t96i`PaG;7M+s|SNs9XxRDu=>8J?+byi-nZi40VJFQ3LK1gOIV*q@EnohGD
zvZ)EL3LDqkNJ^=i?wbMV5f<_0{wlr3k{WL`hTQzfz+F_`J&qS*QbCrjuCpvQE?9cE
zR!r!oy^3tgG8=*GwkAnpEJ@U3UYiH{sEw9qLxJYCDBpx?s}sY>17;CqlL=q0$9S@B
z1*~kV+2}99YNQUE{_|X-M8EM}-HX1FXet(%f&mkR`~fwL1t<UCV)oY){J)LDOw7#x
zy%9i5`qwCo*mGN(My$Ee=g$AxwuV}I;Hcx^q0BkPH&>|{KcBEg(_V0(p9|kNWe+yM
zL$Xk;Gc=E2?d-e#+fG>D<gPq-P|M!*{rU285_y|U_diZywXGfWEa(E={A!Ynih~!I
zd&~RLht^H}o>#rF8zJE=#yBLkt}yENf&=5mqaFJ8x5?{iUt5fw`GDrXnBrMT!`m+>
z%XUrf(YHPn6!AjnrFD+l_M#-u{C_EY+TS=UTla#nw9T)>;(2b~oa7v4Akg97rKt}Z
z>>4(lj4%e73~R%Ls^giuNuv}jGD&-tq)I_en(IY0*Q?fUQb}7QS2;BScEWp<!mXOf
zk~TSe>Z3T=FR%rPQx<zDi-`xu3xX2MPIC8h_!@Zs=|EJaL04r3RvLwwGlx``1VJ%k
zJ;opsyXTV<Po*R3fcgmpxfp#91C+spe#2Of0QpZxsXEcri8yg$VMJF+0!vwiFR_7y
z1kULhtQ|2>mOzylfLP(oy3FW^mnkF2QkdYLlH)Ps5Qgs^e-deHb53nuy`T5JEH~h^
z$7@t;eaZ4sMT3&)D(e%laOyMkc2VrR!fF=h1zB(-v+P(?oq?EpA+ZEQGz;l~as-PU
zX5T6HL8gGmcxb$zP`!JtUG30F6Am4WT6XHbiMQ{)R*WQ4f}(n%7*VT>@9)OklUIfg
z@_idMdV8&@{1WTh^l%$Fq==ec7Z*HAM$DI?7Td4QAFtWh#@9f-F=;uf+1;eAyJJ>t
zDwl8WOn@cI;EDw}%DDO(6ayC{o%AMuxF%*drsAKozJgS+MZm^Q34$?X(;OAFkVz93
z=LV&atDoB~%dBApBdnw+tuq^Y1jj0zD7<3c`C)Sg(+%Gr1KeT(nkv9e_^<PX5P-!f
zn*j>wWVwO-my2*ODzj2tHqImM$C4Kmmee@OfFvZgO>3ec%ne7HF;EOq&VHE*!b0CN
zb!bSIWkLmGN~+}5xi8-$xhcgc&JONAUNH3y{3`d;<G$Mbz1uFUc&pEs*B4)=m%Z*g
zBj~p&QpAva>g#^OC37Xwk-BUYJdAd+-xiN|3U=+D*h_@J-3pqYRu-a#o7<MF70r>9
z;nIRtMqw%f<d<9@uPD~;=tn_Y%P#_RD$k7u=d;8{yuT}Q-Rs<nYIx52zJ{aLj(^%J
zR5P1x-@}6y8Un1q;YA$PkObZiF=GN%gAvpHmjdXOul3rvxw$D3!1wRNk1uY$+RrFI
z_!n~S9gnrV3Od~Irl|V8&^-}Mm&u!7gxZzv+sw-qpS-12rK}~gM)X!d0Rfaq`c<xP
zNkQV130NuCfJA+r?hyNEm9O{ICJ)}nfF8K|AeH|*2OXNZN7xY&f0jO7TjA-giAg#x
zj|iWBws%M6W5yDtUNzR<GAM?PoN}85`%AlAE;e<N0{JN&YMS1ZuE#aHNuX0m)LL%t
z00q!L*q?2=oOzr0KE_1+a?KSRt#TG2AqRRnY9FjAdg)VnAOqpy9LQmWzUk9V-h2jy
zA%XmTVkO=6ry4^=1D}EfyUwbxm?cOAQ&*P8<P$wt+%(}+sn9zqWGZwSok8Y6*V#OK
zu>I7PAMf`Ug%N4XlJv|<Ju#%TD0UexH%OBB<1EOy=CkI!c7uhR7~nD{9Wv|!cea_1
zxwstK&_?wMf-l6XX*7jwj%)6clV^iJf>_8=Ag(TSWxg#A0k}xoDhlIb*`xO~^60j|
z%~Gu%<13<s0--xOJF9*y{`mi~a*gh(&#8Cb%$=`^3w$3o`I#X;=zEp&JpltmMCrnd
z$pVBRp-v=7kYUC$#6!#=X|YwHBvRZ0HRr!IIbtb*@d<X78B6hhv;h0og<}#4t=Ape
zi9rfkcqHOU*)y#XyTzB!hYI$+QSONcAQUFnrhdBijpx9HGB}Rhw{_aOa-(N1d!@`;
z-v7MZhj>Be0K7|sK8&vyM8)98=H95Ln5|rss2MH{Hq9R7&Dz(Zd;2>h@&}vMBp;;r
zf$|gzt)+mki2+waYnl0uE;Mk&e^pu8WP-~iCH>P`E7yUmy0Vl85w&X5G1sIxW0G0-
z7<dP{Y59EFS^J-AkMrguP1ak$B_(=szBy6P@Il@Bwh63YqlgI?*u1kljM7PeX-08K
ziKZx8PFovdPASA=V(VkYMijm`bN?LQGE929LbPB4M5zmu0h62_Ud16HoNmsgh0^o)
zeK{9S!`wyRuGl*8d!o})6&z;>sp9S)2>C0H?c8i7uOvcHfP$-9_gIdK$@3a6VnJeI
z`U~f7+q?ra7X+brEae4gVauM+i`caWQGx+sx6_3-0HrtdoyvA0@zeuE9gGS)Hdu{$
zi|Mk=jhJH{#Gg=V9PAT1>WpfJb6{EdP<CbOF7pWm=H=hXe7GCDF?dC~tJ}(St_i#@
z0L37Adlo2Bi0(LabRDOj0w+Dm93wqGXm)cp_Nm9rX!}h%SBn*YbFm6s1#!495#ISS
z0m>pPj_s8QR1qD!cOdCN)IYDlWJ$`gQbReeLBDhCDlxSYKlnAy7pb#$jDoY``<w?%
zp=@&U)R2#^mEv#(xX7hoH@#>Y6m~Ap`%7x%ioK%0g6`?pZS0$tOVM*h-%ec76qA?q
zTe)$}nln<uFv-e{GX0Xrs$EMH6YdsbFz`dQBujb-y~2!F+Rprd84w5dw-DuUmvNPJ
zPzPcupdRcOTIj7MyMD8;oAHDxv8Jayia301rUz>hSQ7IvW2RY|Vj6u>y0yZ&4vtGh
z<MT9EuF-SmCc5-2Qgkd-kOjij7|Ml8`r^{l!gd7B8aS1qp~7CzI=(rz8GkXD`F944
zLzhm&T7HSOj1~hf^Q71I)KFX7XM8jk?I&~PgN?m-6yGmfiH!CR)N2R1_Z@tG^*c)#
zRd_G=r21KGqb`pwsQTNrH!+lI;}RJb(HXzc3AD}`*z#%ko_#i#8z13DF4r&mzuq@y
z*dFk+cOJeWw?7pmx!N!Z{@+(2Uhh|U^&8!FdrVxM-1%l5AL7_Qp?b*phpa9p!b3X3
zuP(MaB94a%5%H(|A?9>VUo<A&SRK$I={YfZ(saSli5+S7)^?~1CqDqqWw9myTW>M4
za{ga>>;Kj2$HDUdxB4-#{MQW5Z7tbYY<8sXOZB_9zxiYD2JwD~1mk_3fJl8|-fOyp
zp_<|nQO)9=#+VY{Up<!1WZT5gZQ@8^0|0o5(>12Ozn6ozf~K+rVP()%l$vl$#0pTn
z{;I%mt<zrArIBD&o@_os{&as+ezAhK<`Gc32%jH6{&dJXr6JcA;j{Q12kWO9g5t~g
z(D8jrK&yJFA%?}b-l72KvFM02AjIH_GN4!uXIu#i1TdBMRuOEiRhw~y1r?}emiIzm
z`Ckbj<p*u7v~{%hls+RmV}EH!5Y{@zzGbvFAVFIk5|c3&L2<x#3xqw#q_ePC1C!5b
zOnf4NwlP1VBMMAhK#&0xr8=f0N(ouMg#eZvx)!o3)Oe6$ki8;7Onn)ZfQYv+P+Csf
zFiQnweF!M6d)Xk-#SoW&qzk5e1^Go+#Gu&+#AtU-u`13>;#gd;#0M8B{ZknE7sN;r
z25BUr1#mJHC{CgWR?@@XG}h(WG@%PPlvSflrsU=QYc9mJY4*AT$_yy#L^R_x!qs)4
zl`%jW4JVI%XO?96<!7&4{Y_LRT~hN00S0c#iIEUo3us3vrET)BLt0*xhN8`F7lszg
zb>^>A5pG5R^nF8Tf1D#?o92+z!t6U;=A!4zyX+h7dKN&6*&Om10!!xjdRh%_7zxe{
zI3Z5vA~JEEcVHeFZCk;-k^PR67^s(R?TQ-Q?~Urc9!GuE4d1S(r#%}rdcGfSW!=6G
zLo<J9Qg*BDd^NXwuGvmHk9Sk~X?lG#9pZOrQ}}Cl>;|;=(Lg6bD<dIu$))1Gy_F(m
z30`d6?}=#iLyvb?>{bjtP`@7>p3fIurp{~kGwsk`PYG%UHepzc?wmBf4|9JWaIvZR
z)){mMpV;;Je7x9ct+VYJBYGH3AqOuC4GU+GLgqz6rlW%NYwXyzN4tZjjZ1FIQ*Aw3
zE`_hFZ;fs8GJUr4E_>jOZMi+lpzm70VlF3c05t$^ZTrev=z(L7D>t7%R;ej|Po&!o
zGs#}L%f1hHpw?RZi;$sB*#*A2Fnz>4TH(FH`t164{P1~hFC4HvD_y3?uj$qP!Q;xd
zT9kObqT*ZuGwJE*8Aj>1C_%ohI$_qkVY!OS3TdT%zD9fD6&cmSX4Syf5MvhCz>C6G
z0}rMwg*f3gw_U~e)!p@3`+T81$sgv$CO|_a^XJ8=Y;&4V%UYrpcTWaq%hSby*!3R9
z69h8ezgAP7nJ=0`4pEP~<3ir_Z1WD)c5T}(ZMlsD``)VmXD$$M?b;?znc{|iC*#%y
zXq&uUg*Sk4O}BSoGYa)vu)^{Veb;#>iKDoPC$7PpOk8vtbPeQg-E8BwT5NY+l_f~Z
zhGAU(3qBJq04G}O)7(V1U7GasM=+Px@ta533O9f1Qvn2V*aX&Y=3_>HsOSfrHa-qJ
ztB*9;iVJ3CY6cf*iUi*OY%z|~oZ>{g8E23rDWYc%$RZSk)pQ(^7v{oQIEs@B^`ADh
z<Voqnx<=HHCP&h^4$PSF-bB{8hOBx4QLDDI+HGk>!b(l!AumLUe<D2ZFA-cBMv3%_
zmO6`ya;4+|ah1;bXq*2_XUq7vAsA&y$(sUvd=@sCLHrjpCp{EJ3!5pY_fdvo#aWd&
zZCCkxeNlzg4uc|t68~%#bObXxX^#9#2F<i+EpL{4I=DZz{XlH)L$hTzUM)s{K82*#
zqER-5j26T}#T<+Y7-yI}g*2mNsIch&POye|e8Bv0i|O&=oWu{&bQ`=ESob9XFP3%t
zmw`Sa`>4O`<}|MBs@0}-@=&zbhT6N*Tl;<Gy(MQcQ4)yJ{dmp|VgXZ-?fRJe`E2yH
zoa2#6p(#oOgVTBWEZAC<MGcuq(0Ww~56D4I9ZJ1s>#gd7R9MI>CVMz2Swdb_rVRil
z46hI!2(jOPe$F*KT%8qK0EaDn`KL$6j<3p&NZcnzf{Q-q)(?VW9lDp<e<>2g@mSG1
z<5od@KnVh1XqLsOo=IM#TBLU4_Xi_Jn1hSC{HIV&MT)DKgBy*+Pdo;;j-PBw>?PwX
zWZ#|@_pJwN<xLWaQ+e;ckZ(RT$Z0!Hi&~jyToy=NcO|87i-Kn|*r*PAZU`7fE4R;8
zuHeElI=jiELT4e4DkeMe>U~ECHun|`cFJW}cu!O<N(*NEo3k~>v#C;WtlG6+Xw;8Y
zCab%TUkr;&dah|Z__ZGcR~oh0ATT!OHi*#qRg%+?6VQX?qMxns^0OD4=t0AgyWTy#
zV~1u<f=!7rb7%OlDcV^S<j)thX8#Xk=M*DK)NSjwZ5z97+qP}nw(aiSwr$(CZQH*4
zp5#wXa!zt@B`aC=Qprl{VXQgF{6+|4SG`AB9L518m8x0LesakN#1A&q?l2v{l5#Im
z6&kX6wLRcbEyS)0e7wSazW!;vy&8Hw_hqyXQ7wLUF1*wd@Bz*+G_YkZXI)T#OAERZ
zj#Nj;t9a{?k+@sk-($qy%r^2aCx0|4n#W+Nk(=sAW76Wa;8RGanfW-dQp5fLyc74$
zd^oYNR$wp8^|4?Y81Kh=$=0UYC(nw7O`~Mry(VycRIThS+ob+!dy25r?ZJ5O19>x)
zMEIcm^Y~FeBR6z185@OPn-z&LktRQN;W#d8&b<6l6w7n@`A2<iPSUC&2Hc5xI5f+B
zH;nqV=x{gL4Hn93IKLm}rXYh27UkD{#><4rqoz{v-}_w)0UN&yvG4NSUqk237nb=I
z@b2rXQg3bkupi{9iUhy_sTj-ls0@JP0M0dzI9gfodq0y%N$>wDIG7m!yWsc_)SHpz
z|C_?NtSRF}+=}>5P)re)6Isb%#MrfUg^~QL@fgEvtxUfJP$_giMILDuTs`-`0@E{L
z!7$(_s>eDJK^kJ6-K=ic2JA0?MymaG>^-0UYtZ$4iB3eaKW-_xcql<CPHAaiUZx*o
zbky|dg&)VI?fSmQAf*iFa?37BTc}W!v`Z${ERvjaC6P3W8kDo|yS5Y6vv<{=YJ}gd
zWYEK7*GZ~T84lUBlrZBuL?)C}Fr9<fcsOY6n>1c!1`>>RAy0!q<g0;F<Z!(5?R;(q
z5)4M?-|Rroj0amUfY@~Uw)`cmP#N{(v(LXgW)wzXkm*1qgVKVNpVRsCh3~oX@z|l6
zHMv}xGqc@D#26i3k%AyCq?`5Kar8(qBRd|%Z1<J4^<CfeHwY2zu6UZhXQ%IDt94~e
zWx1}rK|#qxx1!9SDI`>Pp*X@}WtfkS&bJ5ReweBvn3#W1Ra7B(Z29Kk6W_xnhOf7p
zUFmM6*5QIye1-L>WAmajs&#m210pH-``iJTDvvnNe624>0z-g-0w1;t426_@1T_Wc
zApXYm50t~gruO_+VRc<uS>~ZSpa}^MH1PrxcV;a<N=r@Qo$pX1$?Ta1ZSJ{-(u+0C
z#id~$Wf45jV)ddXr)hA;@p4(wY@_Optd#T^Lg`Q&qF*>y41YmdiYq7B(B#%SL}NyR
zyG0h~QZ%=;hk^`rPjNvi%Vh^eKAJCzYivf+kF|*ijmc;(D&z@JLvqq1fOrxF_h_t^
z200fmO{A&-79-R{x*g+$+vfN3Nz}2VWV?GSitWADTMgRp_Lb`;v-CrhVGPho`6TgJ
zYO0IBmy}!W%BN{L>dHnD{-u$olUo}f8i9$zq{p8c-AL))=$+#(|3@O1xtf@&L_K+-
zejG{~0lRp!5g;;v08hZAdklkgw0Kf(CCRuqPz!PW%Y2%$<<AP^o0K2|<THvmIDD24
zKvk{TE=o`M;OG*h@MGyd!wIXBeg@rCek=pTC&x(1=`jL#OH-(G)nG-i`#t%@lQWKN
z0W1v#8K!K3fjUqXpRN7P#2)=%?RKC(C+gu^BLwgi7IR0_GAIBlq{4PFjFD`LGtUhH
zrl5n>`EQj4T$4q)WUCli;kHKh(iE2VeN>4fApJ|}XU<!KpS(JjR0rA_l$H(p&7$o4
zx?&B3%31W5Mb8=d&AgIQGnAhyqbN#1VYqLUqEIrK%#Qo-%^%K`?oS~lH61m@v0Kql
zlX>hSG2f4Jefy!<hBEL}j>I5+g0SD9aY#6<T8nAI33&-C5r<Ll+M;7heO>xmu-=*e
zxl*tIzN(IlRDoQR=28&3U47m_Id>);Zln+ln^hPujuZFV)5$YYDySFBL>VW`F)s2y
zYY0d&0MK`bX5hMpXstE)92{DPSe+N~#fnFHt^d~u7a_XvPJoyw4HmIV>fqAGLm|FY
zx9C$PbXq4ybI$Sd#y%&1=HB&!6NR#GFo?O-#=~C`Upr$EC%Vvnm!B@8ZoHyj`l$xS
z9*AAkD$Q>#2Y9Yi2>{Om1}mvZfW8k~2BanpiG>`{BAC7cR!THLyYxm2CX!d#ICdka
zN|M5kD!=bSumDKFnus4^<Dl~iRK4sdLh^KgzbS{$>NYxkIv1_c-Nw0>goa(D<@C=4
zk@hzK)BNe&+TOd1_hO;1<@a;i>UN&rnRx5YIr;FskS0Zrt}YB&|CYSb-<dhMO&g=_
z(oz_FRTE*WLXm<NC0C5ONlJ4^FMvT~%eKD>w>c7h_z^yOle7naN&hsdxHjh-nqbro
zNnIc5f{hJ|5K~@xQ5t5nU53YJtyuaoshBzZ@nWD9%t+X#&4Bc1yJVFvav<+8C;n*@
z(@VSL9!D>oPew+W+TvI>0Bnjyp9F-E;Ms+X$Y`Y*7Os5|;-c}RJ@YR5>AQcUNvWx*
za&B&Nr;a7VRm!0%{_I+1OD>^99G+Mx<mzoY5ed=rRo5-&E}83C|Nd?OZEc}n8EOmL
zHK-P$P(U@$xJ3v;a~$o65Uq82mj(!DD(DfwSDj<}s{1K`0oFsD!Vi12cgQ^NCXRJ{
zXipsA8fAZ+aet3YBKef3VZ{+D{OnBfauz(q_O?)I+qz@dhr)Cg6#^a@51FIR$3$HK
zz<z7wR}gZ`Ue-$z9-C|A8F$3Du?()Tztn8*xq5hv1BUX4NG9`T^<kZj3`mD6rlqs}
zlO5WUgK2>WwK>E}?-EfnZgD1S(wi@>cu*P(Fh0Cp76WMKX%c{B9)TUfB?QYb6mSWo
zHudaP%uWP_vwAHSRtQ2T0E#CjG45LuQE;q2X9xx&f0RvjKWXsU6-!W1m^E2kR%sb|
zniF@C+-N_LJGQ(bt^eAPq@0iIO_qq&c>yq(d5gGdD)>r0QAn*a=wHR2P&ZT|jtme3
zHY`aoT3P#RH+k!3|BfOV)|(O_q_05KwIqLVs2`!E3?Y&mXa6tapF+bBD*pX+B^G`g
zK=&2^ZY==a`)*|ZnXp!@c-*slmdLQr>mMH?sO#n!&9M_|BoCzdpo==FFs<oIa634+
zOd**N;0W5CdvinW@SjVJ?;tv=jm)&wfJ7r33h%X$m`|<Ss5!Ph#<<$QT~t5`R4ge}
zGGn;;E+AHobc2LbAdVtX-0R0|DCA;2{sv)Rx+&Da{S&V+LL+5+X$8#!7e|MrD=wG-
zikmw&86rWC4(r;b?Zcd~H!HcVo%COIQot<r-fKm<VVNLsh#v#?Ot6lNC^`inlJ?nf
zRLg;BS9yXjiE-dg)17EWbdBDjgjHJJ*}N02pgH;1ws`s$nfpK5mt9PsuQD6QwJvPv
zJ-fECBLBP?P0d?9)><|?t9omC6!l?^-dyDMo$DSt-w_WTi3wiu{HZK-P^EK4{+<Yc
z&8a8F&*iceyf{^*sDpnx<JaM}lM=YPlVc5*fXaKmZ$cDWU*q`T+3H!WcJX1=26YJ~
zqy%TGedKsEfrEbGtSqIl{ugP)#P;86G5?W9^bG(1kQ@ySr%iSw-`Co`8{}pNgRL+o
ziImYpZKli$iKo;eZO%VYEQw_aW$ZQO-?y9W;t9+v35O(H9)y5(^JhPIE{6oNHAq?9
zd;|O6k9TKBm`0HOWBNjg`_%c$M4>W7u%d#M#_TdX#m;vIZ%`yA1^-}okWfRQa_mTd
zy$A)nlI3lDf(gKit4QDQ4hc4JH!M-~(~u3LF9bv>Wboh76B30a&YvRu#_6-HFXfRi
zEi6gnj0WwCJc#onBFhN@0*%8e_tmx1NebtbsNg`O=}~_!*DayQq*84sjjTE)-8Kzf
zjyFReyS9#`wDu|b1@=7oT{65P9JOO2RZz5x<MX;&3~{cQt1W<>>OhRjAxGFn#Lx!|
z`Qjj)hae>|=EDQr6dB^B$R-Qj@a-8x>}rvs*`+_5le7a_DQs#*9$wB~`Ey^)W5^&6
zKkj|wFl*w$`Y;s}J<BCv3`0=1Kf(OB-1*6l9lI;30}+>z2ol_g137L99DT8oVg+D1
zK#&O93@gGUxa9q@<yYX4C56cg*uhr*1yq`$m~iKZ0|jKy;X9mlp{Rb?o{106Tzd43
z8!?+<1fXqUR#%P^P-n2aBQ=s60TCA@!j$L+RV8JOh+Ya$0hJ(?9;=WvB7iZ#e8d}f
ze=S1un_#~v-q!cc7wN|{Uo`et!H+|J*|X5!>LX$r4~dH#GQ4SUO?ty2I%1GC!9yA=
z9>PRO<01I(j|6hhkW^3Q0Mb4)GK^thaA^*cV<pzvGQN9AQwhfmRmf3qBO@Zv1``F!
zz|PxP>r?CNfSDrsx>-YpW67vTU3W8&aU8@q7Vpsx+(LNfajLo<3&2IC2dE?qVXJLR
zuiYa#0w19h0hk;Nr!sUggH(V4HTAhen1easfWn45aS^iQ^>^)x$_y%7`a)PD2%O9)
zub){Cn!aPZs1O?paDs3yht16Y-NW#raG_>rpTQ*6Bi5mhP1qHpuk-J($O*7g1Uu7H
z4T^S3K-2n6wP1NAO*qM2$@K1|nNayQK{2lM2sa<YwV5Q~<sg&Up%_V;zEN7@hwE3F
zM4fyl(mSE*L{KZNz^u)BpZD#?1g@&HT7ToLTF_WS>4y@>^}$5qo&v1edw+Ri&4mC|
zRm_F}rn;+6NyFTpi-3$N+GJ>XUm~OLugh2vHV^1Kuaj{RTH(@PD-K{>%OtC5YM1n+
zvC9ck46(@?09&F6(deIUs&+e!9f)`K*#w*r@a@zBHf>D-ks>T5{|r-Fu<&^N(%m7s
zWfTzM)Ec(;2S0zQ(t6>!zL`Y2aa61_Fj6?qt(cTZpEVsW8dFn&iCH<FbWjMf7#+J=
z`ld&)x1Exm^qtDSspRQlV{blu{}v;EsFaSA(ZFixjsYeToSDdJX?Gk0;ih^Rei|4y
zT+STwD!f-SuAU0t=3(_ZJ0uv;B#I}JCccY{MeIg+noz!LZ(i9-TH7*I;LEZuJ$C)e
z*oni!1rz+i6ix)Ki^l0f7XFQ~5-M}bHje3r)j8Ii_3vJ*KDiw<u4`7~{UKAr9Q|;V
zZ@Ll9G1+VKfNz6OZxmK4Gv2#U;Y$C)_x)ra>zr0G8dd`7VAp#SU2!|OEGCD?9~>m+
zpyswqDDt&y?n5uJ#S7%wtkm*>81YzpD}>_>Sz0N@j^)E}@F6DrdcJrIWXC?^2U&G;
z+extiktyr{Zsd#XQuNtb;MKwuK5=6FmHX?%c?|Oqg!Iar0|hr~H`Lbsn!~d3Hz9nf
zS8R!Z7{v5chIf+f-7?Yc^Yd~B6L+g1Pa!z!$?Zr8z9d>ddJ(;Fxgz+HWAS|U-I!nH
zW0U}A#RmIof6r!N9_W3*YvAp2E9d_DbaimQ+|G}6Zi{Rqx=3aFJ<U)-`O&bI`{nst
zrq5yS!q>kqt+ntQH=sK02IZnw+x^vdud7LH@=AJMU?lj7(|X^!Tlc8v&F(?YSc=l8
zofB3Kx4>zc5XG>ny~o>wHII?U57;MJA`G~AVVWOdt{Ye8DrRKGuikd^_5H+DCq?yO
zVzT;lcxcyRDI<G2z?@E0*3$EO_vJNarQgG5A?nzj;19D_db!^_ot+&R$+qgdBX&0x
zDj3AZ7i2!h9?_hFd8>-I&PK#nxHq&nscV|cRpq72w(PiG@*@IcgO>`azwhVcRugrB
z>7QT^CpB-ZPK^l+qj1B8Y>Dt*X~=NZ&m%?ib4l_W4Ve@EyYJVym2TB;06A26RQrK$
zraXL7iZ^5yWvW;5f*EXvG}MER{9)V1@Jj*DT$lnlEtYAOxvq+pos`AYAP2Und1K^?
zpU7yWHM=K&DmFFpVap6Z!OQm#WA~qfgX?i~CDbGl--r6KS~(aNB2x}hkco<*K3-z}
zBY^?^q3?$NDp{N-A-Y*-A&Mb$`S(oduzH`=JqQwdH~6vWK<m5uyViu3WyU8%9cvvF
z8K>Ph$6vkza1L_u>sm4e94EogzfP76VW$$8?Gz=$#;t$cHZ|(AJIRi6>cZI!sd4Eh
zD&?OOre9l`U5sldZ9oShu0H-cGhk`8=EEs754`Uvm%suLSY#S!Xn|C{=7U1)aT2^{
zsZIU?yzX@ue8PiO-%|HvO>cu8E3bY?X8bHUubiJSecm>AQc{|Dy^)71h<ZK)pdvch
z`lvLRW-UUy67MH^(`)U=(EDH10_*=Qq%aULGSD;qr%%I3z`)8t&+wnue}s+yYzY|H
znAjNqYu4`n9eWY|3M!wawE_lZ)W4lQvi)CAwF5cA7NNTRD@ZH9y_=g`V5ja(R{D7Q
z?Qi8xb<Kru?(yt~)pct|mbyfW?%LG+koLelp!n=m-w-fD3i`aEDG)tFJ>$RCmzY$k
z0en66OB_bJO7G^-?CQMt9u`s-)y{AyL}m)}MW5{E3^3NV4)|9Ca0-WeDvMiM8UT%q
z?B*APv*Qk6D0;hk8sGs208<RyNlo2RL5!RZ-AamTPb}w`8>mdW9B^uDE6e%U5gcMO
zvr|12iwoc=CP4M%1s_u;<{F?Pwq)gmzxEeWVAu>4g!7)B(bL_X9%HkUk-bA5N`4WL
zyDC5x0M$v&3Ej<!sZTE%5NhP*<hNu5KnhO2vBC9QEC0eA@QL1)0o)tns!C=WSDR0J
z3ukId2LOK^uwuaxK!n^WtT*QPhcyrQtCIu36zt?T^t1I<FQ5wd=h)iX^1}Sq_-fDO
zS|75mu7wHwkK`Bw08fB3fDw3OFHFp}HZI>+%yvxmb+imG%#TV31HYg;rv6v|-R_sR
zj80Xye+^8{imRW4@fX#USmrS9lrZk~^)#-3O`YE|x#_i`?Z><u-H0E4O?6OVSkSCr
zd`NRp`mi4J)K(V8GHzA&_EhokkIf@t;5Tt2GdR#%`rp6o9Blw6GXPF<N>n4gNM#-z
z>AzCrUukbaLAh~Bg~)veL80xr%^~lj@Kte@_5aRvc3^sQ`Y1R2OQddU>Yv_BfuL__
zYjF+mN&XSGwsm0l<?uthk^`Vq5_fL|M*sc%ew*|&8l29-x#scB@Vko0WJx7aAucih
zllkD6LPQjs1Ay=83J1Ug&4uiro*o3-_kO?k+Ut-UUHz*w%I95-ON|4#<(Kw3U;3MT
z^>d4v_wgDi5B$TH8hAK*lmT4!1Ji+r%$0OLivIX}>hPO3`P)nJOEvL(nfJRJNwRfy
z^;2B>vAOpvW@l|@bNXx-6*ukz>}ws+bvR1P{-viR^VqAVHZ(tT^?OkiFoNGnaHVhY
zy34BBDXH$2kx8KeEK~i1m)3iH;YX8^-5k`OSXlY2rv~kxlOA#Yd&b)`x%6`QVgLPi
z+^>9!FZI+<DU$0iXU2E42{k^s_0@sl73inK7=AeJ-r!e#tm#S4Z-yZNaZnKP-5}_l
zzzn?p{u$8cYJ_7QFh<BP(sv9yKs1pb0=d7!6Z`=XedIT~10x^?=?{S_K;aYq6Qals
z{6{#^FSw7e!dp-qV07fKh&Db$$`1h=K;Z=bQ-Z)Vydf}s#kT-HCi8Dp8(+cMmjFKJ
zA>SEs?ztc0rx;C1tSf%?Z`@HWvOe=CxG@-g#&7-a-t+7JFT>lPg@d?$u>`c0o8P-P
zsq3?o2ly~}<Vn9icp}x`5NrG}gX3dklb_j0UgMQte|(nBZ(v`9hF@U5mz?`Jx=(Po
zusDj3u%Do~!(3<lnb_aLpFgYTaUVf7i=&~OKZS%-_|HE<u#aL6HGU7@AyeDG3Ot`-
z?U$n>FQfa!C%G>^+ThXrROpX>%vV7GbA$KzaQHY|KY)B^oxcIp_<&viwimBIO21*%
zt?iS${Xb?F(%ahFyt=r*9V@)77kqDew-ioJa!yKX#U5fxI|!K@@h@Sw1MYZFUWZ>y
zM_w5gOHaH~w0zq+2>FU-Rz0A0ZCj9~FfPQkH{nX#P&CNhA6ZRHLLtp$6s<g;Js4zV
z($~%Xw6caTaws_vtIvpidyAEj*PlI{pOzr&fvx_o6Y-~<oeqSQ$AvuZPm-Q1&ndOh
zzUjM4JGJ}qAzl=@C2<OIE6|kbq_a%p8G~d2APdO+i+Q^4MAJJv(|IS-UC84ka|0jQ
zBXwx+XVwivyfYrPDi!r@KLdn=^ZjH1y&|~T1$T%XUz9=3drF!(-Tl4s)0l{CZ8!^=
z?BtaJLI<_M*GP(@v$>dmRwG1Ts742w7l&mBodp5;1tgTguaPBnDJ>F|WjK{B|AyG%
z-n~gm=4F(DT8e%)M%}HRr+bpe*csxm!aGg%xAE-b@@=?^rSgqV5|bE(+$R@pm7+k$
zyDXT1icFm|EOYZYq!6zD{Sd_8?s?@7J@E3xw$G&BHO%YY;gqAxB1cbMcx#MM{5Dv4
zzg;buajzuY4!u2V#mFU3faPi%bR!F(wyTne$x0)1UZ7Sd3h$+AXah4@VEubCcdc{3
z+|Nv&k~`HT8*yLy0fK0z+sNsg23_+fH$SK0n^i3$F*0B=H^Nxl4T?SsXAu1ht!dIF
zb^6eKXt5~vQuR-2QK40?Z6CY&7JXv}KK*Pe)V99cAnRZDuy*j|!^cvBg(-;Yr+B85
z7GagZ8^@LnMYt)9+2JpfLtP#bT+f=@k3o%)BbNqKg5)RCov$l&0i}t<OLE+G0Mha(
z5cCM?9xsRVuZ>d}-L7d0Fwozm2L71z+nG5>#->oEIaa3U&AL7|8@Kgh?}FSDPusb3
zNA!uAdT*?Vg@MQXw$Zq)k!$(T%Vd;MBtx04#3C#kkvPGdmIR?bQ!oc_z1v9HZ0}3y
z9qSPMyT}INXl*%m67)HxF%!js$t>K*Kp+y-bx;lUzQtN0ye?)XuYK1m`)qq8BnYC6
zPPwW4ir^tTAN>$&X4q2q_(mg9_jzq@&HHKrHP;K&Hu-77g?F~V4m?!-w#~v4dK6A@
zQBrm#6As+V-F=<uqAAiyB?^X23+-2U#1itLrKvVEk!UvP!uTMeG#4YW804`Y%@xMh
zZgm2IbKDYs2Hbx8A2Mdubb9{$3HOA-1_44`!j@NcGYeuHCk%&mqQ@A|Tt%U88t{~?
zBEEB_d=<l|pP`jeg7kxc74`PcgUY8qB1h|X&07Z>!%wLLFIF7wctMkh5LmmabOMVm
zTu7Qx3s8Yp(ly_#*+Uwr>BEopTjeYYc4khMV;$ktgO;yTNvH|MFiISrLQS9JviMo<
zu<%VQnr$3cb~tIWExoJfO*-0hS&THPsHdiJc6%3#prv7AiO<Z!<3|*^as)C<%pu*D
zBg>Y_`e$2<mSDUt4GO793Nj`3NFiEvMKwZVu5rG3#o{gFH88AY!zi0Bh84KL;x)y5
zIMR`k^%BB=_*kHr8<<#O&zym})>Gdz3D9?Zt3u43lo*ngUITu<!t}&n!G}^oa^27r
z2R(Zc;Rh+~J=dJqwcM?z_3`7kKuw+-&YWN({6x4%{(R}(Llkd*Oaa7nS~-PDjktxt
z2h_60dzk!FL4>`@93s7iDOp8y=|zR0B?<cu@2OWFPi_%v){fX3nVXG)P*#q8=e9$$
zQ;4%|i5Ypc2y&&@Zd3~Q;n2*QxrW`9eWdX(vo%7da}WnC3{HQU)1DvSTrMH>xkgZ|
zLYNcodDSkdP1@d)wOQ)ufE{hHn>^b+Rc2mL%Dlh1Wzw$TjRG+JBl)5kL(n=@Fz~)A
zRr9X_1w3?Jrz@&^bDWjkUgs#7Ah^?yUQZDcQCh78y7y`2_z^(>9Zya%Xsgt>dK7eC
z10@iEHV}!yOn2|!-X*Rk->1ki!8;WNiZZ5qd`E_o90UzLu|S``i01*-7jl-za2pyk
zf$+agGE1u^Ibrr19p6JD9y^qE_2U#NNt>o18`#jxc>L>|;xPw6n;qNixLRq%9L##a
zs>$#*hq)A<@le>sGXMbuc%&OG!x@j`c0Y$MU(Kz?S~xWMiEj+zPa>;M&QpyW`C3cq
zO##Z&9VvkCBOd}z0rv}@aVL#=Rr3$>uDWy&3sgIuy9uPX?q-5CiYAHj`?KZ&9_1N*
z6E#VvqmK=!Uf?$hCr{)bb)Vf^X3>l~N5b@T6T3bTJa^#y*s|>AE4=S4wKlg0@je|i
z0@+by`QPNI&ZLM|0hin3Nd=FKsIT_05ga@QRGav*7BS1YtO>mi0tf<u#X?!Ri~O!H
z$ijcb4=Fp->>C3-TD!&SXtp-N2?251${>dtV%emhz*8IYciv}4m&&PMZPD>p%b{XW
zG!zRpb)oCkx@6S(7_R$bwib*kExcbXY6CpzlR4w!7$Fv~>BSn6G1qoP#bZd_4Wd-r
zU_h^aJfTLd5fRRg*k&mVRAe)XX7h|6GB)0HLbH*jJgI=IA@u`y)S*WYm%QLaKy~ZX
zY7gp0NFI@gU!q$Nsapi~Q;1w<KQAhbt-lfU;S*y8pebe@E&g@Eg<C3G9*B18moXG@
zt4?5&LcQc0v6xk*Iz;rGxG|wR;3JAFLRXocRMLF+_*VTgB>rX1WWOgT=#xF>mFm<4
zsuP~0hA$17iiULMBeVwXUI_(Syq2Lu&b9vg+=9Q19{^7;0`KW*uDg9ZsQDEZ$kzPT
zy4Q|k`mWl6-u>k>ydSx*_vAIA#T4s4RF-x6g5Y1dG`i29M&1r6mwIFDWvmqnS0<WB
z&%Wa>7~WMsx0rWM;2JMNTHweyw!Y|^5&h6Y^I4)O+4HnT_wrkjW}8kZH7c_~*nEE$
zZFXb#LwF~D0W<OKR_c&*Z}0q;Th+2K4N;a3A|wOcOJ~QU#+Qq?-3|Ep3y~?{O^dM}
zWDa&u+xiKhc)QM8mN8D}N0-h5J)uSFB@c(SodQG4Mu%iV8_gQzT)_(@B0`$YfpBUi
zHk?&8#PD&*C5L&xW-Sqvl;&#1X;VOTTX-!r#|utB?-{y$VC!YOl3(Sam24O}9JVFo
z=w*=DJJ?XhhnAr}w)m^cJ+<{(7qwGkMYY|Oe6z^Wi*^`G#zD7fX;MxybeVzx_v<M!
zYK5q1QQb2a2pTOgToJi3hz;PO?Ci8eA=|b!n3K}b)&$PdAxEtH7`--*eK)8~Kba3@
z*c9Ue)iZ=uY^?cC>P?#A`K(rsATTpSv)co@W?In`z<t6aVF8*_0}mW&WBq~LBTcXD
zL;ECfZ8+;SSkLzUNmOO#3*&gW3ifFR*4hJH%W=6@vYtYV*U~mvpi|%;q#FKUqxxqy
zvFkgIBy%8<C-;9I3Vh!4UKA8>qN?uU#y-4<yN8Dq!P!TSpMsmXakEtp%P%rNi8~5d
zydq+R<0%)Dd=m%car=tyR}XJlenajGHkJh*1rF;mFp5)HP;}~lKHezcAnr|Ogsdj}
zzFtB+S{6rPhhJo%HjXvte?X$*`$S5ok>y|y4E<g$pc&Zy<-QD%&olO=${pey+V=fM
zzUVU%g@WG}NxuRGF5I0;*m1Ls;(keuO$-nd*Q#*4!G+vO8&Tb%UhRxBg<QgAg5$&?
z?{Z}GJ9bScznaYl(m_LgF4+Ra3<p&0fM#EaTzjB$w)4#ur+|okQIwjq^`(6;=TaK{
z(5eLFZ5t`fQW{eAeV{0z-^kxH)Zsk}&hDjLA;hh6-He0QBJ%Dq>>I&kmM`XLQlkj)
z+-IvOGd~e&1ngF8jCcr<6pxUoh2gvBWPct}DbSs8hvRdza(I+h1(sDZFh%Vp*V_h=
z3XBl#yRzE-E$l&g6WfB$`}>j$T}rxA&i67Jy0=)IuJG`A%(<31c+oB|_;NydI&DeN
ze7|U6qVKm>w1-#vU6tAhC$?W66O>A*O<6Zq*s}BiZTV<oWsT{Td+M6Wg(H7k)h6{h
zvt*8I^q^sok6kD!WnT*rUwbDBm{rJ(6;zCokVQiGuROe5DUf?A`){${bN@yapqUx0
z8Pxbu5N?lE#4vrSufg7Q#uG_gS>-vTk=VqjHGGx@C)oib(@N92tX|*z_A6vLJbP!d
zqidL4t4#eZu?U-E_7$3tG@%?mAy@000V~CzUd<5N$)s@c8q_^Iu^#QC4)bV|sM#5Y
z&8Pwb6QT@9Z*j1W^Oe~@aWTA6mGB6MMz1kvh}EN=1s>tOdVI<&)Y*<rs^+vqeLez8
zCxHTQI-}rnHx^=u!D>KUeo7(UCv=9*)4dc5xxE4d1*-*et=ROBLSw^O6)5wv2mU2=
zikXil6s8{YWe7K6NfiVhjm@{>OT=^N!ss7(i@~>uaY{MA_nXY*sh4v_Lcq3nB#wv5
z?cmUxoDYI$bWEa2ObmWH7a3xIq*@ZWR|Z#EB%lyP$wOwhkHjfJq`FkD`-*%(=9KZ~
z%&kiYjoyr&Ms4}v-(g@-L=o`+7DP<+0g-_vH7wy`8)j##6ZVu1_yq5Dvf0&obZT6@
zswHanO$=9C<82Jhoa$L!yu>b^o6Sj4hY*zLm-{XSXmEk=NMv%ed;j6PnYB|BB*BZ&
zcf{?a``{%`Gr7f+oFMdot)y|%y^pBPvg`eJjGcQzub%a5S{-RW;iKO*peObV+%-dT
zr#so^zl^rBB--p|#sHs0&0G8#;U~E7%Fu?$NDzX{pk5DJj<j9;=e~6eEth4e(bSj;
zcFu}L*GVYRWHDXOZ(ZE_#!2^WU<DPh8XiUnmE~4er2Bg}bMhL|V&{BDMt8j>?d;4O
z_j(g7-_UyKC7^HMmkU>J??dFOtFisg+|b_W9tD7;UK***A$_NncU6Fpew+B$RK;^?
z3brs&5Vxq`7>Wuu>FU~cPT}^_(hs?L7skDLDxr&XoEh^Id9~Oe%p|0YD#{#~Jlk3o
zZb7?+;K_aS4dkEYTatZ~^9%Wal8M5+)yQgiHI<AS#)61uk-GR(<Tsqml)oRb>0afo
zMnD07lWGJ3ykDBJ88*Q1zJUQOZxy4zZ~l^HgrL<hBM{q$nB@TNLq9K&yEiFr)~GXi
zSC!ra$NP9%v`ldvefI^9$-kQa;QA@55<h0eYPP_-UPj`hxjf0&-;Wc0mo7j1t%iAJ
z1Sm6=C$*|h{{cnbRyO1wn$hmpJ?N%JoF34t9giaf_r|L>JgI~BA1-Z<0N@bRatxB_
z8QqcrtiRqP-s9$_3JaPwg)8;pagCxnHB|w`99~h7L<rT6+dNx=&GNKb2EPw^1NVT2
zxpF!7;#~A30BM9Qa?M_^fSiN{{b|aA&Kc?5+wxVntATg7%ILOi*f{yOON6ZVu{Brb
zjIkRv#c+s|3fHN@&|PS;MCWx>*~|M~a}D@@4MrnOI7v~A2BJ#w?>;a=z6qm4>-L^x
z7JLLn5pl2sWz%%Yg%&D^rKMJ$^7@i+4BbHkm?_oKbFX;Kj&dP}@#n<9F)fblLGBY0
zJqI+V+=g*h7NQcA2TruztE*CuERCn4UJ&aN(bk&4XqOzc#9(O5M#a~GlYszAd%Owz
z6-0q4TL!1p>*>iAuf_03LpyG`ID<kAj>Jx+0@!j0#dsq_4;O=wG%Jge2`g%!S7aJ&
zFA^;5@rEmI>c+f0>?N%%zTTaqMWZVoSncxFiP18oBXQ>}_RIA|W^XO{DWCM#UU8zf
z&w1AheKBd4#^mQ`?PCvB>lz-dTwa(bU$yg%z>J5b?+_Ztf&wXRQDS}Vw9dtzaCGXg
zB~rY3&}jCNFXyY|)}2NDkE_Rufzzh>r@{#kY}x4pqlKxCbKx<}vZIjwj{E>sL|BOm
zf0;`i>TR8KBpCzV{FA|K>7QF1w?Gziu~dRT^TrUCgNY{OWgY_3P&JNMtx^PsVvvr)
ztF{SG^?5jtsi8M=`gM+<u_6a7)8Fqu3ro)pLsgn-hj@Gn`}{}Ax3BU(H=PUqhbQAO
z?rtUDo=<b60~`YuI>`i858^`RJyy+JRwp4QvTS_X40AAT#_5YW-R9JoNwZ#3X&h8>
zDu8$1D`y?7LE|OewHY@JBJ}J*R4O@|n%_nG3$giG3ikEAH>wIJEqjtC(ybn$<|>d}
ze60eCfQs<h(Ne4g;<Dg6&lHMQsx8mG>$<-;s?}*+ubet;-i;m@5=t88M_jvr+A%Ft
z0-f}%D$WKbnu0FXo`_dflW21WLvCCJjg^vw@e?Nm2Iq=>bjpUeyMJH$PY=914vr_8
ztq27}&&s#gZqRiLxC@3)kscltRe2n+MLFbh<{o?}Tlh2$pS9Z}>QYH#%N<>!GNhTK
zDzpyV`q94gN!@K$e>hB(iTM|&tZYJbz$kibFXmjIgU^jG0A-t-rzKrvT1?nNJ1`HG
z2n_ZHlsIgKC4+Pt$5SsscV5}>=aBI%ay^Nm{3{kWx2U~o%zZTln_oIiAlm@k*1wN1
z06dmWrUKuX<oba^M@xW-<{9Y}rJ(l2#or{*$b{w?Td)NQ``;%WC_%8rY0w#6?6NfH
zF{E=T#^{!s7no6(Qz6&)8FG-dS^}+}R8-DteWkjpy!F&#!?53Cl>jR)!1NCl9AahJ
z#-4A{NUj726zJbS)5vDdM)N-2+;B4<nXw`rf*(}+jy*V+p{0b(g}y_zOXkKdj6BB;
zs@uVDJA^bPc7@Nlp$CQ0eH_MvQ(%owQ|#(f?@3?iojzb6;6QK7=WdjDhb=KL?NX1W
zDdmA;3(%%oX48}_+|@{!KtW?nJeil`TXwo&;M6L1GO3}jzS)?fEnU<L;9JQCeF}MH
zKCYl9|CUfza-$4zas5@OCa(5=l<c+aa6-XmQlv^lj0sZjPKA0@Wzg-${7WeBS?)ul
zE-tFe9*gmE^-D&%^n#X6a?3nZij6+VOsM{0$=e5AQt0Z9EcP$FrXbVqQ-7UJ0qHR|
z_TB@EYW+>goLr)vsh}S|={@Qe7h5Wbo|%gdkln77_O(<ht!J5=TV@O^7v(?%rE{qp
zF-)~snl_r$YN!ao$~Va&z8>&+13TWzSehSOf3tWNrKn!yw3mYogK4a!aPC>H9~vZ*
z%(H)^nBPg!bW@9@Utx(0j_K7V<v#dEt5+s0HUFv|afxWntva1b8YJ+fC<v0_5lC1#
zM~-3U%em~qwEix6PTem6N?rI$5Ibde&5PSBfKGMA*7bt?eVjpni_3PL`U?-BXqP(M
z?x60v#v(j293*8Nm)k3rp%W`r<v{+t9_IG!%JqzXs%k(IYNyub5EM7_&{Sl#lZDk0
zmyn>|mea>)Ul7r$MC#%;&s|+;!6YTDcil1M3Ur34KqlFZrLzAKFN>6yjVR*5kmNEd
z;@jRx6F7*{KbK0`cmDVl&KsLnaiTB*RmDxVX&O}Gr%Q-4fYx1q^8ptwKojre;kA*Z
z2WtNnP{sm;2np3@CJJe~wPo2NKK=0h=awAt^qfn&N$}9c$<hkS5;%}eeLjTBOkl)@
z5j98mhen${$W|8iy$7N?@alBeVQ1XATt^Re>a9WC$cl_DZi(v1th|j35n@qhh$}^|
zNdA=|Apm9@4F|lf^wERo;;itp>X`j&1Qe_q@MmnTfa{}nwX--tn0is21a2;`pqMLk
zp9_gmTd9_(wor(gmo0m^qh##QRBj;ym_9Xsb10D}zoPtOt2bvQTydI^0_g*|L8w$Z
zNn_79)Gnto^;<r`=%O{_D%L~008p3<ODFqgd?Zz7*yz}zlu#H99r->ck|E84qG8Lu
zJ`2;^g0Q4UE0j+|^j%`x3WGfjax6%2<n#{`B4m);v8NnArlANoyYgc^`oURCTxtUS
zW&!19THNjBHWgruOW8Nv(iouzm}gv^X6}}^DryYgy_vBo$OnVhuOzL}W1by5u%+y5
ziKk352x2N%*}Id9+rBU#4H-v-R_{KjVWL>_eXLeZEJYiyqK|}Q{dYY_(y~*DH>_m(
zVAfs(@>r-IZ#<b7v8sjq{nKNfb^!^d@ut+67Eat=l##Aw%}2h*GZS-bOL&xiV+AM1
zswK1$wz%#$y3eo8P$GA-pn^rnv`}f&bhJg`SvQm6g&S>l+CvG`?1FYJ9h*dQ?x!@c
zvrQ0gM`r{*etx2F0ZMS2<*y^|Xmtr5Fb+0^t3p2Hh0j8G`So2cUER%6sK5)~Cb=3C
zY0ABzn}GCFa^@oveG^z8HBp17R1WNVH<sK=RnD7>TSkx^90aPeBN_Egf4Ka+bEaX*
zOzc-zL6ZVV1w5X_+o($EGwYHkIfb~d@1pp<h4Avg!ItO0rXf{9KPI<~Ki2_;$hLH-
za+nou(7!RE?f6m*T`s7I9@XnI4SC)RI_!S0ruFc<3p{&?GDI$uCfX^%i8%(EG-9Gh
z)--iWhx04Z%Jw8_aTQ>v@{JLVK!TC9aZ$y+JPG%nwVNI1$_2%$h2`O8bTNu_yrg;>
z#^Xo-<1Yo#%iE+-pN6eWAPY+7D{Ax#=Ml%%%=RB-&BE31cSsLP(%Td%Zz#Jzos=5$
zYzk0M<5iQfTy;Z5xuCWlOS3kk;ViKoh_mg_8;)7u2KdO1vJ?A=&RtN*MVjKwu5IjG
zqIaqN%Nz5%zU~i^LE6i(-OTFmt)Xg?c}8wh4f`Dti!bgRtQ?IfzQc8co}1AFMk8I~
z$ZA%Vq)V_5h?rH!hn}zOL~{xI2p(^Oz!(t{DkS#5g#{pMl=4`Su;0eKF?1{g_nzSE
z(qqO-J#vg8(*Ym2-9r;G)CvCLIh|J1yp*e94yisSd~+U(LFoK_`TRD~MgIsp(?lrA
z89X>s)Pm#Rm2{G(*HWb$tmZf=M05Gy5`!wfD#Gc7K=pj=>aUx(s|k_pUt&^AD00`X
zDQW`+m&FyXQgMdmtEtYkVn&s^MHH2D1>uu!!zSs{4KAc9*jwrji>!;`2x??+`|jeI
zjynl|1_Y>lFfIW(n<RtImN=+yJL-(>oL7}s#O9P)NcDmvH@<#m0#zZ6pYdz16oD$&
z;VN?dB)xTQa@Akg>>4^)?Hk#bDsWZCGR|@6Q&ks>&`=%XhCV$8NOAh1W6aqRaiHOQ
zFB{WH8AgU@i#;N0<@rYsmG0nvH^2pu&M~qjh(u4&ou9ZqRyHYI`5=sFbtL51aw9yj
zks%K|ND{Wrqvk>VdKZfBuyeO&fX2?2@L0GSJ<y)6h#!%h_Of9&^1p>Yr*)awd18eF
zSXC&aDOb)H#bpRcZm{72!Q!ooXb1k@U<T-?8jme%F3&cU*0c`CcPt0EX5B?9|8QPv
z+20Ydu%t#=AmPCw(!SMDADS+W_1F=!f&zlN*pi=C`y$~mqkO&)F|??7S?Rs^*$Et}
z%bTob6k2S)B7m8<ZcXxnqoU@ktB@Ci>!3F;!k*CCgT{mTvMHYS5F+<rcz|h%<f3eM
zeDWV~4cmV8b9tScbS7j)wlo0O9N1M3_Kgj5s6b!CT8GUSLD1@)rT8Li<UX+e-QKn1
zvMR61%3Zw?cer?JZ2y4Xq&v<O7PRQ9<1Fm9P0NqU^|G2FS^{B65pQ2b8E8LIBL`#m
zDoMk17G#vvB>AExzj~CB_}%^#J)vH$crgM=<5fEM@DVwg*R<DoH`c(ks+_4KGpNlj
zySY<ohj2H|6{R%$7dxLORY$qeEY;vzm`}8w+U->SxaYN{Rs`8Z7RIYbKRDTf0<v^9
zEh>Ua>|T-UBEfeN63h2|2Iq=7LkYzJg$(6$J$UPA13%C}+`73zkF1+cfPEe5k^i7-
z;RMMTfW<{<!hWgqcNoQPsJwl)1q#B!Rcgv?tFj>DgLTEa@m<l{f`k-(uAaMqa0i<Y
zNxm2Wlm{f!IoF$d1v;}>f;#Eb(rtZ12KrC0`_&7<8zBP|=2FIqAA@~&-6s>v6h4=n
zZbg4%MJ8GQO|{1g^EOf^6||69r?I_K=aRa#jX+&b!^3rWWhY~Hm%SWym7b7=bYAo=
z5&Z3GT6DS%^HRE8r^Lsdz>nL+_Tp-MHtc<q0J}$XXkuNUnuV+DvaC_Uw^aYOtDZ=b
zyx5yHKc$=tw(uHwUV}y8@!fFv`D=GC+-cU&5Vmk}4PpecvlS(cH@}_SN@CdXa7=9H
z=f5z=Y=J1fN|+tGazm_Nd-3@jV`U{pw%2m1Ed{kd(Ier+VM9_56oT^GM*B4?z|LI`
z3zeh+_+TpyhA7Tz$*#FPMO71*(s_Y~s^U90QUZTL54?{M>t?H2@SVI%wP=zQs!+S}
zSJyN8z&W1k8_i7!Ex!-Q(V9~m(=24>rB?kfYA#s~oWK>?#h;ax78?QAZbo$ZL~x^#
z$LD~&u_y>b-Sc_ZDgw>WU%BM8lOFWfiR+s_lq?4LoA0c8baYy=oa~N-uV_XX8vwRX
z={&hAoSW!IJc)~$lUNYbp9pY0_@1{u`D@-kF7Z3;Mq~{r?4|B_b*`0G=MVbe5fn7O
z%M?RGZ>9o$!e^Gh7VhLhT}8SVD#!hj;X|TZ_jZlK--M!1w(Huc`Y%h_fH3?O3|rRN
zK0woG1QUMI!PG<Thi;I0AYKVy?px8pg`X^aQ8aJaU(mobZtv(idX=nTf&S4O;-rtT
z4BUjSPwo8HQs{}`GtCpCijXoBa{K2uM9#<*?8?k;cN%?svTeho1jP`B179bfRU`QN
zu!Q3=b((n1&0dL@8Mw1PzmqRZ_(TOy611k8zrWQwwSFuB0>WCWY*o!+05Rl}cxVL_
zU;YTmS9rB+Nkhg8oLhF0+Pa$ZOl#TfO}YI_yzb?TF}&+=chBi>`)lW1Z_L=Q_Do}M
z$`VZ4{x#C^D^nPF1BI|gPoG~Cc`Y<(!0Sy+EN#EEKn`jx%+hrm%no%jj$U}LFZ+sx
zBQ1|6dQg22p&tC>m{_N*-IcDGq68A7b?oq0SyLCpjMG6-p{IVMO>=qyO3(Vm?)_hm
zLqwoBkEZ$<>dXRM>|=1-2F(Ye;Ek-cTH)tpy5!_2aDRP9nT7c)ta4KAny<Mj`P7Bz
zhmd997GH7o_uq`od4VpkFb84A3cV0o@b;ZPOVDPIVvm$=n;P#WEgP$Da(X(sr(Wqv
zBzLOMqDd1$^;_?Y=wq<#2?!Xk;PS)gM5fx)OoF<e<yC|{-4SrFqMG?Ii1vSd6?x$q
znBEBzZ){&PS!;&hlAtJR8#P4uG}HENPq)>wKg^c+7^?c76a5*KNFrF1B^yS;zHk<-
zJyBo}?@u4ocx-uge}fcvRREbJQk^u`kms#3DMz3emlTynm?oc`X3K<;Y@XjHo%okO
zjlK5r%+;!`o(Pq|0gJgCcIeBR9+L=)uKMhuw@}uTLN@^=+?i&^L|p_vuv!BrP%>9n
zfcQ7j-+BMI)s}deTdfp~`+mUUD2t5FhHX+liTn*g6JIM4@J71z2~%G`gkdUQAArNM
z0Rf_c9p<3}D4?Gh9?sUY9<+eaM5^%vZ+q}4bqUw0*!alcyaEc78|bgN3oc#ZYwl{1
zI|(UQ;h?)$S)$3JyU;*+*C``DN<evnHO{?AORbK1*eo5Q#tt2B*HbC_8>;?<%9I++
zXCJ)oGS6e5J~^zcj|N37>7q(eC4{!KLbT41dr`Hs9ZhC?PeOKcrM1}iDTZpJFL(Bq
zX4U+u#Q9D?5+&ZF@J&md)IC^((irDc)nJUhC&}qDWjRlJ>9s&I(lL~{$eEXjK&0-s
zFQJnikTLN}nsvw(lTLDma@joCdlSf<LvFqGnSn@_hskatZ99?)bl%~Jyn%HwXk`$4
zIf`)=Jo1kg@<Gt}7Qv;L=~2g?YI?&{?5Q?;#440lXea#+sM?bnIdi1`x;*`mE;ak+
zqsdhKJzw~0^D(W&BzQ%>rWDNT-KJfFaF~n(k<p$SZSYDHB4H|5=Lu=4XjuC|9%JY!
z_wNrL|May5qf*UhVz!D(V7Vx1os?wTu0`=$Pl{-os~dMcDeI>GqKzC6zPvJc=IY*w
zapC(%&Pp`-^K3rH!#tgSxH-gKe5=KcA99KD_~xa{z@0y3FIIJ_;{zJf5)nY9LBkly
zN$j4DMrHr(Mu2&_8v{R{j+Qth{b>>Zj#&_`guK`Iot6kSmMwHFkPRr@-CDUgJ+{D#
zULDd|H5^rxC1gjQ>@I~HMRezKMKF%6oUs;-l=QXB=DM|_)I+@Nn~tf`Q?v6ZTmp~$
zeC>zAi~nMiOmrVmxR#c^)5x(llYCuq0g}F=_0kjl#&eRc23yW3%_`^CQ|{0$@<V+B
zT+8RUCVb@)A+tw_PZ6f6$^SET<#rvw3Or4pDtFH6Pn<}O56nl#_KZ4DR83gnk~-V&
zqqKK`oRq3@@Wpd<57mZ^SFV^A^5|6f((nnzt9gQWE*?9Yqqthb{i6UZo_84^p9%h}
z*q{E%-Gy{Pb<^sAb}}_mS=3skSChk{X%Xh4Z}zwuo?F|wBt8<u4fc(a^j*}{{D9wi
zFVPD3z(i&uFMr)i3TE`k;_KEwc6_Q#FV5vvXj4ECatqP9Z%N{7sH+^J%0mQ+)IirF
z24bsUH`ymdeo&(^N(W{x_XRh1_Jr!@;S<cYKvtQh4V{o)GIM*FV4@-?YyNMF+RXTN
zn0*HY+rFId+ZUy`vTX=GzpNxn-{zdDK+Y%2^fFx6x?GZ=#pie{9tIcs^ysoVxY*78
zUFtFK=29Y`hFM9(6|*dtW)wt-7qvDgOrJA`q9-Yvh-AH+UWiH-b^5Jet%)VdD2N}b
z3*&q;WB>NSkO!Gu3s$hnawlqBD%Sc|5nXhfvdCaDSW9+ZXZpCiUGgE-;DuwgW2gVD
zcPDK->EIoCC5i0M!JJ^WAp2GjxqxXJEF7B~PjG#fE>qKM<SoTc*VL8DU=WsaK?k3W
zzSfHNJ-aJnuAveVXe^OUbFu5TXdvgT@&N}`JgWtNb3lU<BeHN$8G9(^a6Za2V5ZOH
zMN4Xz_h$Zzh50-aJkP@<TaSDnC3I{(Jm`y-r+XH=rj~LO?15<@_A!D>k3lJ1<}rPw
za7TufEPJL<-$;e}&Z(gtfCLJ*y3%M;xLg0E#Tcq3Ne;?<%N0fx$k!(>f%~*GRhuAd
z2!w=Sb<YEE2xxM~CY@z`^L*5W?Xz*>EQS%5>)dp{b-=LpM`!Gu=BMDj{e_Y|DWf9e
zYEpA`B{1X{Xkpc9CkVK2p9gmP68efby$M`7tM0Qw+@Cp}<vwNr)MD0XKE0X|w-_3R
zrsvw}T`3xZF;Pq$7@DL2@zVv@F8de`@J7}xIjH#z<o><Z6PK3JHu~HM=y?H68Z2G6
zEeqkB^6Pc|*TTt!M$OAS$$T~x$Akm2RVU>h_Hzk)XuvgAd6$hFaIjeL!jSpFsCe`|
zno`H3s86z2jimKA#A3EQEEVK&!nq5*{6bSs_D?6E4WbqjICK<W9!d63YT^c=Puc91
z;L^?l2z#$liAj`k$}*PLHboZK9+d|FtwIUge+CHgtCOlUmB5m!(8r8;96k*8Ov~*j
zN-H~jY>Tkhxg``($0tLqvYS`;cfN_*h|(5Vei}tD+Vp9nxtq|6$gI$#g=g#eY~+4t
zk*h92FVt*uIZVDPNA1)=F*bUHh8Wv^U~E9WOg_JsvMtm8%h*VfN^Eo-YFvm1k~<_7
zh!uzE#@KKcVfe`J7ux_??>uxePnOS4@Dh)iOIkIi-qCt=6E$S=j%me{DufDN&99*h
z=Exv6(22+Q$Jq^4qF&-jxLA(^7vD_$JZ*-S;~cy!y8OnMJh>O{r`xh!2+2O}WHcgm
zwGu6v$xqi(ZfHa?PK(*jm$n^Gbam*51P<ymATT?a82};EQA;-69VNy^H8Tr5m#PI3
zYFda^m6``1$ucNI_KoFvahH*{ZBb$oGLO}S)Wf?L7jsGpF?s5?WIp~!)j`pWm5TVS
zZq@3t;!)0V0Sc}^x=TU1L!AtFc<vGi)B%XOF~Z;WZnk`l5UydZ&a^s^wd5cYgF+x?
zWS~W-1#ZkvkAy3_)Z3JSqquddZLwAd4;w6`TXA5@-o$p}v-5_r;8oNj&#lzV@*c$a
zGZ=vf3yToop~TD^OQcS(>7Xxur143ei=dmJp2&NeF$((4l0YJr5ZV8SuzLy;C5R3%
zytZxIwr$(CZQHtQd+*w|ZQHh;n}?(-l~iTk`*EtPXZn1<RH**btmYTkmpi4$ECfk;
ztrGyEr(m(rAMd28^8Pi<cC&P~Yg~?btZ8eqymD|C%e3)Bn+-nSy!KOfg-;xiUZj3C
zY``v#q{<|?*;VkG>VR<%DI>?C$uZi`b9jszcJQ3a{K8Nyj&x6~Br%r#E=mEl;FkK<
z_OSp)n@oOKC^*)!ucrNaAF6c%UDZKl{LiOv)^+V#4gjpPg)7LnC!ZcGFu$C)PU#3n
zc|xB}#IdGDQH;r)ZmRr%zbW(%-zc}wAI6ATTs4(0v<MopdR)e*SMjyJF_=bL$&hA=
zvbTnZc6>>Ucnc&B!;~oOYjeC;@4;tH*I~HBOM}6)2iVG)q1z+y^~G}lc^0Rl_aS?b
z?8C}1QVgI<hpu&?rAn&3p87zC?ejbf4D{vgb0z9x6H<R@RZEmm%!8(RjX=-Bwm+kR
zn!_+^sgryY>=E1~LyrJ>BBC}T%AZOHqMhj3A_)Bxx8Gsy5LzC)y-280NjJ;_9mS|$
zTud?z!OA~;FCDig2Iyde(Bq*C^sI(<>>HlGa7ZQ0L5sd9L|;S~HT4w?lMUxYAVr%i
zk7})6Rn!jd_gBulWr6mG_d{`x4lMeawPX~n-Wg*<T`SNU>{WJBHg3Qs)U^{pj6LFe
zF-r7`NBEmssZ(EX&+|e+T2Y@m9(sPAc05k4@Y;@p#cpMDTG};SI2+O1QuF%=p3QjR
zu?3mp@x`{R2q)l=7b%gftieoV9A+mrUZ{AE`*KeU(`v!j3DkvZlFUJl*e~GQ6VqUM
z-a?-@Z(alKr47Y7$cORRz~AacR6h7n;kKj(VPF-7r`0(bqzh?5gkP;^{kg^EHip}M
ziWAMToVV|*4pB>p0irN5m*XX4Rt?%z++lZeTgT>TN2*3Pme5f6U@RX@@&`rAAy2CH
z6e%q1X`xTE&V{K7m{L>z%oISeEn^39Yb2_-QkqrsFyUe>{Su`>qIU{XdKdkmT8cnm
z<%Enk@`1#bv5dw#B=q_#`}VyO$4=B%9$HZLBPrkx7TOGla~5-)jOL46E5C^H^*mzO
zLPIz=*gMCW+J?Cfy;)&odK%)1cnag@OHB1f6VZDuuir_s0k-U*q+si<;jOgL0f1nS
zT$<ad+U~Uk6IW1%by4BwLCx5PnIqwWUV+H;(;zy#3POPWB!sXA4o2!4w2@z@oG5cv
zH{}vpJRozSfa1l&TWgHpI_usEB7FrhgHaO6;+&jPyZ@`}Ozi3GbmloF(yiOa+<UOO
z`!Nj;7f)C;yK>b|U7gn?9QUf&7#Hsd3_V3N*i<<^_OzU|DGu~%o<w`=2nQQQr{IfF
zDDv3@g$E<+i6-f~cSqdA6d|rsXV{7_?~BV^zOmbEl+$*eHY=~kKySKTk05D>ly<|N
zoPI6IMupKKL!@dKm}};=N>s|3XvHA~W%jb_WOMMS++ChjJNz|^c}GXMyxqNPX&Ftv
zMh^7gEa;b=TelCT7Pepd$cH{^#xbRSwpkoGb567w04IR!s7Xv_^jZLU=yVHdx3iN%
zy%&PpUW;wH2d(=aSRj%1(;}#4%#K+6Q+&zR6esAyr!`vM5Mn-GKhapMx+Kji9fJf5
zL%nH+#;I*6-oq&8=keatcog**fh`zpN;w+gi?_?CvR}lp4DF`{oX#cQAz)rV_h)-7
z1JpZ=rwkcgKdPamkXE4VxUFhaUKTI~D#!W^D8wnJrcil1qoV!FotB@K$)G$_k~TAv
ziV~tK3B6vHplJCdHo5Cxj(g3kpErPAbO9Ch7*gd@;vUWj<4x7{{(4K{H6%V9b<Ye#
zDv#D9F$lFR7M@&>7dLSe>uA2+`Y;DAoE5PvwH|Yk#!Z=}5jEk;S`gaF!FTkSiTr$x
zito)6@rUBTy&cJ8d0R@U<13Y~g<YTNB_DWV%o;fSR4!qcN&jK%#pIo(uwkT4fMrTV
z=@o>cp_K)1DZH9;pX6UQ_1Sx*`uGB;W5(d=ic#P!YYhECG-pqlFlbm+$Dkoo`alfJ
z1%UxvV#Oj$bp2}Tz34nf%M<pgMY*3@CYI)b8e>vOg5S`a%Bo(POgoC=>;<tFAA}WU
z`nBnM93eq(OZNG%dBn4PLaN?GN`177W`$qCV^Yr9-arH8LKUT2k!6x7D^WXeh!N0q
zUX)~oc0FaSyKZ``JQ3e<<%7#Zwr|7Q;2*wVw!zJF#|Y*mQ#u50rGJH*);B0cnjS=l
z$a`vz_g-GU`2by}#3bF;N?qWx`OrMqgXhjRXDL<?Wf)w$a~*m0{Vd|Z07{2B9<9`9
zt;aDt5p4N{9c>Fo&u09|y1OU-I6?LJ&_WoJ(PXy<7g$pwcz1vPV6UL;C-44lG#o`R
z_uS19cP_qKxet{;CTD5~hrOsmCM&B0VZK6G0m7-05ofnFoknj{ymCLFAgrBwT?yNp
z5v<xcqPWB6?TK=usOtd{Evi*+(3#*qrJfZfqY%(Za2{2{Zj)y63JhwQl6~xJaH)Q>
z)3;5X>RG@yrad2vww2;Msl)87T^Ew{Vt?YKn6^WAWh!|#a6_>%E9P0aD6v?D`v&P{
z)sbytK{Mm@5TDH}=}VZ}c^CeD_@Z!2Gan4P@>-r%4va~$weQaj9w1&I5Tu+y6t1&@
z5VFsugld_8ASBI=0=gdNokb#y_w$z6#H0u#j;$1;x@$i$o%v~?w~@a-9}7x`yV59h
z)p;6MY`O|_hjh;IOnJI7QptAaieRsdb@F5Zz34J|4F?_>?arKUsR)r@Rrxxai7*<&
z9@l!C-+jauYn;2v)w0X{f+*QqiFRd+F^ldc+r?-sj`Ty-BW`2+o1D^sjpAv?sZJ!7
zKD%r9EHTlEj`RhDHTg^fiXx@zf2xfQyZmqW#AFf#oUfY;5Ey8~BoG~(XS&Nxmd1Ev
zx>ggI#@VN2ZgbsG+7#*RR^J3bQ}A(U@t5?6bpOHrw1YRq*<zg`QorD~-Jy&WNEUG{
z5~v%OZiGaI6Q%@R?iW}zh^-{G;;rH-zdbD5WtZoB9Sb!)px0A#R^miP%%tVR9rl1x
zlPWi|s#@X_P8Oj@Yy}GMv@r0lpxAWNEdMz}iqL_g;brkY_Hf*7uJy=BKq?a~-f^H$
z<MuPErJ@^B?V0S+jsMq1KWLbrdzL=VbpS;;M%kOz_d;uXtLe~H$2~Ky$c+5cftYk$
ztR-`!<7@145w^^2z#fLi6-~^hJ@p~TFspIxstCT!*W?A0(p3;_ynAd<1j=s#<UgEW
zS3g7_gK9$%7F<cmyB-QR_+Xyl5x-7}1RNOA8D;`QZsuM4MQ4>GVuWnHISQ_XH*qB9
zGU=0b9&zLq`zj+fM`llDztMp?=p^CnQY(8L^^D`n)A@5m!wdh6dLg2eb5qWodFXJK
z5b)Q+pdQ+@h<XNIX7<A~v3-gQ6rG`mh`R(sEWPrE3qIk%0NYB`H3XP~`7nRMkvWdu
zH|!#^$z0OhszW@uyh_C7I=x^jLk820*nQP9V9(xqu_o4@LSI2_05Dv^#VeNK<LA<K
z{aZ6%1*LgYAVtom3pTdVm}cPP$kW#s^ReBY9x~cJuRU-_;>2b0dwsNmfZyB1RuH4M
z=z+qjJmK_2J@0qXFN4LNLFhRqxlK-s?^S2X$Ys_C)CR~#ptu6G$&o}b0`RGW`o$No
zpp(P?>kaD>8r_Yjt$NwJcW)tH0nkaQ$NS+21%IliKx4;%X403--FobHad-Q!yA2^6
zaQ4Fvi(6znN>W+H5sB|LdSZXKctl=&K^_g3mQwmgL$;Ab5|w2&VU7s-;F3^@Yb?)k
zNjYBk!99<Zp+Q^`A{qGVdL>d`9gqsDzdOEh<rrMe=O+VKuW3rPbuJ(0l7Kw3ObOBu
zLWQ|*Ut<T6U+;vnV{8nJ8}7ycBFV>AH&swfQJZ0}d7G=(LHo+u^)Gc~W)nf}7nTII
z2vjrTXza}#skV{4*q5j|LIeEilZ&ftD%W2)KJjBlx4M#dkAq6$$v`ah!SXbk0D{*e
zj_oYyPSn--Vz=*<yrjGFk7>WS&q^Y)o$|Dx2ge|9*=u+#%m|tEw+I8(c{X_R&GVlU
z)aEyG%uQ92A8O}Msjf*?@j*<@LPM}jlp#*g6r<9pkoJ=PG2oClu?OfCnMnJ0SnEGa
zns2;wgxoo(`@&z?a$l$0{Isy-$X(B6yvm>HA8Ei=;GXE_>HDN;bLe|1C|(TYV=xpN
z`G{w`*w?)}p~X<ZB;>grR&FC0GO2!f);IRSRwfUAJ>0>>ZWgve<#z$nY(elzBchUt
zXj3raWF7Wgh)7Y}IKf~JITDHw0{&mM*di_u4>`*3`ym2luof4Y$oXg80v&_3^Kx{a
z$3>G0a$eg3#bt$>#m{~5rk_8s4RsuTc0sX}B-$yGZREUIr6msQ;tE(YI6&q>H4n|E
zZCqm@Y9iPU!l~9$gY1(l&ys&H4%~HkLgiF*x$Ux;BY~ibVW`}fXg1d}lVca?>w_*6
z&AsoSeFTq?RDjiJ$QWT40;Cm}WY)6V<kxPFBe`fqJlH&MsQ@!P>x+7JO+q(W5XXC?
zq-eG{UZ@4u%+(--$m?QxlrpB9y~OeM6Z)nN{@64ctW)w|b7SOZ9!onEjo#yU9X>x9
z)Ue)Bq?Hta<`dIRO#;lA`U&yX+<;6{#KE3ppsDK)($;=v1MO{mg#95p{*;5ygw2`@
zd(5t~__TBZIz^TR8P<H-dv}&X46Wa^Epp&gMqA9Wk}><lM?O$jjXR%xZqTzU#SrFL
za1_c=MG_5i#Px>TmaC^VkM<vdsB29zgZA;FK#TKmBb_s&AK-~JBLYU4+&XcGkkdR>
zPaTpF*aq@7C)ohdTHRonvM7xaIc3ZkInfc(d`8M2t~F)%#i7ziZ*#0dR5MV=9H90g
zMBN{ouSOV)!6T_FxyR>qnp2KV`NFZ{O%_54RJEdZBU%)k+Pygfkl^_X*7WzB24bK|
zPEu9U#%i_QMpv|zh7s*TdC_HGjv52l>)U0<Y<Pe@kNq1Lu%eaTN!HXX$z_?EqO&G2
z;Y3~sn(4A)ZG;iH20~)+A-MmHE?MLFmYCc3M<1N|1>EM_jmIGUi*rD?8V*ku_t9*<
zew|lPFOEm~OwyiL_Q7Uz*BiE}R0F{P$K!ORCo;&V8hY0cpBPbvzQPn<(HV;wFZ+&8
zcXyCY8E~-g%k<OdG$Mt=5;=KdWe53dlC}f4yFR|ic=P!6Qu$`;?u)UuCpX;BE=l#|
zu|*n?yT5;`@XbtQ_W`oowg8>Kyh-Pwrh6H>qr9+5#$a8d1)LZ4!yF~HKl;m0gMpxw
z!U~$r1gSWC!a7YU8}Q{WvTR7c0%;9uKW(S3+9j&9M}yL<c2uIU4y3rt#X(Y*Djj?U
zw@LrFIv@=eMoPm0qADm6(l}cR1AsV*vCi15Z8)&7&gP@4H+*iD4W4PJ)mW`k;~CB>
zA}&4R7a&)k+54%i32oIrdVX{pin4?j5xoNk9lAsCZz--R78-u7eG0lO*49#$gH3M<
z_(wb|mnF2^RTgW=@>7gl@#Q6VebfU2REpDkU350}#cs4D$rXbk`@b1bqh3ok+2!))
z?p^f>u%|II?DbQ>$du7ay~wy|t<cprKyo>y_{AM(JHgd|$8jfX&<wXB{iEr+Jx4~v
z*6Qv>fVu#z)pW8au700Xr6uL31{&t>9h-D!2AjUF9UXS~umR{=8C4O3ZN6hM1GHe3
zI*(Wq#VVO|ycFn!Y3JTT62mg<9u9~KH74v>c`5nX;yGw=pGz%^I3*~aJ@|UVRDFNs
z;c<f&s+Sr~m)%TmK}PdCQwQ0Nc%Rwr0!iVSGbMJWWULIU?cQ9-@3vNq$OfaMdOLJG
zOAxqnb$^bbf%%pVLu6tua@$zk%-^blEj<b;g+xpMLT2CoTkz+E=pH9OlUT0N4;SEP
z00@f@CB9r>Pl=r6@V~`(L+YN94S0))AaTFrJy<s|U8YnU`kCx?L8NwhsBFIevE~)q
zuJ<<9R~DBcO_do9ngaT^0H1OEpJ^uXikiBzpgn>12w5vi)vdDEbUIWt!Bg>%|NgKy
zI&0^@bX}^A&01~OhBT3dsE_6%1;o~QvI`n*NZ%j)v<79y0T*#qe0fMrRCbs1)LEAb
zTlHUJw=?NO+><8(b~<*exu7q&D!}5V&uw9??sB#(1EWeu`1!tCBhWa+*V1+<U8xMl
zd)=a5ghREzqq3&m>qpAgKhOkrXOQ;2N(1Pe6G(e8^>Xv(7rsvFZLOnQeMe8EyHh<S
z1KXcDxPWBdwdieRJGxN0$9x6Q^emgHz#k1xuDcd+PcZ_8)JOW+FWc;yG{Amx266oh
zMk5j{iTWLtxc@Ls!ZT)*G{p8G1(r02`E}t>?iId`Onh+?W*(F64)&=T(HRAiywPQ6
zD0YZwI@3a#FbE9X`ZD&&bp$53fo++xTrZ+p^H?K2%1qqFEgZ;EcB|!|25b6B45%C^
z(+nS@<D6}<{0$J;d}(U`B{u@f`8MZ2EQye7Onv{;gVZ(*vw-P2VzqUd83$vRB{1=7
z<Y!<)4Sbo_xu>(++~VO6P6h*~uPD`AEDTkDg0a11t1fg=<E@EjbNJqnx30=LVadz3
z;|uMH%bnx`el-baM-8>k3zHh-j+s)AJe@m6J*)*Yn!LrFj;<UMgMOWux!_C(hAL)4
zHgoSNFnWXJk{ax$5u1cQGU?~DXtG|IDLh#D$(kJYmUQw$Gw*eB6JZB=M09}hT^X4R
z{EUMaqhnzdh?H1M_oF2K_>%zXk?jAH7$rd9_&Wyzeu>8+ZbUHAJ7HlXR-)zwq_CnJ
zSob4PI~T~7#Oyd#2UzuYWH6rQ2>UEmB9D2r*RT&$dA#IvhDiQc)KN?J<Sa$2#xpHd
z*8lvwa{M|OS)aQOW1Gfb8KtO+L<@rGaX~=;OGkkFu-uL}J-_(ExFN#GB;t?6uxfCc
zdExtJQXyAW4}G&}n?G=g{Q1_)0pCq6$-y=>5+<5i@^oj1lEP_3m0kaYc9w9b1k0lp
zrB)QB08*!DiMbDtvl?|t_^HNlPL4fLZxaHghNGu(ZOND6kt9gVih5HG>LVJ$BV1!?
zusM9@UbT9@kMu09fX*G6jto1thNyv|?5e}gK@woW1DbcLpwBZViE65J)~|Q>DB*nH
z`#UCLk;45s>LACrnMah1?K*XV6SAybN{>yJW5ec}!*E#(A`c-t_~vKTcIYs7gC2#Z
zbCtJbq*c`Ux_xaSDDIL`sl=I~x@LSQmq$2~+%8xq0#+9PqPs&d(QkcZ)Q@n}e9ro>
zQB2TwkuT#V@6?p$|AC6IGyX4v>>nz^z{vhzbjUwcgqfB3zb*Lxfr_xO|6Bf_&;O5#
z#6E*6=x#26LJ0>6JHWO${xd|}gEqz3Z*Fe-Y1_0Nf;vIm-QoMU@lSQe+joD}yVX0b
zu30<8U$1hVpL9$_qNrSi$Xdh%9JR5@xyZc4>;fXP>&TFq0}>NMa}yIW<6>l%2OvSd
z;&J0-aL@KE46O&h;lm<;=jP70$*j(v<Wd@&0VTMD0c2<Z$lUD6;OxZ20GNr1SN$Ve
z;I;r1h0&pr18{f+HdesSAjHXxtWR$Y49#wydS?9f08>U(0LbX*;5K>(0fklsz@d$W
zu>-OTk~!x-d_|3g5d?-;)_~5Ae)uUVJg0NAui7v%baZvkVXJY^ZE>gGDl7nN(Bw`4
zO!JB7`avy#-YQK4x(ZnDcB|(H69HAGX>op!73x`ComgD}fOcRBppElm54|HAV<G1N
z?|QfdM5WO34Zxe;(KTQ6LA3gM*}?lnW}kLle&c?q6GNwW`@=>?T2|b`*ly6+%m9?3
z5fJhT=%jCtPDG#?ni$`sEg+nleB;?&7@GhvvAU6e=(Z6E=!!uYd~WY{zd5nEHP$#e
z7r3<oel8OCYgukLY0Qj?jI3>8n;e}&J}dbYp~3U-KYKcvzdjwRZESRHd47XsXl-O<
zeys+F*5d@HM+SB<DM&x;XF4Ho;-_KGKn#pcOpXjrfdH-n1=x+9!+OyaTw8&Eu1!8B
zzjlIK%W|r5`<}XC^IJnH@4n$@7U$<cAsn0>z`VSF7Vmo@;vyjpj0~?p7=SW0*ZRK4
zf9$|Af1rEwdV@o;1+wmS{bT?}di{QV7k$;!BdcM@zTv-biOmvJ&=dclmAt!8{<=az
zZ*~CkoUdsBxJ=o|0FaTP(E)&C6Zd`kKT=?6eRaZ(@YgG`m9_xX`2YFrk^iM!Ki<X4
z|9TBj0Q_N3>$>iA3Iv$o7g{wmF=p}eXZZF{{oEz|{Z;u<PyJOd_@{~t<p}2Yey98r
zef_?{R?`aH{F-%9udbi_LLJ%cn)jdlDzOIqV(A)cCyf6-OLAiN%myXIVxIMGTI^HU
z?Sru>HaRe{{if;sn5utT&k3Nh35aToNB7pC0pKDNAO7BV%cs>Ze?ITO)r|M*_Py@E
z?~)GN#MsLIWHOntxdjvi2N!VT9CoIpude~*%G@4W0J(f>4+DUCVQZJYBJ_DX?*J%k
zgSYj{rR3oD5qzbc>qh|h5j=o90%3^!Msr{Q!W{S`U<U}Ez<b3ff6^cLm{a`-P62=&
z^GAU8<v)OTk6M1AJ9ZNf@}K#-7V$?w_ZfWYKds6!rhftd(?|k-18$`=e*&v+$CeIy
z-+YlUWN3AM?$&<_H@UdKi2J#Ruki19gWvrLFTF2MZro08)erGUI;Rit@4DUQ`1ic;
zSNsVUz3+b`e0$+BY<^ArPka0sfA;-qXKvy@zq_t>Mn_)cUvD3$3~p^cYu0*0-^uT~
zFZ`c|p7aV2^KyTM1k(JU`d;MReR^GfK)UFk$+thxm^d=H0e<UkZ*4i+H-3oszQ3}6
z0e9K^kKs-H%6^HtAHDfr{rg_&cz?oviS3Qe!NXsre{P}AbU%Ol{rwdK1laQ#w-&mp
z8RZj9Z51}Z-3fKnJGvcvFdKMdRj9aTNyFVv#YN6Y{$5N4z=mrV6z}65E#opyVE3C2
zpwAxSKhG7=LP}N3>&<@LPbhm=J47d^10#cu3b}s2)p@x54f@ohf6=@6QN#BSaF<Fx
zUgLHqqB<$q?tGDKTYgTfjtQH(rMy;eob2OIlU)?86g_`KpG`W(GMzR=7UrDaA5<vH
z?IfJu*_z2WlkY;58eQ!3{EaiCd|KKtiStZ<)TmT2b-NlM9G)K-`8UzU#U*+}>61<q
z+q|c#ghGvrq-hdW%f36b8)srMt0lbDKBUdYRL>gZTYO8e6xPIyiez2YBumEQ1EMs3
z(<e4vaY&KtXSgsM?yPdb;nDvTQI$RI0)c{2=ftIG0w;U<4MhaeQGgO~!2!c7qi3K$
zG>(0C`jAmt{`+x4jnO-1lX6+SeQkO6a$bB0Jo+8_IusHDJH>u&y-ZL3^*7nTV~`|_
zKVvGg!80F5uE!DvR;8dv^FH`6RZQMDp&qAtJ>lj_z~}PMubT}HMP1cs=PyCTouPBT
zp6e{9#eA_0HV105-8k*GEifa|BZ}ZaRnn_2_kA0`^csY!L6Z<1Paj)(YEj3~Tpa-?
zPyB(ibNRaKeGU=dtH-y>xeLZuqGWU3xOy#RMZ@@_fh6xL184Ey2S|d*@-s|jHO^=;
zAwPAF@3SM-G8SI4PoZTRKKs8^aa(ux2Vg%0;5Jg(Q11bPG4|sSn}H;lU$R=M+pQ;_
zgRm?WR<$+D_UPOWv(Lqjo!!ZsT-sO<Peh?97mHlx51*eNoY%b5G!zjDjY2?a1imJt
zH%jdY!=;@}Z*dsz%BZhN)$ejevMKd?z;xz5o#}zv!`B6Ew+}OLk17p5GbbgC&VY-;
zg@@AZwA)dQiC)7yYqHZJ3A(zC4xKKfhj>;?#?&A*sNj69+)1G|8i9D;Qd{^ZVFlWd
zh^MV1XUJs?G22=b43D~X$`gFbrQrDwR`+6c^remCRa2#_fwOZSJVg>sr%XZ0uJ2qv
z6%rA9dgWsHY%{>4C_gHhlY}LFr@ug)y=g`FFT}!{ugbz?>iET}YG6IhX^g413Kp{2
zzYYN@ajp?O8WHibS_ie=$RV3JIAXZj=*pTQFyIlxo)N`t{-HhW`02;Z^~vcm6LchZ
z@jQEiDg2bFuaMu$9kSLy{JhL4Sk}cLQKfJ_dnpb<;6FYpc==0$RFGDf;*-H=+L<>p
z{$$PE;?e|}BqRFW2Y;iL!0sF^biLBdYDUf%aJ&J6>z50f7ySnO!W!)IFY|ZS&NobG
zg~)ZKRM3|TE9Gu#q_UPZQYBlg%f&dRt?j0s6<vF%dGgdbYK#XWY6-mVMjsic2u=-X
zA$S5}xU_O^uEI-?tqU+ImC;9;cFfPs-}!==$1IoO?SHiKA3&g%q8tfKfRS4b(|cAC
z=3J<ES>G&Ml0SJ`HMnD4Xf{K<7X~nl`KBL4k0j$fR}E683#8ayqPX$BTWbu?92*;q
zr_3LhIlx^7X8>AEm~mpqQl#_r@70^xV>|@UZAtl$4*dQJ%f?hscreyN*nDN+cfnXN
zu`Dl;N5FBYP;fx>{ME(sfAroF+OYha;h`=%;88)))fz<Da69}EriW}ORG=PxwX<D2
zhJOY<(2&!GWtGlvFa7+g9~S3b10&NJXKY1j9WDnsD3Gl4%MYGayd*Kaq3wJQfYlSB
z^V&7iddQ9gymcbJe5qJSS5FUsX^>kyce-3<SD41s*jNhJoIzw0VajifKo(jVk8x$k
zxS|_7GTYDAXvaaGRWWC!2`*076?JatJz!nFJlqCxS|z6&Xyu=SqqTOyM13y61li%)
zQ4!0l$t-0+jkjQa;sKb6w4MapUQ}<-bVN!VGo3By&|KvO#FLa*EPgZ!{}woYB7<Wf
z!taASxO-<-e?LUaFD^Vw_6Ut8DAaw@xu?RwB|A@M1ZurSjj2@a%AQ)HT(LY4X8Qox
zjBnIWXcc#za1veCR9uIk%U4ASSwz;Hh~@Mo!PB4_?Fa(GZb*c#^zz;$r7+$|-kaz0
zTSXt&c@=`bu6t52TkzlzF7&s2q+wi03*NAkXk?M60Ls!+Ze)JLHC;1jMj4(po`_=P
z+%G-c-1)aAr(IXiLCN-aEFdn{tt8f<Kgj=5NE{Pa06|SCSo>HYL)W?m&Ec0O+sWgE
zun*wR!cX@uFh%mxv%<^9RmR3#AG#;=Q%-BQZbrI(X{0<03$55o7R+V;QhATCeR!R4
zl#yIIqpvlv%(k<{#<6a35azPXAalRW;!)!?rF&ZY(-~2Cf&>JfxwN`{a_-G#Z!arD
zjHjpBcTWs+8>2`f$`m^Qn`LqhOe$Is9=BFZ0ZhA+A}9Krx;O?!O$!VD#=%QA)$&2P
zM$rAVg5gFx6UBg^Ge%G4y%1NdEC6J11z38^rE@n=0CN<++O~y;aCKH1B6F;uRk+$l
zK+`vbry|wlUTpyuebJkKK4}-CTE!WfYlgNs@)7Sc<}I3kvs$j9Cjw9c>a|1*NqDG&
zz>gk$AlsX32Ai~t_BOy7#o06AGT-6L-@<9py9=*yY@-4s=BA}Ng6eV7fvJG-J{1yr
zc+j*<e@ZeHOLCmOhu2x!0%)P_Zaf{GvySf2C|0dZV;;BOg$&>=%g6c^jj+xgPxT%G
zkALNDi@F|ND5|uPpwIp(+&pQ(k*Ot(dd_uSTN6r_a7)!;XbSF?SyDE{F_^gei*oTV
zCb9M<QJL~t^)50gnLBIvX4x0=#A-?lsW%%b2)yh+?_0Ro+6do?aq>5)SyOT(*(%Z=
zhDJlUX*#5L`GxszwLvXxTWP^Ont+QSDgQuyoxMn-HcA_bTf*o?F2h1ZQ%H0=5f+|!
zsL-Yw;qaXMmi-r*iiu`j6jK@0thkx#_gWU9<jba8ONUjL_pW-opPl>SUl*qRE8IKf
zFDgWGZ>UkD+Jgz0VU9Ib0A1om!Q*&4Sj}Vx7_N%FQ{&`@!_t+a70o3^W`Jic6>P~g
ztmZz`&pW3Fzmx#6&JUjwTyV$nqPwR=bfdE7BDM0pW|$G+n@`=mi1yLFqVFJMVfM28
z=0I<@i#-pJ%SJsD0rd*<AIt?D4d^)dc*bKq=_JO}J|?swUElDT02>s>j<lX<E!`+%
z5I5mHMri0*QMhFw;V8#2!9j_`21pbae8<myvKU5%2_p4d4U#Ts)qY1fiiI?1W7`gi
zu%|cvA-U5j<)b-M7U8$*&+4dM_qGYj@)6Z&E~&COiv5-)em8J0p+Ua)*2)@p7F}lb
zio+rGac(=AQ662QceeycaJnpU-I|00+BrMjd-L0Hzn%u(BuP!O)TzvJv24)^K$bM-
zcxd9Z@>oX&iB$!*+~xy#GZ|eqEM`in>S5dM`Cz9Mvwqs};c=QqX_U+TbUAI_nDp>U
zE0(X7V~Z-&%pgA)n9K#FTBf?UqgT~Oo^3McBSr@o^@rHC1zd{cchM{R4U$7iX!Zlh
zjjQ0^dT2(x=XCc1>S$-*S+yMTyO^RWVtHQjZHTzXW4v~@+b^G2H)QHpvvpSh-K5yM
zh|eq<xi8>UuenX9^r4poX=Q+vfIz6%6UJ7SIXO>*CP$3(9rrBiA{-hjbCcND$()vH
z1u5g>=e>{cbYqOCjOn=QcYzuG;`khrA%S#Bz9mj-ACE8SMc2jrt)sQ_E5tXdrG)@5
z5K(oVda#;<EJ&sIm3-5kuC%091|w<NF*VuIczP$eJaqp^)z#mb%w%6OK9Ubv+bG#&
zL690U6g>X>M_{080BEb#IBf9;P;N-O(=5VyRS^9(xN(GyMd&Ywg*s<KwPHm*X5oP_
z5%X;-NCBmLxiXc}J_~E}xTlrC+F&agg1CaSM_hFn`!L$fI;@A<L(({^51f_-T$}w7
zTvJK`EnUJiLdF&@#0@yk9&D)Ob-#PZP~X3*Ncv7=w-j6fXv*3WF0PxI#V?wwA2n_J
zqiCq;{pUW>MPjSLmhMUD$xp5Dyu{{&V<vI@>^@8`d_edEx8^RC#xtq=ZLf5&8QM@F
zrE_ZPyur>dZX^w-z5Ng?PVh%TRCu4bu&<o(X<Q^)rOU)J+O;K$8&2xnanRx=eV(v>
z*&}n1**j+sbGo?3LXsYp2}l@Tgj=@jL^Lc~oXXklW(2(|Wo@6qk-t)~TCJDW=41lD
ziF2p4qTPD&q%=(Zw{!_L`TQ_&>m!*#A5+~qD#j#k2}L#7LrWahem@2x*b+EY#?&(w
zMkwZQ?Z@mhn-(t}l$9Yn7NN`PQnSH3j5n$r=}lp)uDV?LE{lcpr^SfIznp+EnOCQZ
zkNe!>SWEXjyAh*+-(aIL_P|ul8k*s6O<{7RH)wmT=*mTKwftij^uwACxzh>IjnJ#a
z<BvyO=;~5o8V#b=VN<Y$t_`@^vTy8k9yc_85c?PI*<r?g>rt2g$`jh#W9Cz0JIEUt
zN4y<022+ZRW#rYxzT2dvobN+F49D+YV2?U}b-K&t#5YbwFWSKPJ&W)zP~s<G6}D>p
z(LP8v<2T9?R6zXE^-^EYmAR-A#V=F16{de+ZvP}$B~6to8q4u02Li(A!f{S_FSuj)
zzVw|+P4;{jyJXA>QPHpEHBo4rh_D84(AHJyzgAokWL#v<5n<zOMXFL0YvS6dt$NXK
z>HC7w_-X#*<9BN>N@FKrrVgILw@5L!!7ZBuacmcF|7PMe!aU^##|kqNe;Y0l3|QPw
zan5iYKWLEq?e}}(I62<Ntk`PyXmPh~nNaAB{>v`?W&#@@ow}`e6#1`eu@G%;Zl%HA
z>ftG+BD{Tj1;JWMX(se9K50lE4RmfDnWIn54OGt_#0hUBDn5&^tfXC4v}LVOC=dH=
zmLm7cwPRxOLT#uFDZBZGp~A{P4%hED8iw6fJn0vug1b`fEY^}Q6yV({#}Ohr$95uW
zKc;HbkzTs;;bAu9z6fy{Oe~%ht0ZpWJy0z)Sl@W0dhLE7f%hJ;2aLk*Au7mL%6-U8
zSooq0c&M0!#J~n5sSQ099KG&ukloVixS#K=coT;~hFs-a!7rO|_Z>6;Qt;y%P{em>
zXiK3@gS7MB0u47=oe(+fjZWx|?$di>$9u{=c`Xz8e=pc(v{v^;=`Y0fEEzVvw5Z<^
zV{K8Ye=U4F_1fK@1bt0CPN+&|iBSuESm*jO<4niX3cfYsT4Qg(N^@c}DpP`3zag1I
zep#_bOnlHsENAnczdrP9kiOe%GL0c_wRQM{4v3h3Ydiq?Enpy;gQGwTJ+-Ro=5|F1
z^HKtN7sH5oa+{1yJpT}Cv)PIuECq6>oww_pon<42R6a<|eEikyUC6*fgcz5vAPfY3
z@H!fvQPN|F7i6)2j46Q~y4$+jb0pKCnmhe-%zLG3Rl^Q7WCShW^Ok&?HtKUw-`xcq
z!YQG=G1PAtb7nxnO@C*}u9ce$IN!Z`8S*5!20@-p9E=jHRrkDY{1IkiMwaKJ<$D<8
z24~7*HW|O{#3Mx4Z~sW-KVcqvw7nn&NETRzRtJtR@D)1?{zrR+`<+lXfdz(OKbsQ&
zDITxi-Q|<>4)-A;0}I0fYor>kKG{ONe_ulpsE7BWiOg@0tC&X=RnFsIo89EhDSNxH
z*EfsYv=O)0BP@C)xo%(=Jjx3z^+Mx;C2<3VDC=vg6azaMQCOn1PI^t4A)ByGcNtx<
zAILnDT~Ng5=iP>aEUaxpYD;sd^4q#?06S?gKG>$7^tx|0Dp2$9JXLmK!`gEZ;%&JD
z(na+u!ED;K$J<{yg|xO)BTU*6+Y>)RbQ~;DT7QBw40`>^9lg6wKr;@u4vC{zWi1i6
zY|~n4*6cwo+mn8!+0T>tZr@q!Z?3KgcgNs{jiyctdnNT@Dz~6RrtwSDh%?NbxN<6}
z!vxt``xCQTj--4e0cEyxryB3fu8cdq!91>8=d9UP-TDkkEq^EPSecgk+EcnZDLx<i
z>}IF7yF@4;<Y>yKp4@H;_X?O=w!-UqId^L4yIm}yA0(Q!l#cTN^62Fy(R+z8rU6?8
ziXlRz%Oc65-n@+h8KQdX;+@lCY{Cw^hl-+H2)EpM`>c&!Phh9v!wn1cOK*V-_pL*x
zaC&8O(dGxl-A3&3no@@;gFd=&zDmoatoYFSQCcb&935V}8LJrP)iYY--O)f|FA0@A
z9$=ay=hD$h{eRcoHlI~@BGTUS&Zc4P_@Nu6ar(Od&0CNo^1x?U<c_fB?+$&<p*(_B
zj`Kjm?SNb5w_M<x1q(=(SX|L7ptX<+{^$>TULNo@PL=Xn`}*i^rjifps0S@L<BsY<
z$6P&65ujJb9LzKx0274b@9PyGLZ&UTNP41@^_zZ9(VDAdO{8dPw4(wU$@6wpV`l>1
zG1J6LyYj7&t2s=(yM*@0a>G?8v5v-#Pwr37Y7Kj%nm!?P)NXfZcy@`zVw|WH1?bhn
zDBDWLFwI#(Oh*06U&kuM0}lCt0jS(-?xm$2te9*FCs!!sRLZ$+o-HL`tPj@=;^z%}
zarBd%G$oeJBgkGxZ-ahwurxa(BoOx(#LFnKQmkp0gi7U-*cD^W>`D5H+!;q)w01l5
zUB3yAjW6{>vsyatp6t1}_(#RJK8xX3BdJg5p2n#}4#-$2v8V@*;Oy$Vz27I*q}nTj
z&uGSV`>4&<RJx~m(6Mf8swE<v#h}RK)J$!5JGO62_>9Q@-mjVST;qjxJy4od2%@qf
z%Al#|R>}>8$B#I4Z8N0pI}#TEX~4UIt$940&0q(wVR}4?Eb#rh_Q`s&Wb(ko-&sa%
zU9vTI7xqkoCN-v+k<0>LFtPnE49J~GRbNeTV7<2EOb$*qE{SVebzS^$I2#93ziDPo
zLKJb@7H&t&g}ESmdCNMr<!#Tkd?klW#%FKv7`_r|HUVL}bj!MLI_G9{+fD~*;KM3p
z(Tn4kWg%IswA#+dkDZt=VAUivC4sV*{E*`;h0{1W!(m8FJk*S|<%@+TmDZ;%I1nPW
zMKrpb`wSS3nwScVui5~!K$U$s>cnc-ZN@bQL*fO0wqVd8fBw3{>61m=v@v$#`UkM|
zJI#k0N2X+Pm(3gZYG=1G|E}x`s?;7(H&a$_=!Br&ja}ghn8O8w>9T3d>VqSeTB{r%
z^ey%bqxtDJZXY0Ghi^I+*JZ8W4Pv$1KBSXw<|c^&=3(|6aZyp&?q^<b2%~>fZrv+8
zk!Vwaa3KAuLLB4Qm6OK~nZIIxVQpJ=KyL&NLZIrM%`)^CMTYiTdj@P86rjP;JBEdn
z&sZxzIB3dqS+6alGtqUkXcJd+E!F-Gj+0a8^MLUEsbaiI220D)tgUIbfqR!0{f5-o
zPuZmp_UX2PV~wIobm&xo^v~-Ach*NM)hE_wK0TVyix|T9?AU$jE`|8l+l2hQnh(xz
zruuio{yVyi*8xX_@gQ!zCT*u_iT|ud3=QlEDaq<2fpk(dGwh6^*x0|ixJEhd9(Kf;
z&GvpYWq>XI4)(*z3GK4_Bep!CB2mgrF!5)Rp%<s)`CjF3Ft!Nx%dp$@wy=8w`TD!P
zxo<XtN#_P9gsqQBTNoQmiw{0<sxg^gXDssIq0}Tfvi9<QzrN*BbVpVW!@`De?e1z5
z{5J?V_qgN`C#{>oa~l(uCvst5uufTiAWOT;aDJ)VzE1KK40;pukM6$G8HZUXEs(7d
z%@noGB<Nt^#nQ$xWPXwA9yK*FidKmLz=CT@|3J`ntItw}hh{gYfd`fpM3>OsQIg?v
z{(3+7Ij%(sHKn-i+_P+YryAi$E16T`2h~(@GU#;M5JYIogc@3LE*mR`bQ%40I7az}
z@5+0t5w=K9G~^ve>W#E_X*AopXo~9u-Bs28`hMb%r2Bg>*MiNnPD8L<8A~gU!2pR8
zvG|DV1q!W<h;Wur)DY?%apd3?!O_9X7Q&tv4*~YEQ$KY?jvut!$Deso;X}vhIqJuk
zJ($5IkO`<_yr6O+FGW*XxW@|JHUZLN%u8v~#KhcMrYg%*1`xpB9Qc&OG(ICL0oe^l
zFbY=MzS~Ert#Efza)Xt+{n->-?onkZ|7RTFIm~}^_Ja?{_D9fGL)U81qFObK`@YDf
z>|;-7?R^z~E@Sp8a_Uc3P+F%mTQ|dPxKj~h4&vvf89NiP%2VNAD_uOw?H3SIn$TlE
zawj18kI15CWM=x4KRR;{=)@xX;fDM@q^PDsTkpPtkvv{f*>*3y<XZ(w)(03Kx#wRj
z5ur87%vyY8H(IP+-WB&)B5lG_1kAa5>h+vQi)n+l_IZo98!GI2QQ70tyH?ZB5s-gu
z7wLfK>IidA^wGNIFw8BpHG!6tk=i@Z4e}V*OE%XIJ~Z^MFrhz0vdWT*y%eGHe2^xo
zCERnvZ6}t$xcnOZaZY5-l+b%!I0pC7#a|NVZ{?#qUBr#&5L3xa`$kGCIe;GNx9g%;
zw^B@aCYHHNvg2I?ng~%>Z$J|#aV)I;bZlM|O^&{F<n!8m&ySi2SIlDx>a3&RNfMvN
zLZL7d!2Hwa#H2EVaNtwLU|FR=&2ox-XTr7P?VeHTtA3kE0D~0lxv!LxoSjMKb=&xx
zn6@%T7VW^%a6p|zb#N&Uf<sJ+R&kY<G^(k99;QY2Yn>c*<TZaO&Fb2(cZ%yE<&_77
z9H@rYeZHx!bpXfi_w-p#cBSbDr2Jk+qHD+)(&+s*t?ga&Tyq#wS7Mc-y2z5;4lk|g
zy60yfzz%syaSScI+G=R;te&Ao=OQwl;x6pOo#Y=yWmtQ8)er^uG+SNaSdP%ZKI38|
z3Fh_WSL~OVG|>xDQ=a!Hm)X6(@gOF*JK4{whmF^K{<J+giXN9Jy;UbIz|*D7IrB?B
z4x6%{rkrKPFkr=WZ*Gtp`?C@#hA>s6p@{$UQi*)}PUv;s*YR_SDocla8AceH_u&$a
z1rJ9j-;83{xV65Cv@oSkXnT1%T=NMZ>NZd@fG$;kL;*w%v!fre_#Qy6&os@Dt54C(
zo2>GNrV{z~d-7g~i=6Tu;Rk(Sy+z%;gac@CCEvrOx6UKg0x>e;jn}_lRSPc5PKMSB
zAd(hu&Eq_kPXj1_7?E&nsrLKRm#td_sVq0`tXL_G{#t-X&?U0Qv;=sZ&TwB-j|B>h
z75tmdeb;CTIdw#F&ly!FLICNgm;}$P?O$7mz7bl(tayRMicKnq8)8WXk-ZN|VCiv)
z)AT!|?%*d?&$r9sbZkl)8Nx=<5^@$9F~czAp%(Ic1@S?^5vrh(d`x?#R^v(zTpdxU
z&WGiS76=TMCAP3ctAy#oyLF{b`Ncx|mBeajt6u0#<)Z1bx;|Gm>E&Y4FP7f4KCnxv
zUIKwgrJ#&MdApXL_P{H(k;A4hfI4O=R>OG5xC%72T%Y#c^D6;UOe?Fy_Nvx<Sd93R
zM4}sj-z+!U^8rLU>k8cge+3;eE<)*IfyNV&T|MIEGfKO}T_tjNZrwasjEO3UyWS6M
zjQi7<pXD<}=5+YcwX(#CIe2DU^Ranby)$L>6xgk|95OO0vV8R9(*0(QWi?i>S*-Dn
zqo0G$lb&?k!k%l92mKQtf!s4g?Oz{#oY%YxsL5>(57{qlave2t649okF?mNvgACj8
z0a<4?7rR{dvutQXVioFp6jXXdO(~1YYJc7h7`QM@s!*?)t9|;z8MIlqq+~3%3EsgE
zf8*jyrA%&F4y3J1wA5$S&C0C@yDVXKc)syBMZF-)){8KQbI+Xn4>zZNexehBI9o-6
z8X9tRYvMOiL&hFe+EfZLLy=k9wc<1lIx-rPp35d4mC+QAe%)3u<Ptb*t`YU3`g_db
zJX3-JY&_Mb=>}7kKWaGN1Tu9D{g1`dH=BU;#w}hDvF9$ycwJLWoUp)W;BUR_P`asy
z2CYQ?)*qdhf`A2#)w||Tl|BLC&7*3wpADmJTKitRg1_rho@8!fU@6Fiu_nNY1^`FN
zTl27YhB)(Xzc}a1)0F%zoH*aZu}pEw>#4?m+uhg^{xpSzSqe+hf0{}k=c5h43>#C|
z?%S4=54AraqnbsZk~N9kj!!HmsfJdBz4zF{;5*I01f9FoEt+@I!v!XNo&T693Diaa
zaXg+2>Ne)2Mys#BlECnal}`x6aRD^AmY6C<>9QDIrA2QFB7$Ia-lLC~Re-p8AbVBp
zW5gc4&p1Ey&|i@fWv<|Ye{Bx{mKUTl3cfgQT8EbF1r<^3y#GY({fv4$PxDZj_D5<^
zeA&XptBQ9S+Kp6qkwrIEH>)=@tIP6F;rE6FcpNz7HP&#j`nVGa4=v(`30FV`t*eBe
z%0^MS3ckOq@1}u|O^4KD3B+f?wdCca{T1G5c#ts6UTjIVb1wC@!!luIvStruYH~<e
zrB0IjiyCbS#RV~9<l%PkmM9okquNrKOHZ6;yN-2CyJu-XT>ZG0<&>vWY~I#{<P<db
zIzqjizpNTm)6glXbh-E0Qei1|O8bfvO$sRgq1LT7{@I57*$cu$tXNt_&(@BI5|aMd
z2Q8Hlvd{f3L~njIA>!V&iJ=vw6!8&Zg|L8EV-J!2^|b|-D~j3!3ZGy(edP0LhCX9K
zTr!j<+SN#cHfop9mth>@<Uk@kn4x)1b^^Nxas!)5!iXq58%i94s*=h_n$`I99Wepi
ze~H>uj;=ria={2Vc;^#d+&Pm4k5q9Hpt%A$e?psQBGVEVVy6)l@&?W9H9$WltK^5i
zo2fI9vdpzqIxxw?d@J<a$?Cr>&H77#BfEU1BFz~EEJ5j03?7D$rgQ+J`EUd2@|^5Y
zQ~6yeWszEH&nQ!8{1ZZloV-mx)}X5zQ^#&pnQ2D|pF!v0suKXNyQZ0#`LPGImX)yG
znd{F%_cN6S?sD$sN&49UbF#wI?AxKNr~W?w@2wrgJdVL!jWOTNC-3>5!_8YnXx=f$
zqh9-I%jCTPIaya3|4!DGOVQdU&n(H+QLBa*N>`s9{+pNz7u9a1&m=08U(1Q0g_U4(
z9Wz=KwZd`YpB{M`QSeORwQjR`d#rEBl-!7aVUKo#;#)SV9_WsVC<Gs{e3C3f8>tZz
zql}T5*<Db#$WBQr@(qAN{CvCe6FS{%#Gm$&B_e~TJjJly%jZM()r!W4F(68#s{`|A
z%RRFxN@Iom=f3|h&OJ>aLLNJjFB490@+i;EfSdL~$&l6?eVg1K>B~bwml<AcI#9e8
zF=?o=9aSV(v3gEQX3X>r#2;d<9I16bsKm^ifZ$0#4|w99QDC&Jy6za#8w)W<wsJm4
zX7u3HxFjamA5_Domp#`Xi|ZY<TW+rjGg0=F7QI8Uc&fYTBt%HQ4c@(&eq-c{!cF9_
zzCvv;Ci_yIYjtGHe(wlRr=Fm!eE1>*Lg`_56cmwDa8i&q2uggc_F&#M48HZs`<$XB
zeU`H=EKQRYwYg}283WouvKN(zgku61F_=j_o|oBOnV*O<o*A)?d5_CuQ(cGZ)Y4)Y
z;-;|4Kl9IMN>K#qzG{LAbV5G{4m1~mS(bvm!2j^jLGofqc7`%CLW*zTQB}aHd9eg@
znZ&;z19c%?ZGBse$7af|1Ag`D)Y){&>pwegBaBCq#-evg0uSyeT%^35IR?vOYqdOn
zA>Bhwb(4qb3m5I{gtJcwHm)L6obZ2BzJU&$o;!6sc7n+BC}Um0%Ful*pF6r{_@V?c
z5ZZKKgyh*gxmRL1=Ewuy&<)y%MEf}65uQ7+Le0WvAr2@>b5*k#c&_g`LN`C(F39&=
z$>Rw>CPs>``;c84%5`W3n@cuoP$^6e2e-6UL*%Ad)locE)Yz$faEVUUECa!-dpj+t
zUsPHpbfmUg4Z0i#U4`@quI7SVoC~$(DF2YU;MO}7uZZ5?@-=b-FH<MHg!cG8GHEc-
zzm`oFrGH$h8@Y%i83!*Q8u?wD&N$QhGQ>_xo6O3%adjhSPf-i<QEgwLIgTYwEOS<n
zSg->|=}LypJ|XRZ*WSsT-pn4QaF3lv9x-CYX_56#gDbT5-Nh_ed~RdI8y%Ch_sYq0
zso=>N->aWs;PIzrfx%K!9pq;}e!kpExUFy_hHc!y^1G{YQ&YYZ`GO4Vc~>;<xiUt=
z%+v2x!G9iz-Z~74(m6KoQ{PTJM~Cg01i&h`&l$WPv(j@Q>fFAK(NXx>q80ZosiQ1d
z6GgdQ9ru$_Up_Dfm26b!-$*E$1#WWSD8tH(@5(Z@8n?vWo5EQ}`c$r7Efkyo-mq7G
zs51C121t0$37A+XJQ)k9sM+6A<~=z`BUYWcf}};fKyFc=iJ&q9Yd(n-%AGQBip~z0
zZNIn%y=7xliD%tJyWz-75(pi9yf^UZ#K*&Eg`Bqb5T6bF@tb~?*MzY`0M1yPzr{bo
zZ_;H%>~Pwuyl(0=#~pbUy%chC(ASX}pWAQhWlY5}U53Sk!_!oJruo2C4Ef_#csSxS
zYC57%wu;h@;rTa^rt`Yq%!s*b)pM{Jb4@GT?;!+a-Ti?Fe2x6vXlT82;V)NJy;4rp
zt8b`yR=+a=tA2(19z|5kd~%ehh*-clhlafL6iv=S!(mcAN{eCCf+Nh$r*D4XfP#cE
zAHBHBV6lg+kfa-EmTsdMS)X-^_|V7M>=kYU{fG+OI=**#5);y^wL768ZjWET|0|$f
zS;I2FCok|g7Aa%G#?>3=rmos(#w1~j3+VFW62?d2F#+tw#X3k2`-BQZI5h}JYmyEb
zN2YF1#UY`)kW+kZd0043&~yIcm<lor)@IH@)ch&250CCr32^pYSVRTLwcG}T@Z_{@
zaV6g98H=$+it471+0iqYj~)q?5y1;uV*t@j>fV1ab`C+JMBBD4+qP|;vTfV8ZS$0M
z%C>FWwr$&0uYUZv5x4Ogua{_KCv!)}USrIu<!yt}QCe>2II=;>+`>&5Md$X?G09TN
z!tYJ%%jomE2@{M)Fm`GL=`^{vWDn{Z?H9d!$FM$6Z#*UR;$0f+irB%kV5fU`$Pmrl
zi;HG9m|I2((R-46c*nI!@C15uZ6Dxg8)l6t8FAwf*UdGW&Cd>1hDF_-NJ&%Y?N06c
zuXbwT@1}&BUzPkLrbSF&sagDo|EB^FB0`4W@|5tGp#)7Qb^U=ravp2XntML6z1+Gx
zC59HuX1C>=h3YHZM{il8HOSj&fQ&{@Mc#=c7V)%71^9yY`FWL^(!a96Vaivvg9|pJ
zh(^e5@#m<*>g*b6BEGsFfF5|ZfJ^1EzP@<P%ajcIMSa%(t{!{Peo#D+92jC%TH6G0
zD%AE`XA;aD5#g`wJklX^C+Xjx(Ona2Fp0)M3O_8?>?>mg7QE<HEe%VP7RF~^`dg}D
zs2Y?$2B;&f9PX^iMBI|5Pf}9A_f4hF`K2%nn$HRnOhw3|zWo<mpz<i2fdxnDc(+G{
z6OJJY2h7k1Rh1gw!KK~C{Y0-uq*!ZYKp<02%C|&&n3^Rx;Yj7AktC_C?BK(&B<a9n
zhRphXMl$KpM#<Gdlv0QE@5Ih>cP*4VJxWw!N}CI(1&<YMMamR#JUx>;RBq6jfStR@
zYPP=TmzNXIf`}dtx!!g01<YzA=ikA^N{10!=T_X}qHLJHpZ#7PZSr;GkI%F$o0J>D
z*Bb5R-2jv)qEM(pmO$TG_}7LCtfIs5$OrIaBGR)n?Dc)^3UZ-?F>o+OJ#}THk!ti#
z1|KO~IWs$=NRuM<t9g)~eZV>2uH7EO>f?gvMvr%#Q>;&W+`u$;Yhx?Tso_m2?;9Qh
z4hpkzIdy8)!W(Ay#NU;O2t@iQF1ozf1*bcUPu5|o$mOrL7v7V3JW{B6pG#-3He0=6
z>D>e-IWr;mf=k0ANW?c&UsI#!JrCeXmt;GBM&Ja#+uLN4pqf}F#jdZ3{I(qRf75P)
zBSG$cX>p&boo&42Q`{Kw`f|Avt_ZM5g87e$gPCw<!_L3IHWyEa0YgzwFZ6AQdiT?x
ze>3rG^uTD_{GdciR5NQX?;ln)w7v5xXo5teqX_$}pm_;@AXli%A!Z=8EU9D=2TIX;
zUWf=}%MQ-c105z+HhQFQm&=MdwG2(!dKsn1@OZM2DV>OFip%AnaN@_UU9mIYQC}u5
zCic%MAvJd`&u|Dcl*q^e(4x<AR0m_X7y&aGCx@7TTw*4tOPSohax-%CXOSx)62|tp
z!p?@G@1{0?_Z<%$9I||&DxF!F5ChqjK%a|n(8S>~$$x6zm;c}l^C5&soXmu{mzTP-
zy`bk#+u*P-v)Xc{gHShk|7C)byR!icIa70eu)yopQx2D+Y-|i9^awG_yQO)ro5KU7
zH)R*5eN@@zen)&7W<-?GRH-+MCY89Dx*I+7&12YYwq~gjErDWX-vSxH)~*UtCDzhr
z8&^PAmFqYN)h#S7#dKP&1jKp>0`3eA&S|t$Pf{G4vQRmtybz!1KXtJC9O^40N1TRj
zX%zuid|#5vYjAUcNa}tuGYtZBV15+i@lAdrBrJ<HFwMvP&ZUid*k`Y0XvUG<aJWg%
z%wDx5F<!?#>X^kU$(FXew@Ib17Vy9QcLt)0%Yil)RY`SlFzXv7X_WRa{VkzMxRoL)
z&RY=L_alB^cD~hD-Drd(^zU1%vRAE6ovM~$)Y2JH<$-Q7^u0iLQaWY_BI;kzIoz27
ziqKoJ12r9Mgz!dHvJ(?+f`;yMEm6j{SKqD4tKCmXhQWpp1E(wI*8ESyZhtdFDVBT8
zg6l$<6T1UBQfTbc9mCg=jG`$PdsutB8ByROn_zp*mgah-y0tZnS#z2Jv(XXkA!B<w
zbbezK(e~DVu?E)#mr+_(E(ZO>NW(R)ABWIgfm^MyC1SS7Sq-3nnE|`4<}U&RGw+2)
zV3)Q>Szf*W5bD-xRa7Y3*{6NuW6pMsLFU%h0!(?j=&9eZn(;~aqa59cbWjHmAD@Pp
zQMN=MI-M28o}gxAZK@h(gKRqOo$7Iz7RLF?P8pllaPZ&WwvxFlv4(`1Vf|C%`DaC8
zG8oZOrDHgMUaiG20`2|?MJZ#n@)B(Tfzlvj*%6S~zHFLHq6YOhkA|seckJ*1*`rFP
zrjpS|U;=4YK_9k$A$2?CxGJV?BVaagW=85;833HvLM@4D3MpwAFH42mM>HhwX@Cm~
zlRLh|-7L8+L{3Z2{@LS{uKf;u{qnh*39+7}al^^JamF?nGc2w?a#fq6*EkjLc}1?R
zWcLJ@L+BWU=kp!TLZRRW6ZX&n2EUYq-8DauS;IC|H+d4Q*h(@UwQnHQ>1z7e<i%#@
zZ=glnIs9uz35KHCiLZ!BZ7V+wjLVIEtPk#t@k4_*wpMe4eFLuao?02QE?a3Xov_g)
zSUY}`zvQmL%^9jnT)nGDn1}2?u66Ta^*=8kldI~{Gy+rucieQfz^o#nB|X_<^lh7B
z&BUa3CnM@EXVriX&OXfyE{@PwO}0*R9F2*W1RN88^|?R1BeF&$X_JDR3o<@Vl9(pM
z=pVL0tiSS+w;-cGu>Nt%d?>qhmGRE+L9YF|8m`STtP6S;iAU&m5})wIZraHM$DFJ%
zNShiD`r83!@aIotp)fX2mVL0VjFOj2XTA@bP=S8IA5OeQc@@IaL=e{y`11?Aj##4#
z7-ZLdGXO5POis#~H-W{Y^!zkuC98aDsHHV9kS&ds;=hXk9KNk-Nl=8?eUPT1Ql8~J
z<|b2)=(cAYH5t4@WQ*eX7`X&3+C@D;!b^rs!lyd(c!Nc7sK04235NfY9+gjtg*6F6
z+~@(wnw@>))nHd7W~DX)Pn~*e&QWZP*$s*fy*th-{0)J()5H1c1wdA;xLGteopwHP
zg<!#qduFN2JXG4r#J9$>+^u!Q73!O%Yt&tB#wMXR)6H<!P%em)UXj|tw?pTXBLao5
zo5T+oRoiR5f(nr_SNK13g4g1nW#{8!4w>ZWW{71Q@jr<5CYsN9`j2fUS6kwu)+1L6
z(3ELk#ZFC;#D}kTNeRvTs_lIwY%<m69i71KN27~t%+?*kYBq<#aZp8Bo#pI?;^7Yc
zMxbJY3s8lOBNSks22<$bEL%QSVO(?wac>WP0W#@?^-<}tzz|aQ`-pMxHG=Ts@*nju
z^EJGzOL^J8NBb$s<JK(Uj#>tNRV_(2#GaLly8!Qr)iVC-lLiLDj!Sr`_P(*UWBBS4
z>EAD|woX>tIQ%f7la+TzQc-xGZsF34t%+Fv5(kvCEYNxhawq|!GCAAjcl}}^L383)
zt8ov_f+N2%>l}LmA-A_1LgGYY{VMVe-oc771`?=Sa_ed78{x1NGK)c5JwWaURyQIq
z@f!1_YMyk}i1TYsw=dJz-7lOlHY$qaEW?D9_KMVROLI%%>c2iVXJraYaxCqQ<+(m_
zrWnnR4iG|9?S#IXjH3FOBl2>=$zM%>%(!$BjjihBxlqfwA%)_T@U4|SF6V}aqv5P)
zvscD8;bVN}jmvl$J3r!pjnUYT86d9)2rtnlE+s-2FN=?z<BwR(qjZ_V2+1YCmUo>4
zT{?4qx6HKS#NJ~S)){6q0G4D~ml%IQvBDo1uR0q=yR%d2e?sKQXY!9H;feQQ#uvu0
zF1jPo^58jbEEgmHEdtSB!X8I^>G#x&NE11b_@~TX%x(UW&U)^7L`2=E(s3~`egRDk
zS+~%+lCXicNa|md6$_2|65L#94cmOO6k(vW-lIkAWYN|jPdDqdQib9%z*X4iEMFBX
zW6)*l0ZDvSb?hVE9fS2s5>lK09Q}3yifvkj=d&j3CjLQqFNi6G`@|}+fsOj3o#T~w
z8CM$HOns{>s_TpyCtG2Wy5lF0_0>eIDhif^T-bgBtJ!HvX}DodI{Ct+fK1P=8nVmp
z9ZJ6#e&y#cjIq@erQ4s$dd%J9`A%VBp=U1Gx9N=xK}dsF>UpQ-H3G&OGGinUMke(x
z@1K?JU;86-p7!^1fVPLmmSi%<)64cVd!gmSi$df_ttH+19kO|W0WwKPH4M4Krp(?_
z$@Hfo$O}_#8KwKr$UgSZt~Dl7@J`OFPMdidA>Y!9r6c0nz*VIT#@qos?3F{6T4AA8
zAG$2mbpRPbrEP<vOhg~pVOuk)j=~~g^*JT$vadN~WCIg@Gf2W$VTmXMe7eO(gO#`!
zjrJexdu8$-!q&rCq|^_HJ0JQIWnUR*e#V)co{9{37m-p4(ultxLNR_Q1#t)HlqN4C
z*j8)&oWNUM<hSngbZV=@(Q0SQ8OIyIO@*c%o7DU@JeH%kBif47LrbMGpmrZAYmvbi
zeVp!~OU7W=Y=Q9EcJ1%7meiP4cjOzwBwq8!?9CWyT1A8Opc$<@T=JQ^>wn*eucpWi
zo|5k@&-7Kk1f)&(!_wk4)ZZ{@(oy7+%{;W1q5cp9;RHEdF<J7^`ix;Mw}^DhJ_FNv
z<T`RdV<^7r5uCUpX=t0s7D*4FimAr<R=p*3*s0T)hQOyR^3!}c`=6bRN5>L*wc^0#
z;n9N`zUNEIm*RCh<ew<^<<l_4z6;iZaoYd$USGuPEONNIyYF3U2qLA)gWe5So`*zq
z1g6dGa{?25jETEjW!uO>w)Y|LWW`r~eLE-=Pf<5t=gVoo`R5~o0RxNOlL#^QXBtgv
zY6q;PU*YIuNzUjf4?{L#0<klmqOAON3OQ=p3!5Oc9?<mMjYU^X>~4*ahj8Uieg4RS
zKuftDnXlK+Ey+oZ<-~=qf+N%toLV%GvwsBfprRA?ynEpF?@NDgge7-k&diK>)UU71
zd%_MC%R;kC{Gd->zm+48kTf|$ypL6|7@>lnl7Y#~MBTQtqw`xYJI-s58&s&nI7PRk
ztVc}Xq6e%vDj3(`a(g*Hf4fg^ouO~YLg5ZPtdpv859hfe!0vUmmubG=qEM9MCq|ZT
z#$IvsiFbfp4kI?5A&X$%V5Wh(ZgB;Royx<4tm5cEwVTKfE>jV9C0%+R8a5rrA1_sT
z+AcuwcAJPjp8V_|9o|3Y*?&t8NpuI`S;x)CXsNAF(-JPDQ5LrfE)Xzkm|$>errA<U
zoW2I|15dd!togsWqQCMdft{fx6gT&O>`+Dm#y>3o<%+VgGqe8Z-hZp2?CgJ7{+}rN
ze^NzTK$VmHkXfb0gIL0$Xeg)Vx3cC531}{Xq%MhQa3!VOBqZEQ0_V4W4<W<FUpl@o
z-uPx-vL3q4W(;nuj?>?!CU4Tc;H8~4+cTN;TS<ix;e_n(?Eysq9kCqS9l7}d5JpEp
zLGJgN7|#R{;o|&oTBX4d%+M)t$lmGyW-@~W^RFKYK#(W_!vUAJa{{=(0&oZBa|`D4
z6ZoS;puA;3xS@fL25si*`-7qLqrwHX?lO(_WpQWau{J{-3i$B>saL84auX2=;`jvv
z8{-g8%Tpu3<N^w=3gX0*YX;x|wA)itfb6~LQK}ExAVQEU*xLT;uyk<+(CC|Mq6x{s
zyKo|_K+Xho2xe>$7`Gi3{$!(w_ilFDt<nHITBQ>?csi|r`f(3o0105><f$PhK`{@Y
zfQ2#vM-Kqosm}dRWD!<#jGy=*ar}FVfp_=z-^jQ0=6a9?4E#WXDl2zmWC>EqQA~kr
zLpk{YW>A;f5bz-20Di;dWI#Atd*km2*bo*0jUz}t6}TXBDGFc#2(>;d1kkC?N|F0R
zCP2?`J0z}mEaIG0{R576V`306`axgZeD3AV!ciS>vp4;AYItC-;U2!hHH8fHe{+HT
zb+THY3})4;5m4WH#Kn=X{j6CLK==VDXa?aALHTt73Gh^#H+y1dADja}_YU7|L|ykT
zu0Y&?)QPbJUInWNN9ncg(BrT{{Ow&sUOj&{?sgzj!oUGSH3<R!Az)L$yzs5Xn}$E-
zU{C^@m4f$zgew!k1H67b%p_te8tb!9_C4@D^4X?s$m{9p=|q3s{PyXMkN5KcY;%7C
z$o@XwADn^&1VNDZ_1g`P7U8jm^Bc7ss38>C_vBrN-cjCf<?=ZNM*Uk8NwwFHd?A>4
z2^z5WQ|z*sA21j79)9Mh;qV9I?MLbThUUku?#E8zZ#5j8AA<U~;in%2fmmtKi5^O!
zw+`Z{%B(*zI?!{Eve0M_bR{65kPhz8N<|<5p_(9=>A~#`O&;A}d3XqQ=)bk~UrNk=
z>rZ|+8NeuDbAcWFem#Z&ncV!lKd*68rY5o8(X9j_Zza%&ft&1u_${y4LUCMAJERo7
zmAkt;6C>0F5C9xpLEH}UY_Y;X;)Db(C@^=gLhAswbQm}Rzc0?l6R7$?mV@6;eJ+B(
z)^*DnJV~H%u3wx#gZ~E9wLi_1-Nen`w!WW0ZUEcSo?HNb>|aJR%Iy_im=2ijQ!fs`
z_v-Wag3BAau<HIh_-Bo4m3CHE{KKnI;i$%E^pE=;KLH*B^=61hYqENrj*a|<NYf;;
z+w_!zL)5?`G_mgV+-J&aI9`avLzDZ~WYq7@$xw(b-cX9GO?rI|UH!k4n693sxn-~W
z9EW+T>(yD!;py$1JXv!09KNC)QftvMM(KY=h_sH^0(1E>1ePQ5KpT&zOo;E?6<6tU
z_GV<%swj%Ewo9Lzx;mM8vUkdZ`hGg#cYXDGc1pX4a}Ad+BdNX7;tRDXQ*Muz`#JOu
z2U`{4svlq<JxFd!Zo;n>?V#4*#xMd1)ZtHj$tNS_Ot0x5w`3ioHaEBtEk#IWk9e&m
zNkPsF;Qc`Q%<7D%J!pTf{u#omigS(f1ymNoE%Su~%Q)r*yT_;S)Gpe_=$RTxk}2@3
zeQ~tfU{}8GPdzuEaK)I;FI<M)L)3QI-xYV1CX7@0!kNUSlp^v$pA(2I^anwx7fc$^
zC6l$MGR>+Mqh0r8eAFV1gL?LRZj*lM058gQ)ldC2YNa>m7u~+Puf#S50c}7Zx@NHJ
zrs#dXMrQ4wG?9tCFheoVdAWc(<qrnX)^%rA#V4$WN>e+a-CG0K)BsfpC<dun>~FVw
z?heF5hqjfX6I|ZkA$_bjj8;xJx#njOP}i4#p$8O(l^-qa$I~G`0qczP44&!v2X*Gm
z*yrHF8ia6xwTgtJ2AC)+*+igD8rkAXd>V~+t;(0Drd2*{gYw4gC%B0cH^h>xyRf^J
zR>umU%AATRu=FouDcEVSSR=2R?0b})2l1}YorvL&Xx_(b1j}M(7#W`Uq-)3@9|SlI
zDc5LTF@>xsf@Xk;ao`LDA1g|DZ==iX2Q};Y&O^#?B9%B~i8s7x-0>*L_;9X#6gZ{W
zx)_<5yrnpvLntJ8ts*`aSA0FdJ1KrL#z6DPYe)$LgxE;H?5r%YWvF~wyFGz~DdB5W
zzEw<z?3j2c__*9Jif>Lxb33?H$v#67VL{bJGqPU&m|nT1J(>^PIxB66rs$5zp4GNQ
z9i6D<=kR%FZ*XpvZ$Q9(Xwv$G^vLK;kU<BGJs8?1^QY&1G8w=K5)M0%yJom7_NSB}
zO7@HSx}8aiP0?oIzmZ-wyYsTB-qu_=YGD!+E%e+QoB2D<&~o^*yOw-ji7bRgN+4@J
z5KcH|183$*KZtsSrZ;t}U$5&qUvnR2Q-f$&wx)@xr}-~%BebE0y}}T#8e-ZQSFsbC
z^alqC&l@4Wl{tMu`Oj}m&B@afd3Jd+lLyChe3+(uu{F8>v?ev<K7TT#T+-i3h5C#c
zNl~d_iPas3isC!-UZOOa)<vA{67vIM3=I$~b%dgQ{;N>iQN@$lOx=-biMMFd&UMsc
zdHlG%iOZhNRBJEV%-wuoGZK1z%E6kQT|I`l;C@KE3e^r}qT-J6rm*FD^u<lZ!(D?G
z_mVt{zoZvQI5?~p_(QJvQ)GF3^#WiX-k)l%_m`TF5EHlR^jQ@~)J^exK9=AC1u&EP
zYlhG({Umm5nN*qiu8Hc7-6Pgo@)fwH?4LFoP_u1keo&7Q4;OdN=+nY(O?r%z5<>Ru
z`PQ=13bkS~f7PRRxwYcXv%<i%?Vuvh=jP5E7P-9$RT68Ocn)P_*k8(<bs{=JYv9sV
zSo_J&=pJp)kroCFH6{^+JY!c?!)u%+^KJ)zWG{I;$8%AC^oPsGZbOLkHrd=8A=vPL
zMTxjPgz+JW3d7P+4zIguWIvK|*d2Z-OOebeJkpcfGl4OF(4&j6KTi+05}msllrCKD
zw|Q}y4|lSeasL*%3y`(jf?e1e`Tf2>$;%iHK%!ja7KM&R#<ve>&<z!_CSo6O*zu<x
z)|I6}igtdxai$QXVsp(<bDYlJd(ahOzLk-jpPN`PY)rf7^=7UdirFeMqlx-PSJW}M
z8z6iPx06X?qFFWc8(r-Ql0<{ns+E?HC#pE7a}FAj)@$M`&5zK^s2Y|f?hl*={t~I`
z@zlB%Q!rY3sTy=7Ky%Aj3tc67A*Uvs5kbEdBV%`A(3@Y{8|&irY2(=0`0=+|;9DzT
zs-k9oSKAs}d*_Ob_nT1}q;KdsH!XtOda3b-rD?(^KJdRZpt)7-3_`tOHZZ0XP(h5~
zU$D6?{t1n4gIIR6g8v(_s+5&?-CP|rmvuybYXU9}OPijCzv}>Ja0A1l)0siMG)F??
z<#gDHuh~y_`V4B`X#YzQ>RY>)KZrn2M$>7P5wO^n0=$UI6hCr!g^2L}DH)adA%w&u
zY>XI^1uw{qHo9bqQ4DOxLnZujCxMQvYq~e+hK{yjT!gg?WfVF7L$`Zck{4@A?DhiO
zf@i(+fhM``^7FEci(PMe_%3M;U`eK<g*~L*q^YeoUi?(DNW2!+dc@eClf8N@Bd(gj
zbkkrs&xA<v5R;>Ak$%NaIpxb;ZR_}0#9@5Ojeo<F_Tn2kY7jMG=k9*<CkL4(-Zb#q
zsh)1RIb4!W6NYHxI7x42SBrq*wq4hD%e}qfl~p+lKg0Mt5r67_=%Omg`=9eu3o}jr
z+w<cu+U;>&1Qcp3`l{^WOyv|93wlB^vDxM)!zsVIssO}acZn(Ro)6E3f19zANjZ8I
zw%sxkfysS;Hqir;;@g;*C6R3dSdrE!p^kir&duyftI3+leo%{`Jkn1(y@2GSs%i5A
zpi+>vc-bsD9=d4ti+E!8P<YiJ)dS#aM1aj%x~>4W6ua(lQm0BL41?#@z%v7twR#dM
zdipftzp_;c>qw;`E>JRW@YUF3xxNk&RdG~V1nqhy+7R*H?Qw$4$~+r`eo7q?mKp0j
z2`4cx?3QoOU2SbcQf~2s6g<JH49e(0-c+3GuUz=PY+px~tDbYJMUmrj?x|ZV=@Aar
z1)?36>{-92*nO}B;V9IaSWR$OQE#@!=&bo!)6D9fD7*p`wnmAbI^ksd;Cm+gIWT*M
z4f(sV=J!rSvM?F75rM#!+-unR{a%3_F%(C|)pcVr?*Y7FJ+5?~PkUtUOV(-S4Ls4b
zL^DkKGO>IpSb4X`k2{XJsnqs9Y-}d!v%%zZmndeHMV15`GF#bggPQxuH0L#9&$@Tt
z+f3+mfqh*-!3$eI1*y%d`83W%-M4rxm)u>OrYWj(Ug$3#!v2+GW;yVB9BE%4f$%;S
zEp`FV=`dx6mm9~;-&T@`9V>y)mcTJ2U3X3`1IaNpstxr}g5V)S&5fjwpTO^&Z|{mq
z$u)i_?=mtjfX!FpEx}jHGIm}NsV$%pB1j!dfkmw>ig_are$k+WQQ+~c#4#-<X;CB3
zhBazZ1J5wbU;nZBsHbj}bh|<;p-R*yesf2XVUZ0QZofTT9WA;^2Q?LKdQ?N&4aYnK
zCdr-18`!ytr4u?8&=B}<X*<+T7-z-Yy!h|UCeI!dyv;(O@|kaxMaJAN*Vk=B3!*M<
z{k>s)nA$Z5SMqAf)zx!-t4`Xl%uvYUWC1lnpx5OqWnI5!CemWWmY1HF@PV^V&b3t1
zdVL&(JmBLEXGPjxX=<E+T*$#vWCE*5oA`|Lx*5b}HxxdAey)QoQ+(I<FpWYy4kZtH
z60O|u@s^Smw#sEUJ$vcE+6nHbna@OfpqA>F(&57+cLK+iL+*_$_;VklQ#yQC7KT*A
z%54CtmPFSnx$>^O)IPpi^+%t$3SjX5A20h(f8#?fWua^caVEXFtlPJ{EFW1<!-SZf
z6H3RG%XRKojBVImc2*Ieh5o+;63GpKQ<E0tJrq*ZVw11y-nd#2j&EF=;CZsj=(abJ
zG;he=eJ^R)>=R@@%hOS(^=m`YN|R3&!y`34iOmFe)rb6@(m5sOom7`2{5I)m;l#DU
zt9!rGdHxx-QOvFoyXk5dUu4~QMyAA?wvS<}i0^jm@<YoP#bTF((7Gn=twN!zsE(oY
zuMetcSFHU-NVm-u-85z+B_{<QbCFZ$0Th;n!n`6<j0gF3>IRy81y9AKlz21eO6W59
zlZpusY835V$UMm>@I&J16b_?6>V&A{Q{t!2(K*RP^i&lzAZrO^`)+IU53bctAAn54
z#^8%>S4+7X>J`ai3hIg|faumd=YvSJLBfFGoT;Y3QszaE=Ya#ci12JFQ2~rKjSkOA
zE!c)GadIS07+ZGHuJB%BU{#;SviEdvPI^Zp7oNhmo#=c^=Emm^cRx<OFTrGGpJ7IP
z(uifqY(?NU?h&^cm<Drd#MXz<-IWeompPffH+<U<+b&Dk(k7KZGeoE!t1v9z8d`6?
zV>X*ufQWk}O`w4A+&#N;bm2*f$Bx|+<6JC9sZhzP-$P9pNCjh)21Xj>>qTz_f}sZ_
zeE*bHHwtp#x=s<|v+fu<)qb<z9*0nP?`9b{Tn>#nft#&h(VoAT=|rGh5|z$Nt;{Qm
zD|ysRI&O6av>>Md-xBUN6%aF=+5h>@Ylq0x5|@tPZwo|eyalJj+{nT`vwIqKjE92E
z&+_oA+4^yvA*`20nN#hrziXESzY3R*<7rcmQn;<>K~lx}iu9C~zPYTkJoOf{06G!B
zS(bg@b2p}7ziV<Xr)}`D_!b%a4b*?zT-~abZEv)Qyd$TICf0VzG2*n&1AA&<W8HCH
z=Ojer@H)Rm#lzNRSykIMr&yP$wMqZve@0W&vYB0NNF_r*^B-YhZ!uo_WA0?*PxL)}
z;i1AuBNMUW>BlvwU8c2CI(x;$(v3DSad`KWZ}9z~rO07_E6SQg_*CE=b-#_me@1M0
z-9Oyd^9rP<8I0n^KBuaJMQ(mvK_e-9R@z({1Q@E%IJ_)s`<w;08#RgGF`HX;&%&7z
z@GLram@|JZv;7p;`Gz6bV0-Q&o;rrS3*akFD%Rw)0_i;%Qp@TSa*#a+`_v9{2`CPL
zAHgoyEgdKg6%-)3u0iEo#h^608(MCO7OzC=uOCpmf6!(3^3r1ac*jg+ZiG3G0Lzs2
zE~vG}+`iIJ7^S(|jy)-)08YF-@}_Q`gQq$NxZlj}klWQj#V2*`id=|pKv`YR&qc<r
z{b8RiiH$%s;!N>G6?i*zwnTPA55mc8)#z!aa<OgNdb~=8(s=w=c^ub|9Y%uECVpou
zpsbDz!)}i%$n9TJf+e&$x1duwy7y7+tt5B6<o?n>TQymO8C8D7d1Yq~WFQ%+YFc0T
za8hTX8=_Mmt?`d&sS!v_V)_KOxQQcSa|M4%O02PZq0Wll#4Zhs++{-a@y43j$Iwl$
zUb;F^#i>nXu18)<Pf(0c*HShEg32MX=^@{4a_SZilj7lKZ8D5r!$q>bmF|>5uwDX5
zP^u@Q`{VQYy)lqJj&r%^t}cV#V)&00$V-|M|3xa#nQ*t0$?Ht5+~7XqO-E4JN6YEe
z(nN=L=!#6WV40b@@;$^DR*!g?vWMVvzwP<M&_17Xk|EJ;`9a%gm^c}Lc9Ri8)~gQh
z(TD_)hK?{5yc`3Namx+s6iVx&R3txmTdRo`K>tw2kzE+lA0#{9;g{(d|J4qOEWQkn
z4ns7C$hh>$tfWTRh=VK;h;*7s2x!1@VipL-z&fNEcTxzM*yRb)(JJ7SZHTmMTJS4i
zFnqNu4j*X;^yMoK!O_!H<U{<F+kGsn9;jBTa-}M3bsXyCYIM<L6KVM7()hbG^c6-a
zQ_&M@+YG++!k^aa*JTjF)%8s|))i$-$C8&nk}Gg-5MfJ+<DR&ko_5mI?-ra3-<g?C
z&e$g&WnQ|Hz0C?w*)3B6TC$FNHc8em1{!!-Z-O-am<?UrLr6=@3M*BY1Gi`Q&(6yT
z{RhIgNTn-ttb~XsR@wbTfLn1<`cr)o12;-YOV~^cPjIT8rF~gXy_I=ybQC%$`){~i
zY$uGX9eHuN3BEODnOC8+xu8j2yIT(1n$NN|8EM1rB@rcBdZ9w(T!;7n_CJ_;h^c?j
zjcqa6H~ee%Lv_qWcwSrx=4(UoJFIYYw+8!Ra^0dauu^8oor{3jDF6B{X{<jsPH#Ai
zgfv|_Z-GdW!sT0zsP5g9@KSR}%;?08<mXP#c;|AO=viu~5uL?*MU(npWJLlQij(Ff
z9Yy<A``*ba%8yF$6$hmVNKdj{b_{wlE8sk{YX%uGx0vi@s2<1e8+V)7&EEPt&?53B
z$}JbWLppQ$wY|Ohql$Cq$X5t<@7H##4}`TZqo&bH^~gTY8JQJF|8kP4N4*E=>ji%(
zjHHI=1dH*j7w}+JL9D2BPm-Ftq?XTj9$aC+a5ndCki|}8a>oAfgS9}^bvsJ>HBd$z
z$JfS1q-6}6yRn+^qbJ=9VD|=VNObV6BT5e$)X^yX94&zuY}=5j_~p1`L(iGe!#5qi
zA%`WuXcQ~#RpoM_y?a9MAror>JzhmBfV1hfHN6ww+_x@62QJUi(9S+ZX5A{P;@^$d
z9l~AHC3jfb_1%qtGf^%)d&RgW8aX+xbLKk_^Eo&^0D33$x^aIl!ipkaRcMi(py4uq
z0vc!~t}wfg;GwNNmMRH(V%+>wOj}}KY`P;851K|j)eej35_FVcSPKvwzG-Nt^jvh7
zoW@Gu=JI4b4eE%76Bk%S+a!ar+kbvy*QMC#7RQ>I4`=nbHo&=}weqRkc%&c}n2!Fm
z%EDV+-2)-FE4E6Y-`CLN{m6@s#-Vf`9PG1cKD5=4zC1^d6)H=Kd~IVii+Fn3FxL%f
zZ7com1Y;?1cAwmuBmEn%%+=XNRH$+$@I!fAXM9Z$$kM|f@Brmm6D+m-aHcjCuW6EM
zfIE{BwdjU3XiqX5Xi#=dmAISK;2(9d|8zgwNosvoJvg1BN8UJde#!EXybYg9_P#2g
zik8OsX*qx0<dKkTxg73b*!*LDFHQL%UR%5OHjJ7g{CwuRDGIV6e6%-y=%w6;7|;fT
zTGCCpI>juiuy3MhEhV<TA2XAhl~dgR+!OY%6*=Z(FG3NW?1goj)E_hE3uji3ny7zJ
z%hQokb;he$X~xHkY;%h*RgFJ!)jEjI(+RmsJyueB?VWQzY5v;QUu^!^ypa*vx46zF
zi`&TXxmSbH3XNgogCx`WWYV#vC^ncOjiBPNden#^fX>dq2e6X%&WZV?V;>{8o28(V
zGYR>mWKUkxb?%^Mtl^IYwaA+)2Yv*X`{Y<HT0ajKZUw`57<7h_dimu;f7*d*W)F3b
z!+xP%I5loG*+s5k!=X#2Uu9}~?cdu2w|(YO#~`3;_0g&s8BCEhpZBP`n!2#A-K(Sk
zWB%Ma>BnD=hZF@f-qP#Y!l)i-$hp;cVI*3{y1^TKI;te3?YEnR`S_xrMT;`Y#qpbs
z;>0*$HAj|A3{>*{bcyxpsOK47hkGq&S}G#Jtpa6`fu+}m>PouL;?#M<l7sXqvmFMl
zjmY;L-GlQ-033~onbPBi@sX*zMT8}(cTS%3E7O-7HJa4*c=l@G6F}}yMYJAr5LQfF
z*A;5w2YH8J{DQ05Tf~=(-({2;e_8(;-J98i<Azv<|58rLE6vMD{zxePQOQ1>tMg}I
z!x=?_3G(oyp>>dcLOUTxXrHKc%=*{Z@Po;pHPZ3>OHFi{M@!&_$JZpAG)$;Kr^TJX
zPrRa@4u#=Do@74=QFfj?jy#RWYAd6yK2<gG**1a+b~q}$Ep7Z4W))m>PL*vl?@5`0
zrPqsKyxtzT#HvhrlcsNVhCj46jd$%c%&??GbuZ()k7Kx~&QgCll-Qm@-Woo}T+fbN
z{rqh?o;W!?5MjXy6yFl5&I&GZq0;ze*UN@}w>{i??DOgG<ouX2EU-Dr=p<uY4vv}Z
z!3#~zp(v!jNA*=97)97pu`aB)@iden4fqF9po~VH0e}}-34wM+uJ*x-C6KMTKA>rE
z9}g?e&`FdB=z%E$`*p?=j_AAJ8Jd?G*l4F5HwMp+8|Zr>GS#8XOs?5#g)g(sRY7y6
z8|cd&p1VtlVtGk58tvMcJ!P9;7_*i5WQ<Y-G%5i}U;lQws`>Ip&?<rrOd=Sx{f3>;
zWQX5+9r%u;>WH5t>yuIlzo}^Lc&>n`r|lzKX%xIknZ+}#Y`=MYK&0ukhXH9bA16ti
zTT{G{Vt;rSz=9`-V5l53lY+B{HgW6^AVR)u^RV&i3MON~fRhV5aTAr}z|Xw-1QUHG
z3$=LgqcCm!0YZm=ETHFN_C;NJeW`e&Rj7_cQm9EUy2}>y{@ZJ3oh9Y4BOQf@igKQ(
z_53Y4?y4t1PdiG-iJCmLCWzc%;gg$K?%q`*T(lSb?<MF^A(e#uV6B~#8SaVh61`lK
zqo4zBX(+i2-M|H>@~RKM8-l-AkVS<YTgK9G_03)Rohk=H;N#SQseyWUesj9hszsRR
zkINM1UzHh%BYS+!p-`jabU1$t`Z~Y;USXdhy+y#GQ<i!e=b$F05^I@xpU5a^@_C15
zA|bu^MY&FL)*K1d7*_x6-d0<*)MBUa_YD6hiB$I0Kllc5y3FBX6?ZIPNbL#EBg`Ov
zDhzR{2)xVoBZ^#)(4O&%ofb=UWot4Jtin0=Mp3G*GMInLcACzQmKQP;%@m<>93U8Z
zAayoM2qVGTyY`H7|M~x@&whLc^{p(b6c!hd>IC_~)h#Z6R{G)yp})z6k7>ugD6+J9
zdVi>|30q1m7O%~9Q9?xWTZ>>(M2xkbsTO_G{-{jl&TA<mik%oeY3203*jQU$pGi+L
z(v?wxV$h)@T9eHg+2GHPk7+F2GONGeSvVaoII~TW{FYc0GOVNrL4p1y@j{P^#`x<%
zT~KE@fv8~?QDK)+VdlN<PV>0Oc%{<A*Tz|S=Izd4xT2B%X7ygXPGZ??_D+B-O0N0P
zUFbXgWCM)1OWYmz(){m6)O<2DSk{3|Gt)jv?G%=)Eq{{9wP7^ODHKEcQ>lcch!nf0
zxw1$x<EFlkw_0ioeIH)CI|=~(LSj+mb4!Iem-Fhv-uLKHM*(;^zzFW`U#bzJXzy|h
z80-he0xNwGYPmG}ndz{9Y)r7Sf(ZyY5xZ_Jktn*}OS|!!RwgR+zhzF7%hf6j9t&AZ
zub#eiwdsAgG89S*0rvV;HmNp^ur7*DUCa0hsC{;l{-+tG2blp>!-Zra8M_utsl{L~
zRT3jMoV(K^C?Fk-2?pBL!lGFnVEo|MtP<4SIm@@ujLVxZMYk@qsvwuN)JV?;VxS4T
z`$8O<)NP{lh6d8z82K|n)UNs3N(GUYw{>>=-u1_tyA_RLQ{q6M#-*mhbIn*`nu-_o
z^WXF_VX;c)uhhb3D+%Pxb8H@#g*7qj60TTH@(L~!SJwOCi45C32B;M2NQz#Zm&+vW
zZZp1QV%vj$J|@`jS<5`8xONYZ+JArA=!H?vhcI_3Q)I$01WB-pDXbWL`LVlgWpL`d
znmfu@=?T$^3Qs%wEh=meojlv8E-X0}rB+i^#OJ8y-YqH$w&wL!{oHGg!V<@ZYQb@6
zUpb9i-L9S$uZDsxziZX9=`c4Jp7cleoI8U9!dLV!)Dc{?&5xgmG#y>ioF<ZAg|l*m
zigYJVknZ+MtHGag%H}le{pet}8qr9~s6!l}kr&zu?cu2hw?&f}9`>>`W9?Q$^T7U*
zqa}JH-Yzvgx#t$xc)UD!qtw1PvDkAa?0y(UK(<kBomZR&ZsLO)pzhQQ$yCXClTTXQ
zpz6SCbbV<-k5UdWBo^^xk1|ll>qD~(BQ=m+z&B<M!A<rn!Qt@2moWTW$R^R9l`a*3
zXp@cRwnKS#?8Z78?d#y9&-D}LXDK<jp;=xvuA$48kkiA%sTF*4cXyNDwc)u)qWX?R
z0-f$hVVrL>TBiHc`H@0Y&c+v^`<~4<k6kpe#=Q<*3nS*Hh$EiV;G-}>n5q=_@qY9$
zkPl$_M2z(~t4-jryG;yq=PVaVGd4L$p$-qpFRaiJ{P3r|l2Nb2P@A+@Na15YT<4JN
zF|9c|-jBct=no(?y~f-^M}bzwBX5UT*1GyNiYpP=gXIaZP94a2LwW(_ai5Nj5-!pa
z{1}=&&%?QGw?eqQFZ!WS1uxqK+?I|l;@3Y*$!kBH7oZ^4{lv8716%1~;@=@;)*U*x
z=Si}*E_%@?kPox}nUFMPeyAKwhEyxfg;3F@Rkk{;k}^tg6^QcE6scEH0nFibd?pf}
z%@xI!MyrI&<Ax5GKQFGzdre4+haRbp54dxe$Jk*)NpYAlR5+^oL8+b`EqbX9Zp<5d
z95awSFvr!lA2vrCd^;s61T#%_TPC+JT{$;Jy)GI*8LtgMHMS46Sie9#b(UFw`|Z;A
z6@^^nT#^XGDP`9aN!<p~1vP0{(k%VnnNKj@U&7x2l#*Kh5G3h7&7u^(5)3n{gK$0A
zZ+WW9{W4g>jK#2Q_CxORJ5L<cQ?mfSr6_76{}FpS*t)f{C^?VQM21S{M<%qAM=xf)
zkeV$nI%~k|k;A01ld^K(F)fW~eqKM)kp{e~Q82XKS(vb2k>Ea`ES&$e`yLMH*mFjs
zk6Iw_^L+pjaOoe@=?}oV61U0!M#KF1UuYO61~%sZ@GndR>}+i8|2g|_8is>|`Tysp
z|6hXBlYeO#EA-N{YcNo-xamBhvuoQpKrjr;@VpLekTX&KB5V)~5RgKWLLtF+l(_EG
zyUc=<9;>Ym)2cL&mxhNeFF$;q=ytS@VA4e#8fcf`I$)00U_eDGrgwfi0CaSCaCCGw
zFrF?}5L5VXtr&qCXjg|2e%uhhg*ZpRApI963xrEu1<-Q{dFKXj01p6uUxQqK26S})
zj7X_dJCV{z27atVxH^zhdjOQY7=1MuPs-B76zIWqFjxGOn;rl%Xj1@radH2v5)S@;
zz)PSy01hB!eg^E?0Uu%LI39jzOF+PZ&Tsp^$5k*eC#2)U$J^Uo0FG8iew|8@v^4-c
zgj865<Vz@52XHMQ-y|4$P!4~;<lz7T_}S)w)^E_pTvZ16IA{!e`r0sce_Wj#nN1wp
zK05!8Qvg~}6aRGN)jN8VqaKu1fF3$<fJ1=qgX@$hcrk>LoM8fJ=+YqM(K+aSbJ*Iz
z)gVC2`f(fvISg!oL-RKwMB^K%t`_jNAcALt2d|KvvLJwZBrJg0-@)#=Q<HrFd!IIk
zHsLd$<>BYv@prlj4sB5`9Gt#bD)n&eXCWb-e&mPO%l_w*HkVjwSi#H=IdynJ(NZiE
z%~mG6%P$jTs}Fjn$N54O<!7?2kKrFH6|Uu<gAd>e=FdZG&F%*>`|Jqx6Woix|AF=C
zotY~OQ1QXk>x)4Bo0uLNOFfDU<KNaA@a63b?w8Hr&+kt<2n5Cet|f%S`2FNd52p3y
z(tXndJ&3G7=)&jA53mwD!}lY7O+JZqZhrGr^FD*-WQmPoPC?o5P4$LPK?(T;@>=Wk
z0JPc`^4bQ#ugk0J?+?J%dm|@yPB2;{?8~fb-xvrK{5}5io&P<(_O*h*@U@O$+MCm@
zocB@y4aV@rbvCT+t&R4g*ZXth@ndoChy8%B`<;{cy%S};b$R9ISlom19TtQ`@T}Xz
zaxJz3>)HcGHTz*=|5;Ox_gb^10;napiSsRms-OGe5@+Ao{BuG?SY3}GS6jphVruZP
zGWbcl@>XZ{j38Faxrlmya0a9g?&$Cpwnd*Bvh{^L_~c9DM|Au3{fVhKJO^a?W;ECO
z_6kUVjvj|T?2~aL=M8|r`z5Lw$m0jc<exZz2-U#`xS4VSUK`l1|9MJDkM6&)32F@3
z46fBjLb$xlcPrOF^@Gj$69n-|#MkiwzJKryy%u1=H>LlBw9Pl_qxyr8?Ki3i=f}MN
zf&66(dWZyKujx<tvSR#2{o;pw_yznGPk8J5_#MjU^KDCUOV0GOMZWV>yOXu8_b-_T
z<@|m}+5H>%o3yhhfDg#w2hul|=ob1*ZlC*yw5RFN?Ou!^`zLN^bL(W+`N!4%GpDl6
z7r2KD80s6+_hINE^3%?;cV`TLJNR43SLmhe*M~KD$=H2w=;0f~=Q7wkcC>@~c-w4O
z`}p{LkO2Yn3Z!K)Ey+V8%4=@QtJ<j`#dEK<i{ehp-I<j#Gkr;Ov2f}b6p%5f9*5I)
z<wz9AJRR0jPc+~}%_-=<TeGPai#GSDzIz^jdAG<vejV0|N@Gmup3B#XXxEi|47*(4
z&*)~G?rs-w4WGKj{rmVfZ5zmbP7l%J)tUHEc|n`?gTULBSEn&l6YQb$9?v67zRZ5Q
zMB)?RF^z&r3l)`x6dkfVitKj(XdOsk_ZXwe7>_z&M;}wNI$|Hf^=&xrRi~Y?(Uka!
z*hYv+x=+~`<^YC2R;4U5FUMOGnF2*_v0s&WeK;63-58|rYP%NYO=78j4zN2`izrrf
z=x;opO_D_If$<SUhjJw@OHz6}NNo4gXVI4Qw+QK6XwV+a2-pUn^Tp9R43MAtFH8=9
zWaf_}Aet3Jtb(0`dNDtZoE=;QLr{igK*S+uI}rwcgZbg|S9wOnt`kY1KT#%7OeGe1
zeHLK@O21S`?#Z?ZCJoTgyX`ez+D)yI-c+bxi)m^M<w_ebfnjp>Y$C<Ajz)H6!Fq}I
zO^)Ks9SUV3o5NTiI=yCqSXboC0DYX0Oqn+1=FV+PyYeCI7HVeOt%KY@mAB`8uilp#
znMRH8BfYppS8k@Q3BDIO(M=>^Y*)LTE2`c;0}hJw4Tand!XacCo0ogQh$5#0qLk71
zsL;n;*=MU_>5nj?L42M-HT;XM(lh$qydE+KD3(!>;QYx%ca%pzO;o=a^LW+%Qhx64
z9Pc%O+x`m5(&7}4u}PUc1U(`XoF%Mwu~^UZ)b@COF+Z8%%1T|8F&U({;m@T79;QSV
zF`eeI38(%rLYrpM#KHTfM3;60Dv9Rfz@Y(4K<4jSC84os>Eau$xFy31>*wWMFk%<y
zHlpL|-?b(#+Yo2C%H1la#f}M1aYHhEA7dh4+7DatmNx~Sy6o9A>3KgMno0F5NCR#f
zOK!tJAe)AJap5gUWe&kk;qMfycAnGHoweI@8}ds(>ams0m7oRMcnj3HuSfJWd<9=m
zHrvZ5iKnmVS?Iyab7g{omb>vwMAsO~lI}3Oa%))`uVIP!v4=FM@%K`<LSV4P`RNp<
zt8tG47Ws8()N$?Thtbp(d%Q8uI<If>b^>P+xS=A;Kt9nj>*SS^x?}FKkTaoJG}8Id
z^hn=+VTRZqhjj2_?8z?iK|S7UeJJyXOxX*p2!aE1(xSRz5hs_rHvK{s<?iYttL>BZ
zXm$W<^(t}Gc^rk4S)E`R?n;mM?Gt5lZcO97W9-3EdFT1|9|yHa1TNhuMiPu@Eaf64
z_EO_uHZ;v!jMj5Vr5a&p$yd+FO~d8|u(DMlL(LOBMG>;Fmu4zo2SrrsInGpbl7ATX
zjP55XXbgn8oHLsfa9k#IOtgs#`b;|Fij4g_VBXeV4HY&|>!m&|2Yqob`^|FSK*iA6
zi!5#?VSQ?mGm2dzU!y}^N6M%W=&IOkh3MBpF{ta{%j*ft4aKUod6vQ=o=2$$?pNHB
zk;{7L1h!&Y%rkxY@Y8h483Wlql5eu|-wE%VZ-4AXBaO`8L9GO-S3XMpM=DNgq_Ox~
zPgG^Oa<Q`UQBL6XO;i;0cq|qcnizXcW;>tCa`)g;^~|>nH&tBrN^nXg7-A<{s6DX+
zS=E@jLz{Jcq!Pr|H3S(u+b32j@g(3biFJ=GZu>YC6*RrkULP;d&n~$*X7gRcK=L_0
z^&fu|->f8Zp7MdLC(fc-QEZ1A7RO!YsQvwqK{OY`72EhPsTAK!g3Zhim<x5*-HC20
zTAr!Yqup~Pd`$wpQs)DXCokxU;`GR2cZFaUkcDPB{U&ZB$d8_0=j-C{hrdPE*5WA(
z<Sv^y8?M7Ve}E*KX$VsCAd8+=Hj_};5Y-POUW0oR4opz_Lg_uW&rp_tGGKh=eFsb!
zE_Suv%WLEuNb1BiK~hs02Wox`@{(Vf6Kb+LyjW~wAg<6uB&g@~;8Hnm<UDZ&@4I<b
zsIA42R>|Hg^Mx1s)TR#Gg-oB^<wK#bsyas!_Nq%=zAD@X?kR>yu=p*PFbLCO5e200
z+KyoMdgmNNai2lR&JgITiwjo7R9zL5N`*xQJd(?xvk&VcqvW^;Iv#-z<s=yhzcH%W
zYw{t(?Z$bC==S%aE*Af;1G%_S5f2b(B>vqSr#41Td6b|$<W<s*JcFpWKU`_-$4F-8
zF9_Ml9>CEiwjQxqVX(h0hwOL+6FZmiYzB?mvnW@-DcEen0YyGbd+e@P97c!Ciy#g&
zn|DOiq_|<h^MP>=^podAT@M)ldA*)^vGiLc);zm{yC~Bpn1h0JMv6#OxwSHxEk6wu
zkkw)U3h`yNIyzmIbs1V4seLYerZb?PXY%n*t`6bJ4AdtJRQqN?@taw7)7qiYZTOcy
zrbSZSfjnp05JNa`tywcfthjy<A2GXO6U}0@06JpYelwR3-jkQ3MtLThAikdir}hL1
z;U%||V2C6}=A&XoR!>=8yP?^lvD#v=C7!55Pz1V`ekKv78U3V{D7ul@1}Wrm-=#?D
z5`(7a&B+9IM40FtL2$#!s~1sEg{(I<ZlCj}jpt+Ku4EEfMx|keq$uq?xc3C+SU$4g
z6f%8+jQR16NQ;v<8gwNGwnAodXZps1uv<6dViRp(-b7q|qt<#auS3iFLiHW8J%jT_
z5GK}b^(fqse}K<-!)ygE?&2+x)mT6)eV9k48MOSj!Tj9YFf!*jR@?8>Kc*!EeTrsT
zsr}{@ms?rg6pK~vr~qkPjvOZ*O*hSA|IUQ+g+)p-pM@=CZn<!GY$+MZj^v(g92heq
zn_T1%ala6iWnyl3Y-Rg9u&5RN)EXKkE`I~f)SR)zz^9-^=-d)nkcgcYv5<GgWGR@~
zP`J3E{`E+`7CpDAsCH}G$1p`%L1{6^%GwIT(x%lbg4bQgU>A_2VPFUV8LhLC+ilM9
zj-GeO%Om_t09T;^{%`StyETLxRP>2|+KZHClRS<EOZDpsoNG^M@sD~n=9yI#DWrm-
zLJ{BnPSGIcgU5S(pEv8u_|e^f3wrRb7(Bmf`b_pqPe*0eK)C2H355WpuRpIa(qr*`
z%w$^Af-OG3o<AZI<4ugD?vt!VPKIA1xqjF%-_sLe{y<P8M`#l;ji>0>dZhA_>5O(Y
zmj%6df8dGXp~@nRkGGiE!zUTspY`%uO!o(JlP?DohaD$5w-%2zMyLKhf}PcM03^gQ
zrm{T}R^j=g&A!RIPkO$w3$WR`yi>IoknwQuL-_CM@0<~ZgD9xUjxCRt+|lKB`@>#=
z*E7^!lfU4}E&BAmvF1*w=>#kSn=XWwYkP6lKSRYai0?`bR<(_q*utorgk1cLVOS5|
zTl9JevZd?RMQp_btNg^q{BA90Cf1Z%D5J2bO|}UTSB9*N#TQCxh4NtSI(%To?(*Wa
zLg<YW(E)y0!i4CY+~|K8dxzLwxHoLKwr$(CZQHi(Uv1m%u6AwPZg*|lHqV=L@+IHk
zKRCmcHCf4;Jjs1O*F_teFQ2qz<y14Giu~5#+*>GLJFkn?#OXLfGf7&%K!!PujYhT_
zhfcbp!HhBQz0vX~7h|p~!rB%j55B3)?|v5i*yxE=HtF^?UPJdu?$WH9D2We>HYH;j
zW<MzI4;voFR+71rs}1Zb^7YS&E?wIoo@}d_=5xoY#`Fs00rCKpi;c|AUuvwN%bdKK
zGaW{`gk(iQiUws{1#SLK+wQb;j@im?+Q5Fz#m<bg68I=6M?4&BJX-}js2RTIkS06C
zzPmFyY_@lhd!k&5U%ES_@*NLVQOm4a8}3!6C29=@Bt0$q^Bj+!6dx{bq^o(F{gW4i
zCCM($4Y9&w2hY867x#as@8aMak`L_sSohMA(Wu5=0%i=6QT2Pd%b9U#n-g<l^%cdZ
z;;vy4Vc)9Q(LGt0vz(+sE>LcW3<B~BOK$F*C|7D`0?f=vL`D<w1s>4z?cj4~)^u{A
zolp7c`PxHuT9r`B?h0Hg_1)@q;7e_Sv6ABkQ5=RR(Da+>cK2d~;D^R}QK0PhOLj?p
z5lMw%`d9^j5oLX}z4l6cQ;znY;5R_-`r+YGQ6CD1^Pe41mx}+Ml@z|Ca@zwEp#vhj
zT7Hr<i?<jG4fnl|qrvN*56`dLN-iIhdFe63yGHS$l84pIjr}+VxEbR1+mBen-v11z
zmxcBaly1*MH6?~qK=#8TFR41vvFJ4H;KQLd{beU34+mmV6LzQZI=oJDBsgE67Df~e
zJqvrdm+rIB4!607luN!Gi+T?mYpgw{LB#6Tz+-<#fi!?~*jEDe$g=Zuv!SjX>u)(i
zF#oh`%uT;MPn}OmZGHejGudv{TJH=Pu&mg^%6Y-Ed44&OYlH|Ma(T;`V*l)3#_L%#
zqQ_%v*GXATu(e5voF4HPfJ2j38gjJ~H$l{j8WrLFmkRp{^R~$KAL@|o^$DeNLNl0L
zBZegLqc3i5A9|C(&S(kN2*dM%b5DRx>lTl7+3l}e#V&?uEv5RmK+UJJvEK^r+TFt9
ze<Q4kui1sedY|8;Z><Ufdm}EL^d-amG?SUQ!eXop??|?#VsDHm`zh)nmzFf@X0;pf
zI738Bg<X`NJ2c|%if4<q5pd^&hJiZ%NEXorc5l%$7R>Ef;P-W!NCE7|8Y5Jt)mV8<
zbc8D_-sYHL5^`Tntn!p_+-x`0wk--bnoF~ecEL03KJsS#*%Ga8qXY+En~SUiK25;s
zZK1M~srd3Cjb}BBiNI)gv2}mXheGp0%qGhP^g>P|@<SU>JN1|p_}=$+)@6zX*MO6A
z`WT%F{ACW?U+8~aFWnDvOZErS>VL;3M}tBMb3uI(IQ8M6Y7lLz)DJG%KLuS!_mHmK
zjQxBo1({eIe_H)lN8*%C)+gZQ#(BhyEdpsS@DS#B=QC`N+xTMn965(&2XDA2sE2?}
zEgg|0w*G)q77!R(*m42@%=LgbHj?Vi6}E7H*WCH>hVl6rt(kfyE&Fc|6*)?Q4z|7J
zCJzEfWNpkj8)||D+CIx%#fGLe&C!xatUoPmh|4SNSf&vFab;$Q7aL?OxUAgx#uUDs
z2eMlg-ST76WO*G|sCx7iOvc?&H+n^IJZ5o{0_eKotjePY4AnUt5BIG3dtsqkwED!$
z3Le?0Khem8)wJiI5s)t<o9#iHcQb3x(eoqt9l0p^&{s_huyzA1aNPFaCU6lWEFu?=
zbtqrR2bZQm4NeSjTgu4L)zGIrhrDKTq=DNOwYr3M7JU@HtI8=fmDsT{uYr@r)*ZY>
zf2r5VO<R~J1PGK>&^dW_$rYI_{Tep*V)|k-lw#%O>ek}JX6zhjX3VKtz#)==7c$nE
zTC}=b-(_P+f)~LBEw?-bj=G!G4o9cd$}sAvagsxGGRg`pJ(06g4cSdV-n}gBw@JJE
z*2MsRTrKp?+o^ikJy|b8M%i<BYLk0#-~pty4E66JI;%1jOt|u@3vmd_nM<VU+_<D2
zg$_PmJMHu>caGO?)#3*KRNt+~#Ms%_@59a^p3=^F;as8&`EV2C8|kWySan1?80xBH
z6aD}6q!^;1S@V}TBJ*i1&Qs`#A)sF*NHM=~L)CC~+P3`h#N;s#O)6x#P?APLU&XY2
zDq{-Oo7~}kR>1hD*a&?wVs}->o_{^bkuZ4zUMhHNwn~*eZ;PLjUhzzD>N-<;I46+=
zabWEd#vqZg3T4Qz^JEI|Y`k7OCyOvX!y}5ISGmM|JI=w8<b8b;eX&VeW(QeAAFWwM
zm)#xqG&L$N?pp@O3N7Ics>v8hFY3bp&aX7j?Lrkl4Qky~b)GgSN9<?JFQTu~drFZS
zZMcFg<qex_)Y>!8AEh#JeoLAhViL~0qpl=3sT|T)#KC0^tR^MwMk#hSb-+esf_~xj
zh?<2{dl+3y7n)GcW1>D9sO}n46xF&N=^B<u5;4%MiVz&Ys`!Aqf<3r*x-}a<DAj7q
z&e&$`Lt|#YEK^G2AFS@rNZ#0>_llKU7x!njPWQmwK8YRZDN%-?tB|Z+GXAfj;sjQd
zPyX=aT*H&m+4+S@%Q0<rxh>R9GI)S)moQqM9(16Q{C#p3Z=vTQCbv*62nP$~<{0<V
zjLma<_!xFaU%0Ei0%Lz%yP@}*Yi6M773*j)=nFL?2DPs>4gA7FcT<^lgoB7##x+|6
zE6!gDjx`#VnJbNR(*^XcY2nrQ(Y9<?WCyeKBiZq_p}~6ahO!I(kPMys3{CJ{pN|(Z
zn@wo0GzxuzI{N}+w-v3@QZa!zmk0TsHE)yh^yPnU<2pX3t+Wa8^MeuB1zG$G=)^|W
zAuj}fOgpE=JPEV}*|9q_X1+lHa@p2m|H>m$peQ2#KuTHI^zS^*{!{&kS7XO-TMjdv
zG?hXXrT(Bdcvqip+@VB@zoJc=G)lnKlfA^ich^ltsaT$X9q=83oqWR(b~G0vv0c_m
z(6?xoOLAgKlwras6SlK(|A$nxv;Q{&79IPR-6I3V!9rP%<cM>O&lwTRSkQPYJ$<B!
z17M=~^CNS;PtiG6*d{e-TKb*wQHEvu!&QKd0(Zp7^+~9bHoqmY`_eHHf0I`0J_H!4
zfoCcrxG^79i^NTnGm=a+VoG>Ta=SiSlQ7U)h&eldN&2V#aPTr_o5$m&&b-mm&+Nbd
zRNZrr@MD+y_}+En<{&e!>QT7Vptfp|P%Rhh+qWwvN=QY-{8AVN5XvwzJB7<Lt1{?U
zMAT??{-jap-``xXu8VhjQjwUOO87wntTsAA!fPuB6Q!`T{!$osNlJ1fJND$aG!Bx)
zhDZxl5{*gwxFzXP8~&+~_cr}+dS`^uz4zFMB*x3X_MKNkZItAyjQ3VqMCgs3j5SQn
z$}`2<=Rn%*rSos<|EFKLx9G(i11Bl7Vsxo`K|a(WODS;Eml=Ub4%MeZA`B$U2UL3m
zAh(^3EKit-39Sg6y^dhof1<xxLmcj;8^4Bf(pY|H)d2;YDZiEQ9>8&W>bTw2L#xi2
ziS4<*T}D5gTUg^2uqlZr3ia*D(xbOcdSB!5lXSjt4P(ffdJVl#px`)lt(vMg*L2VS
zPt{k2tM@ZVo)6~r61Tu{b?d&QXU`gfEDO?IGucKHVNH7^grS^HWZePLE9A}hodD-w
z>xeSJx6_0NP^6W*Ake||u5Y@TR6~~h%fP*fP#;t|a8`_ty7N-_n%EIHl($dk3}r|N
zkd4dz56jwX3RGv`uF|0~f%a^F7bs9tZ?;u=Yt}*8gtnPgc%L^QZFuiE8kOej@KF6W
zy~r7-KH=xT4K&|#Io;QEo#Umy{6(YP!xSpByh!y3_vlnTe6I`C`|+2Xh&+$rBGcD7
zJ#<e65)f4S`pC&W`8mea0qQF7e2It15ue)%#&g;BAEvLN&9rf_DGxGIvYT_zAvC%3
z^q?@p2Dc*bTEk&*V~wI$@rmhU{oll5g=L!uXZ3kujzt)^jV!98IBWvp2j-T8@;(w8
zADbA{g6o474RQ6u;jG}UeL?MeE`LG4oitw&!L}WgtxM0uro4_;IWPMqI*Du4rACx_
zab2svbgrVV)&h3~fSSZ;!N|UH`*siFOCV~DY$R#TP+2o%jlEGYd`;4Q)|ZUYxamVc
z+N#irHAPo14vyWmy57z+Re&z&v9y<*)j3_+DauddB1K6zN&hn-LnjFmQA*R$KC%Uu
zTMlolauad3#r8w%!Vk|iIn7d)ek2XUx`B6s+BX_c2PC@@$Kc=0E5*!-^-GKm_o8nv
z9Bis2E)?FiiKaxn*E{_x2i``u^Ay*U)Y>Mv*|Yu&{-9Wa>36`N*b~*VV42#i1+U*U
zVR>_hqK#<GrV1<MGtEFozVhsXzK6-MZRQDuziZvlRkluA3paQ5>%)p%_>=NS8y>?i
zA}(-R3#on9c$<%X_;*}5rDyC6zJEEhP7ejf6sj5`cD>9y^8biX`Fw9&>O$>K-9Q(q
zbWe2Fjk}j>SSEwjPWF2C$g(4zQtHDm9|aNWjnTqCv&`5PjH*{F)liwK%4=i{DypAB
zn@<r9Z^suZK8JMG!YzvRnG8r1hFn&(rC6elNO|Za)sz?FG?w*J<&&^E;w>HYI+9zg
zBiSsmxc7z%NYZhKw8O}bpIW@zZBh~Rsy)TKSUHj_Qs7HwX3*T=`}Y<y1^0GSZFcDc
zA;&BqV84BlFrKRoYDOB3A|bywcy!_0tE%$zA9{f%l^8l6hnDRN4?;s|VTbfZ$)BW)
zM4|{g*Ub=|983{lv$3o$l*e`J;RufygRl`Bu{3Qn-UGyInYMzlH#2Z9(|a+gH2$so
z`%~x2@TZog+)f2{jVYVbDO9lS@CfPwR=3pQIaHwW?fyVb#2FqW^1h69QF*=n$U`~u
zb_1J7GrRRINcwL4RR#f{Pgh_EqLbH@J>4*rB+pZJemSvw+UlkA94OpQ$>>`WpqlD$
zdZhzrZV+7T+3w>;m0;1*(aw^7yRm5V0#>EyrVMFni;y3@L8js>Ua3jMF;r1Iw~LC6
z5hKQ1bQ8ivO!+xpD#CC!1wFKh+c1+Fn1}Jry*mWkj^aEj>a6+G=Bx8ZHH%88@xAt4
z7s?HIMFC1tZvC9H^TnvY2LHq&w-h5!_cL+wHiD&qWx5DHUtq;J<{)|BclxtN4t<7s
zo-$T1is!<%{TS6%7XFRCOOg`m*^8Bugs_G+ug*jeE<%y-_9@TOYu+hn1=Ufl@txeX
z;FkC8vbYE*h9XqKTz19@I<Ydl0Gyq3@Osnl_4PcZYhnZ^vp>aEFMi9KrE;lTS^p`5
zw%vwbEhyBQiV<z*Eb0i<o_qy4r&M5w!c?$*hSnZEU!Z5ucNeH`4T5cvB8EMIYTHNT
z+)f#;#k&^b5S{lQ->^JDU_%A0rN|3?sZnuz^A<~vhfiJK7r!Z~ywwUrTz~?DjfmSO
zZ!ObKuuifLovn35F(qiFB6U;0E+5a(Eze~PMcDO>N`AFU#z@rVBfRJjLzW)F*!fw}
zpKjWu-Tyw-`gd|Zhi&Ms>yv2m1)?N7-k#|3o*CbCp0ZG<sue>6I@-xn`usHUa(L)|
zlnHWiisd~$UWGDf@$WdUi%A}ucRAPd1fLY=Kqb6xsdnNXc5_e;B`aJ7?j~P`lzrti
zZ8!cu@ovxaPFE&%Pf`wN(D=>Z*2$pWX)f^<>ZXY5|8PPeUs&1{!zZ?BKhhAAYN+EZ
zC!Y9)JRR{2A3<c{@N2A;E;Un*cA+QdzT)I?`N94N>|)pWonwdlc(yswvjg`h%{#d;
zVuYiSFJN$RRF!k9o%lY@U<y!Q#+>%^z&t9CLl`;^nS?O{(uKB+$*=hdSS6b=GHJ}1
zZFf;=Fsr-WAvy3X2No@v>Uibo-V>A`)fmPGHHgOps1!4d8V5Wq+Ka(GyPH?xUOO+1
z2sM&*?$&8h&Qy9muZt<VML<vf#%#zVC6C+fUUSp^?FX2&Cdt)HVPcY4{~*TPo!(=K
zZr`Y|sPwb)O`Emc{u*R|4(Li=jnnN+d!|X9l$S=3dkM}J$gCK@wIB54uQ4}n;BOsL
zPyupoDE{q{qQiTsQ*dxWx4t;>A3JF_xwp1);b}Qf)YN`@HAa&0?spa-yUNI=?UFz?
zTCvClp60r4Gbm;>vM4)d+j_7Lh90e1#F}DJe%Fh-=J}bS1bd29WfD>~nm)=+k7lu!
z;Lg-=(r~RYJ_uor9Z^vecru5uNrXWoSWJEU{N=pZ0ZXs-`&oz_zlFp~u|(sTjaafX
zOY2sGLz=Xmo|5h;gpV|pubyqA6sStM#Y40W-Cr>vRHYh^7eN-lufG@{@vMC(BCb`A
zQ!Zdc#5Zw3e-NN)BtsKK+`PB+AJ)tnIC6Bl4zQYeqCTXj6+YH_BMPQvz$D;m381;R
zx~bh)Z~2UWM}B=6OyipnV8<z1tfkCWq1pvf91VtOAat7VAU{tjyj!%t#(5FWTRpB4
zV5cgUKdFBnU+h5lK%rBI#vljfKSf)PU989oUqgLiJ^0JmaI(o4IG?EfwLLEd=m`w4
z2TxE**O)eFZolAtrYrRU`3KJfuSTbJ;ME*JTEe<7{bxnrneq7mL(Z<@x)cX>QBobT
z_`9TY?!cD!>``mKrVh8|%5Tfs8M0Li1;wI{9P|kvY(;s=T<_69jRQDm41BmV18Xin
z)Tp-3$Ao+N?ohI;%F+kXl~QAm4!FdZjh(7lYwFf3k<H|t!!5c@0YS&Bl+#hGY>k#F
zRdtE$u=%3)t{_y($CeuNj($xCLbEh%pne1!>kX%M1=&R2HZ2!YcqMQ@yIrm>Xx0m+
zqy^jn7QcV7`UK8EO`U6}SlkF)T7{F|eImD%2rNm;dld0^c%0Tuc`f;(hpN~n)w%8N
z0T<)D-hGRLxw01y^vnxrwJg9H`qaGD$Y5{b)oH*6ZPiY(X8KN+@xNpkaVI_@{Dr^|
z;6ZgclX$759$P)qH$+?=qJE_jT*JoGwuV6cHl7m~n(|DY+sUbHh!)cemPO{Yrz)=J
zisZ}f(ymdJEZ~cB7Yb=|HLYII1r@_&tN;<l?}x`3znTUWAw7?5;s==k%i4!WAdo9N
zZkmCT$HEfllGs69lNH?5-u>?6i8gd!9+twF>ZaizQytoKHu~jynt@2X4*Y1o6LafJ
z+V??sdd)^0b$sI|PGSicSY+}94Ks2^YR{Z)*FA$nPV=-zbtgaZRK?2fq$R&vxhB#z
z@jwGj$mC7P94bUvLXGZ73(%FX5^5X%gt5xQF#r&8sT`7GS%$q%uo>!U@j_&wxV5J*
zM)p2y3r;?^#1v<W$|fZ$V(s7$qOi4DP&<uzIveo$d~!Fnm!|1?RMUjXeWz$L4K{WJ
zstb~n1twh+#d;#-yg7hY=sp`aQ{O6h54oN$182U_sP_z9qc~$sepV`{S+%`R!Mi6N
zP+*R*lD5s0Z%E_?4kG%|+8gY`EXnk_H4_|z9vrCkYAA59Kt-yQ@RF;?Ag0N3(w73%
z<8XsirxRA%-fPuw%9bxXeZ5_H#|jkh2=bNfB7cD30JKGdQ1jc+gi}8%M^tMZUX>5?
z(Pi}trd%>ynUv5;u@#-gFosIi6yZ$^>TXZ$ml24lSNg*l0$E^x6H1uE)qF$5A=MN6
zlerCP(gpfV8dabY58EET^p>!RK;aaWB~^v}l1c)L%wEiOeK5{T<PBMARDCfAS{jTm
z7<R<yrwW>79_VYBfl0Q(Y_#0KkgabY)B|9i&N&uzny!M=c=`nJRU7D|6!`dO$NMSX
zX;oE?5{kst75~l_o<mH5a%%l1p_1B@v9E%>EsSTJy1}DzBY<WNiVKt7&PJyerzXU&
z78<-i%<4G)4I2<7$7jW&S}uDsS5ktPl5e})=SEcL7@Z(x<od^amPw}$WjZdOCo+HM
zry6f=Fh2Bp;~AJ?kapd@cmdBT-;K4$Uir`IKLc1e0jCru8dB<eUf}lN;M)vFVA%f1
ze@f9@chyWqi7Y`0pQdSgy5ZX#CyR-7o#TkGahPtd!y%u0Nr#Rrm=yw)P7wDqSHe{y
zPFKlyyU6PImFEIxwhmxB;QIV4Sn|j!_XZuT^UDYYnAYQBnm=!Lt8Uq#ORT;0KrMEi
zprWs#tT+Qdh&~VP(k75$+}<&8goDXkS}O%?`+{Y};(2{EhH#hY73}6LPV}$Jk&SUX
z`C%G8LS?yZ0O~&Q1y(69+W*$e3p-<zqa>5aIrjI_M0_<-(fw)F1@l>bEeUYDway^7
zz6Aqc#}xiog^u%oROpzw+5az~6bBn8_y4NUadL2S{J%V@|34MFR&ce&Yg|r+=>H(b
z*Hpkk_HNKpoW)5NvB0FQ4f9g4G7+Icp+v;nc_dO1Y(+#Q$sjT^-K+%O`MbY>+0XpE
zCVxRq!`1JOo7?s^H+Zn4Yo%5vbhHJ1Atb1D5GtE0TpXBSV552_BsdI`!vhwv_OAY4
zn(_A7eJnbVu+)!?C=v(+_pyo8!W%AGdo+~7{e2K5Gzh3@Y3OL#paCFaCaniTQ8Wpd
zLa=ACHQ?qTAb2#Cc=AIPu|NJyP>_<IdPM*NU_K^;z`~Leu3tvaz;0T+kU-%iAp7zz
z(k=81WC(X)tU@EG_O5>bk-IGyH&02~ARz+-1EF$SjL1Q*@rMV{Zls%dAb&25`1{aJ
z-~bNzxuDL$-*b4WQE(<VF(ZI2oYKpUff5{EAZk02krNrl>0wZFh$&F}6A-97JrEeY
z<PXQnhkZZd8!LVwk<y)GyWox>C~;z6?jI(sNpyJe528c_Am30}JRs$HkWSyON6<p4
zu7YqSOgflT#OF{Fy~0+m5W^NxV44RXAgbCCL3k5mEU*oH*kKaA01oI6YzR(E^O8K0
z$z}9-x3T2!YDMUvpdqJ_SKx2g-dU+s%!OOVW=W#!D*%VdX%GZ9F|q@JlY6P41Q+sp
z$29N_0up%0z`;Q>P&+Qr4ZJJZx18}=NcgV`%n#aO=iRGl@f?t^9;p)`lppU^^dut8
zXAt-X3$eX#w-5bS+$=a4h!<=c-w4)Ih-hNA_;A?ia~Dez7;X^P2w{|22?^-u{r%G{
ziZlx!=KR3b;pZ|{SmHy*vl;IF=ls1+Lm2oN{%*(|9SH>kA~H%EWSDFO=;s%{7*_m?
z`p_`{LdqBIKP^B@JM*_{!zm%k-Iq49K|jFsywGVY4Ag73!T}fqe8|Z#`1fDv@A1R$
z*kgh6&#l_;Zn7Gmo?Za<-B-igFP4x#GJ^m>&gtmcX^cLY1EvjO{Fj|Q=-0r|z8!yX
z=o!#*aig>)GER!`RDywo1{^FNFompz9?H3;fVq$0`ZbcYYf@Z*dm1b>=&r0a{7)9*
z6b#}w0in%;$#P3PctrUz115g6=(kK=Vo=FLa8+JP4Gw6;s8GPn2(LI)Ox#&AVN;g3
z{gsggR7i+y68{vWzvT?EUeb6xAip}33W)4i^$9l$SP14+3Is@nM=}{G@xhP`0U}Us
zHi-zR#3w!!nCRIxG^WBmei)eO+BI~l&^6u(n+T8;iUd>wh<9R!pG|@SGV_Xe;>XG(
z)k9nClS0Wr^oe&0P@;ni3M6J?LR{^05hm92(uG5V@C@4Q`jw^oko?M-0UWo7fUJMR
z9>}!(!iqaLTp_o^?h^(<F+>+5ZXkPB<ah1yc)nu}qkq@AIPt=Y<b58dwy#cbkD5y!
zIyfBxqS2ARNWUFxNZRj<ou7+mFVP3kBR%f>e`pCE7&2Y?9W1mksaEd&9NG~AdPwS-
z&`u1)_OkE7OanAO{)3S4F}2HV0rZKuW`9BeJt%ulj$E;JJ|N&Jy{Br<b?1e0`4h56
z)=F<_ne#hYWA4a}SeRepM8XjWJ+8nhQY*D$53J<d0+Q<}t|Im#Uw2*<$5_scmeOGs
zM9}c|SnxqQV23>Q59#q}BP-(h`}TLVqoGzGOR?zU1q>~9c459{dX3SbY!LfYokHoL
zO~;H5iLi3jVe2C$iHxY-$(jiw9K<#Zz&<LNqdq#R{R+gdsuS!wwh{;(?9=16E3eiu
zIo5WglsxEE;-F)L>JwYEt#(;*u*0P~5ISM;cscBjZF_C^eUZ~g20x>}MV0`a7$)Yx
zkPx@Dto^Vd&;s`BHQRs48wDB1C)CynNGQ4%@~?_-;bW*-pdaOZS-Mb|e)AFw5zXI;
z9g#^53>+`LVO|)dW`AM%XzG1Sah*M*i?HO8uY?0!a0&M>1ciSX0(Z~g)~GVF#^@&8
zg37EFSn5BmNzvuubelq@%G#mDH$j7(eg-CoGhR8v7&vwqnaR~UQqn$`Ahk~DdCvlG
z>~;aO$M4G?Yz1dQz@tTVReQk8O&9q&yNw;|+_s%kWXPk4Fm2JHCnbX332hdHr^svl
z9iP2`OEZS%SNPuKX-U)(s_z5Wxw3Vr+sED}Ny__zU5kRWW%DS$3S2GrxZ?y2F(;4A
zVL@vq2TKjVSRKk12F`YCQVHSp@|)qTIs$gchrZQmiitQdS7=-;&6#t7$JcJI`F)T7
z49eBffdBNf_H2a8syIg$O<F##`b9polk%`Z0pHmB8Ro1!Y>U<^2p%;HR*4O4OIOYE
zSF*w@rJgDS>xd2120m|a1VMfq{JYRYCmCwN2BqW)mc-@_feQzJrTJw!SvQv5R*`mu
z_d~$6F?LLt(HZ$Bt#QwDtG5yaad@0)XHG{+9gui#w|eS{KODf<Mj(}D!D&$+7CFH4
z{JO>ZcC5I*-&}-#A3PEA#{SHm&~@^Xk&9Bh3I)BKnI8Ys{Li&zyz|dS141>u2R};2
z)s0FKj+<ykv&nUwJC`0;jUroQ@MiAP4b@wnBsEjT{P;$G$wRR$px<#<#%EV>jOwDp
znubq}njpn3hZ9(ptd#h5gFI7slM(4*2N72y<@F&jyYK0;%c9%SQo}e`#JVzdUC~q@
zMO`<|)*^>wb;^<RAGNv|qEG5bZ^IVlMtiDDDm88M$#N2&R&;$-I`_K%-$RRPs&a=h
z2;~;MTA$q!O;TNHscsajfHlPm@~!^eA;XvWCVZ}o(FKU7!+V#EMKepHS{Qi_dF|&4
z_CGlx=ECU{;^W*5{de}>rFM{+k4O1^Bd>oBd6!5zwCRbA`Ot)K-gPz_>QJk@dwN8;
zmb<J*7B(>}1HSspu7ejcS-bIblXsMR74FkTe}fJ({=CZBZFl&Ci%>{=+SC!80g~{T
z?k<E&bTAmjS;MEWmfi|_AS(vI4fyqeLRM@HPW_kUr7XI7^HSK(OF0yS;t%;Wpk!Ce
z>PU7u1MciaMffmkc&oKu=I$43*z+ojM9k?kbf7v?wcVTvX;b&m?pymk%mJgR8^pb$
zXum^TNkR>)KQPIVey5LDd7&bYAl4MqX;3z>7x&IDtF%pZhOor9ZWwJ!jK^(YG2_(Y
z$1w_LwEi26XG#Kzh8mRvA4}nV&BeNa4ivCSi5&%O4-DV&-yO=+jZ`SD%9sZ)l0OBR
z1O$1q$&7mB0e>&vg_$m8X>SJO9C{T=VehU8>&CZ&P3GLKuff@u)OcfuZaP>{NMvZF
zf&Elzj$VfIJdf(|6ZArpDVw3Tv9fnpr;l@yH{5Jr;wRJKB%#8P7O_Ir+&t!ThqclP
zMp94Yo4PkQ0^FxCA$Wb-Eyk%Puzao9*Mv5tBosZ&f0DJ$l-lZ{uhFAX`V?LA$V=x{
z0;nNw{r%}E#G^?Z#Ors4(wPfUSeKh`swqX@hR_7H>xC<$B98?5It#rL!UU+Ie%C!_
zrZY2zkyQ1Nz-<_64YHhM80v$`>6*Y8P|eSwUn7_6(ck8uxY%ys9HpG>z_h(}%(;cX
zgU50D$_I}+O&e&V0Du4TOxns{>8$Gs6rkuad)bCkQ}ge%FI`_Znf{=kZu(6d-@>0u
zQiAAGo_2Fhvss11J$D`dbrp#wVUBNutEvvEa0EBljg^{QNjpO3mN6KQWR_R&<^Kw=
zw5weK=caVMJWqJ)osH?&%IQ+9DsOmxmo!|Xwo?>}`BX*+)dNGLgi@!SHIBab%4D(>
z={;tcN;*?&cq^rZF1!511y2GYac+8K*eT1tQkeC<{+cYHCAF*DZRe(7kbrCIab6q<
z#0%Xvn?E5aknj33FLNBt_|f^1Q+dCN#MZ^$u`l%?Pn>A^Fxp*P8OjI&OXw2<(eh_~
z9h`Z%xrTh=e2~|#$|w9KA}k}<rw_kkzcxphM-F*n>W%Vk&a&sNlt#@+vcCpE+nCCQ
z?aVVK6tX|uB0L&h_ZW$JOEc%_{s_EiNQ(x8UPABzcubzea=@y^OpvLjMXYjrYbK<X
zmiC@UThbXA1P2CL|Gb=Jiaf$&_Bod9k1)Gnt5?4ys6%u4KEIsp%Y9xv3*rbyrDx>a
zA~fV#r_iBobA*b2^|vKG8t^@CcWdWnQk~?pcf9^&?r0d-O$oyqFbua-oG<W#7ZFk;
zs*dAv<MBRb*xSQ0U6}KqpBg(KF}F?MkuRF`O=$B=DO!%`RqpzZlAukXxJ6K2wPewI
z8uR-iSf7y=C)IgofOOI`at5^2d8I}ov|VQ51CJ2AzARS0RoBG&vn1zAyJo|fz+PAH
zwLHn%mtW}*?I={qWfgDVQZYtKEs??CTHJiK#ut3(Ts3rr&`D~Aftyff#vxwk_j>#5
z%0ExA{K$la%|G6aD#`~Pom3iT#3|mOF-#ffl`j+w<`jrQ^0Tx0wJ5K17rK{**XITJ
zupSH^idVg?5hM)!c=Uh_)Ud?kc~d&44{9^4TDP<1SB8cMf@Q~jQ0Lj^KY_Qs<p_8a
z6qNI3MvUK37073c&Z?2cQ?R@UY`!5mXeQC-?6FEZ<)>G(Q$6t;x0upLdp2(Hm`$S$
zC?GFqcVaQ%xr%l1tJ=?@{)LsnhwWw%LdiKtBj5FKrZaRFPQef7W1Yx=uc7o)eE=U(
zaHobOsYHG-i^BqeR0{$#sWV{r@{JN*Jnw?EM5P>Bdt`J?7i95S{J{G&${(#qT>6fU
zNe527rrNq;Ar_m`?ItL&z0)z&GRqhJOD!+5u1zb^FZnZW<2CXdz2O^BNh(Ngv3$$R
z`xi7=+`P*u!FS#I9~xX{?Io#!e<SfqrJ`R_mxk|~^wg-tgydd%6=eo~ilWKDBKjMN
z=_iV{H{QIwtYX2$GSX#yW)`g)A)sEAxRy3UKHZ4-a=?Rdj1Sg~hn!S3yCCtxoIntM
z$i^g2L%C?5T%87Y^A96qRXTQEm#bYon|O*(Z_dr(VUL5~>cBIkzentWhx9&0)^qCI
z<7dz-NapK!BR}7bi-nhC9J<fyF-~ka+FB1n$`0Soi6HM#F^kAs(%_$h<id+*!<~vV
zei?-vkau_-KL5Gy{F3>C>aXs+T@b9*fa|!Q^U~*Y%YlscuZYWJa4&X}YE${!YPij%
z9&fHL6iHyrLW>56ZRjW2FNeCmd+zf5d0^w4ZNjag0cCvSAy?A<<kOZ^kCi*F{#L_p
z<~t?kHFBL88qkxjx`8Vsi0(gBvX}(LN4ZC&ZtTg={lZI<So2dGhQ0fp+s1raZ0jP7
z`e;mb?p}h|#A6hU`FZbbKRFpeZpu@cOypH}Z}!?iFC&Njh`ir&9p}ZOw+jR?0}tkP
zRNa8_FRfr@wOmgt8@NZR;*)9b5Z&Zoqj!u6FM^8|hjh>4SLcXDogHFb5}wgnRQ{nU
zmbT-~XYPffb>Svjd;#Pd)`Y)W?Ab_e^Lc_(p-2T6vXFIZ?jMml3srN3oakS-uD@3N
z{d<N64;vSvO4!Ufg5$8WlgKqh)9ZA<I*J!Ah%-%}(V@cO$)+CuDNay9WAn>m)QNR7
ztW5kGI?(!iXpE?I<3IHmW=03Q5Xh455h80}MEwe_=e7(+uWIj^a^W(Z@3>$aL(SiG
zwW~9M*Sj*-&Dr{Yz58+f3@b_+O)Rnx*A|lKzqQ4f!I}kpbB9T)uZ+dfT(luZ+;6jL
z)P_3sVhA~Sx7+VW=+EvSA&qg8duh-I$<}ZUFMOvt2YWD!_5aIs=n<~x`!826bnwv;
zzi$b10Q=ELhR7=B_T-A%A?3HTA))7RQDhbB-zoX$6FRSJ(lJHal<8+Wkm7$`6pEg#
z+I(ELGr+pyV87}zmk68@xZ-&X>!?)^a{SSnwD|@;-d=cLrV1~Ho`>#E85pk38ROld
zw7r<(OFL^wT-E=4V_cQGZ|IAUtlBD&mDS{fD~wU2GqmM2M>0Mz-L}Zp*2?CfHgRvp
z5jMN9VDZBIo25HiA?$uSZd)3dnl5D36v<vTsMO7)dB4Hdeblas3icdMnJEG#w}%H!
zubL3!qb4P&>#oyn?C?#w$I*7FJ^D<m-F6H=h{yxQa8{#XJL)G)MHDy)VHr+mc(p|t
z?hk6^JrC>+T+&E5<=GeW%A6VM>ZN8xqJAR3s9{z@tjVY^T|+8-PvN2+oju!kMBOFD
z_b(bfvkt=)abYPc`%kpWf`)%&D4|A=&vBiWw=gTU<PcQRVxi`R4<xE*lUQV8-;nTz
zyb58Vsj?V7*|f45X=(IR+x<z};FCM>#-?8xvmxl9JN!sc^ljpe+w{`FLn9Ei(>l<r
zF_@jj;jE@x@Hp~ZDyqh?Ldo9XkmrJ_m3M_?Tavpxd<VluwIrfz$5uYmE%4g;XqA>I
znB+LI-cF<d;Prhu##N#*{y{)oQSNgr_&LgQ%{(38&3RQJh&G4SPSljQ3QLGD8djCm
z6jSxBK^hW>Vnzo6MJO7984r_Iyme0AlFI&)t(oPlcGcJ<RuT=f;M-Zjrubko>Fxw}
zcOVjO_fxbW71{57x3fgz^!A>CZgJQuKa-><m8KY)69O*@!+mP50R6J3PM%+ixX|ti
zF=R^_2MQn!ZRRy2=R_DC9Wuyv=x88saLu~Ra_&HE*hl-^*GFz6Tf8ND$NyK|zCZA)
zwpNR>%Ae_(*P2>WlCP<N0q!G(Xu|0j2xzlU3WeU&UEkjA+7kKX_Xg)DMW;7GL00-{
zEbbsKd61qwnsCWoN+$P)%ZOXFF^*B~6K3eyP60xd=4SNPd|oWvtgFhb^>8R$!v*-!
zGaVciZ_WAO{8nG`xbDad74=vBQ5;<+-Z^T*M+}eR$!1WyKyYcLzj`r20I9t8#X0?h
z4ta}%gAqSkDeXY#Brh`L&mAeKDcMs!i4oBpt5RVgFg&>*WEBb&z!x(LX*$o1J(7f$
zq5EK-Pq4gvA;3_ysFi;zM+okRbMRwv<-^oY3Kmhe-Gq2?^nuVy3011IqFs&ET{?ep
zVXx-ND4l2#Ljr?8vEjMRTp(~n02P?9l#$~QA0T@t^bz7&OHG}SICVY+%%0!*y*O3e
zJ1DO@o1`OenU4JW*$>=f8C8a1gXz#}j)e8PqHYK4--%7a@Y~ZLvt<v<4(I1UI>*Vb
z#HL`<qwm>Tz&S`YHKw-Gj4GY(V!3dk=HTFw-XYd^rE{4BltN`Me%ZzBj9(|o?y7)R
z`*9@W5m0uRQX5buB*I8z?*q4&_l;#O);+X6`!Fj|Rt3#s^Wo29Ho(MdJ>(JVR{HL;
zd~C+<k4i-lf)X@4d|7>U8mt{Ys>Xa-$<vjB1>>SkpEDwV{wH~30U3JI-t3tz&Q_(e
zTaj5nIQJS29o;VT3RHmkh^dn0RKe<FHSwF7hGH7JTt2XrA=Q8T!c4bTOR?*2({c|%
z39YQzj3(<TzR~S{lC`x&eiK6Y)lE^PCL(hdJp6b#zqz-&^jlRV5ydg?P4)njZ_{(k
zzfoRLz$|5XL0p(^dUzAV(K_FIqwkrpophsaW%_A_v9NB(r&3r#YQF{;ek4AN1r13;
z_%_XIUaG#dY4gFoEltOCt~h(1q-s^dkNcPCk`DMO>B2jl&oHF=9A&Pk`xTDq-lR=s
zT7!E`<VKtzfXBp`Bc%{H=fsZ*H1nSt;IRihtv?TfO`u_HYlVce!u(>-5NERX#_l=3
zUgZ{0PT!rK`)YDNf69;r<z2CPZsJEOzrYg}V7zX#%?q!IKd3g`>G&O4JMGwKa6zTW
zbcVa`>RrO*P|g$~!Qt2Xm~^lvc0qPpM6``NRqX>+L^j)^{=)lSv|%gweUndrFI*|C
zMt?SGXIRT4@STB{gI9AaEwZ2PgEs+lsWHZz^7o;ElG{uF9%d6q6pWP){vGnxp2{Cl
zoDy_b09O8s$=TPQUrXz_e=Rwc`f|3@vOx9+zAd<2J^`FT0qSU`Xeq5@@)YOB-k=~M
zis!o6VqA2va+PG~Gv;j9rsx*~MG2-`h^E)0BqNi;Gw6vakR>#QLl}D{KxK#JlkKs3
zA>c^+X_)sM)i6M#3yz=lVtVSts0!m2adE@D;n6g!b&=RKoq9QWh_NPDvvrcMD}y`}
z^jMGAo|yDq<#TMqQMHMU6=4wVW(q?6!`HK_hR$Gy1xnv`mb-ncZWe!Jy~?9tUy8~d
z50%h+d7e`AH8yKZOiA8Z%-GYGSU}-e7p-IG4$Tb0sj!-0Na0awW<E&TEpsY08_-O5
zW~4kS>6mt@>}6wQeZrc}q!`qK$$@#9)x0Kf#*DR7zb~y_@2h6jjVW_O4n;{(8YW^A
zb@Q^%U!2`m#N5Q#i=4>0epXCiqHQleVA`w3r16Mv&E3;x!(QaB@><W?K^e<$gc-2<
zH88x>e;pI0&y%89MHRnkg=VW0Nxi09KD)+k5z?8o7^%GOg?TgPj;=|mx#Mj7RnHMW
z$?G8d^j9N??GQCud*5HJtcEl)bxa;IL#qk&WbDrYrm|Tp1;0Ap{4LM6_{*#2!vMWn
z>sMOHo<P>|yNsz%cq9n4cMifUHW@A(QnClLuIx$Dd(|h+E4_E&SvA!pzivd1sKOg2
z^n4WyeZ5nEvC;jj5y|n<9bXi@2DU-oA1SuTcy9;1faM|*J3R|At=#<wPM7nY^>PwT
zm5pzc)@9JCwxsf;q@e+ZpM{y2GyA4G5?A9Qd~8${xFj4+g^eauF({0GYfB(G7x8JJ
z_X4}0OnJ7~q0*aP2X=a87P!t7`opBV#YASD<L;Sh!lIcg(wwL|-iH^$-J~13jE%<&
z2-Xm?VI#)MESTS^0yASV$VhGV6*l(sf3Ps3m|N6EC1qc%E4^>tlDZBAx+xO!DA91;
zFHCRKVr16Sy27QmVEm1Ph#4K~Zq=`MA_3WbAZ%vRP;<5Z1xbHhp5YI#V2Yz{y0M;y
z6-7L3H%l3nV<o8k!fJP@)X^m@#F*(b`~=6wYg|brmiOeu8ZgCVOz0Z#RTu!Xr;;7O
zp^Ji{jSYq}spr++9|ZF;d1quY$^<#>cB+~`o}RBh;3aCdox7fX<%7PJQ$xpNO+5VY
zg~#HPjD%x=3738PX!0G6^*CHm!oH|Rbw=vu#(6rU*lh189VN##QHt2Q*O1G<$Bc2~
zf&o)FFt=)CiV3^V2l1Zvm(7p1u~q{+H%#0+G_OrBXsoI|iA}dsI64m!8ypov<f4qF
z+mW)bRwy2K2Q^&{qFmbV`U2HKH9yvFQ~WVqb)awTAw7goYkGNN73(cr6!90~^3Vt%
z*m#y-lm_B=<p|~n#0u`-F<t(+GWaT(Ybs<<s_mulxaD!rYbc7k#-KC`5)b&q8Dsyg
za8es|3|3jB@Xir?(kjH^@4SMhFLlI}-*w}<NqKompSe_@mHKEa(@#WsXm=HN5QdOH
zhYI2lDkunad^Q+8XTp9E?Vys9`B8`c9y~)wA6>QV<ntbNM8M**_>{WJ-j5_^?}Iiz
zA>xhS%Zg^1$?`pXH5rJ1J{DEZvw~H6=0S&(!*PaGwn-h*+cGvIpV+$0H=+-@=vM7!
zIUcOLz&kj2DKJ@$v=)n^8uVb$fBR`^cQ$Al+f3mrsFaTa=g(%=<u}zIR#AZs?kwBk
zoi(O5c-o+3tLWV96a#9`>?1Pk7>!Ul%fBQBaH?jkgZC#bhg?mt&%gfYp_%JD1K1j5
zYAw3TM_id@@5o_0i`MAwyDlVlhWKvw;}I`0(d}9AWLRU|A$nznYGa`DSyDKrY387^
z(cGs3HWjJ8jy&;k>*;?*?~{V00_kWYHfO^7$**IaV(+!e`~$j8s#~|l=tX@?aBu#7
zXfi`=z!Q+$f0rv5PUY3%&iI%j6$b^RiHxG!N@v%ZQOZcb!pey0uH)cOyS;rltPC|5
z7^RD4gB+jf8Yomrln;D(%*^qPDaC7Qemn9F$i|bNqMmPm9c_DK$@@LsXU}V%gYSx%
zDDeme#8eWGB~WVGNTb+!bs?n&wEi9Nr6vnnS3y1Su;cVctzUpg%kd%}(<|Kn*UfJ1
z`zL}<@6AzK`)KZ&O*^Dnb=|OuJHr*Y&TE%Oyo4=k3IjIP0}0bdAk_u)lLYn7dW}BY
zm?0M6y)4Jl-8bBH6L&Y7(~fnxs1MI-!8Fv9*UIyl7<UvR+e5~};&R*~QDMljIa!GV
z4k<u}W!hci1Lo*L#qdoytqK+QzcOd;|CKra=O_9<DKiTZGYcy#^Zz;i-`o~vR(6*E
z58ML7C}C~qX6{17C}C&pW-exK>S$&TBOn0d>gHl@Y!BnL5%&tNl)JeA4u=YLgA&Y2
z*51|CWg867)Nd5R3q~pB1b+kO>6x*Iu?3B?^-X%3>+5>+`K!LGsmlIXeY4!t^=i;_
zi4DVI&JKZ$8i_20Vsbd%KR7-Oi=?WQXlx9@#M<=VGn+`1mC8f#YlMCqNR_REukibk
zaCZRA!&kyWW0*NybN6B8Kn=j-JleooYe00l-E?~0)6+m278d!xNW?GQK+c7%YhZ=_
zP>Eq{fq02j!$hqPFGj4cV;Sy0k5GjiWx(}!cTV%a=m<y+5bGgvK^#Efg~i<CALinw
zh3G=?CU6kko!^QuHUX}ZlDY;I6quNp5``_Gq{BOMiQxo$ARcUx<-vGDFSA6b{kQ4B
z(L%O!f;G$}%0Npq0|<csbjfA$3_`w0dm~2R91!bV-Jx9TnSocpj8&jZW=Fs>twcF}
z6Au8?GvHr4gut+*<G%BssGmG2yGKo?xiu^kd)Q`Y(9KL>xd9ELz~mCX;^Hb&ejqE;
zha9M8m%#2}(7Yfc+QNC*{knx9AZcWDpu5r`z=tbSE952*4--#dO~C8;6YtCvhwNHr
zq;PeOFh@LsRNo~k<Yq{$;mda1dBIRib5Q%5*B4|~u)Uldpw0NeY^uZ<wAB@4BJy|0
zo0<5#Au9+E7;kz@&u$A3C=nm%$i{B=$rsq2Q+Li#A$|8GgP@zwj<^+QF@r<Mz({p&
z3NbkXbPgNLso4|6+xu(tz7HxY4BQBW!vhQ}Xu6+63eeb>DO?6P%y?{r>;e&B=^IY~
z@BjLI+@<Wn49gO-tKRyV`{gmA0LN$d_Gaz`=={|E2XZ=qxic~{1!t;vVFK04T<-wZ
zV?;Fg&5^{0`uQ6V7@1tl6anf>`L2C6FaA+&dK4rn{IL|V0{YF7Lw+F9M+*E%Sa8qc
z&Wtnc)%p><{H{y<1+e_)9sjDI|F)4xQ_@!TeJue{e*j-Xw)JV7g0YzAJlwspK_Exw
zSav^*>ab6*S2Tfg{R%6;tF(tue%O%6xJ{VSto8M*EKR@mki1gC`oa{GMv|tFeddpC
z`iHOm+Clb0lSq(vx3nkZ(OK`mZw6)4YY)db&R+8;y9|XxQ{&t}?umWOXXfQUZ3xh~
zrjZl3=cdPdU_jT`K@L)k5x>D)Km>G*rZylh-?H046cV_Rhq6$6rIw6=)WZblufnb_
zK$&6zIX@D5KokwXB(<0&caYAYnP|T;?b<+cGyo*pK<Q^h6Hum#Z{aH-if6$ybN;wr
zlKc$xK)~D-j06A)F>vCoFY=Jnrvv(@9&k&LGC}y3jAi!e;xA;U^)up4J^f^OSIW{P
zxZTS&6R>;8i1H@tJpuZI=~prL@ZXJCl_0bMP5p<z4&aN?T<154k#xlDk@2n3I#H0m
z=cv&i8*aQW+sJ#pT5!av_YS{05aHyP#0ex5?-$(Ah3hw{n(?yZ2ex;(>l?QB>GB8j
zix3){cYU+Z>Z)!XFuw}8Gi>9AI)Y)5$Sw%OdIZ-}18?3^i$v;VvP*avBB0#1YGR2!
zxgh0wk&(lx9xE>`Wf(`7o_(#Cy3lQ=jo#QUshiI8wNp=7X>TxOPL#RHPQnqN5isn@
zj(={a@ZpTv0ZJ=PBa#`^HQI$OmBS04527+NS*el;x{+32{w7@sL;0(eEXz?Z-cVCq
z#H3D;5h?k&8eVByJRkVMF$PYcJ{s;`@@vuVAXRj*>gn=j-zLS(aExX9Eea}|$v>QD
z+}k)Cut|9&9G{8e2P$@Ob$6UCyKaSu4L%EL*uWQCQXhsW=M$r8jp9&=_HVjv7U5~U
z{E(-88vamjNIRfo7sYggVLy^$-SXrrG@GsrGG%b-6?W8s*UE!3q_j&zhBK1hJOuQ3
z3!|)ya)luG2*q3={ux|pk#-o0FU{`zp|aHK`@jwdY+Fn{DX@cFI3h=;>DK(BU|Z55
zt<_B&pQ~o%BZ+sSTU?(B5Jg!yA&Hw32fvJ+t5y~?s`lALD4=*cIh6NJ{n=e3pXxGD
z%Qt-jtI__c^PGITx>em}icvOzb9glA#O#TA`AqxIW!0VkJ-}8fU$eqDhJ9>*1J6Q?
zD-=^G`^UbIpKTA8z*Kd-Yhh$2|6c|f`J6I^Qdo4>h$m)mJE?yn1{DX{smShK7wGF4
z=vf_*IN2tS=Nic|r(br;wMFjtde8V=@Z;0JzrpfRG6IcPD<spqgzD=T7P!{V5PTbF
zjm|l(^<GS?paTk<rZCRBGJ|I)25@UJOUUH`Tr{9RzRXGc^dz>JaoEOes%fE%5mfYH
zAiYqre7gZ<1bX#Z$SApgVG5H1>{yBXIefygy19|b7pC=lE+28j>v$J^Bz+<gd(<=1
z7g`|rHbeXp-ISuspd+VBxj2mZZQY<X?HKZsF}l%SJNbmQ<YI1?qa<y)t1HYJ-jq%p
zH6kHaXHAw?GHG<dp4jYIe^rd0qRJM<$9~t|NXeVTx1`fJ&@wjTuu(jcxqEf|jX21!
zC>iNCDZ?lH7q$I??gCbTDl+DxxAk3b{Z=KO{c7^o_F$#jyR$JiwpodJ3}C0V{ypYV
z6bW*Rvq{mLEC<=su`IBp7zl1rom@tJI+21Pd2=Oh3!yo<65?Xmp7;KTAUe);FadVG
zK>uK@*`Qe=)|IM!^S5z^lFO;uOFYkYd)}5*;dhU!Qi!Rm1pTuk=k_|TtK0q=SSO7&
zrLm=Zvmwjes*Z_GZM|TYy(-&F;cn(G;74(_&VAv1_K4U0l;b(ebsKj~Vx3{}ezrBX
z({CG*VcJow1F~~cDOc0^1OsyY5zE!4-8;U;9zSWU1OXE?YFS$hE^wQ}v2tIaHO?<4
zm!!*~rC+0jrKgp0X-xKL$MW=M>Co2#Hi-xz(dv{}Ayl=v$9f&1=x>;Si^`PF(7R(&
zas1vffx&Ec&eXm@CK2=&dhaL(wU*+Ivvj2bT;F_@d#EdoWBM9bN$@|80Ub##A73u<
zFsd*~!<64+MV-Sjmsn?HmZKuBUjNhs&(IRFt~px@^KSN?<7fQ)Z>Ow3`#et*a%ENw
zPhK49)s}sk`r50lP3x-yfxQ~zUgm@T@<$#E4WB9r$67wfmLPc1Fq1`gvM)+oRHH3R
zl3J#_(GGJr`|F8m%p4PL1SV|N6ZxMYGDL-5X5n-H73cs359){Q;B|`#R4bJchd>dH
z;rxySvdP>xzx3}2In4BMmkRe`4?ZYa3G6_`0HphPs1O4^vd7TgU7l|3zb{{1JFfo%
zCS?+%Ud1#;od1Whb7-(^ZI^AL(zb0|m9}l$wpD4{wr$%sR@%0CcI&pj#{C7e`_6bq
zj0l6igkaa}ZvKx3^TVrvLP*UrH<rcvg2t4y0`(4Y=OBs=B<JJ%nG%hJ5UlnZHQ4(=
z`+RTeXSxsfb!ut?7<F{;*_JhL`IMC1j3DG7Vq9r~gaqNTdu?v!DwxAFj280bezpBq
zMC1&lV@tOn%;~AqQ)JBE)#y3;%7}wyrEw6?8rsL`V?lFp^FRn=%+rh<^||qG{EO@o
zp}DYgx*NaxuC(yFxq?-N2ADFJP7LHZ){R7h$8xRdDrt|bOd!#B<=@N|wG)=lBzs6D
z{z3CTN5%cLeHgKNUTg}1w2ds-FsYYPG({tJ{gLlA+=WI{fm;M((k|LYGVIN=W1_^L
z$1gb&zhErB3hM`y1AGb;yBS^-3c@7mWWg~^1Mkw4N~IvRXb$JILa;*Q+NP)07W8Q|
zj3z0kxabwZDPZia&HV^J)R?O$FD?8inLkEqbAIl*o0i;RbOa+Tr>OI&nXh-?-^*J&
zv#NhAVumBDl4S#g>Q{0)Sr-Ckj*_&c5G0D~Zr=xp6po&itSCw2V_cS%<4_f9)4E%P
z&vwqbsx`#0<Pj;@iUx>vaE8Z+L1)(Zi5{)|Wfpm3dHQC=4<V9pS)*67smiLhwaA$Y
zag<V`)JyW3S(Vx7Mz#wTyG?E0gXBtZhF!a73$G{_*vh18*r3GLYEnl}Y7~?^PipgQ
z@c1U^aPiK83dk54A4zII7u}bNr3k8rxs<UskK;<;K<1$}{`+@lMWrj-on$n+j-0$m
zE;j_YV)4a?93~YLjJuIYE+KAI>4>f%S2^e$`zVdEB)%FU;~v)!e}uTx<sT&0JPn6T
z-QT_Q64`&@`nHAw*LF85xY+*AYl}8C;<1HPVcp%sUi>rQ!8Y4ne?GNMzE)=6<cfOL
z+O|CS-0CtsGFQ$uKR0<!ET|IR6~@Vhd_g}leuw2F$|xrtpNwB)BXhZgRru{6YEf$e
zjP%YXe1~Hk+Ww6K9um$|nAYsMUkx~>H=hK61#J1;#Yn{9tA&#(jS~RB`>2_8y06Sc
z{+Ffws2-*pJCjpQH;AFGF4XA`!+#lB?@MZJeg2oA<(7*^h@J7!k+Fn^1aHhbJVBrH
z0`PcP^I35xxc}(BZjI5ymQGM50ztvZYQ(Xo#yh9p{#>NoXFkLw;o50A<=*fmon}Q)
z<ifbd-gTfCl6wbcf|%Ys+Q8slG&SzfaT8Q+TIHFo!xH4M<k{F>eX}W`vbIDj)nfV^
zT{3dskW*Z%CaX1cmd#{~K^zH!k=$1~{%u^=dZxu;$MM~U3YoO{m&nzhL&%;l`5Eu?
zpL29DUO?GdWM+x+<c*EEl^*v5;{3S(%smBzz!F0ey5{p~y((Rvr#2EO9)Vki?b><U
z5Uot^?$a(wvxPCM6H@O(iIx4HZVR}@yZ1QicNDMa8(IhqcA{f=%pR7JEbh6Fe!=Y<
z#&=sArIqA*%3$GjjeO!!Br5*6AVa9g?}0u1Ko7)B{e;rD7;=e1Tr-<9;~5v$H^GSh
zfVYo*L`nUi(YzX6;Wj5+jhER#tCf|b^p#BGq(*;>V=5t8GmH+V4)Z8d;d<KD$0GBh
zUnrkK9gIjzKFU9s>U;5iWYznv_=@xomYg@0+ED^PYuNYa!TiEHiCwhUU3+53!vTdU
z#J07HPCddN`);K8VZp};ZH$GQ*h`J~9mwfUJR1}5zf^naJ2X_=7QI_$eBQo*PeuHL
zhu`u@d49(c`QnGO4rN<2PB;97U~^Xuo}w+Jf%5tM4B&k323rh@Q5!JjWExevbV*PO
zT!Zb|GeiO3^;gysJy35$qEk0^(dhGTOt_77LPp}?5)g1gB!a+LZjM5RRT|7+m0fS^
zf3?sQwLr4aPP~2*%0+z2;tG5-NWm0L+F68D2wwP(04Lvi1T?7(YXIy8*CC=9UHpV$
zO_{mUM$=(aPZnEM3D`rWaWaEemu?hqFwrB(?a2c#f}PPz-FZM6<VTS1R0u2i<Mk9Z
z<A1fJky^(352+)jw9q~n?`e0ZU5b}Q41y@1V2?@{!uK1|%|x-6Dx#=&nK@QU9-ilg
zLP58>-I+0_YGUHM!1~(QW&)(581Np9_~mQ<+#+8#>{q|wh}ol&vF*uWI$y;85-1}l
zwd=BI{i(J+(n;Spa2n&Sia0#aW!5vXb5v6^U)ONn_@J_c)v&<fkg{ur(_&C(6I41!
zx8L|J4k5xU$y9#&jM{p4%D8~U<WQSh_~a{1VU~PAQ<FM2y8S1d9{PEki*(TUetRPC
zD>Mc{Jw1$WMaY&!TU0K82IdMc9#oqjXK*rhm`^jbh1D-Dkuk4y3(f100CIdlkA{Rb
zS{{IU0!1SI?+kis3}gl6Sp_e_zo4rvO&Mw4P0#ucj7dTU(FS7lzhi6+dn$mdb@CEG
zprv`Z`6tSMqGPkc^|S^Kn-d)|t@KJX##_!}M$yM?_MN_-1c^>(2X)M2y0XtqKW8jU
zP?nZX17uTI;ip%JcShasyU3rOrhiI{#x-ugS<O(_WO;jFeqfx2n%C#20Z<@_IYziz
z5CZj=$yfQo*&C=+DOyC`v2aCkJ+h-VxnQA+h7ijAX3fj#BBcq~7moePsjH4{DQzt4
z)TsV8GA{=(giTME%UIA0NoKl52N#7XzjEuqi2nDk_52y-L9!_otW^z4vt>;M>(IcK
zSCHydS3f=w(Fy$(3s;laj}eLSSsdpcVq}b-S8IpG*1LM}T6S1aNsOfdlvw=3fZhMt
zQCiU;bUn5e7XN95Ci_8dWOswdEdi(M9T(9l9&MzUgJ~?xjusLkk!;!1K7vH9=k!GQ
zJ=s<5(dXtalT+BgPpDt!ij=!^)Lrw;?bTowFZVVoP|qf+=XGk=>wNtIk$eo|=;l#Z
zuEAbM$qXq*vMngM`>d@Hgy$&juIwAa<A|#HIeQ_^9rWboEY0L6yf`1ZciWIPPqIdD
zR0!qPx`M(iqWD=+q<jm_Ftw($o1u0uQelReJNfJu?s&wp1hc7?f5r(-zoY%UX7-|#
zo~wRSlYkehgym;Esj92%;IX}1#opv~2=Ze5ERt4XnlE=$BgndmN8^%7)A>4?DGl-L
zmEkSB45P>#K_Tw^PRRCe;(ZstjG^u*gLhme#@F9>%f43<BT?c-ndpY4BJHBk%DQ80
zndK=Q$!i5j!~1Z1Z-oH!sMZIUQZs9Y=iJZ9;og=oXKRtRLK552*QL5qOofAqlwByJ
zc(^xQx-xZ4rNx(x2r6jk3j;D3`?#cgMY~jlDoDM7a7t5!G%zmMOf@A1hHXG>B!g6+
zaY?YOQ9Yb!D)&n*B-3WM0SSsjBB%OBl(a}bAL8k0RcrYfR%M@dPTEGVscS#cY^`<=
zMg<d0VkDlT$|VBZjd6~jMP}2O5v<nEQ6^H<JO;{)4g#R2A4#J%E|XD)b4aqKk*36K
zMcYnZ?GIAv#PukXI?69Hb$YX@WILbe>TjY;Xy_yOlEQ}eb%u(7-Mgm5ftz?NBUwme
z<_!<&m|j{oTEf?%4rkJ3HJvuj@<3>;m|8>*zYQH-vtcRk9-sx%$+8;UUEiO9G;(zn
zIOGgnmH2jYvaw%cT`c70i#yNCrCrub2C@pEp}=L=?~{We`B=NPgTN*G-yY@2)}PD$
z^ZQohZd-a`%X5@=<WY_B2CQweZ4l-(Zz8b9?@)>$$4%DC+A$g?Z$(Dl+HhQyXqc0b
zTcph4lKWSdlMIOb80#Kx97oef1@`}TK71cNuJsOI;L^J$=+<~7AMP)C%%dUrJlwr=
z(bnpS<&2H=%UL$s_)n5j38J1buiKtZm$&RSQxr5h^cnrZytu!j(bUnEP12TXwD|x?
zi5~uyRxF-)zjprH58qCsqS5tQCpl%b%rlQ6%{SIUoVW}h?ULqjM2>#gdHcb}JzL3R
zTSadtN$H6(DZCZ;e$%rW8s#5#7e`&p(CU|Vh6?%}jvE=M;k+~#fL(J)Oef^00ihu=
z?n0wDCvEtIfF}3-w-~!aWfp9GB3rXP-%^r&6aiUJx|X-|ByJAyw9FnlQw227@Z;mv
z@H=uLTR$aCg@IFN^+E0IS7BAcxzA#lq6fG{6BAVNcY~V<sgvP?xm;uAPg^Nc)+)C{
z0A}KSY&et@);t$Tt*WPNPrV^bIsXHkn-^HFF%$kd@)SjiM{AHsckiL;IdNUrdC?L~
zJ9e-;x^+LhxLdWEBQ?<<?QnV<Cm1kju&*ujFxwvxG}$MngF#syyI#B<Et=gu-)Ke5
zJFbDH5OC#D2e_VQ9N0fzAfLEeSeT|u%eK1>aN&^3H|<bu_y=|}?@R*&U_$Ps0_nBH
zcodNFx(SDK4ClRvi%u(e(s5W@<#+mf4V>JR@2nqHeU*C6+4~Z#3vTVw@v-Gk91Y8j
z$D6Ir$~i~36q@d$=<Nm)u0LNNf>y9&RYGO=<J+8`AB8^Af#9&dRyAB*Qo6*yY=+8H
zv{!&Cicdx0QmH35DRfC!2B@AT^w#PX5H@IHsSxls2ClzG9gg8*ZCP;d`e%ruIy>XX
zgt~1Y;ZjA)NY133ZQ(V|S3&Rl>v?vlp|Fro%ls7H%4A$=D7!Ef?L?Z@V6kPVwPU^)
zB61HV<&3Fg9(WFlML*aqhvVDcKqx4GpEDGGVhO{o|JJEQ-UyF5gj#qUTUmVe3V?#p
z9lPth)*9K}$`2^sCXugwY}OofwM*_UC#XHQvZqh&tev`>A)6{|`*^Z%mX4s^xxi8s
zbL2*wj$W9yR`S=DV>#}v**FDKpPOeycg+%)ki{eqzw%3)P+sX(_l|rW!SCM@jB8WZ
zvQq^P#J{0>^NVc69KM3q))Bs*B>9jOAv(`64^5x^%PhczP9{jhllZo#w*&4|#BZ#r
zF;@MaGzlr{OieUITsVT_E=r{7u#UczpI!>bxd#85PBdh(<D$Y1A~~^Q-qjor@$OCi
zop?25wCB%OgW2A=6zRA~eF@WiUZdyl<5~x+N^8#eblhaP%9|KddaybVerYBZ2W6j$
zbh18{{WB!|ui$u3Ss~<h!^|aa8P&6+$;qK&TJQF_j@SaSX5L1&3R_WTi$P%U(l^l!
zOqffN!~3JhG7&MwC_b|9*}BUinz08*@3mQmz8HKziDkcL9KB7Fh@*NW@k!sU6orXK
zM`$MtAXk2?_>^tiXQVJwj6Pk2*CU)w`^DBjdB4$Z`r1CB9GWmxv7{i%b?UVmH+uJ^
zT^K3lzm5M4`o-o=3!&%J;urWU6+jR>XvKBJ!UPhAT2n9|URf+ebfMKYw>0hEG!yO%
zfL{txwZKWIC})r5Lw89^+!{R-?#KnLj(d=>gL4aKE5vg>+8$JS%M0Ut9dCwTjTbAr
zA>CPio?yjy-kIN>DtAwW@b|=amCiumi}WSSF@Uk#@?2$QmtPxdD%8=LNxafKvAr5p
znA|4u=SPebAfMHSL<@yNlMn=jivt}7$S69*_~M@Vn-k`FP>3v>{uA{c!{M3onXVi=
zmin%W*hcS=$><764Zm+;fpF{`sz>@Y6=})smO^}Fx|Yq^GW^2T?WrdWPcQ^lVnyrt
zBn{OMjr;jaR5dqd1$o$RFSLfEpK=4&;mkoQ$iv_{Kx=`vKQZ&_#_x;~-g9P|gd|Ne
zo*1tx_&^7-v$wjm#U+znbg_+NI`*n!F8H6RlqkBcxRERtaoJ?7IrOj(1BtRQviql=
z$&kRKt3i?-lFO$5JLQvpNdHsOsWEH+B%1t@t)mxy)2oDn6FL8*M*fIxtO=+zapNaE
z9WEY_(;Dmw`!t-<^{0;GT0GIp+fJsWlm_&!x-c)RG0Vr8<QMySNmc_Z#3i+pn}f*R
z;#2tUN}H~0lPGLh<iN&abbnTN{00Y*&^E67!ESVepbp%*5AEPMXzb_mRUEx6?RAJj
z|C2ro90a4dd^C4*Z&w&aaO!LXU6FVTz^5wcr0r1!(uv~AqnuQ+1jFOUmnlFzX}+ok
zfpJM7e!Azea8EqlTJ84>CX2~^AunPMd{fz?p_~=GE$F}t?VY1^u9fjS{rCgK?Epk4
zB0{3oR8#4u@PRO<9a!s3U07$K2C7w*_^#>bDp>Juzc$@YLznaU5U_Q9>}<1|VWL~i
zaaS6K2CJN9!&l5!fwkEC=;R8}d^uUZJyaHB%6#)A1~E+b&y?_GlU18w&O>oNP?*|2
zI?D9MP!eVS&`7Q*r^p|sm-oj#ib<6U%V0R|4~rkZJ(Jsl{ZBg8gONTN5_>RIC&67~
z{1m8sxo9g~rP80^)saue6$|B7IQt7@JH~NhX-{kaP5j<k`Mp@PuywBbr(4se>8BB&
z@@{L(=%CFmfG2B}1i0yAan2?7$ek{kQSsw|)hw>>KLln^T%_{6!gcYI@UFPsiDnZb
z@ypWylSSYdgZ_~t0z!h5C6M>r&6oDpYDnN=-R$wQXy8)h`d^VfwZ@hq%yQ|YXku=u
zDeyZ725{%cbOTo4)Glhg^U~pNYaP#Oo28=xP2lv){5T&TA7q%PtH0<r^+kvyR!^zO
znZhlyg+zB+g>-$@gr0>{N8Q30z5?jq80~4(pGEhNcclNOu7wWRMv`3BZ0;TUmj>1R
z@>#@vJp?N9S&mP$WwRTUL|Aan7I@;8?IKD)VX%Kd`!WYv565wdl(oG3+llhLsS&2j
zTW~tX2am{HWJO?>AdBTqwb09T5FNT#TbOS{DY&?u!aay^Ft^<1Bu9KA*RcldL2g|o
z#&nSKKHW?%D5O7)HqnUe<A!)oYXus3k@>7u#uInH45+2}S6uhM81s5)ukf4`*DH@~
z<Xgh+n%L1pWn!6`8t%Ur3y}@KPF~qN=w}fI$3D2R5K8XJ2to`=Zb!Y5gkr__HSw$x
zr)gv&`GnAhlt=8~XB+-y`YG`vQxL`&@<Ru^u;9+;E|rcFb-}Dhm4uiXrT+-!;XM*L
z>R#-gAUQRgufL^SyObhFM4&j06qo>qs~HTPOcxFXu=}Gz-c9xlTU%I7wZ%N+>Wh~H
z8l49gtaQgY1bf-xNe2z65_?|PIgC{B1vKP#L?UMP|Jv&?(wZ`H!SMFb!BW?8w=m7-
zkcu=Az;TUNsnWf-r0aEj+%ffRLrb&Ds}w^dcwfvwuAZB9xjgHziaD<kH2^(8d}`b_
z6$3T=EIyKr+>8I_t4jcnm8_ec1|MkP3Z{&fG2aekK;D|yC90jn3zY^tJooOyb}sEp
z2iQo!9?Jn2_H1*N*1lM{SNyjXI8Knd<rmrI-xevIQSEQ8d$P4A6I7-837YI+TH2io
zz3O_RXDD3t6wG`=2q)~grR7Myxlk(TJR-J{awAXeWJq3}&|T`)b7@-2!uf$NQo!T<
zEBXzgALMUx2s`E>gM~CzXk`bWulAG3x{$au(qLa(IxM5EAdLZe`IM@)-<_Y^)y@ka
z0<72YT-ijf+|;9qwqV?zx~iA@899Amq3v^}$KT1u#QCjhBlweJYH*!?3*-(Rk?o;c
z_$%^0)?B6%ALq=&qMXJPNg}bU)q}fWF5eiL=Hs8X%#u(tY5Qf`{#%W|?TVZ!Xl;AC
z*7l;@sdl_<Hvbi0^PL%plZG<uMdqB5%r?3{u(^q~i}4znXV2wLH@Zdm2>vV(*ypPd
z(LyjFk_j#U2@h(ToJQa<X!z^6PnS*9Zi-aa-hl4PZ(@#RdfO;6u<CGtP$^<1dkdi-
zvB0kumxED}QV(6GE4xsR-4RB#5V6tx&&Bh3sl`_&2-AIaZ41W7n(4;LD@~cApjxd*
z(*-d9U@^`nly$yb7yTx2PlwX2?JX8Vz3DtYMC2uxXuIeVu#62sI@oL$Tms8os#Now
znpsO~{4a%6R->(l`mZOJD-QL4M>Iry$4UsZH8p9uG@rVJdd0-Tl8^j}{lX9UXgB9o
z%F`#%zZx;G&Mz#)wSQ}Yxx87=*bfRoVd&KH5_oY2j4_#~b*1vC4~t4xA-&7L&wIQJ
zu6H!3U!bRFDdpI68FrBRkx9k4?^7}6ecJII7cL$J-ba=pjyfkB)VOr7gYv@YFHkr)
zLSRi46LQcwPE_yW2+OV;<azP12mQBYd=Dc&lI7^9ZiS8?J3DA?n`dCzq6iJ;tc)G{
zm3h^xG3WKR!8?7nJqMwaviLmoDqXV0aQm>E08LjFiaVNYtA1PwWDlV++~4Gu3yH3I
zbbMid>AoBoJC?*r6}|U*^vG+&XM=dt%IeCvXEfJ^?r>p?SIC?(*%;0*u0B{h=+ob;
zz8&3}#3X<Zd}{QNqwZ$L=rPcSa9H_&)j{0J|6ukLtpUtZBi3s5Wzv$ZsSsxBVFB)u
z&VPkDd6UCh%q?>EU^XPhu0~aZ@L&LkGMSe`$OZUAy`^bfwv+w->$NdBi817<j2T0@
z<J1T&D_A;6=WP{v6Tv8HX>0dpNpk(hjB~^s+t97^BNe7Pe*E|i5(+4+fkN~0yMXER
zOdRVwBF!+qhe~E|0SM&X(&vhug7+%!j=tjuC1nl@Z<76+kyEF0_GIm>Jcxg%G&jgL
z)3hY;^|?@xP5eSQ{e~cly3%ebkvN92y%a6;s$}%duo7gmOl7T)c5`hu%0)xeLd2Tw
z)HC2rcjah_cZ}Bo?5M%qH6Z>qJlKsDX09td4IJH?DSL+uX#@`(8Lt}^7GlGE(Bt|Y
zV_s?CmkP((8b094;M*IoOSz~@hxBGoHFijddRYAUw@zZY6%{=NtWCIk!@Mq#$pEW{
zS1YCBm~nHfbAc?%(&{rVq9ec7Yj4O=)nmg@l?o;Qu~8#LVp-i^9^HL&>&=hxOsg3e
z^jEG`mTO+;C;{rA{Tp;s`L%h0(j5~?Or3h+SNO64UPqnCMl5N_e|D`x{)_M@@jWqQ
z-PDt3b3_0$qhewsSl#6BSikF|h|LTH+>VQ_7vzon)sRr?NE}U4d5oDyCV;~b&csPB
zdX<<H?FORA2{Qck)R}3h+V-~EeSgLTY<DA+t}qpQYe7v!zD<Eu3dznORq|4PI{xKm
zgIq?m5a}tqseY9(m(g)3jEa8OXgIm-thfv}o=_!N5a1s!YIZ%bNwpFUZ6UA=@}N8c
z^$z|HmkN<E3@LB+<2a*#Vl6Zt0Z5i?GA&OEvUjqLBWAT7nmWyhYM=3jdCHMr6w^Pi
zzX-ox7zxPo!S)?>H2Rc!XN<|ZI>L(PWTXjbMfYz5`GX&5)$pqh+Nn|`A<$jl*-d1E
zAn}Xrp;NGo<G!93>eau|vzcM*n+U^0{hTrLg49PCGakayjeGxm4Yx!ZW94>`4A>3w
z`_uUbulLR^6?sUkdH4D+H=RO2r`bqWv9eHqb=>DgNuC5uTKyWPIRCD3w*6{8+x6E7
z2z#3hF^q2eCN#_|V7m@m!`M+{c%0)yaai?h@X!7GF&t+(XDcaoe@z=fA^$^|lH)>&
zp1&7NzT=ky&f!*fVWxfYT$>mG&IY0s@Vmx=z@0uuogL%Kb(+umE!5NUFWOu(U3=p3
zP!|RvT^cljR}mslgs!^Df;Vr*o*9)NTZ-m0S8m&No8zr(QiXPHv(Y$8=RGYyc-Rnb
z*d9XpEzQ&$R0a*z5tBWdVORQXg;s_}X82u4ZHG?>1XvvQN>Y4bsXCKllvTxC*D_)1
z+Bqghi`*h;4@;D<Y~n)hs^KAIJK!gx+*|-f-Fh+Kh{p>@evOry_?}D(ONmwV6aM~A
zk)hpDt{ep%s#Qk`qkQzzR!jS=LjJIz#?JJyq6S3p4W8s!6BsocDyp-6_W3z+)LFEM
z{_zp#rKUS>_2s8!Ba4L8#hJ#wFM6p;G2`|Mb4~8DXN<}S{hy__syM&I6)EV=+#eo+
zrB0g_hoLAVVYvNA?W%kd<f-~D1Kd6moMX8xWkEx8Im9_hV(%@V(8hqv>}*6rHn@J5
z-wxy!_UOz`-589^g}tiP?*jAt9=QiiL-=Hnxu3049#^Ph5c5FWxs-D|`cz%lUf={{
zZ&Z?qyqb^eS-tlI>Sv&CsFM#B>_kwa`u6^aX%b8n{DW!Zne~v+T|TR=RpA=6ml{G1
zem@)~@axlFX86$;Q*f3w`l52bPo3USRf-~vX==bqs-elhH)&NV^1imiYE@1N0z)=S
zTxC%b|6FuD#X1b+1&T6fUVJ8jQQ4_P*+5xt+LF?D-5Y8rNDk9(dr`#VSUb&KkbRzH
zO?nq40@wZ&or8M;h*4`-zeX|!IH+$guSGreS7;t(V7z$MjpxX&6fjk4^1&@r!b){Q
zyl@;u;$o&g4g6cvV=kMct!mxNMI=7U{o2-4lJ6GW<<lrkhiU1!k5(8SF4|LUG`D0i
zVp}bl4w29l9zVxjdYg^~O2z{+`y=;c=!*dLcNtvIfMw^(4qK{)#g;|;+dwyDB-{7u
z;SPL-9Ut5ny!G>lyI>BlR<4cZmyT(vvO{zlkHj1d*^o^j^h)#c{?xese?C+{h|?9C
znu<+ELG*VT(~50I<f(DA&s9^<p+0>%%rT$WXeVzxTG8z+IRcbt7de@doEx%cm)X6}
zuhDlj*R=_*-cL53*F?)%!!>g&OjY<*N#i6>G6<u)V^Nz8ociY4xb6$L>S&F06`!>;
z);Zbw%}}{s4D(w;F{?pb8BhGEB0UUY8SRZer7<XmKN<i7H;^!y97D@WI9;26OWbY!
z(z%*Gb5RsX&2THjRxcW*O$1yCtxIm6hWZ34APYP^K||ZTMBi-Vf|S@KXC$AvKZ_`T
znIAaPGRe-=8X>j_q*d%|9I~`~)g9mrOSCxOKa3`^xpal(1mlAvye|WJD+n*pdR0YE
z0n{s1kQ7}-UD(<n?>Q#Sz)8xSUV88o1);R%+WU7lj#rt$pPRmSZ)n@PH$p#jyR>%?
z+~xv3gU+X<tCH#s2D@LBQ%89Cm;cT-k~OK=U`kqnSE^c)Z?Mwak$p^=zVNQ)XTH4d
zbI#2EO0pKqwWncvZlk~HvMhG|5lN3~o4JO18Xf#6`e?N3OUk_{>vFwd{+vPNLSY<)
zk{v>Y>9<CTQ-2S9oL$1iFLgJjD2m|ab2y^s+C~U~N}kC7tfefj7<<U-WA<|J7Kwyf
zQ7l~R?aGv4>f&bm*VG9gwyFzmxjAjqipVvIw`NxB?<0j-VD+_EPwve!XwiVWTI6?N
z<$oeVOy3c{@WgZd@kV3L2+uy?g676QPnPzFS)$VM%pg536^!FIG)TwWX7p8E1j~|V
z;z0$+5n>AvWG9k-El><Roh#impU9PI)F6ZKT{3^{fIe)RSrV#AbLd6N8p|;I<KS+8
z;yTS1ES5K|`e?axu<sRuZ%?4SHhF-Cn}RJq*Z>f}T=^ur|HIZzVN^Q%O^CfKQkkbE
zVOMlIGuW{nFToL2_f_c=*?b{qb|P^dc%|~V@&tWw64-s&V^HXllMQx)j$)f<hjh=W
z8<8YQE73~!e7LsfXOb{`vvI7a;FNVXM=&zHLJ=ksr<st~_t?vi0qVY?@1VB}cK7(C
zCNP4rv9J2MBj)mQfKZs%!7J<pP)t;5(M{G#6X!UYU*$hBh|cfY&rc&|f=JHdjolL|
zwVB4weRz7+fjl^&G8gv$E~s++Cs8lE!b+P@`~G2VQ#6;jHk_+E8G6{ZUGGv^bBFgf
zfNQK_SSlnXQPUa^b_=K~+a3Yg=Y8332*mL=wxwUW6~F!@Lyak0#M6|gV~WMja=Jg+
z?P2jQw2rtSfMVbjl4^Kr=9m0{_7#?8)(_!v`MB{Z+@5KsmD+Y%g|0l760>+`GR9Mm
zGXPbywDa?s%L+^W4pOv>Uf9S-uHyEabK$GlAU##HeqPA=gN)wXa#HBmp7|;LlnHOw
znZ&mU>m2`(28^vM;3yyZ6d|Frj48){aQ(slyNUBei}fk9Dc{9-Tl;*e-X_WIo!*Bj
zj`93RhB=pDT-VQU`JW~ZPu*J&qP=$gvCChkQm=2l6al_FOgqxQ?HsEvOeo;vqw}l+
z4EM+7tKjTQIktbVD+)J76}QvEK)MAh`X1TvRgYiZ>KKz@#^cj?8AGc5%+T)+kiC#6
zUF^xccIdt%yI$yn@@JQIjXh;*W;r&p@{wY&5%u#01?N)f?QVgN#~X#9cwd5HWI^U6
zmTBqEH&@1|eetverE7<+GKC<auPM9--?|VYolC`V$o6PUB44RFf!Cc$w0@8G0Y8hh
znSO%h!iLkt-AY^*ef|~2cPL$L$~`t8TSt90`yzN9(fxJZp65>AL`+$Go{Lo+f4DKu
zGkJU;iNH%ys`iO~#)qs>{ZsKgigHHna@?Z55e94Vr`DdE&KR;vuxrSRmy@#ga7RA~
zUoFvs_Wj2}9BmpvL%VUE*es}wKM&o){&K!C_uN}wJ9h066H!By4RVXpi&Z(vuuYYQ
znwU!WxAR%|snSCmK%3blpk-ZBb@+xpNu?8Qt;4z144naMQaNHd8WZy>F7Ax-5gF;6
zr%&~xC3!T~vY_?mDk^xe_!xf|nA<lX0PR?+Orj{ASVE$pZce+M^3xlRs0BI&lY~MR
zc#C;$b{tNB@?R5z*qU$5?+(4DV$_Qad{b;{qt3Rqus;uwWacVGR;1xshnX#PswcS2
zU>*c~ro)e~-en5-L=M<LI_{Zn36Z51f6g9i7N6C0U0Nc-bW8wMGW|5GLog~eFE3f)
z_H8YJ4(pl|j*dKcC~wVp+G&B-9HV{z&Hu=>lUNv&xfrg$EEq~z6O|DGlf9FY`3@Rg
z|Jt0C>3vk{q-2yviJWi4yaz4CTYx-`MhZMD`wu0SB6{FDgpq_-rk2Yl_7w?CH=W%+
zkG*}QWxi$5<j`>7@AoDj^n$u+M}Kr#e1?qp7U2L1YvnS^k>jwaI{Wh3b_&kWE;r_*
zzQ-nM+|1}+Ih>Tn`G&Bd%95^G0{vNuJF8D@c5;8nFNC4~3)|@Jq{@M$7TblIM2@?$
zHI{K0>Bj{yNV~(tr~O^S*rlhlGfJ8tjLKo)Iu<m;XSEme+q*a|lJ&Fv$Ms#x!yXB9
zqVCZO`K&^UeJ*zy|A8fPJfF0?DG|Qyy=!#R*yEIB421AfBwuUwZ2$?Hwd!b{^i^!e
zmL|fnc$(DQHPK5ib&gEUC&^wj9wj=b|M1h$4l;6qByvIVwr8<m;JWu2m~dWRHO!Bp
zcP0hqEU#4~(BW0fwi?)&$KM<v-Fh>KgU(h`VsZEZsvi5?)uwV-(zYCs_~Sle@$`i{
zTL_^VP48f1ML9|Vt9ga{{oqu!Sjo|&U2ZOk1}mBa{S}l6TpqX-VafrRik#)qIUDH)
z*$)Fa9Q)n!C_UWbuZNQxTa0J5kG#nj6_UUwzHEol%rMTM_kIPy>#QVNQZ0E*Q!1^<
zMWH4<_p_?~crx3*rJBMpj|Du8OXRz(;t3G;Wsy1K%D!~amKG~i#nC#|e!#&U0L?{@
zj>^|m9tG0MkIccu9D)>Y$oMhpV87JCgr%^51g9c0*RqIh(3*x+Js+m6C|X}V3tyGK
z9_K04&z{+*r@hu$JSha325UB|YIWwX?%{aSQIBlj64iA(l8f-CeCo_Q<0;+bU6hu4
zYogbP#$~W)>9NoKvtoa8bDNl#$CWSufhZe$ca4KS94MkiGRgVl)V>DHbYUdQODpDJ
zfx&+7y%{Eo1p;dL4OKY2h9u8gZbp@P=X7cEkp+j&SR$Y6a1RB*gw$thR(CI9;^liW
zxjHoZA|$GZ&e>^gPY~2)0Dp(Ea}Ari7$R?v#QsktY0vFd0*-0t8d@ah4}7$M(u~$d
zIa?fbe+-Lr!EQ+v3-a-<st==3@p?Y?Q|Vpy96H*#8W!9t=9pXyFRcC8TmWx&Ei}&`
zcHd8y#9lc5Mse*7Jh1Fb!F_Iwg5j&5{NT1wkbiw940dq%wLa621%f&(gd#pH$E`0b
z_1A`z{y}`-U>!DBFo^C7nF0FAh&VFzYeD}0(YqLnjYN{zdR09ucEEbJ=AZ22t{iJc
zUkgiQqv|>Io!amU#CQ5?dmC4$@c8x!VxsRb28qL2(h@J#xFuQ@%RS31S|1L6j9WO5
zo#3AfD+5IlBi#QOMSVV-<Pqbkj2AuBX*4_@eaqO6bRO81j`GIY*t70c%T?q)n;*-q
zFImQfjF*bL`k^4#(h*OgaWyrsw>vC^{Xejid`L+L=vzLX8_~}!hMy}*sSq!z20fPu
z6wIx6s{HZMD@J(8)ljhU?hl13Xje$?dgyIi5b>MaZLCumza|tpLcdUCENun4s@cT3
zNY_Xla(9oOrk!Dw>Hs;}@i#2esfFE-pK$XuySlH-aTW3Wy-qF?BJFmd3^`M}Ya0$!
z{2Vjcl%WF$S7O%K{uDM>h{0z;Y1Unv2)$;D{D>s`4#5*SrVjuYjd&TS8m_Q2)gc@M
z6S5I!gQcR$f#({ik@=R?ej_o_=uzd|v@!QYd<Lk|B6VcUUU`b*IQOl*k_=$#pw2Jl
zKZ&3OU}^;8Hs_q^lEBM{p^^%6lrdIp0Bq;>IEM6y8(2Z@rA*z#d`F~6#vo}<6#iB6
zVH=(>clNEINPrh(g!FK3fyKvrKC59f>YDOLW^FVJ#kw7BoKmm@v`qK7tYBIFvB5>m
zEcO9}?mxzypaqH{s4P<#B^PnDNW|Fr`4<TFGa2Q7G^se5{#TQVmHq$uI++PMm{=MA
zSCNX7iRJ&_-su9Svb?>@M@1(kF{A*kB<!A6%qoGv0t(9nIy6s4m9t2-Ex{oHwU|#>
z5uBV)857`B)ce}=+VlIXwcBP^vzy)X+Vr|H$2G@yHU0O4=K(PoP6Z5D{Qm9{gbXNB
zOUsHFh)^LO0}_?c#GE6bAUof`18O5CUxEV@g#Mo3Kg=FASm-lZfRa@X1{k8eiyQb2
z4ET!}`Ku6FfKUJk67?4YF)$g3GLXjrF#w%G01r5<6RDAgSf@LIk=q;9E6bk_7}r1!
zsIR@9^7Ymwpqm913N&aBhz@ZQ{~~$^3DybZjHI8Da`KaajI;PkkrD%nk567+UN620
zhXKTrVrT;HF1X+d*h_(fauF2zzfZ%?gL4W0G9HqdKwz#9ZT-AGBehb>BO*f!aAzAB
zP;SBH?8Ao%Bmg~~0R4BT>Nm!q{6f%pL<qpSTiXD7^L+oMe^q~}6JmV3H9^FTc5nk8
z=rMHQ4xpQcg7&B`oQQf5as(A{7-t|HpMVRTh42h8kR!xl-E%)B42bNe2MQ*C!{Fs$
zL_YcFbm$ty^<6mrS_S)&oU)H78r;N!8tX*zwUUPn3k6mbx1Du6H}iK8Dc51Q4^|r!
z*XT3q&+vB093s54Ygi@KH<(}-<nMJ;P$AHu0F$C1lONDB8qhNc;PIQ<e(xIO8}I8{
zjOFgtRj?h%W`Q*Shf$mIBW`{T?g$txKmJC+fA<&mYl-;i6hgqj0JR_73L*&Qr|a(~
zT+6p{5d#6#BS<>%!sa0akpK6Oo@V|rm|%ZS_b=S9Z=cUY+>@-UOvex74|i#Pz#Yh2
z;p-6+A~?t!SnwNg;aSKpf7Mxlfxj#8mwP4l7CP`A#Lqdpugveo`XK|b!xtNFc7Q+n
zl32bf44A{0_R)!eAtC1X{x84uxBKL;{C;2Mmp$?CZK%ptPPShdm*3cL9^*LH$<a3k
z5S^Agsuxf*;u%xGFUK<Ghq*;dK4N;;qrdoy0^t+k_|Wyd(aAo>0T}f6{m_<*fu2G*
zJS<r2FG&W!-;jRM$)6x$S46vdeS4U{Fpyt$m|ng8v1hMCa5Yo>MDaLY>k55!_i1pV
zaZCK43ZX$r@%qjbgtQ<)L<xlULQgA2bcW5y^PtdyUf*i$0dW|y0tL!I7PCJ<+J6%7
z*4UyVf!~__JN&eTgn;;5;DXC|LH5u7w1|G=A&DQ_{IvSH&O*E+C}Z|Rd?F~L_Mg51
zzQpSc+)0sTPuhm(MSe_w{TTBV7%0;n4B>%OVO`4+u6g{a<WDD>xQIf$<NfT2`&krC
zBI2-BavQXy7w0DQmdh11G56FPT+SBM9C+ux?|#N#l|hw@+UBVck|tyEl4J+BW~ffO
zOm<nkQn?n@qA^A*presX#sy*VLeIGCAWewef<CT_{SYobPm_3Wm6I#NE5lr^-21#V
zQ)@iq^tLSgbrDv~SZwO4d}O`}?YFu3Oh`s~m}R+>M1?Cq|1nN9z06+BkKa9P1BdRM
z5xU0h&Dh)Qmv>Dj4n0W;d9;X4fwk2=Nb$ZfPx#oXOrYJKTlW~O7Lnts(R%E-3E29L
zM4BJO<5}j(w2RAbs>XNd+QfNex)D)sVGyULzQ!JB=q59WSc!_>TDk*1%}H2P%wgKA
zNb<77^<-TgOqxD6)Kl=l!J{WH#kq^u0%ScsVjc^ej~Kwm@xA^9ikRD0epxE%bp(lq
zoo^c=hrS?8+dojJZ&E%Pz`{mB;v58Pvc&rK7p#dA>tVPlj8+?9PnJK*iW<D)@|C}3
zp175N8qySzkhJ2an7B?9tRxsv-`5Z%*Cu(2m??8><eHiI1`;HA>q=!49XpaBG`P7U
zP;jT-rEMhlDf`puQPD^FZZZS&Tq4z`l2ngtNrhFR1ljVLJZq}W?op7qw6WYT;t1nM
zr{7o6Xs|ZYk}~c<C4`AusT%N*o+A2QNa!HmG;n|FtqJR8NcP3}hnwjwy!u^?*{ens
z4HcY3Exf)%9uxFbsMU|Oc}(jo(wisiFgDi5?ukoAFRi+0(yZwFMDiL?zyXFKfe{Ea
z(=nKHz}Gi!SCoVxxft*n9OIzS=Pyf>Z}ln>#YeRzRWaJ?P?6P9fEQDg?NJ4kDhMjF
z=D0SA$BedUKYY&>GqY&|3U9M+>ypg)EO-Ov>29Slq=p~7kQ+iYoq7)lWgjE<ijS=P
zWAWnZ*cT+GGb604X(;Z<L*&quW8ILP74POp&*z)uzpr-`rd;LVcYPJqV-Wt^H_2&e
z;Dvv$xK1<Vk;Kn#m;*jjp4q%ysNI{>@{)VmbU&-sj0f-4<QR)0`L&_6GdHNm+d*OY
zR4ut2W0NOM8ipU<>f<ppYF8`2sq)w)Aye}z-LTkb|HJcd{o`oeyvewk?c%A2OQ=j<
zzM0&jcNVvuN|K?JT=h~|o<KvgtPsaGh9w2I%l$4iDJD#(e^*;6+sa_q6bOTZU3!`2
zLzJNm;X8T5mfo+CuQhUkJAE+{4|sr={Runq?|ie6zml}cd=Y{`Wid>4x8n|Zt`r;Y
zWkk!zeh3Q(()FpV_CcJ&z}|?G4D{p^&Hefu$c|ENQB0QMVoaICl=Af&Bu7nP+=9*2
ztxF!oMQdZYWb&{^j`x#-i4=GYQ(t>jPSnR=I)nC~#KsVLzqI)u@<Hh_<;RdYIT?@J
zIpEf(h_Sr7)%qjaAkUKt>sLn|u;`1qII6OK_}qd+eVBhtt}?PFAqYke8hqk<?iYP0
zT{rhqn=c|4W;qARp@VAYp>~Y!&Rhj~@(l5vIu&w8s2KoE^k*Gnx2+_fII%~TjN5fL
z;MJAP+6M~c#A$}NKIM9TDPrb+2k|3OJ$idBu@0t%RS&|;c4Ig9ak`y_{87Q}k`49(
zlMba!GpgE$qwTu$WHLAF8`gAsBw^$4^WyrQ;a1x2T=;O+2`*|o><V`50tq)L#r@K?
zMT5NIA#CL*+Nt`s0mm{v>&yL}5-njHSZz1F)ZlGBHV!LP&OL+I)nb|@H59rJ(j^<7
zvJLr`5bOaS$8{-$KE)jJ6Q8yO=}S@>o_I;B<~Ev#!ogX!)6mMM=OZN!X(~zO!dHQu
zyX>Zc0Po7>6^q}>b+@|(_+^Jj=`E*_3kfSQYo%fh<u9ivtnC>Ly`bSlSvx!q+#6l3
z6F?ml@_CmKPNnprV%WRZxjmK@yzVy}rby?1ad~b_SDql(fmw($@B;IuDt}{A_RE+&
zW>1dY{w!y@a*QhPU+tx8URlmR<~Kbz{e0=N{hR$jlX65xe#K#pr(036@fDOKIfj$-
zu$`sfi(;qv>yYT{P83-jUmfC)gNla^=<SON7ibB8#Rk{!nSut*3;(qPK|a97WuU2v
z8?cut$e1-~>f-tr(B)1s)^aa1!!`Dq)TyV?c+_I`mr>u5b0aR=QDjSd7hc1=&w{}x
zuq?%E=$BkuK1#P~`p$J2XMEG%witK4wS7zt<Dez7vjcY+%8%hhGvZ2M#w@xw^3Ykt
zaJ(^lV7=n)T`r}3CuW3y#(%Y)L%jOOXC3h&Nq%;VdaMARm}2*T_J$8M2kxGp(@Pn-
zw-LOL6(Fb!)~c%USVIwD>IejOTyW#o7ff^6gO67+d`uh7*|cmq=8#=}EKVwWoV2C>
zjQb?9P%BWO7)+U<M?dF`+3;0~yYr7OIj)e+$aWu(R2P;;{z$G1e4b=n*8BNGSu$7)
z!8IPW;?3&nuiA(Ke6m(+$THnafXSJptf;P3kyl}7t9&KsdOcfI!y<^T0O9J6b=*aH
zamn7l^E@uOYFSo;l6x#0zO1cu^Utl$&p&L=*KOq3vw_wu7F6;93o^o=c2rqcpKR<R
z3^XMR7@}PSAFTIrOR90#uHP0G3@DCI7kc5H%0Am}aYVI}O4u&jr}vQwg-iTjhI?PO
z%BKoPI@i`FL~Hk7{W@Pgix>$eaca+>r8mk1vQvON@EI~*<C;-*VBNe(3lW*A@=&!i
zc_j{2WYe10!Axs)ejeQNA-OjFs|Wl;xwB<%;@{;b%bN7wW%vj72;$gP14*Y=;oiBm
z!hamX*KZ~V${miNQ)1WEGx@=EswES;H9Kp`W0TD46EK@<f(Jg933VA%OjcBj_;qT|
zjV2bpWFFA=O7hY<e2K+0h$yG*x>IBkm0DM%C8P-q5eRBhl#z-;yb4oSH)+6Cx-(Ad
zIWw?v!PR~x*PgwSn#mn{=odIL_w6}+gkW7u>E}B4e>>E3RSS$ls|Vw&Tty@Xe9pi?
z;ZqF(kAAtD&ahK69k*Ut%*MjQX3iO-MG=5D_{ZhCx4KajES>V`f34}=1Fkf}9dD5o
zihLM=XO*btX8T=VDmz23Ns25OuKf;VtJr(Txf%j9z$&gX@7`#N6z5(fD=m$86#rZ<
zef90v(`R^}$}Y>~n8<jU`dqF)<FONbJkQw$d#$z3H%JYGV~;y;9z0Rk-No$^Uj^EN
zhq$q{bG}r6WeWnF1l6sFl4x@k<C63_=d($1<X(qyZgtV=De95VQ$NrS?Z~l1j4)Ib
z<Vq#@fA6V(x~+Daod-6lfDfd7x572_C+TH9CiC0@kt(y9BHD5j{A(BWqAvrR^Hsit
z_@O39F&<$bai!gZE%LMwWz+c}_6a=$E>)HZNvHC1>*X}cv#0G7QE^wgE`pHciZP$4
z??M)sNChiKJyFp0zN{Krn<A|d8a84iqm?wseJ{p$)aK_&b;ZknPoJf0n`!FVw-mmb
zQM0=jX3rFF6rH_2<rn8Wj}otzrh2i{CbH8xn75@y#vN}Ny9|9SvU-W8Jfp5KB}NoC
zXQ^%dWx9zM)dsp~W0rRt2-x(w%|N44k?r<NDC#oSI`QXO8a5JRdJbl1$nC1N>7q8y
zH5VwfEhAxbk~JVq`(D}-^`aRfrf|H`r#o16KIm5~)#1g4g#k7wXFjQqh_Tr!twh+}
z^`q80E)2odgOOOTnz!i(y)*n7voT)r1+k`1NHb8`%+zhG-wstEC5Oz2t}S0WvlD*9
zzP$tr;ZVh}Dr3(>20GMpF>uFrt&<C^Krmn9f9v~~!QH4S5Mi&LByzjY1^V!9yF$^B
zS0l9XkcY0xVIuv|=;eSy%DO*YY^!=X60G=Hv6#)LL{=A<fzW~#Ns(T2882!X@^lSG
zSy`Ex(#d#s)FY%*(##DGV-&yVGtaiiptX*whOMHP6$jQN+oi!-uES(n&tH4u{IQ;t
zMjG0IIc4!h3e0&u(>O$I<=!1c+Ag+YF%Wik3n<OUbnrb`519OlYGw9U({u=C+Di*F
zqnM#`(@&7Swd2LH@q5)19!mAj;L!ABRT({<uxkDoadG7Ra(i0L?QcWn(EwL_G#O^X
zp3mu`g`j@weH?RNK1Cvnm1{P^jq+B)nUjCprT-qM?Ni$5nM#P3%wXA?b}bm7?wBz&
zDZKO4HLWDRDk=Db9;XaT`8N$r{n6+pG==n3ip&o-EcW{g5J%p*la{IhyDtT$kyQil
z4o4W|V1Zj5fhW+$?(#wXx~7c*1Fd)=SLunGt0tvU3+pg2^|@?(b4sS>f79n*7LwzG
zJwb)9fc1PmBMZStg1x~y+Q3vQBNLzB=j<n6oPKbWUQ{O*zcx&Q!R0TyJeAP+bIUv?
zSThdVJsK`~I-5m&dT@BeuB)XyC1fC*Zk&WS(-xpKkd7Tr@alD+)P!iXN%By0kvx67
zs?7h#E2T!6g@ezi-Z0l4yUo_RfqTsUuu5`iD2jZCAV&N`+3<wVPgUwGvFrptFe-2o
zVQtdg5yv{GCx=*GJGYUvNBD+kg)n=4u9IB0g>CwPK6$^(9A6mE!8+X`eXWSU4Nm;V
z=!#V|YgPf<8*oXb9lJ(#MFDP_|9zFq?5bkSAK=$P+>#)WY!YBu$<o8UhC`E!Jo9DU
z@Etf|;_rCVD&5wv8G@w?0ML&Gm{S2<<?+Ggw<^gmzFHZJz|_)3u(z`r<xb#tsSRWw
z5_x^zXIMGaN;A9u9MH*o{nW16r^Q2=%Ajt8D}F&{*>_DUr^pX8_v6Cy{x_8HLXgv>
zWFyQex;!#?vg`jQcm5yqj9tmETn|wPl%$D!$??i8ZBhAkbeGfa{^B|yciJTVBSL?a
z1$%l~RX^PJ7P?{A0H==GfvaDd6#Z_fIMcnPhlbITo_9MO%8Cv$td96vX{C#ovqLIs
zB?6;6ha9s8UUoWJ<}*bu_3sB2iVM?E7AnOJq4q`bG<>w--0vi0DLS58Z`Fht;_2JQ
zrh|=<JEa}8<bj-4fm%lcCE!lw(ogF>x+%`_P9T(sw_Ywg!F?>~edjIsOiOooYlwyU
z_OqA!Ry+DO(j0%m>$W8O)Y>%KP$D8{r#>idBUOUFD2k(8wyblBv_6(0)3+28&v}oY
z*jKFiW5S&sf{bDS(+_`yIq*JNiHoYUdKbZSEdF|bL{2V1FO;B$zXfWn(f&SIpV!<%
zS;3x<r0(e&oqQt}Jxrg~$0oV>BKXLVcBhXu1P|lv!8(ykTHypk7wT%l_kj2T-a{qc
zGefa%->-{nXZ<jjT_cR{-z2#5li!gB*EtfpY0sWm$m5%~u7bR4gXFx_?yQRhpR_Z&
zZE6~Zg$E>qL-MdVv~<D^&E+fx^-HdV5yUlyVbV*@c)JKvLR?8@iZQI(>s>jPsL?LO
zA#7L8mx-wxnss~Krb<MHpD$MsfQxgvYD2M`4yikL9~17(%fdvyuOP4H-qnv$lab-=
z0A#0du@2e1r;q-qkz#3~#eMD|K52)!R@q&Yud#l*j_3E&Xtj%=M)-v~c%X7if2QWI
z*Hl=VML9OElxRDI95wsYj2pP(Y6-h!>PO1K`<ve}wDh0-*X^9!XAZu-gA6Wzy67yA
z*ZF<mo<KZT!HLpT-%AC|U{0f;dL?%?2J=kSx;-hnu+Oiu$cg!&ZXq<uLXNOtU*fzz
z3c%<}9e~SIntklGZnS&?UVLXM(j`ii?%`kDM7s!>bO@8uvX2h*DOZ}Zg%F0AsAG`L
zRoB>b_%6$QRriS%H<`DC8sL4Hn5!X5=5@H<N`jPmz^<d?wfz;Bg~k<VO$?#yIOIb9
zx0#7D!LyVH4(fNg8qWW}Xgt`__o_oYKJ;tuYcZ|2#H}^@{}?;R7)^qP(T=gB9ox2T
z?%1|%&yH=|wr%d%wzXp$&+~0=^4{E=yg$C5)s=M8>7<jYK6TDbNqH@JBPO}|i6gYX
z<LlGp)Fm}C|Hjg+6_m;^(XTkQtJd+Dd+zGXzg~Uj;g6(he<>T`uud5*$H+`uWMTQ$
zKNgRom2ogf8;{jg1>NFMaE+Z;qO%7Ft`rn6D+WVGb{5%AzR<K-pDh*aZbj0+;*}x>
z<T2=aosBN-aKiH!j|guRup!+D+SPNmy7E`SkEVF>3)lBkC_7&#=l*zioJl{h7a~&b
zM3=^lM;gxH*N9)3qnp_jQ<&FT#1rDMp|cuoOrueSU{{(WAa3E$6p!YG#PK;c$DI&I
zt*3IXs198>676BKpjOfY4ucgExhp)dDvs8O&F9YTbKSH=V!%;1*do;Kw6-P}*h%bN
zk>1>GpDz~Fs-O)Fil@ZCwb^+QH<<K4jpw$;oJyc7&1p^{2$r3stcR`$zO`&TEISb8
zMF+THHA2saI3sgDN?{O$8(|nt#0<uEq!$*hb~Zb&*1HHI-ziyHM30Irsxb5}|EBiL
z@@go7J+!$1=3D7k1QvO1+KBVNGOYdmw$oCS)hvE@@$OY1nfm|L2JLzb^qO;5K=fg`
zQ8^u1Uy^8Vc~o|>An`K0HMxVSsYS?-inq*P1q=G+ej18OG<q<WtT_~?m)6F2llTjw
zX0Tq4ma4u3|I!NoucAF4c#O}6Pd5?qRTL$q=~|N1_4dE57!kwbMy`Jy#|X|e5O&6i
zwkNC2)01qBu`Rco!DkmX?GfaK!R(0ZCird4{VH$nTKhjVHnG+=9#qagLF<Fc?@+a_
z_Sg6>KgLefM>brr18RAmK`*E-!hg4#w~c$ONn`sV(P4_PcFXTp`5t~t1Swc;j>Yeo
zKwVuB2wg23Ec6=UXbia;d4z<8O>OAAw8dB<Q!O-H_J4BsZlgmN&7eC|s&YP5W(DxC
zwL=N!PYU>vAm%5}av^O?%c<_$j16<_)0s`s68NhZO<9I8QjeOb3zl(va#6A|Zx8ud
z5c7_(6BHZ$y|9rG9gk$O`3WK#?PH*Em5B<JF)L+tZ*06!_aYvVS`>*=fTOjlfvn|j
zkCXpHk^OU!kxMLO5uBbm=WM1J+k@hB*Vx6B^;E?*GJ5xBusscy>hdUqliJ(#`6Ga`
zCAc%B<{TNxF5=9*1LV(oQ*(!iINv3;Ki@%z^j?ft*24wlhzD}G3q8UTe;Sc`?AIIT
z;^afguOIQjG!TjL2Dc{YuJM_Z6`sd%^!0Kvo4*kyGeg`m2YM2F<`TFJ5`LKQXD)b;
z_*FN#($9ubv_j4Id;-*K8gZo)x0+dgxJQeJc6L8Ry>D)c<O05~lipsclDJ4`xKLvs
z>P*GgM+ESj-9edqAoib0Bp7P;M}{+(^COj4;ij!azqN`@K0WqHRnt%QyksQy(rK}o
zs+RepR*ESu$&Wa8JpIV1myryP(|9BPRa+Pb66b*o5j;*<KwJWs&{N(+k;yLc$1!)|
z*?MD}aG{Y5E3#t@eTpFi-BzZG6OGNqr@tV>K|bDC?5U3hZZ0OBA=pDj#v(U#w*Gv?
z!Sx4!S!&-W2pP_{D^d`>9aE;Y`F-*J#XlQ^k`d#(3ffmZ2~ow2oZt>yV2^T?JNEh}
zzadzuVXiB5^^<2&vacFEAMewWsF?^HPGw65UnkyaCq?sWIc*o!0LR_zJ9*DgR?}eF
zem3Ccy~GP^f?F<Wbr=mLA+NnW)Mk-uS<`RR4fK0QD%U*|72JPi8P5D8-xNRReSMwp
zo~~O&x3pEl2HUGh1M1lN2dm082PNYE;D+*P9~}2^cg+l1JpS}RP^fLY?<+-Wb!|dp
zY9v=er_UB8SrvB~@;UDv_Lk+oLr;p@WMu3t`)BXqjLXZgD9}PsHp9qmLu0U<5x(CJ
zaOv&yCSbJXMzC}vf=#t4p1C(8<1Ypnc=pfmo4IA#uMDo23HZ}si2cl9^2tJ{1EPel
zjvh!#h!%*~+(s9(nbsGuc_i`;PJHZ-H%B}&#UIaS&<YZrKWrUy!jlRjuGR(Wl*wCE
z#|h>xnKslN!mnAPfMgsu_Wk8NwHdMcGiiLABRbGYHAC`&-4RObw;Znt7COUk)oG$T
z6dQxNG-beq;0i^)gg)dIpZ4M1q3X=~HH8cQ(u4P6DnbnrK$0fCqG=!+l?OBgjdDt)
zbJ%FPjmm3C6}Hym5>6A~r~I0*;QOWN2l~d6e{*nMzU4}l#@-t<r{Tj_QGRmNH{LHF
zB%8P0wFSaBdNS7?L2;M->FmiUGV|^C>c@Hl-FKzDMhE{aRuZ$43x4KA-1x9<(fLD{
zGtDVa)s6fRj^AoRbc3K2Wrx1r7!|N(^?0$~gmAU}4T$`;L2_^<BbQ42`!Wb;E=P2H
zsOcCdRl*o&-}qfZT3`IJ@VC@)6$WSc1}3|P=)y?L3906`*XL;1V018+PX(gka~Wb9
z>7KK%r-N{N!rXw~!Z1<{St`9-<y`jY$J~clg2>fJpBv86q>@K<ISZ+BMEVVt=}$!g
zT-ecOOV~ub($I(`$PT+MJAug5116>4Lp>MEsnvNSJZXGhq~j-^ikNO3b+kPw(tl77
zCnT}j3Nx7P55F}py{>~|Ath6qdYe%U_CXXRJl%aRN14h!tu%cI!m(SiPV|ji^j3(|
z+bNWlVB{|U_RSK#q?^h04-TGVi|pQHJ11B;!SGjAt4yd<%*xnt`m0+qRNru&#Au0g
z8JGmVN-ZRAy!|mDmCCC~y)2g3+F}*K2rs@QT$BA{5{HT4>z6Z>)C<MYjTGSLF3YvN
z%8c+9+1cKm?y+7|Iu*a2M!z^2&U?<9s_)e<WBm$iWCKM`QAx-*mGk`+6d|-ECD&FG
zGxc{T`PVa@dPbTRV`C>N_);KQ+9o?1AuI_ld2d@^wyDDzO&dAaT19<=BvRG->&V5M
zDJCCYpARe8BC!UZ9E;{DlGoRYb@a10MqQ0dN@5<HShh$rTDCB_!_#$^c}MQ_UzNS<
z%E;0yws4~Kxg9*0Fcb0YfWDM7NAqG^&?(!mzEq*`P)T*H^Xb?GZAq-?MQOawH<Jq#
zlo-Ox%RQ{d2Zl@8_oAqpWQtP>ec+e#i@wxzSy4IOWbd_VBQ(AXLVFkT>XM6)-^x0p
z2?^S5U&-Way&EqXNTeqt9tQ-AF1MHcbJHG<VCn%BG5cmY!H9KttNDfh;cFIk#QJE&
zuT)RSnXDNW6kF4C7Lbg|LBnKG13Z+hm;&pvwIB@yzpU841FN#<YJ9fZ?d<QjP$f!2
zm}p&w$0dIZ%Dk(#cXJ=g1~>9S<72oMT2zAG6$SZCcXD7=-is<HEntE9W~$@{_7JJ#
zYWGP76qh$^yIvGk<Hel$N#Cw!u`IEfI=wqaGA&Xq0)o=9x;y2RQ}<@4(|U;+KROO*
zZotb;vwb&cm4P~tLj+~jPenqb-9syGqA)q=b!m^~=DtiFf=ZmL(dwA*Y;@H(>^#2Z
zC9oA1qQ<D!Tl2FtFm;&lM>NRDrCvyoR;e2&BBDcqb@C8hCW881J7>_1cLd26q$UV1
zDAj(<DwZYYF7whn-*J(i-@^=1Wod>>qIHe3Ps)J(T!D?Hy$>H$s?$mNEAw*k`wF^o
zjTt&oIcJ1L{YEiINx#lVr2n29^?D!q<5T5j>2`Zqz%CFp-({2hzwrbA)T%@d#@0Xh
z`2NEPFcUFzaQ$EP>OT`J6Eio<e<uGw6Du<d7t8<YfBr8_tSykLy5}hLvI+Zn5aEb7
zY;}V><UhA@?YaU-cXoohd0~GN2?g;E?gT-5NI80$n%_)se*$fK+ke+CS!i5WsXVXL
z#h<oTK}Bb9FQbtmgmN`DG=o8cph!zQ`+yK7B%{L|3l$f7*<3?FeVa)XFMx3m)fD~=
z^hYMc6Q+<?;E+Nsr_4h^155CL0$=9_z2XDA>H!lX3IK;W1|lI}P=O?{IW=-XQ#FDe
z7ykSSA1eW7eS2eRXLa)QlnLwsJDb4*x%&F*nf4C>AHEWbTQ#Tn8ITm2j6QyI9&Jux
z7yz|AjdOeqFrYpQt;xx`f?QwM)zj0GyE3d%{3T-qWgbx7nv5=l4*|~I6)+9jj|)YW
zy&ed-ib0Qsx?7#Zc`4Tew>~(wK7;||!yZ^QCxW@69>O+8bcW#b#Va5#hf!>V76y>f
z0;CL~zT7xK+|^(Dm%h=zc@x=>;|)<+Su1jTVTX5cjA0uZpn^eY7Nct9?d7LIP$S+Q
zieRyze4{v>m>Z$8GX#(U726O*^kq;?Ue<T@FNWrEt1t3Q>KW{B9?`b_OMJOaXv4Z-
z))vq~T!Zs|Ym`>kFf86Y?jCJ|ls0gIT_SuyFpSloF422(8N6G~Rw6a{Il|6K{z`eW
zmcVs7VR;aHB0@$=LQ0Th5RlGHt;TP8;OY*+Q+V=s`+Ft0gMxPj|G;4-Y(jf0<k>mW
z466Ad7#J5fPjC-E@cPXmWONphshz_GEF*}nme>+#>dz8P2N+iP<I&;{eg>M~GKL5O
z0DOO&-;pu8P(fS)kiO&Jo1|pU$1D5IKAMmEeGd;6IRhx+pfLkNgK=RDEi9nHJoEK?
zfV{C)k<SKZAi&7fU`-)Vg)hNLU!HPc%GE<U*cosW5o*AnQYB1a0t2D|`0M0D$i84>
zDfk<xb?G1S1(f>oNCRe10^5nKESTPqIKK%2!1%4<S)3~X=7Ch}th@ql0fg@+_&88`
zFA%V;O`g!%+Pnk&eUc-a#~}=F{9a;?;m)8=w3hE~lhM+OJFdI3IWc|lk6X7|`|7nZ
zw1JUC|IrNa?c@^&4Fn!}YcsKKmBT^2kWCBfQ8bj>xqO(!{IjrH<pa7AsUxtLzg`cW
z93Mes@$lug7xE;4AswK3R|>e+h|Zs)n;;zOFw5uE5O>SXoC9DN5ij1;eA^%#jeBK+
z$czDUhYrJ^At?Z19}td{eq=)40J&?zVNgRAAnv{3Naj~?-k~f|qTkz`6^Qu{27kjm
zhG@_NzzL{Xd^5hKtiKrCQM0}gzLn^6jQ8)WgwFd5Gk|0t3C0R=8yTWztn|b1fpC=j
z50)P@0EObpdH4YVK({aR*|<1`$9EH(Jo87wuQ75Mu+G5g`BRGm^B`dkcHtR~6=SkG
zx@=Mr$+1d}O*}f%&@d`_eq~e%n}5NXOt>E>i;p{3i(wpglZS{J8&l1H^Ke_y+-`I+
z>ChH=)6mMCSmQD0%24<irKl|$a1S1K$)l6uQn+3QDwD(yTZ*GHbY3jy4ZRmuTxZBT
z7W=4DPg9ZX)$Q%-8D>;{#3$?B8tQJIMp}T^6t4;*T{&*u>jQ*J9|zQv=P5r#YS%39
z>(scaeZjw@J9bR*69EqlpxKnm#PS`=LEj}wy5nlv(eIib+~f?O=bm|GEN>|FY$*@=
z)u=_!GRKsD+!V|G#UiV16Y%ZQLR*x>_7e(w3{62FrMfQ89#9XZ$FfRc+7g~waP(5u
zpRInG2>2O99XY?W@z+6$+vC|6ER?;pe5v>!pRv)FB3h(s*_O<VeAD5w2InqEO<dW*
ziwyh{jTDfbr*5eEWb6<y=3BsYA9|I#Pn2Z2T{tN`$mx9vqGv=7=`6ZKX-|`ukgxG-
zky|-z@sq}iwWXtq%+RGi9)6w8IrBZ-WfF>kwJ0~cvKl{;7y7`J{$uNrZ+(9=l_mK5
zlKBrRfd2VSnr$b4x^LCRAbk(6FvbXNA2EsCl0_7X;w>&ba|W7e{yx9L_IEr8ypRS%
zJr7}a6E-|_0sno8#Og7ZGjZ?$1<><}XrSjZ_|DGAUYb~2JM)$dVUI_7t3c0m60kR9
zzdh1Qt^Cdw$Re34t6B)FHASbxAEB@q72odze9`c$>m7^Vb{#o_Kc_PYK95~KHRt6=
z$?cBr$-O-139cKK8F&{DS;$OHyRX6fEc_Z7{l4?@VlGx}_l+x$9w!eIuu7KIi5gtF
zu`g>N14$jX!qRKbxH!mg$RJASbUwgXPU<K917?_El<s+4w0U5VUx)cBMXj)%7?Z*(
z?)CP(4U-$reHy!OOqSv$`<|YoTqc*ZkQ<GGW}jR}xJFZ7VleZ8y)OgR-Zt;-@DA+=
z#-x`>##Djpb_e!)`QY>w?M6nN{KnW`1%~a`URJbm=dSALssSN5i%BnWNg}8m#Np@E
zZ_d?BF|0t5hB?l6;95GWMbS+?6ckEfXLoI9vfzpS@jXod%;C_Je~id13=-9H+pjv&
z22WA&9$);$tX+|2txsAh*u({QF`_;qzEg^$=;CbY;E2Hi&Z2~raRP%U@1lg@RK=?G
z&gbGkI`Lik;FlXMN?cJR&~P(k@8WQt3r#E4cXDczZOJTl$X7q1l#T^J`^ixBXJlWw
zzPlw)^e>;ggT)WNbqXxISL1(0Mq-y}wzNTWl3J`VB6x;M3TnC23hMT40tN9V|Lzrv
zsG{N1$~Dv9B?EO|44-|WF~_5htFU_tO(9pf&#$b5tv6KWr=R=r-p_|T*4sIibG=(D
zo;pSs0cFCB3@phvjEU{XYDNxk=2Pp*&Tetw7a*<{LHpS9G%Vhsj)(9ePR1@&ex7sz
z!PCv6ts1803opO-1wL5gf?V1u5Wa?{l=mp?m5P;|l2u1dN~jfP-cHwJg!t0>M#()h
zzY>1DAc`kB+RwOK?cZFBCEVpD@qmstYh5wBL%D=s$)K7SZh-uFJ}!xrzemB}^D6Gi
zI^GUrRMEH!de=7F+wJW!Vw-0`?Hobt6e|o-nYV+7gAZ&*Ry!(&gP`Z+uC?Lxec7`@
z)Ak8v_xN@boN$L5dpyLA5yupuoSPjaUT@SvoU^x@1f7kH-6NwEdlx@;kzw6A(ok6}
z#7H$w(%)a?AK}WqM0CoQnTqEeT)`&a9aW<Q6=bQdt$<x@uUInKn|x{5Ux0Pf!jZD^
zhFQ1MMbz7EQyRH2LxyF0E9hNdOzm2KW7jg;437zk?GZHSJC$xx#XR!M^H5+-d)Ztn
z+8)c_P1Rh|spO3KiwJ3uLxKR)pWxrI*Q_g-jfAgSg#j%+*g1sk<Cq-FOj2TmYL#&w
z#daj|b?Q#xAIu~`$NBQ2KToNYfT00A<>#+jbcq+&LHKB}Sc^q|fIPYi%i_Q-<1G*(
zhy!6MqXA7Eb(ya6liwUeNJFi}xMt<(J^chrkAshgQVLyKrGl&KE%P=w&X1O5I_DZB
zb}+0A(w0vZFxoQiW00qqxFm+n$7jfr>A$6o=PIdQ<ce=+Asll`x#fC^U?=@LdIvu~
zEE{hB9`Ep)t?=9S(=1!mJ1r|Mf$P+)co;>vY4|E=@4XH_=~v%sVTc~s_pM;Y=5q1m
z5<i^H*sF&5c`^USv8r$}VtBO%o~E^w*9~Y>a&b~m|8uc3cq(P9h{Xv`QB(7a9E)+V
z)JMGbl!TqRaz&(TvpSiS$8#OF|5|QR?2kXcSA8TLAL)gjmY*t%=(YB({SRv+&Yt?A
zjFDWHdZHELry@An4#b+DU7wY~*^kmcew8Xp#)RTDQpDYCDXT)qMFFZ8FV&s6VTWTu
z_N*D#sQOy9XJRH^wjV{@78HtV4!L(rBgB>X-U9)kc;Ju@!K%{U1d?D8IP%O0ZHKKX
zpTiuMCuLz=%NuhJf9H!a)5K)95}`+2BB(5o$PQz{SYYW~(sRhcK6giKbS7TJd=yRj
zb<4eMPR~StT&^WcrmGN=*hW;~7Gy8vu@W9smdJ4Mp~i*y``_#Pw(e-ztj1o@sjTlX
zJY32`U0*yJ*c;^k#rs7;GGdkl6myzGXzZ<X@Xcv*OU~UtVT;<%hsy`p!b~qAL@Z&I
zYDw!?cqSV^ZpZ3;=Ej+t0}vlB8w_Gao&akF*wqYqXLmt!>Ij|B&4<tJMdOT-A};M*
zsxN(&{U!drG8K10jlUbC_)Y~{nHMT;1{`s{5HFt+l<(LR5=}v_xpR_buj#cfNkKcJ
z6!f8aXKDQc!LDr}+rj)z73nta*>(@lGxaE%W=*yBejY;#bpe$##6t@6n);8u!28vW
z_gogGMh`7DaHpxigr}+pL&=JcsVvJ5&7ouCkb3GC_kE#-K$@w#8S0#1iYq<3@ezOW
z{dV3+!h9z2E`M*mxLj3oWaFJz>H1?8FYjH?^y$0Q2IkYAf-*$6H@sQ4RG&G>^ugPK
z$1eXvXGhs}dAZ>vrkAfSD~H*J6rfRj+;RhH)BxJBzAW^E(qx^dry`ranW`sU=W~=q
z$A13n?O5o6E_gB~LDP{Ex$Z@w)~c3DEO7s4L!cZbrsfXDE!5V`9x+3=qW>!a^fVi8
zg~*~0DM@a{5~9O{{hQ<}1CtG7y#!$nfAA!&t@@}ZEo>4E$*V|fNA;{P#Zk~maD6-)
z8c*0t;Y7Q_#$qnJg#8#`YRwed)8QE(jds<LctLOmBHt^AaIE(?)B0F!4&2VQvb~)9
z2rfrV%Zx3?fI;G55BlPKL6X~y%fY!Q?v-fWyEe2TlKB0vcpm$>G+{wVdL;ztD^~Dh
zDxTP|T|wDQ^?O$$<d=lK{_N1PX?u1A^|RlZokluNkF0l;YL<5vd@WlR@@qDtV>;EN
ztuC+W$DD5s86PNct9McIrsILB8{vavi$3F>XdW#L8g%IF54oI_dfrZd#_UTIPmS{v
zn!!A$D&d-IR9kZwyY%>1Te(2hrHhb+<yyt<ElZHwx@rXlYiAec2M%zhwx-f6`lx@s
zEh5zoAnH9C?3C-Ak+b;6Pqh?j;OaUX5Ks|$BCfGg6+Ns3dtZ)_$4z2^%ceD8irP&B
zR!$$G|4iLLjYk+?+jJE1xeOs9DHn>#N6lt%v+fQguiD|zvB4tr-YvcVfJr<SxX?PL
zhrY$5AA^>TZ~xNg$VY>|Y`-@6=Zs_Y!6BbcR?-Cw<4kaxmuEW~yAsl@?#~=HdWK<l
z8~V{voxQX?SiMmDS_FaQXQ~!PE`VpXJ^%d0x!S1?FfJ=?2cXB7LXW`Z8TUHsilq}Q
zz;l~RQHb{uM}gqt1lGe$7oL)oIx41ZsFHDybN=uUkj94|hd&{moLpZ~1CKmjmt9m#
zPTFiiP<J^qVJt+jk$sRm4Yf31^mb@X4i}*4#<ThXu$nmU8Ei_PL{Oc!WK#Cqs$MgL
z%jUspeI@>B7E%-&P*MAAO5?6!t)9oj-43rCLag$mpEyu>!olT8*vuj8^^9OeAD<v3
zqi~w3kG<*nMAK=rS|3Dh$@6`4912~zs~>s>Jaf+_zMpom#}uEhe-&@CD{=-NJ!*A~
zMty(t{GGz%<uEhNug4rTDPAGe9b)i^dhaq0ZuabE=w&J%GVu##mMvFc(ogUE`N^6$
zg`nPnZk1s*x^I8ThkWZqJCdRaM3r7#s@%5Y<Pki%>%GAWmhCaUzoJjKTkiBHBW>)r
zrJNxGnysYagK+D}fK&a$y6QQ>Ai?|11MFMy&Y`wPmiX^!NjJ4Zs;}%KFd?=8?dHeM
zY0UREnGI=}>+}U3tWZsIh-&iwob$f8_0&Cqt(K6rN>Z~OH-LJ9*p)~buG+uvF0)v*
zPdC?3G8OL=L}<pYZYmNl@2V4(1aUF&T4yRg=~I#b1iEs$D)K$sxX7-S7jfmS{=5&#
z0^|Yc-b~4&%A=pmT8){enOecG$PLo6GX3U+qYnGZSab!c+wL!)0^)6PIS>jZ$c4>O
z%~5tI+}Zei(o62AFS|tZC;Y{VB$6sa!Y!0h?yunxm-P6@dPYR|nQ09IgY@$uKjO%6
zS!?Kn&c?R}t{DczcZvcBD?!RZ%D9?TJiEz2r=mE1Q(nld^geROuW6Haw%Q4GoBFXY
zM6RN4%q{;W>93T6E?PMVSjS>Y>Hg5>O`uXo`pp%ix&Pb36{4W#r``_M7$?@)Z0g@h
zgq>{1<%AEmm_Z1Qi7#xV48Cb#A(z&}POvM2nPkQAQA5S^VcM?hk1DF6LZp0ulKar?
zWEov|ZX1ZcP;+{AimpPP_VOJD-C8F}*<l38mAL+!SGm)JCGXZP=;y5M_+q%{h~A6?
zKcn^306HB12clTNX3>4^WLZA|#^um)+WsqN`madu6(3Bd*YCF9T`qdyc+Bmapc*@w
z{J1EYa~m|yy~I7pBh#YW+4Hs0O{r}Pxgw}-MI&rX+`c9z%-jYk3X617O`msycT#e(
zf;HEoU!x9h0iLzu<!pN^ePXzq7BMgGywC&iC^qaJEbG=%FsCNDTVx3yHglaBB>BI3
z=jWeYxEeVL>d9!h?&CpZ)axkZOF%m{m-R3!1Es)TJzczW87T=WB>3fdNHSo}(8AG`
z6m=7CDIONl;Vn|ej0vXX6q2#jw~RfOl?$c7x7h{#EkDffp=`fBhq2*J@X(W~PcBS7
zVw$5je24k)W_?WfUicN|&+x*PE{||Og!{f|Y07BJ<UDrukR!&iVoNdzYa~yPoU4c|
zUZz^1?IA=ZvH`Li-!?Na?xtKYUPwAL@~yN!wT%+K5<O;}RFM<VJnImZH8Rb(Rm<uc
zk3qzuiyEIG!;$L~kJHJ@P#4)Ln*=ODdV1-6R`>N$nk>{l40z~vsubIsmRrTXx^Ti9
zg75Xysr`}8=4X%nE|YO`^;urko{^W{BBYKT_tqrAj&+8%(zt;@OonLT8p_&*XAIs(
z>iTwQJ4s0N^gzh_XounLrxn9OmYBbPEdL$*rGt7~nRBLu6ztVFms0!7Z6k;Eo!LZ*
zh=5ENp#TX%F*d*7n8kNwY;$3_@W|E7$)ZrHw|2I*zpmTJZlx3($l{sd84mNwU<+Nk
zIf*y-E?MT>p6je29C{#*Fnp|i9Yb+}Do{Y+L71qHo;HQ44lRU40*~B3vc(<~mLN*1
zLmGM&pZI;U7wK1t7gT&MrKLUD78=~==!e_X$c26VE9i-K{5Nv3NK|b<Ly^;?26;My
zDXVPlOl7y3y!eNFMijJ$n#vV+>C2bC#L>LnI!SiNfg3cxh^=Z86-G!FjWJmEzGj<=
zmsL3va>PS%-9(YeXrh<-AG|mp`VU*n#0QmmK%?jsx(dyeJOsY7X4Kjt>WV)-c6@df
zmYQ4G1u`Qu(pv_$S2qD6>WMxLG5eb%O@ERg=czigQYr&d_q3;;bDPUAL5VcBRGOYX
zLs-@hyaQ5JjOhVyf#>^FjP2~vQcc>eto@ph_4e@x4a`kx&lo8m(XdB?PxFEn%bu)z
zL+UW+XR?^KHEO;H{<`OKuffZ5G%{?JoQV#4S69B228UYr?m$!LQHKC?wloua&Oi)G
zh+FP6`VAx}f`qnZOIUs71A&sQ@Jg|jeA14yh|@_Fe)-IQC(LpYlNY-A$_NzJG>!?z
z75tc;n;m%(FvHB1Am&yhXM(GpoeuKe{P_6puH%UTs`Y0&;HlUp0!L!m@!gNDS6s42
zh3B{WP>Y$EwB^8z+oE_H(E6u_bd4x~odhyAHceW~7a?ww3&rCqa|PImF%_AmVHcrj
z5=P*&2nD}zPD0N+vJ11YObo-V<dMci?jJIHl(5*TQ?*}2qSMvde09YaDm79yjpODd
zt_f>wm2L{Su<PsCoC);Kw8*fV$8@%A8lM<>gNoo*IiY-5hZnwcF$87R+f>iavWFXU
zRWh#lPnK?E^A_>5mC>lPr?i^<nZ0}Ka!Bl>3;e(C8oFv=Kxv8Q1Uk6FtAeGl%ae&t
z%wfrDeyi_GzJ2S~<&Wk%0=3bQ>)?l!mGo3Mdg}(Ct@@h%CYy~+DY_*8ip3`s$efJR
zR7h6Yj_}Y}Xb`4HAS-Os<LMil)5TWVM(kPyUC22=-=BF;8^G%IZhnw|v))u&lRj^E
zL!U^zzO-Cy=N{lZu!aRZCB{}ljpa*i+Ud+Tiy^-=Pi17@3pPDqH{Jh6-4JAoPQN2C
znu73E&P==dlLlrRx84>9f3b#G3GteqbN*92QeR70IT->=L8k43L~KQDF&Rv-S{hmU
z!z$-eLwq;o8Z_<HnbSF{D!7Ww8rESpcrLYOc^So-Vmn1bWsywp6yCi!%h`g_o`y1t
zcJ+7)yT3<ou3Wo>FTdeK9)-`_`g=A4*Pn<!GGkuM=*`ZG`=0xmPK`?U3{$<Nmo&iN
zVG_0rF$gwkr_Epu_pL)Iy4mAWb*KK$#3T2&-M>uvpmX(Rk(fL-fS)$D`Z=<17_bt<
zIrfYG&UI)sF4uPR*z}w$zx50W*>K)D#4xi!{+Xm>f5|<?>ZhLG-w!!^Vi)%+a0Pft
zkZ*KO&*v8--RFu@7no>{NY1aUYcn$nCAp6g&@9y;++uksf`=0)>gR29i#cVdPwgjD
zKc^d`m-j>muW@E?l2;Q!qq4rcsly4lYU?Wc7pL<=%Wqqg#`v~zUmOyS*rv+~7cf~I
ztRw_5DA^`)2k#D8eOC$X9-sPpblL(z!}oj424F{%Eq($Or_#}J?5Y}c>Q&Q-KrsIg
zRykj9@m+dukGXcwKfQ;!5c<(P@biWk{IhEo*B$e-dioc8sO$LX!*DY7gc1fXWg^d#
z$ZVKi&CQn;^l`a~d({^?akC4((zbr03o2>do%$Pk3BVUt>2iU^EG@Meuk-QCq#-nG
z-Cti&YH89)VPN@*^PIPdg!4a>H2Mh^vd@~G;Ce;`SoHsD&aH)NwYYEVi#b{-x7yl;
zo{UiTQLGCYPqP4H7;qWfj%VghRP1Hg$&b{oan^7I-PX;R38Z4U{;dkpwX4vl^1?YJ
z+6GJR%-{YnE@9>H>8{NL+L7NMV$O;%g<MuSvF?TIf+!|lS3tZm?FgPr%YsZp`@uHD
z3D%-`1=@M<;VjVVF!%L8s4+KDVM=LJ)3bo`4|L8NXwGQ$7;E_IQqBr7<V@)EZifG+
zTP`gUTdrm`szVjTPYqoZh+)P$3J2%07xNF~Z!B1&l$rZLdTdeNA{Q;ua<<5a^-yAA
zB4@dpnbL5fHVP$(hkyeuIxy-up=3w3YX^Uya@FtcX}lu_<Kr>$I3OEvmbZ3QjIDvx
zpIFSg$%;5)BK-4Fu%UVwwC`kd?zL6j-N_qjl)6BAnR*fUQ@vWxCco~}^EnLx-gxVi
zkJVD=@H){4w$z<9tK`?bWzZiF`$5?=FHe{g#~*rE3x=flj10)b(*OJp<q9AvxRnU)
zU*J<<)-r*ILsdV?Orvy2^=o=}2TKtA^XCfnq&3|<ueFI<%m)(=UQbWV%7fc=LeXjZ
zDK<zV$KwlmZ&_a<j-9a$Yp;%=q^YVt>OJmHgUPsEn4w4I8#~lmpjpGS+a^A5+m%d@
z#?4GmvqbQ^Zj=QniJBAu+ZDP8?5LNcNwsztBye5V_NFBBKmAmtKaH1v$%RWsa@5J{
zTL~6DAd{FQ4-;h-9o;X5-$l0t2XD%R{te(vY6<U@dkK607kuOn#-yJ-=Coay0I;)<
zNFxPMI~{IcXpH*mewxW1RR&5r&C1cNhkok7A3{^LV?pJ0I88^(9fA}7F!Nc7@M}5q
zxpLqm^VvfNU4fmtd+W=)J<088^pQK+4DuL<(DG1Cg|~9zuQlXiZfGUDJsV>P{#@8<
zJJc;JsT|^Ax4Nrs-QSftG#721GH4caE4sp!w<{8!4KL_o=~_C1uTU&MOmlT_dv%^J
z07uN0TQJ)BtAiJYcs6?vNI%j8Q47xU6N8qJZja$#jPK@xM}I@koKiyINYq^R&Jo=%
z)dlk5Z67E=;=w5GZ)l`fFB7<)o(@oFjd0Fm*CT(tWyx3}nx=g#&}0@aF7csuwDE4`
zTQ0Os$4cE}!b-3N-(xFNWMWF#&XVewV^4c_FO{pvOEO2CMsKNT9qaaOm-U0!M$+*A
zP@V5v9ItbHj14~sHKL?{&#}?-=98SM2Dc}&t0~uu!JE2SCGo@Mm$4R-H<mmTzaA|~
z?q?b>V5>szt#O;rgZex+S0UKdo!L8wVo@aWI@m~j^OR?IHks3ymMbZI6h@gEi=8Wv
zkgyo>m7zNsfu8d8VG}6MxeY|}V}1IuiCG4#Dbk4@0{7%}c}@uTO2Sd@==QRi7Mz`I
zh0VP0&I9RY2_Bmjj;qIPW7~z40#^5ZY=N2N98KM0fu#gy7Vn6_CniF_F-~~cH{c<^
zz%i<{A}^Wl>=4}&s<T?&tzhXtFDxvo;RD^TKbxq@+KP2pL@u5KaT_>Un7}IJ&-mf?
zr<ffgd1qRW5YH(*j~rPxRVYDf_Iu=HA2&>le?({oV%=WR^#k>wuTXO7Mci*eA61$+
z$8{$#x-3Qv*HiSY*YdrNIOVd0{iGZbG1zv|=EAsK{}&a;EU&JE1zGgV`#0XO7CuwK
zbULY?22?B;N#vm%2j=L6SBR<*Sdm#wBdGXEFtVnF)OFt=XAHp2(K7t8%=k>#=r`r%
z*XpB@9wUD>@p=stCs&9=O60AKlKJNdxfWr%ChK<NWD$2tW~k62Zgig7znoeI%~DW?
zjfL3sKiSf)C&9upDn?z&<IF1Fp4xU<BwuVLTSC|BrR|}dTuFk>5wfyNaH)MwUMFzu
zT0i%c=C76ekxt!4bCl$*xKpuMo(MFvn$P{CW9B`KC$Ety?rYd>(V0^I;pgGUEU9hE
zX`c7C8Y+nmkZ<#9Bgx{@t6yJ=^fQ@F6DxdDF1(4oN{9d^?<dUXN9hw{peIBwK^)Y1
zUhGKYTd)4q>-cAr>0;!#4&+svQC&tXQjh=xPpDc7BluDVy|DOP>e!^&6RF{qRi)#8
z(02iP6d-TSuWpgDmgejSXpK=$mGhenJFV5}oe~#m&W$qm2P<?hZ9=U?{2V?%lG9Be
zq{R?>Ht&r`lOGf!hGsddL~iadgM@j-ENPzF``?xeM!r^hw@~D4g11fbX9G{kFy5(&
zK`lztb$utYmJZk1rTbMZ*y+_`joTr_`rW+V<ApOh1A(`nx$$}*%;(yRl(>00`yK5n
z=K$Jyt3z{#-NK{CweYuaOARrIW6aTzBh+4f&|SD=2$cw)0f?HpRYpN@B7G&7#SzCp
z!^ekwtU*3n4v<3wVJ8cNgufAsJZjWm7B@*a$><i_*i1K_nosTeYm<L(w5RB1oERlh
zBX>d6Bq#%a@Uh{${utCvo*lt!Yo93F6Z{jIi8?7pFm5OfgYeMMK}WEDXJ2A#JpFqO
zAn$8$M^Ot-!jtFx2W3b=V_eVqf%duQns#NB)A9WYX$U^ZmHDNmql?KG+YC%}I|QYa
znxd&Q1Xcjr>iXCKFpT1;D~a=0kjX3)_6}qI^LCcIOW`aF`DP_Un@n@29b?sZ&%VQq
z@jZiz&;D2T5A77}^<U{ynEZ@bvaD$4>zQ_W<i7S2;XY49vYTmj|MJ{h$O4%n=UvZ6
zO&?>*zQPjgA(z8{SjzM?XP}t2WeQB_?e?+iF~(G<A(AyJ4P$k1xtl~}VsT}%Co!x>
z*&dv&hwSpQ<~B4_G49>u>y+-xK(e9gVe?FDjn6%#scwBpvy8v4uj$03RBqc$9gLlr
zpFh_|_I)!LSFL}|ueB(A<Q_V6dB7O78bGyR9#~#vXJSp2kzO{kqt~eQ312{nRkcw1
z)-@?I4PKb3Qqj>jJX*N<3UE-t<fL{A(YKN<to;q)-VD8EKH4?HWuKR}v1?7hpm=7^
zxb>$scqPoo`ZOzOpJA=4EbCXtoa})1|CRg~d@Ch0zBpqkLn3r4oqORSN*2xe<jICb
z%1MpQg-e-AHJ}^;)61>xQR)iNCMKx3dY?Jwt9UDyLZPxXk*eC~#_bLh<#)i%6&D1d
zqc@e92GFn9x@D3{=(b%%{7b|P0WRT$4+s++RtZhB71yH3Kn@#Lu*Aa>d<5_`+$BA=
z4$Bs#j@)7TJ&>!7K-h=xu2Ze?b&6Ddw+{S@{^HY<w?`}FN{#&#*rm7*3OMD!Piz2a
z{<x@;4gB={1JIa@8x2=Mu`Gc(tR2ECnk*-zEoWg)@niYguQx?Cbu<uwTja3UOhgjJ
zzqMn4qOI<RF}G=iYcHnvMST8z?=;qaevg}rDJKd#tOoa!n87`_)5zfS{?SjmZI3^W
z(;gM8B!+Ct`o~-gN?{@Wpeg*S)4u+u;kSh2{O5IS6=@VD)g)XhU40_98dTrUf*k3R
z7vw~m1?4;BcA<QkYv!3KXlE4A@7b;l{32rhJ>bI`WKqe!S%I3ulwFfxWWajKN18tY
z8Z}pN-!?r3v_#U1XsJ)92Ddi6lL;&JCC*8@6<zt8AB`O+g#eu*ajMC3r%&5$y+*gg
zMcrgi`O;R-DF(xD^5i}n_JJ3Hm;xcrK~hTna1mc_szUGYP$ZjHDcCGrSoc-TW4oBH
zNBcdqdxk|zhh$TyJEX{f^mtjp=~`rtgkYLvr_U)1Z1S_KQCDhA;~G#Fjj`uB6!{^r
zl#Tgn!nR;LntBOCo0}K-6Qm7ivv^i86w-HdI>XVyr7Z5$Zyz?E3!^9VzScYaVJAI~
zdUmCTCeE9j{Ngx|sykTj5pfl{><r-8oR-b>*vyqtqsh}yWL4HO@dDB5zt{AYVbmn}
z%PS|D)F<gfg0hMd&QZQL!$*_rp`X?Ey$-rX!(PFB=1dRXHMHN&vSDb#h-0C?Mal23
zXCKboZ&Zp_%}NA)5ZnYq6YEL{w&31(_bN-fg1ND()h+SSN5|5G;H{Fztkr>b!Q3X%
z){{5>v(ElN6v_};_0P)RMdt>XNX(u5^{%Wp`OnI>9_k^F(hFu_!GjI-RuAnF-JFM|
z6|1wa=u@70N@$;Mk6vzx;ct&*SBMg$9n@NAY~(N23HO*FFt{C%hNXI0DUO_2vZv~M
zyq&<Qdu)lBxtxl2zPb!@TxuTSIa!-te1CTc%i20H?9#d3=__R=j(N^1uDd@WqjSNG
zGg&TgC5^t_GXjvSs@$_^DvOent@{?SJ){WA1vL+BKN1|JR1DT`MD^M)g2jw{NsREP
z;TNa$k?)jocKuJ+TL%7+8Wt(|QYjp7>^VmnA&r%9EASmA+JK`9BI0V*9n@|?%w|v^
zGBA;)-@N;u*};$r*Riv<80^8RSS$U|N&1p}`tX}nKo`7y?>0ye{y}RiLqDn4?)sz5
z)Iufv6WXIV><{Zdl_DA%B|k!#@R{@s%%WNnM32oYnwcyQ>eG0cwgKNX<kL@rPSLcY
zJh#m$TvWMtOn9<{lDPNN8}!IG0S5y%y+3I4t(*LWTE6gg^xA)EF*P$1dQE0p$bCI;
ziLg2JyhA1Y5+*QASuHDuwg-4Fd8bT3wvBm^HHG05I^POOmuU0d`$`4o*ZGIW%?08=
z4_MzBlhO6S6AT6fRvZ1wl}rehpunz?Y3li@u%sLyN;@E3f2M^&$%h6^UJ9jnFb>A5
zv)}j;v!L&%VR#XI7<?roX6;1Ei!uE6iv5-P+dx4{ToYVSaIcD=n^Q32yY8~Wx;Wi-
zxF3BitSnUlWtUr5!BmAYUpf&~sG9$Ga1$A_LXN`>K3cfxn#fn6ujA*RYz%b0xm&pS
zTkNIk&@$z}z2uc@#Pq10sv3dT-op`$O%py3!(1<yHZ}3P<daq(RXroLN(l~KN}X(T
zR&Sl5Tg7Pp4xU5o<G?1t9?G8(Y>X~wINxCA?))!5Z}_ZeY4H9UV2g_*P%)L!8BQTj
zRtt~Pu_R_G8=a4c#8dAG^O?GTs0M3xg*>QqJB>%Ae^HTBRc0q;cXh{b?>=kt8oCRR
zu!C{~!0$hsoynzgtTa$cpMrz-9mEvv5tjfC_qL;|7k!KsO<y#P?|jC_ap1;H-yG%A
zZyj-uS|JPRL3A2o_tCCR0p2EePPvqhpmC+H$61fP6CkZwxj5y8s4BeQ%?D)GzXcu&
zB3c+~S$nUeJ{o6Wyv3MhFsq6~(ekdi>zAk`r9N)f=0e&u5K0AfA&isKksD>k4ViJ2
zIdlX0U^@#^FIYPqHjc-#gYtD4e_M<inAOW<59$q}&kUZzKZJvd;@0UL98~e2)Y&W*
z@l5u~Qykm6?}+sum&#0Zm$-){rC~LxCW??z(D2U0m8twpnYSjeeKu(IaU~e}Xe#f+
zX}az%Iw+y@g3O;GUjj}9n<_PAu_h=fPtsuk<X^%7Sby1m>AA2r9u`US?w!-lc>XF#
zYs8XBeZSxCbh5<AH=SUvdn7o;AO>jvDs=stvrOW9eC;H<G0?ct*i+$18pt4$Y>^y}
z)2%hCnv**So6AIk)^I{GwVcSqj6(M_w&7{|T$$lSH<;|-F@R)DOe2n%+F$`BQu;Ky
z=5Z7_t4;#wuX+76Cs+|2hQQ@_Y21z2%(!8*uadEQ!P9s;QvdqGP*(vuGW-M>YbxmH
z=lRqca~du|RQetTqY_N+yPtlL``8|cveK*Q7NO(JMxUg9SAd~@73Q-}&^*6|(?>Py
zARjOPerr$bom@ZvlbkLqRTgT+pzWgyBj~c=Xi^I%7KI90pU3E!iG&`_8m%Adyka%0
z>6Q+QE%zLri^}a{Ff2QiO&ac+sr<76tTzLe23(nHh%Q!8@pYgQyPoOYf5<aA1N3Fu
zrmTxI!Qhi)lrdnNCc%rlb*$Jk`*DVrL!{oS6rMBD{&pC^Q>vG8tEH~|vcM{}cW8bb
z68SgQ92DPgV^R;xiYAf%@S78QUrvKRDi$PVHs_c(I~M-_9m`#{w3-PFL*ZXK6c`Pt
zD|G2Mp+;ZE9$uItfw)+fUw*4sdUXE5oB)3O_~hFuLHb|;gcf;$3H@&<GW&l)ky$vH
zIR3*Pvk<W`bFp*&XZZi3$Ska^tepQ#6gj31+!f!lg8`3C0+)Bg$Yjgfww&4Bc1vnW
zGuDpH);2rVt~=Jt!{Sty_b+g*%fqbJRIolTeGielF^DBMp|O@&ae8$$GA=SN5toRh
zdUzPd(A2ch!qha3l2U`&qX`T^8b+xB&cl_pwdn{nB02<Na|D|ZL&y<wZ))QJp|+p}
zL4^y5%*~Dr&Q3%gm>wU077S}c+y+qs$8<3XpyL;sT!lJ=QD88(`Fmq%Z+!|;^qwCN
zB27vIf{KX=eQj_9LTpnI+?g1NAhbF#0dI+5%*N6HMzw{L37)$RL=8$>o1U16%MKh|
zSxMa;*i77A9ZboO!q~UIF@;hD;{n6h4HykDfCN8=uL<<mkU&yERAgrL_|mDfwK+Vt
z-UopQfKWe`5W@YH5Z)ZiJP!&&0!<||33B|e9^j8V^<^gn_g2mcLh-xI|Ihc)H*G@a
zjKM6Fghbn_I~2#wDMuLystYZVkiKl#?!-(ahM}R!*VO#L<O0UA!@jYhy_q2l%Nwl=
zctA!1$pDDzzTgQr4tK^DH}@iMmd-a#;(-R1V!GfuR`j~I4!B(o-huxKrS%O68(8a3
z?!oPZ_U3xmrY8VgcG@mR&JW$_%66>4+Qj}AJ_YT241z2ONY4t%1G<idjm_Pm2_obT
zGCwmObD-gg?!minAYEo)tO&WA=icTHf~trt<lurzbcWPZUK|MbbN_fB{^{jQ<=y~d
zZWw}zgVPxd3rudtZr}eGbYvifzsdX^{`3xrc1*#J2^bUL<NY-m(Xuzj&aP(LKO4wy
z0Hs8XtYoH@)lUo1pro_Cgt{v+F@u<AZe|9{@T13uJ_~;J|3ih90Zbkx>`UUHXalM1
zZ-#6=_h)f`w*aLAawF0V_?t{@1hrwn6nym_Z^qchNE8^z0_Um$=~KYHFksY!zs>_N
zHzA`rb;ZDXvi}K4*c#Z{nffURRZ!~Y4u&64Lw^Qu3uv$8xw|b+g~Z9`)d4!xmL!9o
z{S2{{tp(T>cNS-K;?8RhZcmI~-P*nD)O}n|)=b+4{Ai0i?axC8!M9`s%0Tnblgi95
z9l&T$^s5TZpM0f11ji=U-q)j=n43UjadBaF{0R<&7qJCVpqQt}0p9^=8-sxN#@3>a
zLxRxE;TjrWf&gubu53Y|3Jr?-k$D4z-#8CJm?FL;ataVWV>>|L2?64GF(6QldlA?J
zMEAIjAXsGnr0O8S%MK96>3~?FE0%ub2)!3hu*Rux2_pA*e`LxCg>z1@dupHrkwEGm
z%y9V!ZXnh&P+XVD^p4RO^d4JtD-h#*&E&ZrLDKpSmpL#YI53g?=hKYQ;ginnL;ct7
zHBbXodh5(!80v?)sSRY-7f@1D%U`Od*1!DTh8!yf7(gVwe+yF(1`7N$FbsbPMIRYh
zym71a{m|$EmAl$M^3CGR+QiZTAZ4kDr06H6LPbS=6g&*Na~L0efb0624LMKW=LFqi
zbkVU07aR(PmjwnCy!Er1LdK3v@65tmK88a|zCa6-TJog%3n|{#00Ig|0ZMRZ?<Q~f
zQ3%J@;5=o5PX%%70CQ;WEx<2?$=#cF9JFb~Cw!~NeC%eHZ_@AE5G`R;Q2N-;>)Xu6
zAe#1OXZJ5s0ZC(^H(!4O>->E^=l-6Y5rDkK4GafY`#U^6^tt`epC0p5FblZp^6v)q
z%uDs4KxP68#dd#-aVTeJ2<>d32k(a828bR23k8=dg7nPh!UIbYv0qB4o<BG_6Z|ed
z6!Lj-V&w%1dfqnY-!nCKeSr#lbpRTJiEahQGlUOz{#{J-`nutvN`jt0aHs<IWJt^+
z7Bq5yKj%Vqr2q&0zr(>Gx<F(1G5^}edIr&12Wj6{h1}_$yN|t>O?a#%SDx`<;&0{<
zCK&Z8s+B?4@NUESVqf^RH+=^_XgfxpZ9H~VVw|eD^cYVSuO;i(EH2x_eGQSB1H}N1
z^X&p)Ts}PLgZ%Xt-i+-2GUF6?h|~|Z-WKwvp}H-+Yx+*@4!)&R#l$Y%QQoOni!chM
zd*>u-q%Ggk=Ho8#tmchU1-WN1hLuW;+q<*6d$Psmay=+gBZ~vx`C?6Io_^bgab5Y(
zn%`AJSL>1g{%ay<gFN84xke4Cyb&q=u-R?yFf8>Stc`3Bpn{9!unN7w{|0r@F6~tA
zkP}sCojNn-U6Oyn6q@($@oUL_yGVj^<%dS`ikZadb!02I#*iTz6z-0^v%ZYgPLC8v
z0idkCI@AYXlgTxk^p7&kjcI?b6dw3>Z6%bPb{B>nTr)U4lLQKY`lx77Tp*ci8_`Z}
zTR})Emdcy_%)Jnjdh%$IVKCszFMtp7;s<94C3MVed%(sPbQXCIh(FA4H1pPz@Je6P
z8*g=(E|}KoEV_W`gKC=U#c?Oo(>*@QX!My^Kq{P;`ka5}wxIv$B~d_Vu%~E9IWR89
zOV)20&XuIFkG4B-4yXxGQ|__w=rg90<sH~L%%hD5$kyt%l84bNBzpcO%dx*InDtlW
zV(Li09DOsqEUS^##5|f;zXlX-v#WYiS*wJSQvG%5PBKt0FZPM*P~;LjxPGxk${{|l
zjB0>ubQ68jaYOG5ziylzqSV+_mQs3ng^X_UT@3HZ@4;}x5QF>eSoH<LENH;_#=O=t
zv8NP7T-L7>OQNu+6GpaTgKMqW?K6lzs-oUGMgF`Fa+wJfXp`e(X_Y&*QmfM&-rR!O
zH;R@FY>6r*%G-O9`R<(kg^m1TjI!EMc0r@s9b%Bnv4o^6h>hn<D*Iz;bSPq0(2oRk
zoY5=4k3vN#7{G&>Z`F8`Nc<**wll7AP@&fx<~M_@J6gU|2`k^mK=ZTeHw0(r>o9=)
zvOC)|u4qOGTi+UMHqMLuT~~zS{tK-Ko)t^IRo$Fsa>YH65#1?7szCyzW&u>1i*B9c
z_R9NdFzakshMWyD4T*bL*mZk_>Q;$EpCUA&bXR>*l>TKkLNYd3iaRw(>B-YsXskiw
zPx42#+>5L`!Q8CW^x+5)-hv8S0wbH#jU3rTCc?c}6_Nb0%ICRV?HGTLP(ef}WAU}}
z?+lTtG2MNToY#pRcZ)#1U5A0B0WM3o<`kkfqu^6;ZFO~(G%D86{{THe!oSfM_{ouY
zjESH(nhmA(rTr(Tn*uK@(=5SHKBtL039zNNNIdK*O^x0T(#}kWERU(GB4AMFshG7A
zPUSUI)804k*o1R0K1PJ(+Uxe`e%j5=d#v)TF2q`Cdbg6zxmD-iDxWa=_l&}E8P^HQ
ze#lDQ%VudZejSZ=@nm1ePMFia>j6MGWZ4g;lCa?L-9jd0sC?IyreBf9J{qFxqQw#)
zmi9CV75OMEp4kRZNZ`Iqi5w>VKBR|Po^e_&se)ZnfsD-R@$lhmBV9b!hE^x`@eFWm
zDEw{!7Zyi)be@8l+%&<k(&N*u)F@60t+TC<>{sSqY>zePxRmTqGwjr<E!2fbecec9
zQ?Fbd<HhR&y?N3Jm_}6CBNMlq+83r-PURE=CEHOGy;qMm&??8SZSi}pWZA}Y+9Hi<
z`QuCSH**t$1?tRhL<gMq#4^U;E4J}$k9~HS)EFWLh4}=luO3c`8RNP%b8J2C$xiPl
zZwLIyd&@hfhA><=*EX4TY)gCA0Tp`B0+MDUZ=DZvgssoSps~2?n2=!?5{+R?2Hn|j
z13H)100d%4#X;CIHf+j2Tq#QEj;E_CGsQjbin)%k`3B#|?NE+Bw@N;l$vxE0dG5%g
z0+5rLAZ1*PX00)x%<Bp}DF#VoPmZj61sl|7L&~x9%dJ-o$r%@up{O79Q;%VKbK=+I
z8BDHwGOXIj6+STMa1*KtQ7H?{FzoS`VxF;~m5O8v<*nalSn*VNj&veWk~S}BK-q{v
z$C1E>gC&Cnae68(*v6rB^{QY|?&zssKo|<W_)2@($|C5Y%}pn%qpZK+$F?E4@5mm!
zvip@~SL?Rj8aQPV!3xSV9p^A)fQelaCDgOH6OyKE8@-j4ou3r%`}n-71!?{Dwb^4L
zLd+K$4%MpkzKo<>ioXK*W<gCjT3s05dtZ$z=FN)o;IcUmZO*y>TG6=@DrO^QL0gMh
z<N#!8n?eTtL7U8*DL=QnH-*@GTH_jOp(t1bKd%(CE0I(bUawsOv+v=7!?baBFH5+A
z4!&mb4~_B8n3pj@5&AS%p182LK*ig+7(GD~EOr)LiFE}7mnjb%)iDgcs;n{e{*Pr$
zgw&-w1Cgke(XuoHhIW1-Jf5qiqj3J^iY%B1YHB<SIjv)%)5u7u74r1*nH%P`t(=@?
zbA*8>Jt4uSS$x`j8-gTa8xPWAcPcrCkIAv^YW`7Hlvbt{T^UP;-^(Lci5m|}XA@^f
zv^Ssc4OkVKu&PFV0A*ZT_G$%<MWY3PI7eN}(_Ba6s5Bd7kJv6)nDV^+eC|1XnM@BH
zohX!xQU`>vg51(T7dg@Pa9ME<E;30O^B0PEp#@XCO&cqAckoYAaM5D&bw7Be;dYM|
z#`5K(goLn%T|(l0*S=fjQta2=Y3|O~zF!;%Q(v0g4W#JIW%QQ@yx?G@GMK}eFMfB1
zGt9*87J=s+==BhiD45M+0f%>||Dl!b*0i<i#3bZgUYdbuCp1B?#hRzQz-;K6Kw|`O
zD#<^S1L9(v;fs#etRnQ0q!1JO?3D4)aM)?*ySm|^YHo?c>#nkWs2E#0h{r(1&(d3I
zN))fV-Ml#Tqa+kUv}!<`I%Cpb;dG||=}dFBy-4!#lb`2;*4JaGc8VO{wxx1C+YNG%
zG1)NyWo{4$Rh>!9ZQ^X^AZZ<7`eGd$S?8waeqFbOGL=E1L+as!om6D!@}mnWgCHa}
z<z}I;nBGB{>oXaKO{1nrxd_ukuT!b9An9!}C)lK=+^3mv=_>H-X`Z~!qnUUsf3XKj
zXoQ6bxu0Q$;5-|f1;#I5yB|-%<I3MXty8y#@%9(yeA(_p3qmV}bnGnT;;j>pMiTj;
zAFOtmYqrrg)Ju+`7(XsnV5`v9yETOp=u1`_(?&AI!qR%Hz%|cx@-fnp>l65U{q1r>
zq!WiF^?Po)go2Yn$LZ^Vga#r(Xp=z1bX@}V)nE!{R#(&#D-VP{vKeOebF>=Q)!_aU
zc`n1(yj>Fc!Ys7mG4&p5F;tyZhC+S!(g?+BxX_^lZN)F$cw*G0E9NSgmyrj$a)29S
zy*yd{!2A$pa+Pm#&C(pvm9R8QDRU=U4h3mXgPPZUXs4R?K=0P-1$@MU@Y@B=PYMrL
z@Z)0OsvmMse!fIpOiKrL&c2n1cwbY;5B^b6aQv<0;)WA>-p*@cdZ$(~6-O^c`%|{r
zxJ?FPHO`^t`<Z2f?s}D;%l8@%zBB773^sZ;Um&Gqaxf8KDH8?ZYxc88CR5?d>*NSL
zrN!#jmoIcJ(+t<TZH{~}PxWOg^K@XB4f0iUz?=F!pF&Yxw$5eNSDN>7S>vymlF5A0
z9IS<2&m6y?clZDNVe@evk~*b@ujF>v@%q9x4c$=CGuC|$0hU-qgecq-%LtZU-S=bt
z$vNR3BbE)qhM`@ssiQ)&F&W*I_D$vZOd5p@uU*F*)W)|~Xoy}-K54a_2M_c^y@~ZS
zCgTGh?!_*FM4Ngw!X6dFpRz)(m<3#BT4A9fj()aY&wuLC05`}Z=ERxJw}ww#{)BDn
zx=0KI4|~V4D+Z@2=&r2ea~Yfkky3tdWh*>)_%$AmC^5r@nDPFgAxtbG0C9Ew;jHAt
zx`9?`fXSVL8>^p0a5je55sdm%Ezhzz;T-xqO*9e~;VZVqpHF*tn-bb2(`8!FcT9=n
zDW^tka(7&%cKpm7QZ2&IKkFPBAkV_;O)0NR+%Obrk)8OpDz-Ss;>8{N8vVJ6l*qVr
z*wHCMAFSOgsLbnd!d!+9ExK>ii^FAlm4tN(l!OheI*#4G>1EGrW^mWA$re?<S>HQb
zMn4aOL5pfBe_My=Tl~miksrL#x0plhy{4aVb}UMvj_)^Ex-+M!(L@F<v0k+QcGO8S
zzq}RBcW{<|Q4{}CaKQ$n%pvie-qnfCihnmOQoH=qwv&(?6rBu`O=5VG0F>SurmkM_
zvMG98olhoae>6{|K4I15X|c5Mr?m@qU~hfb3Q=WjBRqe?fmMg1U2F($S+4IiRcA<j
z#(iDE4~9q{7-gLIh`LSJ+&fNhq^d0hkI>!9z6E}uWE3Cf8E?i|R<wtRDj7(yRC(WY
zk@=1%lQ+g5&t_rA+26@ZMuaI|qZhz7hMNR$A3NV`|GmIpU?+UigGof0rV~F;fvLxb
z5I6*(%shs`QYMusyEGj1#ftKBx{eH%uo*a{xXWN|C&wnu0j~ZG4D+JuSzcH(2$M)G
z-}u-xUCHVksp{R)*Sp_yRSb=;3Ya1uN!0vuas+lyJOeHXJEOT<Je`FjO@3fh@S(Et
zgzzzqPk3=uQU}jZ8Jg)9K>BmK8O02FR7){L#;jD6Za2V3+2O_AfDIt4pebH5JIO=H
z^(GQu=S|5JmL?cxc(5RwU)<{Y6eTYFU3x4(LPk$u!;q+i#i!hN+m09x7y)i8iST>$
z-TX_FbCs1j6P8I8OIE!+6p59jy!%V3RX>0+R3=k9VjgMw4Fe4Vx!aOPV1mjL6p6gA
zP_1!iZ-6c~V4P_F8DatW+S_W?r7V3v4a$Xx-Q8Qaxi6<_&@+vQ^V}|=5(5k;WMAe!
zZ!(y8v#ckk9gh?aY?FwWB%+k>zc-O}oPwDl(ok1@_I|plYiQK$t&7w}@SB+@w-_5B
zmS{f@mzQ{j9U6-w(z~w@=Q;RPGycOjc1x<!B?r02UuT6Bo@^1O^zHI{5i<dQwiMnV
zW$b5ymeY}{u1mrAa_kJaRD-Xzest(5LcT^}A%|AB>fp7qls}@O9l#ojNSF2JCv7x6
zEtd6JysRKx2rBfO-%DC$Kl^S}6YthO<y=oIbPu0+CgehYs7yZR8@Dq!&_(cHFgupF
zgw)SyI7{2MyL&(^=X7>oA#?bVxcc*pGrWnnk$n#hTbH{J@$;(AY{moLUFQk1Ds4G<
zyHhsRo;kO~kL-5&;NE4*3O%5_{~>{xTKkLrBs3=fSLcI`UOI8^(9O$UkHE~}G>MPe
z<k709E(@Jtgh-Pf+q&2rBf^pH<bHB0TaEQBeApEl#~T8z*631kcbIh3EJ3#f=G*fU
zf-5opCKG|rmW@jE$7$EkF7N#Ytm#qTk120=i?)m|TDd<FVROV|<|1ld&xw31@3TIv
z)2*)*cV^QQPlLIuTVyJHeCxyzF@x~35jnbb0l&fextgimCRFcHl;7J9nr6?W)RfDN
zjNqZT4_rs^T=rgnLHB!;xbzJVTN!k|>%ei#n;l69`*WdU789X>bxjm==dXU<t2;eE
z+NRD=zN2b7ygMWiy}sd&j$AS(gi$JhTm{4nIiVmP)0M{1qEl@(8<ge`HJfcsaB0mH
zIlsax?_+aG$KeE_^r}dg7-*2~xS9^d*UJZLZ9%w&<Jk`c=DEL-q)dEmwRp!SQ&cM1
zX;kO!Wk%RZ7V9Cpg{C^u9pl=f8A;Rj{PiRE`1yYCM1Eg7Q^$`wE8j(6C*A<KzVn?R
z1g_VcuO~zpb1R_-wW<BOOYC@O44LjzkNO4|IjDt$NMTx)<6-agzqgNm$js|@#qEMR
zF(AZ4%<<SW{~==#goWyDF<iAjB>0#Yw(H&J>-Ki<T)iF&CS}*=lVemeqYX8(Cvv5g
zz{e7gpW$DIQN#Hg_c>3A?C4~sC<gN$A<w1t`2qU1#pK=kiMeO19Yc<#0?jTXE&aOM
zPoJsdFy@{Whc}Dm3{8S*mRsA`f--GM;35}`RN-1Zrhb|pnT{FkM8!DQie*ow@b;i-
zJh-nmmVTXtc%W{D7&N_kWfjn1*6EI6EtW_f%T1gAk*eD@X)gn`tw~Q-J^kr}cv}z`
zH_5?&Le-!DGeyECCKIB$xLk;X<j_+zM2VMy+38ufZ{X_QaktR#(UMD2<0{T1uOxj6
za_e>C`H==~u~6f~Nm1gvLHeUj;?Bt)5^AYsWe()dB~8LgSo{O1bBkpp0*dd8LI+Za
zG-Z3C9ZfB;s7t7P*NJjDyJYMxHOjaunkb)1m$55kl3rQIi_Z21(!eI(-<;g`-1~}Q
z8LNrQ%+b>9V>)7d6@SU!&}C>Wv9IlUGjs!P7SZ?i>;3&l!ml1dq9sm(h%C22)YP=B
z1K9;ZehVsIbu;}P+1610*ZJI`SD#Jb#;Ka9)T~!hbF;=<@2MgYhp<7cew9I?!2<*n
z>}QDNyto7fZyu;HlId3In`zSVSe5JsWU<=^?S0(mTiuy>NCI3)1fCSQPOl>+fT(tF
z0Fs3B4Ew8M-}7Yh`wT^vK|>xl(#9wvmY+n*quiwyhA5}Y<c&^Ju`mq$!#VP=XXykE
zYHR-8IBq&sP0+3UR9oj+U3EHsRvGt@Y_{$1wDxl*#dzM)%25=*M>8)8)2^0N?2`N;
zF*9~GNz^Hz!hI^ZAa;(mFZYT7qpZ=j%2>_&m8!*TLwyd~zm3(TNldiCEP9!K;hPEs
zm98?>6dhr(jjQ)FEkfu=xyBC|lOo_(mA43*2$4!qz&elanVSoi*6-Tz^$Sj?FE5&#
zZ2HkyVm^9lZe5XqkgAzp;qNu#>IOaqi3`3}oqNYFiJ(oC612Z^!~euRq^9=>F~mPx
z$VDy5=#4pDr%mFyfB}2XqPpbKe>vp5BbIIgIl7o1e66rvJWTZ=CY1ASz>{i0`hzP~
z#f2$a*a(LG4EKhy1!+N3<qAfq8I1h^LP2_~qb(9$lVBXYG^993^fpPkm*V6nh`rK>
zUBJg59*$nY0p5ANGPAYHXki81ekP@})~!X|LM-Rea~H}8%)NX#v2$AAj2jl>pQO^Y
zSH58qmgE1xG&)(r_ItX2>jgdH)Na8v)t@G`@9+|aQPDY7@q#ld<<d<nP2>d*_oFs=
z;)~i^OiVg_@>7~(P_5R=8n0@X1~>kjfTd*tBbpoXjcT}4xt0}SWj3ymyTGn*;E|=7
zBt3Jz>EBEbR1RBLcXSO))catemnmzg$p8_q&|mKks4&7J;<tl!(dCF8%6l|D3U~`b
zD6kxoc!Z24Mey_)LjAqr=_~-?>>k=9RzKd3K8K}Cv*J>Z`AgH`%&)2!DDNtSk5vej
zioXx+#q3>q!1^}%ee}aQ^TMQr0!J5CCE=;&j`|Q?jo1+C2ie$pozy|$&s$k!s9-vm
z%;da^O?z8Ddyr<jn}pkkqbF6qc>|<N1D?i(cCJ%F1YqV5=0`-fuv`xDW2&Au9wXlD
z$~r&!6!f-FG5tT+sQ_9PRqPZC<dn3E!fxel^Pkn_*-Pn-`!~yR1&R0PlMaM*aVxO)
zr4cGtL>hR=omNKYf?F7%_LONF)w__i8qsn9NXLkl;}XK8hSQAjL_Xs82p@Q&N(l#3
z-pD0=7i-1nyxK9gy}LK-6J2lz7io}SQMB3Gg&+0Xp&dmw)4~*?K!U69%K|gc@_Kps
z2|TQIS`Yk8%1RebS`oTQSQ)xiIwu^dca|>I67Mf^K#&+ghA&}po_ldtH#<6Y^LBcv
z2RaciTxDC(qA{ON-%2q;fm6MM09t6kC88l2;^Q~!(YCg_Lgu8ZGqj5SeGyF{*PE#$
zyo`@6FIQxX>U9*ZD3k#W{(=#)t;=A@QVrMc?Sj&|Hf*#V8QByo9y0*x(dI0q+nf8y
zlChmtVPU%q$4LI;CS5L4#Lq}yR3<VyMic8Ww4IaZ=26h63^tj2@sw40AR55E2V8>^
zr;6SorN-(|M<01Gvz8d$-VDgFl3g+{i&aCH9lP=_=x-Hoa8MzCEz|2+L}biHmz?~0
zzVI=y#mb~9xpI}Q{d`0F;MD2NM~x3@xRqiBFFNl9eXE8=E$tO!P7@-0+vUR^m(d}I
z+xjEuKil(t_qccKh_(FQnY|6bwurXg@_mZA6`PBPI$#@1yAvV>?#wCKLEAGM#OO^o
zF1S$e&FRk(91i1=v?j5sLfhM)ZeVnjS`9C!+xho_aCS-7fVXS!Z$w(kMsU%BW+~)s
z`$=i@TP0S63;EMH?3}b*Wk01<SKyBLL{kNttV-h9R=f4jHQp6hOk8iE6AoD}H{7C*
z$A8_5+UnS^(z$I?M0m~BHyIdvPwrH`jG<W@n<ixI04s3AC1iMoh@UY7++{U+KDUt)
zfT|%<`kaD^BuRHhKPm`x#x|6~Z{tiaWn2;9sjWR<$si(N@$^BT%QxqNypq_}8>ef|
zV~%9n%#2qr*VpGkO1FbT?TZS$!q4R7C8BbIj(O`q{VDxs+|5PZpY+YxoZHT2Ml!~s
z>H4~CpJt4<-gDy1gI)(!(wnT(qUd^rk%hd6c=Gy}(h1<gAp1mV{72MMa;q;mS9dxe
zGKr=dB5`hmxEsw5WxV*BHQMR8qggUT>|;WCn=Y5?c(`^+a@!^}_#Zc4In{E4eRjOb
zq;g~4)#$lgak!9*E)7eqA+HCeKiKOqcdtplmz58>c(e>$!xZ5$k(zw`)^&<ec+q?J
z5(GaDy3lZw4>rwabOc!#)_hPY5_=JY>;vs8mlT0wD&>I3WKCY!R2bz)i>L;9UQ6iE
zTua!`^$Ysz-Yd5Jw1ew169I?9g+GP;P+?rD4OGnDSsn_D|4^KIS9NRa>o^CDj<fGq
z-p$0i%uqH1C?#pFYR|#8FQ2APxU54c<_05Ma!z0P<S5u;U(vX{;fJF`8SQFyNnI*<
zaGpo8lKO<RMC+VaMS{g+MW;Dtucwy&wZpcq$cOLRRPp7kKIKiY&<82S@zp|D6M(tT
zZF7~fF|yhMf&EV$4FM#^`=J#w!RO$e!0haH*$+Y{rHtnadStf5<*du{Rp*35#g{4&
z&)g&yw@6GzUE>Rm6Rq*4pYEjaqvgQtamO50HKqLs(FaLdm{&t5Hg^fm-^E42G@Dh(
z=pqy>J<AT8DbVY9+uH<t9V&hKmXx%~;GUyuamjL<`tf_%nJhnLt1)>G>?C~+%MMzN
zGdMf`(i3|@`(tl>ZUq<Defe_A1$TM3@RwuEsO8T=V~DYDH|Zkg3j6bRaulOz#x7Ep
zsig>T8jEjp1IkUjr%Gktn`m84SYm@IvBy|iN|tQRgt7y&X5@;juz0EO-Sc)otgsa#
zq{k~Jvaq+DB=U<plV06ESk=*_pmVt?Psp2;YrtuS+3>x2q1w*l<T^t%DNIO0;nH{y
z`O#R3PF?K%*XH0#z6v<)bAwV+WdT74Hn*!(3N{!Er$q5((LINb@4b3cdC<;^amivI
zMTsrUhBBjPE=%FlP6un3Ep$6dUcYCdFPV;ah?mno#)rdeH;70NEBHA(Nqx`HAavuh
zhIiD^fnPn5|I$<0SMH!n&UT1$jBqz~GbrCxvX_BP{<^ESD#3T}lebfB{5AEpK5Y}d
z$>i8AmMUrZ<{~VYkie8r7yq;D7n)^$B{&qG+!;CDyZqASk!^r>k9Hrq%rTX7EqKn3
zc9{X;!|7-&TVHgv<BYe6Y;XQXcNC?P$%g-lH4cxpKD|R5!52zGPdHcBL~%!(`wW+N
z8~oJv=Fu79iP00=_PpMV53m-@>Vno%aueNsW<}@L8geKYWafZCT@N1;27om@ppz4K
zU1G!kwu|46vb)V`WQM?>Yo3LVG_@vU{fx$^&Tg}}5wo+44N5eaGsF!%QD*&hq)>1_
z_lJ4rzSJk}Mii_!@b(O)$7Ym^9$lgHM@)6}ft1CCn#pELZJDN+8dJd$R~68^qJjv*
zhnnT~jb@v6^>tA>579B`M=WoOn*x-@j4R+9GcH2PHIEyYT*i$T!O+75)VJc(Q^Pkh
z3ir`g3WM@0ATc=b9wKl>_P8SrD{^iehOoX|WRE5gKHz-<qRZvw#MSl`;5tT9|4>?k
zof}5}jCl3F|JlTE^-9Dy^`+VGU?xlkRx`0}iXb!E7<R`^6cuj`mUZ5gqQt=^?!%#6
z&f7;3uWy7fF}EXc-tHxoNjTI&y{eja!+*<p51=X7?|;rx&g!f^OE{zx)F2m5A~q&J
zgLn4c9Znmo!lYR`ORvFBc#u`+>a<d$JdE*hh<t3|ZF)6ogb(^=Yp-@naEsKN`ic5$
z#egDg=Xs%%l^8C(plC2XcV?F0d|Q(A?Ux1nrrp`4(nxV}8^PpLbJjIq-`R@G3=D0A
zVP3%Au`HWk#aLvS5Zst}E7UpMlu_G_9)s>yB78fQLh<BKyiP6}JnIO~<KyTS-dO!L
zO!~X6CZJIP?3eIHI&P~l4~3IQO?ikTuiX|_e`a%f$HLiY-<Uz;8e?Rjm>5O~+>I*<
zM~C0s>Toe^sd6i`i%?M5PSlJ7<>x%|-0tzs3tHZ|4lal*>A~*hXk@!!J}h|k{ra&J
z-Z-T`6%vVFLj(iUN2l+FP&R3wLoJD3XA?R1NKBN}TsuPb9D%PfxknDWR%5{*689?r
zp$}DEX`WUVJooX+Jv|9kOGRl1n^ag?jg;3n76+BiJ4{_IbXg}Zw+AvJ*6Q+oKfX6>
zU!fg}X$C-=dU<S<Q&c(7V$uWc;kbB9IC@7iS54|*zjK62sl-|xm6%9oZ%S23H5F#W
zL|7k9H!&e(*;znW>q>^&%h{H5j35V9#Bmp<5ZN3g6?0o3ySvVn+}p2@zF|?;r|a~3
zdsrgWmBDB~r%zzH7;o}9rKjR8Ap>3#4LV;*wDvt;wFK0%i6j2TQlj=$blJ%bIsXfx
z&B|eCp}NPXGOwBI&<TO?%u#Q8qdsY!ouTWueE0amDm^asTboMAz1LD{9==LF!sAP^
zsx<O6Uz7%+E5G#*y}tX1PQhaFB*I&#y{TQDy%;hN#|+0d8bF<Fh@#QWfMv;;IQJHI
zWhz*)%Mjwna~ba2R~Gz|ouRc}VH#%q56?btHLN=5Fx%+4MhWi6Kl#n+v>_x8N*hf?
zLcD?-ZHWNt3vilcfkb=44x`wf`2K#V=2S0{1YgV0_`nzk*Y`68DSS5D$kiqH8eupZ
z$p*iY4tUdi85-N6JVmiJTlrXv^Y%k>bly{gY5NoKo2z#Vx=@Z{rYZtBR3|L7(1uU_
zfnOD-ss#=P;sGDr?%kR8h!nkw$6I!5>70fiZPN!Q<2wV+-}EiKo$Rr;l^1&X@Dye7
z7#ZU>jPH-DR6pXiKFHhn)iuhcV3d9CpGIC71>4PO@irdX`9dKnY}+RG*j~NR84tT_
zmB@jrPA+hcD1voYWILo#V8bx+DF;8qsz<Hk+bv>5LnF_R9=;x;;RGK$8|f_^g@o(&
zxPg3n_7xFX$?Nosqw-nT55g#xv}_VeCEN9_>D_Q`Ioh&isNop5z(btNLD{}(KlM?0
zca&S+>Izwf-0ZcZ8ug%cN^qRy^n!-M05)!ex^Jz4Bze7Ic~cW~zC|8eS*p7%Y2U?K
zIz-nY<Gmnd5Th8-L+H5;<7k)DvT0p83JD7gymbl2osqFzTEHpo6xY1xUQN-CsOY<t
zB!wcJN$-}msm(m}%CkS-J$=)TCoO|MxD^}mu7-(|72-ICo&>fpeN72~F?c$qb;Lkj
zoZ*^LEhml*DYHCL-NB6JvIdeGS&L+}%6>O2+hh_xP}09{Kb`L80Eo}7MiyuhhLlK1
zEoEfZ+At)B$P+{cewv>YudnRFm4qF{a=O>)By59Add$a@TA+N<z|%!7sE62LfroG}
z*(|2c@LP0*Zk}o(HRhRyoFKnG8-G#m5Ss?p7p1v=r^?IcPIiIUkdrNz{Q;K@F05a`
zZ2q_%;_#%|As1%CBxFS#^UaDe&P#|IF0_v-$iDvATwv@h70P=!{}NGgS62xa@+1_1
z_Yt;&pmXj)XdoGRYTwP<Y`A3u#dBd0Q`aO9x3qG2FZ-$G+YMmrtsh+UEQ{+XTq2sz
z{+NH>sA^iSEb_SoC+)Y&uHtO<A|qvS1Z}g2zDF%TtOqcj2vik`SG6AFkJQ$zj~^1a
zc9SdTlCTPBsrkyZzDp%M2bQFta_{=PFT}Vl`DY?m%dK?tvVB6&rgdBvJF+yT<$d$b
zqpM?Gg}Sz+-&dF|*}{=+QO7b*oxv_;-qmXAm|B=qKA!9t#R>8!$39F*O|Tor`gcoH
zV*9eHRxfr8Hmef(CZ}=o+Y0MXB1!#K#fCw%)o<Ls&LC4a>dkzYt>Sa;bcfHfisF28
z^bif>@kl&pW#4yXs4bGNJ^0kd%IRQ99pR(>8F{*nJAz#;-NST|^r;(K@icFVbVA{!
zsBSpk7%53jZ)a)?lggd+L~IItd&@7Y+x6odb=tMJ80)<arPYZn3Q}Qk=w#^S2mlA2
zX3Pslno)T7xi3~8;}8i+gM?QRM`+cwG8<-N@NjLrDbaTO6EarB+$UGHwav;4U9;Bj
zjALo$dZ?V$nMt>gRm1G>`ZUE*d_TfE%@M$$Ch4xc`d-UP?BeG2>bX7PsI+)eGk;a`
z{_G=WfAbB}GUCq7S9fDquqZ{@+v11nnjcSZ##lk@8;(nv$4AGEN=)gsE?3;fSsyYl
z?~L{$Gy=zDj*M~ePRTMF*3IyK@%kV$8--afDe$S!qCG~%o}J?TV{<tkI$dN*a>|nY
zz8iKn-1f(`1RlkuZ-gMvmPS?tj{|#Jqm3S#Mn>x3Bvvyzbp~Z|IE`Qp&NFa~@pra@
zT?D3BD6DX>{IJJ&1&v?PJ9%0Aosub_$OEC0Pg(_((IQ0zFVJJ{FjmKKl(SR{bu_3P
zkY|Hc0?mV(YPeNQQQgH7^oV047z)_n<IwSvgtTMDJ|4vik9FyNNS@|^vZ1Ol)a7YI
zeq+>KW?b~nIT!{99D2mccs>6O(N99|B*hhvuyIx-B~mzA1VNur1th;@0N_ZWam+GU
z)j689aywSAgIvDX$HDfY!k<HKkx@JPW6!Wr@q}dpU?D)iIAij9sf>gdPlUr{!lncU
z#!ac+(3XKMx!b8e#$e&P1L*s<!)A^>gr(5fb>Cxv^ys<c@be2zAX;Y#6oGD!>0QG_
zo!>#HffQ~hZXcwn2R+@8CHZ9f;}EPX^w&@w;<|pDllpf@`2B-Y%FUi31~mRmB@-qX
z39*XU9ch{$TZ3J?Qu1Lux6jHrq~M8%nmZMzYrA#2E3_bm&x&{i!OUc9XOuKlcC}OW
z@0g)}6lEVl??S(Svh91^T(`tH&Xiwb*7$q~Ze48wqhvkG8F|5}fe|y|LVX;OA#dqh
zGDYO$p~#WYI*ktGx@<<uNn}Gg!X?y#EMc!#l0wXks^e(m+q!Ga4Yown`X))4g6oqU
zz^gNXoR=SYzQrW<X8P^u!;izVww*!5oK>?Oj|7q^dI=KMlnkH2?~v+rfsVyj(}eA+
zHT`a1W4MZzd3e=touWn#Dr~s$9`MiOc(~xRWp)ZiSTH_38oqV``c5hzK8JHk3(}hR
zHX;s}c^{g?FqW9^+h;EJhVU}ywo>tsD%m31LRoUuyesD&L*I;2<q=MLq*Qhnrea^2
z+{X!m-4l^qC#;&RM*EB>=lwE#^BA3+5gT%+eXUT?cXzNlkNq}E00&O^?y&494kZy-
zD|MnXy#;_ETf-}`<GSadm5w56fD;~uq&^L+*{~yRE?f%k4st5MG&n;&<WZ`T*gF`%
zJPKR$gdQ)tptL7X?Vxr*7raKAEm8@H+N~7hp!|R#TU20Nwj~#qo|FW@ABsF}ddG~^
zsEY4CnDoOiPzm&GNcb?+RPu~F4LoJ`r@sR72i5blI^US>5@<O|R~7RV7!7f5%9u00
z&oHmszz&+2Betgc#HTEhFv%b@hW0x46Pvz$x_%>4SD7`8J|n#o5U*cEfRKlLt%V&&
zVU;%JJkjATp4M!emSNqlmtDJ$m3s@9;0GPPZG=^UYQ+zsWZlqV#o>xFki~mKIegH6
z&ux%{E#MjDFmT2e)R+BZJ1T|eO}b(>?Z_Kl$)fw2r%r0SB)b**Va6^?qp$gUeO4E?
zZN3^`oDbD9Nek;ur@m4IT)%^5VLDc&iU{yEGf7wE(8fs6V6VE9!C<y~Vo@o+lLy;V
zR5kHq6)JZ906v-o|0502bK8`5y*Pjki<xe^I)5T6<dx?k(0iSr+cY<6c%J8e1Y+9A
za3S3wXyJfBj6@m6TS6tE`gSkxy6}|R#2^8w^2D+6r%>wsIX}dNRzpP5Ymo7Pz=z=W
z(k7Z8IUMTu3<TTEo^+l30kbWZhLegJc`fk_M`qY#?$sSr(~!^t9s`kuEcS5U3w8!i
zH(PnNKb0X9O8oROIVC`nbR;#M&U6eO!?G~7QvZtgK*WiWnmauzTn7u&9ihmuYfK~{
zCLm&>Ktsp#c)Y89oQfK0AkfxdZ`z!mNRBt5UmKmD+FWsMRzsXvmh$dA?A-tn8(EY)
zuUP7R`%3WJWBwvZ$?GHIjqs4i8?B*Y?l(W-3NYJVi%)q1wbqFAJD3!6HBq0^sYCIi
zo`rMVX?JtA)iH7L)pa~}c*0)muJ=muFu8)TK9*}~O`;0R*ew<KOnd~xH^EIJ&7eq5
z@Jy2VcIg^R($k_&KfMSPWpI~+LKZ^|z4)F>@EDRvg~-4m<y$KT<N?sCHZ2nr)zlcg
zV-=F0SvhLk+~l~<UTkPb&-4=R+H!qDF-Pp-8lJ5=;C+)JTb9KqFW49o9O@EXxkI{N
zzJp(4Fn0oG`yHEU0^eueeAfl`+pT0pPI%J|f-c^Hf_RO5ZEV~12EW%KM`m2G5`HRE
zkLb;vp;gCbw|VTLCWceQZgY^%c<$N@m-ud*5NWSVvuIoD1T8hx-S?OP<HNB4gM^Rg
zG0az?yj|CA?G@;&vfZV`%ypscud&R+DKmts#CXV?eEr~OFN`Q$W)hyW!}A|eJuFw>
z?YV=oaph1Q`j+nDKv3SqVixqwyDOrH(_YzjH4r%QPSg2zq^$P2#5wXxuBYwy_<F*B
zlal#S<7Y&Pv4k$ETNc@_+p%6g1QTM^+~{CExLdi~m3iS2E<!~8!^UoNjm_3OfLqTu
zvKuLKfWd5$DEE`%PjofS2AX__w<xDkXFFoL?FW2bU>c(?A<3IRYu7SGcq3#fG+wg^
zak;Czs3I>jXebp2T2Bc-B*rZggNd&wD12G(BNNQKxU0Shm}K_}rDAAPtb6j~a8bYh
zt{UWKYV3v(O#l@TOZNcTA6HaB-M&lXsowMblMOFS(3Z!8VS--&x*CJeSF?)wPg?ao
zBf3sy-q@FV)F=8wCsU-`2!z76SaP{Lh*G<k0<P;D>ebb>N6rGRTil8VD_-CVD~$ou
zzK%=|B6f>FEj=pTf(xy{jQ0_1?)qp6Ds-<Lk~PzOXdBkq+|BG?NzPB>m<67MiEJ_%
zkqS2^F}UU{2B^4(Iv!k9(iIn47`H3p*0`E3oQVdngSVT`n75sJ1Y)|5Ctg^8M1>U!
zcX?-Rpq%oYsh(41BDIa%LgNXtRUk3KoQntdo~VyJSOj4XiZ(w9b{xbs*ss3&64&2g
z+UM@hP4+Xuzaxuv{%+J`xk}ga1=w1Xq~|2NalAldPq5y74e+k>f0rzONPwq#=6&@e
znOXwPy$*~fBL48GxEM0{rFtRCbN+T*m>p0AW<OgdLsVvHUKBugZ0$(XiSB+lBCG__
z$ATcw2WAP^%MgW<J0(=Hwp{;3$+a-AN%WJNGL0@GgZ2<|n*#@huhU%IJ6v35{s0&q
z0PAW+x+kXyBU}cqC4F`}H?4SL5&BJcuH%ZLi-9UOc8%X9(i5Syf5bw$GI!Q@gC?Z-
zCH?FkmM7mJLZPv?h<v?HU47lDk8sb2on8d*j=mGD+jdGl3;N=3$jjvkPVr+AU8?qn
zsCYW%;~Dg}irtw17^~Dv`s!snFD?CU#qL^(BzgmF-`z!zQHWtOOiE5dNA_-{Wp;Mf
z=87k)41XYb%A%iI!fB$dkB<!&+kC@{%Wz2eF$!GRVm%|JOc)$PYE6`l<T6)_mH4Wx
zYp$s){dw0qKJuOkqR_72%7s(<x}kT>g85Q30hTwmYf=sdJz$tMit93(2p-B+l`Bx+
ziN1Gv@QNoC`~8!540wWu!QKMQB#WDCeS2;a*3WJfGJG`f*m5LYS^vgsX?Sh{=aejF
zCf@Z`eGPJ6SMji1h;6XKnFh@AC#0YWuIon)%Af1cQX;C_sn`%PD`(jD9t?A9T4hJ+
z$d;IVdrAVCCP=i%XJrr5=V^J>W~HI%eignf=GAOiDtGEaR;p)s9_Ox7vku&5=PL-P
z)nBfc^`op#l73=al9{H(2pcq)J{s|9dUQS{MKucV3D#9-L?hXbi&4zgguG4FN_a9H
zq;_sqU^0`bT-shEqHtDMLxA8qY);-7ak@UfLYZrwna6XAHbb9=6`3lY4mgNXP&8~8
zaDoLIsDCq2BLYml%kuP+e>=AXerR)F$6Px+z0gzr>?xEQuvs-jZckRiw(8=p&KCh+
zr6fRCs)RH^6*F3W(Y`|#kld~v9LE}Y`Bl9$4h6uM^|LCFyb!+W%e7w26Lsm!!-{yU
zS2?UJDRVnhm^tRG`|wCF9G&r3=}>sD;1-ui?h_kb21DLF1@j+QhOt5u&bFv8G_j^F
zg<Tv!P!e1qpwfyMcK}98SQS}o{Df>0s4q%j>P>a_w9f&dmgALuT6@S_!JS1ckjOnX
zXXp@)ijIVtEw7XTzI~cYd?agyZ}>4uGhh<#s49X{DEZzgK|K+yP$s5-n?W*daGf5N
z<A<{OWSj{DHsMtKQ*Frk40j}0Q;tHxf;e=kCk)ui+U3ziWcH2pS!DL!tJ34Jx(O_@
z{_(SXw9-Yf9r107g;-wY_a`E0(KtD76PQ_<ou_<eYj(`9c3LeRJyXg_#A=_d-<0?r
z`b1LnO+D@lgx<n@#UHXwFlvLu3|;b1ujMr5SuFvCeO{Bhw~FFen363mSfO2mp4nhY
z)kWSvP$P=}Zm!NX18d$;s7&>UnKcsev&%D~F5U;$N_32k8d}MI51T>wGa}4WuGD~S
zhFzxOaZG6B{JAIh1f@2#ZL7r;!-Ln>EWGe$_ZZ(6NeOZrB`i*id8hHA_>L5pt<h~g
zI+JS=3-vNyeJ3RiaaC+aD!1}FhN0q9c;%w2l?|A6;Ft8%#4Fv!hitp-qftBg(vR4S
zd`DxgEp0vp*F0J}G`gPZj_nikNa1pjyi5TkhJ@p*4@KBfnf)bTwc8}&g~}MLq^Wlg
z(c|^4^x~h>EphgNVKR%D?}K@iAwF|a<@6qUXRSJC-<k5=joB~8U-zffyyYroYOIk-
zH6iNkAkJ@wQP2pvEou?w!}anP$ANOFirfqzeqD(+wpO6~KGkHi|M;H&N^aRB<oMQy
zBtWnWZ*Hk4NYJG2-Y!Q{s0-ELNqsc(1Bw;hXMO&nj#0m0veeHdzGHC)Gddj!Y4816
zdyG%M6jfaWF!w^mu9)Cz`3R9ytz@Ls;f*-V>@3+joNY1RTzyrZUMchnGCS7eg2kL{
zKTj1mT=nZcyRSGf^!RDz%YsCa?keUig|Ny$^<0~zYfz%3k$0(I8TGKZe6(JIR4k*-
zj1gN#pR%%1o1HZ5`bnwP`^Z5f2E!6+lF!>l`ss79jG^d{s7dSI?aSls$#L1TAKUVu
zofaP`fcppfZ|4WrRM?LJBZLLFkh~;~&Nyi}>kx>C_h+%X!cWghSjN^m93T6(<uI~m
zjG7y28R+2>aq$}VQ?rDmA{cX1OWrQhAnCKC8I=c!v}h31#3v2S(&AC6>~{H;-w7->
zVC@WF0R$@7Yw%>V%lubaf-2x%wcR0dFF4D4x+n63gaP!{B6IWBE~eqLWbcG{$xAQD
zhohFGtx+Cx(uR0S0(YwQQLJJZ-klMqv?gSL-O@0Rm|28dhodr)Yxb$7{Xmz^SvDA}
zBz8|CC|Dsjo1DPan3KF&DOP}#*|ka{^oW^yPi#lqCR}qIK<(0=0Je{?#{kS_^bksm
z0O&7%2P}>OA{NE~vWPHKw>gMOrckDIaE2b|=pP<E+w<^Xtv+1{erBd}-cdFDoHe)H
zT7<3@y4#;_jc-U@F1ChDrlsXr)b(v|@7cnoB{v#wm`7^5>KUt(*&uXDs>(tJM~$;N
zsY6^+h=n`kQ(cR!F9EbslHAxQz?NpBIOWx#S$MR~`tEuka3WNrydUmfp=)x_N_`_8
zZw(%ze(7bn_G2J@J`mq?z8da+rQ3Ms!}=JRx;ETsOQzgi>>F`pr$W0;Be;`jz>pyA
z?2D47vUh8U`ZlybU>9sSmjD1^B<-D~0I+#8awQ=A77{_n)ZF{7^@LB2JJj|rKCK3j
zx^HNybS%_<8}_{9lT^8BartJ@`Rc8X%!Z{y@_R+07WTwy<em8#PBza)dvM}`p@mJ`
z(lE<(M%-Ysqm`2>+ON8j^^9<0P<wu^0E-n2k`3f(>WsKII{9IeZBrwg#>v>ChdUVk
z?00A!MYm87%>%77&z2{oNA9S`^iVqU*Ss0=(E|!I_HFm>n5<b0`M%@N*SU}B+ze5w
zGnh=LO%u1-V%e7mP|iuoy5IO$NbruJ!;bn<>DG&A-yn*n0Te|Ht!ck|(2OC-7KWuN
zbc^nJlUQ9}e89@6VGUpuUNd~CVy|MKT#KM?WEgdIL72_s_G@L)kDL(^C{tvoVeh*A
zW?-rQm7UP{MWqT-m_5^+g*>?E+sZ_q;sC$2@8>x*dlBS;bR`}XCg)ZdvRnarGb;!q
zZg@X}=3Vm+Oi53P6sI$YFy#RC1y}L0>6tJpHkev?S}u=J#H)mAP8+j=0k0j;fuF~>
zP%VM|dqOS80i2Oo6VsJ~<k=!N^1b?ZR9;R<4zSD~e!=>qutS?-ZIP4fQd!gNhoWNn
zttM2?KWeRACbvS4zUwh#ig9omq(DnMf8$T@$PFb@pVmV=^e8|5bSIQiiwLy2ce@#=
z!6Q)MeeEBROX|?*D^x3KQ^ZR}kq%NtLk7_JZp%W)8#f|;*My_v94yL!&f;QHXv_7y
zCK4!-rj^fEfvY<L3v+D;b50`j*?X_OxWWiDu~4yXcK+;!X(bvi;6ff?4RKlAL~Qbu
zB(jMfM<myM!^`D|c4&5U=SeYj7V}mFphX>A*aaark1zr`8ehsuWtv7alG}m4paHv{
zYNb4Bkvf!?Wh=$PsDv8(ggkT6jrI2GtdvV|(lXQdh*E2ow7u?K-w@v;L16{F%eozM
zOWD_C?Uvp0(gVC8eM=$d+cn`a9tB$en4fTt>|Nle?k#hqDE`tU-Viv3VCaHK$s7QU
z7?b-TOtB-IMhFXoNnwuXzW2(mO_;ac{_ocd_dmZ^$1e5AAlX`v1TTYm%!6s%tflf^
z&Y16WY>+skR~j#~mKF0m=n2Gmn*A1VT}6|_)hd)gM%^%Cv#D}@^RVWHJsX#~o?bJL
zu`)HcTb3YycSmwkKuW`c|MLd+vP}lY4FyJ^AvGXYxi1$rDGW1w#SKNBk_G+a?J8V%
zZe#F=4_1*DSqw_GUJ$!PUlGYslw7}yLhQkMR@VfCh?)=ft#c}j>$h`#L-T$D;~_kK
zEvh6m6xlEl5UidS>!s{ip;OioohIhcx2VO_LWBu)$lnIDN%O*AU<tjxS0-%H3I7B&
zFZ)uK>uiF#U}{cqBQh1VYWP~fI;+qSP7f9``ApK5n2tlqqlj&;%Wzyz6o$!;PWl;{
z#QlrN%LIcd7Zhf!^8==hCBUyZ9@4}ak}4b~VkSqE_3&_z<uFs2K-r1*J~JCXY5)#1
z7isWqSyHY?TK0_PI|qTu4|F6R?xNsA8G7i@@kKGF9F_8wocbI413aQ-VRx5nE6|_O
zy<g?OFfyoK_gV-h_~)Rp`Gk{N2S5hyfq8b(okRP$`+V-|C;xQGlE8oE!5Iu4Jxms@
zH(GR?HDSWhoG|I2YvXm}-%s>`SU~cILTe&3)NwH!!wwLgBbPiG##E&sGY<$4_5jm_
z_4&SRqZphJ%LnE*t*(7uz$R*ivjZdgu6_~7o6LeFCsy;E!X)+6IYJHtLh}ew>P69)
zGQL4|HU@!HEf7q*xIviW_L1Ppg}ChF6!MxA0W)*90c{=%W`aXxCY#<nO9i2;<5yU1
zDOruDs8F+hU{5;o>ROlKr$uCyuY+xn+~QB!2)$K|Fjo97qlBzqmPx9beYnuahG<KE
zBvF*RtBohV7)G5E|Hw?g^`C2^AlKyF3b`*ELuaWXB>z^p@-zMZBK>Qo+Im0R3`6wi
zuH=aVFTl{*fUbyq$o~mj8KmZcqx;g5y~!T26+h~>wDj)W2b4mq`I^3^M6l|L08u~K
zxIoHd7XTiOsI>Plf?x1Kk_+E*U2}FUUuA7x{4G~htw84lbo-g(hs=Os;BD0R4O21b
z>+q$){GSOdBccEm3u-}*FyvIHB~5Xwzsxx#jYCLAetA0d+ofc%$nUtvmlkxg8tus)
zDr4dGn!A$j5#<I{+#rmpO9wVLbVeM5oc(DAQKb^bjqsUsreiPT&+c0cjz`fe|CRPX
zJ6l3v=L5@@bI{h#d(pAafgj>>6E@;&Ip$jh^B;X$zWlYM9WZ8s_<K$GL>jUCZzEmp
zBF)MA%gH^F4%E1H;kAQub948G6)fVd@;88Fsl9e=ft)^X-pgbte$6O@V|-Qwl147=
z+6R$yaGr^wgGklF6*5tzNvZW3+f>*R0I5RbLZ&EaQ<ExDNkVR%foM|I!%@E!o_OS&
z*<EVL3%klIe;K29Tfj*c1uJOG%9JlGrBa(c2%PmSy^AS0ed5et7d?=u{x}bLbKC<E
zHux(@U6Jm0y2m+2y!>Q|vRBhhO1$b7Jy=SPwO+V2et?!Nf5qB)`ty4NY<f!f8vqP}
zW=YsG^G}Yp@AK;3z4<Z3u(9a>;IgFWfZ;Nkv-ZxN7i*<beGGqY+vGvc?UCrzr7nCh
z9ds<_5sgM$T+kLm0)yfKuJp)dmj*gWC|;Fded6_F*TC0Z;IcqjAseQU5}p`MVA@H>
zsz8X>BY7=Lgv&rf+BlLg_u_ViA(jKhcXbQCQS0PmKu$9}@LXm7pvG_f(&~19J;SS|
zimM?C2&pWgKS#ntp#YRhYcc9;Lg%*HpNd*!oo`<mHFX|Q;_xZcr3CnDoR$KmFpWWy
zXm5$mQ-+8UT6MqEWp(K3%6@ZXznV}s&=GAy+gHvbf)_5u*%BL3_em(<Q!?^V^6<2v
zXU)05$Grapjxx7UtfJZFe4>0LlUE_U_+bdl15IqMQ5+erU@}Swsr??Y-STcdUsuO`
z8!YSOxlUWbK_%fJ%rXwzj<}ia(LErgQhU{pNH7gE2XmA-uS)^fa6-I9i<k2vFoIVY
z<M&S+O`q9*tF^s-)kV1s|LQVA(+v0*<bms0jt?Hsj0l_Y?55FyI7Y%zH$S2pYcT~P
z*CwgK)Q(ANq|yNo{T>jxju+d^sV)vFNGlfO+ojU#(>Br_`4Ue95z1fi$JA8m#+tB!
zCW#PW?J7l8u*)`@su5lyjHuhPD~!2W=XI~)v`IN>wRm&9tp&=5CCMx_C3`l8^ar(K
zUEb__Gv84c3bvWN+)x5(+31uxN`HKJfu7&(<~W-43zRqQa>r2|AOdP*P7k@w36I?<
ziIYlFVYHZXxeBlY_>E{2pG)-zCTloE9wVvk{-T3Xk!6))#MRoImV47hgP*v84O0f7
zaXj9IDaD$<$>+CV(RY#j)?k-?>PDkKWTb#fJ}?ny1Ga}ID-avAmVpgKMgJloWE09h
z@)6wrN}f!(m6Mrv0=rOvTRECpnsHFIv2h5%B_V8+z8_K^uV>{g^<p7&>v)1>f&Paf
zy%Qa5f-p%U%UR=W_e}P^FmgeqV99!oJ^!9FBcC{mQ&>a%8)On`V4-48dTP$_@eH`A
zmjXKMMKR~QCCDP=Btj)dsdbGYjSEoxb+f4CM$l}Q4i(yy^qH4(pvzfz^)y`}@n_6Z
zt8f*p#zcf`E;nJIk2MngXyq*L$#Ed3T3Ez$*irIDab6M9F-g+gha*ILZX<W5TDE=E
z+nJwfcxg-*Yxa7Uv*xXaj5BD}-p%z>u=c4XvKz=#Eq~!{5}*xl9Qx*p$0gq^-^Q+b
zwYlZwKC+RR=4_T@1wtJPL_}<pq)8dd$2W+Y_*0*tH-T5)?O(M0S7Usg@%evK28?=B
z=v+hSp(^8QvJY<LG(dHu=l6bzz{~WG<FyyLMRJ{zBhH4{?!O2gB31;wkBcqo<_ND)
zv%&FT9^*%QP)Xt*$(<LzgG_oe|A1$3>k~&@T(&|4StWkb7qVWLywO0QQ_6rNVYX=I
zd3`e;9YE~Zv&Jk@p+_5gqC8L<(>_3QPpQM)<35EM7DoFsffr=8)Y~EPD|MxH2W_tq
z$#lzbSMtRt3+y~*TrHqTYEb;UQy~L1qr32f4+42l24($fqEC9FzZ-DpwaLMb{4W71
z-vl_UVGsVtel+o$MN-!R=auXofh-B6jiRsL`5JXY@T9GRJMVp{$$XkIBzp^sk7?VT
z5s+ua;>J5qUio8ax4wm()3beU%&=Uc+{`L#;M7Aj*9u<;Ue<u91w@zp7{b<OWuxTO
zIQV5jB{MUj4*c}HT;X-a3dYu?lsSyj{(81~+q3Ld;rCYkpAvkmcNkfGJ4rv^T5YEH
z!Fauq`9--0NtS~ANW%KqHmHn5p9odIwx=|M2}f&&hr;0ZPIKpBlk4jx$I3$2sx6tD
z+>eUPw*Df^HO}LnbfvL_OZacrXXeIwp+(wiQVo)+SxfHMlKO=E9yx7Sjw{?YUlye)
zsJ3>TFUJ9ccJF;bZ*UZG)ocE^XBg1}c<dF`snN`~;sOt-8l{ze{P@e%@-MRcS`;){
zFzLcy+yJ4BokNf)!P;Qkwr$(CZQI?qjoY?u+qP}nwrzXvOvIbTA8+yRDkExLQJHzZ
zb1YZZ8u9!45nm&KrZ9mX;SifPRM89@O`(hLBn|YYpxLVA8rfbHtX9$RPvpFtnLQq5
z@b!}px%SYX{#D7UiCP`uPNi262Ewx19q42|xhXSthC39JbP5*l`b#4;C}XwpE-Rv)
z8Lh;)M(`%jL!|qzU5skQE_Z*<8d6lOo6p`uu7^Z)@z5x>(PyJJ8?=<6rHdKE{Eb75
zc3#plI9QSMeP0vrM>5NjieC(9BMMIn7y<uEV<sRNFxc$85EmK&xDjYNaQ|Hwu#{Yf
zY0)G~9>F8J?@g|+HU_Uh?+TSP$j$8-xFljahBV2gAX-SAMf?4jp2G7IvO46HMjnm#
zayXC9bSr~Y_0wOkflSiA2|#yo7ImBDaDgRgvy_&waJEm<u^3IYMF9mJgFg?2g(QG3
zZ(A-^+j$>CaG7j5un3gxM_W=f^11vWSGgA}lhDqOGxI5nk}4}yYDdp&e)vq$i55|s
zXZNtRbsfGJ{B6XXE#ltCf+v<rY;mBQR<*a-D3K$Myq<!U$YEIl3;+;LmdDVsM(|A?
z)8NLh>oOdL<6<vRi%O80YzlMjvZ!L#Gy^{$F~S#k_)bcGdt`PryU{jg?|ntw)zrsS
zBa1=ibu`q&61IE5IX!b^E4;7*F(3@qJj`raY3b}1+PT^#9w-U~B}X{#3>U<yXV}Nm
zf>=4P3Cha)w5s?K5ggqJxB$4W+h}opmi42YxUdY52NKa+QBud3-8IhwIAeGD7(JO;
zY^-K%PLHSwB#HNEMcz(Q=JdSHob^{earYU74>kLReSlx|V>l1YLIB#41_ob<OM&GG
zZ-GS^sG@^FnIpo0Akyk8X7nMVHuJ%cDNo5W=XC|-Q&NLoSo#w+tKIgh6=E*M77M4k
zat!&xr=+S|7#h;=<!q^J!VD2yE-pi(KJ-yWgW)FBPP4<7zewB9_Zn@aA{`AS`=^~^
zfYUNmEosr=W=9xagPx=D!-rJvQs5zucrizOnAt$*-(S<^Cx;21_6+^+IzrH)si;96
z7x?aBT}goFaE07VdUgvXPtRiFN~dB;+GU{a$692%24U<xsNq^=tA42()>(7xOB&Xy
z6U=%!kCA(FAPIvD&q^5H)*FJ|;_HIzi)3Etj9V<lHnVU1iA6yxgF^hl)RV`TxWyO|
z5&KJF`5EDwxZ^Q4wiD?wLzb!H^F3Ey(a6au`Lt<Qhf?c#QGhUEF!RzDAk(YDCPzk}
zy+K&Tj5zE}!4xd(aY0F=P|-l2fq_dPuKPi}X!&3}#nlj&C6r$H+V7rXOO1gQYlD;)
zlZgutGFWR0q@E(^6V&(t196a{c&-8h#-*p#qURk(1nCV%KBLh=q%z)WCtO)*^0vUF
z>GxgK=wHGCz3t(gKcqH3yuvuHV%&HZs4xh$bIAi{CKlI~;Ur3B4>#VGl#N`3A1f@x
zWD1cBOk-j>Hc7dF!IDkm9U4}`-e#(=gbD`Hgs+57!4<Y|#mCvxMP0Y5)J0v0nI^PT
zNidM==E3#@UpR{Eh=1tba1CX1G}e^e9hJEyUMbV%p|Y&VkJWmax!@UH+jw;PeXx#Y
z7$XO~n@2qra75WrOEn{b0xVI2S@4RGzf&zR(}RIeyoLc?^v~PJdX(k8Trv&(qy@P`
zkTb@Ms)kZnJWFeGS5sBNg0YD^*4=b2ZMEC}ycT)uA%ZE$j0e)nvHJ&W-4;DBl779O
z)}qWWSVeEJ^+hd_JA#edOSSilpwV|;8HV`^mG{j^Fz4oRILtdvaDvW<5G$k9DZ{~F
zz*820L5`Djy^6009sAT&c??4=C=`-i#la_1{~)8xXEZ@+>n)rPc5pnt+>OAxyYEm)
zz(xiq2IhVQ5t%u=`v(a@!LW$QjE!pco7{@1!M6aVBa^`R;_Dq|OxkkM*}c`q>2-2p
z(AB$a8X|rRmEU9f>rB0k6w}f(pw*4j;;0kwAq}34g}HI7^Nw@tDEZ18_h^i-VtbiK
zAjC(d3F%%@kRQ9-PFAx8Qa7lCa_ERVh6y+YG(K*Su)q77r03Jg+r~^5e|n~lJ+o!9
z_dxNtu%rvOqZT-~IlNDru#DEURUg#`L>-S;jjF;_FRry|@S*e!R*HG@P<_uvTLW*~
zJ)EC=R0j_{2GC{F5he0K;(GX4&%-Zjl@?4$tIi_?7oHc{+wsV;BxS5Wt^o@2@74xK
z#~>jOOUcP2X{-GJ?;)M9*ECR8IQ*M0gS9aPw7Edgq-6nPHX^XMM0eRtv|vyP)eb`!
zo?qr2tcgF++8%liZF7z#boxdISN1e-xj@n4bKgT0Qx_dhefZ7P>--B_x=0DZ7V0)L
zTs<fJF_*v84;YD<eFG#;x5G#6K}CtNC`iFDh>Q>@U10j}!cm(GRx%a?8XIw%LJC&&
z_LUhhb%DK0%|jR6x^8T(#axA~ss<e=2q>O`+N9WE-%eG5ie9=tuj7(`<xmjSrqJIt
zB*X4sMk1qb4cNF+0JUv%w&`T%gW04}mgIt`rv~H!AN{;^qyX#X5a(m`^+~0!RHbHE
z*CrI$`o<5|6#l@5|9SfD-BKZo;yNVEYMKwv0-@Zz_F#b53@^t%7=*XX7^%tv7)>qV
z&8jJ{vm}Pe7`v^U<W&5{`9)RcS$oncNHx+G$A{=SS7j4VNuNOI(V95pqTq*_CrZEI
z;eFx|5#lOMDVX-4Qo!;4c}7l_*3PUVA9Q9<zkS4{$~{7#mt==s2}#~d(n>2l5gDQM
z%pmvOxYE~*UT3Df%0|$&)OMS?y-$}x2Y^s{!W-C;__AjEa6G;0Ykb!kMfK4K?(JPs
zY{NVDUrjYVR7AHwUh-Re#uX!0Dk<v}GeH6iAhV8=MS>>GNnn%h-5fm6_arnXm)U%q
z?p;dRP2naFco3H+JqWZu@iSh~%<J{*jKfKU#hRLmtti|BWY7?_>6fQC{i!nA&D3Mc
zRq)UV(y`gG=m$@+uPg?!j!vWl(WI|4P9FdSHjT^c8?$}W)Z7-ke2BT0y@@kKLZ9g!
zINcj@4M(KEQi5vbm>XjWVcgOtIEF6HeG#&R!j$(E40g(^UFn&?&seM(^bKNi7eS1)
z5&l48M&ih(KnX0$gxu0L==KIin;P(5ZCzSVM8?FFr}T6z1Hboe@NEwg6|U91xJb5*
z_eh#@ytK&$)AT&rK{flO<w&xg3<BKUe||%SW~rB=?NNL+=q~I4WWIC<GVS#dY^)S`
zTyWsya0vjB#fdP|R`HDvgZG0sg9&WZSp}}IOvAfWivzze@PoIhZ6C$^Y^0+pnO`yC
zyod^xF1-@?Dv%kybI;J*Xbs{Z?yAc^`d+e(<sx^ACQmML0t#{=^YzB@AaRt<TbrS~
zl^j?ce}c&;h?!?FLIjqC0B7%{Inf*$ZFHis;iY5p*k}>Cn+|Glopl)mXUm<)IgJyw
zrj#mkX%~LvQAV|}ZtwauTM-(`SR?k+0#UFujweB?Lm2|whNZTl+W}LkJFpg4QLWvw
z75*RR`3(#z@+?t*I>d{F!1%+-w$@fj`NWo3zyn#`DSOf2=u<Iu6<~Q&tq>9a(Vk|l
z6ZwNbFs`UT?x%4R-}a7Bw>+7^$XR~zdsHl{<1&6=DImVg&~MWGQSacI-F??HF-4^c
z+o$rODcbc<G>ZpFyL4)>8qmW>#9cI1_$%m*$y0p)wcarsm<_Ci9)F<T;&}bA2;OW!
zCf3lyPR~!&Uj>soqHcxYmo<##EX4AnoXGW>4|_qY7@uGX2eXIY+?hlZ;8pOo^H)N7
ziPjJHXBdq$u<A7x;MnLu<HXeOeLPeaFvl&8GqB%^OoOD@Sq9Gg%hcVyBf0>iG1t>k
zztXSFl+&?l9GFTx<p+rC*y37v2D#qRfYz1Tz$~cCAsfoC6Ie|nCg8M8TV<=-4wF`(
zI*t+YBM&hsMP$#z5z(FH&OigOgR7gcEb7dg0V(#=!&X}gg4@;Kj!u%$2#AzUTrjVM
z+(?*i&V!0EwVF_!mwmDR$E_ng8X{g1<hr~KbPRGFG)89`pn_LreXc$??G$p39<LkQ
ztRiO;PZQ=|H~au&Z{}mPqIjEFm#uSI;54;-DNIvhp$cc&_uf$8umg$`<h4ueI8OWW
zVDs4}*?goBphT*{pRl5)%yK#S&gU{F!oRP@7CxCH2f;|5I*u8X1BAF%p$&XpBq;G*
zE6|@A^3KUs3USs&W=Em{KYg{lP#Y%TcGy?wAbmxp!|rf8OFxUOV#LEOson<ls%S%M
zoznt&cUR{3q<ShC+*&t;@Vj;g95ia=cMIKgDJ+CMK;4*x#ubJnJ$(48<xa*m{ZLm`
z^&Rc-*p*|=l`haq);fi7Nuw1CT4b26)$u*Fdz=MD%ck)`HW;P^y|`uq08$Jqgwzp_
z3?Ig}(*9DHEM^sb_HnYa5r*@aLNAk|{!Nq6hrhfuhsJ#EYK>*l30U%Qx&uIgyrRKn
zjNmhVL5Zqx)Vt_RWeg{UhWCiHQGgiZ*Hp)qCHm-xHAmz<a0%srBRIyPRjf09O$<ZT
zCdbde=p4?=Wrbr12o&IYtR4q3sITN_YL7fn5{o`cFw+QrK~hV*e(!N>+&-jSM+_cT
zjn$5wA&|%7io_o~Y{8-#ifBq>KC()bn2K}<%<!>(gRlq*H;#>XJaNiy(L*5rx(PEF
zO0Xewh%eC$*g{uFS#Q(t@NbIU$&$8vZe8rvOw$hS6ntMtENzjy@()0yb~B65R3jgN
zQEYZR&feNl4X!<cc%$c^Cyt!6Q7rmXSv*!ovZx!VZa*sUaK=ptUDOB?Jh>^^ac0gE
zc_WN<(69LyzI5SCOYp02&XBBi{&@e(tr$!hw5w$vaJCRT>Km78t+zK0T-mk)fUl@c
zZ@T`ew%-s7);Vl~E$=b)BVX*ucVIJy{ppI%oG)oFp*BU0zDaM~2Q)b-&-NH+dXj+;
zK}u6<fuKG&c)+F;q2Nl{YwtgxMt6{qGJPW8RHB1?`AM(Z(Kxg#)XsgN>MY!D_$`@C
zQqI2#CooI{h*%`}o@xKY_d3>vFD8XSHoFjN_TS6NcTz5#fGK*}vDF?;?6?nva)y&$
zrlSi4S8P)Ddeek1dK0FyQ_9_EJ;;$=g2KEL`J4Z?YKwnzdbal1MK0<~p$tIL8o6LV
zjs@vQEnCu^zdTCP;{*tIoAy_+eTYwT^#~LkN`qei%Ive$*FFY_K@fnckN=Yz<0lkv
zX$pDLAPyZtwSXI$<28I`vXqt;i%QXDK&kyTAaLl|iSgN_&}+hNFvt=qZmV=?$@vu{
z=Q?Z`E(mo8VCxs3?A4hs^+P^w^!!`bGMPR%mn0h|>h9KMsRJ{}L60Da7NFc+{5qA!
z*XR;qYkaNDy0xAsmt0WC*ONHYXeV7Ld>nqW+|{BIK^2;Az5eK}Z2nEU{Y~?&`6Fz9
zV_TxzQt$#gt^5Oy8Q$bdMxxu%jLf2=y7X&it=CgTbjUcwi3kz5xS-P~Lrn#Yy2#FV
zwY??HoFHv}Xt3>|_}$AAaVgm$kjI7G6uZkHub#6UH(Qc7d$)8`*X7ahorEJ_5HHt!
ziX3IG0(@MG3oW;OwXoIUpeW7Ww~UaX2)SARv3@|jI)xFI^P3%7g6A>~XE%_-oB7+?
z=n&pFBuc`4OJWI*WQn_W2vPXVwH6k9hb%T3gFfAJAilb8DzR!)+NNUw0oOeBC<4uJ
zY9{L(ECW{i9DX(wv40ShZIuq9+Nft{K;nMqQ<+LQ8n2C!x_MeV%>h68ON-FSRg7x=
z^Ol7yaZ|;V16{a4#BN9{KzL(=9`!LxLF|N<j+Hfl0gTA;Y^Igd3~dbT?=tUX60%T|
zSvrY{?K)KhVjjmTnz_&-cppa#LP6;@TP-^!Ec%vXAHDBjR!bXsXzPmT8nT@8rPMQ_
ziC5%BD&!EuAe=L<E&o(6M97$uiCgC1fa>7J>Tv{A>G8=Us}iwm55OjhGH}D=LAVI}
zAgTG%0$k#dFr@U~4BhPi#n8>j#_<1@+)M-<>`aXRP0-EB&d%}w{M-ak^kRRk|C%}y
z(2H3c{xuabHMTP`h2rCba{B9NYG?!Hwh`S5s*rV#L>JZRNzjL|wY|N~ieTagNCpE8
z6W9p?EoTpbw?)_{949b`pc4>^5Fi~V?ecnc!}+W4Y$v-s_4=28Ti>-;zE^cnqO@?9
z((2M0R>?7BfYZI*Z3y5Y!=uX!01wZH4iAryMobKt0SD+~GHTcYB%s|tJKyM+XlzhG
z;H^*=5W@H950@~Y<qZM=J-?s2M3lNlR491g=pgY2egU%#Odh}!z$Oq&JAmbkLL4?)
zVOL`$JB;-$fUnoIFCHKbTNQwwqM~68{{Ucv90A4}7zC&V&^{bN=_vaK03m?4IW_~t
z&9^?K1_{odJvyVUt-QQEU0xz~D)W?HL^ALmWC%CFlYlKj8u%F6U8kWR+8pGQxw(!;
z6aX-I-Da+fw>ftkIRY3E4;Fy|Hp0?1;{dKDbO0cpKHQx8GJr*=U!HFQ>ko-Nz)uFO
zUuxv*?O$KfUpbJFA4Hg@dIuLrK%wq_1y4U*3?Lv2>Oc1V-Fr9y1WPaMh!74=K2hKv
z0R0Gg&&2z&6aE0Cnz{gY_5HmYPL2Nlx_h=dwgzLjXzjkG?pX~)OKLmo<B%Z1ord2v
z@_;bF>pU^rnV++X&OuzBLf*eXE(T@Q+qY!a+q!MA`3CB)aTNplN#e*W{A`{GI0R#Z
zgTypc008Yk0(xw4TfK|eZk>KV_76X7{4RU9mj_osb)MEhNANAcygvr-9e}(7031`e
zN4KALqrSv6dU}4eYhZA7VC#YT8owsKEP+=)L$RUoz@C6pZg|b3(0lLS@1Nseih3<G
z3SqDOPy92f+M3#$;{xH|voXIf<Kvv3fL@&Mpa5B30bKx!h=_i51n_;oy^Uu8{l2RG
zkMd<yOEZ`RALjM3${+Imc)r>Ellq<gP;a+7S~IZ)pnw`b^Ka02f_Ryu^gF-i#lMIT
zzvOqjnm=|}zq<iRTZD1^TQt6Jzx=j&$QTFT==+L|H+SOSR$TnHfKR^VBYFI;YRD$g
zF0LQ?wNyB7ZQu<Go@2YlAf1%{-2yFK25r%Uxkm4cwr`%}1O^lmqwBC=pK5^i4-a==
zv9}J5);RcfaINB^Kl?zubThuaN{E(+)}Nk(Zy><{0vIr7(Zi1vBz%H`e)PA8R2u<Z
zKXVLzna~$7zA%71EvN8xP9cWhe2RuU;_F{*-{BwtTb91W@!}?T>`16!_Q1blK(Rfe
z&;O3$9y&d2H+%C5@clMt)^T6xdnx=j&+*4TB|?9o`Opr&=-<+Q_3OKY0Bqm*+wq0>
zbAHYES5AKDDS-A~-oPJtOJ06TAH+-HAzsX%e5V&iaKSvgWPcPs5A%Klf7?0)2<YQr
zR|c{gqutgfKk8yCwKS>ZXRhTFn4>mF&a1L|pzGvbv3Z_QRx+;QSl5EBCnWIuA4-TO
z+oy=Gvu_2hh&@EK8*D%6d$lJ;y34O!s@^3V;E_ea8(;&M(&RZ|O<cZibiShkaO1TR
zJC`vYb+$$C{z8S-@_;9GV}VVkjtrc(IJ;T~E!EpimU0@y8tZ|iPBEQmpL&(Jg@BzF
zjTjJroCouJ`Y;M7ao-D6ri{fL|MI5vuC4yfroZ`UoRumD%+;Pn4k0f=SsFVPF;<r8
zar7*=Jks})j$Ab`{*yb-HOii~b0_qo;nmXoRAcZ-jwTa@Y(yhZ(H1YMqCZ;ITu#E7
zJV%-jdGw{Drv0eIi)h>IayTak#BU)SgbngsC)(<1=ZNj~GN&nVDZ57Wgd?GhWs(0K
zfVdRa4lCmpAH4Y@+**HBNgraZCZ;Ztp(S!(g;K7~9oVyBzUm2fTZ=IlP2&k$IfGaE
zE+g)7W!E4m;ghp&!s&aqgX!An>|x}eHn6sYLe#FlnUYZHH!b&^QAHTK@h#Mp43*53
z!bi%@T$|i03GO+z(B<<9kjYwUR_i^7d`abaw@D`1ZulN(EvuR%!Dfh90_EYg<;<)!
zG}6YM{%{nMHbA8~6ryFa#VhUBU+$o~d+xS+9`8;_9t)!0-ra-47lU>LTYs*74H8|L
z{>33k1wB9Fli*p8^vuSl(u*&pL1+ly^R4JN9G3UMDH_vEZs*(XLJ%+Q+;dbf@yI1n
zy^7mq&UU`b53}Wqx(w(Oz)bWrwE0)$6lW)(LDNr!>{)@m_o_j95WC7wCGrfPpX8;+
zycx&Ma`KSjZkU}xVF2=)Irns5!}da!<DA;FA0BXwuzXM)LSr>wzFZ_(7$?98hzw5N
zT$A+exs<|Qf89l$p!}J5D&A_Yt)ZLm)~v{*nR0)8D)SW0%QC-sPw|cKgjSF(^+BMJ
zuW4}d=}cVlUq4)Cg}w&odv!d+ys2tm8i{zCk)P-0uNh9j8L6A<c{6S6wpzpnct|qc
z^|sX~JN$Unsy<!);QT-JR6^o|@6W)r^Fq17vr*4_l=%VjL$hOjrc+-mQEyfosX#1f
z;nq67vXz=lm&K}3EzdA_NqHjM1Wh*CYsL%{;CEfVBVaGK>gf4&->y8e-c90)tU1vn
zk^mM1ZknlVC%sW=l;Z-f0T~+VMw&XR7&SnIH8Zsdu`F*P>pmq9p3Qid*)N-6rx9Ii
zt`t)=HE)uMKG2hoFUe<(&xBEB`xX@Kk4_Sea-0=@)&L&XVsXfYY9R57c3UHl!_$_&
zo$G*)g*Ho`nInD=JYyH(b3Qe@d5oXrZ-QB4p>F4c^qUvsuu`5|$<}ASHdr%mD8fY=
z>Rux_mrfKO%~DU?h5ojRC-x#i=H$nVvWIBUIsloLC#fV^v!P1w5pKn+B2DlfXZd7i
zF0Ds<NGdJ)kc==7u1)a}B;izf)}^NDGtm&Gvi&l+CVfl2PzY>?sizjN2~;wHcTg$n
zfk(F(L}<vR;BN6b!L1Q1I#uc0Re1AjN}GfpCJY3*@>bVtmIRzhvaKjx%BaSqG;0GH
zV$0h_+H=d5j%?Qg7`k-jDeNZYjZoFYVveimCA5#GWaBqWe26GK+u^bmsHYooaol=e
zv`PM-P#HoMW|^Mg=92L(5G<`lXZXR!soFR=Tz)aN!hAHI(p(#TD#x<$Fp_jGKaI|0
z6LU+4Z`*Ujl%-(fXGzSm9S48tB%dA+LeP34;AlJX#iNCTVEqa`r2_CoaS+(j$701D
zRshKYTWJgjyam%B&^l8*1c_eAIuhRNy#$djK#bC65AN%}D<#hE@tfoWM%x2?J^F8t
zC<XVJTm^qE8rq=)Z!hH^8CxK1<;uSLNuH}p^{eX;0*G`n`ketl{z=6Xja^3?+e|e)
zBSU|-lis(SMOBp&8%x-yx(G_;Ri9rt-r9Bg4P|Dm6l-CkjuPRChG(?_#Uk8pF`i-_
zH;G{G_Bu@hSv$qx0^PbwOEL%>+s(T0C+N@x<z9!D<GC~jlY<Ehg6kG(6g<(g6uy}v
zOk8DDDu;o^YrznK-q}>SC<!I7Y~+|`Y>ZEaSM}yuQ<nVs>6_fBYK&saduP$IS)Szg
z>+-;xVeUGc$a$?4!or!f!=!32SB~)z?9$U4ULpO(<5N9mB{)8I4)Yc6NX!B+&gi&H
zo>A#)O}OXPwperVw{)5k@7*C@GiOTV4(>#5<W|`T0WP9Bq*aalkYIGO&_@sJwEP3k
zJEv+W$`Wg%JYM+piknRGQl!cQi$A?QUnFqBbLPqDEhc;QHDvpYO4!8rbQMRcQOz_g
zWafC3h1>%_UC{+$aZu}6&%+l4B3k)ILQzX9k4JhyFH@P%ToMQA#R%t=P8W%Rl0T-@
z;%vZKuQbc1Cw8Cr!645koYNkfD3v{v74!F<;rRh;CeS^!=rQ|w89S-))E%srvcnv#
z8!{>QP7buX()%J$qBB`0(&sMX|Hj&i;oMd2@S~bP1Qzc*hzD_xrLC@YqB+r(ZiIq$
z3bW?d7j)O!>8|vJWF8Gz;Or~j<QKk-yoT?B4?*q7sET2@<inxWH;B6iH(W^RrZIW+
zBN|}uWi;{5qMenRn??cdovP)pEdSuMS%rZIr#)cwn14&f^}UdNh}{PGaw<l`6vOa(
zYEGKgB?m;?;|bP}st95bHt=R%Dzm2*Ug1z~FtdG51$13-NyO%btx*rmCe0Wj^iC=x
zz75ydevC>mubmTes|ol;Y<6f}?sGGnj(|3NDB=IQkni7*`{>#Sw+selTq%f|35O<$
zLdKVg-^c{8W2164Rv>qomS|0>MgCCG7TraUz%0Wl%u?6p-Yi$s>XzcM9b{JZjZKlY
z9P%{n-O$cw^EiHA2!d)GjlTO#kXVImU>6?d-#J3NRrvJ=5>Pm(ic%x7<tY_wP33P#
z(G7L!eVG^sASlfVVCMv*z97^Te@7d|??8w7aaP#ep$%GOHf9&6%T<@JH%)Guz&17}
z&2){NPBu)T*Srdvt`>0wgepQHXWfrOVMPa|)PW{ne^aS{#wB3cVy)RqLiFc+yG6qp
zKUmQV6koUAEaBC5X|8i;2KGPAw}gKMY@W7I(->MC+0|wl+f)-lLz%GJ{jC}_8sN+q
z4M+TBwND~(`Y1UlgGcZziN{p<qlNmTSJ9kDdykUYLR4Y^WSgDuKRBI;8YbRq!JSM>
zeeish$Owl1UNr>|z65e*OhcRDke17h=In#nEw|t@j*lC#Ii}t0J@Yw{h{~>juR=?t
z@vf6%8t2YWnV?RKoQWFR5b`!1bwr_}HBU-s3w$P}f$&{$@`25KDK6~~dO_#=eEQCM
zCEMbpgvM4WRvXNRa8Hrp<L3mk8;`(mSPi025C{ag(FCi?+#aAX;HqMP$l34Nk_~V8
zNAGe@4s%0qSYHB)3tq{_od67J`LXyGjdm^=kKpCek#eE(3rPIq*;4*o?_Wt~B=r91
zrxVsq84mMV2|k;YKF`>!4^8b>+si64v1vS>ht|nxhVPfJo>|KWa<}vuN9ruHVYcvf
zyRJj~o8yEMeDQQ|*qdr&13d}90x6}H4BCzL$dZ~Y>}<K^0x{F)C2Qvuzg3|#F7Yug
z23P`tFTG2Nm`Fwioo!jc4U9&HvvE`LnAV$$_Y-MnmWPOFWE!dPLyeQ)6%iNKut}1_
z1L9axgsVn`!qdka^9sm5`TE)A$MjBod~BpI!)5-)Cf8?~jw{I(e`gRva6)UFOpC5T
zu^h-E#P($6;3Yhar9KPGsFN{ut0*~g*_dvq?_CAPtA1Kiul6#ZoqSMRE!;wkmvU4l
zB0{3Qf8o{!g5vI^M#BCmbs>Z)DEN}IIs^?v!LovdcV(_u(U<tq%5C_F4dD^8RBJ5A
zwl4?Ik{i)5<w~**6%ED|vQalo+9}7mq?@MR>-jsH8Gol_NXnCwOvz+>k#I}TizEYr
zei~%i7P@Mtk%}2i8#K_a#0g}TWAU3FJY!Wjq2Fgir!%4;XXQh}#x~ILj1LmqDSa^d
zuWY*43x9mXiLGRi6y!?k$iG1vgY%|pa_R7qq%JrAhS`-oGEn2uF4?eapxV6f{)?sV
zjfX4~tp-!<go2}&fP~NyG`&M(nlioqXkhqAJ5=C5mY(SQL`NV$TJ7de6%J5^hIR=H
zg&ovPk$*bR1CS}i;?xuabJ9PFd(?@}@vbCw6j%sOuw52_r44#61Mh*y-9q5N&MmHb
z$Y8JYTf{HTnK2VTuoR~WRSIb}`Swx{tKpMa97;_wHVr@zZ6C>Ip-()>BUlt14x6U)
zF`I2xlCo%%nqG22LXQyYG%4Pd7Z#)s&lIkQnn4^2w(&rVl(?S3yT0DZxFLnd56kDl
z0c?^!X5Hz4p3tXeq3QUBveQFEPLW2H#6@S`uMxtT^37f04yrf$gYMaPz|UPk1Tr}R
zu>ur3L^eaW%;qJs<te8UgaewMw**O#T9q~@fRWdR`5@R?>7Dsj?7LWYV10y3S~afe
zw$36xyT31rkwK_=xDxqOZQoCk6*ZLB08MEyoO1gnyaj@4^y2&*`oW5yHs%-()jU;r
z`h3e#dV}vK)Tn4Y(vXZ%>}Z~`QdfGap>a_WjodD;6ur>1C*{`eWK!qF9sTl`5CG?O
z3({3&CFD7;jhY<XX$A)WI9K{--G6oT^0pdg40S0fiSO|L6RsuLxm&E<-(&@)o$mo7
zz4UOD$!WexBU#p4UZ~2D$JXf5yJ{bRnmy5PkXwms+6n&s(EolrNJu6dHa<nlD-!%N
zI-Q_LCZf{>#!+S(MPo@f)la24mmKG}(Ozu2>t%#*U5<0IGrX6<$1?%)Qd2V?<j=TX
zh&{e1UQc}e*xS;DS&4vDN}W%TjO8Sd>}{&VT+?cYJJznIy#Su=e+VvB7{ts)L+})p
zkA_Bp?&U*yU-QC1Q$c6cAvnXh)4b|o7Vlp?)(n1|Jk-)m%A}f-SNrgw-{BYUuRP3n
zS<)i!O{|svyY)g=1EJxpp1*63*q=FvWDDT7SL;xjuxPLuc}x0ev7z`eL;kIFP&y(L
z1H1gH;@|N`y>yRLu#1!Bo@)nq9U&Ab)oA)&j7opd_5|U0e21{A&>Fa?U_%D;-6Suy
zt_@p`iDjsq0F9^!xvVl5)H$LnSXrMW6!Q#wv!08_;2`)%YJUDb_f4r|T}wYnw*M?Y
z*(&uP$o^-aE}>_iIpu8-lc$mDP>BW~dpnxjJi_~{0cHe?Jz9m8-Rf#>1!^$pLt=i^
z+NBbmmSmyf8Dx}~gST?Mh4udQkhoS}*<CmaYG>b%xTqCMXzA!m@0fR-GjGK+Gzjix
zTPfcT#lFwXJvdF=lpkZxpLAiE6aDpgvvS4(DV-Ya_f`|7Rgv2SY~2EEE#uF+A(yH%
zp_({dWBj`sA7jt!l;(Q89*3fM(N(&n2L3pyk3?TDNw}pc-BV1ppo(hQquQ3^2Wjk<
zz+1Di{;0wjJy4|EGGB6P{jg8@HQge^qy=7>vvFfRe`-3sy<^iOMKZc3CN2>i^yn}u
zt36|Kcq;)6?x&v)QVKYl%b%J(&s?N}O2v5s9sQ$)z)cx5>c+_m^PSH<f^LhGrwP%F
zpH6i{EO_vU)0n14`9VpwN2ZVqbyr$WRIiiUFj)S>G4SZ9NlD`~nIJR4bh7KxE&m@|
z^_@e`^iUe<pMoyM&}<%FZCmK`cwmdvn=(ai^P|pYTjAh|ww-wTh_Pe&C4>i!!1NW5
zES5ryas{@>k&bz0{k$=kSGkyMh|V$f6I9D21k}p$=7%hOgdFp8P#ttGUWo9}5miHv
zGcQw8wVL+rt(AO(q1skv^QhGjaPW~<TRSCzD=rh<`Q8&`$>^!$o(+qFXJ2~cKb-SA
zz3+ZnE|xL_P1+L?Qoi5k(h4?aQ(N>eUXCI0AU(Ksref(jF|pti@yp6i@85(@*e~6A
zd*x{@bz&+lbMu!a7dEm~IV&-DlV9}oBcZqRS^RT!*(2Fp&6tMC4k*}Z&RGShbW?zX
zF=^n24w1Uh)43%7QeH3nDYA<=Q-Zf2e>KqM$)$G&*32N-L8A2Ay$r_&eJszUr!gOU
z{!)q1MO>i7VI#|(cci5%`hhkr;5|BRM>WWbPwQ{L4fV>0^DOR;)ZIsaF4<`*-<G5=
zQiWJ{gO$qYScpH4*fF&3^6inFJ#hAQZ&krL4jgRN-}$j&Tg#^dDh~bLq;G94aHEgl
zp&*|*nsu%j01<|(GdPrzQo2<}ZA%$XmxhB>3~a|30sr$bHiNBbGu<QoN#2%L4!S@t
z?wTW>7N2~SQ_foNgP*w&o;iaq_TY4|BAAeNC`!};s&wzQH?!SiXE>fo+;6n4!mRG4
z*368H@`5TB(#eO(cA4s!>A(*g2ACdkyc&k{>M2O3%~GC7ceOrh@p0&BSHI2gaBOD|
zSc;0ys+De%`kN70rojGr{gir`tZnHZxb!JgsUF_mx5kvMmExBg#kIUoJ4mebrXf2q
z5{DAKNBO5HDl4qIBzN_ePC*T6GR>n9cWV|gjq8sI;vgo3k&ux&rrm*vjo#TFkFuG2
zO9b;<^Vi2s7p2!B_l1N!z2pQ7V8ASOQYmBmpR3t~)_^iC2{dh?$>^R65p$AkdcHpq
z$Etc$-75DHKOZ=~#=ChwUL8gt^R)hryQ2JH)dlK3`FyjgFw`KLDofBNfo3)AhnK|q
zp*Zto*VWr4{G-i-J+=aN&Q{OXcnDGN{fvy8@$ziamYL^&%0#~>c93~<DJ8iF%Dz=r
zs6SI1sK=-D5LX<zT98;XhtU=taG3wTeZS-7wq~EyFP|Y@u8~w+wmo0QhkVA7u#Sp+
z%a%>2JiW2on!K+y3)#Tucs~m$APuPS$TM*t49xzr7*`ad76^!TueVBH3J78;pNUI9
zDSN9+*?+L65=4HCz@A5;aC^8>bP9C7nx`u*s4iu-Nw&}OPvtDO{O#f#ttvWc>L87h
z4EIQM<H?aw*BLlhcd0Qif<zu@G9~cB^wiwfge{n|sf^$?F+6HG=-}uNekC#1RK$S?
z7wg&Xw1^6Qu;m80%jZ*;Cg{$3Ch$0GUPK$OaG_oJ7UBpt&n<1?&Rm&8%^?m*mHjI>
z5~#RuU29P+m0Kx6yDKpdLip>@Uz(Um@1NT^10~cR@XS2F7CLU4cE??atPdlT{(7W=
zU3<KUYEg~WNfQV3>3c`AKI|%Rpq_WltPufK&k;>`=J~)-f4HG+IdHvx+W|t65UdRm
z?n$CQ>KK(-7B?>9^#>{Y2=+8{IMaFmRV9<tY<a%K>R2R*p5KJ+gI9b7H4k?uK9ztK
zRCel@z;$P%M-igH&|p@IYMLZo)Jo;zCT)<4xArz7|5ItSAtwCs`?=(HuNy+VUIe?b
z-mYC?latTcWI%Uv&oD)Kj1QVv(+R=l{B=eE>n1`&INX(X_KZBdI_Raa8*n-b$V#~m
z3U)Ku@Yy5^#gb0)C>nF=klw+L(=JgixU(1k@*X*C(o#IqUaXf1_t5+<x<Bf>V){^A
zW8^6EBk&T%xRkO5581q`toQZu2KxL})yVWS_modk!dE(1wg}&J&W|i<R=%D&7Myo_
zD*)qy-P<Al7Mh>m_prQQ=n8RbT{pM%`albGUxB%IpG4@&sL@H8*0oXkvTpSoA=w-+
zZ#mU*dZSNinPL{IBRFe&Z75HSO)k2*%nb8`$}R=HWzxM8U2!nihD&|_irC@S=&1{X
zx+?q<b`$2qa-x-In_Da}$#sY~E%J4kce&h%U+)ImxO$ygmlfJF16h6h3G-aobCxxs
z)u^wEK{fqsw09d?JA<2i0G8j`h8A3Xy~k%Ma<5@3;Zum%%0+sY5>Z(If4nJ<$?<}_
z=^Q^lx<V4MsX3WTm{2)HXJLYrRlj%d!rgd=5JYo1yWr?Ay&_4<5&7iyzua(TzUcK&
zSmnCayFlkBLeSk&GYC7>v8A&GJoxziqwo%8uVDIHl06bB*l2lfE~`;@AZ82ij@Zdu
z4TI~tZFdZN=tE)_t<??8Cy=b|T4s@$qD5iyte0kWz6lHz7slk6JM2taHc_pm5UyUE
zj)smL-6-DfEAOP@1m$J%nHTEgWN!ypPtt;`{)RRtO%z8#;!$lUxzw7P{cn~PQ-c}J
zneoxEWPM0(LAabRZ|Luquv@cLqVwjT$wyn_XKQ@ium+LjhU2WN%kp%KisGc^@hFB{
z#e~Oql-@fQLVx*0KKsS;YN<nx$`$nV9kIW7lYa@CD8J3$@<|9vq{p_;xelbCfJbrN
zNL0TwKjFVf>bRkwIS{Lb%&0N-r(Tdp=Zk%4H>E@r)uwGoUtm4j-Gj_i#Ke#Sfe!fH
zA|Lqc$`Uky3Txy|P9Vl7*<m8XP5C@)Qul3ra?iQtOUU0cU?QU{IV~K3z0F4z>%v^b
z(<N^O&?QK_k#3Ir1*sn#J@0WEIdZp@dkwi_+iq~;-M^oPwtAK*4b^@Fh{2sn#qYaW
zrg@yd=8pRjOCswQI-QE5D{b<Do@aZ83)r}-r!Q)g_|Urhmv@f1ob)xLx&yEe^VHCS
z@!)famK4RHUDSZ=l2^z*fFTM~XFT`UbVT`gqG%S#jwtbQ%~caPBt}P;)vmB>vgO0`
zN+%vx$wrQB5fVRXDDfGU;LI!W)X@&Rbx6Cw1XJteAkdG$<g0SoN=o>7Wbz0mDJ|7)
zccE4lUM19~AoC65dT(R-*Hi@U8O;VdjPp_D4GyG`6}W{G&KZ(3UHZ%`8oGTj%pm3>
zg5VE4jh3>xZ`}chKL<-zYAvXcXysXArG&`R710JC(7<!X`FVF#A^M)tB5r&EbSg_C
zR_9*<wKQ_#8IS&6-+K3s5>>RAh&<KJ;-qrDow;$@1?CSwp;oSM(<a>7Iu3Xn6w#%V
zdzi|NmQ8T=i%c*3K43SJr6hf%gzlE@F}$+uJ47;qGTy*nF+TW>3A_CC)iN)fm7Ak9
zC773ZJ9;DgD38rojLIMIJ_Wf(;-`42{L`VposW;P-mNDYl^;21G9MimRUjo--p_P7
zcLlw%yN_bHPU-GAp<d%v$+PJ)agatiG(CzJInk`R=wP|+a2MuR!_|_8y;k5*7@~!U
zX#HKOOKmD<EhuAx0)9TN>>U^%#QG@pH*JNL?hKuTYWAnc`WgV4n_o>pHtj<99v^TG
zsR(`+%Xy_-)4}u|uw@tyE1cM|(p{H1Cp!njIK7)Y*qZ7tJ7DHM6a54n)ToJ<!Th-&
z+<mZqRua+hr=d^+IOJ?)5bbxmDwjM0J8zvr)7?IJOw^S#NzCDXRNHOLOpt#X&szNS
z`x3ep%jxP(Y`pK+vbsz+U7VnLl(xZ?=@=Y1ecbzSxn(6~v~x_%jD8pz?pXP&$wWBw
z38S6K_00iGb}-h#J4yE3fH+Xo!~~`&u2pX+kEYHsn7mhcV?{ni*-cB}etMe)(btIE
zP=&JjEh*ZfSjsh76iivMi+n_l8nW8%MiZwi1I`H-9_7%MrAbGBl&-qP0gAk2b|JUR
zt)THdm=JV$$W27KhgJD!R-{@YEo1(VIZy7pYkcnFbdwn^{lE6`-22FkG2HZGj`?3t
zL(h=j3|V&G<B$|%+!7X=?BVdvqkx|7WpL9vvW4wtNI2OrpU=BFH+6~9+xn0Cigmr7
zdr#G9^N3fOsYe~wVIk`Uui?N2o0ao%SM)gZdhO_1%!i<ffm2c-`)M7!`bkatQ7hVG
zr)x48%+6=YZxZk{3O??ht?QaY8u}YO{0!txh!&6|ZF*^x%ZoPbp9n3K2^OVru4SH#
zGw0zW22$<~WohHTHShWSn?AW5#VpPObB-8VZ`8#lN~U3j&f@RWq#vPUUD5G3wbIeq
z$$Iw(TgdLq_@*qMZ{F}Ql@}0vgwu4HEP1QVfm_{%m-t2;Jvk{rUE|(v<9*5s>NR&m
z(4+hMum`J{s|p(WU?!?ARN<P?OQw2(R)SJ<JBs@&FEvgY=gLC^#hDMKb|qgH+bGJZ
zsVv#SVb!vTuuD;0vm`7sDNbU|-cKxpVn`IBrc6k%;T6b;H8b))oc0ad$c<qtPD$^y
z^x<w1x_e;uVwkgtt44cDAo4(X3b)Z!uHDazWixdtz!R~=DyAxEy#5VG{fTrkY@g*3
z4{Bh@nlQqoz`3t|XPH34vO)pC2ctWRXh}?+QoS`54w3zqYUEzjYnI*|&^M8z0$A7X
zii*Ds^40?*+MD0TkAlp2Gp6cXVav8n4_v5>fa#T89?2*2MU4)LI$n`(g&xPwq*y2(
zSSKGh+5t&KQwI7<MBaa%&7>p`^-p$kEt8^{59z=dup!zD=d_j9rBNL}=exBEQBkt3
z&ol|ZuTCOM8wkx5Rb1zk)?}|{thR=A{8f_NomWf8x=ka<_P*JVP1r}VTNg8r@k~*5
z-GMTf2cTsPbOZNmt_R0-r>}u*CBI5$<mNGSZ>j_tr`czTcsbGh+UArfu1BIp*}9FY
zqjFbbXa9Xw%?VIQ{CUNJRhptXGyRnT`DdbBGTjeWAd&fNoBBU|+*Xel?{pQLr3cfw
zvtgbGhmLmY;?>8Aq>Asgi|l>=`c_BM`~5qBJ|lip;53^j3i8Q^jU-OMoP+Rb0o_w^
zLXIV(t-vVeld{$Ki5<%AGCI9qFlf-NYD)7-An@05!TXU)G6+g$JWq4ys+7!d#(kGn
ztn=lG)M&?^=!kH1tGaKn*Oix}HCCS}x!dbUt>7BnkO3aah{CtNFT|q3{%ePyx;n*Y
zg(j0@rZa$3ht@SEU0RIl=?H4*OI-Tw4Hq$3aqh#4Z{lL{xkRq5fD8?MP+;WPok(3p
za8W>K$gOeANBi(M{y?CFN=+GEsYueqU`dQ`b~+WuP1B^JuwwaU3+rG2KG;B?=mvO*
zT{rmM<hffenVMljgR>L}WP+#0pk5>q+W+uLl%>5qc>gc6ye0)-7ay@8QT@5)YPox1
z#2#AjL`^cHz4C|qGBtQ{xNv*lBMUY6{y3FM+P*fJ@Z-jMB!t*$EV4s7`6cvWy`dLL
zb~f)M`&=rWPpx<S`4;fgnac18S6gQR4%pbTltjJsmLmPe9WH<4U#|;xzPy^5Fd>`j
zu~#D?-SS_GdWIT?*FO-;XtR?jR*CauvpSz3S&b7XK*Y=ht#W4*ZQ1CgA{NSqi>KDm
z8Ql|R4}=7&<w#n#Hc~wXUnMGx1y&K=t7(esKAEaUQ<g&2Jd%+R;SNbv9oj2Mc-c@Z
z)+0>or-Dy?Ogq7UF%{*DGgHS#{+yLw^e!i<2eMT}!?e_8S<rv?sVx^nRIIugep4ss
z;1;5(V{|@bu62l5vRnGN?M(@<vw>GT3}?F!CBVxUzCh`gVakX@Q8ydw@!S^*t5&|C
z7f(k)Rcl=oUE-csZMYS-zov8=1F(7~;!Q3Da_zVVwz1_>IMMNzIV$?U09i7c^~(dC
zmfNzr+HRp2O)zBRhoD$D_GkpYz<rd!)reH|DM}4b0uW_}uI_&5x2<GKozLN^y#UL1
zFj@2X*hcqM>Z&8C`E7szIU3Dc-*uwh892KCf{T~0w){6zjq|^eYOEa0|6$Yqk!l>Q
zEdN<C6EOVek${tflj(m=s<nWs=&U2r$pmzgwy~g*v~_lNYA>?PNwCxP>mnm<W$*QG
zvx2xn-}Fn)0qn=8w=+B4{?<P4a9KTb>MyG|yDtA&)|M11ts2GG1!?-38Y-xx!Kt|j
z`Xxn>f#dsSXGbPyXCp_)$YCE?!v9Q0iIqaTxcK+w1^g08a0dF<$g};)yF``;1p}q%
zSO?~41HkDD!0`&Wx&n~<_uemp;Y<L)pFHj%q`Uzrg&@IxI*Y$b4C3_WVa?H(i%h@o
zAPjyOfH*)vUQ@n7z$7?*GYAL>Pzrz@8-BPsY9N5ufLaU)AXgX9`ji+!HafbvpzCWq
zJUklyaCB7+=2nVgW`5v9%V2qsE`Z#ffwX|V&|qaixP88ABN1ZYb1nXDUw>8uG}}D@
zvitqW19?F}LOOUv+XQL*XZ%Ws0kxne09eHtp5z-IazV`c^t%D=>m0wbZ)(qW!wKg2
z1N;dPruq>fo&yA`0o4#Z83bh2(wCPPlQ98;w0_8du5}IM?*&{5hVU%zMc#~01^lXl
zzyRJ<_Vkb2{jvySYUrxy5I%QF8@}ZpmrOCsiczNe0b%}`a6Y^F|AaAPJT1A<xA4oa
zz(GCwdHjM_5hzGk?uu%3a5kI^5X#vafS&hK$dfhsTCW(W1Hf~0bLRrU16+Xscm`On
z`IN4{ID-7{AHCW5RP?QGBA!6hc~AjeLDvKEch7a{`rR1#RW@R;t$yyt{EAuN-~dQN
zjG-C;wuA`G|BU~bfN6h+=fdq`9zZe}`7Ypr`+dJYzNU^RcF`Crc-H!!`DW2)MnzPW
zWDH#LQ~zv|Q$jw1xHZ~40BUf!uK@yW@c{7I0{Y$hnk#|}{cM1K^5;V-P-6(}%}(<<
zpYvn8{9b-x{=@#n`g~87f_cNyU<}^G4@a(euJTIpWBw<m20PxdzWKXv_BQzY>i~>P
z@UOaun8R{;@=@fAy0(ZS@S9oz{^Mk(+LwaB9{T%C)drM%A^>D*^XrODNY{WMUsudE
zglh6ws`1lw`Gv>i34u}t=j8v@qY6NSb9ME5=$Szix4k&M|4=l>ud`R$|9(qqnn#d!
zd<%Jav=0i9o$aq@aV0NwaI_ET=EM_SK)Ut_4-34ek<YMNiqNO*-UC3L#=LQhe0&I0
zNBMs_H8%ijsb2ygfXs_s2|xHgurF}lcbXqD9Qg?o;9qFIWB)H`zWD23P*4DCxL*M{
z7Xa)h{X0t3EB!d+zLPilF<1kqA9OFRv19!>^uCi1_#-c=<7e=%+8qC_tn7b^D}I&l
zrMcfd{u&B~HDnke?X19mgLBqaLL0UfBoe$DE+Zl(=Ppl57@A$^*_+!wMug-{YGxqS
zocfX^KIi?KI|+tuDEb9ncYM}0!f<xss}|jl?d+d<ob8JdEewJT40`qyiktE=QX>Vl
zJ(rJrM}^oH;JaT{%JFog<I(uiyzsvxh4M3vExk{d5^GyABetZqNFUzkD3jXR7>9iY
zm>oKiQ<_AUB<g66C}dsC@>l7Tm4CXf?!~2s;cMr;Vs{)-J+Nz>dOEYc8<lFN&lf~x
zq^%`H;C#c`ncgR~9r-2W?RPrgj9KLVMWf7j0*y+>6-hP%h)@I1<pgS5uhW#+8=mHu
zJ(j5D?KM8{Zk+w-ktWu$*V)RslFoFy6@WQsZR63vVVN`r&~?=2oNxv!<#IDMTaAau
z3s``{L;+49JVz~^mO4{s#_8uUK%8M4rFK7=I^8X4QU1DSX`YThiF3U^tV(0;VHx07
zmCHwxPS747?-BT@${%0$=}F%1$fB{vvI)QMtVl(@szFQ=O1zPo$*F0ZKHBQE)@g|T
zyn{`@d=;hU>v#g4@q|cqO8FAMZ>(<2ND?UH#oj?A?hO{Z4g+Tfxei62$)=f|-Csu*
z<)~|WG=isY`G2a*<Yclb+gNSwKOaHiNyelJI}B(pd^wqe>2w5r-u%fW=jWwRsM`tM
z86;C9`fDkpV&aLNcDoA4*LvnW1d_{awK}7u<t4_bZ;HFnB1Clj9X@IBo+u-z3?QeI
zR{!^g?-$((LNirO=F3@N`_kHKZ!O^j(z)v{Jy1u0tdM{GNsN|F(mggE1c%9|*Sr`e
zXe&*1<m2p9WqVxjL!qc+G6$h6(An8kd!%nXp)^X(+HycN)ef)v+0&uYO!W*%?St%&
z7%?w>J&!yPSq&9JeAR4&SFEz`T$?wo@G<;abmy@pQ}>cL!sWS8ogwx9jI6isR*}d~
zN```ZPu=X=*NXv9z?UNGcMq48-HjK;Ig<9EXN>3rRCy0{=hTyj|DNo~0zs}~yeyn(
z9Bclr^Mwmh#kMKy5fpxGohO*bY~B=$+~3lb<4$R0;ev&Si)uEQ!b!~o6%^k*Yj|^#
zMX~T$bRY#7lg-p`)RU72^Vb=s|K(eT1s|!OZt*xZwZU!*g~u@jtqN%9)@2p=i~8m~
zDAD+t%5+n90HtDt{zKBv-GRJtREMW*1o<fZZYd2!C8VS*SN*g@`e0PY=VBMZw24Y8
zAmdF-ZbVFqZaG1~r&+kM9qHum*d`dsNN0PDL`AsCOW!v1BlQR|9gW9o`0+#@Y#}-|
zlTtOE)=@GK0P(Rnm`SEZX7@!DA!6gWd$If(v7KTpIDObh&%yKYBniqrKO4h}S(;(9
zm)GLxteX>)lkQZU@Y(ZRtmetd0bl)HK_r2)0a85?-DR8WKvUC8O($lAYJr?W<B%yy
zEY?MEt$3Lx<o_`C4#C1G!J6&1ZQHhO+qP}nw()P<wr$(Ct#=|`+>RdHK@W3UQG=??
z^{q693s-u?IV^6pDm*{uZ@!SN#Fj5zPYz2@y98x9yJuvZIqfRqpPrO#*3UIC^dG1H
zUd+<CRxCFEx6{Oh(2eSFDD|>qZZ>Up&&q`SbUYLU(Apb|E}zLC5nYS0Ms}0ok~){B
zIpfUL{ouqYx<y-PSs`4ZE=;_T{u|yKBuA)IU4(DQXeO|&W8^+D)UN_v{W9t3nWJ(-
zFwc7cr`5^B;9ZQ4XSZ=Gq7XjLgsj{v(jIwpiu%aev+d8}M-h-o#8RqJ5cOT$D84EO
zaio=;V{Rwe>$A6h_QMEsfcEhj(D~-v52w5<P_GBpwOH?x;bw*Db)yuqJ$xT;db6>=
zbZpy&P15_Zi<!0^-`BbCzfz@HBF&^WbR{FDIdR{#YD9J3;9Y0umzMqEfs|DruN6<P
z>5I#XMHN{mc`aeQ)EN{K?K<C4VbY4`w^8Bb*m7P(jN6i>#fCk@;x)b8=dsFLa(gkK
zsCpvfc<)4<<)0(#FOmIDs^4W6L6W@%4HJ*;JKJx~-$S@_ZY3aHf6)@la=h=Y>rT!Q
ztfXDOZo!{l6l~-sEmR;}fuJ9J)O`tO$U0uA`iA7^0an=IsKtLjMepxng3TwkpBR>h
zGSOb%Kmu(Ix#M{K?>m?XUS1P5=>^-P_bqVM=@Aw2NC_tJ4z27i?NUfn)9EC1EmBb|
zvVr(Ry98Ao9hMf&>gU9a2XaNPC9fYm)bD~FV;xCz47WW$oumI*$c_lue}y&GRU-~%
zf*-N~=KJFbjIxws#xCUL^4U)OlNi{WaRI8Wy;q{21pVCm>Ilkz#$g983fFZmw&hw!
zj`|$5cP!g2t#nMp*z4V=6#mMgQ^X-FH(SS@Gd=8iZyRCP%I4@5KZKVGv0~Xwqfj%Z
zxYZq6h2PpKI^Jc0t-Vcg{6A@^0|aY>&IRIc$iNQ}e4o)_<1-VR*0H+ZlWLlF({Dxu
z+4WeAC*tF-)hYSTmS&QWvz8Cr0y`|4PqZfdbE`Mhu*7s?a{}%<-`mcynmqW`;xmLf
zU{SlCC|^&d+=d!O?!3Zsd`bKK+BFeVOo>d)<wUgD$12gQtBkW2wFAE$zjw1K#xUaW
zhV}W32P1C)Cg6obP6BtFi>U|yle6gv_mNvheo9T!%tMsEmGtQHmn*o?7~zKI3$*h}
z;9ImR62wVhdtE#S5XoZ$9>X^Y*mm&2`sbKxQZ_(^2wABO0*Dpw<TvvczNke#NNx$J
z;iTsLtD@jf4WB1Bc=o+)m-!G}>u-^YmRs_qWP9%;nrpg+<fIfGPd1H-Nj;$ENbuOS
z0n>N|K|$^#8VIq@4NOam#X^n^F8iD$T@l_BE1{QsBsMzIiROHXXy5ons_*Ba&9ABp
zzDuO@Sj!9=<9?S|;_CK;;|}M}dWBKTvdrD2JE;Ci?YabQQCw6$o0O&X*Tcv*%%txz
zIV3ph!o>SVwdl!mh|l%L>qKkk5hATJt3fEY*<690D&OC3T_<JUUcGu2(r)-HC>&Q^
zxsm$T;57mX5ti1aGG!Tnk^X3?J?n;VtlIlxne)UqHG53<6;HpYZzMlYJ6Ve}n+qGq
z$vtA}PdGU0E5%9<9c&OXI(6EN@Pd6vJ=xN=B$Ltyl;;eGs>m~hKIO;Kr_A(HQ*#_$
zT3*DUsfF5*&WEGo9Dzz}Ttr<PHn%3CR!CJ7mjnyk0@}Ja9TAJD7b=;DRBV<jP8>&D
zblr~ex*b2p1-W>rue7SeT7>+F@dR_tp7D*5O*A@VtJ)j|g}epNn-Ndt7@>%*!C(Xe
z^JV>QadyNXmMrcEZvAmMqACAt%V8{&-(<#qt~BC*gF-M%a?RpB=o#?Yd&SuIm(Q|9
zTQW)qy(~=GwDN3wsG$DFfElsK05K@N)g|0tSkQvalwpIM_yt7GF7p|lI+NvaX!Wrl
zKZveCbsgzw%GOG8Bplm(F2rMhncjmz`#pel$hTPMBvSsZ=`dh|$Tgk+g7i=^a_I=j
z9sVnj>ga>eTzX_Oy+5J1Bb`e>IOd~KBJBQYAQhImMG&xj3>5Z>cELp2cfrOWdF)-p
zStm3#9#}8jf~9^f8n5<I`z43(qyO^kR%Bq6x?UQC8GdY10KU?wf$1BjUk(pO;8GXA
z(1&knw53Z^q4ozU(UeTy`$tU}8@P01+Fnha#FjIQl!Tgfe>+AbN@^p-VP3G5Lp>}U
zm3d$dt2RyfJF7?Sv*{KEh!+olplTqJD3(0e#B7xCYi%Evhb<}=4c}i<bs^+-r~A|z
zub&orDj|!>w~4jhD=f6T9;-RZ3f=YSFtt1&6&r>;DScM8M^|mUqInsHf{}f3ZQNM7
z*BT}=DYzaHd|E@sw6imNeKo&v*1Sm~c%K_tmyT6w9hHLYBJ@AjRnh}bm>Md5gp2_y
zxy_=wD26;jXQ4ZFy4Oq~cer`QesYJt7Z&d{-TramIKggAo}Vcm1(P;T!B-lA=l9JA
z50B66W5<~7Fxm^^Z3-3H+lapqV-c*%IDw>)571-36)ez7ASR@>HlcJu<#IU=jS5JG
z%y}e$<e<%_wI8{s#?{2e#=T6PR4|`j;8UPc!-*o0rM9wVkv#Yfs|qB7sC<^XFUdjC
zDxQ6M$i~w^xb=U1s*dOZwXtB%k-gy(B}!ONnx^!dv5ImkodoRKq)CBs_<K#9thl$=
z%M7(i+OatM(7n}4^?cMFfG697W0=Ncf+AAhCN&PD7dh}$2_ao5^*(#A$0psa81&I-
z4oOo$$paAjR9Xmh28bt?Bj04piY@tMqUW5lQ_SOGla;JgE~@T0b&w-8hP1>-lvDf>
zeT?iEGeqWO!L`+xifY%8{-Iko;u^oeO1K+iu9X@zdI>-Nv!c^~d~ue$YFzw<n!(Dm
z@-8DuLYwTJ%2+~Z*vS0Ij6K_}uYir3(WeNSnSwj0Q$SY|BHxDNGgRWtiZpc%-hKhj
zP!#{MAttQiObN{o<rkYiU`9@Y&(67eFV>5YQUf`{v7P|&t_F?t5iM@<)mh;zFn{|*
zt*4D$&$j+Un^@&p3&{bH-c#-Zv@L$w{O!d)*eEKXIF2%i5L68@e9jaPW7mNhdj`EP
z8W=NRca`YCpA#&6^w!G1)voQDA)!xfi5_@e-`?<cAM(It^(amor(eaMLy71$)E@Eq
zD&U{!_=ud5{5Mc**K-OXGih+4I73nj2t}Q22L-VBw|+f3KNv$`(x)&(ktdRbRAsNH
z{xSq%l0X<=+m?cghNtjR-{60-6gFFS!)9VyppIh-xk=@94Ie|r^^4^iQn5Rn#lYgM
z+d)L0x+MOe+^N58VcKS{wh-Gd9<72;Mld3Jh(Z4^;qfVS3UUQ%i#cYd)&TYdpEx4z
zX>lfiroqYBb@+s1u5M2M{2vJMs`J3*ZbiQ#$&e`?6Tqym3u*Zkq5?c>-j6|PM@FpD
zs*d@W21=aSSD<UjFU#>6PN%WGSM}Lusd?tAHu!&2sjZ{K8uj1lCJwfjm--Ms#kx^0
z<RNT`ZYH`XE;(UHu-9_k`Vc92s}~^y{=uFwTsw-ez5u7k^e^2=_l?-YA@!)+^yvWa
zi`q>}ttQR6Q+F-<b+A@T-p^#y-88WthV}l&^k8g`?g?qx*R5txY1|%k^`(k0Ny>E#
zHF5FtMwQ%jVAm>6{-||dd*AXzZotgOp~OwuNI*=hBV35lj{oky!Z<VkOllz>3hek+
z=LFh}%pma&)=KB6;-s*?41-%5*m*_Kw9Jz1kyco#%$90wUXez&{(5IhZp?;F@*-uG
zWqYqU;VO$jpVS9bO`R~o6pe;Eag&(R8QZFiLcv7Y(^m1vDt_$ax5CXe2ZerP@mfOh
ziEh@#Su`E7%M&X^=<#AW_4);xz6wJqo9KhUwiZpz(m$Bdew0OAXSAYF1c$8OqzsDE
zus&d}YlI)7&XUB7siU?UU@Vq!RimgW(`@(%w6}^}H?8pMi!FPUeY_2kBrVy%S$iy~
z>4qc<JP+qd5B`K1ffBi|)lP_MFC;L%<drBL>s5XNZiH6Tx})Xqh@*%saP<^zAE><7
z8M%Pg$*>WscAo1fyslJr;5^D9ZQ<~j)8!HfHI<z;Cg^M3o;*n?qzb-h)V3!1Ff>@K
zBdQNEpE=$42d?3#&PS}M)yL6wc57-j`5B9@+pg>RZJQ=MV|e%AdJO@ZhhM3_?+pJ8
zD90Q*Nalz{U+zO!x4!48!0{I7!)=zn^sCg0y-;AnB7HZWl9{U<7M|)T+~iGD={~ld
zv_%GrUevPix7>3?&cxz>Onv<3JhON8UN9=g!JIxW@!x^A*qZ9Vs5t=sQ&c%_8eA0?
z9(JRsOt_d7sd}7YCoRadVx0d(gIPBsu>P46U?ksxbJ8TV;jZ~^$tO-JJpGvG_1JKn
zT;b_*4}2-2^){D=+~N=hPtVP5kkn0wS`jT`+fU=NMeT@61jbctspm(V%v%$#2vr&+
zz0q<eHGhsR-2K2ISk9}^+_wmk$ki5^M!sv>s~PDz1`H2cEJ9Wkrjd#!RMPvw+R$Yo
z@J)w9!x2tC2>Y)}a+BKN5$#kRAEnP);81Gq$CUUot;prqj-9u(eDVS6vHt6!u_`;`
zP%H(^=s#gC-6EGrS*_QR6^}DBm4m%W1ou4MMVxd`U?5g|Mi6C0V`0EC!L~dHr9yF+
z;#h820lMQbFFwMV!5=V^Dbu~>)W@7z(Vg>rcb!!u^+yO%#dd&rHZq_4b$J_meQ>1E
zuIc#Uv@`Z3?A7ujb?`NXfXEVDOB?h>O-$Ay!a!CdL3li<AK-SS)+&URoD!^aW9RG-
z3FrD8&>Z!3Bo8_z2i{1U@w5}mcT4YKi!1aKjux=u?l3CWf0VbIh;S|&NLr)RbNf&m
z4wjY?9P`sml~ci@m)FgG4_?;p+MZpYM^*0@gQq$I1Dvi9R~D=$C4WOOu)k;)Q7Ilj
zfH}RI{<on+(Kp&8|E+f!u~Wo9*I<d;hPYs>1-AWoWGP3W&c*Cw={VrY@k+&9bwC#V
zcxRb?1D;b{)rvF^-dLQVAF#x}=^^VW{<J5Byd$N|#zlpSK;~}*B))pl+|Tl#{{xLU
zzMK$0Uk>Ae_s`P!$A<ajw^|H(iF>}7)zBDaPRF2L@GwY8Gp9Kw%$4RC0@PzZDIKto
z%4;<;!FyDXOFsR2;xCYZIdt%0%r^(><pH=mji?uS!95(Lr!ob`F>4|ez7Ixtue>jT
zLR1i9Y8R8ivK$!VIf6~FIcHd>ejmOZzsDL*UgOzGZ;55XfLNCsV@A3AzZ^YoY(`-h
zJn||FWn*CyI=`DD&K*wbW!Gi#wZJ~z_b2r(?VFm}=#7$Ll98d^1!;-WI(_p}{ZT_Z
z({sIA&_O~T5Cpv0cIaco)fy!mYfvN?Fi-nfv#wm75w2YdDnOrMr!s%|KE6LSas@&q
z1Pzco?Z7&ym<7|UcO%>W;7@O*(}y~E<07=;`IY49N@Ys6Lv=&Ek}l<3dL7J=f+(_V
zssjD$S94>E(nCn%!1#&u+5jm&yXx75x5}r;OCc-Hw&P}0>5JbY2>8i_p!m{5m@O-=
zocXwop6`ZgB5N47<Z_1L`P!gd9dBqEvMB%6XU?(HC&tP!c&;QcY@-;L%fMdFmfYQl
zNQ+C2C+@z@&O|daBF}j8Bv~KBQ3sGw!)jL6<XihsrQB7y@jouRN#QfSGx5$*>dZTG
z0(rfJG*Jy9Y;O}6ohff+(DAGawEkOX4$27qB*;3eZ1SF@=s}z%L!j}+@DLoZh{t8O
zUSno}#wH)n-wKKp#;4i!n~k}Dk@q{;^xS_-*>ijPrqrpkIpAE@h9eGdJxfBE_MJF7
zh>SIAXIQS4Fe#+CdQl_Fs2v?G#BY}Dw`I*pJVx48+7gVOzM6cTXSn=C4Y8F;5i>k8
z64mJpJEF3{Wo$7{BLZ0!!QkE-$TaAzmSom5ZMN!r7zZS)AmTPket@HtVVo;<Y{>34
z<mCp8mD|pE<LU92^eiOT(cZIY-JmPjC<HWjnt4M0oe9XX&MkVT_&C#TGqL9<U$adZ
zL_2R^A3R$FnWB7HgklFirlFGpcrhLAP35v;TTXSZTK&&_?4o=Qi8d?&%*<9>+*G%$
zW-6JL$5fOzGmDVO2Zk-^fZoG&>}9yN`O2ZzRT>mc)-NgWxv`B3kMRJvFT%@X%qoqn
z`j(6A*iX1J+XJoCbH1xAHF6HhY0SvxWhtrG=OZo}l-t&yd=zMr5ci_e(y|8$x~BRo
zAX8jqhTH}sUEhTeZBT{?D53eY>5Edg)0Up$H3sC=guJQJBSiY<UzpHLu3bOK?m5qE
zCE~4y{*b=AcsPVzc}J_@*aTuR>cMAGp0TdZJ8WqS5H!q80i@!;<O!Lo&jUE!u1W9{
zqp8L#Z0e-;(jP&Xgyi{}D`HUj5=?taWR7vH|Mi$OX`wG|w%$MrtIPED{ob|@zDZ@D
zphw(70+@u~Iu;z)rqh|@Gx<6X@f=D&)qj}KD#;xG31vX$Di8XZTzvUD$Y-~X+<$Sc
zknj{x_n`h~!qdK;j8@NIH0U&p^b$GkwL-?v+Fa{$NVz|BvIn9P_s)I-^5DizA{sk2
zfe^mzZWRmGY&7RJoQdx=>h08`re?4=$BIAYo0NR*vFg<9fg!`2zeT(`!lDjxk`D&2
zclj;Lh5Eo2$r?)}C@72|gE_VJwGxVz$&)n+L1!2v8m8c`7UC$2Au|d?T)ylI!b^1o
zy8Jczdwx=BhiN7t{^|EA-Eqz~`f+{y*s0_zz~S0toSOFGOH1gkWh_mi9c+>N#-7zZ
z27PizqM}P$jq=uKzwbyDs%><Han**l7G?Hh3vmyKN2A1yS-Fq$<gN)#CI4#ST4UWu
zrXGkW>_mN{aA29B3jGXEwofCPaExV?)J3)ZfIlHCgz(I0%<l@v{;L-|XdU(7o26u}
zMx6=?^9<Dizx#^HndUFGWOP~wX4*MRRB=0ObTE}kbV5y5{bO`)Ymj`{r0C}~mt~m0
z&Cxc-GU5}8In52zp6|jdupR%rHB;ykRRg~gq$qfyg(R8VFlLzRb5*V`*$$CnbPDf~
z$~`g>u?5d>Poip+$<t=}5TRd?JPL~AZn{mLL3rpjL?FZ4jqa!gc;&S=z)&Km-yFNY
zM-g=Rx^R-zeX^`WBx<5JU=CGY(^R=EJ4I~ReEOIp$9hBnD|XB6;1eVFU&Fmh`B+^E
zpGdYfgC`4!z9+Ybmh+(ONw<R(AoMseE6bBbz7XH{WUK|j>lHbiuVhf%U%rBI6e!tr
z&UCCuQi6i9#%f*NiLj9s!f#EVSQ8Bywo)8v8ttXZu9=>i1UNRhx@3_7>d1iwuO%hK
zWTp%RVGA^>w2MkL2WLg%P)|3@s{D1DTP1pvBntIQ%!Za5;It@dzaun8D=Qtg?+YZL
z?*-DpC-~2KSxFIg4TtL5j%hk4kfFu|UfEV|`mmfuY_Y>TmQ@k{nAn%+0O}Za<NzU#
zg-aWU!GATa&Joq)x4sMi+hU=<p{m#}(EJJ;DE>-99s#8tV(O*+jJTxwFVz0cjf0OM
zmzRyPeB!WF8vJPSrB;P;FyOliRMAGoW|h6)>%xa@2vm(O<wQ9x;8~N;@D2SJ3|g&d
zfkLS`a)oL8ZSSy_@7L(j3mw|Fv93S~f<F$FV@lq#k#j5_zWY}H{4s)leTPj`t53+t
zxajx&D(y;vkZQs4Ux^uLK_|q2|J-E3_|77x98tEuM%Pn_8bUu?sm*)2z$x!+pV$KN
z@a*iTXTg*%6Ke|^Pq!!4c0KOtjt)5_Js08)s0LV1x5Int;i$(G(7OkCGb*P-{XIA*
zf<vu6${)e9JQHZSPf;vI_g`#mo9%?ancsZ+H__H@LMh#s)x8M+IK!n#RuF@%7^@kI
z>~a<soM`WtW*P17<v>D1ltTJD!mrEKl1VbuL2U)Uc8gW&I5#L%JnH6gq;qyh16V@E
z-G<N!cKeloM4GX!yg?QX51KL3QO0K+4CpKNRLFes-oq}~$JM!;Pn|Q4)a7a2|C(Zo
z8060r4;gvF&K`Ni2;2+N-Y6g=6Y3T_zIHWUM)<)UzR_|q-02Gw4AIVeQGO}!UNWSY
z*ZA0TK@uh~eKXkwbsdT6v4EoT|GuWxeI`l5mt5z}#ZgR#mGD**^pIxzXFT^Vaz>8+
zWm!gHie4|dU;WIhUk#@aQs33(HimFNbcn2h+9^6WS9vRN<wtB5wSu8oF9&XliGuu`
z>l6-Ruz+is;(Vf2mlQ;FU@_CuBRXFc&*MFiuO&$AuaQcwE+fb376;QLw>nW!cKR`C
zmj-tV6XV!-p}Hc9fhTcibvL01j@{pY2PdkR<c*KD;-X90*U6KZ>UgOtfv;Le%}0u@
zv{oL(2@afnYcjF*3|dTgIB<umiScZH==L;P3?u~W{Q2x4L(x)`p*Z<ctIQf+QQYq0
z3PUA%5Uw0FMz4hYTogPkSA$s_t%lJvkH@-EVDZEej`!^LSX?4<4j(%we30n>x<lmK
z;m+NYXX4VUYK@9~q?NOWb$EZ-wJgcXKDI=faGlOrqSBY<ni6M@YbSfaL30G5_&TPW
zLl&wbxj)_PEkZ9+<jk8n2r|Ff6!ASAcGr}fsLU5rmvH>c?(8d7ZYzy1g-JQ_0ADLX
zw14{)7!Rd6$Sj*3uXBhy=h!fK`PH`J>kxY6G@isu;M08*MV2gb%3F*{6<AFP*~!U#
z-E~Sq!29WP`Y%1CUCoL#-^FMJ(<Z^j*zmy3@nG6fQ8i}WguFbrIM5w_aM~)_|2#Hj
z3GQCl^FZi)-KxXC|BYpw+Hx$GI)>+ol_%P~*W_n~Y9yP`lfci58-Cnxh@$#ZNM?If
zRhjc<o~r)}N-46o$t?AKLf^2ntMew!rp_`S-)M+JR_BP14J^B9d|=(8Ozv6i@<bFz
ziIyA3J>PryHx7`V2_-LxCbFgZRsXOVbsL(x9|$^W&{x_skJ=)&u+<PQtqz6tdhN~z
zOwwVY2psV{gf)s<v^B2wLy={tUGmaQ%7j;z6Z)m&$D)hFuESOeE16O{FzY+@<Q1fU
zL#{{_Ph7i!o4B<yESQBKy(L6qu#>;*%uzo7k;m_DJJ{)ck-|GIlWDfdi#8gjEBq4n
zbws#Lau#|s6k(LbFqd@>i74!g-~(!pZ70(nD#+l+XVCvpT*k}oKvc?&JLb<!*26u{
z6A$$S*r%RC+SeNH9^0?pIv%-{KFi;y87Fk`UL-8^<;K{OGA;SQ{8D#(KxdlDX^3=%
zY<G$cp|E&PEUNC+&HOA@;FT{v{K31o&vKAGZb}v&#x|&4NdR;DK=$@R0aDiL#0?0$
zm8nGczMs)WTA3yYdc_$Hx;t??qkafqu+%vxz(XwgaLvD?{4-=8o88)nDZB2QB60;`
z_wzaOOPz-u<$vYe@Uxf!bX9nYcyq_eDfV`=yQ)+L6Wa9EQiW1w8~$bGn~!~MbCmYe
z6>mK~F|{vXZ$)#oe;doYFS5&o`T%sT9%3u1MA_FcQUne;i|~|8Q|0vHcq&^!wt|Mj
zU=(#oBU4`L?09i?eA-%=`clyMXF-iTHl+H^z$H(DhfX~l;4P`Bxx-LDNNL$E-buS|
z>Bi0-u{MJytJ=NvTzS5qn>X;m9NC*0P&%K65RdtuQ(hh4rtyBpw;SEG>=ST(chePW
z_hLIa2Dn>+p?qWgK-zS3T>k8njWtFY+k`6y$5;S9(QS;g<G7&lUAuhqn8%)ae~9wT
zxvkG7hB2if?NmFnx#yQYkP(gd)Kmh@d0{M)-0rbkhmGL6a+wsRQ9e3GX5P8#L`rD!
z_N~y-i^ON#-cu(cY!>6YLw>)}a|%ZgsEOOxa`AOK&sFiqoY@^#-WHTl>zN;M$sj)*
z_7EQRoTg)|W7;AZ5Rv|O5$zCVuC}+CGG+b<fqiq(t6>?z^$9I2J^If!c0EoXyQt`G
zrRQnV?MTu|<sd^>21Lad=w;zn4SDF3BT`XkS&_j}ys9^>THmE~GwZChI;E2)#q8Rn
zTq6}B5m0*Y-jN7cJc|>E<qAJ*u@6E-8Um(B36LyFu?S`Oql{d<a^T_Xb*9w59K2=N
zBduazcGn%{t5-?{i^zXQ38AT2Yq=-YoG9sPp>fmMyPljWQ?S=#gwv4Sh)VL%xWzT8
zyM|-wRv_4;9m@8TE;yo8#q2KIjYHUv-b!3a@br4`qS2hfVceESdOnZ}D{dJ_sy!J*
zPJDudjb>L3=3hghMLC~;EpA4?@M{|2OMjy%rNocADQSfLLV6%8h;}B=@<=!pOor0I
z8Gkfi;IlsfeF4k+|H8&`GXAe@9OM7-wlNW~v#@ji4-of%vvC|OoUH%PY+M_t3d$uK
zn@m}d1Ox@cu*A?j?BWh7DGWnD0y6{54kfK_5Q{`vO0z_iOBo<hEDO?J`B|Rx+|OT2
zul<Y`^PQhtH+SAoEvtYRt*)G<bvvmDAe^w%qeGwwVB;lM5CB3%JT%B5DFD#RKMC=1
z{1gBS0Ks;l1BQja#VH~J0}`lYU}8nHO9u>rkr~APA@F@floLcG&_IB0f`oB@m;(sK
z0GxGPD_Dgypz?l01a+W)G}{}{fGsV;g?1lvi2X(*Q2U68h==bta0zZf1pm|wFa&U8
znu9qC?3#hNfm{yM6d)F_^a(YFZxSTT747Wc;o<4(lc~{h45=q30q+BdZUDFt)FB3O
zjbPtZ=>&kUK|XXb&;b$tnS;Cj0ACH-Cg2%>fCK>H6sRF&P)`oPn!ySJD7XW=q^<yD
z%_6Mh8@KR-;RN()0q-9iesFK=@Ad%+8usN5sHr)Sn=?#9Lp6b}3*Zt0$bz!c6_Y0c
z1B7Y*F@bP*4l4c{xHBvx+C(zF=W<~DBdCD|D7yTr;!>vuS;oAWJb`lkRwaC^V<;z^
z8mcxukds5eSWMkl_j6JJ8HQSMrN7-Xb`2QdHQ@7~WmCv#nW;mn-pT2BF;qZjk7(T1
zN27??$Dc+E0)Yq+ARshE1Q-SdcxY}s`bE{5o5Fn5o_K;5JGnbMf^i31|0fmjE@(?o
zjt_*dUe65@Akr@Q?enYsU>_L}4sHP3A_PQ3*s6drz`vl#Fnk&xlf?sc3CRFh5HSV}
z@bmfY%OvbLg$3vQ{5kgh=Fowvg8JgxvhI)m-6kalb_;oba108_;R!16pV1GIF96|k
z|Lu-K%ivsJGvN0@HEg3FkjOtt^gkvJvg?o4H?0pX81?>61Iq!$m=GY%AHog_2|%-;
z*W)+e@^|axFMg-5@LM0^x9@|Zos;W#weef&&%fD#yu4^l-wQ>5CxPO&YDf_q;7eaw
zcs$=#HC#h@C+AnaDh8y;O#sX6>fIf=pcYC&KB5H;#nSXGoXX$fM<4nWB2=(>zjj_9
z9x5Oi9OM%p*Q%--M<G6pIx4<T6=8Yt`%B6*19kgz&FujS0;nGXWIY;y)hLAo;Qm0c
zrhs+$i9Hx_TZe%I=>$k1^$ff|kQl;m2Ki+8r;G&U8~gy+VM{=f<QIEi6wrZvm_Gm^
z06T2*);>TVq#yQ=9@CY*jd~dO#q2xwz6b#&`!CHCU|WJ4<hajAfMOW<S6;>tpp6~m
z0sLKkLd^~W#OlCb8EGZ{Z@f<*9by>SNR)vexD5%qr4HJbyDri1e4yi3(Fm#CE@O7`
zf;ry8y^CZ}*05$4N>4OLsto3JTl<q}&gs!4@OIO@s|4`P(>m#OE5BF$6q4)c${zA`
zl;Tqix~=4DZ)u<ZaM`=@!29OV8sRu#BWSk*Xxh~gnQU>AocHZq^|{(#zxAEa$4u9|
zNJ}C0zS1U$S&e^`rQ8H6!#tB$b|N77xOl+0%YR>z$JL3;li&O~O^!4$x8I&Tt!{kG
zBbNQvXw$nxD1NOaIx2E9BMI#3_&5AvjE^b1f(qWuR}a00h_6^yxjEj)N$S*b+vGuS
zZJtxy=kMW~(Lp68G%5)@S%#C#tVNY_p(2D2F`WO)K+<$Y`6FB*x`aC1jObZyNwFNR
z%BV5JZz$<{0dJ(~W+nC^EIvp3F-gRSRDw}-8{@&1aZGr@{ryZdtCRBWk^iF6QmO~p
zatc>B_pdq4O~;x4j3><Q8}V$$`8vOZ;|vdgUR%nLg;kySSf<H`sUTV@mbqNP>77&Y
zk86M|d}?#`zugl|4bncc9GHHg$dL^>nez(P(WSs;g&&O<<~xRqSo9;+$Svw)YZI9V
z4_M2C>8<qc9xaaFB7J?--E9ZnlvBRh+1X3?fuCo~20=%;55>D08^NY}(Y5^?tn9ss
zriU$UC{Fkd59<+SreD&a7F%P?tGZ>QD?-l|I25@llXn#DG?yDNn9R0#_$qSmW;C`e
zPk#3<I^~N#w`^A%i56Au6F1Ru#GOwXz-SKr#Y_}+Jq>rRFSev1f3Fr&jmsO+AJnw^
zUgI^qE}7O3R!N<G@06?c5&p~R@x*BaLT#}&(u|=@hG?{)#4vlBOq{v~h3Uhx?X)p^
z+~XWC9~z%kSxmC$R}uG1v6E{LQaA^D{X%Hu6%E*@qle+etsCK^xoca*#BbP>i-a6i
zoScAwOPm9Al>hB<;&`1Vd*qpVhX?1i;RI8m22PHT+?Qicx*UWxVvSG|NV!&KlF1U=
zd_Mytfjc&7b<Wu?KpoTOk|#Sq^~Hs!T`&o5-xBKywpMwvm}!`-WcY_O&CFA@8ICD5
zm-Mc6qCHDK_392(XepAx&=upKAgAq}$w_2+gz)AhN#aDo%p6W)EHR-19EeZW|K_nN
z`=*gFtWVK?Y}uoa(I~<IR%PuYVS%D^Z=Riso_*1cn|xC=SqH{{#QB6op?Pc4YW>hi
zSnf*N(bi9j!=gp3uwn{Is%V0Q(F%G~b;-GFz@<OKmzmB|)Y<aE6K}}zK<lC?@fBJ)
z;P$8mT794Q=MWcy`Rab;5si`b-Baw)3Jc>;I4B#YKHT9!k7iWOb~?*rAu!{KL8`d+
z$tSkKP)q16e<D}2J&9CgWXo(7%???j;d_boY|J5vLcWuq=jDUWyI#JA2raH=Hmhhx
z+K|0LwrrD#C7%czwzJ(6*5#E#YHM``-eATGDXtD1P{b$A5B%08?e#kH3P%mvmN^u5
z`m+$kRQOZ=dSRCiROp(RDIB$-D1_=xrm{s5O60+9(@1TqKO-m@bu7nYr!+taU;06e
zUzTO-uPss6ir1kEq2uJXNi<@++NUpTvzEiHnZ6`Da;#{gRbv!OJ-u6!O---3_`>pt
zw#s6Y0Fa}Tl2x8Jp@_qD03Yc|&OX`M&iw#HK44ER!t)Ay1vme}rU!Q(<bV<W2jM&U
zh(TUZ)VBad9mS*fy`fTN7LgIeWM-(B9A`7iz9KCLla2h<n%vV&dKcerpZz#GW|0n{
zxy7ySrf;OPv9_L6{><4_d7&05>s_ab=PEs(snNvOp#^9}2rRFpiK#zFE><~LCMm50
zVZqQ-db}X#Tu#zTy?5So_f^jIFL%YG-^xGIr<GP~ke<&}rTz+Y6g*zYEMhAKwpHmx
z*W63K_J~dgO#L$&b7yVV+4UC7!UNb+Z;<l0tbba4ZfKNZeA+#?^f=@zn;2ow8tm$(
zkQZiWx~oqH`ZYs=g-nVCX&Cc4o0o~o{xlV+6;Y+Nch4yHP;Euh4)Q)!;+i(jAl>j(
zRI4yMe3vcAg<UvY2~?|S@ZIB-D;JEHokaOgri|UfOg|}M&1HeFg#81Fhd(_U)!dQs
zJkIoKXzea})|7{jUzi0nj-MJb4*R3_D_7N%?B_8CZt0vo%xH_TuAE#&Fx4Gok7))a
z)kb7Y-HKD92mitA$`yM6e^rVq&bPDMi6Q5lh_GrLgu^3Y^LyB<w+pRn;?F`MOI({n
zBWuZ>bunpdu&Z$u4|X0Qzf;4<)W(ZGzY4!W--~?h&$`dr9Bc@Css`MQOAiwhGaeDx
z>7TcoRc7Z>wKnQ*&?Pof{*r_}Mus*EE4#A&r^3(J+kvUPVJExiwK_3h*DKq@SVF;w
z<<7`5_qSjk7vyR1J55}sY1g7VzYxx+-n9MH=D0a1qz+YvXsoDr$>6mQzHj}gcR)1r
z=*;59-}|X{x|(ca%sBRj_FO*(Vo-D{?Kir>q`Wx}5oh~3Nl}(ZC3kX{Rmz35#%=s~
z3Ww1+3Hjk*oH3pw1RIGlL;chXD?Z`%^6-p9$p$F9ikHf6gpaoVb<7?y{623JdfA!V
zF)h8s)ko(FrNB<Q(w3>WbwJ*F{GUNCY`zVtw8ls3WqIm_<7yn)j;fpFyGeI`zTV|3
z=EtMFQsT9^6Ee+Scnt%Y=<Cy>E@6|3;Raq8*Ia05+Qk*$YCp0LvNi>6;)MIR=_4yt
z%lT{<d`jLXT+BYx<T5aS(h?bjeh7N00RI_D8_6Ax{stQDuByy`4@nuc&W^EUvf3dA
z<S85As^jCC#o&6j7kd;5?AH&lhsb<P$8IUh?u4f9*YYSB4A^5>;2o@M+8H40*eWJS
zQj2nGyA<%j&nFx@(>k}eQ0t(439GLKtuV^tOat3Qyi_lIM(#7dRa<f6C3}OyntbUJ
zT7hV2FzxdgYH69i#$8u=wz6#I5?z*QI^JYWYu*Z0a$EHOT9NR~6C66e-@^V^oez}F
zkNeI+qgz(gZSlDgz;9oZmS$j+b?Q}vvaWBh7%4}U4s6?zKu$Ujj!3#OIZX~?Ez@?O
zKK6{hh*{8y=Yi*HYI~*v$Knl@V7*NpTL<6f)C8LKJx^zcwrhfh7rirW8<u+!y)iaD
z9W%^>`)Avk+iKPte{N-d#hq^ez*6mf-DL&}SHRa#!#))8wti(y(KALevQN3cvxtKJ
zjaKF*hw}unRrUgz$x?#w3ISFfT#hb%>sp(+DmjyWHI>BeaM?=;S1YyWRE*&u9We`P
zBeBYQ8(N=mA%KJdB$Xt!lkhm(JwEzM;V%~ANyanAyUH6l4nP&|u{J~>&xX6qs^F1n
zdkV#{kv2oE$X%cgSqkQqoAV^{A%#sE#|^qTPX3n4wNDQm`{AY5L70BKucNowNvG8<
z0KOb^8&7n!lcDMSyolcBwmIky61)P@4-O{<=Cg@}%qN?HH7s6(SjeT`=~Ea8!7P$N
zhmxFx0#nh`+eIeV-jd?~<W)qYo!bmnFW+Zj6S2g4y)IjnySa{71K|YM-HXxzVQn=}
zj%18GxKjha4#qU#zkH%WwV8Y_R+$gM^(cA?l;x}&&s!WFJRx5H%i@f(`Q^;y%o9JL
z#@A7}Od?5l48JD+QUi7)NEn<5?73FBc(Z=4>GXZ!sFU(*^eILNRos78!(GRS;&S(?
z%Y*D8s*j^&4IY}I^Htum%xvAV?N`ou0kXS#XhlE^+E4kahmQF5{j(3znlF+lMWoug
zss2c+f8}c!RB+D<E6drCh~u~k#&h!_HlEKp8-vLTq^&+98~tS-m>|_3;$q4vnT@B(
z1`$0BHkn1yb5@`lg$#VdbHU!nn4uy4-4^5P+zQ5Yti;>5Bb|^o9DmQM1A4Z_E|^t;
z9PR6=k~uj3b-EraIaLE6vW5d%L{LoA`FHJhHR)Hu)qFAW8*w4oDoH!bIIt*bL&9Wg
z6su#ztfv2iU`Avt$Jd{26^AMP404)ASHd<RNM~Ly|9U`XHra$3D>XPnAG%P%D4Jll
zsQgJ6d&X>Idz61I!1Rs2m1x5UFIH5VjR1g4>VwQiT-U5N&(++A1kyU(>sL;y!gbEN
zgm`f+ccoC+c5kRAACCL32Vr{$6<=!?$=B!>xOmzv7>Hp|)!rDER<nXSLtO$*@?zTz
zvg-5S9AIj1!6W7xIkh-t4TnidaYKEemsW-)PMYe=kGg1BGXC^#g-!5;=ZDa$5a>tR
z&SH2|rsd^U7s>v%W^hWicaYWlF+`}94h;*{r6&C@GouQcx}@(imz|9lhwjP5!pGkx
zbM|h|{x!v-)0Md4D27b8SV}~`+n37xyyOziOmJNw4k9$NQNDAv#00`M0w6Iid&M}d
zhbd}Fa$YIZn@w`Z&@OI0aL&EgTArq_?Np!^j%Erc!tfSPQj?EfWX)L|j#ne2_1`z4
z54rJE^4#H8?VW74rk@8#E*=A%a80mIBh_6xMg^m$5%V<{;y6QaVp+I8i5P?|`F51H
zsglFq9o|LLc;}m;mjva^;TEy|&%&`26eVwBS9&sGO}gTvRwNm4-mt|<@^*u3foHeu
zK(*@8wKc3P<}jzok#I|Jo+1AGQTD7<<RNHk>VMIaN9O6dr!xcBG;DZpSzK!Va?(vr
zLmPcfC*;(MPfi<5lilj^gRT=KNTx=5zcQ4-BO~?eml%O7%G;)OFG!9{F?>Gz-;1S%
zcxj96-$Xg?M>`p0im%w0NayAP+A^(fQ^mNa4S6d1B~g1EH0@j@!EV-ZzrV3ssFihg
z_9*x$QjurRbZIueP=)2T@l_r4CA<-NYDB-=FzzwJ40^PB6qh#ejl0V>csP2-T=rLg
z8`2UYn+D|UF??mQxu-GM&kQXL8Y$>>Zv1)sy5bc2J_U={py)s}J0MHAVl^~!wA|)V
zk_yZ)%&-40s`YKs$OUBie3N26cr}0fyzhOnh_7&j;`_rioVnwKXstTJb))+6$>f9R
zVu*lptdT{{?&R~bLAfBn?SpSn(_^!)n{cz1F0$1OEjiyK2rc>5_#F<($@N5MpmEC1
z8fmx}x90)enI8F@%Wx*dgm^C<_@Vz{59kqZ9*1q|IAm5bMN;l0?@rxE@xwzcM5qF>
zvF48XUjg6Cd2(_!Y0oBI1sJCNBYqRt5ixDY$EJzv?nz0L*_)(p(bRJ*d>na8o<*n`
z!a+Et(`y}oi^wuJ@LCV`T0GF2=10U4^V{;4oMUtfmHvSj-*pG8!Kf_Fp;4wwO$UlL
z_Ny-I*uwHureElni?`5lkQyTQ^DJs|+JO(@um%6IgQL!%7#@dexuh)WnGLOa^R>%0
zZ-6e>lJ#pvC{Oq8j0|F{`<nBLi5rc)sS_|b5d5~*!jbWd+O|&FgXZr+6%%nV+-P_7
zT+K`-?WOt$xY@{=&Cf>@D3QJdQGEh>3Q!D0S?JvKV-o@q$I{sJcT&m;q?^4VMq3EV
zv|o4L;|hl~>8;Hj12nj(S%Vou9r%H};{Xq6hAJKWPp3=tn{Y5=Zg~1}&m^XO+v(-{
z3r^=gyh!CDx@e?2IIJu^(e_ctt)T~~6m$Z){qxKEuRs%HawED)&&`vM=4p#W-GdMT
z|7M!8QVKga7qgK(VQVbN`;4vDu2G#8x~-Dg5_A6%OuT7_7X#0eBk)4gbW!5|wLzmr
z>>+aS!p!D~dT7xiFq1p(e{HpA9!wKFTzPo+8%RidSax*lk(qJ}qG%^hLq_@@yIHgy
z+oLRW(;ev2f2^2eWod(r-GaSmiyRcA4>wthS?-rlR~LtI4pn-_C`o4X^!{U;7?tK+
z*4G_1F6e-7!B2F2GnjX{V9xsO_^tn0b2!h-aI#%wryG@>ZPM3fx{FGRk1<Avmq@lx
zz-#%;2gy{8dcE|iqlE{3`wmJOxd5-^rd9pkn(4)RyF{jX_ulSlxHcjht7+(=1&N7h
zTTf$;&@&_>Qt1qJ2r}Vw_NX$=i&T~06iO3!wXo3T9l92$5iGV$TWZt4h^<M>8kVuH
z)RcIG+PY3M!+iVk6x$+4pOaH`*pArCSg?&^+}xxqh4wH!M=DLzv7dtdS08s@5_<j$
zx#$87lWOOR2c&CtOap=)hnfD7FLJO92FOC}OEzZJeyU!px@>DSuGM=RL`D2#s$v4>
zL-rNAV|lxZW*@{QzZXHP@uAPHxdlr?@ZAA|CNgsDgl6)>uPnD2Ic%_#!1i_+2aC3G
z==tw#;-S%2GLA~~QnMwg4m_iNVuqnVWO9ZsaHw{jHU0MQ6@>*vVL9o$ScSanT!V=6
zW3;Qe3EBM!4+iC5-}2|l0ejoxYlQaPZ^s_LRq*;fiZ9lp=<Y4=9(D}8978%im1YWx
zuHV0>?1uxFgV&Fnu!dtsejXfOzC|XIZgH+Jsl$1+_d0WOiD&v$#%@%C;Qna^vJ+EM
zelZT%qK3~MW!pw`#ds3wMSz8U*b8VP;TjkAN^rER1XfYQwRd_%^qI}nFhoZ+%vNVS
zEa5uXK=U~~HGh_}(d$CPW%`ThdsT~tsG(<$CtQg=MBSd42My5pM;0n>F!m}W!vUbj
z-?M%u^*oN0<elcc>H^&)XghVPPv}Y0h&~?M=<<_tQ)j5>*M&idY?rijVIx=}WVG50
zG<Y7y?JpHYE@eM!_Sl{guU%_&@6NH=$HXG<{bF!YwhhJUJ4N>ziT4WOYL1CZbD_vk
z{aWHqwz%#Wh|p>=e<W7G#;eDXmS1#g6m~n+`6Q{K>LuRvr|>%T6(`HmC>h(3K=xad
z3%p~5$8<i&I3Ak+kU^4?`O_ro_p%RaSltg093d9197x{&3@xO)00+3*+<%H0#XM#D
zH!GhuxDRIIs-|&Cd5$wOY@6x1?+kqo?y$?25Obf)Q676DU8Iufw30jgMFAJb#)KC#
zj=ax+FuyaczgqRG)DrF2`qJeolGmw@im`WndJJvZ6$P|YD%Z-A8fE5C|GH2NM@4DX
z?!DhL3tCLoFh1{&)oeDc6u-G;@;l28TfTe}xb_CjhidSy#={7%FKXX7=X=0xpse{M
zhJbaIHk)yRQf{2%iYnPRt>D)L65r<T&*yd3_|LmQS0P0fYmNVW{(Px^#AnMMJkYZG
zpK5%KERB5kWb;+0Cxy;-t^vNmU?g|$h>&jC(uhT3Oq(_y)SGz0$HuV?D$?6&1_mjH
zlq>^nLKo!Y=c7n8gkwU8$S=j&@#j=kP7^0YLL%GXa_xj-_i(#Fp8Kj%CfHoVSO_`L
zOpx$-ylSE-AN4??X{rl*Ezq7zNO-YWwSXit=pK^K<#V6Y>UMMpnY;r%98k|2iCOM$
zw7*Pi8qJe~<K4$qO`TyAJ8ww#WOGfJ<>=jP#=BGAHOK_n#;5r1YF0^Fle~iNe`y-=
z1zm?YQ%mfm+OajcOyxP^U&B$+yJ*Tqu^%AgpQxuVP?NZWvDXl?Y|2sz8dj-i1r~po
zMu%c#uN*Ml_nyM*GoeyJ=y#6_O!eyVB*@^H`Ndo7f<D<SNkp56>`u8dr0aQZaOmPI
zCEra_thVkmI&dWg#La56c=C`#eSvI$o>o)Xx8c&XP%SCfM;pdp<!`DZRQxs3A5pRF
ze=Lpu%#elg1_jmNYT+BVasy5)7t7O;E&77a9#yUku?E5C`d8ELUsdm*NTOV)srG%_
zR2Y78c2_`PIcW(8#Loumie>%LE&Dq6Kry>UNtmp4QfQLmZ-=SpY{aD{QhH2e-|*F3
za5QFceYLO(F*pq;F1bNUlPBN!1yHKD&O9_MOi<O(sKfNXzC4t?NSCBc4G}}%5P>t_
zRdlQu*8&caD#LLCzX(6k(@-NiM!eb9-KE}IyV2-kJvNzSIiL(5PbNl6`9FekoAhu|
z*tw`NuU>N1W>8XF>liA3<~4uJ==V)u)jNxN3iKX$A-Ut)0m<zQ{`oZ8b`E|pw9I{%
zeS@_nMGtSS0Vra}N;}+r5g_!OMFnMXF2Gx78A9SJA0`m^em*&Cnjg<aWwfdAYPXDh
zl`=Xlq`*0=27Zo0x1rp0BuwECbB_K4`i|T6>V&Ipbl*Z|1g$>493O_KmO>O6Y<o&H
zymloK(A9%5zj-9ET@yK*pXBhN!n<H<{|81^7eD=Kd&4aF+}DI}wcqcJwveY|cvQNY
zb00X+mU34#qEjph4<?<uzuMTji}rx7HH|@>VOx1_m|7qO+-ZF>&drlAXcc6B#nJ-=
z9FY$lL~LOROq6`NzU8?hM(+WcP;G~9gJKUB^29Cx+dt99e4$_EB9gt<Z@4Iwl~9|q
z?5s>_QjgIk#vhuJrg)dTBoK^kVck-2-gsdR6zE>K0&R^0!MLGw)N>?0npZpE=Uz!~
z!cu$wQYgM^H(YN#(K`#i7Z2@7IHMBP34$-e(WB?ao2?=MMoLNR3PkO1VG~b*F<Wb&
z`*1mI<_|eR$gb!218Y5|vXqylE)caX59OS;($-$vMcVIP%d^BP#%pz|yCaVlv-$88
z@CmRxr0|z(Qnh*Q-8EK+w)G!T;YCp*D%TPY%IN-hmc*wzF*?`X{h(5Lp@$v!YZA!5
zr=+Q684z9rmxhc#PUvI0gLCs73w!ezlyyGN%U9m>+(K|)3#+a+2LbCDo&8>psjgFH
zZxh1n3$7euST<thb-ECFAIuGuXi3k}-P^P81xpegoW5gUjL2<OQ`-Wmp5ZyJ;LMXF
zU3&Ayu}!GJFaJcFAJaLPeog;wijvPXRr5f%TU#W$OK6uGGl##3Z$i~t2=(SQ_1|jU
zUmV>xY}>Vf)noB8x#IW%HUI+E=R*dI)dJm@%ZOjVWqJeWa#KFJ`(&P*%V+DtXYw}t
z!ML*NUg6s)hDR-$ZL#2{QZ(!$pH8GD??HX_F#9q**a7jZuEbX(nL?|AJSNq}gW}kN
zLZW8IU`{$L48k{?lc(|<>$tCtN(0{#7xm(`(@jfl4GyZtSDRzToA9j_ST)JHg%!pH
z|2&4sHxehBxjKfY96c{Q+V@-u>GIVn8P#Yg?U!|^%5y-~Ls+}We2&f}kjvbY53cpz
z4C(iYwgPVLxHvwXf(6oOO+RitG^+9S9DEs@X8CanvXh+k22auQ0fds+xjGS_qdI@4
zal=0=;2GoClf>z4_I(k}5mL>*3zeVjOao%%&r!6Fc!BVyv4tT!nN{Ou?!+SX#=Hs^
z?1aai!A5OT{&h4pZ`*d{y^7y*de2?FiYeygF$XX^e|8W+uYX*P#f=_sF6KDC4i;p-
zNJXhY2CKLVT>$c)3NU<A5%iw<kD*HBr<1LDUVivu-3#0O(a!hvPet1b_q4REmcYKQ
zBgz%d_^DF^;;YbOZBe7I>ac2g_iY{aU(B$42BHw_geA>rQYFfe>YBb#Leczh8z4tA
zl=bqEq2xVGvIZ-ikMfp6i-^;QDJs16jIP(B2ww>3@=fA5U3q*2Nr)Btq)mlMQVj50
zP906P$=@5i{Nt#fB2DpT>IF}xUrdm^I^Dj4r~T-EaVT7e6(?VJVVWuQ=Dpbnit=~0
z2d`pCM*8%{uI>JIQeX|V*s|Fsp4K`+I`e(C&Ms@aQhcZxMDTuMK6O?T^6wHWGKtxW
z?2fT(ol%B%uIqtXB7uQwkb0xA*ea?I(0|<<!*3*$CohPfiJ#L$dFJ{K9smZSZg#9A
z<~48hM)13StiaHsT2+L3orN7Z1hypHOi6l3c@smA>uK8ZP%BRJ;T&gvDJ7JS&Up!D
z)Nvoz@z-f6N12;<7HB4lcy_|r%K@v4<cQVALX|cAg{oY`_1ci%bO2XG-Ga_S%!_-0
zL$DdR1szWKD&flRU_TLW7eIM@<BgHo7oj`+@JU%VnUas}9mTgz8`~a`z>VjgeIj&I
z5@?t`+O|wjn7Z?vSnkL{@pWi9X7<~Nuv=Z)EdOP;$tnX*IpqUk^cAWYUGm%f3}}-x
zrHDV+?o$qS{s8%%LJa>mOyfWBg23L$3W|s4e^3lY0!B7=j{m8c2sjy;|4;RQV;YPM
zOw9kk!|4BE*<LfKN{Tf)8_eR4#N@mL{30QN?xKV=ECa(df^eIQdpN`*E)ng{j_x8*
zVF(L;p7XBr?APy~)?S-gjrpzbP3LRRTQ8>N3JWI*t$`VVCI-qZ;PEjUm_&sI1W<d2
z{{P3=Ijjo;bO-R-wr$(CG1s<jn{#d3wr$(CZ6lK`^8Je}vgk!WLiedtW$)<psL#Y?
z8L*EqmrFrb2sbtl2@?eMD@}h4!4$%8xKMH@&WwtIl6M9J2%rbx|1}^0Xkcp#0MFh!
z=LcgDGXP+rgkA?K5Q3Zs5fqrkfLW~naucIZZS`i9@{0pVb21AkKu8Gq!oLNW;7TA~
z*G`F&X9(2_w$5wH!X5&^VsN65u=U+5R2Qx}xc@SstzA=7lU3p>m&G7nnL4`;Sfk&@
zDgb;0;^+*h0pObo?QUZU{!z#vCnM&c!n$@Yua0aA>Bi~;0*D6)v4#WU;^}N3s_Bmd
z7~2k*@lRl+;)U=eZ*<HLy9Vf|0}C()`Sm}X25>;WA4g_J=HS(pZ2paY8EPLA3?QKL
zKUQtu*51{ha_OKopK=KD<;?EF5Gph+gBR;da0`Wix*U$dr|P!$B5Mk_|HYnMj-27h
zEkwI_kVm%xW=ROj)C@duAe+JOF%gVAa0=gUJNq)WWkblIMq!qJHbuWI<oFheChNMr
zDPJGlEH3a#4=onqgg*@x0&ef{<OB@?2uJ`9ATG0=b@g^n^X4UwKgq8z_N$xs+TaCX
zaui8mM_+pG5Wl1}u^bu#z|9%V!|NZZv5Q2808s~!IS6P<K+S;in0pq>F!mt-UjG=Q
z&+ZTSdbkG&xYg_Dmm7s=HVFh4()MfgBkt6`v}D5S;=J}l@n*MNsm8$WPd*Cm3jhv}
z&kis~+Xsu_&g1^;hQg|Jr$^KFd#~cJIRGH!m*CS?{EOiFUinGmM?2!w=QrvJ>y@RB
z;D4M8$bNKk$maJ2@S8jO1)uucd;Wua{L8fWJ1M?`3G^;J`JnavJD;%;KzQSKj(@t0
z`NQ!^RW}Oj|5JO8J(qh~0n`A%z4=|M3TXS$2ArTkJ+_+);hF&289=ktXYX{$FMceq
z{rMUw*ryPOH3j+gDF|o}(BA$l{@SK;(h?gRx_HR*lmD-?H|<xN6p%4U<7<ZwkI&z?
zG(W$D`&d65i-g~Y{MHtVM$pPnhS4_+8Pboh0}y-c0Zd~Mlh*tB&P|>=Y<C5J&j_}f
zi~1AY1z@ich;Q~`=YNXm&&mA*3($@)TlGWw0Mu6XOZouV*7u7P0-){s3xW(_FNhEQ
zE&khvsa@AAx+8A2*1OadYkiHsOGN=<{0=X!yQf!n=%;w<b7TVV;QB$nNsLM!H+iV_
z!u~L}eC{y$Bl+tN_)GQk?<KZ@_*8p=580>lE2@CdcMRzGh5S}Klg7=>#}xQm&lzj;
z8T&O#3<1<0FvW;&YH&gnz{VOto2rtKRD-iwXs8smY4<1B$(@d)g-h?SfRwj(%DeT%
zoiLqc?r-mxO6ak+Vf@L=qm~h_ri4<U=VSEh^(II3-)qyUcZY?Y`q*6(E3Y!fGL9w^
z*RC6!F6S?scr3(T3Z@ed4(Nl5V<epp*U9$fmn0fk@LAi+Tjd98gY6U<M-dBgtPgZK
zW?zQM48lU;5GRGgMx>m!ec4<+8N?oZuRO&lqroS>D9`xY^4=L_AJ)VAKPAJ5OL8*;
zHS%K7&T<?){YUSX^cwf)S!Rkq8He^0Fcz0%p*lne4WkG3-<pRD4!@<0$cJeR(43g)
zNcBP@N1BP=T{?s|JXCfo;|&KHnFI0xV$9^O%kFnUR3dp`uQspc%OW<GmB_tga(_xS
zBlJ|IbcEa4v*xN}x^?<R8NWnZ@q}LX^~(`2<fpLfkBM^=JTq7lwrSpF#lypSLhl$N
zwX(2MH~M4`f*i4qXM5r)rlmnm$s1KBPP#bpcTuF2>6_^#UL=cZr&T1es3u6op=M_*
z^;FKEe6I_<YD{p|7))tI{ZC&=(xXHVE4`4sIv1VT-kTxfYh59-tK^5>^d`(&7D8Z{
zdtxln5RKWmbwpByNh20+r7YzcE*sTH8Nu+GlGw9YvWEjHW$p#h|H^UZcB-)h8RrTI
zcjxjd_pB`pM+x`mt2(rcP#Gq9`7E%lJ|_7z<Rwpz8uMJC>x>X45JCA?QO!d4534g!
z5hM&s2;OABt5z2Gtu*QN-^u5+BSy3h^Vrb>+<e>8%Q>VDQGz96Lo%|SYtrWDv6>Q$
z2bLyV;NmZ5H0bR{Q8&Ujq*)%OGo`mL7jKw82S{frG+!x%j<P}$|8you2MWZk>XcbR
zttPEI2#|V6Y<^Am2f&Gy_ae=hb~zXcyVdPEOEjK2B|p66jqTMIoXKCU#1%$}gt{dj
zmL1$rbgR(%i+yAi4t366EdkMpyH}QE<|vhVRtB4tp~75g+()en_^T=oW;UD_exA4O
zsySUd{BcI$^ZJc?s-j2v$3EsC08>|7BzNJY?+X(x!ICf86+Reobg6?r4Ev!AXun#J
z2yZUVin$A^bfvMlD*M023v)|!7!AmMjYrOR3?2xWJ`GYo%(ZllOcN2|elfB|gG%YO
zbAMX9otG*<7}440y!Zy6Ocaf^_xjh+dS%;CCkCTzlNeyYHhfamR;#lh4zdFh9xTqr
z!)FeOYLY02hd##WcI#3nS}pR%#)BQ=_Swhft#MeQLTAusXLLv}P=K}U(h(U|eZa)*
zr{n6BiY#x8934222LU6e@a)5`3-g2c>IBb!w&Pk5U%51Iu!^?kWUd`$!mq6`azL}^
z{R>XegM<W`xHf0rWt#Ct9rU8}TCZ2-?z5~IRmkZ;l|+P8|AFG{{t9<uU0U8kTWyNg
zpfq1R5v*ZoZlX^ffUwHxppBMO3xWFcvs70gj}~t$iB~X%H+uTlNYNM?gX>u{?Mxtb
zQiftHlXK!rtjm_VNu3#6z#GbOwwR!e`rrcH(CC!GYkz~{iR|Ui-e0$st$rkc)V;IJ
z(J3)qVin<^?=fY@ke1Kvly4Vq@0$`ruB*|_O%lAF0v)9v$<l(iIGsP5OBTy80N)Jm
zbO{E{EA~1MOFQv|E6McrV+eL*ct{z@72u#;eod_m9C%!TYp!{7LM(8t+P)v6cVay*
z&_vejUY}6`Kq{kqpRktyI;uJ^^u-g{;=-$s@U-_mGf|^<RtqK$QS}*dLk}$o2QT4?
zC5<0J#euY1N|>A{DSUqA%kJw9m^Cp^#whS~4s1)Sv>O;i$Lem<ExuRrt&Pb9yogB?
zLe78>H9QDp!l{_T2&wnbmfWpG!)U}D*Xmn^Y@K^0&{(yObALox{)n+YSq+k;;LNmT
zQ3z*WsbWfUsQs0L3QS(;a#OOkjD*O1a=>#pMVb3@H8gZU2ai`b&vMEWF}!$ebe;(3
zqgx|2v}*wZE*89L!0Yt3=P>ZqiXAwR&Upg8I^A`&&5WSV@g1+dyuS~(k39PQvuBlx
zAQDmHMOcZP<4#Cgcu|7k9c@8urG{Ysou%!Thk6dYJmoGCtnVX$?=p1Y+i<F8)<l;T
zPVmUHViR9L8247N{-TKwBvN{{bGb?pFf@7t2^XkMm1&odk|~tC;cPoS!?$FJ0L3@o
zq0vxQPk30oy=q}0wGFhK#T|OtDRbEv<P1d?6hGX~_?%mX(|sQQ8SZ)fPzO>@{IJe{
zqXSXRwCAJ@cke2&%H>es7@x6C$EtKrhSD;z!*Ov2)!uiuqWCQagSWjdt4`DJr7CyJ
zx^Md$8RQlm<Z~uY_OD!a6|$LWwN<vVup+PcA_v>ir1%Ag!x%v2J~b-hhVN;JwtD98
z(|uJcD`yLwi^B5wCyu#;nI6&w?<^|T8l*+fcmk&5EU%=vp5W9H6Q5eg{%9jY{0HML
zhYxkOozQUq-P?2!?>qTf$(e1Zp&P@@28L!OW1*WIdtlWS@|~z)DN63P!h)0GksTbw
zg;{LvD&3vldO@OP?2=wNTFZa=UGs%baY1l|vVLfL+ngo-T$;no7N$HmW{rl>Ow0D(
z;RxRqgo|pJZ9E|3i=I**N3uqRLYN1j>(XjV44#A1gSf*&@DFIE@Fa@}I4%ayQ4dA8
ztX($VTUPO8RBifjZ;ip$x<8Ht{p%c8%`CKHU8Saacuqm9t}H1{*(8S+Q-{k<{n~s!
zF;UNeA)}M?oD+eY7z-9{a%szj)|nW=r#XFGVw@J8_P3{?PQnmS{V|2RsTlov*sq(5
z78-rR{Y-1GH|t~DN0={U2HBbRGc(g5n$B61M}fs89JEb&_50GWksN;#&n~2VgW;dA
zK6@D@37I{1-l3kIR^vhokpUJ6o+K9xeA8=weI2YhS+nREz*GStUrWs%ITERR=eg2>
zGGnoXGp$yEo?xLeY@XY*q>kcQM?`$j1x8bkeQ8ZkMtAv;1$^gjk7~h-wYZp8Af&$_
zAIcls!#3LQ2`92uhawQe3AmwMOGLG$JeLX<?)Wi$TSSl9sW#2jYOXZl^A~pxhRr4(
z+(cA1TMCIM++CXsGQx%?D{W|#BhSdT*#475J<l&{%lib}WUpF%z0#@C$e;C?va|yg
zzdf8(_RYlPIC^kskRKtG$h_p!bmR6A7~HbiJzN|EUe>Z|@b6^0W@=ov03Ct3a}5l#
za>ZBbYi3Y%V#u!C3k#a|FN8laCm$uq2!x`?q({!iCgg0lnto0vyp$LFT5X1^lz)Zw
zG{G|tG+x3)v`&B2ZdjkJNmYgg-i1vT?M#Cv=KY7R>zbbM0Z%u()$OLtE245L#Sy30
z)rIB_L$9j8?_2keEr<$3>nG#U0|&sba`IVO4c#On+?fD*!0f1sGI@%<KvFWxL%8TD
z(ow%v8~vi~cISX+NBr3+2apw7oKV`eU)pmRUq}*ci1fl2zavwU-5Q|aH6Jb+ACv{j
z?jg|6>C$Z^cOzPdF-kdP-L?>u1C0hIwpDa>1TC~!vu(C@&fY3gi+CB#pi?Q+Jt)C^
ztD}iPD!ld?rqNiRTjhOh7YLaB3?^BY8}iZ;gQl(6Bb+Q5c5UP4?5<fYMY1J_TASIT
zD2vp0@t5DKe!Wdyp%OcB+)ggNDs#1taP1h&wezv{cwV)ZNcjr|;-Mn3kE@VSjuMHZ
z=Zx)ZD(vMC^?P`^G~jbvzct-MG=%2DV0tZmmI?)(kiP$9F4pC2J$ER2<0>8d@V_9=
z@Hs8-ZF<Hy(~=o;QwpPh!d^@w^?Xb;wKg6>ae%;Q%_P)@<+zUAsmk<`+P*$yFFLu&
zJgt;SerAG`;<J6p<$G+yVVhhtqB;)l{!>ZSr>-yayi+N;&-KwiF<D%+NC@zy2{D<3
zR-v*usNTH0bP<tDX`5M|x!`qnZ-l50P#Hh*rWC8Rgb(;!YKkYg)9Gw1RF<z(TD;z4
zSsx20r=~GcU-5RGfHvalex{-9IJD)rQEVEncB%|L6WfxQN{#Zgj>>Be*hRI*M(=(J
zt)wg=mf0)40>;nbPg1~XIo=am-k}(78dtsSugD6M=8PT4mQpjstGlz3*7Ne2n~wAY
z%hpD!H?ROkwt$?Tb3YChI34W=0CJf4%AWf(g+bDxe9ac!SJDri8hS4J^yKAFAtCw{
zIY(4aT*S;jJ+F+T=tuVUck?~FVG5&fL21-)tJD1mZvKW`eecD$VhhL!{Fb@_80eX9
z`?kb;IQFw|Xkh0iP&n9;8G18s$CkswIq9c|qszyKZyj9Sh#A$`KE0bk8P9+?S{1jf
z2PYqtzz-l*u-B-18`H+=X(a>9AB$zWV$jDOAc~!QMI!Oz(nVL>KGT2#Y_nVC*4P%N
zAcetwcD6_fD#W--O;j|7;rch=UZije96jfpgp&{s7Ttm)Wz%AIvdE*gYIq8jUqllx
zmK&GFk6PVgU{`3=(W3GWg!W?b4^EUB$yHPf`Z+#eiUTW*G9w{dW335opvQStiHCDz
zSMA>IU&-ZC>01s^jTJx(Ynew}R<4FMQfAkyR<{NhQOlsf*fCE?1P%FHu;YmoIyyOG
z+xmE|Y0D3sSzbU>nfPT7DnwX{u4^0?Q030(?a|K7o`3sKL)NA<4R1(P$GyL*y&Q4l
z$7fSFXCx`Za=M8X(#QeCwb3zU*Xqcc>?y9(0(e4H=e~9>uKlTs?z|Ek8rvkue2?3k
zQdkf&RgDXMW&_tnIc2swAd083Qcm_(zx7V{FoD@w6OG+ug`S3N%cj{vtqeH2c(xCE
zG+p4C8D_3Nbb3;+CmJI2HS(9!y!aLm#abFe2Ci_QT&tchTpv8Lf&?zr&;r@j>uQOZ
zCP&gn&8Q$XQs5O8=IZo~xHf{9-wXTKLMR)Of2By@tdgL}k7$(|g}&Dvqp@k9V^gCn
zSO*i}zXe!C&TO@*b~FL0%u4p0KW;SzBae>Y4h)erCI_l=mT7|UEiBY92~Jg%f#K&l
zu8Dy*9Firde!K0I$^jRNVDM-MsoYCo&DUvhGr`t1KD4wfm^|928kDns<+v5<B-b@l
z5@VE1BRG(^ED?vw4tfZkxlHg=27Q%}5{)ZaB2PCneXH@;YOMdrTQl1aw+XkY9(7)-
zI(-$Dz#F2e)o2j!w3UimkcnB;fKbSkCbLP<lL{#X&?p95h+IK|Xf&MvJH5vqL&zpS
zrL@D*^d0#57n{Q0LIjtFt>ocJJC^=#@$w=?(!U$f8i`a3kZcDuQGspqMl5QOvKS`I
zp+&2djGQe6TO|FV$d^E?PHG@t9`%roxr)U!ZLv{}7%$8vL9rt%%crSD_ESI7Ua-2A
zIJlt?j8#$9z0H+$B>@O?u<xa_RI)EKf3v;B21m+QsiZ!<wCFSC&I_GO;}2{9t?tmh
zwFDkt?e}KN+K}#hXn7pcmt!-J@aJ>Ft?3~jNkXn?^^%$+qmCeBAm>P;Fw&nvecFfZ
zm>%u!eN6o55K#7zN9Y!$3=K-B-vp;`%B{cQ7W8|mYTIH&-0siVoE)0@vlSU+U7JLz
zUs`Z-yc)BHyQ_-@<yi1{*N5RKO^>zDa&FWx!=feY4o@ADS$yf5SWylcEN=rrb4a0x
z?-^8Lmi;uG$+YlYhnrdPlWYhc8XXX%_Ak1#p7<ILNFLU}7KCy#Nk1fPcW9K@+uYXq
z4(X^EKSJJ0W$u0Pb`M2Ng362EiTUX-{(uXF>ebb1y*kmm#2<~OGeuuDzjz#m)z8GQ
z=~^LbRV$+G?<n8qzkiMbKL}Kc-?aQ24g1x~b3tLhT*=A!-}jL7(yWLEF{Cy==v8_(
zZ)P<amVogj##9JR^7A*hP4Q8cKdJwYsO8LV23lLUlY&wZ?B0X&w3`CgkCZ1M&E=&}
zS{5|w;Kpq|G(vDqcS9THP>`-7q@GhtB8DuFgVula(M6CGv=iO7-;hT6hX^l99v?B1
z3Ej8(6T)${OswdTkz0CL(&Yggo`*O!rMKKi5JK;_BTA7GKJ27A25mg7@G|zKYJ~>9
zFZX|k*E-^t4Xn7kgP-+GF8FDyOwg$L#u@lD+o{PkUqvK${_Ei?m`wlZChat=N8jgM
zuV*mf+sP$-PXD08f;>@toFysAmWG}Yv^X>|XCjTP?EFNpXSR3KiHBXkMyP1~=own=
zsO-DE+3myq5bcV6lKTDINwjN-lFB<zcAl}85~9|(XRMq(8hxJ-m89@rT{J67&>*{~
zG`=j*w>iE@MqukzG2>81jvfCrS6Af>nngUT?o3^#p<^Q3RcjZkE}5VjoP2Y&1X<VH
z=8XzR-kSxp7KP!!eA0d9N5{luU6Ki*7?((bW#SXPelL?_k8Wx9^c*T9_R+*qMMK<9
z5=7!@Up(^_!KNCJ)igI6(2#lLJoi7ADl_$XTmcGdVTjivAtOtl1gPgecp~ivwq7LK
zppbqx;jTynAAMX1TkwRwm;|b1N1!jm?|6`b9f_@NU}Sno#0=#_Fr5J38t;1}JQ#__
z-xY5)%C_ryutE=l^0f7dJ*Lua7UUmwrYeUCGuf{Avnx^(G-Io#(C}UIb=c!_9<DXW
z^0oy$thS)-*n$0YOPY2Wv%Yb?rS#rHk^{MECZF(>bydjCVwKqztN&0{=-2j2XqJFc
z?gfhu89vqCiz19wJ;3!>gD1@A@~vQ0wP2|;X&)b%ZgUwJ{^9K8<0{|a^3==Zs6Pkx
z9LaNjTsh1HCt61e=XuX}ae7I?H2j^gXeNYqR`k`s>^!p(<zH}2NEGgduwwR;8LHC1
z$(_7jnhWjI<~d~`5{C=+`Q=+k7CcXD%^vXchHuW1U`gOcCo>)!d0GM~p!WK6iHt9O
zlgRW+E7n}2GwG70@S!fzgu9w<w%%>ULSWbS`>stnWydTz*o`jTe%Up`YyjVS)M<Q-
z+1<zBh#c1vo^P>zt=Mb%mXIhDu~*en?Iz6so2=RF1`6qXf4(V&JU2OL7Ru!9@dQEy
zSZrOjr^EE5$f^5z)@;$o2dj#?qHDLNn4o60H&OD&dQyJzvdvay$v6WeP!P%up>tqY
z1+lUVz1MZ;__-d9p*h}*!c{a&7Vd{5i9J!(#f*&Omb7m7xYO+}h2n1=w&H`?E;(Ll
zDw252W6Qh@%-r?)Jc5+@`v7_(_Ca_(8Z_zoYKkByOR`qa*H*W0*VDAj7vyPkmyi|e
zpwjCp@nx`{%Q2O5Gd>Ho3s7)GWBOvcG4Z*4(<mE>GtsOjH%@%5Ky7aA0Q4fbi?mqi
z{cJ-of%~6K8<Ff=0ju)H63<oSFn;=Z_jo%A#>$Ls%vj1Cq;=*b@19K*xZ}SBccGl|
zC-EFN;PC!8buE&Qoq9NLVQeOhKCxfn+L<Sg>YK9K2oV|>eeA01ZHiRtLqDQy_|@m=
zJj*UjKNye-I(qLVtfE;r#u%+&AlTu?{Jq=b0M&_#LGOzIywNWmYnK`SjJ&b(;V)6}
zuF@iv`90^Z^T2!t;-N}-VnfFJpf{P14?7mQqp>&4-N)aTcBNr#mg{1`y2%r{Vf$p$
z-4tiB>JYVgL;n(mQ8}-WGpY#I2yzt6Fal7bml(uaTXS8I9*bA%Ei~;INscaCUc1z!
zw1=9elkd*~HJM{1s#Ed(jWEPq1P4AinGp>?)ZMp-Zx7@59k<W-Y_cI65?9DJV<*#F
zMw%ZUtma?py{iZKYK#8;+Fm5X`HuyhI$N45jHQvrQv5lqi7ZN99hE3|^iqX(wvi5s
zIlb3}s0`9)MzSzW2$#GmeDiM=boBl^A{kwfFwH*L1ebz#Cb9~t_RH7d<f7G)zm>Oy
zrreL9ZE}O2KO~wVcphZFc<Zj)NQ)BO#@TR{oTAE6qh}lQX1v}2rAn`DnyImjrCBS-
z6Qan4{<FfpA&&Jnvec7@<-bLK|9HCW?@JJYSGqC~+!Cm`OPTs2CCIp9!FHu)SEXQ5
zXnDZv<UEotLB%OhwWnYYx_DwXNGjr1IbJgcFFIYKO8pycJSW@7KE{U|*{dh5yBT@4
zX~||BWTNr1R2yKiS676j3{Z>4eU%~)H=1dzqiV$52*N{#9}~M8)CpSQAGG|C9s@HC
z$`Okq-AWJBtQca+o|)s&i)nMs_suUKYqKrN<YdcBBb8fwLz#HCtoK)SP$b5YmN%{Q
zR>du^TcpqLiPDr|a}~>G4Iuuevg2n%NxiZXM?Z0Cz8{ULNMFE-^-GwNVdh5by~m+i
zN71@AwEO8IgY)fXY{WEAb9}v0@=KwOOMR*Llz@9eWzso52+|E=tvvS|vpV5w&guYB
zmzp~KY;3s-ESqY8k8$Y9K)40>llAfdCddM!pBiajcbwjMpWfoG9LcgSuv;4;r`CXr
zn06_>r%C!WObLqFubjT=TtRiXRA$z~aO{uXgZgAsQuV@=4AgGdrn0yCPBg^Kd%D{S
zK1KQ#eRTrdeB-TKfzC+AQGb*hXv?<#f4wU1kgBUM3fb*#;UOq#J*twb-0mG6E<;`&
zV$RKtihut28y&r8K4j%x`)@#LW6{5fkEA$*_<!8cl(5Te$W<W@(pSqTf9wmwhX>@V
ztCp~dF#Sph4CExptfM{oIFwBeQ;6_n_y@F30kY>lqbMh8uuy2PDYQ-&-8`^O3-q_D
zt7Vd0iZmd*r7B&*`R-MUQG&f;uu52uO`{dEIv|EwW@80sJuT3u<yoTo+{#ap{0vY&
zneN4Jj}_Z94vKWDk#10h^J-h(w-n3cx)4Qa87JXs6kz!uKX{L<m})8Iq5)txUX1l#
zCuG{s)=F5b>TdJtEv=i|V-GgkC!|jfYZL{guc{0hb!$bbxD|69W}_l^-m~Y)zvI<9
zDbPd<ALw=XCEW0svU9OQH!X>D{A{w_H1a!$N0PhGO>iJEJ|Q-V_QjN}kP)pF#qxZF
zDK{G1{}d@D28tE-OG_?4g*L$*ZP~_=;ABYclkbtcqb?x55z{`){Uk5Rm0bVx921em
zmwa^JkuI1Gy<doQ3oBiz0-uQpIWgr#g2dxJw)T7G>C{sgb6hS0DxI8QOB>+!np|p7
zag$q>&hl~utXs`|(i}xu$A}Lo$Xe$f*$-Iyl#@k94m`l~&HSYr;Kvp{_HG72o)7|W
zAPF|8Y)GYYp@~Gv9fZ;g`)981+{z6-{h(+4;8PO)P3x=(bmwj<(8>1`pk1TaEEIo%
zRUTve_*(r3gLx`@#?ps{F0i#VdT>-gO0~4nlwSl16{?PgT@Fxm_uI<FpgSJ#lZb*F
zI#35xGUvymF1SxB&iba{-yD-=(kZvvOL1sE3)#pcG9vu7eIHb+4FY-;eVp&T#I_>i
zx^8lpUUD9VEO|~=G8Qv#{^~=fULGMp;6N|@W&KpyS7#YD>>qpXTu;q7I$3xL?nL5=
zzat>crRJgPp{eCfOpiEZJX|t(cX;`m>p6DfRalrVpf`_oJsUY{`=TQ*J0u?rd5Ju!
zilRdn^1f(&C>0?MZ93{0(s*KjQ<I7@gXT(gehyn+g(M*4fD|K!FpZO2M(hQeMdWbX
zB5@iYS060T#Qfg{<Q$N_F{T*cZ_tro70}8*&TsuBFnF#J2y=C@bXr;V3c#10^PdbW
z)66R?#&-vV3J>0mz#A-ZwboFESajxsHE+tq*ju+%uQ?xgVlh&O8Y;WkBC~}*9M$8p
z0mqv7_%5h_)h^-J5<BOYd_dl@i6bBd!CX`#bWJD_)6>t7R2IV~9lSuPW;QutS_g4Q
zt%BktwG#J-9*Q|A6)rG}lc3qMl>FD>WDeq(p-aCkEp3{Jr~-vKWxRj#F2)PdnOuD6
zTw8TnsNC+pkM+%6_zMUUC0J&_|3-RcwYhvqt&74Zp)jeWbeTL!%eoh8E6MUsZB<R@
zdwWM=8s*E$pw;G;gxE;KI9Kyt{rjoQ3*~b|oVXIceGSqN%;vKrwr|_J_I!SC>KHeh
z{U_BTOO|uRq%?zFOojkoj=gphIs-~X<MS<z{4fMRs&eBLNepVv@!ATl3eKV8XcQ{J
z4k+e?*B*gsD5~iJN}EUvf=ZWs$z&!ZO%|bQyczXe%0gKhd!Ji;rC>zTD!HWWoSm6R
zls(RW#T=GBP#^Kc$L(RE*WSlDF@m_|w_k<96{tbCgJp4kci80}%F4|;J@Wz!9H2jd
zw5RJ(+fbML^KrP)VWg{@_NroXe@}ccDYq$`8b2Fv=<=G=BwR#qv9tGjHr~lw<*iR*
z=k{+VldI4|&M|tTM)hD~7i$8syJo}JW0oe=jDSDD2nTRvaG^o6w(O<B4MZLg5R8fb
zG}~eb_8F`H4FMa?e}s+3q}DJO9&sq{&&agnY(jl?;8-m7WpRD85st~p)O%**y6bC%
zQdR2dsN7_l7giXxi8P(j_hc{Hr|17oI`i_PQ!ki<J}cxD;xn^75MMSgQ>a{d)}Jtk
zz%rVG<Y73R<MS~MMF$PAYHB*5=XpaO(hdh++G8R|y8GBTr908>+3`w8w@I$vt`(`Y
zOO-<^GmA0>;ex=xw^c~!VNU({s^UEMKp9h_J6~AUbtdBiqqb;xixss%+J<I$K2O}#
z6|q1EF|mE*^e00~M9YX@&piKK*KDG_Us2&W^>Vp5+s`$9TlX&1uaeU<=@Z!lERTaH
z6kLZDK#}p&v5)REA$Y1YWLk9q$bIe}*nmunl>_HcVo^1^hsH(G;pemxHQnG7Aue=@
z=7;IU*M^&c8?E48q|8TQ>YXAjyPW<crhl&Wm9252EP*V=IVEO`u_J!9UHy+G;;EAY
z`3zwVP=0Nq8dPlGC?MlfCZE{*?C_p^le#RBG{x1W+9kI*awTSVP$WtRk|2B(zof<z
z{BC>wYP{?Tm?MeerH8U#n^n>}MXp91aBuF%2$DA%H`^>>p*}{S{*RcsCyLyXRQ;wB
zAE4zUB-Wd2m?v1#eWtbFt@z9*ZJ*EDA%~B9{^CXI11=F!G0iWv6zC7eqnsCK|8V{q
z>0iYX=xQ+zElvB_C=*Kv^`9;!tAoDh7317d)H>Z4Ujjtr-NPg_^n7cbdHP+Fd)Z&^
z^FrJ_x6+^O#zF_DgA^gzgUj-z9sDpDu!?qW-ScY-!vUGFknL8Na@qlhI;cUO)IOAF
zh?I&9M6Cy^XE{n*q#CqiHyw$B@xh;(PI>54=O=M~L_(JnVtoQpj$0I^rBwN4OAY!z
z=QVomskXfBx{joYK5mnW#``#nY?bonEUccVIWRb5xmo6svMl=IPQU#^cFIEg{niER
zd#y6EZU7q}1^IU)BP2RQI_fK6ChEWEh-Q0`?QQo(idXF==8^Mfyg@*At*D^^r(J%#
zIeOPAH-m~^nnOM9jwx!qK!&hFf;p8ChQT~NXNhaziC9jJ(Z~3iff_YUIQHeyP}r69
zQt}bLAoGsqdFvLsbkgYYTw`q*$FkaK<eDGG*u~Hn>0X=khx>`g$rpe=N<P|jqrNkh
ze>>owIn(pCGM~C0p_rC;O9i_M`XCLbd(vK=?ieY97~e#fi>W7;r{;#Wd&y9Kq$U%W
zIoA|7D|btD2#^TJi_1LPZ9LxZvz=HA(C3L3{|($F@Nb9PHO9KA$*BXf(GE}=Fk~I{
z3$BHP%DDZyoT^-mzb!|SO$&;cGx?>m3n<O;1orX2<_)U&IM05Tchct;Un2D({HSv1
zY(%cKxemxhNuHI@*=#!%yFOYB6~*itK+vZ8tk?J1i?FMQN0~>a7$f*HDsaV(d))_j
zcIl&<j8vP|(YlrHPufn{2%j}}@D?eCd+7uuZ&#*_e4xEhlM?j^LLdUAckGbjS11J8
zlcQ&1U3^PW8q7g!Z!eP2O-P+iW3YK!Q>&@)?P}e{$`|uXXxta7hx}-CUIbYB3J9a8
zT-nP7RJT^q3(Z#ji!m70DeRfW8gfYOJ+@p-HBgzOPU5?tAAm_Vt}Z8}U!8>e#^CuC
z>o5K}3DIOWIonbUA-U=z)ou~Er{5=iwH|70l1Rxbe#Iu^aA$nH@xhovvNtl*@9IZR
zt?6gaU%oDY&|vi3i3-Z|I*doshJeFape|X88H?X0&X+r=J5EnT2ZoQ5%IUY5tv!Id
za#gSDySmKuY?0xTZ2T5)anreqAX5CuH?THfhv-(#t$AcOKKR}IF!25_-jMbG;tg3?
z{v(;l&cXD*xBuh~IXD>q|H(wxe_E)m6}AOJS{-37XE!%Dc3>EWAs8577}{c%g#{u?
z9i%{(KxZk5aEVeNpuoHQTd&>E?ayDU@867O(;1JP?$`CtE3;hIswmIUt%n!}uR180
zh`p23{X_r?OYCsqw>J=vf5%=!Bborh?M{z^t`ZXC1~x#D^as5b0z3%eH4O>E!L9^0
z2#Cdd3-Butz!wqHR}qqr&mRCk_pKMkz#h^cX$<`UV(tXcyf07RPFqzpt&|_<;3}|<
z|5#5NU@ic+kDiWh;&~L8;1)1c7)L<CpABLk=%tN+9`Fc`A(&I3590S10x-!@kbsBO
z-Q)Y~%Uu9(hlio95r!MR4?fTy5W~N_-(Ihdc+agJ05=Z&P2PZ~tqOn`J^WR#j&KTc
zA3QJ!@YSDt2oUDE$L%hFD{$Zcvk@@#LK8qop5ck!sJa)X4Zu$i);~AwH`m_J>lY3r
z;Ku=slcSG^M^M2JVhM8(!~q=GS*6JxK>`FF0L10X2Ey?*bo(>NTM)r5?z_7`cSsNb
z)x!titf!~9^3l~_m<Mr(X9wYR7xm!>&dG0lLP1<KEesqZ;%?+SI~NHA&b6)A#czk-
z#wBRrD=)yWI-5X2ymXh8<HP*{OPElXPv51um-dEm%g<;=A4DK6HdbC)8vx)1$Uh#A
zuB$f)``s(>H}0!<|MM#dnAac&p!5@|uOET@?i=1Vk9`asMxf89uRq{7^KBNFj-S5|
z@xUKoEhw8%VardvH>_XI@A{S-K8ye`#rt*O5d7}@=c}=yXElWw=Hlkp?va1`xOq;2
zZE5cCOX-e3DG&$-65<FA1>7DQ;t}xe9YhqM;5BmZH>v<U@GBd1x7TMmUyi~5O>cZ>
zccB;Q<-7B<uNOQB_b#{IS^qTx6xjb4tqnDoA$RZ_{r9(Z>bLD{cj=pZ;#YX@H#;^W
zw(}Do?Je_%Up)?dX#3ahN4J(Q-0RwE@P-`VW4EMauXjWR`wHUz{>@Gm7qBB2(4(yJ
zlRp*WUNwNAKgJUwIA~Ju&pR~x53l|W0);yK3GDlK9zfgs``b@sXD$_Z>!<kOr*5nt
z#ohPZ*J=EO0(jct?Ku(x8leB4eH{OdPvouJfWN@cC!;e6@h=5N-z0Dd;f)T!>oF*B
zmcISg?l%e=@Eup*)@^KW*sl->V3%B+7ve84#1=3E{u{r49Ebnw59MboAiqEQJ`ngX
zeef;bebD#%uXqO>pZ(i+-B0|Y5AE;9uLowIKFJ!O+dc7=Ak#uKVZ&jAT+T?Wmy@<<
zsLSFLD7V`l(O34Y{J*)&%f{9n>l^(06MVPGB=$s~Q#)y>Ucje~torOu$wjLk`1TqZ
zwv0{7A)QP@Z!X17svS<=VE!>%!Y0(mF{&}rN$AQ;o^;T2acV3^zz+3-bg!?9@u9$Q
z>3k_Z`*W+MD9gPqRY^N?)M53&gsBGf_2UUeIs@XC^BN8bxx~QwBR(?;D6$(2)_7K1
zKR9F{X#iR-C{pbSkZMH~NLOdMdKnGH`P_`8Sm_!Nsw)!<#R>4FbjmJ0!Df*Z2Gm_U
zQ)>HPcUKTcOF}S*xs)Ey-T7g;pIZ7w!1!2;okU;RYQOD=F|?T?Y1K_zZ1IRPbZ6kj
zYiBOXD(5eTa|g%iA|0e$+b-a#zf2`7ho_@&(bZ{^&ip7eG!!d$+<4S{GQRmWk~bZ`
z*CHmK!uQhIAO54$Y7WLrORl1AeEC!FiRHr{CFk(lnQ<moVzOjM3cGtkQz%=f0!A$)
zx~eADlE%MM#IXa^V4`5vZ<&Fz^GV44Mw9_F#-B&Elue<_X@Ex_XG~o-wpLnsZhCyq
z7b?u{zL&7l8YLp$a4jSnhGdgXPg_zuO{7i3gIr%P5z4l!IG6VK^YA0^Hmf^{Lx(VY
zgp-eFUGs(;`e34fGkr&~5>i5FF(pBH375yEwpSjsE>isPVEjBN%2_e8k*qWB;!=_2
zN9>L+4Ve?4UGzRwY{eB4DAVNA3VSzGtv)6^S9=B$PbvHdqv0jQi+3f+{}xb0l4xdi
zANTaf=g->XM>Ex+dbe7aW*qfmD6qA}G|Ph7yIL0cAI(~|vJ2FEoLxbb%FE1B`l8!+
zt%A4ahX`l0;X`sPGjLT7$w6OeLRDFHi%d%o#cluIG;Fci_<H42m-^@^l2|1(2SOIj
zd!hvW9J?5@xdK=Le&95h#Ei&R==ho3JKu>b#jmJ+(^DSTBR`pki#WR;I;9zkUT<)x
zDEXW?+egC0P960)37CGg+s0qyI&wODq%(EgYuY1zCD7dL3m3Xoy#fDAQN*t1Ooc#Y
z)drrX<}~T)CGh&{?J8L6n?E)LdyCl}$)cU5PrTdWqSY~z)CM%1g99=PYQ0{LjU|h#
z<aQ8IqoMdKT{Ky%J9ZC&YGE7cVFnttt?EgD*nUhF)-`!bXcvTy^5DVIWm6KnG}mu*
zUiwit?tfchXE7e})ZzK}k2QaphOkec7KNmI2DmrM+e<-myhnHNj|88}G_phM6dbZ`
z&vnJ{-5y1`C!^Q^_BU-i!1q+^7^j3CCB)4-#Q~FYA?Z%9H3wD~-zn609=5|H_cI$x
z$rg8u@DizyD2ENI_$Ot?d#MG|sN8h09zIL0e37T8v@Az&3VsBKoJgFGH5H^&s99iY
z{(Q`_xWM1%M!Bw{S%-{-3>k->w0{sYFx;Og0MB@@&It1@|H165{lL-q3!G!8CF-w(
zJNg>3f@!RiIzl<noQ%34K8&<@=CoC7p=t_zhA9G(_((CIohrHZ#C}1uM7t}IUa~pP
z*7(#N7!v2n;Jb|N&d}pmMuO|Wl_L;$?$yaN*7W@RCG9th<e~L#?vaL&J`)ogBHCz;
zm!A?)`m_HULzFt1!H{8~Ha_hW#%#r4|30mbvTO=F!%7wZ4W)uohMTEm(IoV_S`baL
ziL^Aje&qBnHBXw+<OV2iQy;D(d{)^Fj@bO(lvXOYYNdgROYg<Q=Uu{3_po?3oX&9f
zrTA)tjPdY<u}2o5hLNo=(`E*5UT*b9RL|9t^C!*X_Fcmx{_zeG-{Be916;gu6Wk-2
zQ?p2}CBrOZI!qk87m3v!uZ^4p1poPinbu>;nR$bWKAG^kl%6NVg~pB(=Bt}|QT>JV
z$^#zz7~n+XVK9S#UJ^Ka0)16TH+*G^L3>Zzpmy@8;k65ljt9d>;$6ZIfV^Z=EVxEi
z#h@TvCw_tQwcAUk)v5Byc%Dw`t9ImPt|FneEhuNIXo9}*1vzt<%%o49FmCh7P0X-q
zt-D9N$~u4uTINE=laFcS2EJ4}pR<4Ty%SUqjGZdtrS8P%rOr*85i0fj5pvnudf?G1
zXOhoA3L&xf*6V|SvByc}F=c4DrF_QOb=}IU$_>-}!xKK?J1<$Y3}BFZ+_jmxHlaMi
z?KX&ab!3Uj1N3A>PQdl&=R~zs(!JIx{xeg$Lf){&2BYG*rUqF;6t%G8he)Xe&R1`P
zr)5eR8LC|$w4P<Lp+U`#pFr0zoZEn#dskn#%2wZF_OQx)!DEheAC#DO797)q1|?hV
z2)c$(g)u6pFkABPr`#MhU@4By5P93#p?-#vP@=qX=TskCtf_F~*!gF2Y^RCgLIxu*
z!3T2^G1I%I+i^SR6MI-2Bfi|^e2{;qc{&hNt_21s(!hW@p3-Q;%@Eo}FmDmT8--LP
z*XM*%D8_FmWmZ!p{^d3}3Qx8`wJ78aS9*^gX=#?Zj}a#3X*JTwUt<2cwO5^<Sc&9n
zf)q3%1!?Vf{EO37duTATVsu6t?0r6_r~Q@^ky8%BdgvohWGEJk9P3@*@jBIs=A+G}
zW%TjBG0xBVfsQ8__c3EIAFy+i>SzgSW_+IIc-03x<fg@fyZ$KDq8vNyb`4AZ*zFn@
z^*98$UwsgWPbRk^u&ZHg(2U2sKUrGN=^(?y4iOXbA>hy|`mFr@-MX7LUT^I)y@k<F
zi%ol|*q;NTcR-0X^=7Vf;ISh@(V?GDueeW(DEypKe>Y|J)O!g(o4;_Zk_}a?>D)ie
zZ{fNh3f{8S94cddt^1w7h_Y5ytPZrqd0M@<Et{*fkK9{U-#oU9$2$S{=+1CL+W$=b
zHbOQh#bI?a>g0aRqSTwVmc$qRFa}*d5{x(A1IWlVXU)$cNn=fV0}vkx2^c7|oROku
z*sMTj1cuh3^i)#X;$6F+71%YPp}XRZi=X62{Z$mc*8dbocRDKOQrkd1WiHICa9e%M
z*wlki9ITmJm6CrxUYXChHLjKLetxT38c^lVJ0c7b_dW$BgcXWyEm7-G(dx{$SCpa%
z@f94RuAI`=Prhv^Cl7uy#R4*=eIrMoj$s>-2T=5u$KrcihJ86F8B>LN$cvfUcr8<b
zw=Zx!w_ZoO62AwJe;N_<U|$OJJ2+(gsN-s*gCbn?a(m&W<QlZW_SH&)#$2CBAMYwo
zOBJcqZc=I@#0-Mr%;|JFbaJ}<7~O<8`Ga~EyxEte<q1)%cZs}CLnt~6I=DNo2`w@q
z?|LMmzYdS?wJbq*^6TjL(Oo;~7S~Vmp>efZq$hiP`DR?cX*4=O7i(%dr`M2%OnZ%w
z<qM~jEglWvj;$M}Kpmg5bSK7O)kHID1yA6_3BI;sL5&lgbB99KdDJcMObwUk+jg+J
zJMxa?#)F$GfHN7Z$uZgZ9Vw&G7Gr>&Ieyux_s8Zb0v^s?YEp0B>{i9aI4lH@C6h#_
zHfhEEO*XY$>@NN}JPteUly6JL2-z*>?~o^{Q}Y-<RQ|8NX6AY+-6tQjW1d5qvj2&N
z-N)bdqF<Rd=BO{r`YW4%Sa*fh6!DmArHf?qd9$x<ZLdu#MDmIB&ufdLv1NekSe;D)
z$&m$aO|?@{<FdaeG|@>oVJROYo#t9$ZZm+47vhlHnr!3@HkCOD<Q=y_?3-u!J}OU^
zVu4eSi;C-K`~8a`Uv&qM`ZJK;heJU+5!DDvf1A3;7az@zrt1w^6A@n5d1^Z7(_UQt
zRj)GYu0;j+g~MJwy2^-pln`vqO_i_l8*Z644|@qBQ#p#1zCM1)P<>-qXwN>!-x_JV
zAqz#)ozlr*$~txwo(M7oQX?70sI^R5++Ll=Al{^5q~40ZlunRas*?7|Y6K(82es{M
zwJ%|S&y*^O8gC6JmsOyZ>8}dy&a6_yfkG>>X$P_7F&igfpU&9&Gkrg<M>FWdtfzxb
zt}^-hyq*krgxFKvK?(FGZwC(SzR*@>?NhT3iLSV7f@^z1+DGZ1pQu3AtKJrpM-E>$
ze$N^+_O%52WZWl2g%^|s`9A%UgBes%;XZsc2yIhv0gvS2_of^t8SpUakCWWen0nKt
z(H&P<yI{FCeOj6G)@{w(97dyR3Rmn{yuw@jq@R$F2+qrqLE%w52IS*D#`HB;h2$RN
zYm&y7Z|XQ^HG)Y<!FH%ro})Ch`8ZBAFH!X!KXRsXm9n%0qn)OFPxX1mw|o1KM@jMC
zLA1Ca2p`&Dsd43jd;1J@&2;<QTHHwQQydtK3qOPPOh4<+t}%29#16&JRe<+^(yY9W
zbD&51v#^}oetWCN6nyj6*|13_wjN>ivplLUj(>@`Ud}1Y7qXzy(Vgg?gQ8ZRE8ri&
zO&4-|lqQC`i$<82M4}Iip~gMOy`znI)=;KBs>~Vg{{^bb$-7bSP--my)W-0AjfmRQ
z6jY_e@o%#k#y8v{y{>Do${el7`9`&N+i}wcl6h9t7UqhM{7QJ{eoD`|S||TOA8g1F
zI=<di{76C6-Px(7&fLeCQNqKooil;`q*ShPwg^x1$}3<7t^^;k`uh(I@{)_Bu07#S
zf`lNC@2%jK+W6$krJLR`<sGI_qGAKMUYyaZ5iIu{;XEm#S5)j>`lu<ch5VA@#MpZG
z*5!&_E5zOeGqM>raH~oOC4FxTB?Sr|)w6E`DKYgGCeR9nxE|+wk?AZfX-M~`0c3zX
zOT8KKgEr?NO*Jr{71BIGtFD1)v~k{D&|sWI^q<JeE!?h)gNSWx(-)PI@HM`3H;nS0
z#!F(YvrxD=4<0nAVM?eGliIkJ6_~~inCwIB+2$meP97l&My%_V+(Watbrrg##;!If
z!s%-@HNCVRYqD%wDBj}C<T_~*@>_fw;6aXEiTfIp<4L7(Dz9I|Mx}<^eY{x^wA63&
z7F4yMvVNKBc)1XNA)7Hp_jt)3$g8072*OZ8Rx;-_)YN`oh)eJZH}(|Rr~U&3rnwvG
zxY1t|tz<aaR2<&{dJvhjdwgbW&g(nLWi;uxZ4%s~OH34Va$AnH`O&R+!aV<XdBaGQ
zL^C`^j{EbeuYMd&Y{7EF<B+kNZWn6NMaSSpV+tmjr;o~K?-|nIOrclr<$A5=*TWw!
zQQuO;k&t}sOFjE9<S5fgvqNcaoaOCTBh230ho|qM5bbe0LPcTHIk&S!Vkzv1(mr-w
z<SHv*LSX0gt--SSHPhMEkqj7e&(l*(lVN!lVA5kYamHSJKe60swk=)nQ)-Z&%mj}v
z8)=Ah)`a}_Oas0ySh?TxEG?wXcu9O=pU?A`Tn;N?Cj14|i0=wbGDVq)k*vC)05Z93
zsRxsm0pe5*z`F5Euf4#k{-&GO>wDWNuIFW!enh=cwe`5ZfcSox7!l{BuFU<S#IQH5
zHBUj<Y#4N`5H;2$g_8@(J;8loP3*kR5V8%B`}>wakSv91hqcp}hCkAs5RA3wk2kwc
zy9#<-fX5nGliDI8{}wfwqBthMG{W6SUUt$fO10pPhhXE1!~!6u?8S11c*N}^@Vz!M
za6Fr*<J#%tXyc+O^-L&EQ<$YGCi+Xae#_eG&>3kd9a>Arapo}D$JDzQR>HT6GAceE
z1d_*J8uN^hbM9_Dyy14tc`~Zhir@DG(^Q4pWrv1clSqj}%InTM5&+}GI3Xi*$r+py
z!N)2bc!B2ja1DmzrB)QeTmF3`AcGu^?PAnUWW!381apTa6R){yqT*S*%l9dpy!-B?
zfyP(sT-4Nr=4%N%>UQEcHg>DTvMkbTI%J-my#VoCaGNm-`v+1B<hc>wMyc>ogcdc&
zR&7=rQp;JF?d18jr*|+JCUv@Bo^;N;D*4Y33N@wy^<vux`|Ih;5LZNS5&pX-ui&0e
zM5SFL_O$Im(9-NCi`1uUZV6`oug3{sb0{icuNvPU2XmNvAtkkc%HGo+d^^oO-A@aL
zhv`$#26Gp|amaj;(`RP8nve17X^e@koT?o8u$Ye>_*Sm1f^)b6YgkU=uS2||rDQRm
zL`dyCP6Guhk0Q!&wmw;Gfe&@Yi+2MSwFX||YbzjDawppN@;E(R#7%t4H#q)#4ij=H
zfmvLAZ3osF>Vf7v_$hfUKaguN&!q>*TEl2-xj~j0p3mijUP`v+K5w9VxO0gJyXUu{
zasC4ViuI_wZBJdsoHh-AZn3cZIQ5=N@=`-Z0{B{mK+xAKwh<1YfLU4c*6}7_lM_yo
z^`iaj9rgZnmkG!tO{wMz<WQU|M=nFgfvbpHeura)k8Hi3^cl1SUv}z&B3yrosn#Eo
z+J4*W<cvs2_~=uGFw-S8iVf>a=89fo%0hxwcFFN-?(vB2s8;hfLWgiv^$agtnWrXq
zIY%5VLcYdGf#ILb32htChBXZeP_Ct_J=qd29jJ~jv_7&Qp7cU?9&)6S#!Q3f#XIwF
z@aGdE&xH1l*#Q3Hbhl<2O1y6hKRz9|)pO$nk$NhzXrt?v)u0DvTr}8IsHj{8+S}Ry
zDBY96l^W%9yDZyj)Reu?zx849r@MsNNyMcCusNakY0111(XjO0B=&>zL&Nd<;4)T0
z>3smho=s+UCf_c*SiVQ=2Vd4h)^3IU^C&Zlx`ojAnW=q;r?zJbpoom+Y3pwKkX;ya
zD*H)5)^q2i9(-6VhV0^ifdjHPEDq<2QWu-Fe@dXlk!y|%3e~t=NFT6z1}<%oT1lFu
zhr6lqcEnI+JjO*GDT=>X{0yW~xQIgvZ0QT%V68op*2vg3OsBEr)VQ94Lp79GVhHVA
zZ%=390<0WsGX1?{rpT~uf@KFM;F1OVlA4emrfk7JiyJGyq%Mq(n7u%G#mhIMkuuLk
zYB0qHdW3e{Wn)2kU`LKT;mR{SbqB$g@^zIht`+a~nYkwA!2&P&k3l(Hh;Uxhd)^Al
z!uKe0OV#ln5zu00)z8j?spscxo@|-h6cUEfK^fz+%xxzj<VWuzfLT}l5~j!O4SA#Y
zP%K|_6RF9yhR39{l+(BySj^0?CAde+3l3X431j4AC8dAZQl`}ZjNm?fZ1ss?(*+)m
z30-B_E1s(Xm(aOuW!pm-AJ-qg-{a!XXGd6xzuQo-aQU5zD<LKMErR|RW9P6SSg<9)
zvTfTox@_CFZM&+=wr$(CZQHh|H-p7n%-!V&<RZ_F6TuGwoAv?1Hum`yjOlrN|2$t|
zi+gc>pd{I=%cp}6m)$P~#Ew!VWUafBEirE$>z=Gxo2s7O7kU6`*l$-m((9KCpFPRx
zh1!p7nif6IDNHyj`bNjLUg0;<!8N<%Tpf3xJYyMtN`zT<8%94&Sw6^P0lL8(R9TgD
zS2vDqC5A|MUwxAl<L>mrp9`VWaYilqFjGih=uu*4J~uWDbe_nA5{<4&@~;fm%7X2Y
z!dj1Jg-SA1bK961I5qzig7LQnrFe{{4;fkvrLH!UFL_|7@aqLK&6RpvmSmX^UR#Fl
zfvzJQ1d@FQ6%*k3I7%urV|wfO+OP=LSd*wH{GBSJBu}ELK4}7JeTY+yHC`ukl_ppw
z`oM!XLRi`{V0eu=gopn6OK$TselgR9%ccI=+ZeVVLwu^P2aW)02AL6iV%p$uyiwHN
zVYDDN7aCX{?u0eirQzf<=w30T?@A*!mI>#4zpJlbfO!mVNs^QgT)+%mB?cVIwbn!O
z*6OkioRcw+mSQ69so`C!#rJmsb1b*qkgKGfSCD<PiQJ`z^@Xr(|N9jyZTSieY6W=!
z5z+y8$?WR^*ey{r7iv#gp@&6V%S<l?SHSE>ZFSKm9Ba6OL=*5m?NN_sHh{)8JdkX8
zsF$}Dq&&Qk(S1q9Bw*C7_&)usjqGPrE!6Oqn>?s|7Hb3wuMyMjIL!>_kyNAg^I}zG
ztG^+Hv79*g{Lo9)tDmY``^#g$I3pB9TXRP_B4@ahZSuVOq0lk<;gZsYfZobxbuV7T
z{M`}WtEo~Se5lw6C~)&=7^#Z$WtG43&4iA5IX7jFNc~F7Zu=ia4F_ao&f<Oo!-DY8
z270R*NdJsOfkzw#N!MB>)==<m>j!mu&t;vACW|Geb+j8GU+*1F_{yjVg6yC8@`_~(
zqTlJud+nkJWJRes;*oWuMz=+w!mHc{2_NP&FRtV{aoZ%VKUDJ3;Zb`}U6gG%O{XWo
z#-j>BVR?FahoHFnu8lBq))~qheI$%(wV6x|^T_Gz?E`S=&*6`pd>H@O0Ay0GMfT2X
z<<VJwMmo7FFWWL!T11)K`=<ox)OMx2pIRoj8tL<jCAN%y=VO6_r>iq|v+N^PM~-n;
z_Q69Z>{Ge=GMIwdA<2^wuc9z@7m{$nrK0axr4QwtwFA8>X38p|bKHzo(B#xO9a2_r
zzJE$Cn|g*n<FW1sk)lB85_-GG4;aN#i@{K18zEMSy2cnwO1PN7K*e4Sw7uq8w~^6F
zS{cva891Sl+Y_21wQmt>25tM8P@&^KqaHP}Y>Nx{sqQ|1|9A%=ALgcx0u|vW07e>n
z)UhWc3bPq!vL_MddQ1J$MoVU$iom!v@hExNdls=G(s<@)+K6SsLZ@&^z0mfuR$ZAz
zqj-{ct3I|aWrOo*B9|r+c_AF?(SKl&`__=#ZO!^%&8;l+ndpdjW_|`Jb!huj-da~+
zHyu(o@}aGYHA@WH@(M9peeR&~g>VwUU31+Ugj*W$^UMb`yk13;iXUsD0!n-!H-O|`
zCf+1+^q15;^W93SEIm6&mfLe|Y+*vRYN$o@z$Q7Z^)(lZ@Y&6&Ad<yIfrn0I{9fl?
zzO1Tt=Ta>U>PBCso4l~nl4Urjh{~$6nMA=|*R*j5n{m^I$ySZZF4@OX@}SX_s<3<}
zp{tMs+csN;>Ud$7aI1{&$2~}JWh>?=`{xhy1dH~=^$<GxU}7^6etkpuNi1<Qtt_u5
z2&14{@(!c-XHIlv!)(wypJ$0MTt5TKQdan%8Oq((0nDWe1%ie5UUxhM)=8To_GH``
z3p((pSvFXHd|W*P)I<nz*kfIN;cywdTPl<Wi;IFciq~LMkDQ7okrMTe3%M<Br5gvG
zB7|QFF<orG%nP6I>aoy=f#K_q!pL5`5jRvqn#~)bEUsvm=0&A<>oJOPYgfUHmfXwd
zW3MJ>W!HMW=^-W98GCNl3$sWmcBy!=#FQfzsO3RSJzlLrT`l<pX;@Q7#5ABW<Ke-c
zH|HYUD{xs2mug#zMw+|4vd|;=i{%Hosq7xkEiljDvbTLfaoISDB53M_sGWE}Y5%-c
zG*Js11q<5^27VymPL_uv4B_MY$e<m(i~Bo22Daab;a)TQrGdUK^7Tp<8lB_;8|C0c
z%$-`+PT;LZGq{xnWXUsF7;N$Oa>wF6*AyWEf?hno8G7&Yq_)cm<@oz!pLXEGI*((f
zU174zy{A9E=i3Nj+JjwkpFUoL;$c`OsX=HN!AWyMP}W(ap;ZaXYE=XH!xgQC*GYDP
zgyc8{S@Z>(+qvOGef(y9Yq484c5Q4QtbkvnQZU`n?R|1n9&FQ{&YJteDRI@T(uIbo
zF!S1DRIJ=#ZjIH$LxzGjgL=Gq6AT@imv^0nhyNgg+#I9@gJgyG$`~BVOc1>Ly}-5S
zhanw8)4`v~RYr3z@JLYEYE3fIi}}osXST~J5|A3Zx<ni{qeS5xCfeW?3Tj$39dt@`
zaoeFWB3b~syCPyG&=Q?h+(b}lN)y)8&(G2;Xe3SGg&pdti5MTXfop=3;HopeC*j6v
z7>~+%eSq-W8hndhgJ!m79g4K6_G@6ifa>EVW#tAL(=#;?ydo;TNO}eO+;Yav>G7&H
zR{mI6Q{OP%_T3OdhAG^bd$<VVBt{SK7W}4pnu0l?XDckP;EeKD0ec^~d|~1A_MaYI
zg(>uOYR;$)Y8obH-y<X;LU|8KdEh*v=c#&H!TTZyVp0`$rP|*<IB&6wFVO;C6rD7T
zQu}y!Y=u{yPAw%R`JC)NDQyOEwz9{GJ2hmZ{ev*y;?Rw3kXkVQ8>x~9RyS%^z2tSL
z(5C!ZK|ByznVw?MA(&~v+Ny#wv6c`@*2rXV^+Jjg(H5CLzA}(KYM~t5-D2_fkgp{n
z)fA!Izi407!7`M=qzQ}db$WyV;j0?`KzSS$q6y)3hk!4a2gvZ&uOCWvzvgX5krPFh
z%HV+hy-6mmOj)m}H$j1zTl)D6?5%d4+`tV_e?HFzVboD-*_DlwtG%a5(7|!OUtQ@|
zKdFS$2s5HxJhGX%wl<fu>C-23kZh$op%m~m)gQd$DFlNd2dC`u-X3<JWy^dt0muDr
zNefPMTE~E1mZ0imXO)x?kGMFpl`Ki_1u1A+Q@FsMj*XO0LqUp#j>H`fV2JKp$KPt{
zA%U+<APsObvd~O!TbcG2n@kS991J<5?1$$CbETNQN#6HLyz%+YGbk^PXs?<)b29JS
zwkoEK@e@y$c70(EKM9B#gOIF|^+%UNoe26-vVQprEACYO6XU}EpBNVoCZ_*&YH_f#
z{m<$DGA^9#j2!>(^jRCIGO{&3JB)a^vm|^GR}oh+HVMfH1_K6m)ciK#HYvnHo_|tP
zld}Y6AOyre=H*`2?)KF8=Ja#MW4F<%MW=VS_fWHr=^XQcYOUX<zrr3PK`l;>A1SZM
z#+-}-009Bv1Q`Kgz{rF(kRX4r*MVCVnPC7IC{*GnH5ds9M!0~%gaC=O3^o*yg*y*G
zz`#GRtSB$7$RB`ToS*-|PJlxYDG%l;cnz@W9RSN7V+}V}1@h)1$e)9QNWu5V7kUrC
z0SJVYWXRpO5*S6h58~ekYz`bBqmP~>hJXOY5FA9HUo_h*Z7<G66kn6@^`)z;>&=hu
z#>+7vkdg?#2P*If2&V5wKbU+C?vC2TA8roxi=360Th%|Fc<7sc0Kqo)35ci<00kh#
zzmLH!DFS>7E(##83m9g(8K9#^e@$;d(+~0v;0FbqV2u0?-^s7Z4>PdOml{}rpe>Rb
z;RHB<6X1$ao`GLYB@+HT`Unufz_k}7K;Df*68{V`m_ML}B49Tk7_b8B1Au^Pkng=c
z2mwK@h%1*1<bzu5N6%E=L^WWYvR_BLkD-Wbr}iz05P|_h#SQ<5Z`$Q=f49D`U+xtl
z1J|dX#hORk1NI<+EuOy1F&`5J#4Y|5U=&Cggm_p)#J^gXEkGUnSp07)FfqQ`o!tX_
z)C6JQEb0wZomep-oc~&o0=>KM4Zj=%K=>U1_}e%8{Vj4%9zh=*kRXtCKO6$a4&RCb
z!`e?RbHy)27<-=}0IP2xK!9HCZ&#zROd2i@*z>#Cms{jJ>eMm}N>bZz(HFj=0^$wq
z-63iMz@20m6aWY)s0g5;A(6ko-{w59;Lp&#UdIK47YF}At-XTF2bb|IA9LTmnE(gi
zZ%Z+-m<%08-~DVJA0h%GKz<I$KbzKf>%{MF(r?3qAMVp{wD>YG)c3U07wO&aegGXp
z*(^Tf(vc^Df>s`^*fr3Vp9p@?ucnSo9q!QJv7d$u2|_b06a)B@@FNuO5wiOmI-G-A
zh<niW6M=Z#p`Owsy6u<MZXN=LI{XdXyUSo+69~vps1PmY7^X{PTcPM9JE-XOT<>>9
zAHRL4-Xs|b5flIs0zW>ta;*Y6qJJ)dCG~aRPH!k?-z<0#u>uu<att7V7YER-no)=_
zz!$%o8psy*)k%OQP{da>9}53I1jyFp3>p;ZCh;#J$S>iK<^66{-5maj-owCv-<%&b
zG*lSSn@vF2FOd923j_hg7rl!B;6C5o??oXHNC06O73WuM;GSQYUuB-;SS-`e<;|Oz
zCQL}X2S0a!JOd1CyWb(w0f4U;1y0Ocstsf~-&rp#bUyc=ua2MoFh6t!h-1Wvi=AEt
zlrx|JkG5apzd+o1;$hSkrN59bg#P$ou5aJ#hj5@BTtCQ6{=29uFm1RO7vIP8H|&qK
z`2ZdS2ow*mF9l>Lw~x1%7%(qjL3e1Udj#e7rK|hb=*>_~x?R{tYt)t5j1s2b^F-n;
z@29>onjD<5CEF-ASGqg+<4am)VObfErN<k+7_Yty+2{>f`KtcHO6Ph?+()!H9}ZjB
z0H$?8iyYEnCL>kxI3$;g$m{C*nsueTIh_#*mxw#w&&_Wgi$06mhTwZZ6g<SH6L}&d
z)JJYN`rNEWh8iMpnLLED1S0Cj9vJ1=a@t1RAtYJUEu#v*cN&f2V|YJL=Q=z5ekFGb
z@uqgsXOrSgmX3O`C13GL0+ta++|j0PENmk2%*7E;B&HWgsp2iiTx^Dud}a|~8wubc
zJXpBSNrE@$U@>eSOM@aO#t&X8v1e7QPSL)1$XkAiNQYxend1dxnnt0nY*{Yy#4xmH
z!$rmb`m1ifUCTKEsmZyS76#tt5rdF0$Sog#Jbnkrc*!;7$Cz}$sCeJrLki09lKNeS
ze(po5&z%7<VX4z|K5%i#N>yUx!MVLl=|2cnN}|f^606y7H$uG%;Pz=gpHLPFB}#BP
zxqLRqr!R=iZY8AKl!fD6{{1+mvzi(D8cHV!3iOulZkZ8NJb6HZPMiuS8xRf=C3zIp
z%rw{d<2Fq~j1p)T205PfN`0p1Q-+4?Lx=n!N~XiDPH=a4MA*^rV@u?)y}|RHgRibC
z(Gn))OQ=mf9VqK0mdS+c3VSq2BEBfQu$)q`?mU*iw&fUb5bY4hs^PJh2=w`u3t5^;
z9t{p!0`)w9GMCm=bDqa~iC*}GdjbsUtYJs)=Eb$P$lkq-ML){`KW-h0F9F9Cn#y09
zfh3}t%nK_&grNlk(7YkHvq$79dYvijy9ceACB>r+@6fzqxx{Jzt#Mvb217t<s23K8
zpzBqRJ4Lo18jf#+R3vRrB`XP#WetOx5p<u=xxv0)Ep*JnCy#cmUdQc&ET!o8KK6W9
zm3o7$VTFs^JCa9#_9ZJ(R`Dh$$FpBN`&H6WaO;h-r{nS&z?GR2yKSB<)T~ukIE`16
zge%rVNXaCXg-gq{ti-w0fu`ArX4(GQPz+R)auZ4}e#|2y!`n2yvwS0Py$eR(#?k3r
zH7ITuSD4_c+>yGSz!Bu|kVtDo3q4WhDfLbw9tkqor*MZFWZ855x{!(txTPQuR17V}
zZ!tcK2e)PaNA6R@9i#Po=$rdGn`h+1->D1-H_VDN!{fJDB~IX3ZBjCI%;n%UuEBm<
zay$PVgzVYNq1H_IcdN_KlHbuNI?ID5d7Jfv$7)U}=TLw&!Kx|B`XuN6k(=-L-@D`+
zAn)$4CFhf@=V^T#yD2NJ>^%#U$aTG-$Lu7%;<GfqbPBm0M3QFc_@MOOb2>hc)}x!!
zk>|xCM)AVKg|TRgvBv=T%0$JVTn4pobIIBK45qcg2NrorJ&OLRMK#x<Lb9y*){}Ak
zBAjvJ3wyHSsMh9CTdFd>GYtdf6*Di|lepxKa`^K1KTiHLA%k6hWQ;>_Ay-&%*q7z2
zo1YdjYEkWr!h5%|>B~*%H}|)muH>@nC@o*w`tF6p6<QR%iPdOm>5^34Riin1_l8GC
zab^!Rvj9@S|FHY?mMw|zm@Uf+>Q(KwH1d7!<S8*8fmi=#G2!xu;Xjl_s-XktjH1}j
z2QSs}09g3n3uSd^Ix}}*ftG;v>9vbh!H8~y`1|O3B^Yl#1YEo=zbELd79s^#ZO%m9
zx<{$m-y)1Y#$I%L57&K$J)LnpoeTA|52>1${c6m$N3;Sk2jwmdSd8p13>UR$8S`rJ
z*)Aq!FSZp&r%`~E$5Qe+a-R0drIX5f*^E18PKXiv9ozM9eZk#czU$mQb*zsdJ7|`y
zvkOybtq$JC5=3w^a@uzPx)#vzw<mHR55p16q2uO-^cdpyQT3YLy&M|7l9&qyW7-tS
zZOOjJ1|g;xL8SzaNwgIdLJ#$0$S;hW=CH3Ou7=yfTuwtv9-!%@d@mSw^8R{HOMP+P
z{nB8sN*y>5gdZ-T5F9s9*dJ{x438cwwF&&CL@3vN@yp+0$E}0j0Gg9u6|#&bXCI=?
z<Dt*@{dIKuA~DC~DO)t~ydyjDv<(Ou8OP!@8QzuH*Xu?)e{Jq;nskZA5%gWe>|!N$
zpTBI~kgh$T1)sXQwJM5sxQ!~U^tYV?1O_m7LrDS}6ljM>RU$+^%za_w{w>szr?FFd
zm?PL~d{eHjyv8TsFk6-Jy(xvGFRJQ{q?vz-hX?GSO|G7xjc>-hW(na!Qo*CONM5Z~
zda-wyduV0c?Ly|?FTMb)_mYDM)4I-&(9$UEcSZ>>rRmK-p;{nD$aV2(M1e=+u*>$1
zqcc_*IW;dy?zCFcW#h0PJDFx5v>iLm`hlds7rn+dC!-t{9L8%{#g6D~-c76?Ld0e0
z>n%3q9?2}p<fst9PKHK=Umfu-rz`3wI0UDMh&*L;U2@y9cy*R`5Ofz~$miZqxBnQ?
z&qVa&jfSp6Qs;xJ8Un(ER9@<&-mx{cITYB*`=v6xO?7TZgf4wxSEJAmLi^;zzn7Bv
z-Wikd?7>M>(dnN_DOrG!cKLO?lZ$xio8|l-WAYrsIT9YsBx7-qJ1WSP?`M|I{E$5o
z&jWld=mh#?1$s}4_6vem6ty~7Z2e?5<6P2`HSVez;wP&K4GXefTi_>t(h);dy&C)S
z8on6SdUGIIRKQXkpLOhJ>Y{t_Ur+Wb?>3!rRWDoN-RvS2M$ItX#igE&R`^fkSSis&
zx9=Zk8in*PmsxI|eYjOFLEE9MENXUe#m&uhI5b}hLbDVi*u6Sj6MaB*W7PaT)wdTh
zEcdY>&q#d?E&GH)w+zfOY&#A|IC&f236e(x{0Pa6`&*%l%qfmeX%TgMU-HJ^>!%i8
zwOySUt03zwZdVvSxwkr{V%gfD0A6fxaddbT6w+GFd4|-ZZi6j4FF7gj<ulf|a`aOr
zUd6=0v#MJnyaixrsQPU|xK%#lF83HUwOL-5d`k!avIg2(t$)3BdHdFV(JpUN4eayC
zH9&YO<JraVCh@5N-uYCdF$%?&=B5_+8^}<@PeT$TC2}NCqO<gB=q~s-w^*^5W^x*L
zxw8jOI&of`ey`e`SzWgN*2Bg3?^SeiRCh3bIQff}=Q)>mgxmBXQWFs|%yDL9v@hFE
zqf%(C2@<mV!_CXZK!`sM6b^ZvG3oBH5nZ!{Wo4aj@h(h0bb*GOkJn0WA462oVNM|7
z!JrvdihHQ7=N0PdYpt`0Xo#12v6*XN2B^r4ib`R<Y;IshguR6UP>*tQtnPd*Q^zn1
z`3(Ry-ld<>Gi+{q?R|$ye^XjXnHWa-4e{LSdmy~iiGXyk$VHIh2g5Nq)vb_{wvLr@
zd&Pv@WlAGAJVFPv>mdW<TDM`sIoAu4fi`PXXGub7c4kA+HD`jh(WK_n3x?4>N;eXv
zbsq{jrL8Al1Y1B^XI3IUiXx7u6>EEokTk0o18)XP{U==pek|3T-(DB=CSPWo8lTlt
zj_5*W_LG8@cZj^v=|6K~GE>plM!}Q(g3ibK0(L%L$?ehPh(hX5yE!I&onKg5@a>u$
z=BRDwc?d|Bp3LXu*2r;Q&+Jp!*~jIxp<Vl_xHr9#IE4DH`0+sDsjIyT#7X(_dCI+8
z1ridW0u~hNBv1CR9Oqb>#guj)G2FrDNUf%<6xR|Hk$h4B%b1o;^zfch$s^Dq*Mhto
z;sq!lc<pR^8{V~*a6k5u)n$)y@RlaNEwwZ_WU9}6>Dx;2n7$*@m?K5L;*w<g5lPVN
zk|LaZ^Yhd!bmd5fxbRz-u*<GNN#)Nz^YB&m^OjD?1J%MZT<bq+0<mxuwOwi{9^1hX
zlQ1f|%nfwULSygmkL@$#Y?gsvz}dJa7uvRyutU1YL#eG?=Iq;bv<u&1xok&Z*DQYh
z7TVn3RBO3AP?VOaU2GXEx>C)IGiBUKS>WZBW0KH`Ex&b}S>ceGG1diz@zCksf0l4`
zBZ8d?!rrzwmeEvzrxKwawNRODQs&=9Xbq(jH@fq^+rfuJdC7s%)~Q7@NlPvC*`Zx7
zrD-xFiBIjLb9V%QMf(=139gTKNpLuZxIeI@KJ)VVt3!5Ks7thk9OX^)VSyPikv%&Z
zCNu+B7J`TM^^M48>l5u&NN3=Q>$Ut3=E8b6diAXE?^3l<ujpnuZcNhiSIY@Iw)Cow
zr2!ECxJ?Oku#dXVs}3nMY(MCDdy{|YBE_QJuYJdiZbjl}*}gt1wNwg1VXya9b)pF{
z<v$CZvTEU+nyrEdy}IZr5m5IankYa1?Ww4V)d=Ba7sX8TbCZ+#RQs0L8_*Bw3y=*Y
zf;UcK%ZgB3+0}FL@jwFyMsE;XxZ&tcd#)tZu)V~sQf-{b#j-ULFB(+hvWys(@lJXz
zb7UiP<ndrO7Sxnb+;`@{B-Q~N>C`CZgBbBBUr27YNe7eQvsF&%h2L~cf0GVv>7E;p
zs2#VjtXa~<O8Fns7z-cfO8$fe&`rWczgQ=&qk{Ck(GzM?p3US~+yloZQ$R%Q>^$qW
zaj*OA?8t|WX_hqzT-V^FlI&<F-h<KPN(9IJlPUc4IzEf?bt%1XMd$rTf1~P=zt2H>
zq_hs0N}aqyc)b9bpAl}8;ol{OsBX_R2j>A369J%(7ePTaWIA0x&?!<Wt4v2Mxk9Ip
zM=jS!Ap%)LDFewYn8BNk&W+|(+8cnD&fP5QyOIyZNmsg6rUtNt+FWH;pySy!(8?0#
zVVwm6h&NATPu*fyr+P^_#!VfLhCN5zgFWMorc;EJ2UVHJ=Iv9o7G0&)+Yzhk__BL!
zd*dt0%-%Ik4TM!eD@7(Zy0<1pr~9eW=Q}%p6uk0Nf0Hs_*C!(c4@=WsDoRJtJ*R9k
z4&&puRIV3Iv-KI7I0L9+o|v`6aA|E~RD+U&m}7+5DMQo$*eT*Hoh+aCBu&!{pQwdM
zXtR$0Rhw0tUOKY@Rl@FVDu?~(zK6nQsbk8V$R|7M_nIlt{NWXn@wgug7M*#97&W76
z4AHhrS5YaUZ8EdxXN3B+zOTBAKMBk+^2w788pf7>Hn_Y#(<j{$B9`1ew)pJKbSpMv
zS~#c?oU_3z;7wKmIb~VftX1QyUjxC|8YY7pen)sJ;!Zn?jEQUXLA=Ab$tNWHq6u^F
z+#hpt>AWNne>^nm<-SfgF=&4udV{(qp2SaxEiWFE;KocO3Tv#B?iDu(p=K)Cil$^H
zl{#9~Qb|pq)@P!M0lV9_axLBJb~3eY|DmE0F`Zy}IobIaj~U!t(-*E|Q(O@%Axp5L
z9a24)HOoU40B^`u1yoRjFtO`6qnGLZBkJeq*dxy%T#6c4kE~jjIzjeV7|9^ZgZm+Q
z!P)(7-<>K)pkh5J@m;HX={Ui_Q#96WbZmdQTv5MUJ5^L2+b@Euv5Zl#+W(4-Z3OZ)
zq2x!p4S@CWPI@_MN_Ncc)o#+uV8<SIa`|1dM4^^iVO!1{Q0_4(o{Lz3h$K{mOiz^R
zqP<c=GNV$jr@H_>vYOo$e%gaojd8EBopCEQ!blmRl*I8FV*hR!qcc|BIEj>ziaBPw
zm#w~@8jYRdd$Dlh8T9^Z$|i6C%i3l(8WoP5%2;D<1ImBzQyB5;Q@7^0&7_xi<m~Vh
zu>*RXWu7kB+kqZQ7jK8P?yM+dD)3UAi{~xEYY?wveU<Jl!8+isS{Z<N-e3s%I?pVR
z6K)*T-Y|PhL-+_Q-Qz_FY}!1OVk+XN`XDDlhKT9Cjl1xIrH_W|E-KxHe{ok-k9p5&
zzO$Ja{&=iw31h(DsAcbx*8#HUvb~{2Mhi<$<lh3DBzh~(Pn@^~3%2sXP?Lz9E7FO*
zqneJ3l41>bdP`iejd>Lp92S8ylA>ch#k+PfH5vB7*V{sSQCR`7(NNQ0o~vhGA4(HE
zM3LAghxJR3?AQZMd#=*ho5$dRA%%vwb$D}&9y4jeb(zI$3X(RJp$j;dm3oK9>w}^1
z58BuRZOxo}F@;_1H`%ORwp@M%L$O1N?<E*wq)nQ`tH1NmH<GRow3(Dz#d7~Ll@&N&
zKf<|*c=1E2g{f2R+i>L(^|J>fpXkpo$g)K!)lbMS)QTZ~&JL72$Tjef{>|G47P<=f
z1Y13{bt}VQyK7yeMpK3!orcI*ebfT^v%6{y`8x1$GpSl<csLt5H8#R#1UoL;y+)W?
zmR@TvuOC{QuF20WaZgLb>LUQ`WcPFlHKh$JhD5b=8JdN6C4y=_X)0VAJkIaffDKI!
z{m5K2jxUfh(7o3i%D3??;Z(zQ{$tl1t&Jal=ZqjVKBN32OabnXMD!NJ8JH@{FIt-C
z%9$FPR&(2{_AkeM7jSg@_u@c@qg1Pm07U~aDMffrfwYCE(hZNvo&l{8Vl*d^S#m6I
z9e$BtvD|LEk(#|NRAdsGpUXh2>Ul;R{=H8N5?_huwB1umabP|0GZV>>b}(1lW_Pr`
zcxjY+dX9=4@2l`2s*|D&+UHO;=C$BoFPd|r6cEEq7PQe~(s2x0Hqt)!_gsky<;`lD
z`UsCFXq=d>;WJJrU3`yv*eh8YkQ>mv)Lutlaj_Q+wwP9vXnNVHk1q<8B{4HrCEeb-
zEpyxB4wY$Pv3txsihmOgBqc73&N$v-i``OIw`a49pAakTQk?47Ab`>bS5*{EMv1;N
zi>w*KKkj+_8gv<a%NQHhfTs<#@PY#w4b$;WuogLnYn2T`KZo#$c)HC<d9I!kDS4)R
zs>b!O*BMJyd+LsNu2!O(wEb7y{Y=rH|7aq!`c(f*yj6|oMG9@>n&eLI6Wp3u=vgN4
zEEv_}qO>8Cmwg;!2cgCX)|owT_tST@=Pa^1%Ltz3yt((JVvE|P(2Ief@x^cQa!iV}
zjy*r8i>I6PgFvhLIp?5`H!;hvHSeFr#=S}<^gnpeY`S1{(|M(9H=Yy!HvhH^yFVkn
zzUo1BTPg+-^hOC;;EQP0Ls1}Sx*1*)rg)1ieFiye>vjrG#p2>!ZpzJhjxh8vnSo|E
zdR@VPDlv@vqWn<KA;>Ln{tQ^YsBHMmtXu2$nr;uJXl}Pl5gG<P<bV;~x@mE>Ma_SF
zw~^~cz$K3BZPdcnZaz4rpHk<yw}hJYDAKxUT<|u^DWBALh_x7LBOcFeyiGr>J@Dwa
zw9bYsHs*B?GKvpA*7{UE5qf25ebs;kp-)EIQK#QRvwH5Cl=~|Q)3tq~S#3{F#jaV{
zk6&s|$TsrYZHQj>mT+=bu?8ogaXjY&CX`utJ8+lJhouJff;2qDTYT`&6VgY)?sjQ%
zl`5}~>}vpLLdYbJnJe{=bBuckvG50x<wla0T126Tl<bVbL5j}yN|}&dEck7Ga7({_
zI8(h7rq<lfs`Acd8j;IuCSz_cPb>@!fM^`tv`ocdSY)h!U;S;2bPL_&h9asnct%}b
zbN=COubf}IQUQ|6<I)R)`;A_(#s(uyu>5DnKZp<WcLPY<Q3YaOjLWzd(`CJBMF@Zu
zK0T$1W&&&8Gp>q5hRIHq>o}^yYq&kNSyzQ=mSN~INnOfnxpxGW!H72@VWRbE>KW!!
znk=a94zmgWMZr$@_7=KLotJwj+!L*y9L9l^`^;+UqGi)wZcot8%jH|!YBz_D*O_2m
zrKK}+$HU9CT(vCyvk3~cU(cXsvi-<M;$%EG_d29vT<Y;~CHsxRd0A#Y`(d?TjRh-<
z6Cw{@vAQM7BgU9)_c}>8w?Q0wh**bOz*@bnynSVxUBvP(in=Sq3L+JP8|ruI;YN(!
zV)ulERIuRzj&H{Hr!~3S@}`7p#!eK(z*u2YqSjfKASfz{E-(ZjH-Qzz2oJ)}cx6*n
zp>qqC!MzvJj<vY+gP_Ii@)L*0fGi=85T%kjg0|VBID)x%!YWBVcvRxHzBndAd3VK!
z0FuU9z$KsYRhu(UkZ@!OlJkq8>Zy5`{WI4EDJ+uaVPp+Y%U_Lv^_vPyr=9i@$D3SU
z{SNLHy#c_4m_I(w{!d7+0%Gj@eY#OQHyp_n@P4s!M)duDw&arxXi>=@ENhyxOnpv`
zxZejfJu1*KTH8z$fy}#r_F<XV=%nB(lH2Q-Gx(gD+M02#h*v3S6v?V$;9B>7p?XNl
zce><d4eb7V$f0XKk>??!#so5mGn*r5hj4dfXXJB%4yI{CQA+ii!j27<7F=NJ+6zn)
z_MPNUzIuZUa-^P(HSR(nYgIL4>(~8syC}7KgDnzOSD0fcp6Wt({SeOQsC;HVP~?H)
z^@_K%9PDLBIX?LTj%2?$b;Ansc5ll2@<6#sh4NsZtveU)<I5?*8mK4z^bysE$oGj=
zF9~?+e~qw6RGyt(>v^?h9(zfXj+vlI9K+q5@$fZJ3xJZlhP$<c(<9TnoJ1yNVNS8D
zLqY@fWN4Xx%|@x*5@gg<-os5sI-EM$C2kdE_aL_oHhvB7WK2lHlby)4LiN!I5A5<L
z4wdEtrrJc_jylkP7mC<eai%qfSGA~vGfCJ1*6*~_($!M`SB;2QS0FWTTsjBv@7#c!
zZ!8Ljk#jUm&RQLMclk2Y-xm-dzWb^DcoDWV55j|g`eAVy;t>lX07SK|Q}yVw>*vBK
z1j9r6*}yX^*vyZo_Y6m#$T4b8d)|4v(xWIYSR9IX3CbZ|S)SQi?^1hn_`{GR2UL0b
z51)T+u{h>tt#3tqGotwNfXHsEvnERt3-a@jlcqxY2)rgkVtO;1Kn0mo5}Zkg(C`C7
z(k3m@6!t3n3%nIzG$B098^)KW(WC%6NpLw&QkgTeFQizDtUpS@FKo=Aw;uq7epk|E
z*;I|j0f{-yv9hOLv<}{l0}iFWq?5WOxh%HHZ6w40Jbr4tRs4=JA48^JB52jsuOK^e
znUZ$o!<!jOB+c=?p7m|zcX7w1DYb9|GOflRSr4#dzK<PUSFbc@3Z;licT@cHkP0J@
z!xyKBf47161JD!CETois#+y`X3_qq6SS0637|BxA>%JhPZsbybyhVSwLhFTC0n<9v
zF%{P(#5!S&u8{B{UQ~mW!uxkeKOabax+6u&iH>xeoTZQ;gqa_;%3OQlGjnB)d*tNT
z1pkaXd@T55)<utKJJ7Ly^17sF><!@Lg@4q4Us<(x5T_UF0fz@s9nO@eAlX<4N_lbY
zUb=xv@6KJ<y6P3+{}e^hA(;$il*Lu7am?-?Y8}!$3#BTix(LIQCU|XE3pW#Bd5?}&
zJURr-exmOK%XFRqv^L$1J_+jCjc;V7H{-WM+c2U)hg|Y`=V{GdV0D}^N%9pP_<n)B
zZ%xP}RnacV2H30S$hG8b@HO!)+fV#i^-R2+Jh;oxIk3?ZUlSO52JIDT<{yXLB{dYX
z^jOo6I1Z5eHnGykm6g#zWeb8m0S*PfeJ_$_SY${@j#pN1Y>sl#;Ch~MYAcp+XjL&6
zT@BVEC%j_3x;45lD~CYzxB~TdOOUVtl#)o<FoLCKDjvvL+xCVO7Udds)68>MUUFU-
z9CjDqU(BM6C_^jS-OP?N&V5pNTLn>Lmfkhv%3Wc=<$XCI{o3<w(9N!j%xAYfDaEjs
z$wAY_MYzaNF>7kybi}K)+seq}hNtnqPlMrM`D$#c1v9A{I3iz{mE(4<9iC8rS~{mD
z&SzR}@>qNeO=xmt<^J(FA3%~LG4dp?Uc`-7hsAQNW0St)gVu9S{D7Ln^vx^dt_#$S
zlQL{>Rg`=?WU2#^IM&O!`?oN0cOAj&RvhBLXyQi`(L*M_whGaFh}vhHcV<|!!*2uu
z;Wyq`P1DdjZ?l&7Pql^CE&=F6V)wbkg8E(X>MKRk>oCf^Z!%@hS#re%6yc2HBVyF7
zqPk1&XbmDLs3I+qmVsryvw&45J^jYwVza)fCaV?*;}V+G1l0EIsi%v7+6;D1sA_&n
zTJyS{ATs@y-Mb0y*yAOg3O<D6n-qesjl0Ue<(ht)-ZVsKQy(mkAVpzd^`_Y7y`q4_
z{QOj-wLu~`QY{}GeJA|Ie(QqhSDMwIQMsv^3HoAyuhYTh8>1(&j>oYl$pjT2O^*p+
zrpz|I!V8=+mGkWPc!aHiLrBXMd~P>aWqGfMWME%TjKutuWoya|{aUPH)%aIpA<@U#
z>V$Kxy|zNyxyGIRO|YiK9;LKKn^injZzA(Ag91*1LcC>))f5~pW=>4{F<39s79xG=
zM_z{S*lV|gSs~sgUn+~LYHb+@$pD>=oIqJGDlQ&AXY}gkruLQIm4m?N{IxlXfEDiZ
z9bHTengko-M(Vw+17NfGpxAf8zc%T{r*0Pj<y<Y2%~w?AV<8nNs)!TKxA&i|Y)30?
z(7JP6EXhPD=QwaLN4LUBav+p&2Oe#$1$~`ON{1F#sCY?9Ez<%}r1T0~$*bw=)y4)=
zy{%BEp^}&VvCSCHMX8G>lLNAK@vff$woT{r`VMsqJ&^^CYvIk5!#(@o(^SD|rgjXu
z;YJ9aMVb6iN0YU49~EXjH{6~OJ@1GlEOnTD@phB+KW#c=;_a6fBv!SoHcEg^R>9wI
zXYB2Cm9zePY`4qZ<|RdI=Dyd16v!b_`Ny{Kac2;6fo@8qrjWNE8sHTx-D`5QOv8rb
zHbrWRmh@c)dPcaG^;Cw&8F`wrBA<|BzB80%eR3NHbg@=)$8hEC=b?uyP&tG1JK{Vh
zF!6sDNIPM8fJ09uDtvd$IP^Ko3ka+^g6?^9{~1eH)*y+IJh#P|yNI&t!47KsYwd#D
zhmOvuk_+!;7W)|)5i(JU*CCvwre<H}b;OP)R0z-;vxBLKr4Kz-WnbJvY7vOdQ)bno
z-`8N9j45NDlpe95hkA3sGLVio;6_cO;lGoj8hGHKFgZ0TMZwf)J|xkbn0wH~;~fuq
zr>Pag<tkPAFOSHZ)QRY+!$DNKa)+OpI~-Z?f$PH5h%ENP`RYK)QE(G<#M39QWk~;$
z2BdfJR05Qe=hzT&&_o9D8kRoKV2QAp|JzLBp?Vv-$og2vKhsc!FWF-YnUzo1d+k2W
zYK}c_J8rh|`nd-Mz<K{7#g=W9epnpCGuP9+)Es>@J;wpAr*)X7P<5jF#oU@XXIpPC
z4$g}IzLQ#%gBsaCS$+!$jGJB9v{d+PT3oY1XiE8z5HB7m*sW9$P<nj0K}qG@2BXT<
zt^CMSfKjw^-Kb;5(r-lnOTOl<OJn(OV{t#8hKBC~<5Bst?VI!Wf=<)>gL+vFs`X8L
zkhfchxcXsi(S#Aih?AW91kr~o7W8YFo!X&8Jo9jA_IhKdlHqZ4Y<r$I6QXs3N7kGQ
z&17oR3%cPWZRch(7@jcr?iKykYI-Ixie9P3W=Wm<?-A8)?5_7U8df30Av_gZ5OqPV
z`U2KE+C54FOnXfP{#bl6t5N%FIEUN&6a}-Cl$PGJ^LCf|cGT;9wya6H-yO|t`q49B
zDZu&gFCdV^mEnJ)%{c!PZN|dL^1rkh8zVdCf1my@ZN|>X%JBcD%~Zja6SY!B_&t-!
zfRHMd;^rzNo_4q(0ze>&_>ulVNY*Y0SO5`GseqiToQuT8EGYk>5Q$g{|M>Zx{xn<3
z(9ocMzv2DN@|x-P@}u_F{!3OcA>TwSjT=1>9vDF2;UAF`p3DLOk^m6Me}LlcU1E;|
z^nxzkZw5E0zi*!O<wsnmuaAI(rxdbx$IZh6m3JKi;7<ymZ{blF#SH<103LAkBO+{c
z1XzJ!$AOXu4q{%Yz(50<3$-x_5A5bJyx;o1O3dFUfdG(_n27kE4JR);z+g`f0hI^d
z-#!rchMP?Q;Sae12{-uuT^Q_NKn-_FNKbZhcnBO!P|wdYa$J%J(FY#m1d1_O#}LI1
z1NFwrz>gmo{GARX-Ve^;5@PhbM`mu81rGuYyax!f1^IX2fVoRv9s|sO7e~LK7@FbE
zKmRAr<rhI1z%LsX00!i@b4zc%7ph;OH<3_Q*1QND<QQD69UyBT0;7*#2R-a@I2?e0
z;*6dMBtYcwk#Glr1Lz=({Obk>NM4N%i2n}whZS!H68N>xAV8htU^UFJcVbUY0~S<8
zfH<B31y1U|l23&L>?D}am9L(U{W3=IGY{xTlVeap{!~whzngn#O5R?MJ}u=!4~1L!
zp8W)95U_~fabY2W2_TIe;N<d%>ZP))JQw`R4dDxVL=FLEFW?1$<1o}8v_IS64L<^a
zW(XUs&!9_R0PvURZWa|31IB+K+a5qH4H`$}-pz#@#_6YVM2{Ej2D%P#zZo3N-`D5o
z+c-289VJ@u?OW#8r`Pa<>H@69bHI=6$L(qcw~3yBUm1yjikvbswXzL|UsM$f;c1rY
zFT$Iij{lGBvLI(6prc>LaPC4c*2~Z359rUsUxK~d=BIi0`2heRKdUV?5>UqhzkuIe
z$=~dUUdS)C<X@@7-}Sf-bf9}Knmeu^z5xUhoc&jHz*-G@9Nk|}^Db!lUx{Y_?|*|I
z7^qjlA2VfW@cvJJ%;Uh-1`2f~h=i}8!TJk(J&YxU7$?W?!Zg0Nb^21mJ&H6!Ea=~7
z%YL%}{$Iqw&B<}x-;cfnlXotV!Oqj%&x-u4xj8*H<kSQ(eg=#%d{Bs5G6zaZegKSH
zF^Z|z);K^zeiW=wIlw(L7$A;9MwH$f6+s|^zq5j$U+pyBSL`rAVTAh>^jE!r7XE4A
z1JIxBZ?SY)T?`mqn0}F<y9d21z1i?V?*myBCFFCmPzJUt1~OvF6V|*1Qb8n-k+k#S
zs@V#P96#gafHfUOv8=rAI}ZLSI@hxdS)PcDOo(G-PuJ#St1UdAKiVCpcrpCdkCWLp
z^Ito;Ue|PWm-0`nsjp0!^Ll5!<d_a~f7TE-x5VqyIABxH<J2kjd_7kJb?Q?#0SEwR
z;m+C?*6r^n+G(+a>s7V8BHMVWwK{^SF*2p;m1rAZ&4TOif(N-|9IE)fd)7#}FEX>Q
z$8RpC;?`*AJhTXP(E9r(&T6NVH*>e9Cz6t?bs|akdWl`~9*Ah;Gn*kW`}xFztFV9@
z8z0HKj6ewihp%kEC+^Cm#xbVJC0E(ECz3Nz62an-XZ_wvtE*v82~IEzcW1bvT3!E8
zKS0(QG1R>aw1McWT6CHSrEm@yf|{w;?yYk^&_lnh$&rs?ofmbk<yD4u9mx&J<dQBF
z*7bo$yn<PMz>0r$Yd#TIZb*!|G^lA`ql>{!(fe+hr`?k{=pM{Ic+ee1dUnS&`l|6d
zkXG7$PAdso<aoiH%Z!l9rNoP2MV8xK^?8TkxoBG32<f+8<HQ5JXK=c^ZlSv0I^O44
zZpEDh?0CGj!C1V|T2U6GTeSS~O#fgjR++6^m_1daJ+>(Po0%&W!iTw}soeEgGS7Gj
z){Ny;Bw!_EDwT*}me@8?0<?ZX+ruwyRkr(lP%Wk@h?5)MPfP}RZ(?zi&7#p(5sF<;
zrmOr(9}Ic?5K4)@P}Cd;Z*Be{vMu2cPa|%0uIPFk%KNI;rC(j}o-%#>6|^V0QIe$#
z9|^&R^l@lu1vwOz?IxS3=jJruV<UKPsZ1~YMN*U~5MUx@ucvApC8v9_+)DIatBg&7
z{RsK7!8H%57oK4kBFQ9Sui9A|k<`#k=j2SV;>I`@5cAx>y?sp9o+#bZ&`5Gf?(w}M
z3>pC)1NPIOaGZQ1IIlx1v?|5Q@ukJuhTDKH@TnoQRj8X;j`w;7a=Y6mD3H$$Z?t>9
zv!c}bM4=cM5I08Y@NWy)MmHU<aAu83RYXwfMf94*39zevm4lw2RLfO*b<mxzb&hXA
zS%cdFSh`>L>HLrS)a}edX&iu;n)zG#b|sTitQ4bfI?s5FMd?VSAUA(BicClClLEo<
zC^ks&5e(Z)4Gd7K`o|7duBaCXgT0MXx&?D(jb=Qp4h*!pVaNJfhNw$S5Dvyaa^MKx
z1+r6w)k#u3wYzOfzPE7cnipxsw*TtcQ)(e$?)fv~6auI;oKUOEuX`f@@VrC<*Zm;O
z`-PeQ042N&GpTnwTc|uP0drn~y)caRW9zL1sv;v1eMH5NcR)x)HyyQbOM4=h9^Erf
zkFy)EpENl;-r7q{Nu1dbl!Mwq8h^20OvL`4Y2|pDIcR$B9!CUMtnfVaL?fCj>r(Wy
z$1@K+ws*zbPmn#kQc5e}EdR59x04fvX;NgJz;wAmvApdsqV(KUC>392iE>;T#TG?4
zV=1p+X3cOwlzWDKDD~MVp+cJC!@Z+dRcrUrAr*<MgGNb_v%~cR1L0+vZdze5PhJ<q
zB=^7rV@AY{C+ilPw*iF7V44g2&hrJptbR-HYGjqjFhz}Aw@;i1WNGJ(nTKIOXXekk
zJT2mbe<#9Ze6a+|sc`qf(?mDqs^37nAw_HZV(tzo=t$~{tku4I=QV{(jBO3=NEOcb
zpMRqoQ@u}xA4*ZpTEoO-J@Q=`=%`W@X?Ft(p6Zu4WA4GmJ%d^lEYYcob!{Anx$ta|
z*Uv^7N!-xw&@+F_QisxpTQ<&`N>wgI9t;K4F|x@g2t>$DZw|zP2ivl1B~~fpp5Uka
zYwTgKM?eR&ZWJQLWJQwA5cVM8PoZ@#FC|tCzH?m?`V^_kn$Mh$U1-?~jM&m|EW)%Y
zX38at1W5?h@0*vG9f`xWe}mJMTN}-m30J85fu_m<U=N@eG}Qa8`bF;8@l|MyUIN<_
zg&@*!Px4$a0+lzuE(P5bNq?iU<HQ0`;2vB*Jz8#u^3Y9Y=u43+?D%!cS4(?X%EsS3
z^Ntn9xX1lYOBKHza*gr4$}RR*y`A=0W$h3=n_O_fYND11#1MY_tF#y>jxTW!AKO<&
zb6l^N1mk!F>1`&G=aXP3!LXvdP8ySqGm8z>ZxCJZ^h9>dbT<p7NDSv}`UmpZV<jVI
z99^P_TKOI?eGrw7iRJAitK0o|O6HN*th>A(woLDh6k6Bhk_?>~-aXFNe(-XD_8X7&
z1!Ayxpj-h~U)4pa*}2JVO-(l?aWv4hb-2~0w6Y#+l7!of&OZ>cv|GGxFfb)>?M3m{
zw<0Tbo%m^`)<fU#J#u7_9kQt?G#i>;tXi3TKTg!Qb8fC2h4;m+{qNM&868GDMlRs-
z;M>_J?CaKAFRMiTLoEacOqPtp@V*(D0Sk}At-yH4S>2IJWoGLgPn`VO8G3O!kRTVx
zD#-`kn;Oe6=Gx}U;$Eq(GrDYMtzoBk9U$NyJY5`FHH|sxMvUt$GSe1W4bnwy1NVw1
zjqQ4#0imCD@+l0$B};YfmX8UFz_ITP{VEOL;wEIgCH<V6U9Mm+!VWF%KZzDEJR<V(
z*?gL97KeAv1ugAx&UXgOm9K(3CtX#0OkO%N2`hm+t47~k!pEq!iWoaR61mF^7iU_Z
zDfp_(7$&TM^=07?FiYv~#7=c3vZ@m<U>#m~KgmM*HgUP+Wlx6sVbYar9j}y!bUI$#
zQg|+Ym&;*CaOD3KZp|kN-LgzC4I>DK?e7CUV;de|ns`5NLikjh-M+sBO<DalR}#6b
z;HuxIH6NSq!*&6=j++Ja=~L>y30oZalN`-wCcT*MOMJ(yS?|N%ZU))PD?mC+OmtT9
zH$NSGa2qJ41jBk)dtB*Xz|&CUsr8}@%15TZ2y9aY;yO}<Dh27Tr1|;so;ARb(GB&s
zcULmcBr37a9W_&>oX^2$uuJ8N9rrzBp1Z6CHxqZUH2aL3J)urI&6gqfCAQpQf#ieB
zC2;Y>_Y!iPR<2SY7~r&5uJv>HQAsa<KFF;bcY-XL)GWtvso&e7gbEaU1jkg9`gA)|
zzf#W=+qFVonW2Zj!!{yu9FyPtd*Cm{Vh~0>>2&g0tFV{_3KtJrJ)Hcupu7k!yIMMv
zoB2oHJmHZK7REU6_;%y*uxwPOQ4jB!-r|H2(^vLH_z}jlejCqjj11e`sSFY1tn#ss
zJ28QGT6~pj#Ck-lw{9k}sBZR7iv!A$$VmlAfJ8Ec**Fnxg&U7!K>4ShW{)$hK(d(8
zbc9znuoQ7*EjDL#p_=iy4LzQ5qmZR$bx_P}IYourplrE;IP4Ubxfn_?c^>E~Vz@B*
zEeduid(=rq{b+NWX&NB-vdA{t87#f3IW7mrjk_7jcN@^l)ugmXhdF18slM}!lW(gg
zZ#Sy6`ZG#(%y4Q1$zuT<ggA`G`nJVqyDU*V%8*Q`?ue}Q0&WZhq^06!4`U8{SaQb&
zCd&Y|_LbF1$E9{MRx7B`iu+Mh+f}G!{JhWCM<^w4cFnU%WUhtyA#I;;<)u+a>#8au
zoR%RA)y&IL>_*t5u8(rbY@<VT?n_6vm6oT|81afrN|VF$o{q>alC%jCUd0*Qn1K}p
zfy&{~J)liJAcWDV2!`c4x|YtL<=7{~R*Js3ps~*Qu+T%wPQ#t<!r-MV6`QnOJ1;9M
zKK7L_&v+F1_S|LSNlKzhH|I^mP@HAgXVL#%3RXNl7lS_D+>L7ayF1I+XO2_pkyRnY
zBW>D1XJ>SdnPFw5X?zhO{_Lh9CWCL{bA{%zaQAZ0cDwbyO0v@lO>5x?5u^${0C!pO
zt)yKaZF5D9>;$bAf|tT09B~91o<-|8a1sn3Ls1NN=|jw_Czd+o4z|kv!yI)eZY!6%
zW*;6T!~|CUy>4E;T^(lAV-HUZkcTaR^-mqI=c;=Ik1#JU10>pyZZd<Nvzth^Cs_p(
zUj;k3bjYgA32y%+NPeyZ+AH|ictBOH)JbyaQN|AT6XRELRxt9}&G&KA)4DCK4iiAt
zxiq*bNgk9);y<pfO?4)30E}YGT`5Va8W>CkTY^>$ATZE{Sd%&2e@h5WOl3-DSvl#2
z%H-U^5AnO^k*ONS2IyK(Q+mjKE4;v?3B@_&iAc@ufATXw+zCfkbepEDtu6AKy~Ovz
zWlFOLqGRMIsL%VFPkH!WE7W%BhV;(Dpg4F0{vJl;SV%W<PEq?jsyZ(4Sj_q0hxq)S
z&4<d3Rffx~<+AV}qJ{WVGa{c$OG8IjRoS6Vk5C>h2+hp&K#o{eu7WaRn3c50nuxIj
z>zE;AguG&tg1<iTaL&O*J^yUrf9k))JaFLxUM!Ynoi3rOR_Oo6QDOHghU8lwNX3)~
zjTd^D{1;>A6r@?yZQ0C9JFC*RZQHhO+qP}nwq0r4wrzdc)zR^HbjQ69_dM<Ob|TJx
zI1yvbIm{|#7)Gp#k+c_*6XqF)3Ry_XSol&UgSH4|ZHfy!c+2Ejcxb*}gb%JgW9_ym
zeX5r=&J}vAQp1$B*)Y|JrWmv+Hx^MLKJE)<!x-7<Z2~vrDM#6l95O;I<}T;bHZVYV
zbHA$Nx`ZFNnVIsv^?iFHpB>f_Iyp9*Y^s0<hJErxxYV`W`HJ%(a{t*MF-0dV`2tgl
zv3RYDzR$?9J$~g}Mm2W#`zm%+4*q#QXzI*^v&cw&f;%aCUP9S5B~9GVf8FhZ=)RTA
z_6SaD!PLmr!m!MLFl7sean|~T=w0C!P{c0jk!C8%-(AMMbVDho*rV$D#9+{ub1>oU
z!5251PXE0^^xZ>Lb9Ah+682aJ=(12aS_nJAt>a#?vYi^ey6@J)OvTKIa<}mkGIxDY
z7wtZ;WvwvAy}dEXKi2-b(i&oZuU{$o^2%;T8-sd15R)u+V(-;bgDT0Do7>JQP_4)j
z4mYp~@gS2)_i-}YBoz-yS32{bjLOSKT3D<H-ChYRg`7YCCgYJy<q-6P4#+p%W&I-5
zGo4qhQ5*6_i2ih(&cn-CThBa=_my14EL?0BUeC&-=bkE80dUm32Sv8^%ky{cC2oTx
z&;%UCb}tLRQBaEY#?1yt67^l}2v-w{w{UN+o*Df93ibPay_u~-+xhrSI44?~>oTC&
zlA<Jb%;r-u-lHf9)*7z(0(ePLS{%mUL)}$3u~op-GgL`9@OQkOf2E|`q>)+72>$j;
zd-t8Wl19GJOK=q@@fk|{N-C8=IO7eCKUQtD#Iu>_CXYGqRuP&O!<5B6^vl`;^cR0t
zHSwCC_7~hCWo%i$52>AdqIKXSwODslJ+BOm{kpC5C20-|`sCtRNm4|K|CD|oAa7dF
z8(A%qib4jBPR+fsG$bmXI><2T`m6|9*~ED`9(;L&DN)+ysu8N5<b`KdMs_Z?3FY-V
z7lk7YA@Jfn9sAJTdZwz4O{kf7_6zUKDt!+rG1ywjm;ZeDRx4CWV>-Ff-h46PQ$6*n
zIfW#TYMsWnB%+tv?iyKnnz~QruS3#qOTkp^B<kq%!pa{x6^M0UF^8bZTIijXi6#{J
z{FK;X<6yn<*edaJ2G3^WacVp3Z@}a#iG7%cmRR7c*|#&v3QvjV0&n!Q@+{UhsLVw`
zG6&Qiny~)Xnf2C6<+uDPi`G8N{PMhtG|cGL@C?zjPxn>5m<Z0;#fjuCT_nnNaqNih
z!uy@QD#2Zal|j@|3UmCy035_Py<G+Mq8W#m4Wd4r=qo5?JXR_l`pFeIaFU{L#CwEp
z5J_G<-;^<>gg->w#2pbo2=hh~84oBpPZ4{q;?6~})y2=Cfe%mYdI;HkMvk6Cz)YM{
z61-mNHhrhjL@7hviO|d=+l&i~gRAcUwKtduvr+UYxGJ`5BIRfErv=Oj*Bh$qw((;r
zIYHjHQ6Pm{s33ndmG-thW*>*CX7bbAS;u#OX^MP^^8k4Mq#l#?sg-%gBaM`-UjV=a
zd?S?PF2NOdw!=hDq9y-#v3#tx-PULNPbmR^&gMYZU2IF|gsGySMw-}8#@Qo{fNW(a
zGK*Zn%V%AuGGFu`iTD|YyW^!td7Ev}&W~5Rz8+rtB=m$7nIIcE2rWJP+kiJd%u6t(
zoLD&!7j(s!#*@|}V_S8ZbF&k&d05a-27h(ll9NBs^JyT8g2Ai9iDra(^XfBych9Y4
zx$A<Ceu&ZJ1aD3&K{6>}WUMfpc6f?E4y2K!=oHoJp0`#!<(FmBqD66e6VTn6#{I}1
z^ivEyl8A(RpwrSj6=%*Jv!|L(wl3R`z<tiexY)e?qucmA#+KVXi8#4}9i$=kJ-tI%
zknLyX=+E-Ypt=kHW-zReCH0c_O}h(ib&-lDlT2nDaY-ykrQzPRDejWMGssBKBfRJ7
znt1nN_jb&w=-?+Gm;GwcD~;=Xci?F;TFmzHTifGLH=Y8TKJ$UQThscxdb-brH_@w(
zE~vt#Gpcf-T{KJ>o>NLHAVNI$a(4dl$1h-C`LCCz<})5GAao-k1p-0J?cnsBFL%;C
z<F#k1#0xc%zG(6f{ZtWkN(k13WxH9)c-q}X><vVZnp(Z_5Hre$Hpm)p&VtoinXo@y
zCj}{xBed1|mi;G|66bWA#H(b|@hMv}UW=ly<x*7_<#BcfvM9Z98dc*Ej-tvsF+tpq
zlpsM_4qZqp#u1bW0z(UW9xTR$s;;u_M3pDF67<K&S*305^j9Wl2YVS3@y3!^tK=W8
zyQTr>pHSGb(K?M9t=8d2H+)Un`uGH18iDao=!|Zng^g#<$di;3h0^qxGa85fQ{<cL
z13U1#Ere7}efT;Gjf04S=S!G6$;h%`RfhhoRdpeG7WV70)mOWd;hYQPMw3cz?rf3_
z%1G6VajeXKhxcxD*x8i!0>4JB<Hk%dq~G$>4`aJLtZ%B}S&bMB$X8|Ow`V-us&{Sq
zehNLq&dNUaSekm)7k*||c15emOl3VL*0HV%`E*s@9Hi~udqJJ{d~&){^T$ewQv$9{
zsBv+Bgn3FEe&dxNZlJfp8a&TZNPaOcgsszS%=r)oMj@C2-b_}jl0U4YkTE=b_oO5u
z+OuznU1RbeKyt1*olEYFvIy%M)IUoxJf`g*PgAN@Bq4sL>Dst^Hgfy?L~)-oTl`*H
z#3;O~JoWUJjb^mUT$H17t2F{88K#;Z@~+Tiy!pX@)eZmE;)dgDj2WHnnrYO6KXkMt
z<{H#Jggy*{H<ZcsOmDU!u57aHtKPY^&@i;b%%Is}t=i~}r?6SD*S82f!RRwaQ`1tP
zVPf?$TC_zIk0)jRTW`;Hypxa5G<cw1lk?_Gw9EEha3P-6bheX+u=tC1_EOTz*m{Iz
zV@u1P8d2?j0%!bW+{v-#%`=tLo9_Z-waKOik)rGZ{s)<e#dZMlbVwxz6q;ND;x8DB
z!NA4Sj-e}sHL%*jsLZNJb7dJ?Wm7gFC*S-tgymMQRriWJh8wFacso<iRlhwQ@%0Pv
zY+gy+2l?YKY{ccd#XlonWjbykBaZgdh7-^OA~$nUwg!v#j(2xG_E8?1+k{wOD;ilq
zHDCi1HOj!YO+mdey+UQ>hP?*L#^cSGmCVjM(I~nSBO~!4kwW@M40S7BrVGrsdxCJG
zl?4-@xRBaY@{F2IxITrgRPXrIH_d&aklF7>*FYvRaFRy|q&k4g@>TSU(J8iZ2$7xL
zyIU&oY~y%tjucQFF)4qbBM?-d^csP{ZPSbK+tisMLPrm3AbpGQ^x~ioH)!QXr|qz5
zMhAA?#&&n$`nHU<gXGg!v|4{U*Jg~2Y68=gKyFJ@o19P_9TU0dm&9jK-iMPWFB;Up
z?57)gM|`-+nBIo20T9{lLQgDyyJIi%{GZKE%_ct5ACFNh{km*4^O>Q$(l!1J4rmwj
zfq?!Ol?)Saa(hW?B@D!ltZ9-Brw!LQ_52v)^|zeQwDTjYo%FbFujqGGgkEB)fg;)7
zc~m{Eo_fP->$42QEloI@2wew`S-8@+gY$mg&Yuab6p~+L+na7+*w-INlO305N^MHg
zmgbU}aHl<=_bQ^UPrqsX>wE~1bM;y?1M{H`ZYmE)avf4>E6qlsFch2@#znpe+QPxQ
zur#A#?PR+rzcj^+)p+kIL{T$txHQKA&$7!|S@|iaQ7KqC9Ns#&vD7H_*tj~OVJL99
zWZgqkftDq?jlj*WdCqCTdufmRW-kAfYFeB;Q2hUXZl4YSd3iG38k0Ojb819DtK5tl
z-*{eqXWuWTR3z43XYPtgM$ya4^XfZGI{|m78`L+J6KiWpRt`<8<-(CSURR1+ybHLt
zmRMuEoE;0zin+#EFM2K_n-~9;GBVRM{I`^mo%KIlkrAJjiHYq$)Bi^qnVA3Ql+ooM
zW!zk$(TOJ1DTXW%CkxgUsdPSP@ed{DCx;>~c-@H-hfs+07e_(lU_M`n68|lLTuk2M
z_M<+-^V4w~bH6i&KK@$6vAW@P!?HR<<LX01K*GL(>VOvW7b?QPzmXqBhX}?3ADtTf
zSC9yBn=J;B!%R4zK|hTWD0q}`k?{|j09cU!!5xDNIsELRNRhwh%?$r<hWzm2>hNT0
zbXa7tAQJ#-Awwg-N;$+I_$4slmN{}zRC_6~>x&qH4X(Yr$**t7qmX-G5o6<GP`?t8
z6m3LwV%W%E7lID(kZ50#^yN%*kZ?kT_B%h615~&EgB=slFkYUXf%&xRh?quo{bZ0&
z!Ux#?p^((S4g>r_{Gh>if;#d4wNe1v0>|LQukAVzHRH@6MG64j1Dg@U2K?iUTMG7|
z;Ng1M=EW5tOHLyBzDX{=NT30JGvMUE{=Ca|@U8Q~5GeE|7SN+_45LIoh!$Q2xQd&B
z%HP()L!O2pfeI?z<q4NFp~lRHdGaUB$ZK)$ug(<ocS(Ztlk4u`d8ng<pGOV`){CF!
z{R#0)9ms3Mgsu&Abr8t6SMQ(wt{`N9L<g+(g!s9wK!v;rzXLoPgbMdu`9%7+bwXt1
z#o63~OE2)Cc|qUEOyl~2N%|QR6Au{qgRv0z!JH5Q8ar#7DEBbP?-(OgcdsrYUB9mH
z2oV9|T%Z7my{HgRe1G<6uD`plejq=-AmQOa`{L;E=27)xg+M>bqhY^Y`*!cANAY|7
z5$Sil2>I`3XZ>=k?_UCo6lQjQ=KP-3)`o<)x0Lnv+75p7Cnn74^6TQ!(aDL42!N4)
zC!_*NN{j=2|LBO~MSeBG-SKr~l5;W3pS;@Mk3PM|@&M5NUuW&_fPZu@aWQW-LE~TX
zlC%Oy`su&Y#(vtC{Yt)eu>nmJKa)p4Jq2AiGc$eqJ9=+Fz(P9lGdq5e?u(s=cOdyu
zBXPhNeHEtRyFyh_{zTh40IcO9f%~BR;KtD`4RK*?P}CnBF~eKJ9z=T|V)&E0O~$@M
zQa-V1j0nNAqK2_NHyB<RSO6U?pB_Eg*LT41=L1@Bf81=}s*2FS++Cg%DJ20^upzy?
z9T2)5nSytpkH{Sel$iUsBcnWeu;Aex1%J1wUp@{d$lJQ=?|NeSHPpy=jBg|$kPrh%
zVqcGLWUj5BU%~*8ubZn~NZtXk2**)?5EyjV!Dm$HAszUa$3fQ<TcF<5@;c5Z!ndBG
z{tY@T?_t{Mo#c=2k4q3fqAn!5zUMEvBp4@ej1_0)lA$Y#CztrE#naR?;;343DD2lG
zB|V57DUAyw+X;ldW44dQ=dxU}XxTT0N4tOf_!=$8ptB_w+ylSMU1-SdppKt$Z(G-i
z)c4IvKMg9L&cH6F!@$`n@c6~?x#OltXa1IK45w11LeFZ|Po^^N2GI5wf>6FNn`(C}
z+D^I^s>8U}&bITyP*s9r!V(W|t1lYAWs{?3*q3i1kGfy=07;BpW##x}EpDgKwkFkW
zD^O_Q3QUTh77geA1CfK`KlEZ%xKjN!)DHO%+$<46_Zd>4uh<ODRYsVEi+83d5GGR{
z$bIkjx3=Fpu75;K#V422QxUgzU8^pSt9MMw^f41kpUb(`AI7grS19dp*40G#ql^Rf
z>e_7$1Q&0*+jA%;g+g#qBpoBUNjnfg;B;ebVne4TU+&072xj^f*U@^8@sJveG`y2J
z;d#0%U&qO-%!v$d(KCsni6|c{Ix?_!g~%2sOSN#SAkfEaJtnWU0&lK8mV5GLnPQd_
z++3Ut*26qTYMk+5#k)Crh265BB7O1<h}0$V=O5Gf9WcQ(TB5Y&);w>jFV<#>|9Hx4
zucU7EEKGerUFy3vEMK>S$7zgSnL#~o+Lw(3VgOVYZCxRJeTVhc$CGj??c#ki9|aL>
zeL(}J_Pi?OcQb5x39%Ja263+RyeYeE+mN>~FoUK?6quxOpeMP*3h+Cx{<`FvLo<Ge
zDB3I@IKmqW*Er_8wZckUf5xk%Q=Je_k>s8p4DJOC*xZrN9!aS6ina~zQbDm^M_k?P
zHS}RE!i5se(*nDn{w=h1oB`B#^)Th!R6eTso_EZuIJ8Y_Bi=N-fiIZOQSdPYQTkv`
zr$!XWr19wH$o^FLlzG5A><aQs3SFnivYY=N4?mTE%M(L1`O`(}L{{}!+c88faV(uA
zD5$+=V_P;v;T^U-0>mz8>!kgDx6{H^ZfL0y^nCRNe*!;8ici7%%v+q;(2>H)q`XYl
zH4PHKZQX49*Hi~9u#gqysDLTt<s?9;4JQ$%YpD7d6UUPKmF~~_9@X^yD6PhydEQ|K
z*$*LQ>5zlQJSFsUgyK*l;#Ywqf~<+e=_l|*g=itOMdE>fQPDh&jdDZxKkycOU7)?N
zj;Rmen@-E#FsY059x$A)Hzg;1Dd4DhNMoo0cjR80h!UGoIxVdp^u8|SIh^Hj5nC#U
z@M&)5)4c({@@42*-x%0QSgonWvy@aBC7(o9&xz7+UMaFlt^6r+sR2;>@gOImMWvuL
z8yXyE5*u2cihB6R0%Jw8Y4_D4ecqvs<Q2<pw(@#*><8Q7F@puQLj;mIFjdFQw7y`T
zL+VFuFb2|#dE0P0w#+JeXQahY<EtP1IyAQ(*xfOS<NIz)aDNl|kLtGD=Phhvw1!a;
zPcho@K6zIj=zN56<HeL%ztek+*Pn+S(`_j-g2(f_@B;*y8-oxH@vIBa=<x%9G+3rU
za4qqW(2=nu4QthXqxZQl&wp+feGIo6MrrZJZ+*5kJt%KeRxSA2hq7BD)?y|bP42>J
z&|1ZKm9!PL(%;@YMonV!sec263tNe&Rv*VY=yT&|hghc*kp@k_g=#98FOgMIX*W?r
z-EuwHOdF~|NcP$u5-V1l&0cKCe35Tgdx8<I5Xa#wn3lnTYGyej0yROPCS1^)YOhlM
zI^OnFMQN4R!_q!sbWr}{NJi3wb#2k8=xRIn)VwIIhAu8R%J^p!EI5sb%f_05FJ_hF
zy@__Ke5TS?B*SMAzh0?>)BLvAU9K3R#$C2d5?}9LpwIlx<@Xu3Tca`Q=8a&8tdBDv
z;)|h4HSPVH!$Z`8Z>`7nD2<1yq=qZ86Wv$@)_v3YeLrrL$aD|_1{k8#t0UBzbXlVJ
zmmTCHh_a=?Z9hq<c}u23FR}{L80pF`h)H5L8J*r6UIH$4`uwY@b6MBsZMU)5nry7j
zZQzZk0FCk~m@Q+K`q<fbx)^)0c$yTrMTfK2RVI`tHYyWCU(@wn53HK>EB&%rjv^T~
zHvwEc<0UT6t%Rb?6DKh&`Z@8eGEy?OF`E{Z(L=3(NpJEb6rn+EM8T<?7U<YqhuzJ!
zX~P2&lWAHR2v&7R{U(b@76g!55+Hfe1=9cv7mF7cgtm%$O0)on5V%fB)vDWN?LgM+
zy>9c((+FvTis@Jcp<4eY9oTiANj&-<Hy&06QJI7SQMOk&STS!Ibxp>sy{**4gwnxP
zxr)MF1~(h%6-Z4~;CH;>lX9bNzBrmXHTHlr?7*#(gq?ikeZ8)0xQlF`JbBDV<WU-7
zLR(;ep2+H3gtIa(GLpv4w}Lz2<uGg*wWM?}B^H$qQoKl9(pB)zXeNBAyEd>)tfg+s
z<6jqo!|d0TU~&9iuHpV2G|P}&PtdsIT+;D^NNYHIz{SQ|Sy)Ha00iAGo0~==pLW@j
zv`j%eh&+<GBwRNwZEmX7$EbZ}f#ROERFGsq=Eb20>Xo5UC-Tbzd@19agtx3IsjXO=
zW4tp<FmP->T>prJKEHFH+-Ujcob~-^occK_A!rzcE!fPFeew^p6O$|kv&>*;zeCDw
zeUQ|V%uV3i=@}Wy{w(E!$>#L->?o?9GEI-iwUS#}kV$F6;RjQ$f)Yc4U9EW0pen(@
zR07PvHRfeK;z@J4zz*0Su-^zis<sNJf~n~^tCxkDt9F)orxcG<?v-J#Od`DHqs8W>
zwAb?_vHY@Zl5Q^8yN|Wj?nnv$fH394)25hCrw5xJYw09GCa%_Du~X`rOgo`k(MG;`
z%B62v0s2BXSL~l@c-q3j1<xBImpe3C+~wEBHYxNI;ZD6}{$)nJg>_loiV^5u?qG=$
zVRyN6rg>Q$QWL@HQ!Utqr`)^7krzGr6Azpr&X$gW47lQ01Kdsj#4uQ|qZOInx}?eD
zv`~sK+l@MU-&IyT1Cg}$&^oyhWM#0}LGQ*g9}CW@v06dnybyHMrZUUp+kmbJZ3Dvh
z`q7D;(v6|gtM#Li<7=szf}DNSy2x_oh;lijqHH~%$CEhJp0Atba@9LAVbJdLuHuO?
zY&*x0<Na|noD8>DlnM-*E#zEqMo*W-E#w&)opHI<Px2fkjS0z-g81iSW4iL{r7_vF
z5?w@uYdBjS@F?rSCf@dS4UuVHE~kG^;)8%Ya5yhy1^zZIAhQUMH2J8mkHgS6hOIKP
ztTCHE1FXbsz#HAFrdmLi{w;qv=)-|Vj!AmD*t!5R-Avw)3D7I$pN_$kzFd8%Sz90e
zwi+P(iSGDn9AA54vK|`2nA8d1%sG`;i$W4U7q^QLK~J68C>{&a8Nh?4Ht8EHY|UaX
zH>=w!OM5tjC|D!iM9`KPWccI5xA19yYG)&+Q_u4`2)N;#VQgCOBihs;V~{0v$^@5C
zp^ellhLiZB*|txQ!p3+2jol>-<Q!h6dcLa0-il)vee9jM=REOO+_QnPKB?KnKP0Wa
z8T?MY`X{cXz@Fyh4;^^j!q>$<F=Vy@d>vC80D-=~10^4N3q$z|hqIEZier+67l~8h
z#{Tc%gyGJJG{MRy#rIL8AmQc34er&oJ{j&cC`+CdnYd=nTDo}Ay3k=Js5Twu^@>|A
zY1(FC5|vX-&|?z$IpV}QJ?|$9W%f%y7Ua_T%xo2RAc2s09!p}@s&j%23OdOCO8*f?
zlqzZ2%u1IWbBG-n?v{W4LytZ6CSyDPd_nos$j0o5<`3lqC6gdh%zq;D6gG?Zzx0~C
zl(Uis=1F#eKZ9JiVmGNu=2dvBB~S0AVh+`UqDwDLO4iunpsTaYzrh@~n6JpeYxf>?
zl)$WJYf`0Hv5#T4aNa9<-x-u<N{~*q_wCWu$PfxYmGtH9F_gDA1<zZxmYkd(v?**3
z%enI2txNUZ&T$@SBcmE+3a4_6wcD0;cUFXEU{*b(AjRoU#Vxbeg(W<bZ7B@;s2OCU
zi=q0?%-yxJ6(+6Ema%GYi`xq*vF>!Ul8<@i8P&*O8E|-V#Vz;~%B~hCOOT$oruDXo
zNw<B0pI>0_IsnclKS`PQonNMXqvtlqWaSk+(hYnN{^W)ddbwY9|9miE95-%%O}*US
zpUx4gKh+|woAlI}i+II+OxoY64XpFx-xrP5)XsNYj7(PDtbpeAnO8RDB?A>wJe~El
z<UWcIRyu1_Y+kn{7sF~%2dY1ah9*#4-Qv*Jn0FO5uL!g>t%sXKJlr;&fS*h71Alp0
zLM%TOXt}URx<Mu4ML2e&0qs^7O?E6eVwc8iuzLvGws(`uopY=_4aE%>h4tTUx%;5o
z-xKAm92egI8QhjSm%{|dqGU;*C53OYI<Qby;ahRu_Q+At{#*)*s&NQtPcpz$<ZgMB
z_?MFo9-k2V5d($Pz{{M{%Jam0aObwb-bf}9QM1`;c{xs6i&JX2=yoT;JcK%Hk;J-n
z*5GPxi|{wg+afnPP@GQ*XO#|ifIKQ@P|60xrylcykUbo24GO-Oc5Dr8@QiB5(Uw&;
z?vKDQeTN9I`fA4|u+)2AvI#XHJ`WHpS3BbG0!f^S{br~`N$JZkT~~r2$!xO2hsO(f
zXi;3;`k?LZdQy4bXyO74rWU7JAs}}yY(3tDF-!EeqIGxA&E;DiY%I?bE5m)rW8Wy^
zUn|}{2r7%dAb0M6)^<|c&pNp;3KG>>@^-Uw7}L_wNkl6ZDv-g-oErbNNTr7@k}0r*
zS6K2I6AAVZd};V_FtMsbEW0#)?bj6PRHeX)H`R#A={`}`zX)p=83{AMC2*k1;tFnZ
zwQ#6H4vRg?Mo_}c;qg(*yF^&bEV%S`d=QMlBWiy|=>mfxXWu}WDXLSPhc#LOmcHww
z&qTi-sf(uA-ZcDMCWIh`zXdaGxR4KPXxnnrTv-Y<8HHbjFJEtSrz!N@Nyx9^xFyB;
z=87|_q3igdJm;Sm-Q0ezhr`85cTfbAv_-!DcRNn*^7S?fQ#bpWkDqmB4ER)TAoBV}
ztXm&2lR#ctxV-XZM#f-p3Zbgb<d7ww#JfIj6(Q)HAsJAg9v)lSe4FQ#lKzXlMI!Mw
z0h1u~N!7qPP6+=i5~HfX#QPD@g3H>g!6ps_rgL4>5qF8lFV>Svfr1Dbb$8408@bn}
z?MZqW9*r<jRr?ieepMk+;TxJ}wYB_9LPB?L^QyB&zALkrlg*$2WbR2@_RPbom~}xe
z+(W4Mei~9oz?(&oP^!u*E{;A%`cs^eRY6p#yeoG1y*i0%_swGqtl2aj_;jeFN6f`a
z?XQRink*Z0j%Omd5-HT71e;C@(uV@?PLd~ea5t^pVz0GSN!h#-N@IVr@*U;^lXbJQ
z;XBC%R}$ew1+wnl)y+)K43nutVCvGiw#KK;LlJR^`9;j83Yvx$?c=*O7|8cH*71H%
zfM6nBG5WsKa@p4N#$2|nc-jt4L<(eBLHJ4p@SqDYjRxXy^s|8>HJ^5kGcV<ljZGtZ
zi+yb5cL1Hz0S?)g!usI)(V9$SU3+Vfm<(P!v7R4$^H#KqZE6F5tlUkc_B=*s=y9(5
zYbl`HM1gj}tD9~nGvq!7Obc|@q~g0xklBt~`<WI4+YzWbe}|42w&qp6j$4ryPdu#)
z%V(y%+g^V8Vb!PUmErw>ReSf;mix3^ca~PoR*}`%528qaOg}h;TCS?=`Jb@{Ihawq
z5f`ES+`D*y4<AI_s^x}2DdHw`3{CQ9j1#bBKlb|p5UNzK1muI^6-f_qe&PP`yFfgd
z>T$Wf{juk4RI8`74brV#4=9#Q>*g{df#yaokmXGUFVT-;=MqFh@xwmR0OwuIbj@Qo
z_C0MBjK#t7-v=TNzWR70Q%+pyrYc`>&$i@jcl+HeZ7&^p*}2X}32BICpF6>T?eqB?
zQV<493ZkS=6!VK+g#3+vtp=B8Og-L}QI$dxUb6|x9sI(&a-2(@i+aSrQa?ePs$w1{
z)1z%CmnWCpfm`h&e3Efp(&mU#Uk&+*?Fh28`pzb&<Q2vF0)F)z(WZKPiIaYr1&O2t
z|KG;3Wb<Peg;w#pM3FRKzn@X0au0}9=4d%5E0y?^DGJaARBDE@k0#W4v59n0&w=Nl
zAZ5Q__aqN6>>c(VSs%iJLz}mf1bgYbEWMp{%c&=Y&y1#$a{3oGzB6N2Z4R>=5QnL5
zGFv0E#yYLF5BKgZn}xql-6@Q4*_#>d$vKqwQ*&vhS$<CMfv(0&bFnHr9)2CVw6VsE
ztE-NLhx_A={xuNlsA_vP^O2nI_jOw;a)#h~5l1B6UB|)%($`#bUe=AYEv0AVUrv6b
zI_Z{}^q%tRFzL!m+BhI*Oh0#5*+svH9~jBD+~qLezKWdr)4R}p@w;LJ?a{YSm2oN7
zAWFaIn|oTKzg~<s91ayjK3Y|?w|DJF5RdrwGsTvMxjHqR7!8Vs1@<|rHe|T3#oJJY
zbWgaOaEV7GUSymr!7W1+vW&oP>|a^73~Ca<kW>i9$@vGM(M4iIU`hmloi@2?+qCH}
zCcvAg;7BH)gb#PWMPD}4VE^_70A0(lAR<Q68X-EZ{|?i}9(piZV_X?^!c4aT?saD;
z&6cQop$jj?b|2+qCP;uVr0VTL7rbAGLh{X8#UQ`9>Q|(IZrH}zl*Y;K=3;TB5_#)6
zEsW+gVt8REeq4EPC!P3(+M8fNoOgxI*h=$v-G*HzXU@%qRpa&ePQJGT7;yg(n9Zu!
z&lU2oyv`WXoSIFvBL=Ko3bmjoGd4B4bxM}&6_ljk#<~iyEOsaSpQ@|9-cB1drp0!w
zd@XcF7i+vyU>RzgM&soL)sVrGeGTmA?#O(eC1;_`I1)bjsb8&jpW`vM4csdphfeSj
zE%fNiOQ{QNnq5|=E;(uSA3N{k!#1r=OGIF|$=C1X8i_4o`~;1elSM1w4k(V?1$qre
z*kIWzD6(3*bVqtTHCY);T|fIgKh>jD?$;lRyCeE?`<8cUxiRLVzO=vVk^j|av_Onb
zfJSO3BAG(m>W1}vG&aX{P?^1}tjNc7W-o)#J`nEeJ+}CQcBJiYdVd;aPforpht}c>
zCB>22UF^8~JC8+CBAkyt5>uz(ZPycR>=u~c#AFNlRTb?WEaisisggRzNRd}oc%erZ
z*<|#fhW50lUb-?v74a)-8)i?AsktU}(K19NR+cgHS>72%$_ly7&>C~*Tn$8SsZ^Z7
zWkcEhtLM!Oy#ZZ@gLv>>@^fZ+W52p751n!OSp=pcA(ebZ(~>xPa8%vb5?nXq^}c%`
z&ugH3aCE`srK>~eKsc1f#|eDeX&4|fK$+r>KUow>s|AE+P##$J$(?*yCiJ!rn}g6b
z%(0F0G@(LJvc)~5xz*lmr82v|bM9Gw((0%Y5zkU}PuPi7Z8Z=8wkO~XtZauFDTbko
zAKI@fKW|`CfwCF|UrZ*3<QkD*`@PU&Q<b&;vhC^uUz$p5b{Kj@pr}@y;Xe|6fQX{F
zWx+=-5lD`E)`%Q*@pZRP83uGlxe>))^(F5VT%>n5Pogcxqn>hTSI&x#&MGa5^THol
z&ovO#Q4pMEa1{F75S~zIvC8%@b{gd`;n>-2H9l7;7#1gn^!^pn0aA7^bhjAP@Z>5y
z5lJwW`+j#~8E3OBtqItrIZ^3dzG33UcT(>z+&V$!dr99?(B2b^pkyd7LaEeRU?H<$
zt$h2Aknk{BC81P|G!ojBW<W?*q!QL!A9foHO%|l$`ZPKH?q6jp8vYETWN2RU{L{?F
zK3bx)7{30pE8ZA=w=AW?C1tir28vQGF{r!3E8*hIj&)!Y%*d*uoveI|8H9QH&9xNL
z*UIuI?Sce@Cd22RG%f>D!s9QP#3ej8cAqd8=o_{6b^lo3?}!S;Y_!K-t}}J2wZTkU
z&YaCm;bE7zuLSgn=h1!j9PFkCU2xo0SgSsb4!i_3pR9YmdZ`BkRWh-Y_r`=9ttO6Y
zAML+|K>Et~ePXCkAQJ2I_a6*ue5ccrv7dNom?lz`hOn>erjo&S)DlK2w)Nj&({g~P
zg4D*n-aJpdOQnNeM%sA@<E8amJoI``e75bw;}Ef3B-1u&2mDK?*BH8<!uS1o@@LK}
zE>ZA|ZYxM{9Na&1;k~GS$J7(kB^6wxHt!B-*51#gi_Pc0N=C!0-2Dl3npG$#ch)Ml
z50zI6t=u&q7iPdAD?0nED}`S`2Go;gd<Rx1gP_Qc-n6X@TABzRm<yPzi2m;*We9sC
zH0D{=8R&#(l{=ZcE$J__SPL7;6;I))<y93(3gpik?Mb9Ax~gA?FV;eGb{rNc(ke~B
zEEJ(hcPGxDGuJkHVSOu~{ua?-kH0XluyWTSgEIfby7UHVY6_sjFLcMp`To6*isy87
z8BU{W8Lo;Eh5GCf5^OaQ-YoUZW!!YWD4E-VMvBLDiYdJYsu+1gU%|fzjow-#X(oHb
zw*JQ3m=^x~-!amE)Dz#%&=Q)P`#&6%0iTh9nf^Z$BR&HwE64vG|6fS@FQLi)f13ZH
z=|nB8olP9^=|rs!oK1vHjO>g}pm}+rotzy_3~Zp?H=>`x<h89<z@ZOsP_sw2|2-t^
z%(6r=UiJL-`U5zD;BYrLsKo7{fn8i_OlGEzC!ar+UR71Dw`T86J1sjhGPR}S)VAlw
z@W~FpIvARo>Y;#$Q(BJJ*MY39v#G7EvBj5`G+S-q`+vp~%3b_x^|i?2`}wGebplLn
z?HDPT+Sr6l$PoDlwt@R+p!83F>z|_N8-du@H{Ab>&W)=8;hUTo{IeaI0+X```0Eo}
zN|2e^scBhZwY72oc!14m%z>=Ezk6f=j^PpAKsz@y(*uAeOl?{DN86%NP2quL$Y8Yc
zvtECK^N|`IoSabgO`e~gj2WCjo7g)vqvn`^xox(sfiU^$=axatq28hx`G==|zu8$*
zi!TAuU}@d$Ld%d*vB@#1;qS@p>01GV2JC8Y38eC?^=rBMmv;Z*U&es^*i=8a10n72
z%L36iGx)J<_w)Ke8AE-dGh>2*ArmuWif^MC!_+sq1OhFeAa7{*=wJYz;!pL%$mH<P
z+4-90p0dW7n%ad0sB~iRi)!QOzl_}Ne)Xf)w$9k<qt@39>S1gAKtHaSTEv$WClwJP
z9)XK~RPj=1spSuA?e=K=__V*^lgY*3`o*Wvj4fQyVW!^9RBzyGp}FOEFZJ2%2#fm}
zukf=0v0-6h;X&X5o&5sx)L5$rr0`E}V!Y9jeCi#r!2^0{WM_b?*f9D1w5awr@e=9Q
zra&O=om?P3J^@PieUK43IQkY=`{48tnwx>~0AW8QkQ%^<-RZ66C7Ao{3#;!HP-~y>
zj}Mb)7QGZ%e9$Z2qaO}KRd8l$ZZz^?AH|Ov1;PFi*qzDA5jee*eG~B7I!8NDw;dhe
z2TN>v>SfpEYfuf>_!xBWUzoLx_q)tE&TkfIyALfG_pYx&IeUi`4Kn|e=`7TG%No@V
z;pJ!c5I~pq<EI2rOa56E_~}C#Z|7qFl9GFE8~BOanVMf2_}oRcOS-&yX$6~*wd(@<
z=qv5)?^9F5Ft_;Ek?+^?U~6i(i4WiCn`Lh5N{h-`+jrcmkD*1EUy@mq6*9f6^w_5T
zS?A+a4+gxP-QViBO>d`bZT%zm+G>pYV%G-wX2bkb@~iiH?&l;0T!UQ$&|;0f#SO%y
zrp9Df+}7kPv<0O1(pJ+9>iKPz4qQ!*Pu9kU){iCT=bw^9wV($vIS8kZ@+0-cb^ul{
z2@voGQmx<%$Lpv3)*G4x*H3v5Vh5^r^g|@`R{<a#0M}D~3)m?r|3tm*6qf(*BQqes
zjXcv25zSxavM>CnMz)FXtVZ^c?~EpB*zfmi*394W{hFSi1bc^X5(nq6!ymO>4VoX|
zb>QlLzy7wyYCwNq{54;*or&fTNUuoSd(vf17wgUpEB_oH^^Wn+lV6eH55k*j-5}o{
z7RD&woz1_i7JT6A1lA)n&i7=O!u354IJtV_yJ*|U`6=HG<mmGO=ZEK~YU5LU@ss-5
z+5L&!m7RaLvC09=m$lX5S55j6oNBS6xs|njzvGFyzO==*13-G`A$|((N<sT{-2Im9
zJOJ!{GCWmTWs7`EcFEg6z`LEt_y1lZ@RU#XV)_%WfMX}!<A>ns<O0O`o9pGLIyt24
z63eH}Z`;T2^9Ap#E)E0n46K=7Guy2Z5w@iY&ZeshmF&S7z%wuq!fAhh4lUrOmDz8k
z#-pxy21snew-o5MawWU)1-XnbI%=8MMTnc;ao?t+kp!~4_rj`9c}Gp!MNYjNBv2pE
zF%oNNTI^3oGPa0u+bCu@@*rUq`iUJs{(99u>8(bTQ98b6%TjXR2qi*AE{{kjclYMy
zl|?R}bG@H>k&M8+&sc}|pu7uN8*(6wm;(4{{*Xhw)&-O>l8SFmGZzMdD4PveO@SmV
z{ZoYsiY!v}!#=ylF#`_GI`^tt=MbDv_84RoBnPP9uPb0WqOQ?B;4Vo!2H?&B$mZiQ
zv&d#x;RhVLC(V7)U>KYwlA63Uq*f^J_Ku6G&&g?%hA@-(gs(LC6ViAgD~(6`lphq!
zuySPRRsl&(rVEkjqD=KzOU!gWevNWk__3lP?IRnE63t20V3xuB#-sh4-_G<JaJkM^
z^R(8NB56XUq+&nL0C7)ojA|wEt5GHoM$$>UtgtM`m$41e$qnw{lzvZ01t&rJHLLgd
zOXgW$j=3@}OcO$^dA7JEqzoOS(1QZueQWTV_q&jeVsyS;&$j)dzD<$K(sVjt8OQTv
zz?4g>MKQNx_^u-_y3@vr<w=J}l>1ZByp?$lqB3ajtkQJCwbck(ST)mj@+$qG>r95K
zH@UH6K#~V7!w9Ohfg#Fx?{AkPZXV#W%fdWlW-hDAj|=YFio}ar>r3+T87q~dgonj(
zM`zUKLlFc5)mKDzeA)>rc8`fI7y>C#GU@LI%WV*7%T0XW1m8`{x4(Yd?_F)7j@laS
zpgWPn*q4T;<=#>B^(ZQ-&fq2Y^-t!XLOawUgc`uVR~Ce1H8A_7d8g$|VhfCJrFq=m
z(}6L?>g7_S5aB@}qWq`*V=WE+WM_lo1=ujLoyx%<8zC!&o9DgeQHiMy&)J9$m$AME
z;Eu6?>atIosM!3sDq13Py=`7uG?>qHc8SJKIkOoSvJ<D<ChFoIY~2Cq#Qhd;G}xK3
zI;0LQp<K=}mrX<{b_D#0eGexqOE<a2C?jMpbkHybXG0~=Kqy&udFAV}GHJY$KA$}U
zZwxEPN8V7ugy^%LzC~(zT8R~~^S=TPEc7*OCOtNakWyNO2E;{1dBRRc6N??Z{#bS5
zfA(UpS~&)&XW&UM(vL;m3dZ!~e>Lq#a^7=5;0%xz@CPV~W`D?EHTl?HAvDHJ;-yv#
z$RCTYucZ0l1#*bmf%idU@QNzdkp+^voD15wZy(>USol_JppFrtYM!gMb);aGY+((!
zV%s~$>j-7&U8R{0UgQfb%UOYgR_Lawt`yzO6KC+=Zd#uOm<&@~w3fTgA3}^Mk(b)Y
zYKG`u8o9W8G*H@*J0(#>EbO(AlJOmP6!eoz2qtQpO}Cnxb32{TeNt(?WxZ&7N6>i#
z;z_kMO~x#l;2c>pUn>vGf~OjN%uez6mgQXXnzqBDIoCXlG&oC|ER@&fHS_fd9Y^G`
zbNX2lfLSb!DD`EEZF6+nt-x<f8}CiR^9nN>Ar&L{vn}hZX^<|{+S&|o^MmzJ3gs~e
zSF;YBQajsEQ7+$~)HbyROW%`IpMHgd<Ko%|s4Gn4!>UQfj#xpC(F;$hk4P0A#sYpL
zbVuH8oIMYQ^xmN17!V=bG`o2N8zF6GF|hj|M{(80A=e9Rbp;Zqx#vs=y25Bd|LX;G
zgPE4qI8x{`8GhP<q8<@kgIt8*sB0Qop@irBbqZ17I7Wrw9Kw!Zyy&V-op*cKK$5l#
z7xmTN<h(s{wJ`g5zAufLM#x->U*x4t^C(M>LQ|#b3zQ}l98@BBzfIX8-Vw2n5^;ND
znx{=2`4Ht2sfdN}y$b%hlqz;?p~qZoqpAsBfF}{56@)KvG(!dkXsyYaho^OH4uK-f
z%V)=}o$qxfT%wJrlI0{0bxa1Sgr-2k+mqjE`x8?d)HRm<pnyoAiCeNoi~Bm=iXst6
z`b!D)3yoppT_Xi8raD$@{|ObRnie`8&zSTJ6{zO}$k^cp=F9#$!1&2hH5QH6pY+D}
z<91~MMD;KkLkb59Ir!CdFg*mC*G0xr!rI|RW3yd=MJY38Qg*)jqx7zM<!OtZ$mH`^
z=<)#T8OMi2ZR7RP`1B4CAd_QN7fU><y64vPd4<;`<x&<jsY2QCx2X5nI|>J87u<rH
zrP}VSi%svV0CjZRC;GVl-UQu|%Ln!9^)<Q7n}WEcn%9TamGMg(+O=AvisJ&io@cN_
z1xz~vWvOSY9z!6p83;G0-N|+~e&b~znBvq$x_nR2IP5;u)BU^bMhej0Zp*e=Qj&^0
z@GZ4iSG~~2fme1Pbdad<e(~9i!a-YzNawHDG902Hd^Dd2<@P*6#0E$hg*jhs#u!D1
zdPQuZ{6lR`Fx1n#qXdOTEBUzex(Aw#l#|fAezJIu+ym34F8pZ8DkiDKg4m!wa@Lt%
zNuM`Y1v~ZM)YSv;w&<?|iox1`9)vIPeJUJ+J*c*X87gKojkZmH{us1`-HRByfkC%j
z=%)FT3Io2F-9yv?8yr$!o#>mP1s%w9lf^Jv+g)K2&JIR_y6Q0%HhP7V40KYDTqDx}
zs-l=!M3st&RF{T@eZinlrm2(=gub(i`&W$HGEB~aNbcCol*6DZhLeykpdGv0j~Mz|
zzG%F5U#e0CIl%Z!FOiX^_B#2drL3J;^T1>{^F-@At<5QHG0lVh2Z3LRXYqN4ZKsqJ
zb1puyO*R<Ba<mRq=y8|XV0w*)`&#B!+e6y7mgG3Psgjk!U$?sy)v70P&4`wT#{Gae
zyj@_XqwNw0!E9lZ@ahD!_QlSDFOz$R-TASg+EU|Z9j~B@lSfyeGLAIKO`UHy_G|A5
z)?Z<+#I4~OihVTUd=KkLO<Ota*lN%DpB!%nh9gDED-Ef;HN`LsrSlHu|LO#718vPL
zO>g6|VLyrUPy<;(p%dAPm@K~2&H4v+4B8*J;`?h9Dh`Ml@lT4JkB;1FP8Fdw=U2TC
zj=FeTy>E;WHKZ)!N7)kC!5yW5D6x-{oIr>mmel)4&W+11>3i}6^_@PPheCgeeGeem
z5uv_#1=B!k>iaU&Y~IiY8;k>|I(B6NIcz~();<RW@L-6J?t!cl&v<liD1u|NvGIry
zy1|)~G-|JTL=W!GCl>lfXwZ)B(l;1c#-eNZuqN<_U8l{w?oPdnWv<+)FiYwPY5gu=
zM}}gPh0ti-FpQge|7d<#B=+HBsMznsdn6i^SHgFJHLf>`d8KLA*TsOKvNW2Y`(#c#
zqPErAwp$5wyT|9WkXkgh<}tBg7oCcNEDnA;n5!#0BDLiz;4w7|q>C4MQf&WAcNg(t
zX2D9a70u1r%t05b^N{Jq3v$f{`)5jm;|63l6X*DfaQ#~+S8GyciT&<Nb^0wfG8BYR
zbo9z<nbq!Jkf1LU`^I;Ooe)4m{e^|Z27b?2Ge%^@3OF=@9Wi;o`*>jA&0&50G)=;2
z206O1`1q#6&#pflI~f$O@4s|H`m}}(^&mp7Tv7v^x&ew9OYsU$x%wKmHLqB0gC1B^
z1v`)I2($aVHZ3D#-|f4AkS>{NbZB)0)LQd&6_%Tjo!t%DU>1e5w{qJp*k@)D9`83W
z;hf1TbU9O&!InrjM>=8UI!U?vcA6V?J;T>opyax3)5%GqLeRETJzgrm%mZPb(=-~E
zkc7=+@!p*eFj(51I0d#1OSKK>v#{L9GW`U-ZEa;S%g4gA5(f4gRc%c|DsZu}BIj+O
zVT1xeHwG01f6j+KD6&_WOwlk3{-z6{aq*2;w-%E#5iV5hf88&VLTNhw=^TWD0RDEv
z#D4*?g*^QGTE7W@nHCrgd33ru7X<&Hd3jqd(5%{1Nb8bYlVHoogz^Y?g1c>7XQ5wK
z;Fu9iPLO-<cV5Q$UcB@ADJ<hM(*O6?yQa{TOpZ1feafc17G|}?-Zjtr7cqx!hDCd0
zTD4sVFOP~*l!R}w5bKPku#452_cFcdCnhdS?OCYH1=nhXEsesfI76GRw-=>}i&$?1
z?G;*zd?f%0%2R6ZoI9Zw>HfQH$N!JU6nZ^Gg^vD)c%e@RW+Tfz>LrG64*eGQ$MLio
z5|It$!dB>waUMvcFmjC&DP_)rg|BqieUeGg^G8*?8f@Y!zx9nC&SlK7ZGltK1+7ua
zXp{w?@ih&pEvuY2OcUaFB#Y)vL2e2@L;ULw9QwYyc;x1l0$l#0!>Pw()E!Rb<2?sX
zepB2IN});`oQUX&MQk~ILAY0Vq-Y88ac$d-fDOy&<yue(4)@e5DGYwWTj;lCm?zw(
zOu5gjZ}L*a+}s=D<lv#Hu3FJK?^&}I@0w-QX!Zp%eXZaWu{@l_J6V3S&ZI8iwFz)Y
zP4d?q1W@$o6P7Hxg2u=~DO-$5%qP_YE|mJFFj;q*fNFZAjZ5_23O7ZbHvF9jpY^!Z
zATXNItFOM8*pVIZZwLAO#~{?pFGHl59jmJ=`+3WqMpf#hbXD>6d^3)RNt<(Off)&x
zj9K|j>3i^<qW}c^8&qJ=W!?e7HM6^`4eL+c8Rwbgi|sV5THYxL=i>2lIO+}&jYDZw
zO*YVNwe8dMgtBcYH$z+SM_+SyZva_}-ryX=u7zpUR~jZo6FQ=5{D}wN-w-#x#t)t)
zDb#ZZWAN$NivyPgugEg&-|Gl)i<T5H5f-u#VI#_|n^pH3zmwUb!c%W`d||LazE%SF
zAQg>kcDJsTub72VG{_<fBr|ld0Z&f*?V=J&U@2W<qV6%gj{eyXWO&4LcJ2n;4lA9c
z7&F2pj=DINP@kS6{`7UkRp_it4(sw-UlmNKD~jS%N84ks%M(n+GCA@B$6GB>ws>u5
z<R+twbkD6Ibl1?o`Oqw*;dyLux?Vj~M57*US!sGH*<?>QqKL=F{XqE9f+A!pEv0c0
zo@VjYVH{MCX3CFAe^(PC#r%?~mnZ+rN^si2$Mhg2_uYRmcM*hVg}IUN<%?Ri@x|M1
z3*Y5<0{?sf5&Yb9Csx4J5W@*iQVV=2dluVah?wjEy9*9)roO7-aZ#65C%6-%8<yIa
z*Nn+`GVj3?qytRpD)X6|)!^1#g=)|D%{x<YY4T$&g~bO{>G}f;SRkOLY-$n6ZRn3G
zzE=b_z^=c)`{lRr0;#N~cEH0utZUs955!I<bc7*;QZPz3<+e5cjLQQasdS6S;?N=D
zq@nK`bs+&^r|QLyQ}WD7KXoJvJA`e?el3#tusy2GGj6oD<K%s-!KqgVmlbgY70)0w
zw?Q%+hIH$yfF4?*xncTi`_FJI$`KAy^82+d!q?xPmFtwz#liIboF#bkA6J_NxGD!p
zE@MyN7DAnUTDEvPw@PMui+AWQ&^b#v`(H1dE!o=by5Ozpj5k~u?9Y3H0%IReAM($#
zw8LV{#Zp#0)fI2u2W1#>2oZlT#MG4{s@wk>fkxr&NCdx|vkGqDRu>0*=!NxLRuN)8
z9Zy7>atO+)k;CP7-vGG7oaCLVKm6B$+&Z;SsKE^%;I9ZyGDoo>(1c<kpS&uJm&|%L
z5fqk~4)eYF1;ayJ-5!gr+%<uU?|rXEYrlJ0RGVKP(K5v^`xV(=aFV7l&lWbvBxjD+
z)#bsawPd+~Q(aOL19P2kmTRDHl1rSK%bTOT83$LG7O1!){D;`?fQGdmEKx)jw&*M?
zL4L3pMUAX7^`})C=~{i<3>EiXSE>#QNIylqE?NUI{CZ|9ZPD8GnJpF+D=|?8<Zghe
z7Uvu}s0M0@;&T_RLNK4CFM<5e`r(w7X?)8am--pBQ%+r5hgIPAP%|1)7xhkdWKD^)
zZ}$BF%TG-V2{vzDIMF<L=o?DL%k+|KGAu}$lW6z*xkD)A6@z0ZKC~zijBdeEwKR5Y
zPZW4Wr;#TG2gH$uYjo6wJVsE9Doxc?@Km=rsuqlH4v-CmEWZw%c}T`!YX8{c35bGt
zM?Y-keuz5au2HpI2W}t-RT!%gV9is4zHL+0t52J0qhahPRl!!-`>g)$1=kSU;C7IW
zmRvfl`a8Sq=5L+3!Wp-ZDDC#+h-U9%uLhO$QD>P!sSpFNA=V_lHq(W&3HNt*y>N$o
zM=tDyKvzk1<2IRh^xUv=7d5gV%&Lz5QTbQeD_WKo`tkh*c;fcVm`e>LH-s!E&aleJ
zMqn~)U2A4R9^A=OSxTzPY#-{5CzWzJ*#eSVg@B+FzdY1AT<iLrBw=Nu>Y()Re3RVx
zo|XNGpq)XPFc|0I(fePrFxN>n4FX*FXbXeLYvGQ>SWvl(oJL(I-z0{0XBfYo=Jzz;
zBSDwxX~~jXs`M(MNzB?p*j(tk7-}h+m=xy{e(eW&7r#u?VHe`vw=C$(rsFR4UEC5*
zu<_l5tw@O94pKVLwYOrV6CK1TS6RYC&VaX%-D$xp?D){M)r%9DXUJXFD`QeKn_;~%
zZbV?D^qMZ({V&GusaKG2OTh59)!Vj>-nMPqwr$(CZQHhO+t&2Cm}DlIi>aiNsvl4n
zm9@U-y?d-uAp#N2cSFD*pr_Idp+;&It2?G57l(F=Yn^ih(PK2G^*S2Ql`VWvrn^pa
zfF$$_*PoBu_P{}d2VY4E7Jzv{yKyW!Pk1AsfGSz)OO*kplo!tH=JE9<?j4<u#S!8c
zR>4K<mB~b@>d;32I*K*<=@<^*h@YLP$3_DzDP<j@RrhbN@22=}KusQxshsb%gU!nv
zy8UI8V;93l+iemxnHFZzo;>c`*sd)FoMt;Fvo*%O$TVg0C(K6sV>N{HfIF15KWZwZ
zL6ScCR3mKwr(l{Ez)#XPrq^O`$2QDSZV}!8)Ooh}VER@?*nB6OFqV*Cy^fapB;mNA
zAc@XR#VZ5J%uI%#1+lF(P4s6HW^uncNF5EY7B{d@aPfQfTiZyU71rjsAVK$Xsmf>v
zWw$7nu%<2z$2UKbSXV7HiSf2a1Rr<OFOl|{P^+ns$0lQi_vV&edC6NwuXij={j(u+
zw8Hk5bR~Xr0B_9O{+42?63&m$q-8D$?#WXe`sI|*zszBkB^;}f{QUA;gil-=o^I8f
zLXE)Aj`Ey5Rb)<XmSR~WUUum)?Ja^u{1t+e>UgtNN$?JE*A3HvlM_J^MB3(ruVk>m
zR$LfL^})&-cOu0KFN@8)1!W^HN*4=|S>4!gm~197smLtPO7Lk|{zGL&oz9cx)r4yG
z-+4^C&Fmwb%1lUUG6zlT;(Zl637ZtL6H9O(k%LI(bh7yN_^{mbOC<Y`wK^C#)t452
z3v-r9*G*GOv|8ygcAFTnJ?gm6?WV+FhI~gS&UJ~U=~@phPLw1|#Yf#4;#zuOmt27v
zc4ya)zdQY05nA11rv>Su>iMu(3!fP+E0*f}0xz{-J6?H?e&ZqVlQ~gN(D8lTf2ujr
zlg_>fl2k!{jdnlo?$QxO*{jo>)FEIHKue{+91g=!|5`|-n6hTDU_h-63DV)~g?#9+
z(^|0Ir(d|@s!r)C29MsQz|DVXbHVQlh;6XT<*aLqNR7j%mQ~PL6Dk+Yd9{;W)`LXT
zk#M~>`RM)(>Ick2d(xshQJ(OpHrg<mOeNk8nOg=Y&XSE{TtiN1?s_f-+pQW7RO3E+
zu^ngU;RTpa`QIq)9CA^BJmI<>oR79IJbez$?JhFov(ldy*?i=WIa+zo(?O{&`bJz!
zn?dz0IP0T1`6#Tyxaq|R_c$dQ|9z?!4GD5;cB6q)CeNsP%kED4yC@-@avx)p7(M`?
z7KlWev?^Yuj5Uh0t8GnBL7g~7j;Fe}+DZ4NIJZ)O{m>$?|M1*)!N7WOTwLAOPAqVr
zUGm0c4J^$`H|+phhd<^OU~-dBVYXWAsKNz{p9G=}%JWv;^lI7B3ZIS9B_A@~FLoOL
z@CTAw{GG<|@FwEGzYTE$BlP0Zs)bPDK``Jvp3XkZ#`G8WQcGnT;t=&;^QMOCRD|Ui
zlUmrSRZZENvooERjJ+^I;RoK#x?0aWa1?F4YQp>9_V{eBWa;co3ZWBI!OwCzsh9w@
zde?nC*V$-R<@qd_RU+^C-Yn6RdVByNJ;FA5OzjwWXhP$k4*kYO)1S&NfoC3j#J@Aa
ztM%3DcCNW?+Y#rB1p!N0NlvI!p5re6GE5kU-ZZ}6>EFU~dAHT(`Ftrs>ctKoy1laH
z!~J1-u(UjBGK%jx{?GcuZX1G*-z`B_V&rSI=6icPX8*<zWS0tv663MAt)>cSMIM}n
z)+ruc(>a>o^5SVK+oeq{6siTYDR`l^_B@`PT0Nl~5gtbv-D~L|<D?YJkCdL0#zC`Y
z5LJHZoBGup9`{6<H)0d_Zwj4UIE&BwsvQpxgyWS)d(|nOv>6i!Ihxa{-eVVu%{+1n
zz6(|h7%5H4SUdBbOHwe=ozrsO<PtS%fpo6?)`p@4QwR2Iv}>d>R8B6^LQ`TP-bxg#
zyaLM3__EfwV)P%JbIwMc!`lcv06i+PB(cZHg<Fu>Pp}U}%ujM@&{<>`7t`QMr;`-z
zL#_D^dV}-0r%JY>9r-^ozh{j2Ze*8I!-5ulEk~dWv-Ukv3ywCOxJ!Yfr%d+b4=6JP
z@#!WQ(m1MzvSY$r9w_gB4c$r`7p#VQ^qeVfVh{1^3v?xI=89$p%}iK)l=0@F*-=%0
z!%`<PI*U?Xx;f{e2a$4SG`=OCOUYTgU09>mhEomI<N5ME&=I-eV<0B?aVugKf;BVd
z3|zH-V4HUOt&4Y%IA6clNo;@$l}c~9Sw&zvTxUQFB-Tc2&e7X^uY#@7;(8QmkE1v>
zED7J=i9~FXGw>xKEy<C%vo=JTe2^VLxbT<Ihh7HGBqU6+ragOdaI?Ipv#N*#4N7G6
zV+nu`_+(Lf%tU%l;i!;(PzK~rE`MWIBa=uE_T4@WXW(xo-3uYB>$jVegyQx`JY1+g
zyAIg98JsB}Pa^pJmg??mDIrVVpnkg2MA_maBgBVU5SW6?mqyZCgx!pdx_v%xlFopE
z(<NT-#cvY424*Xdt9cSk)_`6Lzs&c!bGGoh_U}7fKRP3>NnRuicE&`|bGvlelSjRu
zM>T{+pN2PvIf*%h3eE3xr&a1H)8SecWW#kMaiTYY2hgT@Qwf(W#Ik>*xDKfjb1^S3
z$9%f<o*=s_>&8r{hDGofpxuwKIUEVlrKGw}<+RsfIqc)~t##~?-vL9ohN6^g;A42?
zd7v95a(lo?c0u${+)|%4#LZ2KtVs*MV3?QyvD%pM)=V0yiC%*i*4H2vvli?BO@=6k
zKx|p%v)&CZ28W;!)ukP6izbyU*R!79tnH0_+xecx=U;tecL#=p*ZJSwCm7X257A_0
zZd<Dq+K<(f*zM=6H~Y7$Ab+9vV+w_cHN&$8tbV<=-wqHf|G4i65j8MW?GL@P5?}-<
z9nA{LxQ({niZ|AV)Vii`oE;gY-K$%Ox`R<%$!ZTuYZ6!V&vThIsE<&2?{iKkE?Az0
zJZmc4A`xSrr+>zdI|8-sBdE6xHAC+7cO`y7>2MdPs2wjv_$#=)fAu$=7|93{@LWBw
zCaxaCl)c>tf{ctF1zJ6Y?MLn|i0-4NwWt}lK^&hv@G@D;+_GhJ^K||Rz0;vBa-ih`
zsSIfSlG**#sH&14UHgoeuAeuLP#MI)l;-5srG)E<tPrkyGvXfGI&%YEtlB*O{z0X>
z+P+|A_Aj*?u9L#ePQUtDu(Nd_bbd_+aP4B3-|KD_m0@nd`O8axFR>%#1Dtu=X#G!w
zmCG!+Z*z#82cNxhOO<Y{j;T8Z!?Y@T(0h_*3MlcuxX^OYC4WEHN6<==tw@Tkv|9P1
z1GpKjMTIbt?j6UTG(1=}F3$O8xp1RH8V{atQ17R$lSG+Kqp4oC&n(yhppgI#wNln3
zD28nlv9QuPUsY18;tqmRe1Yo0p@bLQ4#q2f$`_T$4~4BcX~aY!3#wyLT;96GM|jbr
zJ1Ivh_YlT}D{^0U?61X0Xf95%<X8Fo%<jZ;o<D3C#n7S#^feYa4W?dyD(S<U=h%Fl
zf<QQg@e7g@4TQ<qz%^H)Iv{!yxZiP~;<$V+aC3F=bic4>Yp4%=n^#!iEM_nf`B<w#
zwYw?buzEff6KmwUd6_vkL<<-F!uY(7Hqfbpo4U0}pDiZCID}D@?M2QZ;yxy%kw!@!
zedV1qYQFOtOH`qav)P+KmDDVDu<4CacRQy#RFV7Xk4lRx`a{LnAHpCo?mEz7xrjZO
zPv5<^wK>=(UTn7!BBX)+UO!-tZ@Ps@80$CDS3?=gwzVX_#8vfl2^+GC{WYYZoXgS*
z13aUz<*j`2L7}f(LgF7>4~9b4u5XWne4q2L9t5^Qta;Q~x-Qo#CO(e)F+E!K&xx_x
z8H~X4sB>ZKRZoBEE)N9wLpzIBtGl8l8=@pFtMY_l2hVMp#l(z&S&u-K&*1QbMCj8I
zz=48rm+F$h#^$Ikx$R)syidq640}Zalt^Qg1OkoIGT62X!z6_j$m2;tzRuZ<yb4aE
z<83l$1nmBlKz=tFkP<Q#s%`S4H0F5(v++#?K_){4C|Kl7G!NaCY{N4{MtqnFo<KG^
zzG3)mUiyi6-DYx+!WN%EoVJ4!?@1o#zv30A?H=E%<)HalG?u@LP^JhvRqpw=DE+K%
z7lmv1FuZ}?)t<7k%c2~ib657jnP)fY8`g*CeB6rDd}oG8QK4SqRy?IB2H0bYotpyw
zMN6pluagIeEx57Mi>H5a=YK<d5~}{Hr?LNX(R9OKz_ueI(`p*X$XE;aJ`$-feu&Z9
z1b5NCO97y(P9^pEOjKL$NP0=298MaSvx%N7QbUo9Jd%CasGD7l4EYMTH2t~E=7TdX
zQdN7!i^Un+xj563fZ48Y+O8`Gz){#~<=tfw50nrg;dSRVLlU`FQ#xtF;li=n<Fh?i
zL>pt%HVKJZQV~joj?<lzN8;B-Z6A{v^Nnd3$y!)8fQRfj^?s<umB;;nxyh+8+E;tg
zhLTsT%-gH_h4>1r3c%CBqpXV&cy7la!x}=NSPDfJ9T<byyX}K1qG>b<kP}KRDrvW=
zvN|0uPe{#t#~s9fk|8pKG#*}cu3<Mom}X_$M=<7m45-hbc-H9Ry8ABPb6(=2xi?p^
z7qVgVJmqb()jCAXROK^~?KshIV2>Pcvpk?!wksfcw{lctpDR;a@{L9e#4gL+$#Bm(
z8{^ad(%IQhgmAOmL?vq-+jsXHSG*gj7aubF=q>v9lCQ(fWh$d5+c_0O93_LIaas~Q
zWrE~$pI&Pi$IoYR{$C0cPPX;cIl#C^ZV#|z30j1F=Oe}X?ErOAhgBn0gkKTl2DOu%
za58o`hucKUFhe(#yw$7ERPN6^@E>F65`x8fJ4d$;-E+SQr(bSeAz5<EuMcR<7)7H=
z4uTDnAY7t9r19wT5+(4zLe$nl_EBTBOAK1w*#m9`{n@vsWG8ywaA7P%UYX3#v}r(?
z3F|xC_qyuXYV|@|(z903NDJZ-ny;T3W_+)W(hC<tuH*TiQpKl<dT1<O5jtv8$HBS{
z8FyIJP!cUB_MT+5wTx6Hjl1s#<4JPSz9WPv-VO{asbbi8v_nJQ`guV3;E`6=RI2>0
z)+!kWsoe$p+O^${0Bl4W-V4{NbOm8>fr4f&8Pah0=2gr&q5>Mx4eRlgAtt4F$Cyek
zV<ISyWZ~>_h(&h8BRDGCV=2q5AkyuLwA9YRFL4%zeBEZSZR!@m5+cgXXGt_1w!WF(
zX9xw&3h4pNZmy-;d^uMqA$^-E9MpZ6C&g<PG{Mx=c5N;f(%f!ljV6@mJc2t#wljaq
zqsv;X?UU#w?6JD^H*NnYrcmgv<r+WHP{wj6Q*SEFR7{tMSgG<zLE75qfCwliP%W4r
z&NtsH`ee*)UrlltBoX5kuS8$IPxc#^ds}IWgAhsoizNA!Oy4a9mwQ#&xfDMJxb1y_
zd?kED%J4rMX`bfU@eth@<K_vz-tW`4z!Ch*fE8C6{Y{!KrP$IpKZ|P72S4<SvnbDu
zoh;b6y+<en)scVdp8q<HvC{&RR~k84DV)cv$4+{ZKd%*7W^s!-WVC{F)Eh%*`PESF
zMc}|vngo6frz#preV_IjNtV}WGS~6r4o2F1gx^L#QXf+w+#r_A@w5s0>zL*vD?O|(
zGK$>&Q>00(QbszD`qy|;Ad5wFd-;vX^pk-~F9GTitmJzFtQ=^>QZD=p9cfd#X73;0
z3&g)W6wfGJw(@QR{%qPTh!^(l&(*~HduqW-vx*|6N`hzUL=qlLkzB`;NDXscp`ZB3
zcGa4H&gCU-#N=#{0((ewKTJ*f>OUK)T9Y(Ck6z+{q4029i8PDR5_K{w56l^XkZhzS
zAp#nd#~L=j)t*2SU(!R5#~D>NE2KA+G!@qJ;EVrd9oj;_*{#3ZORU`L{7FxOU~~}c
z{;UbnSzP3LB3do!Cd~Ifd=NkEB<v|8w=%z99aj{vml^?Ibw=9@)XJkbP?)FhiaPDZ
zqeh_`UBRsxCW<BcH3TClcBXX@Mu|P|KTU1To>u60UIg|6`L;ub(Zh~nx0{acY`xZ^
zY1RL_Ba1H_6t}cQDht5!*lI?cGGZ>0tF01(9ql<kzJ{7u`BGI;6BhB+nc8uQVEgpw
za#%y11xhzE$R`<T)MZyaZm5$7A&?DWJl@ixkkEtkO)uvDi?advVw(n}_-b1v2-uib
zyt7UCGbRE)#1-8<T;%**XcI?}TAtHzJr8Sl@GSy#Vt{X*K+WF2Im<XtJ>2E=>H%a(
zr7(JZ<3;E|F=x(VM<jY~QKt3qaXma5B&RLwz))jcO4~maQK&GHW}Um!4IvzIFagn=
zGJ)qi?snq6#D&#10R%>#qRiNUfOWfX+YHjFygbC|`co0aFFf)n@}7JU53bg`q%-cW
zJ!md6BPZ)kAKk;ZN5=427^i1`-i&~Ige5Q@T#uw#mc6LkLM<iEzxoQ^E0-dHae37_
zfdj>8jC5lWFP|YOMol#ZGzGQ}IoelA8-~IRPUPtKb}Ke*A#Et9psa4aoZ1X`$&nET
z9*TwgH%1%xjzKq*BrQ|WA*r_?JSk@{ilmK?1{eE#iF$i8KLnGg()h5u!p%Zx%#6+F
z0tbQdNHOurxR<)q!P$rPlGiRVYgRgvt@`^|6Egs~&9Zj<o3=`?bKg)$5g*>>pKHuj
zOFL!3S?vx61~Pk#$I^*W<RZb}d2Xc+jva!yn-WET9wAD@C93iXeWw&uxrp*~3|koP
zfwG-Ue>lRZ*fH0580h{sZ8-mku>98HO?0e!d3$J&kBMM1>$Jbci^9n>9I{HU5M8gp
z!(sCsvP0et>g1_Z*h9)e)V+XWsV-<g=~X8c%Hg?R6H<7mxJtsi$Sx4)l9%1rqYQJA
zV`U{Nq1fs68$j0?wxfwFUtN;AM?-Ey{Q;@9yrfw;XzcK~y>zyrP)+!NJoxJfO3}eX
zCB^S$k|Dj0`_~09X_T{m7dtGDp~YfQhijXg!UQkq$jLiy%{FLxjd~F?N16DchU!xD
zMBgjKp}Q+!a4P#jvf7njdWzXAXfiEfXagg?9NCj0_XS><kLjr_+1hKTP3<hJQ-Vd{
zZgH*V9%K1~m~VF@mxIxNnvbk9xdVQmSZu;6Bq!P50GYIn9|W(3qr-RJ@}MPH68YrY
z$nAuw6npU@@@Ec!TbHOnSoRXOVYM*Kz+Kpxi#=K_cgYubaO&Uj5E78c?P=FFhOC)W
z#?iVCPA~oFacue8Z=ATn@Hj{I*{lfNlW`TF1Wik>8|{iuh6-*0+916Mxko^TS2?&f
zR$>$GtU7nu;vePxMB|643Pw{r?lVAbY=e)3nx?M4v9#f%A9`EJ*PgIFjmJ#xQ<bD+
zd*xag%vWWH$jszgDt-T1#eF74y%4(MeTB)61UCmT*fL*PWEJ^~EQ=An#{DUqy0`FJ
zw?YxNZlPdomTMTTc&k>0Kc4(I4-b;$)t(mnV?8IPmcQ?#>qz5&`SVnfV${-K6J}~l
z0c?BJX*2f20J{TSPm`2;B`^k{3|0ru+>zZXc$Y9y@jXxpZHzc+KKb0W4~H2JJ8uV&
z!6Hw!%io9DEK&Xt>){lHrrUA{h~`>@G7Sd3$C^?qd2Op?dINRzI%-9`v`MDSLtffy
zu4gtd%fC9StgH+xHkHr`D`%V)vXoQ+2EHg2+9Bak#vQW5KLbl=#sIg@pka0{l+{8C
zk7Oy2$H<<04y?kT4o!X_t-99q#Znp^u5tt)##LIo@Q0*lR+MeZ&2|--CDyTE19BD0
zHZ36!bl1@-Nk}UyyD9cH;$mkdY)NG(Tsx|NNh$tOS|P#tXHo2T5ta7be}s>iWkdGC
zMelU0NMtIM@I+XH%5(vnOe^9($=)c(OF3y;oIHAU*>-<nIt6x@uCm%y4<E}u%74>j
z<+H5qwk~83Tpi#S=um%FNZ@mTg^o?L#lW#q1*<oR{Y$M0C}+Z_s-U+6gMxR5Mqp{H
z7iHCP%hf;dj|~|tul8!!LWK>Go~j09@UH$t;*00d{_)AF<P46*TxMGghL&w;6(>?s
z71Izr88CbalHtCNnubf`_R0Y=r(Q*wiAS6=H;6h8`m#IH-IZVx`30j<(_xTNzf;8K
z6VwP1^*=dti}%sRzbz6g39&u;vw{2<{`?jf@v5eYR2_42-x*Dl%DrkmBYI8)a|&3C
z`6&j*uwbxs!m4S7511jIQRI1aIIA$2q#3i4v3Jhwv?-@-azTZR6x>UP$7i%AGWe}d
zwDKY6Ic~=CBz{Wg8C(tgyGHSD6RkT`C;OWvl48l3Bz0mP#Qrf%oA|hwfA^Fwu-tZ7
z+C^^UEuqYXCteFH*V$vx7j_1dB6LtQU(<@CT|}fT?nFiLqBexJGg~G#F_>~4)J{v6
zhyAmEioX+&Nnpl`v<K>b+Bi#wJau_zitp0b#H$iT1n}c7Uza#&2nRq=vwUB%)p>Cj
zr05VWTZau^)^U!~?-;r*WP6i+V8_bp3lP?8ZMqCq_;<ImzZ<Zwz#bbjUBJS{paFGb
z{Rk!-aMfuQGEmUj&>bB8BF=sz^94QeSp1EDkQ1ShgMidK9ccURvX>BKJ}(V{vg(&R
ziL~p&yU!acZatdx;!~6#Ns4^}|5UhgU$uT?HnrQAATJNdGXDtx!-Kb&S<ow@?-pMx
z^u;^USCw+!i$}LNd$Ye;1lYqD0#jyUnwdXtnee<=VKZZ_n4&pO{sVQ^u|h8U&>6%S
z?&bmWB0(MID5rNJ?s>zBaFt1m&GaWp*FkpgZbU7}&Y_m4t&ysM-2SwbPgc|I#z(}{
z2S>+Jo(sd2gC+#^6sjaO-$ws<hNvaSR129k>jUmbfOmU$t~864nBWaX@LoQ4HkeAW
z<^~20UeR*=Fb)rZ|B0e|9_i)6aCn8>qkmtf_BgSlaI7Tua^psQp93j<xMSm`b?nN7
zcYXhyfUYYo-^IulXzB1!BkFT{vTUGT8XF&r0NF^xupF)828~bx4u_b9YH}tp8K*GB
zn8f%2W2PP@u|g5E*fgZz70N3%1Jy80L_+$>!O~tON8<HN?bF?wUeM-_>rXhAa!i>9
zJ5daBYI5xeH6P1uyxgxh_t@vFooGkq`USyd;Y2ivls?N-?3t;dH&)Nwm2e`0*fFd(
z8cV5ZJLrR~lNKrRPG<l_@XO9?{w)q?q)ja15l<1f+XcE#)x1%GTtydC1;=)L8FCG0
zyTiLk`{uB_l@l<Ln&YdRWjW{_vrFO})@~*SzK&w#1El&MPz_v#BL>#d&kLoW=|(ID
zH_7_o!P6IwW&Xoi^^azPMb?!=@s%lv%>a;V($L`(Lcgfg;kK$Skf|`p)j%o5YbONe
zDOtj6oQcdND=H~>i<ejKIV4w8+P>I#Hy-ns)CCRw<`CKnYe&-{yMRSQJY+MYl)X48
z@tZEago7MGI}Ya6x7@sRg(P8N5=*}G(x|y#VGw7l1}Ex9x~{%m@}=ydD{r@NMR*V*
zwtRU0N|pYhD0qffcw4{WK*4+>)XFHli1Y**@?>Lb=pMQTz8v&N75cXBgC@*rm_}X9
zVM*CKY9f6)4^kZS2%TBgg+2+XhVL{s>h0V8<+ykyRsF#IDcQ<W2ZjV5CX0My?RfK8
z-?7%hQW0_ZxsMRlaPjJZdVOHn)tW*E|J}dsh+4w@ZqD)iZTQ5ZYW1E~n)vRD9Ch78
z_u0L+JwhZ#Jh>QE5S&^;yz`fUC$cC{ZXWu1m$jBtxbej5*ct^T$ltn?MS47}1daH2
z@6iiRX-k7daeJk{AdX*qr}SST<&fed5l{#7+*h`sH{#|--?emj%rj9zq++g%k1Ji;
z`b3)rzLOx9;2u`$>EY|@SebJ>Ny&gI&#%praCNb!#rU<=n(Tz{P=!s^5e&g6oFIaI
zCjAxn<U#N#QzG0w<M~r?|1>#GFBfSEdD%rJrl{|lp}6jTyEb71pWGtVc&&My66=*o
zNRtEA;nBziFlF>6I2DKj7lz+%<a}clu%DKta56VC4M$Il!uutwd|2WcA(XbRflA26
zcx6fHv-S1pqUn`57v4uZ)jwEr=0dTDp2g42n<j(a68_>}nDD%eo;y(UML-QAtD74q
zOfZ-wP^7c3Eh)(#&85^aQ%_<7#4)ePrkt8B-JRvxv=8PRjG+67)(z?C8A~GNiMf*@
zuqcSwJU{42rP>`861L$7l$E7W%z4mrhB?~E*VY=p=-bO;>;{MOcz`6;XIUe|55pt^
z;^@{p#rv*Ak20q1<hbd3lHNP0n;KX6Px2;OGJ}uT3*D9^Zc3mPi%%V(8Jayy9m-BD
zZ@^OF@VdX<33F{r1gyEOUs>NDbtpPs5W`kpIAdSSgbLUGystVKHC1QhluneDp9O{%
z<Q<?eI|p*{7ibI(5J~^^V|o~YAl02mm-}g5;Bzb@$l!Wo<4ai;iId2iRWj%cFRw0j
z_!zBQs*1860&-GQ@7+)D&pLR?m8Y}kmeyzSNgKMsKh9i}56mp%pn>YVLLhUywF4QZ
z$o{`)6_P8+ESLUu;{l!7mX~C{p};etqVN5Vj!Q@+?cN@ZW5egMk}Xk!i!}72uD*`c
zq#b`wDim)T@Yb&S>@UK5?7cP&3YSq&0iPc12<vpC9qM7Zs0n6#A>VB56G(rV$-Hka
zbWWY;%O4ZJFDb!@4T5rZ4*BK*&}80bm;1pcA)FA<Zy1=@@a#?F14hV`5V{xBF#5xB
zTp=cBoJejaB}(6|P^_RA#woKLZ|fM2U#qaiuC3)HA($A*MM$(JZ1?kP846k<1YqGA
zTw(Tr##Q2Z((rjQXj%EsjkE!|Ib+>sNVng@q4>);R7d&1bGn|ugRvN=`XGIECmtFo
zj2Qzemf4~L4I&DcL2TzENc<<UqtqnO{KrnttZ;qJSg@6x$34O6#LR%;|76i4_wryB
zvM{FdJ<FZ!Hr679i=??ONg=7C?^hO*Dwm)`2X`G+V@u=$_QbX0&=uNT{yoS5%<LF{
z!SF7k)F5rH6MQFFVk~eY?rI0ZW7a|#beYi<|0kYHf-&<?Ar)vlt4xqo^(<(X!wN_x
zc7XJ<IueP58<&7TjF3}I6se^7%$<^~eH5q%gq}R<Wu(nq)p?80$hI-EB_X`MySZ9U
zhwpfTrqLjdd>|>YB?Kd&a~Otf7HFF!29SKuo%BCCus`DgC-KNQXyTwH4;rel)Nix4
z>3t30<9isB`VT|3Lg2Dj3Duhw5wjWRRsEuiGRO30;fpgz_)J;Lz0JIe4;Tm$Q+djh
zifWko;P_$udhUzZPQJ-^|64C~sRfU0?<-xe{4=&7!&yHTq@ZPviL2=}<#?Rq7nSnM
zbu1+<3_-dtk8v`bn335pmKlf~?#}huEMzexbgROQfM&##LGrm%pq@YLAy)i1A1T0u
zv4j=7Y1!k?gj_}K(i#1!<X_o}faU9~rIoYsz5qOd`Y2#Z&g(NgD)YJYeoR@eAl0tO
z=qA5d%<(BsZC&Z%<BX|69LG$3%xnYFjGMgmxJLsN)``G9EPIJ1`|AQ>r4&D53l>o%
z>mam@Hr9#}J^2J*1wt*(7_pQr50EP`OW3BBK78HCC@~6SPtIZ2lWN>Qe+g!S$ept?
zec?(I@<;F)DOIwi;ot%!PFbi=Z}iIQkUmL;xkrd776g?{k-6PU(u-tHCaq|+MeuEz
zWQ{qHT^2(7o9-ZVH5Tg*CL^N}4ey^6)}gbWWp@7DJJPT>bp2`sZ0^Fp({RYIBJOCS
zxnSkqsgGj~+~Yj=A;Da&0+7^Q&&)Ows_X%$nDS8?tbeY|`lPW`N4{}$`;g`lUL!3q
zcBTa;?WMFtpHQ*;`y_$YZ*hDHF;<Af;<({s<Y+4s6cFM<;dFL{-RM8Zp&3ew<ya}L
za5B@()>gb?HTBlrp6(lQXF7k*D955{gWO*gw+WcdDu;oNb5sW$ixi9mb1bqRCzTx0
z6$I3J_|$Z{Ho;7jLnje!3>cnym?HO_XLAsMpA5c(m_BhoNTU88t9I;=T<vuO#Yi4O
zWs4mY<qgt-7-4lC>k#eOC>dKO?R6=n>6ZhQ!26^Vunw6!a}(63R`AY99Utz{O}yn}
zKG^Pl2-vH)_htSVT`Qxwl3CqE_&7+%#iPb~3P3EdWVE~s;C8QkUus7??iv_zaDF9Z
zt!pI;UyNqPtq(tBG6vRtsVpnJQ73d|U@J!;o%?IQVlovYNEL&=rdpzJB(evO#en8f
z>N{VXhKwt~UFFI;fpM{}*ac}?)~xS@)l(oyj-(MRRHV&_1w-7?C?oyUgWigrB&mys
z=k`;FUAP=wB!y`7hg_f8MF?+oaM17XJJ>f`w#6$XV-K4xKQeCZ=eO6*3!&vk^A^Uu
znKgT!zO}KoKB!;~A<Nk$QSq#RnrZA)urymu@8T`Zm?6APAvZ&)bPpL7M>Cyk36&&c
z93^hrP_i-SoKZP{vrQEj$cy|N-S#r0*HY}U3bfB2=}1#xlo5NzPT#dBf{QYmvD_fo
zK~k<tY78my71#(zvhu5hPSZdF$l?3Q6GYn`c$cEBkn<BFUJ45M>vT<hCU@O~+TK@)
zz@-CU4=88x${L=BLS8AT$ZKDO4rl4?Khk+z7|_0>y6i;JS7Q<>JypFTzJNpKq8j1V
zGcf5!RK80t9s8Cysw^-X9wuidibra=di@1%^{L<8*+0Hc78uD}PFa*XtbFe=bu?P6
z956TW{nT^RyRN$`x4OI!t3y7VS$3Xya*X}Vlpbhi{TQ3jVoe61UWTU?rEFBvJkahe
z2g`0AY0$o>%J)Man{{K>79T81E*Mf!vCvZ#9Xm;wmb9QEK^}2YJ5i;Hn`zdJdaf${
zA#?=tw2#8Z4PQNsmHZt}WP=y$p^L%g_yN5*e@FB*JhKVUPvG(FxdIJN;>v<uTKZHM
z74Eqsu3iOp{ZvsMng@Hm(ZeyMeo(2-Bpnkj%*MEoZ;C00VJ#w|e>INk`zVK1;rdcM
z_DQiE4L%iPVXK;NB8d81>qLtB=@uO^RNne&ScMcv4%3%HZl2i@0^8e(;$q&mNM*J{
zCx+V5>{6hV8b-NYdj|)6y4pgqx+9y{>RjHDw@^n9XBm4(QIb&KT@J+A4NPneq@<av
z_ly|jt&J`SqFtXC4H1iP_yum4iMyDTH?4+Vi6cX=nhv~$ZkzVK{r4AFMbSRH_Hw-1
z(GZ&b_B>{|GN;6W_*Y8qXCco$2&<L#`4M?@n{MFL;8frEf|G*Kt$FQR5pH<Bzw2qj
zP7VS*q<o1@#ay1-e_T4Wz5_Pn>}v2*Z`>X(3vt7gUo#qBzofFw3K!3;7ZbiA61_aD
z@fCA^s~%O)-pM4t4~(ifWBS}~W(aE7f3zyMMuCl&tYvZzG*r^Tm#<BQ6@DcgQfq>R
z1h|&PsGY(dbPFc_kCb9}C>%6!T6`n|$b(lT6smV91V)_?*-HBn#x=l2SQsIQn6_x2
zcNn_)H}$Lj&qkBzPb2E_Gp23_4qgfblF-657>}uCen)rC_~3csoGA-rP5(d?!@IEv
zrd-<`ak(h3`FxD^0GckeNpZHE%bME_Tt3|j5o6-fyhU-1*FPDkQ(k(qmYk>p(+!fP
zH&WJNb)BQNUX@wN21gkx`x?zSx0j@;&qPK>zfXOB949dD0|1fBo^YumKFaY*nQly=
zB81bcMuc-*K(~0idz!;3!JNz1S12|9gG_hr8=~*hzdM!?iuCN1y{ea$hBdP^PD@sQ
zzbO_d`A1FL*#P|>L4<peWOv6W`%Oq)P~x^csRyt`Srdqb#l0}+G2E<T3+AzEH3HVm
z$&HB(AKVSu>mBqG_I}^P0u_Pn=&9&7h@@(*>FVlbzjOmuoiikTBs`J2hgU(S*M|J{
z_%lrUN%EDyy^;ss;NVtAL=xh*ExVV8C}Y#g%}QLWr#I@d<PdlD1OkcKD{oYTa4YIi
z3OW&C<3;tyuM)u)Q3N;eGxJg2z+jl&lgSP9lT%Q)&UVZQfTBQudPK(thbagBn3h*9
z3nW<0h>wVW{G^8eLHru&;6qBFv9#y#AOduGFF|Q^h^S(IoM$*xu)Bx6@8%b27=+^!
z-b$#bB<9I{>GH064iS&)l1lEfk1Zyt*N}X#dw;b8LumE=TaB`GRw6hEOk1!c^Nm!$
zn*BMc97@Vrf}Jq5lTB_rHQ#fG8}=#7D=u4A0w_(mXhZRP!7A`ePCur<kDVJPY^s9(
zQxK>rBfIDR@gB*TI49qIqboOU1)`No0(-%tCYo7d+Y`_H`tSKfhW2zAk)u|ydY(78
zXC4`iq+{ECJnM-n65N>?PAzSCM%6pL5r_caR{Db4+e_$F3wbLx;G!VC2`B`HAh8^D
zoo_1^OK&uRxT|d-!5Axi7t1vb;j@7y$OeZ`Gj;o^W~}RB)4!0q6Ozw&A(J1=W-cq$
zi1CnXYuragW%KOL`5f}g3&`maVc%JQVzFwq&e`3g6fLzTfVme5z~M#-6)(x0EM$wk
zZmV4F>%9BL+o*+m^H^w3dTCbx-Z@HyD_Ibfrj;ZuHmbpOb13-Tu-}RW_N9tZ@hDO;
zH5F!6(ZcOPrdZ(`O%k=x9#S}vc^Xw1;RzB;(MPq#WY7LX4b&;Pz^YyjiNM;RH8NqG
z)&W7f{NaYtzyG~_@IX}um84|ioKi-blqR;@2jKZ>)`vWbd<@uVca-7<eb6@D9wQl7
zR3LxBcAPg8A(M2v+V<Lhy(R>kjL}}|RuRBPVKeOIRK@h)qloufTVYNL*qm$DUEZSp
z@D%a26+vN7jl&pJ-x?pj)&pcn{<$3M(mQl&GQqsuqPvdFuTHx#g-C_@$wDn9*hBF@
zueE}b3vT}Itk?rFXMd4Aq_92x2`u2k(g4f(5{rT!$$&N1C-0&K%imi#Wk~+Y!?_Vf
z<P@f%`$lMjT^p&C5Y0M3`nr0E;T}sdR+pBs==k9MZIy(cQ-UJkQ?pn*{@mwQxZ%%F
zw&VPqc02G2EL#w$-|;(Z@R34KOvo-9)(g?AuK)M>f?(iUw|uG@^?_5j6CtyJ6O>2U
z4M{9?=JD+6qti9cd@4x7DR6snDYl@jUaggpBGQnOA=3>35T-*I#BRyF!1wqPGZ+Ra
zKZ#IA;0lq$dl!(itEqCYife4ryLB?n0IF50viZrK3c-G%@)TOt`&l_?-5=hpAN;v)
z`U4tav(*c9T&CU%HY@awCg~?r>@mFv-B9B#>pTw38<t=jo2({C7eg1)4KmGf#64GD
zK^gi=zgf^}GZ?&cI3*XGGO?!H%7&;e$zT!c;^YxT#5m(9b;!i`R+kCZ{#(vup|FF;
zT<Rac`pkM_@oe>4B%X4dC6$EN==l5z{IL*I+ZvgnMwK>d1Q&bhgu*>pS7XDD7*wM8
zrdjRi+8Gq0t+PwMG!kB%BP<XzO>uQ;LcCbl;djq1eb7W;|99z($d|8q*RU6;<~FtM
zK<w&|-20Qhg*D0eO$43@@4nuz?xK5#IfeSfP|O-T(lNTf%qd9q$wX=;GDm)=Ynm7&
z%bquv@c8Qp1nSbY39`qZH+yj{8;<MUNm1T2AcLk!D|${mAhJJ41y4%fiTZD_(fRss
z?{+VMgo|VLuqx%EFO@5})y5P+Wu4_UQrEKRf*d{{dYP2<_HLga@%hD*vd7i~=l59Z
zJZ#Br8)&B$XdI^x!c3d`feIg>(GJk8Ck<oHv^W13Uc>x<;WhvCn*V{<Ff+5W|M%<v
z!fROA8CmfEbNzqt8ek`F%T+L#Q4vEj&KB!Ui>s@(7R=2S>(ct{zcPl6;u~fAsgAf$
zT(`fm_uhuF^)DSIweGX-bPfh2${zZPo`!ir-PzFGOu$I+d`ddf(dm$VLqik)ZXi*a
z8k2Ja;ICNhm@lTe@%4qBm{UB|0vSG{RQU9?_{q@xu5KK@k!7&HDJZ>@J^hm-eFLC6
zdItM{Zp}_OIKIh|i8)l9DZtp;CSdmdnD8|YS2p!DjTX<t*C`60u>h>z$;nC4=Ozxm
z6|_^sUxo(YF|2kq0Bc^x4D@vXrE6(wf7+a1q=1Oof#G5Q(D?c7?d<-smGu6daV@_L
zxILS513)=I4&dx9zY@P*a$w{rEC1h;5dcv*xyCxDpHzY6ovGpNF-V9vgf+Dcfa@$?
zEv;)Qe;L2nD*$D4cE1APxf|UPhhN4#;IB@0028p2-;mGNS6zSV>mL^uMuz%UXZnW6
zrY0uvH1!Ptzz9SK7+PFfCjcVO#a@_btE_9@ujs8PYU`*dUYH-+Z3ujVDj50?y*FE*
z8B&=PINBMQnG_aZd!sL^DbdW~YboJtYioZO+8I0FWipd<kiYL|on(i-@T(g$JKHm#
zykk=fGfP)=m?brEQ5P;LF*SVV^}d^4VS7JgQ~tC7E~KQSv?{0obAJGy=<D^qsQfcZ
zf$wZd9(51k;d*x9Uf=*4;W7DiC7Jd{@v>SQ<FOF-4vwIno_|UYeE(oGG4(Ai41wyw
z{B3Ot{6zW|g!%i4_QU2&CJFBcw>bL70G#&o@%<`&Yd9cveQm|{oA&EH6!kzkFt7pD
z^jq?!TO1bF4c?cT1Isr%Faf1!dJJM`=Lq2S%Nmgof81O77FybrozCs|sXOfBbj}Of
z`Rxf*_S22K<o6q0toO^%$_KEV%dl!}V9NOJM*r)J`_ilZ^E>^fEB~WA`t_?qyl-Ln
z*qU>p3--(FL8K{(HS4SCHC0_XISMzn>1!3R{mZ-z@MCFz>|c^n)AFlIb#3re4?W;=
z!t!ffRNNR;3_hnczA!v=aJ&ANs`g#W-B{lQOu5df`QzLOaF(8)_7i(!*e+GYYXg58
z8~>#V`n8t*J56q5YGC`ZnowWo2oRN(6~(om#zPt&oQ<<L{Z$`b!WY{cirzP-XL|dv
z5A>#Y3QgbW8t{23#=Zs^HQ*cm6U+t>Mfe|{M*a!@0E|B37tNj#5S`=)9~Gc*32z8W
zFX<<chjHwO9}nZ`CodM};a6A-k0JTrV;ZIJoT$_?Zy0P}*$cS0k=!rc!B3d^6SzGf
zdh~A|JRIq-@D&~hl4oY@%CG3dDkOcz4=^Jzy1(xguf^}``EM(k?>UY(@5l>pLM*J|
zmsx9c{55ZZ7d^u#((&NH)WS8M{;$GjC&%~T{@~CT-d$kzurI+TxF)nLIP@Ox<WHRX
z53mnH<2(45-gm46&kfiJZ_gFpb;Bomv+o(N*!r*d>%P@5??tQw&QBR{0K1o$;FXo1
ziSNh2$d_&T;%`&rb)i2To}}$>EUK@U00z!4AaC1GA<`7yP}c9#N50cf8|p9CZJ~=P
z7LjSBFPm4<TjJf}fWA|`9neqVI^J_f+ve}!K2gXe@1E%8)(;@>TIa7nHQo;HuOHq&
zc~I$b{{qzML-p!cT>(k8G*+kW%RAP`>dyCWH&+;c4%iH+wZ+PI0Ly9_{p-122YojC
z$1cRz|4WW2J7dRlx_t8)5|SghgO<~5^IV6`*lTZbq=#)edyZqi^3`3G$w|#L!C|#=
zHj+PJ;!7WG>jL{^%<8_~Zjm04nx{KsE`GMMaQ2kX@(ylJ2jjs@RF#&vSfEMtl|VeU
zWPjpTF@G|2Lev?%;f^kO_snpq&>46VbsRd%F{MsCPwNa)&rGhCI}Yvk22JkKWH;Oh
z(QMy~&OlAFtJzh}z?aV5TBWj{?R7tH-^>unZ#Q3NTG1^st7t;6+ATFz#P+fFh*6%&
z&q@{+>0RmtQTO3&OuW#5VV$koUQ#Ch-G!L}%mR+E&jhamlVk2LM;1}F-eN|3r=%Dv
zWlJjDIbL*dKTi<ne8xoQFh7->2i|oJ|CV|7?s$$a%glwF^jX?<|G>4rRa3ZCM0W`L
zN5Q1v{w}Wl^E<Mpv2q-<8@$G}4jZ)_wtJaNtWx-|op3-Pt;{&zPmoI1`h+-7j@_!?
zNC~v&=(aHoQ01m<HB(F@ZT?So|NY5X^mT)t1ZTG7%lhOtPVev{se6l3#x{C$^w<RP
zz5-SuCJY5p0&O@`t($w7LW}=typq^Sr+M|9SLzVxS(De=y<jiDaepHPR5`o#;Uc^5
zW_X`F@lb(_Oj^9Jr)CD2PtgF5M-g%->fr}ZuFIj=y|_L9njIoJY0jHd_{<TEuus(A
zFM!SQg+XqECqN}i#+Kl~W_8WB02yf(_L8y5x1oQH2|#|wWSI2`((bTxH=bqC;=Gq0
z*Q2%z#GlRy?re&${vzgX4~5<*itAvXYvozU*!qsMk-Ct1K3FJ*?4V%9IBKY+l))Ji
z9YmY28U&Kv-5zep&F;WQ5!Xo-7_eF<hWE=v1tFSD7g2@}(^#S#`$OmlYv{kYE!UE1
zq8iQSXNo{*SYa?Sp=QhXa3(ua2Hrf_0?MQArR-fErcut^s6361FtNsz0|=Uj&kd1#
zE$b|=A6UqkSb%EsnT0z+*1@Z_Er^0`nX1Yl?9=AmZkLi6hgJ884L%EL`6O8aX%<-n
zSP!!i5@PW%UG<sw^9o2!Dft<&?Oi?5;j!&!qAG(L8LkIZHOfM|k!zxz*gd0>V!kxn
zG+|1hdOb=<jvVB!qje1FeiFviwDsDZ7h3oomd@}cCMUQjbzaN%>7Oh-@f|wI+gUVb
z_L+ayZL+#QMH)o_L{I@tITQ@g#lhsD_#wt4_8`B65R-fr`EfM&3weB*73^`XLqMN9
zp`@#d*N*QO3(Pn8)OmcJRaicsYHNR*+^UCptJprrXK8|W7U^H-M&!!u`A!GPmeKi7
zum|mzSx<;%uy7AJ(-O6ZOaptGtx=%}X3)U&7!F}jnI+CDAxaibi;ljq$(@H_LRMx;
zePX~0^;ukf*-Xx<^bDz|XDv;yQ7SeTt52UkY>u2+W}|#1aOOwq679dK=q0v@#3CCU
zs~+~FxU~j`a(8DcLXB%ZAuZNHzKM6TF$hkM?Jt6u``BbP=%_gxb{o6n$y_b~=B?WE
z3=XL&&+o2Ep4zvjz5=>d^Y_wcA40_9<02M132n;l5y!hPq@Tr5(uBuJUVNC?V_R2;
z7&#YRk0jsl<&p3klx%tt7Srv*OW^N|d9OoV%yE&w-ZwanCA_4`5z7i*yM#Q3^5$()
zM%4Bm52@)sO<d{|s_zcat$$9FA#10@3x=qXqzdS*1XaA5iQBkHSlOVqK0dyG8ZSV)
z!BLW{B<2z2A-*|YRBaYC_b0VA`sL#t8xEu8FPQR&L~<A@VJC<<?&#xK<MqcSK(Iaj
zwR)NZ=8{OHXeI$5j`aR;Tw>on7)HqcFex7ptJkn<TWWC1qJ*ddkw1Qf1mRCBQ7}U%
z$+cj}g4{JEjWu{eha~~Ildm6eN<cYrJ&^6hS5zfXQ;G>-cerx~JgrK8q-8K90q)A)
ze38&&VACvs6W}%7J^1i!f?z18bjns!ELCtyrDCisZQU48II{BLpyy4d`7*hX?MMoy
z{qw7k+45g#Fp5N~;J4V!vP1{t)n<1ciu$^##_zt1+JJyKG9K*u>_!FfECBeWX=FMk
zWGI2m9OpE`7PzzDm|pbhcM+T)ecXBJx%YgGk@(bQ&JcQ{g@)nfi-))Dope#+Yj-$x
zwP)P&-$2U2L~X?E{cmxkf@wIX2Jt=g*=Z)V*DeW|rD9K7$bK5ePW1a^(0$NTdsp5O
z)7gbwGc`>*Ob2Dmxy-xH#ZoDqX947-DtPxXcY>AW>OALg6TToJug^H7*H|{{sB>Xf
z95-!$ygJM#AmBy-tbNZ#nU=C6IyTn>x#ppTT-~y){0)ER&n#oH@u3~~lRb`UqBu{f
zdu8>=A^7;mtka){-;V-6n6OYlnzep6JusFZIUH*>bGXV*CM)Wcx$aHFbakuN-)BY0
z8=9bKsUcUle1l~^^pXuvgF3=jged^KUr6vVTMT4iNqVlv`KS<ImAl=ek)z;H!<pn9
zQ6Nn_(HBal*K(_~Nd}iz@WH(91z5QVU)&%64dBYNS-4d~V?+H)Ozh%ETJ5CN+@Z;e
z^nqqwzy8dvBgm22VORMvRKRggaR~fHZ5<5fLhh?RTc{YkKysYE83OsK9Mm^@zIIQB
z_TUsI!r7IVvT6IYta=?O)+h2<NGtbb%$b#-FDRPoL^ITU2}d@LWl^^q!W0{+_>y8!
zmAaR)+6sFqEx%KnGeGB=vA*SC52Z=!51m~)GArvOTS3CA(hZ<vT)K+X6}t9X2ia)a
z%^tbv?#!zDSZ>~JAEtUtK_jtr)ka!tTLpE2xwgmlEWrqjaQ&8v=Xy~%R1)-Rm~IPK
zsQ~@_Ym2TmD#SHK96hXyzQyd8E68|t{-IYdA#_w#ZLHaq-#)E3HLZKbXD#DhLEdu!
z>NO~mfX7rop+Vdki+|=!v~7mcwx`rf&;Fc?YZY7rly3zr2;XR_%9k^lrXMrIMZ3I)
zS?&=?tLypO<u4asvj-(S`P~yUH4=_^Oc5@{%zM|;9j%5N#x{p0u5id)A8J&~rWbdm
zXkG9fa!aD%^(0&-&B>Q$)_D3F6DR*?j_4U-R*n8g&Cdvo2=vJtTceWh=tA^`QDvxH
zqr6?L5f)@a1E%$(awuIY8y~VFCU6Jfi{mJ0FiQBz!uLl?*Wg{cj00V@?@A#-wf|lv
zR;x@;u@6ZNaRnMa-wN6GdRx(dg!4Vg#NiGHWZeQCKINXRb<n3VsK>ly3}(L}3JQfh
z6s{X{ngq+<WvZ(bHH@IxYmy3u%?nm)`#6Y8BRPToJWO4{4>KIY=PzUs{vE-!bYm2u
ze6gvR*Auo*ZI&?Y9<>uh5HQfb$Xq~1qybc*{LoqAdg|vAu|btg$z6(Ns;u>c*P#4f
zhE$%;_SB{kwh_8@&#XVD*XEQ;Xo_bR_GqmUw-qek+{X!NpMCHaLH4GUe@5j)xHtIh
ziR=%SZUE~2$+$y>_j35SIcZ4IPKVkFjfLBy=~NkAQ7>sxeu;Z0P|{PKT<55!4F|n4
zpXaWEj*J3FasPRO_y|a&Ljut4Yqao#iRp-rN}Cr;kL1jWjkV7CgNp<~-+J_wKzdz}
z?W#M1`3ztFDH9U(!<F7ufm0E#&wvvF3HDY$GVyJiuNVV-jM6peg`4pSU@5<V7a-Cm
z>XNyv0UE@f%9AVseZL@DL_fBTt4_`Ey}*dBUSWtn4R?mL2n%d>PoV<aGtMCqp}1}q
zfBwk+P_-*ML|z{VA!B7ud4|AFfF7Pj{5J$c5iM?6dnVq1&c1)t(ARusKmqt~SwICV
z8G&}C$+dm9v9V1SRk9J(Am1?XYOkwua`Y?$H+YJO&eh(UraP72xh_qf@5M2H>rHho
zn{~lyQuC<3?k4KSg1stzi}E#La#0Jx2S+E6nEX+;;}-PN;fHj{&H4^0q7B_?5c=M<
z?aHc#v<PIJ8}>_a`=`K9CMgu;bNR#g@KQShlO(cI|71}!RpS+VnD&D0hOcuTHyQ++
zVK|}M-|7KT(CDpICYP6jE1X02Ean9So0=&Ey}^=TPf#jj*X@&30;SJ)r9@(s7{CeT
zn&!<A^VJv@*30h&KD@B6=X*%f)#LBX+J#BshDihw{q!hNMX1$@wE(D}S8XtA?ORB}
z)oE9pC_Ao#lm^X*MYxrpyS7w>8Nh84vd%m?P>h0<#@4d+T#VXxMCO&{=sW2+UQgs|
zkHrpq%huIcv&?*Ezcxw78I%Xf+{J=2D!fHS-{)IC)rl=L@1FFj1B;$B!yDgVMv~-s
z!x3bmL|a@WAtH<!M%qk;8_|K@i*tG=^GwY#M~j=9z*DBy`^a_)NxjvI#Oz~uCGM_y
zPS#+g|Dx=kmIYe^Ab}p+wr$(CZQHhO+qP}nwr%@#Psc<I9`3`;M^wbls@yA~=;0Uw
z%=D9-_8`6bwg)gcjek1VF<DK2G5wccCw>O_KU)c`KF7)RrP#7lI!}ZP_g#CzqL#LC
zb2v1cWA+}u5cKk1%H)<e@FL7SKzEfz<STNRwx6fj;|Hmsec@-TI8nb-JUcw}_Be3Q
z$7o5R$=0OC82pF>3921rKw*J{<4c$IJieEpSw{vVtn{~vRj4M>E~FrWr|2=B<wXRd
z=-+@SN0tjazOtFb^iK?TSMi(ZH<r}a!!MfLX{3i+VA{DY0;;{VS{UQnpCCtBY&rdM
zJ$&`BbA7b)0<Xl2oP`Q4wL}X&JdM0^legRII18C^=KG?`IgVhg#%Q-Fq;dT+DZpwH
z^P#i-4^D(xj~gp<l12~>(Aei%b9C>C2np3T!lz0`tzML0j9fk}ER=uY__C9ef^pHg
zpt28HRB>pyvLM`6BA{5MJ|dOd6@yc!k7GpPZp9>oiRRfsMKkU^yPC{LYYA$hGx>(_
zj2l}bW$Lq0KEDOx7CaD(^Xukx7UPnjjeksQn#$5Jpw)dCQ<DBwzC$pP5!&#xcn{?x
zpQk0fK@6N@^!pTi=RdPc48}MFZnG7rBAN7>x`$&_(ZrULLdl+mk?Bu$KXFW&{VIu>
z_GwmE>Hn7dxlQtY7!a(J2YVD_`g-sX0c$L?Xk}BeBH0T`$9Vy>m(NG-GeQd+3LMWC
zD8)YqQPK9<WHXz2xS+03&*;a|R5U~UVL|^5ti#a=mAe8suO@}1tww(F=E$itKNRHn
zl@hg#g3y}WO1c*mhJ9hE<iK-0-(lD>6=UR4v?N(Jqq@_Z%@#|Sg!Rix@R2e3WzZ+Y
zFH}TGqU4+fJpX-?z3bxCZ0-bf^u2D^Xi5ZHDGX2~s9IKUOD!QK%-JvFO||@;9Jh15
zxsWw5&)vKch#_QTM%`jV_9K;Ua6hlQ&w|tevCoWlZfjEn%-r`JwZ1x;3wvoQ^|4Y(
z2D`!@+5#wXH||~NHC>NS2AMStAAj}LC7wuS8<%j8_2_4Q12l#|<quZnOknUA$I}Il
z_J4UtY7PP$h_I;4^p^?`&<eMD7*(NGV3x{<gom21&idEDp3q{Mr@qzl>0YB@EpU}I
zqcbQ((-V8zqx0|CV*hMX%FkC&y(<+d=Fv<n>nd`xkP>#WDRzi##WIgEW5rVogge{2
zwPMf#i;JCaiJjFlTCnDxfS>bdx~=zd-afH%>sE(w7p8=*22k8+CFh7cvrzR+7KCL-
z^v>&CkjUQFB8cJQl4m$q=~!1C6eMI#r<v-txdyppp153z_>z8N=ak=&$1HDG>!Yor
za+drJEIcFY=YlU)ruYTe?5!2WsriFjOJ0l6I7yN;{$|4DBG}9(H`MYvW2>JMCo($;
z{GI$@yq0b=#jDkdPym0PtDiSc+%6)2#Iz!UL;$*rYIjA&yXk~K1_TnPJqQXKPQVz#
zT`|47bTZ-jB|tWSJ14ST-inW#B;z7up0~i{1nTh%`UiUwc*6NuZXSZ3t~%Z!D1D?3
zZMzrjrHZO=MWk!SPV<hkb)TEd(=D@6jy|gB;9!=4UMw%ld&6zK!UNVjkwCI;tWX}{
zUa6L4JRYOLM3zBHcX<MNbH9DAk7ki$Z)#}eu7k;(ZXt`i5hJapZjq{@#=uH5?gny<
zFU0R$KGLV0X5Kf4V{E98FwhgTgVZT2ItpieJ|>@H5XLjY4BftKFv~j|c?yzSkkPJV
zrnppa@{Z(EX|MbQme-ebUaGl~45U&PiJhR`uhgv1`EF_m**Q|iWqd0jj@gDFU~?aF
z&Zv#1Gpu`XvJJEvN{-p`Sry6Wm$E+JnjWsL+b1<<q8!uC3M55z<sEz161pIiRP1W=
zusQX{A^MTU{0NQ0nvBqdkG6NE7I02Qx}B(kt2icFqPkU-p0?{(L>D-(1qETS%0;t#
zGvRYZgHMNnlS{{an9@67hI{i~nwK)1-L%7V7snjdzY{F1ez##1Gc8^YkU9o`i5s+<
zPk9Z~Q^y#A2xj3%&Uh#eEx_$lbP_)*Y7b3pg>0YEm)LP?#Ca}D5w(^V=otUwj5F||
zrun0%VqRQEe@aGeo-VzIG(Lz(mi{5EGlk|CID~U1g#}wR>>FG(%mv2-!V=iPZG*?H
zdo`p?8U!?@tq06lSZH{TMP<)jO>~-dSOc<$wqlI-c|&AjKxZ#YciV5m5BV3MpQrwE
zn!Wi)!GXW#R(cXJa5Q~2?fKH7t4IEG_44~{?byrUNXNo9=-|?`I!x>kDkcn0!E|Dr
z*}I&EChg!<o-VmTC5B5_=$o&nsC1jaOH2;uTRO`<Vi4=r#Xw)Qm`G3nh4G#^g`TJd
zW;!0$6h`FA4T5$G4cA_7u>&E(a~#ueF7D`c3FdWbl3yiW57!*?oh*H7`ltlc6MK8w
zOcH-{wi<l9{kW4p6ZywP_C`PIQBvX3kpw}cv#!XeN`MbY)mN)6UGGl~H^{H<yp!gv
z4-J*rxPf-}=)n*bN`Ko0ZDwyrU5--VG_EFJ4o;R@&NwX=ol_7AMvrgdQ`L|^`((um
zaI(7^G~rsqB-&x2p&1Cq^Yc|z(8z}8_>y9P9fbO}U64ToPxPw=0Tu_lsOpjdUz62e
zov26D0eQE=r|w(c`cvEDFUTgkcqAYBu<?<qq*j)R7*ILF#?Ww86_z~p$K?=g$b9}Y
zjpPObcK>^$48<d$w~T*l&dEO}>L%B`q4hh7xz=)({BDrj?>+Ne%G@n5p<sk#=BFlf
z@2Zb8<}kH=$J52ozhuw!u6y9BK0cau=<wLL+ZoDw)9r>n@(;@d?3KpOqS*vH%5n<Y
z8?=EWn`44>wV244CVAz~snekO^Z;I1l^ej*`)Ht1Z10%^&Wd+GkttE4NZTwH5G|tP
z;!Q-T&hsk3zy|Y~S#rQ>F-Hwt!DeaST!nC|!Ppz-N_ZE(oWwx}XyOd(7vIem4O^w6
z*2g`W<6J_a#LMli;n{En){Z$S$Q2}p2adN(ikxqe3;koLPTF_P_SnS{y;M9bNQg>Z
z)35|YL3m4rY+8vWIYAa3te#Wz7}=est|))U$_uoiQiJMXf1fP-UaL#w5;P}H5x_*1
zLY4Bxy_rK<sNBrPzC9gtNcmBpOtk()qRS`5(Gw)!+(;T=8tK({9%yWh)vhUDy4{Yl
zcnO9h@JxV~E?e*Y2DtA5jg*9Nx8A8B3#MKJt#XqCT2hKvYlY2X4R;=ACCx;#O_M&e
z-b5sGWq56;5lP7zOL-zX>c=rhc9l*3@D<Q9xSXmFxd>513VZCYyZ?JVC4a0@&*J4c
z@uK;R{3gJY`|0AQ*4eIcaR`w*LYq>G&~sUXgMT69;lm{#h!3WUz(@S#ICp!@{=%Hg
zJ?8QJvV7VL-Z_#Sw!L`%Fi_Tc&L;Y%^SQ<<IhVzn+c(ri_66qy#rwRRrGn_6^F~M~
z(#ay#Pww}f#=!EeamUvf7KiD8;K$FgDbl`G)!U1=Tf?Y{s{+ZL367~p5+<(^9U5|u
z6g29@0<q4DVs;k@EkKYEe(hK=5I-klr#Ej%G;OZCdav7#a8SxlVcTh7ZO-&RIF_ex
zDBCk-Oe8cpR*jdeABkv!-GI|ms{3#vk-wOZCs?!DyY?m~EZQX=pKZ+!!_a2o-L%Fn
zBLLW^L%gs@BlMe5`zB@Kex*>yc*kb<^)PCEoqQ&5O(;?1y`83X^xy-fc&oE3K2JJE
z9%K(@67zW}5u`T7i!Z7zf`O+~S0HgsEQ)A8(jR{6y2@Up!IGajh$;2@hhb7MwIab!
z@ikXd{#ji;K5|y0D;(cFJ1Rk@;`=2syqS%qjX?@~o8CPa+d2^#kubLGrV38yslUJu
z$t*_c);v^$Q=mg&yhW!=5GXFlW2Jid9U;{6@lciN><AW-IRrda7=JTm<ftkNX6CmW
zf~ZKU+z1x7d%_boYsF^UWqtmcxN$hIv*y(~*Em+wL~LSunnxr-bpwJa$QN!=24SdM
z<Gx#o;^uKdA?OAF3Eu)h{^QDSj_2$(f%H9g0SHQceL$*!i?=B1*?IdV4{lHd1dS%0
z+&>fi?<#LUiT!ghlKY$IUB6oX!eb_JytP7zv-zAUO8_}-Kq%I^c(W0;5Tc77K?hR^
zl(yjqg_di#N|s5q`u4deO&gxoUM`&dWNFwMVQJPs%7uaJ=mGddfhQhbF%cPpLeFSe
z`NA78oegxw7Lm=>+mZNyuscdEcK^2+sUs>GDb3$M`l3fzM1DPCLRwq1=$r>(Wdg$z
zF=}5b1+UIZd!du&L+Ad?Or`rx4zp$wUKg)dYPZLc{Z9d{W8{~~z<`3sfiCvhKsOI-
zp%uo3Pgf!Mo2eIe8~;#e`B1IL#TfS8OSLw56Ll{BIDl~Tw8l-&AqP9~GNy7(s@=`!
zRt@I|d|$bJm>7+Xv!SA!C+WOaL9)D}*eo~1KP+J8CNy?gJEF+lWRV)#6sA@Fg)^QK
zlMhlsqIH5==y>duMj-)kD1LWzCWe(ng6At*K~%&qy?uRUK?iJ+j$0Jz-=Uv%zZGi}
z8{+4CCS0ZI-k05-`C(A>Z}jpue1y=$NPQR*2(CUzONf0#|H#^O#K!HEiEjvu!SJu?
zk=v_2bP|_B6UBhM6d6gBIzk!>0&|ix^Ns{YX>X~7Ll9&(3ytWx3G;fr;i+EFU4_({
z)=LmC-z%bCHy|}l|7i^M6a%N4tQQ8fVt7b!=-~6~bxzHt7P=@Y9W&En2F2%u{>ofl
zLVY(w^%{qdZDV@G@NMe|Dr@vXjbrd}MOCsNT_6B2z$R_Sy=Q~H(d~xM>y)e2AW;p)
zZ#LhuUNbhC1D>{tHm5n9kIgDwg?Sb<>I<QTuX0XYIp*>jF;|^q%0wI+%<T_9mLh$a
zN`psK*jWGVx(10lDI=wN5ZIeW^Tr(|l{>7)IEVDEZyGb!Oqvs{&L2xtzm@rQD@_KJ
zEF3?tP@O96x!n~_Mx#}#1s-<Q+FRzf7W<O+qvf`9r7vyMhlkIV!3(c6Xk7iEX6#PV
zz*uC7%$rffoA|7kxEl#L)!!e^8WZVuS`;njM3~L6Q<TFzC%@SeJewU2moLC|EdmUd
zk>OD_)paaOK!(r9<Wx-7j~xl&y7Q*<AH%-6>+myFSVLWlZbA$MTGGI<eFiZ$so1~G
zydAiKHK+3_YE$l=AM#hj>T$mgDM?)k<_*Uc?65T&n^`EhZ~VA@oIp*U(9fTUB}umT
zd`o?2Gv#Ke2f-GfOM~h^{zHiOgzSY18?Q0kX`26j;@3%q1r)Uz{~~?!1K|DD8N2qQ
zkL2zJO8-N2%2len$}p^1GuidF$wzyg1vtEv;Oai(CWR#Z8Iq)^l1^icl)nxpHF^`=
zpurSFo*31Fc%Bcu+s<Du;-x|vWERqU5DD!V_ms3Etb3s8JBL6LqI!yv`G&#3y*EmU
zBWWLSyJ}?ene*_xZJTTVK@N|%S$2(6MV$65PsU>rd|=+~F<joL{hMUB6T_-nY%1Nk
z_Aoy!qcgDycOl7rOu}<{Ov=uR5!?qP`+J1<&fW_jx6vaL<6g@3G{l)i-Ch>N+1l>X
zZvZnx`~Fp{g0`LiL>C!ufeRvpA04J)b0Rc6JD^HKXh8){?TYOlJx<V?{6WR|2rsNh
zbb77RK@sWS1D5dE_qX8Q+Z^G}(^xdC%h-=?MxF(2aTcXWKBW}skHvaQI~KIRE5ZE*
z0xbS|{SQxWrMbjS8lT=YD;(M_iJS5m4(NS4;|BUHSJZt?46mzfH{G^)7a_7{^r3UF
zpBNh$_FC1mC~rjSS!Gx_dk>z8Viqk&bDgBjQp{)NSISl|Yh9^<kfX?Zj^NtPUUbGp
zCD;9GcT{>286I48;9!WMgHp^(DjeW@>R{|*3jp|tjNzk&<L|4N2&1Nv!tOSgP2iSj
z>2kdRQTvyW4$5ng0hr;%-A7b@1AVW)4d$F0N*8w{)N5XJTIhH$EPM_W{uE;FrT|5Z
z!RHhA@uNLPZbGW!UoZ`PYq)pXSL`~ijo?@4LZJ&IlquiySQ)Up7o&ZgT^Q)8h0=g<
zvO`A9v4zH|mHZeTT;j23(A^fgV^99U1;!12X&%!keH}AF%JlR=rL<N$^05q(+Nxf1
z#S@Pzmxl!(N+poy!@Z%!ATmUAoUZqJP=~*7S)OyVk<BAQt-S)NqeakGdaw6;l$NHb
zUg5<Ab={*e)#H@T{<ZqeFf8B-EQL%CW^R%wKI>m$C;27a^Ey4qC_Jw8Z(S;9BmSLy
zYX6$dL(SxzjYL16RcoAx(^O%%zKxVyc^4#G8fL1cu@f$I_o9QBHmUsKg*)lKf5Y!t
zj&e_eq~6MHLLu#uo2{4n)N%+MJU3*BcG2&3VDVa$|D4?SGFtIuKejWs3tw%z)o2|&
z-orM_A!9i~hmw&>%`pDk3NBN(9fK<&_<YtFk1v`?EyhN~r32L={itUD;q9pz&vQGb
zVutVDeNk<#29D~M4awVlf+VksE018YDyo9IPF#nTwVD_=!Li-FNsNQjrGVTIj}ib3
zb8kQyy#J9q<{X-SmV}!ZwYS47=w#{lk2^K?&;yoPWT!b%qI8=7#-nBGfJAnZHUf*e
z4K9h&e|Ep`DzSY_hdylt76KErc=M%R5sWpNY`|?)JA`8hI*$O6-Wc;PtEk4HN>dTh
z@~Rj2KPh6gQk+{qb37_KG^jsr@?-Q6_U6DF+#*|El3iw|R*>fDP&baAx}W`VGyFhB
zStD7Mou5fWTAAA)sXk7UyExN$7Kk=n<zM1lZ_YbgtU{+vMNtVz)qY&soZozHybt%7
zDvwj#(k80BbCgVrPVP;GAsYzOo^~|7@v2iDUOiC!wTB!|ZSQVjb-V*YP8)obT#dyX
zlykpu)84cTaXz99ka)tpmOf)J<~(iVP+{58m<1T9f}{e^%!KjQ|8xPS3Q6YQld;D6
z-97%!@=l^9;V#oXwtJ`bZR76rblKi$ZydJk>&U-egvP>4x7`j}+h+%yw0<t4(w`_2
z`ReEHr|+3wt~w)9B~C`sd|MobytMQ_kJDJtM1klevy5fx!8!gBNO#bMmN24}%?w1O
z-YLRn*hyhLJa)wiZ%Ok$6U*$%ajp{bhElCeTa@5!!aft|@{P91N%=KYSp=jYoDDKQ
zy1nCwHW8n#<pTrLBt?MBsV<LppBCF*!cA*UjLg#-StVkH^JjIgBJ`{DJIL;FN~`)a
z2mfpv=OzxUoAV$x!f{DUO)f9&%s|OhjvR4K4GPH;)|QL-aQs(?BMwWRzr2~u2j^pk
zT~6Gpxrd;B{onL-vH5WR01-~+Mx<ASc~|p-$X@?-nB;1$P}!p@y#%d4!7n)k#|bgA
zue4p+L3`Z{9ht*)=Qx<UIz$>Ya2LTg7LtPCS29gb(mr65P~S{NZ5ymCd~QG_A^c62
zqfyfQ=cuO|a{cQe6(Rtq)JiVG`<N;HMj0s?Z@zs@zW7=q1w9IMCo`QeKC9g2Ao$}^
zfllOi=6Vqh6||sWIasGZbc;4wSAB!oHs6mM=SD6i?W@x-8BZAV<608-A!V<)MgSKt
z*o$LUw7xdEE%lck4(~=8>JsRm<kxO+5jRmY&VLk0dvU^}qpa~tYfkOm%b*tiq`>xh
zMQ9Rl`JqtBmTAU3y%Ml2{G0t)UI%Gj5;{NXi`!Iv=^dV83|>wseV{pu0!`*OhZ^Y>
zfqDhVNcch>0`*0x)72g+Z;!&1v`3zb?{B)?Ap;R#`LIE4P}hFkMhhMbWEy1Z`Vx#`
zK;<Sn2$lH>iGj7_<uQbQlvXf^Yf?vuzTnt`JxL*MbehW4t+t!S?YDVgMw>M>d#<A^
zHI5(^$mj~O@}*JFAe()Xjl>MGReD>tU%Y%XF!1YG{>sq$NRipP6nIfvG*^13<`>oz
z4FV&^n6+ks3u4#;mv(ihn!AWJipgu$tXyhkDI;nt>pu3aB1NrWv~U!z5+~Jc#|Iy-
zQc-2g<+O#4%3)nxZZBg~jBKZuk#wTqm&F(_@U%RoQ)EHA@JNU4E%`9(CG(kI@2i1j
zIRS8)&AaG#&&8(O=5?V2tHZ6R6j_nWGBvRp>l@Edwen=D-#%GRBkk72F=;a2%tgW%
z?oL(tZ-7)CbQ~@|ucgA&thNXk9GC}Tu!!?W{L=OZqJya-b}kX4%%=gRPg4r*IE;Yt
z?4blf)J3r8-17Ql&C{!Q4RU;DvKiFxqzjlthUCp6NAP$u@&<rosswXOnp83z$h}7K
z>IDf%o^ZQ0&<PNgcyU8Gk2D%L$ZhFcg6)1RNe`7{QlvM{M<l0S`yo5>Ey=bjks8rT
zOq{|{TnT)6iTfpi{?y$E+9jWH?yxzW9x6c*phMkZasAre2j0}6n}v><){YE~8w64Y
znm~5aQM?N1;b`!uYDRxi@)Q*IJI%>LJn%ZD0PXNk@&ta#<B#r}GaCIe+c=an7rKg=
zPa}AA|EOWh)pnmz83p&w+AwM~x-H@MAgObGc-{&0YrErVM>SH?kj6Ib9(lWl+tG8G
z&EJ$$!>DsxP&yGeif8%=v9w{{R;>6vo^tmpuznK=P8)eJQ=a0!(8hBt<Wq@tHHp}>
z)s<pMXc&UA)M?~QRKyxnmsbKhG9rgRUv*6hXpfLauI|671FZKSFUZRKgVr-Q3S9ym
zI}9Tliw|p(7N5#Iew~=~gux~DUjt{5$cTCRF5*Y%sW-19Yh|TH+<@=3v_ILWoG1o=
z_f(uaB@gQb>3fCs5({i3k!@bQi%CI`wMNZ#eY`wfw-_F$Z2pbj5ZOq4RcF%^vY(At
z>oM0cq5<)bO;}!DqpxqJEEARcvZ}$_?8=sEmkMq{{@nS@nuz?OzBj=uUA)e}?Q%8y
ziuXzO>lQ=oDlcqvhPuQ+kQ{8&u^mz$NUe0=iRlPeWBU`?Kw;YKXdHZzGUr@NNIc$5
zZxjzjIXVFGM{;BAap$6&4pw}M0hVu*@uWZ9qG;O$gxN!%VfsnVkwOkf)o=^mbyJ;B
zgRYdNECeKVoqm05pg1f|nSCWrXkLZqEPS!qJQ(NU&(^wJyWdSknR`B(o5cBqvV1qn
zTrnzC3dt$or$THp5sG_*xa0*hGVO9>z=))ek-8NjhYvmhTQ)E6mG}0{vfKliB#8Bn
z+C-mfcC4Ldn!Os>Yx&uIx-PrJcbUP;T4-$g{T?=?ucgSlU*7CHkn)qJh0~+fypthL
zFOc=eTcvIXwTmteV;LIiOD>f&^nVMJ-jwcA_`V5mLFtsH^y_b_*FJa7PsHZRut>h|
zvpvO~<PJ(6#(02kKQp&0k3N+4TGO(v-44riPKhXjEyC!8TpF2gKpriEegY{1F9&Qi
z_b|C$0gkA>fJt*62e+VgEEQJd<*$h>&Q_>LrpETqZ{?Rn%Dlrq5Nci{r8`4^jOzB3
z7}pq`o5>}+C3Ud8Qj7AVi@vcYdIL9@zNv}Kqv9vcJaErLJo2q=V5Jxv(X}LzH9tg+
z^Xz5LBAHYU*Q?;$ql69A_5KDZrxh#u(9SkmKd=o8A!jV*;E#SUL%B{VQ?iN%uUgH#
zHs}K+C1W)UCdd-IKVtt(TqKJfI?1uF&%nfTM{})_%gjUg%J`K2oUw-0&+EB*Llh4s
zsJf~!SMK-Up>5U&k`JY`w?D}79~%Z88YzlsAJ8fuW=acb1|XJV3X}#}o22ao7?b^>
z8(kU$pJ4<C!`)Ipwb=>(!^THg@j0^kI-o*IKIEXiCK>o8?E+h9u5w%C<)g}VOfc$Y
z!YZ*z9Xlc0res19@zSb_u19Vi-@u_Q38nDs({LaUrC4H@5P3wG#)><B9^>>>>BjF#
zVhj8AGL43Z`>)4Qk3O6`V=B7?H3PEM-pwRsjUsE|K{PuI6$BuAbuHGrMw7wl0T|R!
zxIx<rG<V?4z)@R*FrV5kV&Y+uGa~?<S}J&|_kwQYK$ioA9(J;}zMm>URW%=!DmiD_
zGTo}v*SAzuF#3&P0Ja7+z6I35U5oRTtSfxn-|U_B{vpH>mOd9!W!Cl)WW@%)+fw5u
z=2zr=8Uria?V1!JyfNkKq)DBHY6kuZ-uM}(c4<-vq@qeg;Zfd4E`Qk51CH*tXCj{V
z6wDqqE?GcwkqxXzndC-mLo*4>Vu<<bq>&6k_Ib%fq~~ns@$W}4p){H&DO#eZdu^F_
zrFR^fpqtbE3B-{EOZD2-^AS;kDmer=lDti==$+Kr%2`j=-j%fR`l$1Ad-5EnG5)uc
zrnYhsyM=!h2$o}Z2~4<8k&xfLnaHPD9+Yw{yoADXC<T<pJ?h>97zh<6dEF5I?Aq7d
zdW4KlO<{cSnX<%gR5f!NRuPKz<+wUMlNmQn+%SFDSgKH`{3CqEgTZFH#N|g2r>#R;
z#CHyPEH99pAnBE*V!jWnpni2d*nDdHf2aP@*BSSrfSD0(*v`170VWAZVzXqCR;%y+
z;XQ~}_IpN}bEAnvh4;FX%Fpdy<b%zO-3KmTY?*F`QN*2{g`(}I5Z<GVKd0l-k?(hx
zK}IQfzQ8TS;tqqd8>Y<IR;{$~dpl})h23aYF*pbWk7`mvO~eOIA4-M6JU%JZu*V4x
ztIIGERGa+B9Ui7uy}S#1cGetoO{S^3p-ud{zJ-r}6IxW4&{#jC1%rYtJF89-?BsXP
zw3Z@UAaj{*HiS&dpYzPgWRk7=hoeGMFu}x51mTq*<CI)GEzfdsvi#m2rhyt@)hxhh
z*8(=)W`+=s#Ik2XkwK_++FWB91>P}C;f$hrtF)Qg@yK=Ujotm4{(``eHID5U)YhQ%
z^j|~Z2H~Pf3+cLzsrrQdCv?4Bsescr!^+wOKssdRt`;=srjd*&7#|nFj}TS|r|!k0
z-Kc)33o%Uq0YgeUZF-rq?>3h_O=SGL4*B$eKQv+ECMmVw7r<9+!+;@&<W7SGNRK)?
z#jPl@J<fmFlEIE(0cj_Ir!jzJ>0vk&yG|n(dpn@$&MBzwmwI`~;f^&MKG9xPkb(Md
z3k%bTr=y3f4i;9`z<@FY?ChcW1)3@s@MW3_B5>^DNs2So0J7R=WuSUK#pYul_)pHr
zJE4%$kZ;H=G#j?1Dr2y`Sj=V|N)Mk;tMRHgea9A%LV%UWM6lQO5aK;v%j~~0*o52z
zQNQ(T33CLiG%a{{9*w<)ND6b1Of%=a_7vm?y+g07K!o`;Q_NKZ{lAZwoIi(udH`K)
z?L>EYgf?_bqN2g?B<4!9_u0F)9W?|LI>gzB7_@!4kqWK-v9c2td?j15m%^a7lSJ{;
zxT`6H6{wI2%|8&M{iJtHbxUi4yTgkvB~xEkb4#5lL#HCP7#8$dhtdM_bCvrr#6kt0
zreX5{-9S>OhbLmye>JvhPNp4GY^-B)wQstXlHuZQOf3L5wCFkZKtZUZR?*8XCHI~J
zBO=*yMphiTaw@gH@Xo&SseA&2>~CQP6VRr&0*L93-_Wf8^)5M`F@tnVur-fk+tLky
z7AH$bJqc@(<PHIcrOz?k__ER2wIstxB^Aqrn!9=K=P1{t-W?E@!iMW9fg6DdyO;<~
zeRwD5o~6nce!(2v&yNU4hMv%ahhh5k&QntJ_bEo~-0aMpu2X4bM~AkAqzV672oh<N
z!!MI6Gar1OG``-HgKG;-3u`f!y^o@NYt)L6me0L|IMK23<rulOQ)M5gXzp@@^1|(0
zSpm!4qQKYUJR|KjWr*KcRVB1|zc>zhkSk!Dw*GUYKWR>RvLyj8z~EQafqEn@fJ0e%
z7ap~jhXK_s+5TwDTS)-zzEV%Jd)flhnhip=cxrRK+{pKlO!?5f6sfCfQRB&JQ`a~4
zXcapSmMp0#ekhHdr}}O`Y^$Gz@Uziu;{9mmu{4qOa2Rrm4MvK`=YAk^e{WDTpl>B9
zxgO6<9d21Pda8PKAgkE-74<~s-RPX-Ewz@gV4p(!8l@G$^GOs}ZX-OJ0Yg{Xb0}1#
zA&M6`G#b^&_$&i&yIC01{sC}%VcrECY`=?6Yv13S2?!{RGJmJvZ#?X?o>;nh&A@G?
znM0;j<BCDq)WYTba36jN)q<V%N<pt)cVbz<$S=NoM&w8Ld;lQ^Wm$uO&*<o-ezPYr
zPM<Qk&BcYLV4f*gc`V4qq3}HZ3@)7GwCjMsl}_9&Lc9a(wxY6igy6F1@r8p9_PPa<
zKLi!sg4xr^a^2EY{Gf#svi(UIktt>Rf!|Sbw0m^9e*010V>^{|MLUEni-x7<6r$oW
zoDH{f@UolA<+{w@u02lYB7eoGEctl-03HqRuQ;?lHmkhq*c3HWCY_ZNjO{47R=<}y
zcY3@jezJ5k@@{g6{VHPQ?$9i_hQ8>r9T%By-W;R^goB~X!u}G)Q$3m11b<i)cE~3(
zV-dNnOUu^}QB*VA^z2@#8Vuigf$}b{#t!N*<RsgfZ!{*3*|{AVYPC|*hHXkjaLDpw
zqtQR-9-*8T>p2(AJiK#%s9q;IvP%9;A6j(2y7|pXMKmKG!WeBahKx@6TlkGqCrS^b
ztrDF5z+fc1>7E8DA7VX1_3V-TC(gMEBoRT?ibS70wb#OC1f_c1Ir6X0<^$N_o9?b&
zqCv&{^8uXPKSe$)6C5q>Ah=Q&6HMi7kjv0(hjL!_2%Ab9H%mtv@b%r6<6iMYTv<sc
znRrR}mSyu;W&L1$gl5WuVYXrR2@ydOD>>-i;iI#Z0dUwtr}W}tkNvzeNEsK^g(^!N
z*T7uFI3(%`7JFtMZG|^glZvt`Q_h5<OcEXDxim_k<J0kDkd1_aR4im`)}7Eo#YOfJ
zdNKcp>dpejfgV27DmiVbr5pq(%#G=1$8eX}Msr*Chy`W$SyD}%p)b2HtJ}Q9?aIOa
zqxl(;djRL<Y5p4k4MOflB}<s4J-}-*&{t~rnIqz^U`xNhMiT%J&8O4PV$xPaqr9{!
zzCwKo$&lkLjU~5yTb@NN@U4&w=1m-1-z!?%bFE(#+r=A7xdr+ZTu%$rk16_Zh)sEb
zoQGUM9|Y`r@5?CDA0IpLxm%vk)7r6|>0)v@w@4A@BgM|c!bWF_BtmqTa`&aW_fF|)
z2b#iYs&*s3X9WFV+6Fkm@=@sSEvrk&FOqRWxrJ6-Hu`$5aj+UYj&s<03j<5oaP&=D
zDmk2iLPq`_0XZi7Yz3JB)2tGxJ()X@C2`%q-V+~nsO>(|k)FkqR0vz8ou$OFuc~w%
z+3AK0YR((Acd-!K(iY`RIVYdA5}USFr<w4%+;mUldyUs>0n^oBUHRQLnABT?@SfaD
z^9H)76$nrujrv@-6s=d20=f<!AH&nVW1|*ts2ZxAogpvHJz9eE`hd*&b2ntK4b_F{
zt!*x5b|jW6ew8Y#zjZPke?WV?4>T1s`*YltUuKJD*m4}FU25$+Zas;=$5QH6bjK2s
zDzeSw7+vGYv#C;(+f2N^d7*17CAW!myoHI;$(@)xdsai^<?lE*i?}^v??vy(U_&)+
z<&p+h3tEaBw4V$Mq#Q#jD~ufCTgv<Qj5!Cu>JKsRI5+Hb(mhI@SUgq&<;E!Vd4Me$
zq!{T4%Ql)eFqo-iQ%j3>y&SaN72H2?d{=+roLR&pGENYmNcHfaP-xbVDi*l9H_M3`
z%PdFLBK}R-@kq|NimqM66!qN3P^9eTuH?n?a>jJk0qoDxN?K_`!@6cRr`#7bYd3B(
z?$`Jn6}cREl)tpf-_x>1{ODQuF@nXv*%XnqPg++@I6&*!2aXW<AWf+GK|0s7{&mTN
zQ>9UttHwx~8D~Sj?)%ES$7RByIbC-K?NTw#a;|K}Q!~f_iT(#OG+aTOTPa2#Ta$i1
zv&#RS=6x!<tBxrp6V>;Kvx}f%cjbJWq}m8XvWusf+4aKMi0^sMdu9qXXirb&5e^;C
z#}WeX*8koO$VSF;OppBpCk=xkTi`!(@vkXmhH?9x#du0J8w3Nh?Fc9Cwn;um&bCb6
zn^0O(J+BQD`fbr=+>ag24=6-ix13#b*AYkedbvn>8C3Zs&1`_VVWRk~9YB*uS8J~)
zBj@3|c>rGeZS}yOi>ZE|2>l!VHsPL4qo!5&gWfT4WM%My42C*oCf82BEs-OLeGfvS
z>tSzGxc~lZM_7NilEw@NWjRS~JYrz1TuL%iHOZB$LQbagf%>Fp$PD38J_)%uvqt;b
zmy^f1dg}(+QLJ=)UDyRE>dbP->M8*XEpdzNCBDWPmH*M*9+>hZwR$HDRAue-QjkAU
zLSHudRWqbaw$0xwfYs`rAndN~p_WaaR}i%mJdj3Ll*EFHs)S5oQVya<d*@P<vUryg
zPV2=De&Z!cFQfrX!>&mui3t*X3Y)x5Cx+-}22A^7)XhW=;vQ!akCbbhQ8^uR?rZLa
z6taij@el-Rx-uGsr!7jA)rTA;5u&>0G2f3Lq;<{ZJ^KyI<8I$Wveo}rO>fgIF$ka8
zwCg>KPWp|^^88@bIkgIFGEPwg9ZsozXRbcn=f2p+senTfG7g|IhwJ{L5^n$ISz5dL
z!pPaG6Gc1J0DS|TONU!TT;2x5-};>~5)gg34VA4YZgWzf2C6OT+@tmLQiJv{NF!?6
z5px2LO5C#zewIhspqmpr4It#Sjl;vPh<&80$SIKbkzced&>_~;NzWRP`i4QEmsKc<
zW&M1{sx@j~vd|8J9!aWo$P*&DjrZwvOMpRF!Lg*yy?T;Yg23k8ScSf{Z*9S{P&jQQ
z-$a|d+qYSu_NybO3UOq#I2fmW-j~U>{_sBnJWszClo_CIqlYo7F7Yz*Dr}TRRHs3s
z(q%)Pz84YF5q)escl=DrmvF81^?7*!SV!cy%9Y3HX7wJ9XyQ(+e~O;U6l*Ow$Qfih
z92Htt`0_#4PTB#x!M+=wJZwlbD`V(XysI$|9a8}o$>E`~y}c~33|;ymk9t-cnBg`;
zws!7mU7y=meh2J})~-1e{>y%2`g_1Jzo_el&@^g!Jr9e)Ul=Ji*C<Xj=tCuY?jwB|
z1`zD~7qtIj=3lc_&GsT$A^Ay((gm|^DOrA*dv{<*u|lNx(LPAnb#`=@>^NB8^=iS;
z7JGe$S%4YaBdwLqU;oHVOv*D|A5SM_nM++qd_mCQN68Z~=)83t$i%UEv5p~@9b#xC
z$Dee161Dx}Y~9*g-Euu?U+W8W4Lg>t8+ws%Eu=R0XST~y@jW9m2k6aezK_f7)}^N^
zu%f^hP!)p2RPjLkcXQ*8(c+EHJ81mWS=dJhPzIU7RN(1ft{Kta@pau_-vNsw24qIU
z9|mO}`y!Dr9~}QO%-O0h>RaUlJy+cdRUj{_ka)b_=5qjL`eb|sxtug^&2&rDoJRJW
z#cq>CX)N=8PY3v3!#Kndp|Kn$JHcS&@DaHU{_A>v!_j>%06c`r1*i8!h2bnqtDx)o
zB=Y6l4!%6NZu(h57$SKyHZ3hVPb?0*dj)k>cYEC%B&hT_Iw3g8<1;Be@hy)*1@=~3
zZ<Mowdz?b5hTOHgux_vtE~l<%esOR5e$_;NI_uVfT%+a)FcFPu4|Zubn2>*WEk!wY
zJdYI`a$~P28CW<ev<IafiK|%0h1pMUvYG61N#OHxS7TC5#-N>EMO1b;9)m|uXW|X!
zJb9kzP==s|Y9N#2cFO9ZM$$hIXK#7KXI!9Woi7xTX=hZi+Bk7sql(Z%eAV5!H)t*K
z4O~BfUM}Eaq-+pQJw=;)$`J>dF;N_vWGxDBH;m4LRy3NFt0c=yQ)i=yzsD{=U6a*e
zw~I8TyWa86_<V>JR*CWv-wu*+*e|#f$7w$0;`Z?<sYY-$eO{TtQ`<I#LDnplll=BM
z#_CQwv#aVe$h8BF>^z(qOh|)_<TKnzz(zW(_verdG0@v<`X#y_3Om;Rj1ASMltC!|
z%<N@_CY30WBonV?P<6PkUHzH@dL{Wr4*q7Xi1sU2*2`KFl^Q+4oSvKGq#SNpa^zzz
z%hS86$p)L|pT;~58eSxZHHy}fN-T}+5dm7P^9aL_dB+6rOEt=_0$Fvtvk_<E(q-Ao
zuhln5G_35Qpt{NWCkLwzCw$2+2<%Q0iZqZ9IJDs<yU48$($iZ~*8ZE~>Tr;rlpv_$
zV^?W*c9WX|n8y7r43zqX+i|+JLOxu-W%w_0I)KGr7Stp(ARI`>vQDzkjpM~D@!&)U
zl0Q-EyW{uj7cE#qC~%qCu={0rfBj5Vu`Hm}nWH2Qe+wt&OLxr|mOe6aBA@y<0Y36O
z3=1Y5vbW-XSbeOm1faGR|LxHU+?1#We==()@*cTWIBe!wxw+6p_yCwMs1a7+s3b<*
za_awKMR4JMW6()kwS98|79U=<u+40K>DMZpO6REiFP4J+KUfMz7FPEE<xnsY{4*;4
zH&XF`s}#%(?5zJ2rTBkPDPmP1IaF-1<)AaKs8fo5_EK2Ql5=T>C+Jj?Rx&t^;f`lA
zMiHWtTH`4SC1fR|X=zCgiK%=`Qc_gf_(X~%3t#Z1um9?=|J6V5n&X^*-kE>qoB!T>
zukP8}RGrQldkUMN2`LvHID!S79Gs060P*NyLyIRjN=e-{z(f8z8>g@j<j~0o#rP9K
z;79-k|Ej6vL9q}R3ZTu0jL-roxSmj89x)C~glGQ%J8^^oBrQcC0}Q8OFfBwtCzd&4
z1nz8r4+gJ$zD=)CTm>8y7?^ja!o~0&&cTox1ON^d5BOP3twbqvFjX{!K>v}BWHknZ
z7jGLe3<&~6GnyZ5>gdB(VGRU0V+?>E0qqDxh?RkZ$)WU9n7P=1VR|qY(76n#j+RSa
z;6M<-mBD~2)L{XIUnqzZPzR@DdlQI^EmSu6whSQ4(99VSK<Y!!p3JKWAy$?|sX{fK
zFDn>iI0C+4NCuKK@us1NAdjqoutkzEbkeloBSiperqrW2pmL2Oz_t%UaS_7&>{yAD
zF?(#($>8iHwqt_nl3j~{6?u9OPsl@O*2FKJ0j#*_3qLlCQ-?o<L_oMt!xgh|k!-y1
zVY6cf0(T(Hmd1>+68d@g9Oxkc9zT9<Z4FETARwp$X6FRhZotNZN+Q#>h&d#*LBm#1
zY%E~NfGfnGfj~!!0K@}_4+Z_n`A{87hyVav_7uQ=0!*BNzpBVClHa!Yd_Ev(z>Qam
z4|qVHfA7z&5VoiR!TbU4a~0vpHs{8+=5}o+_6M(}!2mQ6ffi_i$f_QkYvfg6T>w1f
zS8FsAXx=68Z=z-Jg64ohm!?a4A1e;WFhDD&XGO5SHD{B;o{+#T_$==umj~4s(a*j~
zzSO5ZPJYc3zvUlqaTC5|PE_@5upjZ9BY5Uua|8<ePaYLuI2skmiTj1xg%$@~0<4+$
zzr0q%#RXan;yxMs>_}%xhXfI4FwYe+ly)-R?DAJJki-eh(a`dHGy>59<A2eFM@3(S
z?cwR9CMyv_tj^a_YZ0iT*(jNc;^+z-I8qE?@Jx{u#lb@m6j+xE3Mi3)anKAO7f=G^
z(7`Tf;LM&RU|#^|yq8#QF#&L1yF~}C0dRhjBaJfoWrn;0j(<$90CE0?OO62RETnu&
z_p9)Q2S>R@DP1t^-&A4)1qBgMomnzRTcKQP|9fz+T<|FssO}Ez@Kd~X$g%jdMn~N_
z;LmnTj2Yjz&WF2ir1yE@`g1{j$v)z&AN{*y`sk-eFT8vVYnrb|nJxZ)w*q6E!iMQR
z+<K0zzpbj`akC_5!PgW_O6Lwj)J*nznguAl8_(=j8>=ey#DB&JMygW(YK%T-_ra`Z
z6x!GKHnf?@KFe%(rme$d@1<hboW^al#^9h4xWk>L=Nw<LtoVHsREDvW*Vj~UkGL(D
zve-^oTP~%(XQxhVp>$W(q{ZkbVVhq;!z47D{oVdtc=P(?(tdcvzUf0=Isx%dBT!r)
z`$l(;%!QW~wWIs>O2p#ZPVQ=q&fnCYnWw)!K&YSPKdDhO>ye$NDszkvmG}FVXuHg^
z)oD&<BfLWuuKH_b;n&ouD67jIgFsk(%zp5cQH24VFNcTJi;6ZE&AGwHvxdaw7G;}e
zY3=)|Wxjj#USSc&4^v-RW6jU`N9fj2VVvjQ*3#pvz^Le3yzt?ZGACTj@UP}Ob)IZ7
zcueV0kXiz^+H3WK5>xg&sD@Jt%Tf*q8Mr&vIBEwC>5f*zV{XA!s;JafSu5%NHp`gi
zeKwk=enMm|Pa360{tDL%$4ya$v%R^tWQw|7vXkUq(RFuzdBmB{nd;i;y95y=arT=<
zmdcuqCT-OKoe!D+WtVNfg{0@qLC)%%()t(^H&lE#dQD7Ue~~H^!54+GdqB8-n@rld
zDH6Yb+cL1Bxe&dvW$igNB^sW)xr&L1e#xO`#ffcN+1Hn?)$>R&Y^e3j`W9l&sE0Y{
zJ-o<LyeJqAguhTMVpku-g{I8~W0BX7m)tTwd<A{F)F0(LhM%u1bj3Nex$yJdpU>H+
zH%+i@;txY==T#C_B#zO;w@Aby>Oe95t@)G?#WhiaAP9E#8Jff3_Nxx$T5SGmp2jYr
zwCspG(&Zl0CYI%pT2L`Tz}8CqF&lYlP9p%ZgLVJo2`<`ex>D=0=_hgH93{u%)|;%j
zWW>Cv_U>70r8l^;De`^l`5r-aPfLq>=QE|*>%eR@%M&9dSN&DWQx){PCHikFX;~J&
zMW!xC+m5!;?-=!JHIp?x3>!~g1E0w&y+KR25#;n5Vz$%3ZzONKtn-swdZpUG2s-Vr
z5w%K)@1ldwQ>>jd%)3=>tUA+oDWe6ZuL(}uj!TP%VYwF-m->%JX=K>Eb@&kumpI94
zJbP^I9rSi;if{VpIA;==hgy3R9We`0R9y}kDbtJh2_TK=G2Z^Qx!y-BIbS2?<*LWX
z_cdF-9sJc_V{hhNPQA|Ub8%D*+)d4+?Q|@)_0`*rWQ83cF>tvA^$CqO&Woa*4rgY%
z!3&Oz>1As#x>~7?Q|!{WVa-ZHMJ-+{8ek;8sX@ls%#5MkK9f#UnWn&(#~s_m`tI(|
zC%|*`*yY%BxupVAdESq11*!NuYUUNF`$`Ri*It?u-bLz<n9W*t%}-35<cRHmFdv@d
z5w5F@6x%KZ=Nh4|vO?3G!<9%J*tBO!LE2u~&30ku9r+Keu=%}pI6HAQ(#1mXzN)sD
zHCz2j^&BJ558>t)81+l!yJ}8(o#bd(w5Jjp#r$|o@tk*iyZ4^%X-dCAkJ$V!UoD-I
z@==-)o|q=3IiN`y)r%LoQ9omE8_6K!U*=&dzjY2LG^*pFF_AkfgGi2cl<QWTUSHr@
zSDWxnbG^xQN{VY?TxcNEym5i;M{_?o1VVx&N~TH2U-Ti54=0`hSuYds|L7f-A@Y`U
zKIpo6$-UM^d<ZS~%AY5;nx)<`ShUz}QPW{6^H3l?Oy^toT9}@#O@MDkV#-hO+W4d0
zD7`4r#@WW(ci^99E!zyUAmF;dVJRC{cSvc{K46dW)Z<kydndOq$epq^z4BDrXV%>1
zx!TR^@=>0pgnT!@!XX>04y)x>$F{brQ)n7kFyawt|IiG_*R(y#P7EIG@LYRhvC~uN
zuV_*P_S#&+E#Y^IO>Hr~#ozj+ws@^x*1KLa0C%d(-As0Br>?&w6m%2y7dN1GLI~kN
zV83%D<?ZTGq>|q4R&Fy2@w=6=pAAk_y$Q#?9nQVJ9ZRoWrIJ6|);_+It~~3aljBdf
z&AY7r7M&{KrcxG0DR!-D=vVy_zcGsIu*3%J))*2gzG++)?yur1?&u4<V)cw_`6(Rk
z>)NK~$;E=_#G=l+D0>sl!)07bkCe1ZkElpY<4Y!A-25@B?ON9JF?RAM9^1LNfvdJ!
zMqhoBii%WAHQSlz*6*dHzb;k+PHoqrdtFKJ@m*Y8uKBz1n5~!Jub{5ee{fQWeJa+R
zOKiMWb?nR9YJK!ZZfJR=T-9ox+Kt}chJ&@{SCy;e!ET2eIYME8!RdJ`)g_C=eZHpZ
ztX4R*LA>J-2QU>4_zn&~LtmSi!@fk+6#M5#BV)_)(D_LuXC?p64JSS+9J-AxVarUJ
zon`qWhJ4L>Ul08r7VgqPlD_Ntb*MZTbKTgA?v0N3wv@<c!>~8Jh+$FLuC=r`#k49@
z98R*}*xq+ymanpZSlRBJ<Mv}@L#&(kyhxpt-PH_~Lg`i<?pyC`0YTTE^6p&}^6x(v
zJ$@WiTIQM-*BO$SacQUs-kOKKwSFF7*~Ok9VZ6lLSb14WP)^us$T?1Jg*Y~E>dgPr
z-&SJ9XQgu|%!zniLX`5W0{;5dim;7&r;LMR>}0l^Fy?GHS>L=BtY;;n3L>2*c4V%7
zbI0HBK|^Y6bG)~&ZD&^)n;2#O<BFI0aqB5SgS-;+h=W8$xy38%w8PMISM`ReDX-*2
zLHuUWoBlPi!P+iZmHT+~^({GX4-H49A^PN|1{JBF%jOme;?{rDrXXQJ4i#)qEA8a{
z^8vq^%Wg~_gp7G9-8%}L>6h&nJNXAz>c64~=YK^HW;TZZ6FnH282&SQFfp)m{(nRd
z4P<jHwUVO8IXA(P<M#ouNk&L90s^GY69^GF!GSeNCPLy#nG6{qO#y9aYeu4oBGHG%
zHQ-cL1f2oV5w(YsC<-DsUCt1vh>B2AQEPI*(vEMQZuvZOroZpK`>+1@+-=aKgfxXP
z=>&TmVoe=35&%3Rg@tkeK{y)-BgLCrVMQfKn2gId>x3a-ql|<20C*rk$tknQWRy7&
z;{o|<kR5OV-9iJdC;|uvf(g&w1ac4o<Tb*k0wZ949AOp~ZFn78@&$}gNmS2&P#H?x
z0<LdvCRjp&3!w-VC}RK-WvCEPRTZJA1tI7}5taDKK!;TYldJ&4k@4~8!&I@@<VHF+
z83lQys00{_1R-#VfX4y_32KDG$c>k61S^16VYY=GI5FXoAqrrmRH6*9sDz>?5r7m%
z1taVMAe4wV7&r_t20)12fjeyO!d-|L$3!U1pu$R(bV|b*d80-FIIBbi65Ii@We73>
z#!SQrYE}+Zcxr+bNofiJ%H|9YXmy|stOgPvS(JcOld;;sRI$WQFqReCZ$c+|98#eM
zC1C%VBIHs8N>^L2Ift`jMjkwA98L+v88UV_LS?GXLkui((H~xM0u;!$D`>$90q}we
z$-p29904Q}s5r)73cXm2oSkCKtb$HOSn9x>tRP7-Q;1jbX%&I45Co94NjV?l;~U7a
z)1XW$Qb3SM!A32MHz}Bj@cEUe$QD2mK@@k6fF?h_9@_$o(qYC@zZ5$y`f?HZ{w4cb
z--nU>A8Peu$O1&s@ESbecn9?7!Kia{1fDiXj4^R6fU#m<Mou^!@b6N(OW%I3#MkCA
z62ovYv#1fuIidi@DMyP4_(@9ecYkGFlqdX;+Zm_-7JZDvdRnJSC1)Ex{SC)fE0p?$
z2q>yaE4iQ_qC_;n7asmc??fSBR;l{lypkG9feF!weI8;d#<FJxOpH)as%Atm+Q2bO
z$wV4OV5}F6*+UsP5?&DFmr`5OyzVY2_^@;$NU<4Hdl@R}n6044_X7=p0A5=nh!W%F
z!y|R3Aec%7MGgiGk2xek0j{`A3dA9^91G>*0)n$;Sr{)#wSovvPPMpKoqab;4nrgb
zNLb3gJ5)+fl^vx#(?^G}J=VNs_na=%^>6I)Q~orjx89|<YV+#o|6Vz4IOuyk+Jzsg
zGWUkN|LAJkgpi_qe-@YE1P?S_-h9fRB(a$(;rgCl<H-i3tsm;EqINC<CXZ^orGo3n
z-n;i3n~%nL@9ib5pB{I${Jb1cisp}+m&$J_&)St?)0lB{a>}quSE8J$=IQy0d7R&Y
z?vrMr-~A89&Z$WhU`w-Q+qP}nwr!iIZ2J^W*|u%lwr#t*?!?SQKlDTYgpA0@{C4Kv
zYq5K|&pcdvCM!D!jr`iFc1fIh*8dtWZ1Kuo?c}UnJ=>ndQ6InBR|31+;QySmdQl|S
zHT`&xtHVSTt7V!#ThT4>*jigjTDSK7d`^PqMG^STP=_#cL0!Dq&F~u4hCjh>e9Rm;
z#rpgqIJw{=x|j?)3L2p%AL6x!$hq>p%d9+9vGttI%VMP+@&2nefE3c5$e&<tpS`Uz
z(J)>$Up}#GL{_oWVy2ibI@Z8`Ff~03AIY;mFUKw%quG91xfwPU=TkqQ4{b}nvxA3e
zn`3w|e<5*<RXq@=!u`pD7^HvAL7nmo?5d{EWH8}yTkY*?Wc6G^lczCu%F|H4v$Ka<
z=Z^V^!;d6;Ly?%$m8>*?YY6>Go9aGSF_m(j%T5E1X|P*WrD+dAIV)$%UYQ)9S(&mg
zA3B}ctRvT7be-#|pi<tZN>lIQEUW1&LgJ2iV&$l+n%Fau1}OvGrmhiX(Tv+*P&t@i
zayE|<KTo2s?n_xaAu4~S%|wU+@3@$QyiY`i>i|L7xJuV9C*a0dfydp%)j8t-Q~L4T
zt2#Gy7I9d&^6Aqzp_gOPX}U9VLkJ$3;s_h~xifCA#wOcAb@O(tQ}ZgjQB=Z~U3r$N
znQ?6_PLhB4c}ji_H=}&>^mpj3f~ol13((8h-pDE&`_b88GseGXY1#ry|7-C1aT%tb
z)*E|GPj~ck%)0a5JF;)ONY$yS#K^$FQs8aju(#7|s6qdAu|OIR6*_;qecd{rS$$9z
z=Qb_zi>un=T=#*wSubO20k-aCdfM;#etppE!2Uah2_vNXr3VMS$yu8i;X)5D1%dhe
z#_sz}N_+aq>^fyR8Pzh`+5Pika5kZYOSSx9?)Up@KOLC6V@u0O-`+$0dZ~Dnr}sKi
z-+N*59_?0B`LCCt`^ljHpp!bpS0aB*P@L%MXvcsOekgPWQ*86(tLM(3oZ{ADz$oid
zfH~gF(oIe0wM4Ow!Q?}s`JK9E1Q75)O=Q@FW5oq8eb!IcrTbuD{h`cKpHm_TuJt)9
z4*n%_5A}&T`7OLSFKU_z#7+uS{?b&wx*i{Oc+2FjHE%blyqQ&`Otr4|gZ>TWqUAnc
zyDw-WHhp>>4YulIJCz9-b`^A?7AUUl3g6dozDM2<9NrX;q@*gRGHvjqQEGN?tTc_B
zWAyq%r4BbwuMpRT1lFKR{jcx(u`<W*^<sB9$>a9q==rN_-9*f*P-?YvkDWGf-8VA7
zWrdp!W$?G|4rnf7a@;0?uLUp-&5yT;gSQv>l45X-W4iN2y^Y4Jo5~sc7GKM+`x$#Q
zcoQ1tmd48Jhguu0!E^Z3L%cI5qCZ{bvD6rze>fkeV8iBzVo0<3HiU?8X1wl%J+Ef?
zH90SPd?YOxi+a94c-bEfdnQ}XZOrCexs_AUUhO~J;?z&(3wHnoV{r2ShgibM_&>xF
zCKk5;A4Hf47+Klbnf_l&`R`AnjO<K|O#dgC{4YSgEx<0B){AU78<xg0^Q&&_tIcyJ
zMjLF{8y1%=%}c9xHr$pyoPXqJJbwJDZnPWJ%&M=tZmf4^ke!e~O+5vTH)aGFwXw-P
z&A`a;{A(*Cq1gQ+B9a3lB0vK&b%r*_pk7-r0(4+ccP;F!2Oj8w4Z(BskR`~BPC@Du
zo0<S6IJE&&H327acqTJ>WMlx)$jGjL7#m%80mCucQ?Y?fFaeaB*#yKvoD8+O-NBue
znaLH>f8HQ-nexFHoSmKLzs}$g8o{_yu`$;HOklGn{g-p2#X{8pOtp!fa}z)OgcR=5
zI62qu7?|4I+nF%5xS3YDQhf`Hfm_qL(*TqFV+Fv`a~XHzLIIsZmwS7-j0Fh5OH<Rh
zze&}bSsk5NT>yXtfT*2`b7P1{2iAr$P5}T&!6~H20S>SH+59jkK1~I{U%lA=gX#6_
z|GN4TCveW-&w`DKwyC;;vE7`ql>sC>Ruk~=Ooa(b%s|HNogIFK7Z#=#*N*SWi^^+D
z-ZPKy%Spxt8U#TF49x}mv74D2?c1ClOX!>1JdZ=e{DA;YuP=?MtF3BcogE%S+>3h`
znZ)%M%dP8R{&uZTVQa2t%k~3CcE&bN<WFaCYc^JCVr+2-lZyPb1wtbHOi2UE0=Sfs
zk<qD~1jywDI5jgFeii?N>dw8JGtNJh3)jheWpf2UmP_WpeM}}Wiyl}~kOz&hd$<ep
z`25+j-vbelhG}49cL?$d!@}Ak_=<~50+#+6A{cgKa1AzV2ILrr+50$hlB3^F;EB1h
zuF>|x_VeJ4DM}iAM4D{*bN-5-6(3)P-J6&V{C^p}#(=+!Uck;DY>~d%&l{ptUoWZk
z)K#F?pK?@|!k@C0qnm@0cQ4jbz@HdWbLf2<1c9fFeJ+_x8L?dc$)6dKpM|5JxE(){
zw;sh$KXj5~8`Gzf^mF;IA8}g?Tf3w07QpcOX*q)TiS@vg-ebRva^N2=P0if8wuYyl
zWhpMqz-58i;l=YD#&qt;v<|=+)XA*q$#0TjeWN9QwaM{Kuu_8yi|>&vpj>k^qj!C-
zU)HK-;5Do`0{)K*prG}`PINw-So5&oB|0=Wc<*dq-z;tbqzEyZo0~s5vjt*IfSn)H
zfB3w{7a&f6{_PK7sjFNBpN_dWmjGgY{33pYZ~z6f_P^9)l((2x!N+&-|KNFte2L8f
z3SR98feeyfV>AGx|MnnK<UHDgjFUfLI|5;t`VlL*we3J8>3-u6f{s_;Vh7w)eu?FJ
zkM|&A`zs!?1DUFS#R#k|`4TIDP5B|Pm!b{$AyAj130rd`T>P}Qe2YV^6N?FpBdAW|
z()w`+%JBaLrD_T+dAl*N0BHfrW`2{J{b+x#xP2bLl=q$D55hs2nplJ85A$QLeaCBP
z|5RVXPcvZsKnKbJy>bJU3h(+cIeg~*Zndg4dvpbCvL0Ol(2UfMPwHWOD{b>IKTdxc
z89#B5GufX%n}9#IKvavD?rXVrQ=3<l{%k+>0ArIspn?z0pXeY>-yI@w3UO+FHhuQI
z77EKfgv_J6?lx`;G}yDxpVIK>>(B0-1m+t*rGm7pUur>tYXRBeY(Kv|^5dSOA6`bb
z*<is=hL$gMT7iSQ2B&ZJrd)Iou@67NS%+^{YO`4qU+jjUNM{hOjGvd?wVztR_D^g7
z%Upuk+>?PDhFmG%70`AI%&bWq{~s=K1#P)slCu*)%-9?IlK|$o_a!&h8rP>6TW+Gm
z8@i*Q;&*ZqXwvYP`w4+IeC~ig=eM&gCMUPQ*vaFGGl)yr7yS1_7660`Fcu*V{VLWS
znC2pA6aO;Ae#iWc&q)sHj<S4F@r#bzse`XrfNXyCG|Z|?E4mEUnW**#Vo^J?2BGf*
zkENwQtgWnqjn|#$Qk-)7wzaTEdOubs4G&@^K0z>ft~%oCi)X`&(nCwI4dBgRqM0W5
zV<E-S5pS0(boUB;3T<3?%~j>in&WseZ`zE!IJKDhyWh2Czi?XPg`o^bWFy3a9n8bJ
zUSIp75u4wm*Qwyp2EJIbSSOS$qe)LLbdGq2Kt&m|(_vPl!4V$f4!^R5l*}5|qde!E
zOFAx+{TQ(!vjVUFm6iW4im%(|HAaMl?s_GvnsL25v1FL`^xq^7QQeg{W)KhWShRK0
zelC_)YdiiIK}iv!MSSh7+AcDcxDHVKGRx$u`vTrn(0CunJM2vhrCI!JJ_1N`%(Z5g
zVHeUV)L0XPMT=t1x!B$8YKZ|spPUu?R~>9ubSMxV#yFL?ulXI=Kh59ipps?lXh8{Z
z1Vw`TZ}-v=%64@L-TF$Ev%g}5O(=a6mH%)%MTa>VT}}+zN(v2rphgp+!XkxYQt`bi
zz7h`M_4OA;C8MxthE*TU%i+P7)LfX#mJc1$A&RNJ*g#T^ZHUH^c;UdyAhV55zLobV
z{=(rO=DY5xezTgZEq4p&xIOZClms-bbMfiW_y9`T8Q<Y-`7Acv)&OBF$5=<|G}S~_
z?yN*YV^x0%U0yHthRf~H{%p;=*y@QCm&in>%iLtJW0^*VaQJdH=+BkQIrW0(iu#Bd
zojEuYFr%#w2W)*z>xOLHYx|k?pcQ;C*Ds_$!Pj;KFC?y`-b$}0`}f$fUt|M78TZCY
zbtxm;ym01l?g^K8<SS2$RBr4P3j${o-tId~7_3ES1aAa`)MlU4UuoEDqS1LvRsV#1
zrr^Eq4TdRnw7iZ>8}8Tkn~?||uAtiNlt~k}C-XU7;mW!3V$Jie|9m#g_1bh}e<#i)
zQ6`YWp(NV3>jkLQU%&hXi=<FfTPUSo{xVj#P602y#^BB?l^Jv7w@7lp%hC9NVoa(k
z@OLopcICyXm6lZemQ1%SqYRazU5UpmaHdf6djzHXRGwM~1v6uTwiFz(*iOlx_-;-G
z54w@^biN+!kF;^Pwl!qL9-#1&*a@ZJam+HNN0l8yD0Ya_sXRxyr%RW%z8~>wM-&SH
z|N7j&R;z}vYo`mTIz?mvMVZk(ZQdl4r9O_la)a#x#$LFtU5<2yJ9f}O(;prrP<JJ3
zS2bh|?#-Oo^}vaPgAk@(2n^lily`eD+%RrPqIgl^G8othEFmc7iTT83!ldWV5&M(M
z5!bQ9Y7f)DKYJnFlUDU=0*q64eE>z3ZcfdQrBw8Xgj78JPrUaZYB)E|6(_qLkcD+}
z)eB`*+%XTgDsS(C9#C=sWQ&K8H9#Ce10QWR@XKxtsrh0eD%^q?_a!QlAFAuaB@1*g
z2LNt42<CRn8QT7UsDkyFtxWaRmq$;uyWKbbM*8ilU83Ez(2+$4@%)emH6q$4P<W%L
zr03ls{*aIX>;&Q^Hu|Efc6DjUhku>|_~hA!1v3`hfI9Q@NaE7`V5L{^wJ91UU*-G5
z*O0A~`|2&!a0Od+TH#l9nlPkhtW&gay_}=W<)?8A#IvQl%))->Gz{9*PI<*aH>EmQ
zGam~v=!6R8<wi(tk@IwHpr2TIOJ57GGa9^m3Ea^a<dTQ>Ci*0Utj<|xu($C+y9#kG
zYIUYew4*yRR7^d>?Xb96R0Afx)gqjk)itguoyPBD6FIg++6@~g|ERfX-{#N=ycZ=R
z0ql8O74bLRw8_#6N0{IBwksym1aC$faoz(SVD*YG%!3vzuhpL8Ttnip9fp;Z`XpGt
z{>hlPuw&^*(u+e}T|4JC_Hb`i+8ZJX#&O^yT_n(>>SH4)Z4)w-y&e+^N_zGqgF9>7
zp6u}nM|X(P^u@WLxK;%ZG{wL=gzoaem2|uI%T#9@!SPhx{^3LKp%(3$u!Q|GA)TAe
z7W2t+>P4m2H&sftuQC)ySCmiUYEBERjE9>uwEK3p6j2WXB0ZBi9hyS^J;5AG`-24<
znQaQnl|gnaFM5pwHq0h@<tb7va`EHq4n&}PCeTp9o}3?fsdTHih%~$Xv4=9y=S2M=
zGlJo<hdq)|%p(+f)wuM1hgIy~xcAl(L%t|)Wq$DN&Ep32YAV4O_*@*oJu6*Y@H#hz
zPjqiHcs4g^ulN##arFRlhPToKsJCg9X%t_>3)8M?L}D_lKj1KXqfA{p&Yu2leb_?b
z5DEp$aVzbF=QqJW>?{4UscwxlUqsT^n&-A1bOXzVb{O@|T6+3p6>|o=(<0&cjW8%N
zOHu=y@HTmlX3wJXOi@-n4Y_Wt)Ia~Y^OsOa+COGb)^T}2OPvwD7opG^+63;69v!xe
z{-dY<(sP<uZ$nXy;Y-%z=$A1am4yK%jOdNHB+0EsaK69giI6_iVZ*jZOo<3_<sa}H
zplTPZ>8+PK{?!X1p(=)^TA9YG6x+j{p(_IT4GK5c2Ms}M&7<yTkdwqc(a+%A9?9Bh
zgHG8-$t?Oi_<LM_ym(%s`4*un+um8?Zx3RlrZ1}lKdm;JCb~|ifAtjjf%a6uL~%R(
zO#X65K1?ml%SU0?ZTL_fp$z)IrUqP632j?n((9hUGcefh>^u!cd=2N$$)xfLPA0r4
zOmFB_IHJJyx~8gePf_g3g8>3O(JzL<9DZhMY42pqb{Fe2nH>59AbQVRvI5c>%=$I^
z#@;n+L_Ur=g-T^I+40==D+1scZ^cF~PQ_&`yC#Hp_BLV~9lh@i{xaq@LZEPWfyg+>
zbgwK5k|yZXcmqLow4;YV<tCu`a%V~#FAl(cKS59|6GA6+>C=f1j3u*MPeKHdhsH5T
z<=BLZcI!p$e>m>-fiuWIf1c|Z2vWqwb0HA9%|BVz4dNhcJ6GQT+{{4tu_XR=0DBp`
z!4IXf<dvq7i{8!}Q=gpT+X$`73(k4e9m_<TF%6|F@i!$p%k2T-%J#gMn63Euz-3t3
zZt6AyW*^MZY9S^($(?9S>GBjV6K!i7<B*z;?B<*B0RpjfmA1x3M`_;#K3P_?ALiqP
z#pkMYdpoXw-I`$O+Cb85mte02w|9c1R>mht3sRYG2KFlr9<ww94kz4sx5Z<YiGB(`
zN+Dd~XPTjJNKt+MwU{m^r<U0Epc1EkuFAPtJqMn0EtMDC=eKRYtb~&jBcp=W=#RJ`
zth1`WLX9lceZlkujasNxMU69nhOHZE&HWWVQQ#`Z?D0i5+<J>nlWhj8&9OOaDO9eE
zV!jw64{S4pkNij%B`T~?&xmI=8TRx045tQMARmt7ncqUZ!6f-=#`^F`svKv)Jli-{
z!gMFkY(^)``Qgq|!`F7*+FGpBvG?WH1BLXE1JMw1X&Ux7tc8nt28Luh%9qE7o7`DW
zwx22o*G8nqAxObWnrHAeD2G<gHc!uopln=;1{|17*tQ-Bj}^s{;mqjhaDixDdulE6
zj`N4eSfUPu{6&Lcn!Y#PHA?$Zn%|vSIV&P)QZk%N^sZEhv}^A{#>mDq!d$J_r0Ds4
zc&RBZYrao%hU$&Kb64p~dR_;H1f1%GSmDcTiag{7{~42>%EE^mJfgU-Z@NUbfa@8T
z6pA5qmLYF0`P@A13_8VAtDC-G7$UI|;SNuqXAKvT$T3rNaSrO+sT`$<XKY5(<-%a$
z_xvzET=rG-Nf=aomccgM)7k3@q{-q85k*2CuZ3C96`|m}1r8QsdX0aE|Jc6fI?5b7
z_%qu;)s-uDNzZO6Yf(}-NUAV-8J!yO>3v&{sIrNIo&s=tsvyRKjUgrveqGzR>2<$x
z>>KPBnw}qS=xM!XBYg-Os=~;4QSK9lZNNz7K{FX$#x5}fD~WLZ&**u?U@|SGOzkHk
zv)s~zQ%PL|gAWv37Q%1k#P%`S8dOJYwW83imnFVaw;?k%gOKXF{Z4rpR*vfrHbbXf
z<TAYhUXi@v@Xxo<-<atS;cD*GQzeV_F1ohy*O9xH-U(C~`*u9jS0N;QtR1}23?Y)&
zV3mI=C0&%$@nP6PHnuu%#esVJTBM~TPE+=Isf5G~CGKP6Y2(hOmk(=djrfXWM(cf6
z8C43L<u57~EZX!^l+@DMj}KR)c?R^a)_Sf_e`quTfH`tHay8A*butNEe8Gl?i#7fh
zhN<ALn(*$_MT>($QM`}L`5PLy%XrPydDUv!(-!G7!)+(4tf(LEvYi%$?!3C-%0^`9
z1R6%=qzsYPl7h{ms*2$~pf~jJ{5`2^JiU%IlN3o^jjnue6NRHfWYOV28D&6HZU*4k
z!(hsAtM;FTPsG&^>Q)I0-N&8|_qqW+z<JK+T0A0r<xwC`zPL{y71UR2;9y7Ff9Ptv
z)ukV&H1IrvhU<wu&_s(RX6mJ~P=k}3K^l8VX>^64G(}QSPgz&PDZ^cP)TR2_Jh_0E
zIAX<7ATf${dNzPcye21C!Eyv_VLXa?sB~&;puz9u&sl%cglfTDfDVPdIYwHwpkC;-
zPq#1D>aTF>(2>h`!Xhf3o$V~PuQ)8E9O*G@caYA-L+5ozx^_BZWhF5+yIEOcD{C?G
z-{D$}+@{C*_laX1`DD61=PFH_p5NK1Vcq!_qeY^TkHkJ$1{3~hn@QY*xmNP;%kXZa
zM5eQ-d^2>6@buqRw%)4jM6GVW0T4LYxxJ(s?2CuwfZe<6sz^>h3iVQnre>hwLRqDh
zn_N63@pDPn=Mg&pLKG>!%mot(vI?asWq7CjVMfIkqDR6GQh?p`Eb3X+d2#^RahTDj
zH1_n3SldMcpE!1VMI|MR#wr#fG>hsYezM5x9p3u!kX~MURa2Qx4%L#2B#wT1e|yhT
z*;>KNX_FFu=Omiroc~n?xHh2=3pq~1Q3zwX@jUtp5-z(*RpuYMQLsZ|_pC;jBKu!g
za|UzCzeF{I10ZJ+-wMn=cI%I>7+4bp(xrdM_(bBjUa*uIJSRZisVm0s655(FH)W7n
z`dQ?EO4(kStQd$XPp;M<*ne0Gc3rwD!;pGZsX2p@7jrHQum1V?yw_bVRG??>HNy9y
zXn_L~%Js3cd@{A99`Xh`zgaZTt)jPmOro$TSv2w}J0oR0BC<kUZrEnhife#B6_?~I
z7=?sBhr#aoN~%Tm=JaN~GKg{Vk7lZ=!n&;YBkR<H2F(s|%tKhPfZAsLqpj^-))kCV
z6Xv0R5Gp+sA%V=0GMYf+>LeRnlMi=PntQ*l^gQjF6+@2O*3$@;TcyCgt(nvCj_3cA
zrn?V%&&D$+YECsCHlmP_Fu!y3!cZKQ?KJNz)W>d-S#WfzN|+fWhYM*uIdey85HW)e
zd@U-<B5Af+t4yt)XHA3LF)GRe0L+XW7`7K;R^DE@<u&l}l!m^VsRv#??Sy|^sg$ad
z=to#9wLx6^`9~`wdbkwlW}yrq$M&T)Jfek&0(yz`M+e08#Vox^Y?2Z#Onz(cu|UjA
zn$}y3uEzPSWG22-&(Y#sa1n=zFgQw3<gFsA&!v==s$U>gtXk7~OnY1$ymFl`TfmNh
zui?Hb^Y#oaZSH%Xm{W=4{I!FdX@A>@E15?VBPCqY@a;*xiN^rWZ~h>j3FM^NIl%9)
zuMI+Ei8h(jJk%QH40x6GgWU1lEK`Myi2Gr;y{BFz{h9|WQ=*}mE=sF165HLPwZm;9
zX@UHJo|!-<U#9D!-3@gT%-D$9+L(6hXCBGZn>3b+mS<IDqAb@z43m3eCzAEQHW*#<
z*PKp;;8!r})9+?j>DKlL#B(H63|4dP^!SVI)g&k<u&VKCAu<gU7ftjB$p)qu=MHw+
z&zb7d<tLftS1Sh#XRq5awQtLCL#lf=xmHk|sQN-I;{a}um+$8*FCs=VnS$lm%^Zl2
zhJ~jE<CiL15*Rm-AW-zVD)V`5M?|z`DrA@g`uoH_xPoa~8Jl6%e`*W)@4*esS}@R=
z=@<peaPKeNz16yED`@QMD3_2TV}~e@kN<*zqjTVNtuk(U{^pk-`a@a+`?`4~yX2yD
zOusUFIT~#iLnO?6zq?r=3F!D&>0!!RZFWromOxNjuHG>uq6RV%jMq-Blx3P`zbz&P
za^{G|aLR9_#&F2-u>urX_Cn)lASn*XAyL^<7i^{wvCE_Q*%uo$Q#-ZY%Tm(8hIKQS
zmV?T_y<6}zo#tL4cmBBEZF}c2tw5tVf=FsYZJm;!87Z_)6ymT6X0e%Y_ZkGNKrB1(
zcmMMVXnhfesjjo8zD(e1D^~qe0*}T9Z!Fw9LRE#Nx0|UESF#zVGn2-AGbf*U9ajvI
zT4vTdF5CAep$#UdHB>0U(y9>_*^e?G%P_50;H)Hjre}c@g>Z~*0%w>HZG=@^yu-~-
zsUsFf`batvRdx}!Y?|cIY-wb5mywI=B`eNS-j}(sbXvSGIWhXwlZ51(@P?-%F@9XX
zthCsnbH2Z_Qq1Zi4ir<%&hPtOUq*RLfsFV)z2LrS+Q1sSjL&x8ffGZf){jxu)pkw1
z$ytyM^8}|TA`D{4)7|tz#*FtPt5N#sNNfh<q}3Ex;!%)z5<N9eJ|3@-!ez|UKD-qh
zeRHY|XLus#nDImmAMx^dWn|r#JcNN5!eD5m)*8-qd%YJ=7W841V*>y6_yD|Y3F9@J
zSP*`zokH;Lb-Q|^?QYKf*Rw!kovI%?x`(JCSLE9J_rJrB&e4=4>#&Jkv4<>1axSQ1
z-H=F_y$QCxlue~)%$c*<>`&Gxy4IB$3)1NG;TaRz6SB8mzhj#BqUtSLXjfsLf0GOL
zQP)(%<ADZrnxG^0uWrIVOMH33AT1?=X=y6TZ?FdvPraeqt{j9uh1J<>bxJX}H8=f!
zvTvscj=^UvXI`747tc57hCVY2|ADK*wup<h8E1Rog3EOBqk9>Pc8~oZge5<v=$RIw
zi{7rvQozp={m>5khKlc&KsQ^9#e&6kGbv!16uENxaVVoJ&{q*)RXHYI)z+glZp$(+
ze&R&6g3bbMLOY9J<W03vW;G!@){aRF7QRmr&22;WN~nGSudg7xWzY8ED^UolS@nuy
z<u3^Tt;SOH+kS8h<5b)ou0g>Iz}l8UXcH690UWb@?KoqXKsaW5@{v!nV%W)G@Zd5d
z=fVJdndOkYii-0Bz)*E3KJ<k2aHTb5l|+xa$BvjnkN3OA6#gpOpdkMnU#>auYAosM
z_-^k`wcU`u4p1T*=6OCaA30p)181zRR6Tjfc*F+`Ig)5KFws;wI0>3<2uGpzp45Jy
zncHN;fe87oWpF*x7F;LR+ldILte9uXNs@HCPNxnTcN%gVG}OVNBYg^sT#R4x{%=Bf
zO;&48`>c8<_oyW5yH*xr|7C7lu$yC{6+?l_jnVUX)dI98bB!&?!ZBs+sSRt&DnJWs
zV^kn0U<I;xBJ-6^hPDqiBpYVTQ9J*;TgG-0*Zne=0gIn!<5RojqEm&393`Ryd7|9I
zVii(BY7qw0sV0$~A|OmGwLpbdk=k-wQTzJ)=Jor~l$e>q<4R`$tFGs<z-nByapgPv
zeBwWv$)F+RDbZx+w>YNrz*{S+(zLPc{;^q@^XjmmovggIheF%nW!%$_8PWB7ujK7n
ze+*W~zD<?SBlR#*=ouR-gK?biut#*HHeHZTMHI8wcq3Q+o*Dz%0$l-Zj9(csti)vn
zUH;mJgZ<31xkcXGO>%E5)veS&bhjj4d1*P)vYmOL8lX%!6t8+1U19}m%qQhrKJsNN
zSTe$g`*T14!i$LVWy=nVy3-030tU5^4EUEa>j_%NdX5ZQLin<Pu_0mUI3nj!<}ZPQ
zhq=$%kp|_{iYRNZK&n(>aN}&%`NieqY1X|j_Oy)U->jK0P#Cy72!34();pX_fl>D)
z)3zXKZlKiHg@Ut%?5?_$JR`^5v0t)0F_kgMTQYx5=1>qlCz2z2aeNji&@$tr8@G!m
zSWQ8k*sj6XaT`K(c;aqLED0~h*hE^Q_a#q->+#-(5LQ#`8&k%-6WhU5`nBC41{Uuv
zjXn5d!@ZFTF_6!k)lSRLf(+iPxv)t!u{8BbqOw(+mCaJ931q1qi>3bAInu=-ofUa1
zDoyTE1MP?UnYnC*BJC1>azA;TzOXo7UHE6%3gdpuJ&1Wu<s@UjkJD<weCf}wo%h47
zgL3N%0AM%8jSWv{K7!-rIvB58^g)vMWieD7ZUr|W>WYsm%WPN+UcNp?Gu;GP?am&{
zb=ZpT;1?&=)unsJyU00Dl$Z4QiO$i(fLqNKl*2&H7T9Ez1%DN!OM|;~ME=2p5FKh%
ziWO1QB)-`YEN(in8hn2n=^yL*i$Y3K72xu1|0xiA5)oDlZ|Vm<Z`OR?dp_L$KR0>M
zP(#8e2iuak1JXVj&!lJ66r^CaBTo2a>Y74d5-MmrS1JT-9gaH=+l8}}U%jp`6RZl!
z#cwjm$1e9CNxyhgJSZ>%e3B&2CUnUjv3kMev>^$rOIJ%(-j4VTLd7e)+`52v{jgW*
z861XXqWm^b)r%g;<z5BmvFy@bOpjsdr#kP|3XOgg?>vLoToZkJ_RoMLtgw{U$w%S$
za`%N=#bjnkUXNrqB{fMiU67^jxC-|rA{y(=4M1XBPepEiHwTJ%fPms@kt5)7JJ0N@
zw3y>?hbFh;ObfY?`<7fwcd}Qr35R~0Y!q+fRqw$QsVaGWve{3K0w{ZrODi{)@^R)d
zcLQg|`Ne5c7gW|^fX7f~L{U;@CGM>V2aM^Bu0Z-_Pn|)E+f6m0((#Meka}?S3aQ}4
zeQOBo)T>>O)H9O-sv9YI2cC?EvqG&M`_#JpyS>L1W`nTIm~C=bCP5=)It4E>`xYzK
zYYBIB$|`c@7k-biv41H%H=kH0`|_wLs*0?TM+B9fSNR7gT^_am?Ru_gk4c4S3pP+j
zl?&0Z_Zb%P0AKDbShbP`6mC4I(q8*LAZ{)7D1@B)w#ST)m2|`JIC-h=bdsSkI@Y3d
zZ6N0I$+=XnI!wSu(>iW4E?bdViv*U-_0~NF&ce>AmBsKKRa#O8iwT3_8k!C%!u&q7
zs7IPbK|y9hQ8vZ=EBt%n{peMh#U1U1N)t)~9p$1J6nVv~R4jYh!_&(i1w-ps&!>x`
zQk9a`0$KjJ){}LQmS0SH+9Wb>t53ko`1pC1`^}S3(or9Wx+I+Akub~wtsEu#c@xvZ
zz|yp-U&KUld5r|R(_YC#6AL1DzoY0U2s7S)y-8UtM_;s^G+;{Gk(RdX`j$Mx=F)S7
zg?DGADu7(KKlDWe^-jB4e4lJB_b$fs*@)IHb|d_JzK|O1f(34r;d#e6BcC1jPC%aA
zS{Qr)B7@Fn-4~u{k=#$2AK`tO^NOD9tVkx#^0j!&0UZE+i$h{B+hIZ}Lem92N4*oT
zZUaloqQcq#XeQW;3ZUoqtBax!Ltzj)8k)=tzeDgEMdJPG3{(2m^A=PdOk(>fy*l2?
z{cYpU$tQGg0qc;?QCQS5NSVRR`t>8u3o>#5={g#%;Qg~m{{a1BKNWU3J(1tC;7@Ax
zAj1J&61AwkJwaVxj=3iWMN{198~+G;4eLT2A(Yy?Je?~zavNJo&ip50tq`7k)@A^&
z7pyvJwLF8GBUShkUmZ{RPvdS~&a&#hnbf^q>DY2QRgG%T7spuRPTjZ&I_->Ac7;1m
zCITUQ(B~#&K_oKwSrif$sy<v^{vWuLU&lA4y-LdmDX3YwvD%~mWnb8SurvnFiNMRy
ztxy&#4Yy0HZ5}NfIEI<wgnRVyCbk4;^wN3H%eYkNlY<r#etQEeVUSt>kE2~_>wdf0
z3(DAA<Gzg5qRBCH4S0JNdGM1Um9<x*xb<HNG?h1b`eJNLv*v$OchZ=8Q<6c@!*K|2
z8mJEv%X@oIVb0e<M)Y6AQf*FbxAIL_(8uC)TUH?pb3#1Q8Al&>N#aT8REokV`e2P{
zrwU1R34`U?bIr%J&f#Q-(gX-ZPw4ea6D2z#-B<%wN;~R0CaY1Ohnwsy)cB*^5|9%7
zz+PoT$+4)8FQvUY&4&*z+iV*9fvVB!&2h{Vj%eZ|lo;jyqs$I@d*Orkb-~Lm{k$jp
zrB<OtMpIic_yaQq!`e|-xa~DHhZs>TXtZhbbd@%Jp(w%`EOjTJR#qG-HFNb~BWod*
z>T%)myGPy{>5+UA(~-N9<9+l*W#nUIp4`fzn;%2&G~u`veLMWM`ZN?UT$qt3BTh#3
zuS&pZe2yV+1MpK-0&3IntU~zUHh-im`9f`t#Y{3_!vAqG2~7FT>`u*p9zUMC-m!r(
zAO{7-!J!&L7(&XE8mLRZ{oPJO&Y0#%%lvsjQUxe_^nFSH$R46m!Ky@7-#p|-*6wg%
zRuWz+xgA<2CJTMbHVXhRA%2`{v37XrPk$>Qnhqet7u~LXghh`DPKlK^c|`A(CUJ0o
zMuvm+-yNv{9jZ;bHHm`XeO;fD6-pk6!21#MbP@9%fFNJ+Vv5jMSaDU2Ip2-sQ_!Pl
zMLk`&48W>MR>>9GKvN-!ZAth$V=ISpk#wAq+jZ!sB!Ie>+3GL-$arDViHeRmNjCJB
zZbkycDnn9t0Q>^ILYt~P$A^ulCQS#M=Yc_%4?pyG5P}oH0t?=jV=`6rxoa+3?6+-s
z+;wAz$i{e6&36(CeoYoq2dI9wSKYGCTkt7ZEaebwjiCs;6uZc06?}?W`2>GDG5U>o
zY(f{XIICH9gw0ozW;LcJb_lcj3TMctC6{10%A!EqM3bT~Rmw!f1`8B*o|y1p{dvv4
z%5mfF{M4J1BKJfmr{F#~o6w#E{?zFw*)83p2UjK*K=?uw-N<<IVFZ!Yk1rH<6=J<A
z$KdlxL?qiDb$v)|5fu9|&^}47`|sxBE_$-R0rrm9H)X06o`(`j=&o~A85eK2fJezp
zLKRZ~-z%6P_4bAWezT7-f|(pUe*I+NnBL6Uw6*TF$K?FKTbc~jviIC#9pD^n`1I~V
zcpgYQlRNSz26Wnm&4^Sne7$;5KAoQ6jA{Y|O!ynoPtcH6?sX$PU`)<7GZMu^R$jlx
zVAfmngJ3YCd-Pgssupr16+EfGd9CZU)FMW<hh1bX={9&I7gCT`$-7TmDZeCw?n~=_
z=Gg70y#<oIVAt$E0~h>788G`)Z8nt~M$a(OF9=xe4*kkNx-bXCxdi*eioQqq@k%?N
z*V_(;=RSG-NLH^Kj!xQZa=2I1uJymXOzB@Lz>X1h>u{tiV7nD0mIW6@RhV3j29#O;
zdHAZ*SFtE{<vKY5Wtwc{?AYjVOV=KfjPmsvQ#+tvZKCobFMGQN6@-&G4RTHdD#@FF
zA;JN1>=MzMvl_-3E2V8$%J`l#pUL`?bKFeDKR^dK?a;iBqZkK)4sF}Iqk{Kd7}ugh
z)$v11kH*9r80=SwO`2UM#3u69#AriCdGPh)9?3v9k)jcoDlhgzWVZ-x!@CX!X1acx
z9hNOv4~bfe7fHmH84zbPeKju;fT{hbc6ey;^@<RoJN-QL6go$bN<}vr(&zlD_ZQ^F
zKlbrSXfo+(EcYg_j3|xT18YlXzHKeK`}hu;;F|lm+hS}k;quh%b${4$ZmsHu6#&G0
zZCuwh#*(Bqi%yw1B0OKMPs2&7Tk#5cV5{XciRvk-^S6}{5pkTgH=9XN$&T<=N<D98
z9I^i%?aMzGI;HL)81Gn8z(c|l>bcK#9?QZi*wuYvQPeMjEqKj5e08}Bu8J@j%iU*I
zI}KWo;T7ZmDKA@rQmwsDxN1)Nj-Djs3^Ilpj7T{{ZWsigXF+itR>q*eK}WhQN2ueT
z%ETp*j$Wy!BPB%MHrNhAPz5OF1^6KO2Wut~&4Vu}gY7%bPv^b<Ct2bt7vdp5U~{3z
zx-o~=B}uV8j8}Nm#REjRQtL}kX65UQwQZ`G-}z%GdqqJx64;zlH9aDK(z-9F_S3)Q
z?OD0L{eC3}k`&OM(ujDR(eQz4a0w2u1FV>%Ze%ygEXMv5N0X3BsZcUAWf>GnqA!~-
zIxE%s$wO6Lzphj0HLJ^Xz&cTuPjo75^myTvccaPoKv;Ef3V!k?&S>ux#q{o!wD|S>
z-skgrH|&XCE*tE^-+UpSf<(PJ4IwsK5I7UPf+%;c+Z0<8io~6!O(bOP_d*%L8sZC<
zx!Y>OY~&ci6vz&ye+kQv<z8_aiWrlp*}Vya^K}Yep}>M^*7PTr)q|N=;QQyyx=c~0
zz~UVxTE4uF=N|b?dOML-na8vvs2GouyT*^4n8RYCG2Y)O&RI>CWSjewR#=Krpc0I1
zmWj=)+j5$tyiio+IvWH?LGsS^AeT(Pcc55Gpu$J(7Ft&0J6t_@;!(~_$IONU_vGZz
z;{FE?-T*eF*$$KAx>oUGYFo5_&BkY?knSY!j}ZKOb}NOt)(D>07>!ttnm7}49Ez%0
zolAF?axn`@itWrdz&czLnmwvr{<)gN;K_g@Dh#GiYa;o6fDVt1fwQ-Vyd1iAl8XyT
zF;4^$g(c^eV&}R3u1NroyFmtih{-bwBr4U4m-1hy9CB0bYS%6+tO;DST9OTis>!dV
zC4$VG0-4=zzvxWGNtyea!U-JX)UR_eoUwtH_P8;U*m$6;ILi3=Sq&iF-cydC#M5)Z
zb<d?4*^=Ufxpha(%YL;sX=03u*?neOXCm%AqPL^CEQJA=gwJa1*2oT@MvJpG7X|dj
zQs09@2H7SHd#YH5G0~g8c`0H<Tuaz^X7rx<O$6>D%AKZ6=*s*>+;L$vgDzW-kR9=N
zCJA<-dG<6a2$7{FnAy}r%@t=t@YInAGjw!#UVt|4gz$zqrW4B2d*7irLai>IPIDK@
zEzc|JsjScX7s#3~S9^dROse|&z>)v~?CeVq-t`y4fgl23vL%g!)Hm%u#hgS8=uaJK
zr94v6`C=KEJrAKl>CJlEif41d00DaCJOs$hg7j-%H3pk@d8&;+7I5JLD8es}-YW~e
z9fBwgGpF;O-E<7yA#(GjB_fof<jj1Sbk?x+x{n5&Wa(Qsv-4PP5~(!vq97B5Ajxt(
zgz^LM(>s{eQ5o)LZ&R2}!fR5|on^>8TxP7cj^y-Vgum4VAcis0rK6kNT?)KwEFjAc
zl=YkL#8h?~vn}UVQb@}3arZaNj}eIa0+$v{z<@#K($NoIy5+NYc&UYErPC6$DB~&y
zX@Qq&X1iJh)%;PkZ2MBcNrup_CM@QY`qC*=%a@89_po|tt@x@S;t01@rtDm28uKd#
z<<0HY#l&$Adl7g+*4n80L*Ll$Xkymykd2d++~ywFCm@kjER`Ndd1-jrA0@dWF>P>g
zHA0JeR~PxZ!XX51x;Kgm1%x?}EuXjEsK}C7D+%QMc(*|skekOXxtRN=H4HU4&R>UG
z`Z`?j1PYH07{~FDI3HrgDKR}*tK+TeHx}MXU<j`8tEWn!F$vJrYt{)I4^J^Txtj9d
zyS$I0E=EiSQ;*$Fm)#@GKJv_qkN)CM@f=(Z!|*7Hw))SuO|?>l%`qUFx#Gd5A{FK&
zL<&lE0}*DOf1T8jA!02}r+oVFzz?{>9leRe6luG`@W0JN^|iY%W^_G(?#mEi6~Shc
z4L45W>`vJ2gz~AS%ZpGQ;I7PN(J`vTFJy7Yim-h}*5C#;c50|vAFT>k?xEh!Y|;N1
z(eS5Q#Fg^a@`zB|O5(=J1HPF7ndN7#QmI35id7$w-UZV*1sKqbqZ0e+M>uUgdH9{&
zWe1xXkMv}#Ny&?4y6-eV?&K&O6buY|G?YsfHwJSXlDF}fxAkxwo2KE*wokxJ{ZgCW
zrwO}C^c-)uP)HSwIC<`2&4FHwbh~G9r>iipzcn8Gi`UnUE%@-Nyr(&$cO$ZHK4eGL
z32#n|IE*J01%@h9FVH;(trtRE^PPzH^`qX7<)8LMQjw|^j>hve<?|49&em-PwsCtz
zObrtd&o|t`f%Kw!q8fCu?45MaCMk;l`h9X7KyK-w--ZytJr+}Y6<AB{!(eo7=6fY9
zqb&JtUd4J32g%G@%}{O0X}J?GBEx!OO7cTtL5Z(<g>S_}H|?Sg2*Ecgb0clpUHD&n
z3TsGykQIRzDg_C}S6LY-cM7L}bG>c>h%uU@fK|P<N~7Ymo4Jcw;+&{Dv-8kf`jV&^
zt~m4oRvc;yfPvvLh4SZTPwp|#?wFxIld&w_e#AM~l$L9M)6ZcP0tpuX3!pS2LA%w9
zh3=L$IiCb?8P)kmoiKAc0P(>kSKVYjCOSnUzXDytks@Cu?uB<q`7KsN{Q_b|n)cd1
zC|&)hm7Fgh7CwJWFRg}0IU95vYP=*fMyLq2HJI<q%1|JNBjxHAnmKZ4!?kd_f0m+7
z63(U?^j`v`X{>`5PDJsYTayY07=QN2Auv<S0>k8W)9F@u6ik>dVA1Y~sK-<B%I?5L
z0@G9n(Ki=-qR$Qk&cjseNw_wA3%afK4?wgqGnX)sR{}4J)b*|4`*R!QP^TTFoe-j=
z5?~e6Dy&~BOE%NP3&$e5KLOpzm4Ru&sO5$fdwCarJUbv2ubCni_mvK!5(K-Knab<x
zFoIWNQO}@h$V0Vq^x^g?_88v))&Po)HWSKXr`D7&&ui)R=#^e%q(y#M0RO7OlVQac
z9MLb=APu@B)-cMqaT$wuD4BHokvG%^8~foyCzNw2S*4s~=jLG9HxD!rUzF8oIw5qz
zb8+iFYI*KSm3Odmx31?bcIKUItmWpd02xo-Beh{mcw=W~&ZN(3q4Cn=d;U1}(YjzS
zh(7GlZm#R*pV*$M%3c2K8zzks=eXwhVpbL_9O3U_izw?FlhULPupR4wX)Nob3j8-2
zzlFZ_R%RbJpOo&f`h)((+(g1(@9(A|!(B5-1>TIuAC8Pgh>!uf<lpg|aHDp=#fH{6
zWwZF&8TGgPmnD90wp`ao#MfslgKd`C4)tLftyNP#M!#c(#0j-<c!v{GqE=5s#ZwuC
zTq;x*>z<<M`;$C!S6p`W3xb9Nmy9!Uj8<ihOZ&Ln8Z%zy3QA#^Gc-smAxE5t6;vu&
zBQ*-WH9WmnAblDmJz_flXyn&lso`eXy+()kO^VxbvfvaR!8<LhbX0^pd{+NKV{JfJ
zS;FlTON2=8WqvL}zb2byl80pr&Be$xJpR+{aHiQB2Wr|aiI&lb$S*cc-vwAvZ&73<
zn$$`*q-5QEAaTDwW}k%RZa3qiME{#kctwchMq21&{7hK-qJ7BWSmB=D%3``Z`eOQn
z3?VMG#Jz#*77hb(YW|)wRF-Cr(D(BWrpkk6h`<SRDmg*7sNrsiG2w4}$WR!O0h{TJ
zEs&YUM01VzM(r)e^0;(UzBzq$Lbm$gT3nO-h1l6wDpi#`tDXa;8$_Jr_SL+b*6x~v
zj1Ed`VG^t#_`z_Kp6T!yZRVEr;Cm>gVd$2`Y?+$`vuu?M#JY>2BuwYBPbIXN4}soy
z_swt(S(wuyz{QQRiK$!SM#=5ptHr}-$($f4GmZDR#T%ylysmb~Z5OD`<ZujcRL-nH
z11lTz_jT8)o=cQo4W+X*PV&6<YF#jrBk^Hc8U4w-i0{8$7z{|;oRByKs&Ma3mp;l?
z+I5FY0zC=^zx9i1Xealo#tA#0OEE`{V#|8NMxs&pqRABO=t%AMa#4#vRt*kqOQ#Rl
z7m;wW729V&(t;hIAM_oy{Ngzqauxh%wmo|5>FCLjszMi+qeADnes|epGov(X2x!b)
z`&5u-xt=X{GU0q;UEj!T!By^dn3Wa)=F~;qfL4;bwvVqPA}=LC4W+H8Ovoj+6dvS@
zkz2ztjnpM>{rJH>?Rtj>t#teOeXr%n6ti%Z{KZk?ChgcE$*Xfjn=g~%G5T>-_*N#~
zJTB|8?XSnywRBU-qN<fWa$J*lBxU_Blyg&0buCA_CLf>!d!}r#S*-9t&OC0Jwu!)=
zZTUoiVdDv9WHe;FibqKqhOF;`s%Z|&Pn$0(CwoZ#&5G-9Hl=z|VZ*$n)yD=F^OXtQ
zEGUlcIjI&3u9x$LbUX+L?!0B!$Og%i`2FHGO?6*;)DeRCb2Rb-j?iiP-*x>JH26}#
zW<=@0rE|>=h*Zs;yTQ2yvaW*^dzW9>e(OYkgP4By?#CIH_YtVM>M~u+w6Fw21aEZf
z&pIRH;PCXFLXuWz1Ye@B>vK}73>IbX3oyY08EGFLBGW(OhgjP9f;3)kHk1jTaj|7v
zoQlAMvp<bv92=lviN{PHYY|}vgjMn*lqSlOayD`-38hXypLuw!7SizHRanGtHYgxZ
zpg90xHazn}%co^o`7K#IKHsyt`fCZIT$Z^Q-!e-?zg@4IV$fGn1?PyON6yiw%Kk9<
z*y2+ggN`-(d$C^YZp%r?P9rVnWL){&TrF2{0Sx=%g}x~K+}98Llgu&01X82TfOEff
z2KB{<lm;tXwIXjUry&*evo$7J3qWdfA)H%v;D+MvA<Hb_!wMIOD1uYCYIG=`CbPei
z$voOqqP75U$PEy;3?J~@6@3@C>Adk=mBzxnOCNsgedz2jFAAY19J-3Tf6RCB8#4i$
zj5?=b6KGj_&JL^dL@j7waJItyp*?;pNOg=Wh|&Eu&^!ZP#fS=N(aWRtaV5dPL!|a!
zq)JCxN)P5mo(<_U#tm9s9ZY6@xlRZIzlN=gooeH(rJ4put4vl=nDlWkuCEX+jP1Ka
z+=}L|Pa*dHYo3t^d{JCGKK<1tU`P!Or8>@Z=EBO&!Fxg<Os@t2sd<j{Pt`cxq)JaD
z0qZVz0EYcHR?y95!u)5_%oqjGmqbu&+LQrP?^g*~u;Y>Ed8Kf`ta0E+eJ~f_i6^mo
z=-1#%6s4IJ6r7%fD0GJLeA<ChKH9)#k(Ku}Q1+ZWB%)X=ZdcHEa3(npc{r|tu=Dui
z#0SIfLFFSPk;eE7yoc(jttXBqz5?koOEwDx1|m2%hhfmo)$c^{wk_MgS8QJS6Teec
zP~|JuVEos+Ec?y7O&l%M-zT3^1ZpQb`b-U_6VznV*V4SotVMVGL>a->CtgZJC^gY$
z&@8!X-mLQlr|5=&Ot_~K)H1_z0krRsKNj!x8^=;GixsLo@CgSO2cic!_u%B~lG6Di
z>V>VRM}*1cI&dMS4IHnTm(urkMkgdpJ(QzzPo(9~-9%s?N8?nyP-(qS<R%k*K&#|t
z#FX6T*}9V6%=Ja*#w9{O_}GbNmPg%*^XJCRTw|PXR-7U6(PKxHSLhEAjV}fArIwkI
zkl{ygH3DcfVwX~+sjasUvWDKSCMNrU7lN2;s-8QI_B0ijdLevKkeB7f5{8(|G<z1}
z4(doZFYqI0hc@T@T!w6|rPozQc|<2^<NRKGLaX~?)$DsV{lWdvutuEjqOObRb10>V
zJ>2R3Ki?vMjaW6@fM>nYtJKRGeAHV*4Bu_4vLS3I$Fudy<G9V^Z~@709TggXND4RV
z3>D1KRpKPd>}m=U|266d8ZKI1S=|;#iIgbWGtYdO^^01sWL^yp6*(>79F%Q7t+r(n
z<iYg;)K3nVVtRyysVxXTs&Gr8tIhjIWf#a(7+UvsiJ#w7^P9Ygku>E$6W?P&l_=TS
zQYl7U)r6JjxH^tFu-KAXV#aT^?_}!1pu9~g6DNs`m5#mXkOQmji>hjyjd?y8GBx6r
zg1RU^P}V7>kHOggwH(v_!*JPUCmOS>u=7y8ed(hjv)V_W<pH}1Rrs9B!8HwuMth<p
zeHv1Z@j%T~(o|}O?IF=F6va24Fmv&P^zg~}2vPqQmT+wwlypsKx?FbhO|B=^TJo5v
z>E%w_jw1e*4rq5JOOr*cQf>HLV!Suc#B(1PvzFc(o^e>}Eh?D9XKpX4Vx;dIG;M6P
zI37>p=<&|vVrLUBpc+h4R>kE@7g5+0n1<@cnJE7XtxgW3_{((f$reqHJESod&PdR0
z{TDd25yf*biwi5wVN*)|gWH<tLSF;lKWo6tfeI`0hVq%wafc-70@CDk5PuH&_E&y|
z4cA_GW@)?-J4D?0qr$Q<M`8=iWE}<pKj4JQB^-@+00}-@(u23tERGEl=BuA3(iha4
zNi+an7h7urDJp1e^$zBHE#n<nya;BYo$RA^+++`iG<0RfNu^RfDXj+dvpJ1BsIhx>
z(2+x&j<4Na_vwm+)@3{-Sy$>E${Fej>qHksb~Xc4vaOBNXX;jOX`YbiAMu#g<EsUl
zdHE9x1K4fxcBn&@zD=6mZH8$7@Jj4!8U0QdwFcFuCVpGC?HFe#ow|cdvyv^D-nk(B
zUKjid+Ii1aGRz>t$|$})Ye4<MUX%$}0@h#&Ga1&$p#9RI#DX*u({Mqw#T(nImFS-r
zIdq)%3v+UuDbBv2B6Fgj+cFD*nk%^kwPYRz46UXCB*#R_b@$jQaDdzn{t2>JwNe8F
zGF@5_<oUPvP3)3q;Fjd+DGM~2zNDa2-lPI`7eQT=^w55k@knLd#K81iv2j#kO_P)G
zQTTa9NEIU`4$~2mb5_So+LCX2TNFLcsz99!CRG+CM<B2NV(c8E1q-%pdy&_+ZQHhO
z+qP}nwr$(Ct-Q8X*?Iq0<29<e8>e|<>=<*!T)y`H*hNQkx0Q7pydepiTPE~SN`+O)
zDUmZ8)SPJw8%6pqh`k-Mf&djb3yp)>$7L6<a2q!LE;I+(!m~$^L1a>YbM2K&m+P1%
z_^LB_Wa1-}yWx)-Tf>QBufwzqtK%fxWR@iCbksFs+`WftA3XLA;k7QC!n)0~p$Q-(
zyx%&Inb9=SkPE;5t)dp?K(hpE4UL$!D&BO+RzXHrsS+poE+zI3^MWvm>XdAXp{~Ag
z09=*K6am-m``|r|IdM7D500e#PP_HuQ2Dx)nuE-EQb#+JP6*l9cz2DOa^Ob&R}^U>
z6hvFia==^vwwV@k)iju&kMgWb^xB6iU^Ty#LAyN`!m8%$vCp?gvj7{iMkAC!#Btzt
z-la~#Ad^SHpc&UVE8Zz_T7W3Xg-o)Gjnf46cGeYMGaR40-aUmo;5J!47Orb76O_C>
zlcxsHDF-d3N1J4{=(`*q1;dW&65K=U8mmIfVqhG>yHa#+8-$Fs9)VY=Y~;!it*c#p
zjDfb2=t~mv0(8|i5s76%F+?6NUIFvQIb;@KJc3OWhenAm)?V*r!)N!u2}xmCYT?Y!
zU};a}5oxnXq%Z0xununNr?2AHGPiady27=N?$d!s!jM@hp=vhkDEUTSJlN*C))>f|
z{eIoAaoI88X^_x_U9Q>EC11rmly@SmJ%f{u?*MkDXWRGpv4~}X9K=-leFKUE1Cr;*
zouo7djz=<pQ}7>1J-l`Asq_?|m5qxsC@@BX+WVBCk~&5tmJ$gb`$6GIve)_K1SzBK
z+GTAK?*Y0!4G*IeVuHZmLa;P)#CLCG;D(aO%3q`C8}VMu(;JWoXd82_=-(cmuJ<qU
z5>X)V+lU&lp%PTLz$ar1h6GMG(+p>*d<S>L1EOyVZTed6GLE*(r_*~=(%l3%il1cT
ziNQlcQ6pVUzJ56P+liG^#_eteZa(`Y1=fFIkyaR(oPYFb#U4Ya9sVJ2=M0+NxmJAz
zt|02fV*9gSj)5d#%P={vt<F@ME*5wL0E+0I@#%9PRLBYo5m@#u85y^lWOgeGBCiRr
z>0(R2pVP(qT9kSbZ31ZHLUUVjkkSr+Jx&_Y3t9<J$t5Zg6&B%`+BC$jz5W<J!-CTy
ze!t#$bb@P&9FSz*P|&O&dmQJATD<aHs8yNf6x&jDqh<Wg%*xA?)_p3OzV$Ty1X*7B
zqYM?XuJq)Eb2tRXW|eHB47z3}bU)KKRkAL<<V)z~^Q0I&*hr-+NBi+*?TqLJeImWx
zYvI~!R0<1H7RQ&b*aui_x`5(IFzMK%_q5&$#}8{?X+m3(#Elj{rc{2G^vWK-!ib7~
zvyQXQeZ%vpLs}I(z%r<1jX~cH{^l^~h<7>cYEFho;B;@yx{EG1$*<*j`DQ&R7G*|H
ziNnOfCr!GKRrLLyJJbnsH+_u0MVwO)*@5UkiRlzD-Fe>EI9bX>;t%4gDb}3G$-!Kh
zWWG&o<9KdR5?F_)4Wv1b$lo4Q4Oe!mBNN{yat9@L`1r_z{qNoK;&i~3Cc#BY+c`>?
z#CTcJV88qaP|eb?f|#Mp5Fu5KRvtS#CH?u!kSgV6CgD(}X5VYCaA%Hz2zU<UtVD<>
zz$^KY$GWMttql?g)#D5y`vqOmM;}(N-*o#bZFfe5HqG;vsjd@<FKmHh^A5!5T7LZx
z-s1`eElKe<kkGYg^Z}!7aGl@@wtQMZ|6T$Bas8sy^-y+;D=+{~DHh6X1L6>%)gLEA
zev%q3{`_<x$WzBL?mrz^MSv|`tVN)JWV*5PTiLR)v+X^5IglXYDOAl=-UBs06i*)`
zwGY0&wwplYsSPViC+r<Yo=dfRIVu;i#F)}k=FaSNRXuEs0HgfD#1ra3*~Db{kpl<-
z^!?#Mb<!O)=sDTu47W}EcYHZn37rjqK3Yn|jMLwHg`rV6@e$T@Dfm7OO@<wJ+&G)H
z&vf;QmSm*cC9hf#%h~8qTq={P7`{+bT;^QO*7HW#aS`t7xz$?{)8=SpI)YJmwKtu(
zG&Xe7E23Y!_Pz{UQpK;U6I|YGbb_it@<lEsF24u`bS?<{Xms@K6pW32iS&Lj*hjrK
zvttRP#2+o1DuUu`6$>9MA=74#LNb;6q;lqo|M~IZZDV-naJ!cD43;*>C0|L8+YdHO
zeRzl(s3r7>FTNT~3$Q;d5CV1u<e4lX<Nl6;>mG=m-M7S5jLhd0;NXe9*L2Cd2`G4O
zoRSr}MZ*pDa9K)CoT;E1eI3-syylo3AoD+c?5@NLYS4IpQ(`)dryG<0)Ro`ni48^6
zv(LIFyO9fEhfy!6-FM=Wc!PEk1y8`;J>aJoQb9DYKgx@ZDsOvNw;jO!C9ruV-d!kb
z?3-3>6B;X2Ga+NXO`1yO9IN-$C3RwAB5!y3Z_<u`77qM>UKmJj?*Di>81NaG7+C)^
zG2*k*v;9AX$NzSAuyU}m{hwW8&LGOlR$Ht)Fo=Ql<T*lNkc&CMge0)j0Kh}g)6g(r
z@tB<gf{KEjUC4hd;z0$9NrXk>6?vcBXFcXVf31A>Hm$CE@;-ZSdT+wAmf(r2{|Iaf
zt|Wj**QbNa<K}}YE+PQ~`SU{{;LB%6XKnon4G{WGOmf%@E1ah%7X0CZrz9swcOp>&
zG4cgU0QYa@!p0{BgilIEOG*F(0zBl;-`3+Nmc-46eDN0m@FWDVAqI*hJyI3u^eobc
zjYaq9-|GY5<?{7U&(4mXr*ra8ghB>s0wx0R)Q=`wKA|kcL5Bq(xYn1Ce(lq~+i@7y
z*FF&u;o;#C>8CYEAf6Nm&;#Fx7-9#CE-)vb1cn6sqQ=OFa}D^Rl?jf<(mw<j`mOl)
zJwvWOGO|61|Ik%F_)|&*7Z8vLU~M5Vzh)-@up0THT>VWR073ulDZsGs@Q>^3)<+o;
z`r*Hh=ULeELr78gA$V8-FLZ23digb!0e6F70R2D5Wbn{pM0HmKxccbW)?OfQDV*r}
zwZ?w{^i<xuc$;w`Pa_4Q@(u3tSR#L%omNa){s@Dd9|DQ!&l~eSDuoo}yQ=xTqJHye
zoBdftI`~|hzzy|Z|D^^#yrHy=^zY~pYEkwxsuec=9mmc`_eYi&l$KS625<r9@43Pj
z@dKs5cMbVb{6W-P*}uJvbOu@1O96Zi+YqYbHSRU92SfH3=n(q$`Bl2VMaoD=2LNgs
z0<bQCrT??Rw_7(X|H(I}_9!;c4UpPT^$`K+&zINtTV00^DnPiu``hmqqpmEWC8dH!
z{ML2cmohmiPUl}o&9AQb5m}3fXb8|ir3?J^dp!yd{h2fBmu^XLl>m^z*VJRVq=(`4
zRSK|o`@IkLwUx&E5ZNvdu*b*U1|$i1U8`&OYu5V9`2L&lRhIUfa`u~((8-1UBQ^I*
zw*R{jq@!<t%ZFfjV^4n32WUFa_o@O18PL)7)usvs+^Y#l5)Axx`!X<pK~G0M3?JIy
z^p!-?cRWw^@Vli7V-ObnwT<XNVF7?10_2qhSXYiuO9FC-(xpiTzI=%W1z1Q3PJBA~
zXa6Gh9&DXR!I)2s&~=1V0nLp|EG!RgZskJPV&Vs7U=}B&b2CX#s2lQk?R`yAus~Oy
ztMMJ9c;_0vY%~5P$&y4>?jUBND`^|cRPHUr=S%_T#!Pvb;!8y%Zm%FVMG;hYv0F#!
zh^w=$|9;1<tt6Mdn`NT>di!>ebim!PD8|}0yTR^iqgHXJ3ai+9ko1-HySM9o2hMTS
zZs2<Hbk@Zwt%Py9jPL$x<*w38rIQ_-waK7agQP~tSK&jHeUy2VvfMqAYwqQo`B8>2
z`VIyWuv1QVSxIax$(h3_4SN$J(D=uT;h*gbmFlpeY>8Lug!J&QEh;T4)G5}RnDY=4
zckkp@#in#qFG+~q=V^E5g6uW&Ba46FyK`LR_5M=;Gu&3WxOrrV-W8z96XmYzkUKqX
z36P~QFq%&5?}u=n7jj{Gi*xEqj-RL*kBlH~jn2H1E(_2B^<st<<TclgcrmrzFhI%9
zZm^uE9{-tgE7WN+@caD}w|^4UAn!fI)kEs$M)jG0FyJFC9m1=SNXEss#azhPw}s8v
zYhG#A1nl3pE`S6;S}QKtAvyEIq5(VhS{<@7T}FBjQ3eHpFN6%j>d`Q@HEUwss$qo?
zJp&><U7Jr@x}$o~s<r?P2rl&mdg`r|GPX|#@_a1cNUAw*MyH|izKBC6Y5M#bNA(o8
zf$*@jD-?r6sd<nHJ#jU$l7YK}=Rp;+>^PRxAmFZBlaZWId{oQ{tC!bt+o(f^dTJ1Q
zy|assKbzDpR1WjZJ~n9>f9UM#w@peQr4x4D6EK1hDZFkas~B&wN1h2UWakUx9XaS@
zO;EJ{_IJI02=x^ZNY73*mb1gN#dV4-n~#e#Thr>&kAulM5iNe9(hL;yuf~DEucjwz
z%Jn9N=EcL@j7tfPnD88J!S{|N;UKphjnUUG%t-0}BxhteV+d=<2?Zy=QLlaUW<WX0
z$+$>Vgr5sBZ0URA;f1T-DyE+V-#Cq)PPwFRzz!Asd9;JH1m(7ScTg9_Q-qg=a>7<4
ziZgyQcC}O3(x81ZQi7DT+Vr5sfi0_61Pf%p6u)J~9B$0hVE0L$5lwk#Zmm;P4l$5~
z3|tw}d_u`fzh+wUl<y)fr>j4hvd7<3aZDXyNc0smPNb26hU@7uNn~w>Ng<B^mX%ND
z4=JPS*d)&2><-1AJ|#ZPN7*(Eqfae<YF^xv>}NLhAnKiy3PrA>Dy`X=O1v@v58v%u
zzc^(ARFEV7Tz5Dw$qT&b2*rWLih^o&p`}4$d{%Xbwzbn=`{Mz8(=z96(48FlPiu%m
zhAa}3c<~1Ao7;NOj*9x_viRIdWHB@pC>Hxj#K#M%+@RFsTNkH`J#;O#P-!$qxx44Q
z=NJ8b#Hr^OuP8f5%lVNq*IhDbn>~NZHh&s3maHE&)J*~mY*C|u+_i+*p#@{nFldf+
zQ{rRDq<X}oMqlgR;dX`hF1kX+2^cjqN;QbLS-$fw8=}|XRx^dSmgHc4=;<#mas^N$
z1Gcs6A|d@qoX=nQq>VkgfEtI^Nd5Q&mby|lp~LJXwyb(>N=&z*s?xxYdfv;68c%m5
zO2htmx2dSyt_SdIKaVsKox!=@qH6sK1yj*%A2Y#KfdGfC<U(E5a;<D7UIRYD*w=HQ
zjP@>SjzJq{$3U4cSqWO;OnhHW3q404bImG@y4LXNrDY5N7@F!u+CaWR-pC8_al>xI
zqa^~*2k~_x5Hcs4=w5DFNmr8zc_bCNkeVCYCfo{(RBj2MvBIc?nMx_}peYqJ|3S|n
zwAM8yOptqH04sfC({^#PdiU;}pM04xEc_6xYfJxAF_GfmZSgEH8a6323_%terYmnS
zsqP(Yx8jl9Ia#`MRdi{Z4_|SJr{^#j?Wx#D7Hhr}udz@bHJOQfK=(8{BB!h?XSIlr
zy7n5~L=1JDm_5B1l5?!y@JA=!@u@zq7FqasICb{3Xs-F=k5ii95F@Tn8Jvu4yD%DW
zUwHm1EZE#&$T1}Mmbl4D6(h!l6Ri(S#cdNM8y}U$-%N>4(qKu>qmBS9d)kNjRZ@|H
zvxJfBI#GjBjXeq}I>Yq4?94v+wMLz?n$&B|80NISvP2farGi;2+3{X+I`3R6to25E
z&v$2)CjIgEaeD2GdfL}k|I6A@?bC_R)^<9N@TaFrZU_PbnB0+|I=kA6qvYX+XIknM
z_!~Emq)qhnB`Hjm)yC{rgYLbD>JzAc7ie`*9L-p&nm79n(@fl96r0qn%NB5`Lnb|K
zd{P36VK)Bf@r&@r9h;q3Icw&ut#)9Ob*A5aB^%Z(ofW)Zd6;Gdl9;ZsiTr72v}5sP
zzsF}ywop#mdijcwIj3WspT`QJG;G2uGuSjasdKzi*pFhDGOX^Ia_AnV0s@?!K+3WA
z>I@D6OMTO$W6G)mp~K%1b5copQ9WLPCv3q(lz+k)dFqb0Re{y<R%FiffdK^{)3-6V
zz$O-6?l{D#X4B{1@W)#0QvzH8CZx1D-it~l58Q?=z_yS)DU!d`M8;pJ<KmRxV2>+@
zkwx#{9E70Iq}O{F2TeW?1=EHDdpc#ylfR_)aT{xfs?gTgo5|gBcfu(qzb6xqCtV6_
z=6R&9>Ak%m8O@5&r$37jte=i#Y^Mcry$i0}IcVUJdZ!3hgzKrapP+bFV6L}CY8LWp
zXpro!KSAK~sa<A9QCN|opIDZ;eslhQzv2m+{SC;A`}-f;!V<L&qN%M^ZP)mduQ|8}
z88NS3{X6n!%=tFm`|hBP`ECfl3|Gzo1P9>DbXpw8AhXvFFxzQvs_w&`EeJ*BPQ>nN
zfw-J1;Q2HyM9?Hcp)j&|9#k$&qkAg$@D>$cA3A_YD%AL2+^g%&O$N%1UP?;{Uf<2L
z99c+V&91}v$^Ahw0!rq#CSSotaCQADEqwH$limMP^SjAG5$%h<5qZ<Z_YKZmH3Lj%
z_-+Ox64ZNH;LRb*MZiVap|u^f69?=L{Nt@%>Mz^%76+p9vNE|v-)4_)OxR@a=Qd^)
zTc5ceG8GFTM~*FFt2}EI`K*X}tXsUoN>0r*deE$$LfxE3e;tV{tt`y(^zV7jzV*F^
zeEc1r*&$k}m0IJ97JtmTh<TWu4|cyc#Y`vsnQM}nV2|$o<CBNEN>%GCrC<dn=Jsjc
zXM?8d_6yZdR1hMx^~X2Dbkf3Nd|!($9976;W6u!&A-2zBxnX!IcF60LF!B`n@7YtB
z=e7Nj!{<$}7IKr>nGOJeyLL#rw7=Bh^%Bd*Lfcy1-%M&_#@SOsXcv(ua)1ALb+^-1
ziAE*Y2C>6?Tzf&-iv11NJu5}p&>DNp<LZu-wlljE$4pc5-HGzYNCh<c*Ma&Hp676P
z{At#Cd5e5;=4@VDIy(UsNUr?28l8gvC>@i)?HGkN=8>GXz8g;y?evVJ46v{v_Ly;$
zRpKCnOR3jG<)y-AJP1RhQnz$qE2@&%bAE2FG*;v~Znzg&h^$=|haKa0u1Va%bCLVb
z8+@$&l~n1N?$i2=Y^Oj6D!Z+KH|tBzN7~9J)m#d13a#vGboN?FX7-xVf8X>(XD0E`
zvJA{7p)0!=D__U!CHFyUMAn!P?a8jh3?$Y1K6zYI1(4u_rhA=g)t=XT4}4l~f@s4*
zDgsGe@l57WeP5;NV(OiAa347{r-h;&7zf9}L7C0*a!z45h<Vw1=z=76>zPLn0l^h<
zB*WnfkJu&4Caqs0a{^_&JmlK@Kv^Q>suY`9I;yHPtFM0=)T$k|;hc^7{rY3kudsE}
z{0g0#yD?Sr3iZ0h%%DefSv^?6r|D#6dMtYNboF(xn}9NHbwri-&RE8gz-ljc;@UV=
z>|{<y=I>*`t2D|1IBMIC)gW*;%h4(<fFRl_JV7@#<2`EiH5jh9U8b0=8<zNRm662o
z_q<c;KvEyrB;cVl>u%NDk&9#@j@pZ9R4lWtk1l=|T>Y=?iGDS%B?nh}HGRf;2%ASd
zbmMsh>eYx0H6s;H`U*+#hgEiv9Bvc`cJO6I2F~?RdnwTpDFtMs47}9C%HTE5h>*2_
zxtz^=PX!cfXK4dx#CEWadM9)m&WkZ-uQh~R2<R?G+)mW`SMUBln4SA{9hzV*uZ_E1
zYbK4kZfhgKA&1s?cdLSw5r3VzawaR(1ZMCDQi`EV{Dvfko8rnPJD`bD1%-+oU8vhh
z%0EkYQ3Vp+CXpN9Xxq2<d_6NWNy}AlB(hCPXAt+hzm*K#5uC`(ek0<}TM-S!#I&0W
zs2*;)bKlGuJbi^|bj<R@EIkN@RkiIZ67eFBmt?q?+HUUB7B+ZQ{jkynfic$4vObT-
zE$CoPEfJUrzIU+%)B7AB>pD<aRQ30#u5=hTEzJ79ROC(aCM27(c$(T8g)x|tMUzK@
znxRAX(rN40;(3I5Xed}Z5R~L-Llc;akU$*Nn&^2Jv+`KsT1C``osDpWDDkZXT3;eg
zfdtA#on8;qS^QCZPwQV%5sbDE%*<s`JT9q6>k^&q+yI}e5{08>4@zG0u#YeVo-6O5
zJKG)3vLn2+Az1}Pu|$SrRU<??*VKAR<)|S{q>*|qT7naAScx!vXOY(o;<eeP(2O%S
zQKMVOk%><ltF^Vjetxu|j|YdM88M5xPrU?ER?~G8!*;I3KH0tPLel2>$<0JeFSx?<
z*LH?KCS;A2%9?y7<z8auBROA26C>~7WAm&u^Y;`*&l3BP#|ApZB(JT@W!l|;aS(KO
z$V7%#czwq&gYjbLX8j8=^$WCdnTBH0MDl@G>vkvJ42Tn?#caD0vI$YSO*Vo@j?J}*
z=+@c_B=Mvd+`pDbXV<r)8=A88i{_S3Xy@pKtNH^_@C=;7=a-NYW{)HlF2kW%uKzU%
z%o?@H8^$b$7_~U=%~&NDBbzldS+Y$s--KW8tnY8KyHT_e{OZ39iY_((wt!Emn<^z)
z<oZeTLdd9O3wy^S(NB~g^-skYg-4py;to&>wU3n$^VTOXHT5R$3zxdqtaQJsyEDEQ
zv3zfzP0lW6(L%hN*Oo5~<Lr>DJ!RczX{Y}*l9lP)GlbsafJ8N4a$zOuUS+$nijo}2
zHE<@_s;dfbsP{&o#%JI?k?g$$iQ*-+#EzPT_HJHvmf|GA2a?PEYYoULwC5^hAh<UH
z>5?g7k6n<Bo-=Ol5;KPoRCrg(1K_)Ha@Z+66Gqyj@g(LnU^_S338%5?-(D&))WdSj
z<88^E+mbl=b2v2$iE3=7HNnkfNcm1|A0!;h+zaMrqcT}mA`rZN6|TDn<zib(LdK%A
z;vx{v(c|0~B$PM!QM$F4y7heX%6AwVZaShRn0m`02zu;Bdjuvo#gTZo#6{G?Z1Sg5
zH~DG5B6B_h(h4uyRF~I}QZbXuEV)_WkbJs}2I+Vk>ye&1?dj*rwBOwoedem;5Kq}8
zqOIC3oC5BqFz8k}zps2h6&|G)Aj*({)MZ>O+ZD~_Z%}jAUOE<X;u>Dq<?P6ZMvm#L
zaYWuh)g8H4E{k9OvYy!fjIC(YB;3K{pKe`x=D#_f-jdypZ$CPkVrc`>^Pa)QOIdTI
zIZKAi1I`-r<8z`!ZyT$a;$L1EtaGAegW~9<q7h=*A7I&5n^Td>&YioE`}C>#`w~5E
zyid>;t1ujL+FVTpZwazR-yPd8G!9kRT2ILkIa}$^hC8B|NC)uG^|cc+s=H*$Q7TYT
zN^yOvpd1at;Mv3N+rDm+u)CH2(u~|B=dyVZ`A){^mDL~5I*P;B2@H$rHG{a@_to<y
zU>?3ZNvtK*rmtvU{~~Jp8^{)n%kv%!xXat1t#)Tr_LPv>e<G<YE*)&}s6_{tvO6>q
zCe#1%`7H3$O%s;1iTKJd00Kam9^Yx3o&IpyV-}MsdOdgbbjj{A+Ts<|184-U6;`Ff
z`f_k{9;0+G+mbAA%)NzekeTaTPxT1DDn+zls^5ev>}UOVU*RLnp|J&JM9vnR=rB>k
zM#U1!>-bP7#|N6@uxM}C1W&R!hNu?MfRV7o<cStV&z2(=ZUauT(t;10se8~gjR=KX
zE!XgN6wz%r5Bl4N%UD%QT!bkllEX>D+KfEW9t|Z=IL}0aI--yJJ^x!TxmjMv=*tKC
z2Fi^`^z#7%ZMei|>Dy(D#Idndn&a&T3$gLT86Wa8Um}ho$(|$m1dlW(#<Fs%tkdO`
z4R50t`?&E9o$js5t|eX8@J5KU^Hjhz53GA(Kcs%D6BmPaDjq%C4`$xh=VTZ47P^jg
zTQ`g?LA#<+pNA1Zfd!q5D^oJFu|(e*q_rJCgL5V9rRN5%R-e_gsKneqwRO_mZ?QMZ
zaOmd8^8QlT@?sE0ul6*q<E-y@$_oj$HjW%TH@<QFfs%ku1egZr1@bP1s3Q&8<{0-x
zt5#qp7(GZy7krvDvlGC)5t`4}IHgoRQ0e3~XVc@}*Gt_U*Ft0jo>M6vhUhumS#lK*
z*Gw@h^~%ly`INkV>!FRR90)z^rVf`XE}}y5RkE(#WAn7EV*xZeh(;b0^ZP-G4~B6W
zv!gT5L=MIBm$fsDF}ni0oP(tA?g~63CKAXP%0sYU@bGE7c3-Hwx<S1ei1Vn@>(~j1
z{RrsTlrJw*fdYYc(HgFkSz+Crt<M9!Xt%=T<rk<-(;>OL#MM-~R`!#$!ro1FL!&5~
z{n=jlNkFD2Ws<5tnf5C4<Gh~}Z98mVVct7&s204*f62q>{1QW7Y6r`t(?NG&gBb?#
z3(<~a77Az}pPQld4ogu{o{6rDZlg8j#ko8$RCZ04p&gFp7WVpb`LLmS+Bo@lq>GNO
zAVNH5ager<k-iM97ACJxW7f_RoQp5HPmpJM4#Q%4BsNiq1UgN!cIs}*{eV;BIAJln
zC(<JqJoon%eTxXZ1c^ICT((%(vsH%XW}M1@M9-XU51fX5BHeq}$hfVDb8smsO#nU;
z!AfsywL%8LK%v_)!72q^Ai=Ha=CU}`&B!C`1wl)DESx!MKMa;Dl$~Z3XB;T9r5H!b
zZamn)KVGNBBPPZV--hZ``h-%j@?WyEKdVGc9b+mQph}9@qF;hu3!e#bijW@$))RBM
z9J^82^t>yp6|%64r9c!u*yzoD#F~8-c1b*l_kog!_w*xfE={KE-FHZlHPkmxUeY-S
zJhT}lEm79Wee$9##0Jax_UL^Gvasx`t)Yi^E9Z?2Lm-3(N;lIq^<bU{{nlrEk_Xva
zO=88OU4tGhuZdxUX(T~%NfXRgDo?<A6nCCVlt?;II-$@#{pVDdEK%*#;ZuhB535&c
z5Sf+1{TNA1kGT{Zvi9|Hr!w_RhGC{W(ez2I^1}W2w*>VXDMu8VR{UHpbJ*2hZllT#
zfZ(QriFqwhMpt$mPqB_nv@3yUP_pQT{VXIBFoF*r!4+b~t=3oxo&6Iv4zPRR^I#Gr
z6);@kXnQnJyPk`QF1BV|Y#x1sI#mHEIwFcl7vj-;>9tZa#nOZ;p~niEy^uC}*sunz
zCU~rIzP=}I536<y3O!xf3cYRp%7_)MY6%{*Du10y+O8CAkk56KXv`S5f*T?QS@VRV
zM2gtWm=BcJfIsUAuem?h&(>UyxJ3Dj(;CuM15;yD3t3+I71uP<jeD(E#H8R*(9BD3
z?2o^X%Qy#6nw_yp^Fv+`iH@av753L-JyJUl*|uL!*@7F`Y>}>bIk;dfITCybNa!1X
zyY=2Rr=R6etK>w><@O2oSOO!qNO=#~uz4r_o>r<`Svd?wy^$*9&|dm^7ZS@7DdoBn
z%W%JH`K~a_>_CsI!mRB{VlPQJ4@gK!g_E2PX2Y(f>|O`Dr%X>79WBf5rV#frPFhjy
zLWJTf_du(N7*p0LTiDaM)qez73`s3@HmL*{2c7Y($(^IjLLeUy_1_=rQ)20}foKV5
zwnG}d^4#+lC7%T@0m&!%m6L_Kj(TTJB&!XC?~oJ)NV%vO-U)$Vdmi6sDrZLk&k5t2
zJ>pp&8h8$5W4$D0y=Ov<!-)l`_6-3%;Zbg+tn{*dznT%kG1-$wXO*<m06Q1@E{>?$
z+mNdb_0nPp-&Gsfw_AT4TL!~a%zd-`4QMo%&cU8%-efG~FBu2Qx<PUMn9|r~Hg~td
zS4tDs9XGu2Ue*~Ukv127B1id5>FxBRf5Fz*4YB_lxMTV6;Ev({gF6NWR+j%v{~O#f
z($oLn`$v_al#$dhYxAjM=3Q3^1y{7FsMN=k@P&(m#oVo+<wZsqGq&RyCZriN;1!`k
zgsT+QwY>wd*Pc~SL=aG_2_-MH2vNNAMMVHXngjb$P2jGG_krE!Hh4J99B*I!e*J#O
zUb}p0WABkC!6}dt*iR-58bR<mN$E3(K&@HhCQO|$YHJ(NO9Ja0LNC|imks{Vx`!bM
z3kDZ9=m$5#LtqR4Rq-DJ#<l}AYxSQ2)n?s#Wl6vX!AF-EHO9|`AOy$0K(7@D9u+r~
zfRqH-#SXx_fMxIPZQ`lE;V%y*4kcs{7bOQ#UZN`uha83{2c<X)hqv{Gj9dg)rw$tE
z7hdKh6(D`@@&W)BrSSiAfu8|w(yz#v9#(!}Zy_B@6|SP+NgxDGPzDVS0SHr0k9^3v
zDH1n@5Ak<RK-wKSy)NJlp2ISHA22ivm|c1{%YJA#l^@;KMN~dn-U@y@{6K;~wgNw$
zF49nuA{mU|J|iT&-1*OS95GQkWWwSfs|#>=2sD7;TKjfh97#h=$+2YvN~suXDfG@6
zf_Ca~`6>e0bM(}&KnBD@=e?Nfg9A#3LI1Me-U$Y6(zaxRB`b9Y_R^K1yL|&#7=~R#
ziFhDy*0`g~ArN^eeaK3E4cu@R%lwt`hJI(5Qe~I|K*vsK^TFfzAEV-ncw=yKML3y?
zTTIbibZppo19FgJdWazmyP_rfWVoI4_at>l^}*7UF+l67+Zl=g)%56omC-im%W#dy
zVS)R9AUjOT*9aP#SdqVyEDw&mr@dL$LzjDB3QwBoC>+6>J<iR0$bkdU6s|<-_1tB0
zVhGb7OBddao^h2sP?h$NtzAfO@{C#0Q`n>5)Xv4jp0aJk17FCGuP9-Uq)AH`48qS)
zY&k=ULpVaAn!tn4pdfp5{epbx`O2-<5Jm7VAVF@i=Mt|p*`Q*+bhJXbp*X23_TmNJ
zIaXj%@N^@ob}t*hI3fe%dNXSKQ@<j|6Yqq6q)Mp&$S_2tD<CG136Nu;vAXEt2pBbH
z8euVrS#)^Jg+!t*!sXlFFulE+PjCZBVT^x`-OjSB4@4SeAFxn5(77}%+H_%$bgR$n
zG}f>g*<bDgrty1Iw!5=eT7yh5H5+tz(YO0IIMiyij>c4JJ9-N7H1^iqo|e(tALB+M
zJ8vCzoX!fKwpPX}D~H0kv{H`Vx&$5Oe<8}<@{S9xEjx6VQ7>N8A`|&wDRbj;JiaKF
zc1u~wysDGp;O2Ho|NVW+8i?wY)pqPSyh5*p`7atj$O>Ciflg}eUtwo<x3B0SEGX^G
zZCvJrUXh#MZQK<vuCdb9z|XZaD+IFN9<~`gWsQv6#hsby9R+<>Q<b@2+vR;fmApcq
z;+ySO{S;1acHY5510G6eGcHeO7MCeZJ+?7DO@F&i-aqYhv(%lMT`SW5(ZYg=tVFw0
zUp9j9aYITwP>0D95G^=sl`9=RQp~TUjiTS}G*^&m>)xF9WQqr<3Wrk>W?H>9Ww#1B
zUXvlwz1inNvePck_wN8`GcCKTtrdm2cefW`C9|n=)limFJeJy;o7(NQr=^flJ=zmF
znjDJCjz+2|$6u|>ujcx#*WV8Mg;YY)ymPHix2#Hnfb!H)6XDO7tCw1zP9d*^q}HQV
z{nBxX#)|drpyVI>!@|dxz$2ZnA7C34*RgbqsIuo;+jE_JqpOqrr^i#B9HsZTNnoY>
z7d248CclMjn#8wF2eZ#5KO|WV>8pw_bI`sYU@pEs8L^K+UvkOa+{SlfTDdBG*GDRp
zEKtO0u~wWVv(Cp{Ut-$EoX3mcx1{p}FWH|)?)&bU&b{df*iy7ajlveF!M+_Smo8%4
zPHlH^AL}_yoo&u_He7RJGcx76&MP;Ym8PXQSifs~wz1R}E1hyB*}A=)x0g5^V-EwY
zE-Bnr-<Kr|i2d1cnvD0gh^908N1G;2Vzd`-3(kDgEo8P8^yoFb)s$$iN0EcgdIg=e
zuMPsE(qDoM`kUR@C7nD5+VMJH@>#v;+F2)2vlJN(ugWR<Nv_^wtOm2q8I-wb+yJwg
z$*<E$64t~WBvy9{JCcTP+F08vWK;BO%;?Klj|^rSqon-}jksf_v{AWT#c3(<@+t+j
zV{V&VC*icr)y$64O2hhwCVQYJzwf6(rv?_u)QUIFyQ)$-BG4a~BiC(@o5AmbZX%B{
zIO*u<%ksY>tJ;riO;vKV9L8VD7+xs~hlfo@CY#OJHloKz0j8y%mL1d=NqE<gby?rI
z)1A&IYc;f=h1g{^mTd25px(V6PIitqUBw|D8Z7#oZ5}IVn}vSZPZ~2iD6j5cp*Ktr
zO*i3FTuKS)plyxojq*-s?Ova~AHJ=t3OPrGv`*rX>mLF)`5uZQx-g`cQ5vL_HC#m2
zvFbm?6I=`4Yqg(7_oob4OI4Mya9_T9Yb5axWT3|-O-G%Qa-3WoTYGvL8+;Y|V}d_n
zZ1WF)VJKK$SA$8Z9WeZw)I9GB<GgAwSGwM3pZUyM%;&D7r+qL=w)rwQ4e_>9?7QfN
z`u}xp2H4EWzGIui%+_*_L1wi&PK&-VAKeA{PYWqoi)~0dv)bk5Egn>oKb*gHS%BVK
z-A5#r*z8)oxDUaE?Qo@?xY<ruXg{4Tl-`bgWA%)`WBj*e;=h%d|EuKr&-U;y1jIql
z@t^5`?-Fdx9PIzs5Ri?Vi}JG7GE0mi(BcWe;?B+@i}M&XQ-41_@DP4XG9n@(qqAgW
zF}_Y<uyYVIq`0I6_=Cr-&#li|*J_*ZZ+6oh@8yOWpBazUH@iAZJa}_OADOZ+zp%VI
zs(ztCH60-}5g<G&GST6_ypVu^IXdF~pWx6*AnJU0e~4uyd_qWg6jW4#Lx6Guo^J(u
zG&N@bt%x%_czswf0exJ0<bG@jG2Rf44xr;aUZ2XZ<t;JzlOpoBvWY*CAo)540A~N9
zHS$b<G%c{qf!bMMrU5eL{~&_|0{ipovrj|hgE<8fb{B91m=Qw){E`8(6Cl8^>t%L>
z{G$51Ly8pqf;)*4@Bn;Vlu}}bf|dffun;J*0DuDm{<ZkF5X<i|`K>RIC6DVXJp#-B
zjoQ!uCA{-n@KZ_N<4eF#2nPoMauNjYmq$Yn6#q-N*NiYL?tjcjKRouhw}>aO>-PlM
z{_8#t?9ZR`Tko@P4;&AM++P#=boV46qyXSU{3lWnAUXjTf4Gl29t`^C_xI!*P6!L;
z<0uGn@FdP@@Ry(74kjHB87R2mSN$3~@VDWw-8Rt2T+d%20(!hSzmEdHuQ#V6cw(TN
zUp}!PjH6rNkf)fK0MkzIUz+|s6PI8lL?EGd0O@(Z?mq?izkq&e0r=~DTaR_=er*u=
z4}BfH;4y*kfY!kvznX9deZ77}UB4z3m4x3wAi~8ZfIx<Yg8&E)4iNs)?dEsC375w~
zf&vJC`(S>VruyFZqW*+@2;_vLnkL9PCfKHrqMZ<2h#aB3c^?(UntC@8t~(Loh_NEq
z>#BthtpSH3DTR9LA)YqS*AH&~RK7?6W050BHa>f>$FgkNrXDn=_Y9I0TfT3W?^m*J
z{=m;=?+#4>+>)Q7=QOm#!ye<H&Q0#rEZ$S9<j*5VI8j@jkCN$mu<*Hr&L1}%6;3z*
z$N=r^dx`Phe01NzS37s~`Xi;_HHbP63*7E&s^gx%vrJwn2X;xAx^!ynhpiqZp8+Mm
zHU7BgfK%=)n@<C?BIa(-o0FND`A(K48<WfQN}b%D4*BLnRmUgvGVb#;zt>95ZsBNB
zQUm`Dd@?lslyJ2yy+@c8$lz>2>dHZ2Bb2zR?VDdRK~Z}GC|+Xn*-56?2e9k)ol7o6
z-$0JEh)}daqAe=SK&NDMX>T(qouZjYyC--RP07lw(EzS1Jozf@wlF$~5iWd+Xx>k$
zxOvR}yeG44_w3;<qRKIz5{?ZDP7Zh$9GH`G&+{fzWz}=nb0e#|J{#|`XcOEejrWsu
zBLhdQ$UYwempQ_G*xsRp@-mzv`a_tp*KMC0atg;r@pfCNOmQNUi9Xn2Uh`^|<o8rt
zHlyywiv0OH$D`4(O-%`%R}67Fxz@I;Gqkl4?Eo2x6u)m*;>eptMdmxIO-Rbr)g@2J
z>sMFI9k%{kGYmcjtLL@D<hg;n2$iPKJxYxzmWxr-Hc5AMdTS>W3j@tdWy*{?X%0*M
zyal%l25P>-)G}HdHG2tjq1wvB3S?X_B4aoGlGMduYzt=|YqG~n7d#&0_-@*Bg;;(F
zrSx|fRaU>!G$?jjXFLe#lOmO*0bU|(T6D9rVKYT!pxT1kwi;N+xrIPEt@o1G3Guet
zUo~mYT_>nxrUvAx@;Q*(F_*~tda3WC1D>2AywoO+Jrm=~`Pt%p?Ra{)Q?zB}exMK1
zNQwmuQ;~N{$DiEa-rc1di(PkFTcqi+&~*0-AtKBGCMzn)CqKQJ9@C;Ru1ij?7upt4
zCdC>dVC{$#^cuS93z$QP1Qggp8tN{MDC&8v1jo2W?%sVliCOg`{m=!_`}|vq@@WLd
zq^U&?)H&D|2bQ;XvX7zQcr$|4w5?F>tf}8&&0;h7w!IEbPH-dZDb_ZfzKZXB)>-rF
zWOZ4^D44AqDfjPb0^%aESjL`lO^kXr;=KGh<q-xZkCkxvM1FBkjECS|mq{L-BM5v8
zjbqQ|+$|3KoSSura~j75<wftSRym|!(J&e=ofi?REVx7)3+inP)46YB+oa=8!5TfO
zpL<49=1gtUIP?+kdURj3Pk38F=FE0~8YL?pl7p}r$zosf!U6VV|NDs;zvWNw#X3`A
z(&(O4FpyBrC=A&J&Oij<4VcMt1qAEMRaplUVi|r|EZGtL!wa@s68hZEEx=qbjn6oJ
zgLk7;r#QtlS(C!0z#Ga$dpsyc-~17T?WCAcX^Iq2o9ptK<9^+E{BGL@A1j#UAcTJ8
z5K+i6-j~H$BAg$`=aIzpPR?KwK=?bo3ly5Jh3W*w)wbEm503-NvVc7eoW3RHSaR`}
zz?_{D%R)}gR_K21F0benX8=J~4gAHkWsg<=z4Drz@;$iQ%Ctj1n_RC_FdLZEQvq6(
zu+EA>LU2(u^dOIT(UdtdVbkHgdyo=F6cLGC;<GPRW<3!$l_KYS`>R3F4a}u-)Yk)d
zJZ*+GC{wGRx2hLXo}U+UZpwKoEr(^NDwKk5eeQ3F(8bF2KN|(OPfwfTPpR7cqgZdw
z#7rt=lRU8jx6I9&ffh<A7&vv!l~46+!?{gj^Kss&F1W{?*5)KFoP4c<@~ON{7IMsA
zJ>-VqQo9M+*q~3xu_$xG5_~-75<fkQ(Fr(VVPC~XNa>&JUFt!JGfCqq%C*i=d~51M
zZ#^I#E^p<}CAG?~NtmIWR#lRBr><?sVvc5Pt>KS&&iHo&XYjqm7KMpq137&_WNpZO
zF3)9h>inE5@;!TGyH6odC;CYyU0>43wEh&Efc0Iq;U_XKZrcR=^yg$Nq{OypB^=o+
z%B1q|3YzFN(K{zAhg=a_?l8w8AKRrff?vZ|dbD|SFssOJk_p2^a=JQ?)=_`o+s?;$
z6*g2N(J>yG#HjLTtpq%e9JY8ax2Yf8o$6LeRc+TuI`I-K!@V<6Vq{(a+aeAo0+jW6
z);ki1!_6XzUZGOcv7qHERTd(dWH)IRqN|jLzucYO##7mzXUE;?H~+H3Wku|ikqMqL
zqgmoYF3N4AH@e$fjU9OU{<O&?g|7Cyxt%x>ll~@Hk|!MJ&le(d<c+=Gp;=ngBLrqK
zc1gku_9grG;}1jh6TGZC=SxpLHW^^cGC(zBdd!T=%8_4heJYl4H<mM@HoLx3F)QFh
z`?811I``q(SN}49tR1zAirEmA4m7;x2!12h4^CC0eMU|PzA($aasm@g+zpwH6>t?t
zo|Tj-H$HaKOK<*8Vp|JmDN-Q@Ac3J;$dAv5{N~-T09+~zcIg}{?ynAjCbfpXW~Owy
z7a1S%#QbNRY6!rcvpipjB|>Q#nuRc!o015GT;o!uuh4#7G0!uj?C<y@DFS9=kGY<E
z3nF*nwB0fVnRH`+81lbI&jSc{5@K!Ub9m|sdjPqElNhNQv&`;RN-}mF`{ZkjC$d%*
z%wL&}QcD+Muf1PGNuhcM;dACkhv$09ybS>B*0Dlh*TMpKO?HbD+hgPDP&ze5l9r=2
zPV20A3EaAD`CuR3G$#u<tnp2n=$f#y8Ea7vH~2eCuFd*kxz6~?J-_Z4i4QA&&y!k8
z-{wm@f{V80LYRGpT4^o%B)h=YlO0DSxW7dCpq&u&WEE=mZ>)15cvCK{z7>V#513&o
z<<;D9R;cil<?7k<e_9EIR+3<eGeDI{-_Zgm<*4m+RPef`GqL>MH}6%>%tL;*&u|%C
zXW~<2Ia*g%qD!4fvF96yYkG?MN3UeejXIamNRc{2)!e#sH=}zLtuI{a$b3ufQ(IaR
z()0Sh{=S@MbV22UGnjQU+D|3&l2gUzV1Vag&EYVQx(*P3LY~-nT6}|UE}9^%>k~E;
zXfyTM%~>I<O_Zp_D0|E1De;wA?o2_)OI>cxW0U6ap>F*hXnj)5HHFyAmoQOkuh%lv
z8ri+S_38Aw(RKq*(JN8v6eCL|2v=ZYfb&&Xo2{%_#aVH~d_=4S`gn7w!?o-S0a5)J
zhMb->T9<RaL`XN&@;fT`0e-ij{L&8;a4Y9%|BGXrmWuXSYK%redzoU0&uQQ4$aK@u
zXty!}pgvBZ#GnA+0fw3ZZ{o=il(U0$A<po^wUx$Hi1fodCmWP;fFnzFP!qarZH&*V
zVrl^fqairXRPr{UdMAUadD!NkZ}zfZjbU(1ve`24_Fj?OBCRXO&R*9x1LOYkD33MW
z_SbEYhK=jUYD>xzIMRpO2nE5F)Wr~;Gu9zLZvX^CxGwe`0W<UM%&P;(VX3qimxHC2
z5W00?Wc;S78vmj8=^9eIHC-bLDa5ZQHdUOs^n0K(a>a}2C!FHA4d4#g|7po-L|;H1
zQ3}_VwM1$s=bmeQ?6Z0AtH_8w?;lWgY&X^rU|R=aKJSzfSSYxiQqcJ#7KoH2+i6Fu
zpZkm^IKskudUy&>$&mrk3P6`SIL%Qvk(h}HNj$`I-Vh;tc@9^eb@Vx}^R;lopW!U)
zi$Qe(;jT`7nPK2oOf%j~V)nn7XzVx(n6K0YS}>b@=VW#W2Yp1KmoLA=hbElhQnY9T
zIEo@*hC<%P%Y>30JT^pc6RK=^Vz;Pd<Jy?UL4*)VN<dMsR(7uJd;Ee<k!Boz;5~OQ
z=4lbSv&ni@^~i*^Jx+dPY^^9}Ih~p06kr28$3^k3T_s^*;qP(hnY|hwJ~IXzi&+pq
zjU3<P)t_r{9hk-uTwZ+=s9nCD@_8_FvQq|iaRlR)npv>9K+vGSaiXsgo6&|U3z34O
zvEwjtRW-Z{r%Vl=d|l%m=sYg$vVTdFDqY3<a@4GioJSWxUNxm|*p&_veT4$Q+1&~5
z8<L1!oO?=HN&RMS3*jm%Q`)E4zb8Of*a5r22zlP^K7PF~s*QP^=3h|f!8Z8k?g5Q4
z(%&W=oz*!bcR5?Kx!ZX_T2$997a&|@&}h!fVmu=O`IP2|#^?|CoZPE(lX;U0xgeWb
zjt!NMAqAl_gy~SImX`X0qC*HQw>M<?cQ&3{Vd{Q|1TYvF$T0whoYd_wv+TWRn`!!u
zjg0%D+$o*q##Ch?ohooj2i7ebv4vN`Ij#B){aC*$hxM>NK+bU=2RemT{xw0v5f<E2
zR166u{bE+>I=obx3f^{)1Ag!dLLGd4BswZwkreMjtKhc3O~HrVl@VTpRb|R8TMub2
zt7IIM)5XKahKp||bk&ubfmuV&+^R80f%vJt*U~NN&Cvp+K|{*O*%@`a2&p3DV7Jqm
zCTO{D-2T!L4@@dH7CjO@U0_Ro@HOcaka`f54wyxDezxVtig=-cdLg<!XhZDmGE<PE
zurBgRoRCgr1ndR^CC&tyWw3Gatd;@>ox!wYp>tnoGP>nm^gpA<W@xZt8sY+mm5QI$
z=mpzn9gvSL!u-i9bRB7v)S#A*Dn!t!>_l#ZfW{Nn)egD!iT-I!zztiGqMVK?dp3Mf
z%T)MmZtk{^$p{$v!AI5V&lMBW7@vE{GP42VP+4SjLNJ~pLBto8<C3RygNbyrBV@&1
z^3uh)62vkqm@Ee&Hc80LBvF@N;En)}UPW3heYbHhW9DLk@_U_Vhz^vzU+I2sLM<N>
z-@G#eOmF5}2MR^zRHC<9!K0One&vY)?j1>F10j{j1x48Lf#{)%ZvtXSKlJlDf6}q@
zS-SQJ5qGO<bCcpk<t__Xxrb3U^gh?ljf-v}^gbPvx(~oxJ>ZDh{{dTa%@}e`y9M)k
z_-kz<@76Mc`+|24JFI53XlmV6?^r<`RDz?0o*-r156YvUiKeeMJtQU;lyv$B*;-A2
zjxa#1c)cm_774Ddoyg*(S`mZjF|MdY2=Zb)V2*6rqUIZoD>`k{YI{m^iiv6s6Bn*S
zN>RHRi|>`p*gj6ugM{>>hJHEtNU~8xjL0v_H<st3<s+1q^h^kFu(HjB>^w*)E*|$v
z!L}OxNw92Wdiwz<zPDa_Pw<`0HSblUO@cYqN)_y>d_R_B&xb&Gw7ty~z3e<q1aEa{
z*g<ABIN4bc#_$e9b55~_0j)}TD@sp84q;$l$hAcTRmgF41xIXT*|Zc>Vvq#MIq;0#
zCl84DQS-E0k<1qP{#eEY08*~TkY{#K?Bj7Hw=HYu=F%}2w_-Z7#)|EHvI!Tzf@fYr
zY-%Te+vqysqqOeQhgt;A79^%sVu`8-Pbv_utmp6^R@aH=RO`hj-LbcGl5r-pAQ%!I
zqiWkvESn5TT;W68nYu-pK9VWyV0=&K7V`RxkwNa96n?i@a+JBuVzVeXif9Hd6V7ua
zIokS#;;FrBR$95r41wr}l<p??OT1sU$OH%PFWEpY&m8JwzUlD7n@o+*(MLFx1<u^l
z!&_TX=3}x<sv%VxfCppCif@eA_mdf8Fs&UN6m7vnHw~~XAxH=y59e*HSSv;tPTEEJ
zw_s)LmHlyMO*5QHD^b7Wd%RW3XvIX+EKtWx@oiw<v~1;bW|mQk3may6oSaX%(Y4I2
zkwXBYeRyXHdwBYYc&E?Xm^PCyM5;3@ekD@`$V+T8$+NDnmzw^|@PUJBEyKjYh#|%u
zH<9q^<yQFDmH=#{5lrH?I%k8l>2I>YPxjnVowqWsJsL^^R0n$_7(;3-wXaqkmSeI0
zRKvnf)IuF{TH?Pu6bp+~wr$30!yO^~A<h^H2CI=ByRFbWMI~<()PS3{$7_mbbN2nK
z%&xQ9)p}fw<+nR)V7t~%C`I*z!u4axXm2sg1&!p8r>a4{?Y)yJ`(RE+2CkUtT!{hN
zw4KvBodVC^xe4A!MOM|6&&g__(af+P!;3P*R5{e0-(DPp-?F~B+AHFy8Go&)^ruUk
zhi&)VO~+rL2FUNIhti>sDmaoX<)Se}0K}M29d9)1(^^Rmz8+{)8dJ^wE{!Vs+|3{2
zm}Y}d=cTIspxi{67O@ky&{M2_?yx;>`-TZ4$uguPP4@F}W}VJ6txCJB=^fw7=G#M*
zViS}^e25R?Vt{w(PyV6iHkXMbb)X222f0}7zFLz+hkuL=m6$Kt7xp5mx>zid&(o+b
z;W=t*%C_hB87Mc?ODRK}Qzd(s|4^=olHWSh6r7<=VOq`0ii@<(9z#FKnxYLvZRS~C
zMy$4SOz?JDg8D$GS=X~Q2=pNQE7XsYwav0b6_Hm)HZD;8f)NgqYQXQ%`DmBE-g5aY
zX+B;><-C@kWs?Mf!f{leWapK&3w)loJL}u|FyLHcgOP(rgzhA8-L1*`6W*XiWEE<u
z7+Hg~Di?(O469Vr#gbQ}_TvY2@ek}P;lq)&-orv141=MM@>~){*zK&8Q~C{10rl2=
z`b%&c5+v4)?eL^Z%JZ(>w6LvYq_VYdM36WJG+Ur&;@&T#3a-J_Qnd})+o^%BRm40{
zv~A84n6E~NCtqPx3N8_ILv`-GZQeL-OX?}S2%V=)gIHj;;zhA;eG00a@gHhQ^i#=S
z&HrKVtzs)_lWjpWGcz+Yv&&RwW@hHHU1o+dW0@JtRAy#oW@cu_yZ=M#J6+Q4GjlYW
z9<`K8?aX}H53#;j5wRk|_jMuyZz&w94_TD{aH;s@2xJ+WK=K(Fqk{d?ZNVD<Tu>)q
z^7hQxwIXM?!bQ!=W+!3Z_Vr};36A#^!hEp+*lHVK!vveb-a^mW+_59DRD%PEx>isU
ztt_f}#>+nn8XUc7m^FKc7yH&b3RBHmO>XwZw#(R&5rb_8dkZ4LaBt_W2^PigwLF=_
zdTrlAB1X{PTfPMJ9|aC)9;sWQI&ZS7c5a%m`L&v{mpH9MeAEB>HUF}^%o4h)u`h;^
zkMqJb=Asm{*3ISinapbo!96|%M&QEEGvlt`Kj#27`XeBNbh(gdh^4Pz@a&L4OW)E1
z*f+0`uyr0y$8lK?19$|SN`aDNs?f8knYI@Bz_8@zC)hq$^QyCEMVl8&2Vq;;5D$~g
zIz+sC(@m)mOv$iA@rbvLUMU-Ol*xicwm?VZ4Tiz_`51>V9}?@)mM;3xjlEhVAMxN<
zA79UJy7xEm_@Fx`PD8*@;x*IXCFj=+mO#H5vkoUuSo1HzHY}M%^0q!Fw6DCdf<=)L
z47G4KZGy3su$9%Z0IfTQ{wxpa?~0e7(kmw2F>3)9A8lV4dc8^FlCZ$R3Vv*7q=A;C
zu4kYa|9uiQDk)VL)&}hOD~EKbM4;)QKf=3pWsID5HanZYec7X5n+XCK1D>I+fCR3*
zjkO0?mR?FTt(AKHUT^bP@ng9}YH?IK;x9}L&(!ozuaM&S0@`_CM+_1vquSIGP)!*J
zg!bs0J%^GMI3X?ie!Ul9o@Z$Cv$u{3wpbG)Y?;mQ9$VwZ1lx*k8t-wZUOtq3>1(%S
zEgF4bPb_>)vqOGYaUD|%iP#RxUUf4u7-U{0D!VxAM=(F>ShPWYvWWGokHJ-puS`|m
zsWHEGheSqBc5|O<T~|~?d|qK^w%dYNW?kPF>fbHjqEycpdE=3ts`?S(!5Ku;<@46Q
zl{{Z!N)5~MKYW(oZqQ(0ONh}D?Ykq5$(KZx20&)2(-(FY=cF`MB0$-ZWd9CC^3nJF
zehDi$#CeiLw7~-*Upg0ch$|5OiRz;zE8D;9|HLinGejGZTlwm7*n*urX-@;w6PV8g
zVu#P0No~)N0x9CVa@J7ps&_~V&y{tqFxtRH*)fmKvvK7X0QN<mhBYX<#;38gx`RWN
zvNWZ%-Q2mKT42ILu8bjb>n49>2*1A9lg-NqPtKUB@VY^~kFY__BKdRrv12~kf<jIN
z<|#<lce(Wx^~X>e==K<{4MXdRabRjq|JIoKDebXpC9^19U?>~gBxwv(7o~wr;&TCR
z_&k&~wW}YE3gfhFMYDLEY0cF5uvB!8D}ELas3jLbBC1%D+(B3|t%gbV-V0BevAW?e
zFC_#zYI-LkcDv*z%@TBWEP?X-?s0f#Z&OgqTaI`^EvNJ+d(;z3o4RN9a`vOsmf0)S
zJ=9gWsBJI#aB(a2OKp%M{5N=e@*Q@=J8RQyf=l^Ps)j3TrI)s&PCf_z0nWCw7NvLh
zyX_BHMm2~}WIC+*cjub?co}Ok^gWWj=_N9J$i3TQ1|u4XY^>{<K`QeIi1Hsx-3e-n
zBb!4_2JFZ6UFU`Q(IBu~xmUs!pz*bFIX0&QU*6R#MVdKGH$a64t%-prR7y;D$0Md%
zxVQ&jXM4ttZ)Yl=3t@)iXWinzIIeR$E-{|ysocT6{`knr<X6DUGo3$Cu2QdpAGtq|
zthtSR!79tn5j#6r{(+Jh3u;`YkN=4Br7eQ1yt`i27KTa7J6+HoRc86{@mL*-xecH%
ze-B~M#LpGXgsgn6Kx|x|Bts!fXPHKxWz27*Bf(8BrjO@NAE@g8y$P9TM8fMo`Yd}B
zb&|<1?4(>vnc-h=_IROsz4?&WmOx;KGT*KNxq7v2ExNjVWq#g!n94EorETDeqIMa2
zKKrg-t)9837Qj&ULBpp5_znj>Bc^e7J(K25x5tx+J4Q#XYgu6HSl9b}+Qo1Pc76$r
z5ie`^dCH!b%o-Xv7qj^~`^X&E)SM#-X#V_ET($LZY<=k2&S%9x-w<EpC`TO~jlX^%
z6!_LC*kVf15o%v`9i8>^6)@L_Ah=oAy4%cz;P%${1g}k%9Ud)$DDu9d%z*Qb!sx(P
zch%`e<Uw;(K6Yi{GR`(lKlq1qF~K+e3q(!t?qDCzluT^1{$$FQp18|jqhn*5SqOu0
z1j-!Tc;9ANd@NjFYe@X{Che4zZP9f(mlM6(gEs2n8fdUE=aU|91aGk+R(^Y!KT*Wk
z8hN?uQ}k@72*Azen?YSb<^A{)j{n1jqoLO6TwMpl^V}sAlUr(suzM}mWvu0T$yFam
z)xM*&AFgctBQ3YgE_dGORSlx$GvNA1>V~sj^$*nHX^A-a`O>}cf&D6OMCcCDF(zGo
zLdb{G_qPF9;)kawh&;q7KK|9VK<FLA1wtNF$K!lJRLKcHzNb=wdx>yckA{iuIa5hx
zEzVjGa|q0mL-3VOghtv<fQa=mzilrrL@SIwR4YJvN<#cA)Wav}J&N-Bp9;9#f2Rf`
z;$&m~_sT3045PTEjf<%h5u><`p^NDkQ)7D*Qy2jO7-ttJQ$t%A_Z3@JS^FI(w6;Ta
zcf_O>(Ee|dAm}1Bx5SQ1wyI_Gdc@4@lCe2R1?QdmG5P^1wum{`w@)4e1Y_%sDdS&M
z&nIMhBqsF6o7-IqQwug5i?=QqtVc(u+1?S2X_TXC4=EpJ>h}lk&IEMLPm3-H={(jG
zL#0i{7Z%BEH%<qXs}Wm$Svx8A9UmpGhA)%|Us_TfVmD7d45aiYShY<W#SSpu+18uw
z(kUqjxDOj*IaOB(40rKlAgOJ5B32h==i$FEA)J5^YpSNaGdXSUPiH}5*b7Xwb62K&
z<I<(ryjW3AdOvQn34qNWR<h`>x7EICTYj^0=FUWbV8KFEqg6|7Keu@QTq1x^_c^{E
z@p$FJrdZdAt*ogSd#<CGZM5Bxt={wMPZs+PBcuGznKBiz?o&XKJaYI1qgn@(%u=T@
zK;`hm7C0fdsAmnMr)MV&1_N?bLnDJqy_!pd;-`!f+YSgn+V_%vSIl45DzRe{V*8i2
zoEC@MAfsG3(!<6EQm#~6#D?&Eq#2+Rb)b;Z(5(W!6L$12Ux{_)S&#>x3^HD>L3YPt
zlp}9_pGb?FD*P!kAdz?I!1$IDWc<h-bLF`Zbte5XAyavxZ;4nf&|TnRLg`S-Xt%g4
zT=5R0%%er!Vtao$Y<vOx4Ddpamd{ce91bV-9}ZnrhiS1rN{O#z29<;Ab(7>r=OVs`
z>xMp#WV-__u5+M3b|i7g%XkwJRf%Q1i{!q}B_1w8@DX`~^G2CDzEE<U3BOh8ITV-5
z#zlWwD@mP<itw^iIdjfO$;K`8vO_Z!6OO@Y<MlbXEx1|bE8XFcPuo0@`Z4J-bK{)l
za&%i@E+Efy<1zDlGC|HO>u&8(3ede;2Y9h^C{+yjbn7wGJek1Ym8EoXn+TI#tn$KF
zSbLh;tl#lkxNF-Z{oVUvM0#-<bDF>LBDWV+o%7&@Bzpx_tvSYXWbhLqGV8|{qtIBH
z#vf3_!u0<W)C~O#HUC1*|2S&C+m#vp2{p`rKn?SM!`G<%<!g}I|Hjv-2ALd+?o|Jc
zuOY*Gxm;uw#e%*E`i|X+-8t4a)?4*>J~p?$G2UZNEwDDF`!X_Kv)Sr=brtJ2zrVL~
zJ>R@CKYM&dvhiBE(xS*`mhLsnv710?zjESUy59GaYO=0A%L0CZ9Fu)<S<a&>TDWK9
zYZ+}kJ3&@0n0|evDTo>r6VY1IRVP?Um{#eHe4_dF7*tH#d>wkj1nNMY-ALe=m(6xv
zpFEr&3N8`DRXJ*r@~uj)gFLqFoj}}er7n~~QknVlDztaWH-Dtq;A3I2(td^U+P!!@
z+m`Y0cG@3-IPhL;?qW;&g`n+1PHxQCXB_wV_Vp}iz+7yktnyp0hkCQmqE9nXk`w(*
zjSggG#pQ(2$Pyui)lR7sv~O<sf^eB=j4K@Q@o&T~Llf%iJAVz23@kWzyaH%E3hX^8
zaB2vpu@kkq(Vq-5c~V06_KW(3BM#t}C@|La#$9PU4!Lm9+Fh_c;9FsKv3|xq8i(Im
z4+7*W*cR%-)N?e=g5t7gN6GzQ`yjZ<jZSe>Y352r!f2<C(?PuoOA&K~gZuP>#4~wB
z5l-f~j}+%L1KCj{aJ!^O#1KwWxSdKS!H?9rz|j58k__9v2pmtwDkDjNQoOrYsoh2A
z=v(8cB5)D6-Eg%;Gl2pssas#b+hONozRtkCX`m3EP;&SCXCn!Q@<3a5X<|v?<fw~Z
zuSFd+r^g=JVeq-3Ua!fHIdei!u484j68GXv8JDQ{O)euA83_K2e>Wh1?WTDMoIiua
ztsy)McsC$@2#i`r<S-Om0(_}lLR_dOEH@QgihMV4eh8#rLToS*G>LzYrG5}CT1H&n
z;lO<3xwZ~+1wK7*h$xfZe5DWOMRG&5$t-ehWcRq3hz%B8tD2PyEpB9aLQJ|%7Wfk`
zSpFUtY}{=BI0s9Rwa;fl3b}lPxg=Klp7S%tOBE`-Pk6*|wJcn%o#KH^3<d%_mgCch
zpFnb66+t-0d;_}^G-0^vu|50O3z*N_*fM0Dt3BCM`sUz3y37~)R~VN^m>i*~<%i(*
zbgheA<Job!GnZw4&1<<)>nZ~kevFE3r4xJTjou>2r#n+{U(t)~mz$NOl|w3l#P#_I
zf`e4}nrz{Nhz~!@QLWDEt5jz@Q0)p1*I?s1JthsqZi@>YD^m!;v!IJMCZn>%bq6PT
z&E-e`{#Wf);riLb6=`J*uO*Y!)b!h@J#c$*f9m^SSzoQ%QtwSRbs^kHPt5_e3|k4_
z&(q%^7<?JmmE3DM264Qhd(sOqD+g5Fc=zCKiMNr3VsRch^S;fwJ1ztTMuvq(mV|s0
z=9NZc{caU+JUEO|x{LeYGBpwKF`f6qcC`0??$GW9{Un_X(>>3)1HTE_;l7FI`l5$y
zAM3n><so}^v4SKq6re$5AC9^ga3PXCyhX@9yyY9t_cYiV-~HKh17n>}^~Iih!HHm-
zuE()WM3BS<C;DCNi{lx!kx_;^S>KW7*pY0jfV0t}x!9SN;|5jaLGPl2Jz*!=#k#kY
ziGAccVPl3Jy#w)A_{VqK6Nq1Hlk^`?^1ZX#+wY)YGI*hXGM~Sn#74xy#rlt%Pon%^
z$7=uOGunn|;e*ic%vhn|*t54dE*tG6t9o@w8BP>3MHGbhhtpJI8CAf!n%ed|`(63q
zV)4|@tn6XSY&###-p+#2``GOG(i?Ma-PG2DyVcC=Tcy+d-8XlXDsSzJHL8nQ+XmZ{
z>+bYMS&tSKJEwP>nu~n9C6L#!SGPwuwX9P|6{l}abH%^y%uv=Y@7-@Iv*CNx`y0!;
z8UW|&NrMN<iQ?B|SP$jGb8I;luv=>!=Ik5%)1s5AxISPIh_64&7zR&KKT^zn$*0<0
z@x<LWI0iX1s`}r?JMjiSP?ZJ1Zc{p(yw|<LUhS9PTGtCt<q({pux&W<oFqC6Is*^i
zm&2bY2isCN1bHdh1ZcmiH6-D-cptxb-);xgC*uBQh>+b%J6Uc0$%8OBoaX*Zr$^rc
zBi*1PX^|%=;BEyILm{lx55a*EhKA0YI3$^DPy~)10?*7<dv5S2hs+#W&RgSUm7-}A
zjCXopMSY~Oby@EV3z@C3M1k`Z?22$ewA3!oV&?C~uC%YaX&Cn~BqNDzFRVP$AZgKt
zQ=;Z|A0&$~&Sgj^Fiv0b1N1F<I7}2=tT{lUxLqR%#!6X-@{dU1D^nHL{q&R=zcY1?
zO&Kd3#_DU1Rr`(6^ndsF8OhG0q>O=(eRkA`e|9a%RhLKvW;dCdu|MYiI<qBTf_dri
zT(~INLJOG9KQ>`uW-el8PGV+`F*eaRHbFKvfn{b+XF4P_>oJ_oten8AtjwfLn_8+m
zHfLpKC2D3xYG#EwHa9RfM=>_XkXowCtZe<Ww0>-^Xl%}G3^1&84r7chX^c&EjBS35
z4L(&GXWe}puv;0^>w~G%F2Attu05NFYt|vT3#}B_4cAk5RT%TbK~IhqCrdA4OYn{|
z(&JCI&-V96CkHpjKW_W~7fL}$<_|->4E?vJFQot#`tf>?i(0P6k0hJ5Io5U!>->1?
z$~&#v*ob;Rw4BcGmeNs|aQ1kCw!Xfv>tSib%crfqY{kbf_<ON~w(*<6<1)o&-Tl?p
zP<jKO9u04e4+ZwCVxxb6z}d(8M`og|GOWO|{>iRFBPzlTU_>qc@u2g8&;z<j;@#lG
zVT*P4PxrkHUW0Wt%|(MqXSVjQhO>%mxpu!k%0ka`8BpR?UAc8Ok2E<h1OSAB53ykx
zKq#~rmhZ;#vqC=-*aW`JrgYSJulrQLR?VzUKREH=)0;36RH&5$Hn&cXf3{iErGIek
zM%{jR)X2=VUbT!=)*Q}O*1cE0S5L>^qHAOH)704BpUXI9*9b<g%{e~fAr|f?fx_*u
z1B-JB<)nr2#{vmOTv1a%Rs-cg4{-s_AvFU=^!4;Bxf8kieQD7_vSI;}ObG!h%bim5
z?`{TR68$ct`vlixRBh}MCk28Jja6z+W?<nm{evlEKu0`iI}(Hmu@}1l7d6EB1TQvp
z8_vpv4=zOt=!7Gq_5S+1`R#SfC}3&l37k4?f#XnYd_HXoK{n|_5(dQe*r0Xa1_(Sn
zL%30yb7qXwF-CAf8u&K&0Y=|ph|#5Ow8l$Ekn|?!V7=rfrv(1-D@M?3hn*2-u>b{v
z)yPt8{hn)ve^nbc%1hEU^O{=fW75vrF8EIUV7R<1*?hL6ulf<LG9x*&r_K|Wy9ge!
zU-6tYm4#$!ipo^-K~`Yv*HVN@|H-OvAd73K-Tc<bZ!;`Ug{oK5lL7iX2tLPTPldBv
zDGPwv=8&C{a6YMGSG1^{okyd2jL@GpXSu60RE*x2576|qTBsUGuGaRiXLFgcVuD&h
zy9fQN(#Y?Sj^}}We*(hacl80J_y5tY_mAXp{=WeP%7phq0R&gx?X8Z*-f2f49y0`E
zeI{{gUmM@b)`#$LiHT;=1=}Q7crz}E*<T18_(}LD4JTDbO9V3{e`Rrc@1wFzcNsv3
zS0`@`(q%o5^7i9pH`lg3js&H)McKTMX;&A|AzMH5#xiXfivdej!FQ*v`e{5Jz}L?v
zTL)^6<v};7F0&~|$=YG7%Fbv!1<t>&UalbG(sS$oHdQPqSykJdAbX^K?H!WEPno<{
z;L+pmBGN-O2m%Ew3ts|-1}cEcHgW=j1xoXa1Qmjh^ArN6(xD56RDzT&7zNLz0QGaR
zgv!Bzu|>zqpao(r7@P~9B%*`h6~{~^n~L*``z{U=B97S()oVFs`UPu(3h0(8L%4<6
zkgIqC*aK@KM|_~yAr&mguD4m6u*!{tunI6i^0aEgp<W0l6pos^#p(E(+eqKi5U@SC
zP5g|0YHBN<s)%RtnJUFjQL;=ENzcGe*vpRUVdEgI@KU<z&f8h%2jDgr*I_T*ba_hg
z&GE!|C#NV9UQ=3c5c_E)oj6w?o3Ph5$wQxdf?tnF&okpmMMCKv`_V19gZW+wrFJkl
z#-Fke8N~f-dr&|~;&&-<TgwaXreBFCS9nivR+J9o?F4JJ7~PEYf%;nDop*Fkg}YlR
zasW8M`&i<?&3Igm4sE4qf_1Vu-u~#Idx^iA9KdKfkGz?Aw9A|-%VYNkS8RM}7?)dz
z*1XGS=VH)pYe$>*&D#q&{}T>4{^St;>2NSf`6}&=ck->L+q)_>fA`I03~!*rAX4dL
z=|jiu92GSt!x^%CmF5&@%ptl+9p8qBhIh_(UcbMZzd%f+ri>x<6qkQ=Ko=suG5fHa
zBmH4YY?M5`qq+BX$~V3z)Z%4Ey`gFq@!O|ZD(|wMTycId%s~EpgzCc<Ov`e%Ta@W+
zHbk4^hM;`1)OSq4RvXm^ua%^R&3Zx(EvF8n(L4>YhKi0%sSD+Y(71FShV0#3mo_Iq
z;WmmcC`c$3)ZdUOK$6G;{d+(dKy1L+kbXEMkA5HuO&TzW1qiW{DX=245J1N>NJ8vr
zD>O`8>Of|aF{QBC!WwYjA{khua!7$m?<2wBq8Pp-hs^#Q4P(ks1UfL}3Uo2<agfUd
zy#YWXDl&AN1zKo5#JN#G@6tv<&+Qoyvu18v`LiKlD>=FB&+Iz)b<Fe-Wj(t`EotZE
zc9Sd0xK`dOGOXvts?-v-b*%+Fttp(fk0VQOrZ^nG9yDP9ZY8ANn*k1+i?U}sbAx@t
zve>va$!*cBS4o_rBAqM(A*(dE9ZDIVZ9;7iT-T-11uv`@moVPOCxv8YF|dT7@?oT4
zSBc-D!QrXz<6%~2)|?&Gspq%3ub$`Sw$eQLo6PA0^tB*5>tKA2HLs)x0d4@S(*@^k
zhUcm9b}J>Wo3R$k$8_fa(_8b7d^<ae-enbgzwmOMCs$R>8U!}a?%Xy#vjw&0NW$7d
zr^VfqI`4CCBjE8*IQaX<EFw-;?th#Z{e52l?{h6k2=9-l*QD;t4?sAAG1=y4-D~ge
zy7DUPw&P@8duQVrEzbI>QV-6~a2FRhl{|zpynMLI>EAQ>`2ob}*Mb><7}4n0k6#%K
z|7uvtwq~vAptQW5uFDGWUV3kR<}XEP-%2=dUPhGt%O7y|Za8(Mn>7sBS&h*@o4zQ|
z*2~NAIZfE+TAY^icJ)&K)N`pmF0omxbM-~;ZHUEy8a^q)VIY0f#XmDNxPG~1``KHz
z?kb#CbDW;Z2mfBI{DdT<|FUu?``UeBpSYZQ|LneoTVlYc!JujTts(dRqm3Jj<9%W)
z>E^?OO{V2Hk*cbC`mCdJs?V&?PojOVVL+w@qNw6CUD~4m8>bSg^uDuKFpU;ODI9$=
zGt8Qic9%&>DN|!`bsbk;K))~!><`p^Kz83UV3<sllwnFVH&jc<?RSef_^_9X%KP#i
z<~g5^0k(uOwFewsDFQejS-HP?5bRdix2-N_!^OjzT5Z@&CCSAEnLcI#EOVc>F0RL2
zxZNGXk0EM%>n-R*;UF$pV8jP9R0AoUBh(4dMOK4DVYBF6z9Bp<aNWQj;vYdLFz#~J
z_=6t1&44{6Xjdc|oXFjsMEZrh3B_ZMFgub4H`@<M0d}}Ag$34Q{-`}y_)7BNa+3U_
z4kA3H@ch%{AY2JyT*zFC!aljgG{czR2Qr?fV)s-a1&Mv41)z^z+)BBQ`#fm2o%0JO
zqhP%4=Ee@i#RNEM9-0-yC!>@EI3sHEawK#CS^bOKf(SrX|K>lk`c;6ezV-hptN&NR
z|IuS67?9QX&SC*%^`WziWnTD9|0b)?``!D#%z1Maa+<&4udM!J-N6e1VJqohS^c5G
zPWVW@kuApS+Y*I8VTSAPeaAl`W@7(^nSWvCzjFHjQ<$NREz$ZDX8u?|X8M2NXW;(M
z&wP>My4$SECfuf9B@o&@yuOX(|Jh1dwVGPF(w-R{lhMAM%l}xISt#hH>)@7BzyEBK
ze!aXhqBeVW)u;E`u(lGnUYu?-JGUE1YM*xFUU}B{l4Wuxv5o}(VEB0X@L0}wFEajc
z_`<a?9trx`P7o7)yUym!{!Q7~XP9vn(RG!N`Fe=kEx4_8<^hZ##K32|`yio4bY10L
z3~n{BPDoO1e%~GY`SNBD0TjbtFmyVLV>}l=K4^S%ZI9_8TW?#G$@j0oV;r)zQ}Mv8
z;jofdOQGAnTCaA5Ku7fO-NUWM<|DJ4cK^M$R_5imkgBQna_%aCZ?O|{NOI}d7Emqt
z+m?MEpj84g`ejZk9YIwJ5~oCQxxFkQAZ|<O1}tnE8Z9CkTzH1v+eG2Py<cAgdWG{0
zlnST9V2^ThL-lms99t;Bt+=UaKF?l$d?Tndzz!Wyy1}aM;{jBUjX>S~xghbj5%3%$
zmmZtX&K3jYs0%K`DR!^~nB*+m0vyG6(FUFc-@=vG7W^pNAd!1Cp{};%lz@|mz`c7s
zx6FW-JY!1_-4R(pD?qA*dx>F#UE$rst@#H%cT*3y@b|XF-0ev~K0&<EvtqK8CWqrl
zf%6eNtI*t6bM(Kq4Zu~4z;%e8mHML^O(Jm-XT<^k<!S&0WG9lXFWfKS@QVH&Ip$+=
zh&U=Cu3NNw=2H^6a=s~P`Ep$H^i-T$N_H-i&C{?WQPEVKJVk33V$IWOPWjBVICn=s
z+$JZf<as*B6Bz7nO`dGCBA?PINjndQgAyrgbNEujZcL0u5)=Us1$?RK`@<F^3CxL<
z2})Tq;vOvA`@?97#fi#UO2Qsr$@i&sbuPy~Z{8X4Hz?dCs;cxnE<7KJUIrHgU9S4(
zquM(LbyvG-KCcm<?;3&gQ%Ig*Tb)as{{R}+Kb4RFN66V~naZzr5u=tkB4Ogc3Sqkv
z4*wfD)BG=THvjkJ?2V;}<DSd&yAh+edc}CxMXhRwRr+>!yt-|@;G&s{xBSdOyCpyP
zYxOJVt+^8Zi+c?}=WDJdCEi@4*^>4MXYE+>(jkg7tWWyKoXfulDcV#kJf{du4lqTS
z$TmD9E9`(WSYkE33%E#4OKHgHkheOdCyGYf2N(Q7wUwK0Y|&qm3whDc?K^&e<f4Pa
zd$yzYb+QM5STDW{_%BQZbSdQ=ysMKhAN7Bcvw`)b>j%ewBWJSzMb0|X|HsMM`u|;W
zhU&YQ*vNhrbW0?X5$p%)84q1e#&8FH=zoe`4NzMQIue*5R0LECZ^w#>0Qz@|>!Wwu
zuGbuo5MbPqC(^^V^kb`Lu7{NmxWFCBn4TS8zX~_PzbnnKA9O(*J|UDAgHRS^5pxk|
z#)V`Zp#Wz{eaV2zC?V>cLQ2|$<u{h|vXFEt3j`F$B(j5CT3S^yTz2@9u9_8R4#k57
zIIRwx^GN{Wi`TW1zC&^9Y+Nx-#i@LT4Sc~z52b$FEESJ*%5nSKg8oH5%V&0Zo;!~j
z)@(}rXTIa5Ln%rD`R@P@hbbVh^~`5^ep>+el=;ec+;b?EA|Q|b=rIyBsZ8OWRkM6Q
zvBtRhK6A~njovQseZKkf-18_)>v3v3+*-@oJ1S-!`PbSY|L(3Jg!rWC6=G;e@t-oi
ztbZyV|MOwy*~HWCL3CD*tHgf1x-rq-ES3KEB>4fx8^?R;@yfr;loaY*7w`?X&}0}%
zmRu6+tyfw)sSLG`V1i6smElw3UMmqE$g17n9dX7C=Pz1_WS8&e<+4IPdXGJ!iYC2n
zUy8iVAG3p(!~ZRy3H#50Cj0)~+L_7bC90Kn_k7plr;D+0T3IDW@oo{zdyzM%@W^v~
zp=mRmjP~bWGNp67|B@-eDPe2T8KX7zH~0-JC>z?r8d^Gj0sj%mhJisjf=-7p1C}5a
zBCeAY3RpJYbYbKg1rz^VQu5Mz%(&vw)Ws70m!r{8!iRB})Bv4?!t6pm@A5b9shl)5
zZ^Ym!jIE?h4Kwy)ns{^fcf1(H9_Xk1S3vVO0S)bU@4LSOn#U>r`u_}QaQ-8p85s11
zi_99`BJ2h#4*Zj!`9op(e<q;$f7Q?Q{|ht!!pwgsp!tU|v)*1D_9x8zp_<Ok^xq3;
zR(X)xPSvYJfsVV`1<8~c;6MvZK)LTgWv{L(qx<%t!%RgR5T74oYOT|4<3uCp9h!N0
z@j~3PeFP@FI(?&AZ^a_?ubTwrbu-vE8$x$3D%af(b@Ajkjn9mIb@_eJ1&h5OvE+9;
zJS+$Yw(q#f1tZs2n`0KsV-iHX@CPyi1a>~CKX^~S4Z4w=PabZcvqiFo?-g&~CC3Zs
zU_zt$1_W@tqZaR06L!Mfi+xS?yI<mb#UJ3pxP?V$?u_@u9`I?oLY_2Gr=ow!<<;#t
zYFs7fuYSIMcaLZdy*AaSOELPOr6-V|<#l}18S|C#&Iq|yUHg=xr{~W?3~hwM5yAMC
zbhIm7_VeJgV_l5-(_uh+V)m67Ms_p8!}V2w0CAN;ZuOcSLz-IMsCl_Og6qMz!g5eM
zOTV(&btFmlW%|2fMMU8YwOWYZ3J4Xj3fK~gANUrKdnfP~FxW;Oa88z$#}CMAh-%_4
z;Hf#Fq<SqZpt&xVEg%Jck|He=tT`r~-av^`C7s;HL~4d)bQYS4sS-otAk{YTKDv<F
zxmC%l>Kp@F2rHneUIw5hb|6T(iQhs;JJm;1YSQ$mTfpww<aa;USP|36bA+okXZ^nC
zPNYH1K?zvnD3F%d76ISmq_W#Gsps3L74>#xSyfaPue~>BGK5TN<wmQJX#g>nQrl4<
zkgB7l1ldy^B-nQ;X>Gt_lS$_}u*FAfHP9RF=u|KltyO>BgFa9ok+_c2m{TkdutZ|y
zf^4xK*7NJpa*X8Ba*k|I<4!cmNvjZfhK;7)be4IhzXa!OKXCW|Ir-H;J-1`Vpvo|7
zxSiUpaF{HlJ|37kwF$;#I>NY2R0~`5nJ*uVvzPVji23dJF}tS^NvxsjbM);oO@H6v
zG^{<9j4H$6h|8)0I&}S3oDBNx6j1q7E(p$1Z~T*0Y5cjmwG<hfW_#)Dv>VzH^NO!y
zI}9BlkP=!RptmhQ)UINTE7-W2;xED4_LkILo^{806nqR~wj=Sbe<wR>MLROsjWg>G
z!VhjKe;!~nmLhB_B)wm{K6G*}e|C(0JgPo)HZFf|n0~(Uyb2DTedg4B22Ok+QoIT#
zE`Ji6e1=lIb~1Y;7qyK`0t7MaAI-beE$z7L9%(ZPBA4jxXzrvT%o|yCy&rzMcM|s7
z_t*W4F|yZ!l^Q1me**O%WCH)Zpyu@yK(sG5%#hj>fG=)Lyq&I*{P_fmTDPCgg&+F<
zq*}tLGy+yW*s*-c)cgCVzI)hn(()+N!)$P*J4C&R<uqUh=Z#qBIzzbsc+BOX@*006
z<Ev3K+O59jwR_q|`1YaEhw;fSTV&PF2O?no`L!2Un^-kcjYh>6LVcxfw%5mVhKOeg
z&<&-m4MatY7qzjn)yHf1rEiWa(N(`SzBZ$bj+?3W{r<F;<=wb>a~iKuuC$qnS@>b4
zN|z+}n+0qRLkK#Dq$?SS4hXXA6&?tY=n4ZK=w4-1o6nEk4;~o7uLz=~e7*-L2O=35
z((eSBd7h*<CuAFkfbVP44orKYjN|X}SVhMWad=qb@*R32Gv<uK4e@|baByvA1yDbN
zZ@^s@z+4Va(cmJOp<<y8T2`q*h+VIAxr2LI9#eF{@B!lhIK#Rwu;qwf0pN{en8^-b
zvN%+38Q6^DJ<EpwaIa$R%D;cndG5j-v;gB;K++B3E+y+I%}m&w*F@$e%AD;5nmlu(
zH$<d~5}Y6BGFM}ZjCyDl#k?P)N+Qn`iozWc)0Y=*gf0{4-pxIwEBye1wh&=FH=SmD
zHb0h220CwpKBDg+^PFWoV(-D&bj&^o+vlYQvj%sc1mOvPD{~>sOe;&lT%H6MHr%I5
z^g|6#8GmL3Yvd4{ya_u?QAr?u(fC{MqePETh;0>=`2@_H^g<s|@s1Zft%{c~yIJYe
z%KVnia~qz!)*y3}=EbSPrrt?T(SC=C(Wtj}#A2epqJXuk5r*3}Iv3Z>2=32C-MRo@
zJnO>l?j$eDE%L#RywOXm1^*jRPdM|vu$cP9S*J*6N9*Wg9y>0G>=({ScPZDWkg_x1
zs@l)?;g3htht8^+&-U?;M~2tU#pO?7vrovRcS4s3U#8{H+_4Wt;#Wbo<<F?$TDE;#
z@s@p;U)PiPh|}lGM-#J&dT8G(jtaYQnIo?sa_}D@&+-JnLswlgbokgrd;-%u9!vZQ
z)PImX{L_N^@%w`p!G>HfSHh4tj+{O9VZLb`(={Z8#i*bo55nv9F9rRAL}-l|@7hhn
z5M$=fE2LZ6+7!dHVp!~JIIG~9Ji?aQ{U1K9x+tLOgqtzNO`cf#5B*Nm2c0uJ*KF;m
zy_5ZKgL8wHSo;0%gkv)!yUz~pKMaUXertsbbQA<wK3uNqqTR+ov=#ET6Xs3bRs2+K
zyxhI6KHsUs*Ejy1=tQ2JK3*1P{JEI+t!@8#KTW$>XSsl|0&~7hgC^6+6sm;Y4@F4K
zj~-Y92*K|W7l=S;iyjB)q%^tF9mpC87X%MT7G6Q~S1_;;JRK+k&^)P8nOKN0d@nnn
zdm>Fg`giHn9V1QR{2jO`91IbSer=&KBQELoC@@4=m<FR92q6A55I=2Dhpjz4*dPXk
z9|*Sfb1c9Fevg_WF~j_~Ihr6iVCeu5W1f^-3Po)Jd^CFx55Qel#c9q$IJ3VLS@N8n
zmM)xpA6fTZJvM@>KtGWb3jn{0Puod05^xf8lzIv=5_pE7E8K676|NzJksv)TF<m90
zn3%^g9)bV$CCdPT+zE{^TnxXT<|o8;fOAf3@)<Z)Ir?BpKKtO(uT)Vfh_Ypx#Llgs
zH~fQ%n>Tt6v)0j=VbA4gP1q;2@DDf#scY#*YH2b?8noC*3E{tlFe<o;cnXr36DL`}
zI<WHP7kF`04W5Nu#svApt?D69WS~E#l!pt;^*`gNl{|e|jVWE%|LR`8@!-Cyi#B$s
zU0clUXrB|79rYgWOMY!YtD^4A^I9nDqr2Flb#N$1;$*67wE+L*TKF0mNc$|;B^~W8
zma;it4!RHdfHg6MOlVDAypMIbvw%12y5;~UaBrV=9e;8Kue$uHXa4D#@P0XZ=Bsb|
z>6!k1sSAL2?PnkW$26~kM`xb~HJ_rX?}Q=`z7{o~xC!Q#Bdd`vqsMBy*}MdKtF_aa
z#nkOocUsfZ{+vcwyXV5ZXNXH;zIP~ko4Q`_OK6{<&f&+3e**O%^c$S)|2_Ksw><&?
zK_AV(_oFq?%v)8({<I^L%=?cXfvcKxe+xbzR-Z{9oC}{eJM$K+$8SXh+@7_fo)^-*
z(!Lih|JILoJIt|LTc1=>w7wnQ{$Sf&PueQaxm;8_2no5twtua&41Lc(v=q~Fjl>nY
z-nqJ2d&9O6F!`Sag(pBk0padkz**{Bx{1c!=!57w$G;V>bxG{Y>iGR5iGS*sR6l>Y
zP~cSc-R^zpVnF&!(Wj^OL@$3KkmLT!9r;jaiC`N`X7h2t5&HY{OEhBlTVa)rJ}2SX
zM{?TgN>=NIg+Ih@_xEvtkO@EY<8Xbr=D884>gVI+1WUNJaN9^jjc6mSZKt(>O{_zQ
znUrEV=&H)+dB4hUL7Ax~;b#<quc3d{6MmS2K{GG|r;jKY9ix;vI7&ieLQ0Y8;91Kw
zaY-62MJikL1v^2*^WU9(kJx2r*0>2*d^TUyZ*r~=U_po~+(Yh*zv=R$jezfijc^VV
z<?$EAQ;hUxpfskxN)$1YM?n_53UobLq}4F@$?W0zgcLN4SjF1{vqFNo5b=XxP=)(V
zMt6l;;-3!QS0Y>#CJfI4S{aZf+)MuB=MByd`8)|k{WTo(9R#-pa*1qEj(%(<$aMj=
zn2a12H1lznb79UR#D~%hs~HliIW+%%K$9UJD#V58v?h)fdS+pc+Vnd17PekFup2rG
z1(?jwS$?3#YNGZj)}0_oJ4bPkuEC(m9C?|y>nL{0EQd)gcR|bJ_kyIy1U+}b<Ed9E
zi4A$42cMahSE+<hwySB(^RUUbNf)0}R^7Fiu`BIt?CW`Rai9BC#SL?_ZErJ?OIB2m
z?9`>#F}n82v60s?i%VAHwn>>2Z!?xl)&$S&)Sg$m{SEWdD*@@kN6nU|4s1EF3?Qaj
zgC4y>LqKVPliCq(7bs|2o%4aGw6!6S=50GH`$O5_UJ1+>_;{=e>`(CdgY1KYljR>T
z$EkGN0a^*#Z_)pfg2xVU0LRlrnBc}bEj3sH+Bs1jS|r1Tg%I9f?;}OcT2FxQusTyc
zb}0`o22bsZP96-*uSw1AzX7D+rsfBS9X|lFkA{|v3f%093S0h61o^Xi`(K&(%k9et
z+KZ8hS#7TK$4aZ=_xw_;F$2ipFV(MZubyg|gNj$n+cOyh1LIt=o9WkkQkz+<geLld
za0x!kJ{DS!eSM^dYmhMN=?`$maMN!z!Q+&Ug9G#Ls))RPEs~OIob&GQJ#MZKkHEvN
zlZJJN6}%18-^UN^KOC@L<>#J|#sR92hp1PBNBzR*{J(VI7yvn}Ek}8Sg#Ps8XPcll
z$LF^J+{3@BaXXDrEoBW2qK#EHoo)d2lXHjRY0cV~h564+a^hWwjFQyi8}c@zB%8c?
zG=fnykTqjMzup2k|3buqt|1t>f-Z$Fg<sn6o33Tq*QNUR=9~IS*Y4=AY|)uy^1!1=
zp)Y(08lZY$IzVzFkO*AxSf@I?#+3nSB1W=N?%*iR&{)qNKgmJy1{8*%S*?8St^Ik#
z;2eQ@nj`%gO|Wp;!nm$5{S=GYhJ-U&Ao)pj3VPBs!)O7UwSM5u0ajyD^?@H@;;@tD
zXktaC3?aV2J4JNG`33r%(F%9!NDd`UsXJ{Bcn*R>$YDIW+mHG_MTEZkV<!=HCX#ik
z$oQ0kKNq6hNEhy<j0`ar0<ORiJcpmmSI#$z=zIAz!xH1e67)k7^urSP2{GS=1x|vz
z=BS@bSZ@>=hb7uc2<rhC1z|lgp{tz0Nr2ZJ`LhMrvjy0*1=+KO(M>;{ozFI5h%egP
zc6E&1XnxCG`zCEuor7*yo<&Ccd41(M5iFrj*epayRSL@sY?W-#;GYcs51NgCLW3Xr
zm%;zb;Qx1n-~JUe{U?L}gW%$y&)^-od3DlemzuC4FFaYZ_zqi*4~);GBMnCYdJEap
ztiKu_UWK-;X0r@Kh|~04tDg(bmYP~RBMc#9F`)m_^;PLVRZe`c5P3WT=uw;NAct1f
z^4mBeg7IfK3}N20wEk*`BY+<LVDYVKby*({0O(uCL*^fjU|#?uM9fDIHsRg#+kC$z
zOTA$TtIjWcJ9<buf4t}wx1Qj%(M?VtYI*6bB{RW`MrFSR=q=RC<7MlTdyG>>{5;P<
z9eySf13D<tur&PvHyA7{*I(PMa`&tP_rE^QUVpI=R2gLt{7%@THo)Fd$Q}f??)u>e
z+a-0>1zZeloM~-7rmCPUSzd}<B}BprOe%<2YvR|71;cG9etv07uTUID%pgRW!h97B
zXB-HD4EX`Vbdm_cU7~!DBN6mNMS~UA5!@ZyDK7BEBN{Kb3FuuUKLm^oHt-tdS-4YJ
z4w(zZVJgO({3rz$x*6r=>&2@3rF&P`FbLtL?K7hOwSyp2KFVH7{9a1LFk?MYr;3PA
zY2up__H!ZHbD_&rEGPmigpZs+S%8-c`Ev>Pa|!r!3E+n@;7}iu$c&BQAt!Vd7dQdD
zQs2v0+sj|r%jek3pBR?Vjg4s`BZQ|Uj3Oe8A|sTQ>G;_{&iK}Q6%!zc*D!7C1{i<+
zXbrB8Q3<Po7FF9=u~3h1vK@Hppw)48uO#jZ46_*c^7jVM%JjDpfr^KNDG{T*k(IKG
zEexX^5i=9hUo$G4oLz{xS=jz_&j1lSH`{;o0R5jQSe)}|%Hs~VT)sv4WK2_Ctfc%p
zk_-w8vgrjHHc=$Nn+2vFFtbS*&d~SmC|s$$_=XC%=6s-sPmQKJU+?w0fUn{bOr>%c
zJO|+uD#HB~{+mezL+hxgrwya1TA;^Xkqg`y9flAj(i{2MgQ~#6P(qqZ5?a*)npJC6
z#9C1j)Evj%s4%2`>36ketH^h7>m+)Uuq8)un*rG}h4_Udk?tORTcEGM40r>M3#sb-
z*%d)zaTcUXVPL&2`DK6#z=Hg-O&uU6RNMpoQOg~sfJ-Xa9GLiOpo0CEf&8qN4A91b
z=2ocJ6tVIxAYIrdsE)p5Ob0u<mx7}}w=HYsXoAI7&}MWgZ~tZ$LW0L?MgpS3g|$b<
zpo|~_+<t5UleaOR_~FB6LjB03&f|2b0p)>ia+KgD%De)ubQO}d1S0@POA+qzCXlQo
zyZYh@&JWsUWuJ3+ZHMUTALrK~L9iU=-iv?_tly>yQU>JXhd<yRuHv7S0t9@eqZMot
zRo#o@p66dK<Z8f&2h@J#fbfkAJaLLhaR!@f)bC6Zb6XFzJdU8ic+gKrs)}?Xm&yGH
z{}QqS4!naVgb}2JI)pUf5qu~PSjO~=0I{Vh8<9Fr30eMZ%@qN!zy(nQv!9HZ7aDLT
z6bU)m#r2Z1&>>Q;=%POzwV}T=Pyz~pOV_Rp5C;f&Qdk$#8U;BNIg6YW_?M_9Vd%JO
zbTUkLU@#@WLa>?b7eDjwM_+)zhDy*T0_A`q9QezFvVgf&yI2ctVtEk>FA^zzb=Ab0
zc{3-HdH1j956PqSql@+3MkH#VE!jV*g#7o5Z!|p=F1!<&kg~sx<XhFz34A?<5KhQ~
zYZKKB1C4p1=_ld=KmGP26!FJR6IJ$voSE2j)03r=t_~dJ%$v^JE+OyL<tIGa23$ei
zkWmwU-!LMW7VRm7+R&%A5Fdkpl|LmR`hM#pAxs|Aipehs<nr-5E0*WE&ZSu+g>-*#
z4|}?eY}pjB9)Tg+A@cJTNLo0nE^jV@h!#SHbfwL_8An1m)sn@)B*^ov4nufpL=qa!
z6`%*5D<B|h#KYQYNANqEk>0^qF%KngeT?ihIxf5{Ro;DqE^XNqShmY1eCYO{y5kb_
z0etYX?PYR<y%M#T;J*jNc@+#W0^$OZ{0~BVx$%JIL~fjnE<hM09z%$7J@YqNqR3+e
z*JBj?WU(v|^+bU&yLqT8poFZ)fX=#Hm2xlT***yr{04FQ{0#l@4RnCAEDfgi1FLEF
ztNeE^A;D;}V6-hPotdqvx%T{l9yjs}o6SV-klrEoX9)10AzW=roQf`*wK!EUjPNcm
z3JO=;>Qq*FtxAo)Fn=%D+_HM&-1W;PjgiIq<vFis3`s;gk?Iff;&(_vc^H6q6ct~?
zS7mm4Vno!>PjmSRf|PC-Y)8DfAtTW=k(-O(<Yy@y1j<Yj1A4e#j7}0H(foQvysmH&
zoxHnT$H%aVhrcx`e>l3ozvDY{<HA8Oc3@5p27#mksm>sAIB#?XpU1|IC9NRvEQEb~
zTR|M+?uo=qEQy4B2?>FkzA7>X6djt+4J?qArM3x~a+tC|yirRzxbM(`7ek@?Y^(FG
zDUN<V=|<TQgamSn{R<L>)TVkdK5}Lg!v(!Z2n@<rxR}2vnSCBSj5?TKJ3xRiJ6b|L
zVR?RM)ZI}4Yn)+ZGGSTMgIk*pbKm62gTt5U^=8ZE&9==Cl|UtBxBsl}I}<?$BO`^|
zp+88z4gG<Rk6-i8h%M5ncSMqa3(;13FIi_teB?C$DNdboP%a6Dhje;~s1Uj<3cWK5
z1e!-XS;!=h%8=E-yOqUOX8wn=jY?`^>(@pzI9R&qYY3mqe2`&;>~8{EvLTQ8s#pr|
zkB3>lAJWUdkip$JLQkLB_RtvoVf_siAgIAVe;z@?`0!Fg)-<WYw&sHdUJ}buRUZ-s
z##HES#;725l+;}fj#hD#ysvP<60x|i9W<^Nj!&)yHT7!LhQZ{aSm2k#2=B_kftHu|
z1G^Is(UN{A`56U@#I$P&E?%rLsDgwplyPam-9#_-=*}m*n<@Z>#k+(KERCfNIodA1
z0Oki|hSoz-7`%iKjp_tshDXGFg?ITIgk@EHwV<e9L~^@LxSM#WJZi{2A4%<sM-D1T
zeT!9o3kRx6kq=obRG3_ekj0|h$`F^x+O9#(vH*TE*8MwUEJrsng<l{I9~rMhV4r7T
z(yt`(DccF;T)!J3!&pDRyF+v@hD&)jgNiILuJx|dk|Y#_x+v<yg)VIa)upM!1*x_*
zh_Pu&L9|@+?pt&<(wvFvjV&Jf*uIbjuJJFu9`;DsdI<-|U>Cd_{pJJnmO^_%k^Pb=
z;UV5P^|&vbmW2*|#w!iy2e|l|KKFvdmv#b{HntPofktEJ?CDHbYWInlC9!MbbSDML
zwYL633Zt}GM2Ha<O6mDsoREPdXGBlnN&dV-ZAk?J&<*f?+6pFy3gc5afiF;d89C1E
zWl1Us-B1Xw2(#XF_4yiLp)VN0qSry#2KGXv+jtQLpuB!fns=xcXj^=-R!xh!dHYM>
zRx^AC63SgyGMFI><O`Ecs-mxPoI=e&=Qv5w{Kt_bnaZyV76{-A18d_V2-qh{Nd}0~
z=@x!=>45Bg{jFI5T@)mwlSv7iH>?vN7Jw~!YtU(cTj&4s#2`0CpT(w)qMB%7&~2-1
zQ9WRaZ&mht2qg&aNGQ!JkEAm~NRveZVGONEC@j4@USKQ6+-i6L7rv8~4A%h@rbXC>
zKl4)2N#;wLr4uF;d74o&r&46t0KO4&5QYgHz7B$?oNoi<N?MvA{Kb0ZzVi*owN`AT
z@+j+=qfEU?1+9&Hcmji!ld2@BUN}2HU3ok_#G6pIq#5Y~zV-8V0=hN&{je?tzG?fO
zXK511ri>{n-5NJ@%R5Br(H7Z@rarBaVFLwn`k~Z3ss~73yo^*s)}nzEb#4@(2^*lJ
zn)`~vYWJ$bQhhp2Uq7FAK;MikFBhl{_oj5p{$1FvBCmMO%>1CDG4Glbym|g^R6@zp
z>Q>iVQH3b!xFMcp;05!CtQE0Y521wK=L?4eV3{>Xg}iyy#Zb?>P+ej?MEKd4B{p*U
z&lWo}3sJW66L+xel|_*(xjIuCwyM?x^|fm0Eo(D@O5WMnLLG<&ddb4#+b5L^ZLYla
zRw-$>)jQ`~TTZUTwDH<|@6%M9>+c!2Ub{;Bwpz=imS|kn6N;m>P^uBXl+%Gzccvw;
zIhxLd?9;FMa|@tS)xNqUaHOHlYx#hJZvaHZs=P`|L`)lqTNKlkd0MTK5#-!54^82q
z=7G!s$|e}(FKbv&G)kHhj=-t4gjCw%HDn5z4MiOkD303d!Ay~%26~=1-qCz?{qxCA
zYL{vh2)p_^#xqu@;4k7&Q9(W2ccXZ<$ZCm+Twk#>^4ce+mA{gpc__VoAq|!b@$yxd
zRH1m`NGMEyD<Le2njd21D5e6^!@0@9g7(0t%9y6s6%G`3#9Y`HZle;~`w728c9)1J
z7B6p_0T-r)h6X#s6O9bAk1t#S$G-|!5LWnebXs|F3$xL>tXjDSrk74MJZ;*AWH`%_
z%9w(vVBob+LRQ3DNX;D|BOJ8f#D7MLi!>G#J*{9^agN+^BNxO#2b}M=Pg?7^keoV>
z40|sJf8G+WRosclKQBIv%gSHDdYqaeb77W3i+3+hnzMPX2;ILPqBM#Yjhb)Mj~yq{
zU4x%GOy0XCdjSiXDheJ=G#+^<%WCBIWVSN!j>49Q)%v;83x3ieZ5y0?H?metR1_Oz
zzdcLDPA?SPUgDnlawv&rP9$t;k@9y^&igTh7&n_E)p{3gX+MgT&Db3GZCWL_s#AtL
zgon77b`(mxy7MzZhUo-zX#AduOYSXIsIeaT@$|jj;Ie;y9@q@%p1jiC{bu}G=P$Z+
zk2Ss!quyW3+qO)TSpr7ox+)jxj(EX&M?~mF3&~#Ruuo~OjQUBdvgu+-cXXha4IgBW
zG#*GP0kC(}8SAWCWZ7rb@dUNt!LGxVX6`(1T(NX~nZ3?+oS75UpvZigonN8nPQGhP
zs91klZI1+V(I6;v65J&i=Ws7uFc0F})T}r_Pjf;UXYj+0=QjnrDRCo5)#xU}Ooj1%
zqMw5Iy}2Rsp&LaQiswB{HU|mj6^3x)39#yq4*+3+S45HN&kM6lftKebO;X0&4k=|o
z57{EwaiMWg5_IsUBiF4C;F`pg9-gKZ6|TTMy(t=fu`MsJVCCjWEUn^8!Z%roqd5pi
z0Ap6Ia;GQ?z&h6f{F@NGsNZuqoj%$^@~LWThYJgg<WzinYRc;xxS1o44UPLf_)-Wy
zu~2xqn)-r}ynfeliQ>i2FE%tfTaZ<F$um|LRqBO6oZ4}j)hD`$+p;SzMiAJBIi@rS
z)D!m5>hhPwC|L-w>R3)BpTpsSu?DHpB3#(ey-3wo+iiskv3inMATnP``hhs^1B({H
zv9Q6)TDe6}Nv4rlFfNLmEH!RnE{99wjDt)YB}27dPBw~qJSOxrY#sQG04E{(N~6~3
zWK`h}?ip0L^r^WF@kMbm9jH%IdGp+XD*o9<Zedl%Y)rA6zyLK2JsLVtDNH#$`lJ<u
z2Vmrm;<z#^EL+8lihGbk+Bce-zOHkX$I{8&%wrpvVPfX;$pKZIQQn>kh-8un_MY*L
z??HoDviGB^@?s;XYLk|b<C<@5fdfy!1<o}pcFfbh$SV`{z2CD!q`c1MEe}+sb_Gd}
zlr4GrzvW6t?3I$w8>!|{u~B@Qm8Sh5C(bTQ<f)Ilsqh-$VcQu&0;N9?UiT5`rNkA!
zpDC~6GyC<NR+n-(tacmu81cq-{=eG$>ZmxrZB5+W-K`;LHyYgCo#5{79tdv1HH6?!
z@Zjze0t9IY7Nmo_!}RaocW2(r{MNc}{+zX5uddanPVduIr>aivKDEDZf77!iy!w#R
zS6PXupEY_&GuyFL3*|RjH(#+syf4}f6ZUo{cb#TTi@K;x`qFNr)sjDnJX)VF7W-=U
zMU0<0X^@zl$A~HinHisp7wu<Z#XsJ`{yMRU++gfLVY`jWnyort5yXf91J22UZp60-
zBX-?*sE$=<nRH-BsX43T+w3fSCw%Sk+bslkf&@nEl|op3C*^ic?%UTmu_v;2t1rCo
z9sTvGGDde5?gQ_OC^CyZKzUPTyY>bdUefoaPdqQW8KyRRmlrj{oU^YT!u4gl?fL1%
zyUqDY<vN0Fw%<)MvlfGd-?H!TetD<8VYX=T)cr1V^3q=?V^Yj^SLeR=srt$Ge%3+s
zF$dBhhIG)f<628jt#Lhny#nsenxzIB>tGx6{vbpT6#9j2EOS)qsIo{bu2r^wDn2<Y
zu2Mp;el~d*z}kv(H@fJAD#Gx3-Taia;DqyI(i!FcF^}KXqz6Xwg!1%Sz5=8m{^3?d
zay!(=0Y|eQ6%bHypd%~I?n!r2bXOaR4FJ*~)#u(poX_6+zrM5)bHesAccWF{^d2;P
ziKlk-Z;|~TLm~DtHWoh^g=`~!bN}8=TcwI~Qf{ZI>H6T(L7Ku8vsYIspleEQ@it&6
zJ}Z${m{MnFoJ8V_;{`2c{z$V>pvlG>RbhrHG-qm;C_A-P@$AkXO`>iVNcR5hvYl6m
zjq|+tXpyiQw{8mAzFE{u<Q=;)^+WALPfb}l`WI=f{3E{YtG$Es&MamcRb*!7;6HQ{
z`JkU+{n)ZuIg|kM)%SxL!hq7;iz^uKc*coglUT{Xm-ZmI%zb;Cxs^}7fQ<-AOyc5m
zKhUS-I*y-sSqkI_hCFBEbVVYHKP#AgWv5rgjaBQ2D)Q5|w!6A=Kj~f$+ws+R_!PXt
z&#FKk|2&^hW(A6G=phIHsnT&yQoai}URqkYPUu@&E-`LUlwa7;m9}mY&4o@!=Twb3
zM$Eo4;GEY8=jlmtfz3L4;7FMlEj~IuuCn8GXXatv>QcGguAD~?VoL*-IHTp6pL#QH
zrOM5q$_X75Gy6?qv$jq3Z_LEWX{6x$8!~KHLoZ%74<d0emPlOU@=Mw|6;Sw7BWbsy
z-`MJ^t!UL|gRPvFCoDyNtp^4@p`D5TnTMfwz{EM{@QWuW%kH+aIJ>;w$JuV4#)uLc
zL{B*%b_+mDAMer`6s)zF%(y5)!G8nPtb5pT5CBx47LT7<5CTgZ>>Fu49y++;o<Gh#
zz`w6{kf5H`O80*7mz+F=J^efvAc{TAF_It?s(!=l=(|J`RhvIOZ(4X#c$CI)HPpW9
zmOw7mPAzeucUIo_fRFY)+jl4_p5cB{xb>8#I|JG8!r}E`30`vbmZsL=sW^OLVThdG
zIWVPFNY3!LJat%eFOze9qx^F!g1N!VqO>R5W%uhgByUGbdj6WE&2Zd$;dTK0InY1v
zqDv=a01Z(rC#D{uYjC4I!$9oG`StGDNV;pZ%CSw6f2f=0#F%rtoN{5VFX7{Cj>?Li
z#`komRv2SAXX{rn;ZTpKd<Oa(9G0I5KTbkWtO8JnGF?=tN=DJ<nNp2%TGz2>lYF>m
z-iB=CWy0pBXDGy$l6T7DyY&?Kj(XK0&u#7Q2Hg~h;K=Z_7*!xo`H<D_`(IqT^$0f4
zc+|_9=nPDthY^YVx&ymus>m%0g-+mo5&B})&h`2CuVFv5ZC`g@gCtJo(2V&%PBB=}
zDVL9rJm#|Bs?`tOvb*bFFZImzF$yBGXlvLnAFyLzwSFP{V!vs8F7lIgAEEY62~eSE
zYaDd_B^-Qvlj3&NBxe>=JY4lQq-t{~c+9+4M$+I9VP2$9L~mZD*^sX6{oK}hXYiZy
zf~#`l)*HErHLZr@I_%aZiT%kMMT2tFX#qT~<+n)Dp<Z+%t%uXub=KhX`rl4zzo?E+
zLi`fFL?M_b-vZ29dX=s>_lkm5EU^x;-`cx05v^g(xtfslWM1%oJH&9X6j-Ny)}`9t
zJR9zxCsuy=WS5J^e>Y9jL*MAj930A(SR%tS4cmLFQqtP^eRS3|$nS-mcG0q1-I2FP
zdLWDQd`7?+UkNkM&&m2jp)mOIdNcd%05#y9CVDYUvYW5)RHCAT<M5bidKX~B!`?aL
z5{uYQfXGzq0*s09fM=>%UPiSjQ<BMUq?6V<?c<u+Y{S^)nzyLpva8`!NG%-V|1?>>
zv#uwS$w7dP@e(TabV#m=Qt*}_<8s09d}j%5Dbj~nulQ1Wfl1OR=VU25@D#fcMl#vt
zx@R2T8ko`scuI5Au;%#Do*AEDWbxZ8Y0j%PQlKa{VSNUhlCsDDeDeGSmnI_iT-K8$
zOvZ37>*S8Qv+<TLxL)SL?duo*;g=vp_nXGpNhI<+E1}#1Ng4#-#NMFrKHIp^gWci<
zj)Jqw_`n-EH8;G-?KwA%xk8kKu59O&xR*7`XPNBh^PsQNX6W$R0fNf#u~ECX=a7pa
ziBQSppP#0FDN9VMvOWB=r01`TsCZUv!u;qU6&bFLEnNry5f3c2;LpE|G~O)HNQ;b$
zF2F1Q(@P>19I+5muoN}cLW?ITeh24^sD1!f(u!PhDOrK3ae$%;&tSbolT$|n=oXPb
z_GMv@k(6t;?zM~OkhTeoF+62mh4E$pgBXl{Ta<LdtQ^BSbQ{^hFMM=leq^!YugC>c
zLGcB>nCfyhbCOmtkOXUTf@xQ5_3E27B$juxJdD7wAmYyrBI30jZs?zvaUJRdVOKxj
zw>2zHqq&fOs#D%Co7<yff4g~LL~>|j+=7|(?H8ItR{#8NR?ml0mrQQ(nHR$9P`)rN
zFwWQoVzdnL>HmtU-u}z|_f@QMn2UL-(Qpfs@LjZXeYl+MgNqJvzESppE@cg7Qiq^_
zhpO_%fMgq+rgPX7_8W`3Q*weMBBl=GPJ5{ZT>Ev`@D3BGfoz)+nRAQ~4<-3l4qi^C
zv-*P(2}D=q3u4L<iuV<%I5#k^>~Q#MLiQDXtsmC(|9(^t0{soI@&Civ6z_k>rv5uN
z^}ola=$|59|L%hS8-f)#7tep-ZT@}i$yry$6)b?$eW+)L4f`X)F?Bmyn*>RI90`iI
zv3oykLK&-oIn+oCj(&Q)m|otq`52K{J{QzQn)J!*c4>Arhx%sLT{oC;x8859uv~Oz
zwU_@dwg~w4pKK9|ZMW{gC*7C)n`cYmjN4<WTP_zh)6~ns<=%p5zw3uJz|hihwy}D7
zS7_YpjL+z_YTU}D|D(@p5)gL3{20P67#z^6JaSR|wd6BYeP-=s)V1`9HBvrmQK0#e
za`i91NQOrU<832lG-RMW2&q%D%47Mae3J0_wiASnAl5^z=6=i7a}+=PCI3~CKe-%I
zAP@rB6Dy;IvOik7Ugg=>1B9uuTya5)8gH_8aZEKw7G7_sIWjNR0=w>^I8=*D=s(!{
z5V4^h^Z8MGV9$sJ?NH;pnx#p)q`}t{KtJs)r``s~eVopN)&&2g1#S2)84{^94-4YE
zkNwCbWM*o#8LCle*Q^RZNBY82;v}`(6p=8oRj8^|hlr4tS#Hj_`oMM*8pUxEgo8S8
zq=qEfm2lkgZh@7OQDjIK<%W^^kzjEJBb+9bwuSsgmP7F=+^>qQTr|;+%P@bi;62{8
zO2~`Lr}$g2yH&g3D{1v6>BWJ&9yjtJ9w2~fnLxiFnKrI4S~4F(i`B9mkf{@~wemQU
z(h?nGVxpF9Gm88E`<YdItF&1{WlZMbHU+}$z><J}zionHYP-TV)3+8ZId*?+q2F1#
zo|-l039t&2#h>*@eJ<)(k~$jA-wG)0K~RBeYA@`MpXFA#k&uUlJF&9;0|s&*C41xU
zN+e*6M#kzXTuD5ta<kB%2p4sbfO^8zQvO0oGMrGc)bKn*PpVa)y2DLVcVnTfxIY2N
zE*X~8jatSU8gDq;VcY%;z}~a%^?jY{7uqD;M<|S&o$0TGBq-BNJ<fk2o?e4<u-_x%
zl9~n<tvKx2^qVf_N4pJX2MO;Fxf~=NZ`SA~^c&QZMl@}S@W=30utg#x4|dMY!B2Pg
zCySjnNUIKF*GMEs1*VVL18hq-E$=_-R5*ScO*&emKQ8aSilJ;+vy9Krw5=YWX<EE0
zVcS#4wyCghTW1v8+Y{(zn7U_k^UQjRwAW1nO`PYT<$u`e2=|J9bl@s{5PLjAbpNc+
z*`({2(K4WCz}7WmxTW$F?X*$%PRQ|tYoo4TVatH80o&7`GC~IHl6Q?SELI@}G7J@O
z=!z!j@VtmVnl;8C<jF9!Ln~(J@N(bK_1og2(#Ff%HN`}7#LMej<DwqEp{pIE`=RT9
zP}@T(>q2s>+68f~-+d8Qfh4LF!e7yiu=%|m0TU0Jhl&$CA8747I7d`dA8uo>WAS7B
z-R<OWxMu>u|A$Pj|47>OKNDofA4dvkqm0i)FARp*8P(pP#ex&H@d!4*hxUd5Bm1h5
zQ=Ww{pKP9v)`IWvg_~4*ubb|w33{K3#4uY5cQ^PR4^HY14(DflM^At8_mJvgCvWe6
zUz&YkIk_y~u5?VsroF4I-cU=VE*8c1c&R-u!#ScqF?}jrIcZo22!cPY-dcjE8Qz<&
z?gXMdco`$8uf2bt8uGaH{bs#b-Ly0vmZg*F)R$!kXL?q1D2U*8)o0r6Cw;3rF@Qa{
zRrHhXmFcOZSjy9ryTHS`*6pfXbw>6pT72}*nFJXW;*nf*E(Pw6g$gp5L++b5dIQIB
zcns@hc1+<dD_$RM_J^P5$vC+=sRKDd(}agrk0aDKd8^oYC)09lfF%nZox?HT=}^b7
zd+EoA-Zk1=YKI^rWO4WyR4zPmIJ16S#xQ~~TAJb*jJ}IFdSrE&h8)ze0ggCd0B%uV
zQOsZmB8*!FBfJs}QJ5tboFWWim^C66rsi}>4kAoxZu;sP>=?@fD_qGcH%t<VkVRdo
zv~)sxw&nt!_<KyEu{559Vx72cO;%N601S$fLiSA2Lf9Zzv{WQw^rBY8n+M0V%5kD9
zXCdAd$+YP*CZjWhz~OMpg8bYg@jt1R<Iu-+swzGeYr9%$loM{d3%@B8J%jB%+`ijo
zd?2mWdR@oZO37I!;7NjfzpqgioXPpAyVJEDyz5`5Z=aiV*)%*Qz+8|UP}jbWI<b(8
z?dP5}&pj(gHSJH9xRg(vfUBBmNC?Mmv!w4OwCDL1apdUn`zn{HZ>rl*T}_U~T8{zB
zWPs>CxBHKtxO*iZq~_5hyx2i`{p85j^jeCNNN#(rBVLclA7d(*{tfR*HTh&E&z+jH
zYve_Z2_l>L{={yP5n4be`o%<pyi5epg{#|~nQX!O&WB{dqR-UIMnl`HKcRSZKm*G-
zAO~;eT4{o_euQvX@B7Dbh>2mqhZ3e@;<lc~-P-#6j_Zv1wjPhYpL!gf*BRAJrn?>&
zI#g-_7r(!xxxffg)dPOLOiCFSM$vX{U4?%xCr$PM-%s*eZJd6T5qr2xFnv1}qCF?(
zOg=~ScO&v|h-3Uv^@o4H{=I__hNjj02cDL#D_Ze5e1tDDn>B8zJbkcLN2~TG_x-$#
z0}QMnG`r0PhJtQ&74mmW=y=>)nVL@CFDP7C&%2HY1ehEx7eq}wtjq?VuCM(z_7+<8
z321I@z4rGG!kLxQJ3eA?X>#sy&V$T+Y;(SLuR6}T<^{BzssxsrQM*4ngg$EVQe-4#
zg?L|$YPlkZl4Wpyyj)eLPI{zNY3DuP&Haqmd&I?O{7AFVo&Ezcu63q^K7hP?xJK>G
zOdPg~5q6XOInwy2A75Om>|eh4dV4X^LP1xmH|@^Y1#Kqr!|_HG<y&b48~*X-MXgfv
zJ@H^pLZOk9g<EPOhsY~Fat&|<+fkSQ8g;FH(9+$9hldrTB8bt~iK^=3<x{q|M_}K>
z+S0WcZvz)$@Xy!UT7jKoE-iTVh~@4QuVtgW@8(Tjob0@Cs3fsp#M`CC=~L9>207FP
z^6LcD+r{Go06+?#aE$Qx@T3qSwwNzXU;fO7WVa}hnmbks&?8`d>w%3DuDqnkzFAyB
z%YKws+)Ve3E#wwMoT<dm5U2rJ+Uep7$9oL0#dU(BF&pBF<c1UGnpx{9FsFqUVjO=~
z78x`#ldXb|z8m7s2&jHLiW}+4b&MLr?3)XZ3YM7pRzXcb5&e>~9rq_Xy>sgOj>qsh
z3W+Gf+9{8%a{l{3jXuVmzO4i5SNd&fT#rO6?5%PQz1hT`Paja1L*FsxhsQ3P9&jB2
zHn<0u(4R?ev@KlI-gN^Z*Y8O$;)D5vLQuW(-g67{92vjwwh&!H@ZL_j{m_$r&2S+0
zNknow`x>Ew^pX;qbQS`DyTU6UDmU3)@y$0-Cd)(|UXgoozDvN*cOM86di45*PWB^x
zmhh#lDdg-j#>4YWX=K;o#qof%KQuAND~Dpyo@7nEs9#13Zl}op*t+%FIQdP09m^*<
zV9zJTQ%;SmguA~PAbkHBou%&KYUOPSl?!5Vv$D~))@SGD0C92f@B+{{CA_`tTs>F-
zoZ9wYPS(&*EpH14YfCR^NeU_@<OTgs*&N!0#@F7<j>ZlO^YZYpwgGS|S^N9CdRTd~
zK!4*OhW4&5(oiWP8Ww3G9xfgb7dLd_;^qhPvvUENxwx32b}Ft`|IS3)!`#iy+6t;`
zWbWi?jmD|2Eu+sN>+R%ZVeaDcR|mAAkP;f``=1?oL!)c$;R)R|4UmHy#LX+n!^aC`
z=i%V{R}Y~Lp!=?D?_*5^-76q~#?j5(%g)o<oW|!r8uD=fIiLpus-0x*V&!V#fChr9
zEOF8NRT36P<NQB?Z6Kb1;o5+_P>7qdwTmtExNw7b1^%nIo&tRhS1=z=$Zh?mW#bp#
zae4qAOI)c!ypKvQjRH4;lm<&(CW_M0l<w;B#%WTCm8P~Zh_mb-;&;0~N-v|Ro$79b
ziLVIU%vE514n-tvdQV!{;HW>$n1)8{1dHIg%nI@(93_hOYyc)oeH;9miCRP`+V@ki
zOaQ-+9ljZUlJpMe0OvTp`a3s%6gkt}j9s{xvi9mU!m7d1=bV;<Ow@7~ilj}LyHOqh
z1+M#nlzth=_6JIMC_<W!3`&%HSTV>fM0bh+4<2<))pEqly`2xES&sGh0mh3&<If*%
z7Ot#i7#%5NGNe~naDh>9#ljOfgoCydDd@_oq$<D6Z!UJ7Lhet42lrg{CSCY?{o4No
zWr=g=_15uYikM&WpJJ(Pm<qoY{?_FMbPZl`B09Y3F{;hM11apsv>mGW`f1gFTz3k2
zH=2|Z!1vny{BzxjWYfwIJh@nI-Kih!7*iT;(*1xciQL;QCe-8S<KgZ`cZWdFYr_yJ
z574MDx3W@Dco8m5wv8^F{Y6u{G@m||o%#cnKEnZlk@n7Cl6imMwop{K(=RYY(pyYo
zoQO4CLFbE!nqss;Zm$7dv5$Wu$XG!u12p^R&<2=CT}PEdAS7J9g!xju3yBW3>vdkH
zUcJq}_TLsFEW*T(Wweq)?|Iz?;7V5jnVK=!>&Q2BIhr|!()$W2q>x~<6Ch*iM$1to
zJR@N#8+9ZXUrBIUV7OinBW@#{7JzTWdi9W~wS-lvJHS2)E<x4}?b#I^*-7z?2o+J`
z&c0wSO7z>X>qVXtoa$Gn^&s0~)^n*x3n8-zdoiy8ee4kry?ps?%gfnJKjm>I!RvyQ
zc~5RMrUx@KUj+CxggiRT#Z9^6GkWJg(Q0?3(oyez3-AClBWiveq2;n7LR4j32WvHH
zd;yHn_8;$?$6`UhX{whQs}*C$y?VbaU1aKS<S;QIL5AfY7*bOh6}au#?~38)QR6#<
z_N=nufV*@Uc`+g}fU;fG)HChW=8DH#6>Wroed@zbB>u?m;>GQI8NK?>VBHTY4)s0V
zCbi&`y^{~iqt2Si8sF69^20dJc%^J+n1XpWD`Af;*C7qVQ_0}YR`L%g(>)0g|95k4
z_|GlIm+xO6It-o`YkGSgH8|^gLn^W+sgG^kBgSmuo|1p##lp5bZMp}y7#6<xFNC=A
zA3MY%nVUCt@0~_>NF5-mOY+pzQ|!e!>TRY@Eedph3UD#7$`)qK5hp$Y1al$Qpw^)+
z<2a$W)3ukl;OYh`i|nU^PZj$<igMpLd;037rM6DMsPbk=Y1_<LrPP02i(7DaK-Nj<
zX<@e;VP+_sue8J<G#$n56IU&RNg9XPvz|@G(henzJ6mGeB%cjHa8tfEL|TC;Xf@IT
zgL>22GvpsjYNv5H*_AH`vLkdP*o4nA*tMcT=;v2BxSHCw%@sU}iny#3`K*hU3QjRX
z`XZ7Ti?CRgQgV(3%qRh0g^oQN8&Kgu_Lca`GAKZmi4$zu`TPnN9yo3M6h)b|8ckmN
zByUy%6?b9!6X#q+!W+(z+-n8^Mouna*EaA1CTG4OdLL)nDMPA4u9x~6Cn|DId`gQD
zm=mdrL2VuL<3OJ}FS^>iVKx|!=|O7`RNT>Lz5E@0&GqVeuB}A%(9+8IVndYwH#=3u
zZAYF>i^~AHb^<r+(9833geZNUrDz_mETbVI`AxR0g^BtJwMO^NTk~X%@eU1X!^)_A
zl5V~!7WUPr>MvNScCowStnZYx(^Wpux4&v{gWW>Us1+sId@1STrr!i$-{O{SYiga#
zOPOj*k{2V_mfsemN(7#s*bB<3K(tiseE0aakWbI-WT}1PCU4Bw7u%{24cd`i>XV)`
zI0Qu>s?==+a7_7`{h|v)S3%&%4M=d4@Y(M0m0RgO_La+X<KH>g|IFt4r-#tjw6;Ox
zRB*Af_M<W4q5<&<7^87&*#}tvRYc>|qcP&90n%_oD>YqRy`YtUk)$>MYGLCFUHi*h
z|FtGfV<apf!6PZb%O@cTloH?(kOlJbNC-;sa7*w=OUp{|NXd%Q{CgAVcK+p>xIzDA
z*TneKz=_bCVD$VoCr8O>RrA2)VCDyrU3k%Bh%51DFZ}-2^wRX~Y`g7vvYm(n{8%+6
zCWrUuB=6N8BrW9kWMUAc-HVY3TOx;s>=<P6^GITUzTTc)jNcdD&))R*=6sv^maGTA
z56A4{u%dB%<E^R4h|@<Ez^F|t{av;`n-$S<6Q!H3>djab{uNrKhgq%MCB)e*8{PkE
z;-J<x8~gB}6hg=aTCT#sS|(eD6=<X?v+Z0N|Hdk!noN)Ev-Oh1(0aKFnEaei#qdr?
z9hTf2Ut5w;TMBbQlF})Py@9Y*0v;rZ4~q9hY%K$uBirUh7(~6TEHg*5*(4zU^Nq%6
zTh$JixW`IvWf<vE!-9zu#+Qn^yp7n9l<K{|UxLZoMTIJ?D!Gb>BBgh~NZ)$!Ux{;G
z_0yEl!b@>s(7VAP4P^}ZglQ}zKW@<^3?e8G5GY3&_tR#FbGx@F`J~HjaV>wC9js~J
zvj7Vr%YFMmuk9l@I^-?7HZe<?){+fSKp|2#nwJq!d6Qk!YA&%hhDhF6M%Hl3&B{~v
zv3-)*nN36YOAUfPdtavXMS12t@3zfG^LV7vrN9E6US9;Er;&poV}S#NA<YmAahpib
z$&^ZnF;wv-{Rwcdby5CXZM-m5jM2uB_M{RO+(tE4lB&R%rpVONFX(Hzc!?T>#=ix;
zqv#3a++u4-RC3GXk4QCM--_P&{z%jl@%BvQ$?nqU!69eMIGMn(p48Bc_$W#Q2i{<w
z$$hrlx=lQ+g>dyVrBK+YcxPBXtDp{C4ZOHei`v>`GFSu2z{f;ZQ9q-B6{7v4vP5gV
z4o{8}?^f~KF(1;9ZftF;K4YX1`^mLxo}^R8a@F(aNcH4_g!aosKI_avum#`#(&v~D
zEKztYA9z@z(JGp)=?Vf?v8xYs{&9AjSGo|hiEn=aefZE1Q3b~R*&X4CtUrY<6K$ur
zE7^m|B;p9s7<4Y{t{Z7b3yTZzy~UZmB>p;m7&Scp?7ttjXu3gGW++jyVNL#r=I}KU
zZ`}F+9H$FYD-h|>5=fvr!M%#F{b}+K!rMk;iApp(Jy)!F?@$qLSP`KB<<q<VudB-m
zIgl5O{*BZytj&39lxy#h7|iC&*&Nq-Sz>IOCl3W0tjgG&7%kFX42bD^$K{9mQ5)0g
zaTqSLH(vBrQK2dZ)<9*4J=d#5QGbODRE40{5gPK+^gk0-BQZ|(I_nq?+~8L8;LY$F
z@G@-W@Yj%Ko~`xjCdy|o81S-g{V}e-QAqdyS@n#k@?yRS8*4LT$jdbM&7>Mj(aV0g
z$~~6Dwk9{lPS6W){qW-Hs(F9E37Xy~FywLU@=;~B&@}Mnq5sl1e7`?szjwc&<ae-|
z*KC^c(fISC)>%>c0k0Y)wS2p(`~qHWwAuDbM$LD1{<VtP@?1gQDHZ;vuwQhugn^a@
zl~fT$UQ!$nE)^#wGK>L%;Vb8x75On)Nj|*Bk12_fP7ErkWaq@6$U;Y-v4cdV{zfst
b)63k$%MUu&Km&sKc?9{;7#U^MWYPWyKdWyH

diff --git a/libcrux-ml-kem/src/kem/kyber/ind_cpa.rs b/libcrux-ml-kem/src/kem/kyber/ind_cpa.rs
deleted file mode 100644
index 88605b8b1..000000000
--- a/libcrux-ml-kem/src/kem/kyber/ind_cpa.rs
+++ /dev/null
@@ -1,508 +0,0 @@
-use super::{
-    arithmetic::{to_unsigned_representative, PolynomialRingElement},
-    constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE},
-    hash_functions::{G, PRF},
-    helper::cloop,
-    matrix::*,
-    ntt::*,
-    sampling::sample_from_binomial_distribution,
-    serialize::{
-        compress_then_serialize_message, compress_then_serialize_ring_element_u,
-        compress_then_serialize_ring_element_v, deserialize_ring_elements_reduced,
-        deserialize_then_decompress_message, deserialize_then_decompress_ring_element_u,
-        deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element,
-        serialize_uncompressed_ring_element,
-    },
-};
-
-/// Pad the `slice` with `0`s at the end.
-#[inline(always)]
-pub(super) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
-    debug_assert!(slice.len() <= LEN);
-    let mut out = [0u8; LEN];
-    out[0..slice.len()].copy_from_slice(slice);
-    out
-}
-
-/// Concatenate `t` and `ρ` into the public key.
-#[inline(always)]
-pub(super) fn serialize_public_key<
-    const K: usize,
-    const RANKED_BYTES_PER_RING_ELEMENT: usize,
-    const PUBLIC_KEY_SIZE: usize,
->(
-    t_as_ntt: [PolynomialRingElement; K],
-    seed_for_a: &[u8],
-) -> [u8; PUBLIC_KEY_SIZE] {
-    let mut public_key_serialized = [0u8; PUBLIC_KEY_SIZE];
-    public_key_serialized[0..RANKED_BYTES_PER_RING_ELEMENT].copy_from_slice(
-        &serialize_secret_key::<K, RANKED_BYTES_PER_RING_ELEMENT>(t_as_ntt),
-    );
-    public_key_serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a);
-    public_key_serialized
-}
-
-/// Call [`serialize_uncompressed_ring_element`] for each ring element.
-#[inline(always)]
-fn serialize_secret_key<const K: usize, const OUT_LEN: usize>(
-    key: [PolynomialRingElement; K],
-) -> [u8; OUT_LEN] {
-    let mut out = [0u8; OUT_LEN];
-
-    cloop! {
-        for (i, re) in key.into_iter().enumerate() {
-            out[i * BYTES_PER_RING_ELEMENT..(i + 1) * BYTES_PER_RING_ELEMENT]
-            .copy_from_slice(&serialize_uncompressed_ring_element(re));
-        }
-    }
-
-    out
-}
-
-/// Sample a vector of ring elements from a centered binomial distribution.
-#[inline(always)]
-fn sample_ring_element_cbd<const K: usize, const ETA2_RANDOMNESS_SIZE: usize, const ETA2: usize>(
-    prf_input: &mut [u8; 33],
-    domain_separator: &mut u8,
-) -> [PolynomialRingElement; K] {
-    let mut error_1 = [PolynomialRingElement::ZERO; K];
-    for i in 0..K {
-        prf_input[32] = *domain_separator;
-        *domain_separator += 1;
-
-        let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = PRF(prf_input);
-        error_1[i] = sample_from_binomial_distribution::<ETA2>(&prf_output);
-    }
-    error_1
-}
-
-/// Sample a vector of ring elements from a centered binomial distribution and
-/// convert them into their NTT representations.
-#[inline(always)]
-fn sample_vector_cbd_then_ntt<
-    const K: usize,
-    const ETA: usize,
-    const ETA_RANDOMNESS_SIZE: usize,
->(
-    mut prf_input: [u8; 33],
-    mut domain_separator: u8,
-) -> ([PolynomialRingElement; K], u8) {
-    let mut re_as_ntt = [PolynomialRingElement::ZERO; K];
-    for i in 0..K {
-        prf_input[32] = domain_separator;
-        domain_separator += 1;
-
-        let prf_output: [u8; ETA_RANDOMNESS_SIZE] = PRF(&prf_input);
-
-        let r = sample_from_binomial_distribution::<ETA>(&prf_output);
-        re_as_ntt[i] = ntt_binomially_sampled_ring_element(r);
-    }
-    (re_as_ntt, domain_separator)
-}
-
-/// This function implements most of <strong>Algorithm 12</strong> of the
-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm.
-///
-/// We say "most of" since Algorithm 12 samples the required randomness within
-/// the function itself, whereas this implementation expects it to be provided
-/// through the `key_generation_seed` parameter.
-///
-/// Algorithm 12 is reproduced below:
-///
-/// ```plaintext
-/// Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
-/// Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
-///
-/// d ←$ B
-/// (ρ,σ) ← G(d)
-/// N ← 0
-/// for (i ← 0; i < k; i++)
-///     for(j ← 0; j < k; j++)
-///         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
-///     end for
-/// end for
-/// for(i ← 0; i < k; i++)
-///     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
-///     N ← N + 1
-/// end for
-/// for(i ← 0; i < k; i++)
-///     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
-///     N ← N + 1
-/// end for
-/// ŝ ← NTT(s)
-/// ê ← NTT(e)
-/// t̂ ← Â◦ŝ + ê
-/// ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
-/// dkₚₖₑ ← ByteEncode₁₂(ŝ)
-/// ```
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-#[allow(non_snake_case)]
-pub(super) fn generate_keypair_unpacked<
-    const K: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const RANKED_BYTES_PER_RING_ELEMENT: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
->(
-    key_generation_seed: &[u8],
-) -> (
-    (
-        [PolynomialRingElement; K],
-        [PolynomialRingElement; K],
-        [[PolynomialRingElement; K]; K],
-    ),
-    [u8; PUBLIC_KEY_SIZE],
-) {
-    // (ρ,σ) := G(d)
-    let hashed = G(key_generation_seed);
-    let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32);
-
-    let a_transpose = sample_matrix_A(into_padded_array(seed_for_A), true);
-
-    let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error);
-    let (mut secret_as_ntt, domain_separator) =
-        sample_vector_cbd_then_ntt::<K, ETA1, ETA1_RANDOMNESS_SIZE>(prf_input, 0);
-    let (error_as_ntt, _) =
-        sample_vector_cbd_then_ntt::<K, ETA1, ETA1_RANDOMNESS_SIZE>(prf_input, domain_separator);
-
-    // tˆ := Aˆ ◦ sˆ + eˆ
-    let mut t_as_ntt = compute_As_plus_e(&a_transpose, &secret_as_ntt, &error_as_ntt);
-
-    // pk := (Encode_12(tˆ mod^{+}q) || ρ)
-    let public_key_serialized = serialize_public_key::<
-        K,
-        RANKED_BYTES_PER_RING_ELEMENT,
-        PUBLIC_KEY_SIZE,
-    >(t_as_ntt, &seed_for_A);
-
-    // Need to do the following otherwise it violates invariants in NTT (the values are expected to be >=0 and <4096).
-    // Maybe we can remove these reductions later if we make those constraints looser
-    for i in 0..K {
-        for j in 0..COEFFICIENTS_IN_RING_ELEMENT {
-            secret_as_ntt[i].coefficients[j] =
-                to_unsigned_representative(secret_as_ntt[i].coefficients[j]) as i32;
-            t_as_ntt[i].coefficients[j] =
-                to_unsigned_representative(t_as_ntt[i].coefficients[j]) as i32;
-        }
-    }
-
-    // We also need to transpose the A array.
-    let mut a_matrix = a_transpose;
-    for i in 0..K {
-        for j in 0..K {
-            a_matrix[i][j] = a_transpose[j][i];
-        }
-    }
-
-    ((secret_as_ntt, t_as_ntt, a_matrix), public_key_serialized)
-}
-
-#[allow(non_snake_case)]
-pub(super) fn generate_keypair<
-    const K: usize,
-    const PRIVATE_KEY_SIZE: usize,
-    const PUBLIC_KEY_SIZE: usize,
-    const RANKED_BYTES_PER_RING_ELEMENT: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
->(
-    key_generation_seed: &[u8],
-) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) {
-    let ((secret_as_ntt, _t_as_ntt, _a_transpose), public_key_serialized) =
-        generate_keypair_unpacked::<
-            K,
-            PUBLIC_KEY_SIZE,
-            RANKED_BYTES_PER_RING_ELEMENT,
-            ETA1,
-            ETA1_RANDOMNESS_SIZE,
-        >(key_generation_seed);
-
-    // sk := Encode_12(sˆ mod^{+}q)
-    let secret_key_serialized = serialize_secret_key(secret_as_ntt);
-
-    (secret_key_serialized, public_key_serialized)
-}
-
-/// Call [`compress_then_serialize_ring_element_u`] on each ring element.
-fn compress_then_serialize_u<
-    const K: usize,
-    const OUT_LEN: usize,
-    const COMPRESSION_FACTOR: usize,
-    const BLOCK_LEN: usize,
->(
-    input: [PolynomialRingElement; K],
-) -> [u8; OUT_LEN] {
-    let mut out = [0u8; OUT_LEN];
-    cloop! {
-        for (i, re) in input.into_iter().enumerate() {
-            out[i * (OUT_LEN / K)..(i + 1) * (OUT_LEN / K)].copy_from_slice(
-                &compress_then_serialize_ring_element_u::<COMPRESSION_FACTOR, BLOCK_LEN>(re),
-            );
-        }
-    }
-
-    out
-}
-
-/// This function implements <strong>Algorithm 13</strong> of the
-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
-///
-/// Algorithm 13 is reproduced below:
-///
-/// ```plaintext
-/// Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
-/// Input: message m ∈ 𝔹^{32}.
-/// Input: encryption randomness r ∈ 𝔹^{32}.
-/// Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
-///
-/// N ← 0
-/// t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
-/// ρ ← ekₚₖₑ[384k: 384k + 32]
-/// for (i ← 0; i < k; i++)
-///     for(j ← 0; j < k; j++)
-///         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
-///     end for
-/// end for
-/// for(i ← 0; i < k; i++)
-///     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
-///     N ← N + 1
-/// end for
-/// for(i ← 0; i < k; i++)
-///     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
-///     N ← N + 1
-/// end for
-/// e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
-/// r̂ ← NTT(r)
-/// u ← NTT-¹(Âᵀ ◦ r̂) + e₁
-/// μ ← Decompress₁(ByteDecode₁(m)))
-/// v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
-/// c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
-/// c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
-/// return c ← (c₁ ‖ c₂)
-/// ```
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-#[allow(non_snake_case)]
-pub(crate) fn encrypt_unpacked<
-    const K: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const T_AS_NTT_ENCODED_SIZE: usize,
-    const C1_LEN: usize,
-    const C2_LEN: usize,
-    const U_COMPRESSION_FACTOR: usize,
-    const V_COMPRESSION_FACTOR: usize,
-    const BLOCK_LEN: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
-    const ETA2: usize,
-    const ETA2_RANDOMNESS_SIZE: usize,
->(
-    t_as_ntt: &[PolynomialRingElement; K],
-    a_transpose: &[[PolynomialRingElement; K]; K],
-    message: [u8; SHARED_SECRET_SIZE],
-    randomness: &[u8],
-) -> [u8; CIPHERTEXT_SIZE] {
-    // for i from 0 to k−1 do
-    //     r[i] := CBD{η1}(PRF(r, N))
-    //     N := N + 1
-    // end for
-    // rˆ := NTT(r)
-    let mut prf_input: [u8; 33] = into_padded_array(randomness);
-    let (r_as_ntt, mut domain_separator) =
-        sample_vector_cbd_then_ntt::<K, ETA1, ETA1_RANDOMNESS_SIZE>(prf_input, 0);
-
-    // for i from 0 to k−1 do
-    //     e1[i] := CBD_{η2}(PRF(r,N))
-    //     N := N + 1
-    // end for
-    let error_1 = sample_ring_element_cbd::<K, ETA2_RANDOMNESS_SIZE, ETA2>(
-        &mut prf_input,
-        &mut domain_separator,
-    );
-
-    // e_2 := CBD{η2}(PRF(r, N))
-    prf_input[32] = domain_separator;
-    let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = PRF(&prf_input);
-    let error_2 = sample_from_binomial_distribution::<ETA2>(&prf_output);
-
-    // u := NTT^{-1}(AˆT ◦ rˆ) + e_1
-    let u = compute_vector_u(&a_transpose, &r_as_ntt, &error_1);
-
-    // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1)
-    let message_as_ring_element = deserialize_then_decompress_message(message);
-    let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element);
-
-    // c_1 := Encode_{du}(Compress_q(u,d_u))
-    let c1 = compress_then_serialize_u::<K, C1_LEN, U_COMPRESSION_FACTOR, BLOCK_LEN>(u);
-
-    // c_2 := Encode_{dv}(Compress_q(v,d_v))
-    let c2 = compress_then_serialize_ring_element_v::<V_COMPRESSION_FACTOR, C2_LEN>(v);
-
-    let mut ciphertext: [u8; CIPHERTEXT_SIZE] = into_padded_array(&c1);
-    ciphertext[C1_LEN..].copy_from_slice(c2.as_slice());
-
-    ciphertext
-}
-
-#[allow(non_snake_case)]
-pub(crate) fn encrypt<
-    const K: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const T_AS_NTT_ENCODED_SIZE: usize,
-    const C1_LEN: usize,
-    const C2_LEN: usize,
-    const U_COMPRESSION_FACTOR: usize,
-    const V_COMPRESSION_FACTOR: usize,
-    const BLOCK_LEN: usize,
-    const ETA1: usize,
-    const ETA1_RANDOMNESS_SIZE: usize,
-    const ETA2: usize,
-    const ETA2_RANDOMNESS_SIZE: usize,
->(
-    public_key: &[u8],
-    message: [u8; SHARED_SECRET_SIZE],
-    randomness: &[u8],
-) -> [u8; CIPHERTEXT_SIZE] {
-    // tˆ := Decode_12(pk)
-    let t_as_ntt = deserialize_ring_elements_reduced::<T_AS_NTT_ENCODED_SIZE, K>(
-        &public_key[..T_AS_NTT_ENCODED_SIZE],
-    );
-
-    // ρ := pk + 12·k·n / 8
-    // for i from 0 to k−1 do
-    //     for j from 0 to k − 1 do
-    //         AˆT[i][j] := Parse(XOF(ρ, i, j))
-    //     end for
-    // end for
-    let seed = &public_key[T_AS_NTT_ENCODED_SIZE..];
-    // ρ := pk + 12·k·n / 8
-    // for i from 0 to k−1 do
-    //     for j from 0 to k − 1 do
-    //         AˆT[i][j] := Parse(XOF(ρ, i, j))
-    //     end for
-    // end for
-    let a_transpose = sample_matrix_A(into_padded_array(seed), false);
-
-    encrypt_unpacked::<
-        K,
-        CIPHERTEXT_SIZE,
-        T_AS_NTT_ENCODED_SIZE,
-        C1_LEN,
-        C2_LEN,
-        U_COMPRESSION_FACTOR,
-        V_COMPRESSION_FACTOR,
-        BLOCK_LEN,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(&t_as_ntt, &a_transpose, message, randomness)
-}
-
-/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element
-/// in the `ciphertext`.
-#[inline(always)]
-fn deserialize_then_decompress_u<
-    const K: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const U_COMPRESSION_FACTOR: usize,
->(
-    ciphertext: &[u8; CIPHERTEXT_SIZE],
-) -> [PolynomialRingElement; K] {
-    let mut u_as_ntt = [PolynomialRingElement::ZERO; K];
-    cloop! {
-        for (i, u_bytes) in ciphertext
-            .chunks_exact((COEFFICIENTS_IN_RING_ELEMENT * U_COMPRESSION_FACTOR) / 8)
-            .enumerate()
-        {
-            let u = deserialize_then_decompress_ring_element_u::<U_COMPRESSION_FACTOR>(u_bytes);
-            u_as_ntt[i] = ntt_vector_u::<U_COMPRESSION_FACTOR>(u);
-        }
-    }
-    u_as_ntt
-}
-
-/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
-#[inline(always)]
-fn deserialize_secret_key<const K: usize>(secret_key: &[u8]) -> [PolynomialRingElement; K] {
-    let mut secret_as_ntt = [PolynomialRingElement::ZERO; K];
-    cloop! {
-        for (i, secret_bytes) in secret_key.chunks_exact(BYTES_PER_RING_ELEMENT).enumerate() {
-            secret_as_ntt[i] = deserialize_to_uncompressed_ring_element(secret_bytes);
-        }
-    }
-    secret_as_ntt
-}
-
-/// This function implements <strong>Algorithm 14</strong> of the
-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
-///
-/// Algorithm 14 is reproduced below:
-///
-/// ```plaintext
-/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
-/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
-/// Output: message m ∈ 𝔹^{32}.
-///
-/// c₁ ← c[0 : 32dᵤk]
-/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
-/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
-/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
-/// ŝ ← ByteDecode₁₂(dkₚₖₑ)
-/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
-/// m ← ByteEncode₁(Compress₁(w))
-/// return m
-/// ```
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-#[allow(non_snake_case)]
-pub(super) fn decrypt_unpacked<
-    const K: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const VECTOR_U_ENCODED_SIZE: usize,
-    const U_COMPRESSION_FACTOR: usize,
-    const V_COMPRESSION_FACTOR: usize,
->(
-    secret_as_ntt: &[PolynomialRingElement; K],
-    ciphertext: &[u8; CIPHERTEXT_SIZE],
-) -> [u8; SHARED_SECRET_SIZE] {
-    // u := Decompress_q(Decode_{d_u}(c), d_u)
-    let u_as_ntt =
-        deserialize_then_decompress_u::<K, CIPHERTEXT_SIZE, U_COMPRESSION_FACTOR>(ciphertext);
-
-    // v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v)
-    let v = deserialize_then_decompress_ring_element_v::<V_COMPRESSION_FACTOR>(
-        &ciphertext[VECTOR_U_ENCODED_SIZE..],
-    );
-
-    // m := Encode_1(Compress_q(v − NTT^{−1}(sˆT ◦ NTT(u)) , 1))
-    let message = compute_message(&v, &secret_as_ntt, &u_as_ntt);
-    compress_then_serialize_message(message)
-}
-
-#[allow(non_snake_case)]
-pub(super) fn decrypt<
-    const K: usize,
-    const CIPHERTEXT_SIZE: usize,
-    const VECTOR_U_ENCODED_SIZE: usize,
-    const U_COMPRESSION_FACTOR: usize,
-    const V_COMPRESSION_FACTOR: usize,
->(
-    secret_key: &[u8],
-    ciphertext: &[u8; CIPHERTEXT_SIZE],
-) -> [u8; SHARED_SECRET_SIZE] {
-    // sˆ := Decode_12(sk)
-    let secret_as_ntt = deserialize_secret_key::<K>(secret_key);
-
-    decrypt_unpacked::<
-        K,
-        CIPHERTEXT_SIZE,
-        VECTOR_U_ENCODED_SIZE,
-        U_COMPRESSION_FACTOR,
-        V_COMPRESSION_FACTOR,
-    >(&secret_as_ntt, ciphertext)
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/kyber1024.rs b/libcrux-ml-kem/src/kem/kyber/kyber1024.rs
deleted file mode 100644
index 41bfff6ed..000000000
--- a/libcrux-ml-kem/src/kem/kyber/kyber1024.rs
+++ /dev/null
@@ -1,171 +0,0 @@
-use super::{constants::*, *};
-
-// Kyber 1024 parameters
-const RANK_1024: usize = 4;
-const RANKED_BYTES_PER_RING_ELEMENT_1024: usize = RANK_1024 * BITS_PER_RING_ELEMENT / 8;
-const T_AS_NTT_ENCODED_SIZE_1024: usize =
-    (RANK_1024 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
-const VECTOR_U_COMPRESSION_FACTOR_1024: usize = 11;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_U_COMPRESSION_FACTOR_1024>();
-const C1_BLOCK_SIZE_1024: usize =
-    (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_1024) / 8;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// serialized_len::<RANK_1024, C1_BLOCK_SIZE_1024>();
-const C1_SIZE_1024: usize = C1_BLOCK_SIZE_1024 * RANK_1024;
-const VECTOR_V_COMPRESSION_FACTOR_1024: usize = 5;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_V_COMPRESSION_FACTOR_1024>()
-const C2_SIZE_1024: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_1024) / 8;
-const CPA_PKE_SECRET_KEY_SIZE_1024: usize =
-    (RANK_1024 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
-const CPA_PKE_PUBLIC_KEY_SIZE_1024: usize = T_AS_NTT_ENCODED_SIZE_1024 + 32;
-const CPA_PKE_CIPHERTEXT_SIZE_1024: usize = C1_SIZE_1024 + C2_SIZE_1024;
-const SECRET_KEY_SIZE_1024: usize = CPA_PKE_SECRET_KEY_SIZE_1024
-    + CPA_PKE_PUBLIC_KEY_SIZE_1024
-    + H_DIGEST_SIZE
-    + SHARED_SECRET_SIZE;
-
-const ETA1: usize = 2;
-const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64;
-const ETA2: usize = 2;
-const ETA2_RANDOMNESS_SIZE: usize = ETA2 * 64;
-
-const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = SHARED_SECRET_SIZE + CPA_PKE_CIPHERTEXT_SIZE_1024;
-
-// Kyber 1024 types
-/// An ML-KEM 1024 Ciphertext
-pub type MlKem1024Ciphertext = MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_1024>;
-/// An ML-KEM 1024 Private key
-pub type MlKem1024PrivateKey = MlKemPrivateKey<SECRET_KEY_SIZE_1024>;
-/// An ML-KEM 1024 Public key
-pub type MlKem1024PublicKey = MlKemPublicKey<CPA_PKE_PUBLIC_KEY_SIZE_1024>;
-
-/// Validate a public key.
-///
-/// Returns `true` if valid, and `false` otherwise.
-pub fn validate_public_key(public_key: &MlKem1024PublicKey) -> bool {
-    super::validate_public_key::<
-        RANK_1024,
-        RANKED_BYTES_PER_RING_ELEMENT_1024,
-        CPA_PKE_PUBLIC_KEY_SIZE_1024,
-    >(&public_key.value)
-}
-
-/// Generate ML-KEM 1024 Key Pair
-///
-/// Generate an ML-KEM key pair. The input is a byte array of size
-/// [`crate::KEY_GENERATION_SEED_SIZE`].
-pub fn generate_key_pair(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> MlKemKeyPair<SECRET_KEY_SIZE_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024> {
-    generate_keypair::<
-        RANK_1024,
-        CPA_PKE_SECRET_KEY_SIZE_1024,
-        SECRET_KEY_SIZE_1024,
-        CPA_PKE_PUBLIC_KEY_SIZE_1024,
-        RANKED_BYTES_PER_RING_ELEMENT_1024,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(randomness)
-}
-
-#[allow(unused)]
-pub(crate) type MlKem1024State = MlKemState<RANK_1024>;
-
-#[allow(unused)]
-pub(crate) fn generate_key_pair_unpacked(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> (MlKem1024State, MlKem1024PublicKey) {
-    generate_keypair_unpacked::<
-        RANK_1024,
-        CPA_PKE_SECRET_KEY_SIZE_1024,
-        SECRET_KEY_SIZE_1024,
-        CPA_PKE_PUBLIC_KEY_SIZE_1024,
-        RANKED_BYTES_PER_RING_ELEMENT_1024,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(randomness)
-}
-
-/// Encapsulate ML-KEM 1024
-///
-/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple.
-/// The input is a reference to an [`MlKem1024PublicKey`] and [`crate::SHARED_SECRET_SIZE`]
-/// bytes of `randomness`.
-pub fn encapsulate(
-    public_key: &MlKemPublicKey<CPA_PKE_PUBLIC_KEY_SIZE_1024>,
-    randomness: [u8; SHARED_SECRET_SIZE],
-) -> (
-    MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_1024>,
-    MlKemSharedSecret,
-) {
-    super::encapsulate::<
-        RANK_1024,
-        CPA_PKE_CIPHERTEXT_SIZE_1024,
-        CPA_PKE_PUBLIC_KEY_SIZE_1024,
-        T_AS_NTT_ENCODED_SIZE_1024,
-        C1_SIZE_1024,
-        C2_SIZE_1024,
-        VECTOR_U_COMPRESSION_FACTOR_1024,
-        VECTOR_V_COMPRESSION_FACTOR_1024,
-        C1_BLOCK_SIZE_1024,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(public_key, randomness)
-}
-
-/// Decapsulate ML-KEM 1024
-///
-/// Generates an [`MlKemSharedSecret`].
-/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`].
-pub fn decapsulate(
-    secret_key: &MlKemPrivateKey<SECRET_KEY_SIZE_1024>,
-    ciphertext: &MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_1024>,
-) -> [u8; SHARED_SECRET_SIZE] {
-    super::decapsulate::<
-        RANK_1024,
-        SECRET_KEY_SIZE_1024,
-        CPA_PKE_SECRET_KEY_SIZE_1024,
-        CPA_PKE_PUBLIC_KEY_SIZE_1024,
-        CPA_PKE_CIPHERTEXT_SIZE_1024,
-        T_AS_NTT_ENCODED_SIZE_1024,
-        C1_SIZE_1024,
-        C2_SIZE_1024,
-        VECTOR_U_COMPRESSION_FACTOR_1024,
-        VECTOR_V_COMPRESSION_FACTOR_1024,
-        C1_BLOCK_SIZE_1024,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-        IMPLICIT_REJECTION_HASH_INPUT_SIZE,
-    >(secret_key, ciphertext)
-}
-
-#[allow(unused)]
-pub(crate) fn decapsulate_unpacked(
-    state: &MlKem1024State,
-    ciphertext: &MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_1024>,
-) -> [u8; SHARED_SECRET_SIZE] {
-    super::decapsulate_unpacked::<
-        RANK_1024,
-        SECRET_KEY_SIZE_1024,
-        CPA_PKE_SECRET_KEY_SIZE_1024,
-        CPA_PKE_PUBLIC_KEY_SIZE_1024,
-        CPA_PKE_CIPHERTEXT_SIZE_1024,
-        T_AS_NTT_ENCODED_SIZE_1024,
-        C1_SIZE_1024,
-        C2_SIZE_1024,
-        VECTOR_U_COMPRESSION_FACTOR_1024,
-        VECTOR_V_COMPRESSION_FACTOR_1024,
-        C1_BLOCK_SIZE_1024,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-        IMPLICIT_REJECTION_HASH_INPUT_SIZE,
-    >(state, ciphertext)
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/kyber512.rs b/libcrux-ml-kem/src/kem/kyber/kyber512.rs
deleted file mode 100644
index 01968b5f2..000000000
--- a/libcrux-ml-kem/src/kem/kyber/kyber512.rs
+++ /dev/null
@@ -1,168 +0,0 @@
-use super::{constants::*, *};
-
-// Kyber 512 parameters
-const RANK_512: usize = 2;
-const RANKED_BYTES_PER_RING_ELEMENT_512: usize = RANK_512 * BITS_PER_RING_ELEMENT / 8;
-const T_AS_NTT_ENCODED_SIZE_512: usize =
-    (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
-const VECTOR_U_COMPRESSION_FACTOR_512: usize = 10;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_U_COMPRESSION_FACTOR_512>()
-const C1_BLOCK_SIZE_512: usize =
-    (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_512) / 8;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// serialized_len::<RANK_512, C1_BLOCK_SIZE_512>()
-const C1_SIZE_512: usize = C1_BLOCK_SIZE_512 * RANK_512;
-const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_V_COMPRESSION_FACTOR_512>()
-const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8;
-const CPA_PKE_SECRET_KEY_SIZE_512: usize =
-    (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
-const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32;
-const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512;
-const SECRET_KEY_SIZE_512: usize =
-    CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE;
-
-const ETA1: usize = 3;
-const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64;
-const ETA2: usize = 2;
-const ETA2_RANDOMNESS_SIZE: usize = ETA2 * 64;
-
-const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = SHARED_SECRET_SIZE + CPA_PKE_CIPHERTEXT_SIZE_512;
-
-// Kyber 512 types
-/// An ML-KEM 512 Ciphertext
-pub type MlKem512Ciphertext = MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_512>;
-/// An ML-KEM 512 Private key
-pub type MlKem512PrivateKey = MlKemPrivateKey<SECRET_KEY_SIZE_512>;
-/// An ML-KEM 512 Public key
-pub type MlKem512PublicKey = MlKemPublicKey<CPA_PKE_PUBLIC_KEY_SIZE_512>;
-
-/// Validate a public key.
-///
-/// Returns `true` if valid, and `false` otherwise.
-pub fn validate_public_key(public_key: &MlKem512PublicKey) -> bool {
-    super::validate_public_key::<
-        RANK_512,
-        RANKED_BYTES_PER_RING_ELEMENT_512,
-        CPA_PKE_PUBLIC_KEY_SIZE_512,
-    >(&public_key.value)
-}
-
-/// Generate ML-KEM 512 Key Pair
-///
-/// The input is a byte array of size
-/// [`crate::KEY_GENERATION_SEED_SIZE`].
-pub fn generate_key_pair(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> MlKemKeyPair<SECRET_KEY_SIZE_512, CPA_PKE_PUBLIC_KEY_SIZE_512> {
-    generate_keypair::<
-        RANK_512,
-        CPA_PKE_SECRET_KEY_SIZE_512,
-        SECRET_KEY_SIZE_512,
-        CPA_PKE_PUBLIC_KEY_SIZE_512,
-        RANKED_BYTES_PER_RING_ELEMENT_512,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(randomness)
-}
-
-#[allow(unused)]
-pub(crate) type MlKem512State = MlKemState<RANK_512>;
-
-#[allow(unused)]
-pub(crate) fn generate_key_pair_unpacked(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> (MlKem512State, MlKem512PublicKey) {
-    generate_keypair_unpacked::<
-        RANK_512,
-        CPA_PKE_SECRET_KEY_SIZE_512,
-        SECRET_KEY_SIZE_512,
-        CPA_PKE_PUBLIC_KEY_SIZE_512,
-        RANKED_BYTES_PER_RING_ELEMENT_512,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(randomness)
-}
-
-/// Encapsulate ML-KEM 512
-///
-/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple.
-/// The input is a reference to an [`MlKem512PublicKey`] and [`crate::SHARED_SECRET_SIZE`]
-pub fn encapsulate(
-    public_key: &MlKemPublicKey<CPA_PKE_PUBLIC_KEY_SIZE_512>,
-    randomness: [u8; SHARED_SECRET_SIZE],
-) -> (
-    MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_512>,
-    MlKemSharedSecret,
-) {
-    super::encapsulate::<
-        RANK_512,
-        CPA_PKE_CIPHERTEXT_SIZE_512,
-        CPA_PKE_PUBLIC_KEY_SIZE_512,
-        T_AS_NTT_ENCODED_SIZE_512,
-        C1_SIZE_512,
-        C2_SIZE_512,
-        VECTOR_U_COMPRESSION_FACTOR_512,
-        VECTOR_V_COMPRESSION_FACTOR_512,
-        C1_BLOCK_SIZE_512,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(public_key, randomness)
-}
-
-/// Decapsulate ML-KEM 512
-///
-/// Generates an [`MlKemSharedSecret`].
-/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`].
-pub fn decapsulate(
-    secret_key: &MlKemPrivateKey<SECRET_KEY_SIZE_512>,
-    ciphertext: &MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_512>,
-) -> [u8; SHARED_SECRET_SIZE] {
-    super::decapsulate::<
-        RANK_512,
-        SECRET_KEY_SIZE_512,
-        CPA_PKE_SECRET_KEY_SIZE_512,
-        CPA_PKE_PUBLIC_KEY_SIZE_512,
-        CPA_PKE_CIPHERTEXT_SIZE_512,
-        T_AS_NTT_ENCODED_SIZE_512,
-        C1_SIZE_512,
-        C2_SIZE_512,
-        VECTOR_U_COMPRESSION_FACTOR_512,
-        VECTOR_V_COMPRESSION_FACTOR_512,
-        C1_BLOCK_SIZE_512,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-        IMPLICIT_REJECTION_HASH_INPUT_SIZE,
-    >(secret_key, ciphertext)
-}
-
-#[allow(unused)]
-pub(crate) fn decapsulate_unpacked(
-    state: &MlKem512State,
-    ciphertext: &MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_512>,
-) -> [u8; SHARED_SECRET_SIZE] {
-    super::decapsulate_unpacked::<
-        RANK_512,
-        SECRET_KEY_SIZE_512,
-        CPA_PKE_SECRET_KEY_SIZE_512,
-        CPA_PKE_PUBLIC_KEY_SIZE_512,
-        CPA_PKE_CIPHERTEXT_SIZE_512,
-        T_AS_NTT_ENCODED_SIZE_512,
-        C1_SIZE_512,
-        C2_SIZE_512,
-        VECTOR_U_COMPRESSION_FACTOR_512,
-        VECTOR_V_COMPRESSION_FACTOR_512,
-        C1_BLOCK_SIZE_512,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-        IMPLICIT_REJECTION_HASH_INPUT_SIZE,
-    >(state, ciphertext)
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/kyber768.rs b/libcrux-ml-kem/src/kem/kyber/kyber768.rs
deleted file mode 100644
index 261582f59..000000000
--- a/libcrux-ml-kem/src/kem/kyber/kyber768.rs
+++ /dev/null
@@ -1,189 +0,0 @@
-use super::{constants::*, *};
-
-// Kyber 768 parameters
-const RANK_768: usize = 3;
-const RANKED_BYTES_PER_RING_ELEMENT_768: usize = RANK_768 * BITS_PER_RING_ELEMENT / 8;
-const T_AS_NTT_ENCODED_SIZE_768: usize =
-    (RANK_768 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
-const VECTOR_U_COMPRESSION_FACTOR_768: usize = 10;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_U_COMPRESSION_FACTOR_768>()
-const C1_BLOCK_SIZE_768: usize =
-    (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_768) / 8;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-//  serialized_len::<RANK_768, C1_BLOCK_SIZE_768>();
-const C1_SIZE_768: usize = C1_BLOCK_SIZE_768 * RANK_768;
-const VECTOR_V_COMPRESSION_FACTOR_768: usize = 4;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-//  block_len::<VECTOR_V_COMPRESSION_FACTOR_768>()
-const C2_SIZE_768: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_768) / 8;
-const CPA_PKE_SECRET_KEY_SIZE_768: usize =
-    (RANK_768 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
-const CPA_PKE_PUBLIC_KEY_SIZE_768: usize = T_AS_NTT_ENCODED_SIZE_768 + 32;
-// These two are used in the hybrid kem. This could probably be improved.
-pub(crate) const CPA_PKE_CIPHERTEXT_SIZE_768: usize = C1_SIZE_768 + C2_SIZE_768;
-pub(crate) const SECRET_KEY_SIZE_768: usize =
-    CPA_PKE_SECRET_KEY_SIZE_768 + CPA_PKE_PUBLIC_KEY_SIZE_768 + H_DIGEST_SIZE + SHARED_SECRET_SIZE;
-
-const ETA1: usize = 2;
-const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64;
-const ETA2: usize = 2;
-const ETA2_RANDOMNESS_SIZE: usize = ETA2 * 64;
-
-const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = SHARED_SECRET_SIZE + CPA_PKE_CIPHERTEXT_SIZE_768;
-
-// Kyber 768 types
-/// An ML-KEM 768 Ciphertext
-pub type MlKem768Ciphertext = MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_768>;
-/// An ML-KEM 768 Private key
-pub type MlKem768PrivateKey = MlKemPrivateKey<SECRET_KEY_SIZE_768>;
-/// An ML-KEM 768 Public key
-pub type MlKem768PublicKey = MlKemPublicKey<CPA_PKE_PUBLIC_KEY_SIZE_768>;
-
-/// Validate a public key.
-///
-/// Returns `true` if valid, and `false` otherwise.
-pub fn validate_public_key(public_key: &MlKem768PublicKey) -> bool {
-    super::validate_public_key::<
-        RANK_768,
-        RANKED_BYTES_PER_RING_ELEMENT_768,
-        CPA_PKE_PUBLIC_KEY_SIZE_768,
-    >(&public_key.value)
-}
-
-/// Generate ML-KEM 768 Key Pair
-///
-/// Generate an ML-KEM key pair. The input is a byte array of size
-/// [`crate::KEY_GENERATION_SEED_SIZE`].
-pub fn generate_key_pair(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> MlKemKeyPair<SECRET_KEY_SIZE_768, CPA_PKE_PUBLIC_KEY_SIZE_768> {
-    generate_keypair::<
-        RANK_768,
-        CPA_PKE_SECRET_KEY_SIZE_768,
-        SECRET_KEY_SIZE_768,
-        CPA_PKE_PUBLIC_KEY_SIZE_768,
-        RANKED_BYTES_PER_RING_ELEMENT_768,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(randomness)
-}
-
-#[allow(unused)]
-pub(crate) type MlKem768State = MlKemState<RANK_768>;
-
-#[allow(unused)]
-pub(crate) fn generate_key_pair_unpacked(
-    randomness: [u8; KEY_GENERATION_SEED_SIZE],
-) -> (MlKem768State, MlKem768PublicKey) {
-    generate_keypair_unpacked::<
-        RANK_768,
-        CPA_PKE_SECRET_KEY_SIZE_768,
-        SECRET_KEY_SIZE_768,
-        CPA_PKE_PUBLIC_KEY_SIZE_768,
-        RANKED_BYTES_PER_RING_ELEMENT_768,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-    >(randomness)
-}
-
-/// Encapsulate ML-KEM 768
-///
-/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
-/// The input is a reference to an [`MlKem768PublicKey`] and [`crate::SHARED_SECRET_SIZE`]
-/// bytes of `randomness`.
-pub fn encapsulate(
-    public_key: &MlKemPublicKey<CPA_PKE_PUBLIC_KEY_SIZE_768>,
-    randomness: [u8; SHARED_SECRET_SIZE],
-) -> (
-    MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_768>,
-    MlKemSharedSecret,
-) {
-    super::encapsulate::<
-        RANK_768,
-        CPA_PKE_CIPHERTEXT_SIZE_768,
-        CPA_PKE_PUBLIC_KEY_SIZE_768,
-        T_AS_NTT_ENCODED_SIZE_768,
-        C1_SIZE_768,
-        C2_SIZE_768,
-        VECTOR_U_COMPRESSION_FACTOR_768,
-        VECTOR_V_COMPRESSION_FACTOR_768,
-        C1_BLOCK_SIZE_768,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-    >(public_key, randomness)
-}
-
-/// Decapsulate ML-KEM 768
-///
-/// Generates an [`MlKemSharedSecret`].
-/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`].
-pub fn decapsulate(
-    secret_key: &MlKemPrivateKey<SECRET_KEY_SIZE_768>,
-    ciphertext: &MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_768>,
-) -> [u8; SHARED_SECRET_SIZE] {
-    super::decapsulate::<
-        RANK_768,
-        SECRET_KEY_SIZE_768,
-        CPA_PKE_SECRET_KEY_SIZE_768,
-        CPA_PKE_PUBLIC_KEY_SIZE_768,
-        CPA_PKE_CIPHERTEXT_SIZE_768,
-        T_AS_NTT_ENCODED_SIZE_768,
-        C1_SIZE_768,
-        C2_SIZE_768,
-        VECTOR_U_COMPRESSION_FACTOR_768,
-        VECTOR_V_COMPRESSION_FACTOR_768,
-        C1_BLOCK_SIZE_768,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-        IMPLICIT_REJECTION_HASH_INPUT_SIZE,
-    >(secret_key, ciphertext)
-}
-
-#[allow(unused)]
-pub(crate) fn decapsulate_unpacked(
-    state: &MlKem768State,
-    ciphertext: &MlKemCiphertext<CPA_PKE_CIPHERTEXT_SIZE_768>,
-) -> [u8; SHARED_SECRET_SIZE] {
-    super::decapsulate_unpacked::<
-        RANK_768,
-        SECRET_KEY_SIZE_768,
-        CPA_PKE_SECRET_KEY_SIZE_768,
-        CPA_PKE_PUBLIC_KEY_SIZE_768,
-        CPA_PKE_CIPHERTEXT_SIZE_768,
-        T_AS_NTT_ENCODED_SIZE_768,
-        C1_SIZE_768,
-        C2_SIZE_768,
-        VECTOR_U_COMPRESSION_FACTOR_768,
-        VECTOR_V_COMPRESSION_FACTOR_768,
-        C1_BLOCK_SIZE_768,
-        ETA1,
-        ETA1_RANDOMNESS_SIZE,
-        ETA2,
-        ETA2_RANDOMNESS_SIZE,
-        IMPLICIT_REJECTION_HASH_INPUT_SIZE,
-    >(state, ciphertext)
-}
-
-#[cfg(test)]
-mod tests {
-    use rand::{rngs::OsRng, RngCore};
-
-    use super::{
-        kyber768::{generate_key_pair, validate_public_key},
-        KEY_GENERATION_SEED_SIZE,
-    };
-
-    #[test]
-    fn pk_validation() {
-        let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE];
-        OsRng.fill_bytes(&mut randomness);
-
-        let key_pair = generate_key_pair(randomness);
-        assert!(validate_public_key(&key_pair.pk));
-    }
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/matrix.rs b/libcrux-ml-kem/src/kem/kyber/matrix.rs
deleted file mode 100644
index 15f624e6d..000000000
--- a/libcrux-ml-kem/src/kem/kyber/matrix.rs
+++ /dev/null
@@ -1,158 +0,0 @@
-use super::{
-    arithmetic::{
-        add_to_ring_element, barrett_reduce, montgomery_reduce, to_standard_domain,
-        PolynomialRingElement,
-    },
-    constants::COEFFICIENTS_IN_RING_ELEMENT,
-    helper::cloop,
-    ntt::{invert_ntt_montgomery, ntt_multiply},
-    sampling::sample_from_xof,
-};
-
-#[inline(always)]
-#[allow(non_snake_case)]
-pub(in crate::kem::kyber) fn sample_matrix_A<const K: usize>(
-    seed: [u8; 34],
-    transpose: bool,
-) -> [[PolynomialRingElement; K]; K] {
-    let mut A_transpose = [[PolynomialRingElement::ZERO; K]; K];
-
-    for i in 0..K {
-        let mut seeds = [seed; K];
-        for j in 0..K {
-            seeds[j][32] = i as u8;
-            seeds[j][33] = j as u8;
-        }
-        let sampled = sample_from_xof(seeds);
-        for j in 0..K {
-            // A[i][j] = A_transpose[j][i]
-            if transpose {
-                A_transpose[j][i] = sampled[j];
-            } else {
-                A_transpose[i][j] = sampled[j];
-            }
-        }
-    }
-
-    A_transpose
-}
-
-/// The following functions compute various expressions involving
-/// vectors and matrices. The computation of these expressions has been
-/// abstracted away into these functions in order to save on loop iterations.
-
-/// Compute v − InverseNTT(sᵀ ◦ NTT(u))
-#[inline(always)]
-pub(in crate::kem::kyber) fn compute_message<const K: usize>(
-    v: &PolynomialRingElement,
-    secret_as_ntt: &[PolynomialRingElement; K],
-    u_as_ntt: &[PolynomialRingElement; K],
-) -> PolynomialRingElement {
-    let mut result = PolynomialRingElement::ZERO;
-
-    for i in 0..K {
-        let product = ntt_multiply(&secret_as_ntt[i], &u_as_ntt[i]);
-        result = add_to_ring_element::<K>(result, &product);
-    }
-
-    result = invert_ntt_montgomery::<K>(result);
-
-    for i in 0..COEFFICIENTS_IN_RING_ELEMENT {
-        let coefficient_normal_form = montgomery_reduce(result.coefficients[i] * 1441);
-        result.coefficients[i] = barrett_reduce(v.coefficients[i] - coefficient_normal_form);
-    }
-
-    result
-}
-
-/// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
-#[inline(always)]
-pub(in crate::kem::kyber) fn compute_ring_element_v<const K: usize>(
-    t_as_ntt: &[PolynomialRingElement; K],
-    r_as_ntt: &[PolynomialRingElement; K],
-    error_2: &PolynomialRingElement,
-    message: &PolynomialRingElement,
-) -> PolynomialRingElement {
-    let mut result = PolynomialRingElement::ZERO;
-
-    for i in 0..K {
-        let product = ntt_multiply(&t_as_ntt[i], &r_as_ntt[i]);
-        result = add_to_ring_element::<K>(result, &product);
-    }
-
-    result = invert_ntt_montgomery::<K>(result);
-
-    for i in 0..COEFFICIENTS_IN_RING_ELEMENT {
-        let coefficient_normal_form = montgomery_reduce(result.coefficients[i] * 1441);
-        result.coefficients[i] = barrett_reduce(
-            coefficient_normal_form + error_2.coefficients[i] + message.coefficients[i],
-        );
-    }
-
-    result
-}
-
-/// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
-#[inline(always)]
-pub(in crate::kem::kyber) fn compute_vector_u<const K: usize>(
-    a_as_ntt: &[[PolynomialRingElement; K]; K],
-    r_as_ntt: &[PolynomialRingElement; K],
-    error_1: &[PolynomialRingElement; K],
-) -> [PolynomialRingElement; K] {
-    let mut result = [PolynomialRingElement::ZERO; K];
-
-    cloop! {
-        for (i, row) in a_as_ntt.iter().enumerate() {
-            cloop! {
-                for (j, a_element) in row.iter().enumerate() {
-                    let product = ntt_multiply(a_element, &r_as_ntt[j]);
-                    result[i] = add_to_ring_element::<K>(result[i], &product);
-                }
-            }
-
-            result[i] = invert_ntt_montgomery::<K>(result[i]);
-
-            for j in 0..COEFFICIENTS_IN_RING_ELEMENT {
-                let coefficient_normal_form = montgomery_reduce(result[i].coefficients[j] * 1441);
-
-                result[i].coefficients[j] =
-                    barrett_reduce(coefficient_normal_form + error_1[i].coefficients[j]);
-            }
-        }
-    }
-
-    result
-}
-
-/// Compute  ◦ ŝ + ê
-#[inline(always)]
-#[allow(non_snake_case)]
-pub(in crate::kem::kyber) fn compute_As_plus_e<const K: usize>(
-    matrix_A: &[[PolynomialRingElement; K]; K],
-    s_as_ntt: &[PolynomialRingElement; K],
-    error_as_ntt: &[PolynomialRingElement; K],
-) -> [PolynomialRingElement; K] {
-    let mut result = [PolynomialRingElement::ZERO; K];
-
-    cloop! {
-        for (i, row) in matrix_A.iter().enumerate() {
-            cloop! {
-                for (j, matrix_element) in row.iter().enumerate() {
-                    let product = ntt_multiply(matrix_element, &s_as_ntt[j]);
-                    result[i] = add_to_ring_element::<K>(result[i], &product);
-                }
-            }
-
-            for j in 0..COEFFICIENTS_IN_RING_ELEMENT {
-                // The coefficients are of the form aR^{-1} mod q, which means
-                // calling to_montgomery_domain() on them should return a mod q.
-                let coefficient_normal_form = to_standard_domain(result[i].coefficients[j]);
-
-                result[i].coefficients[j] =
-                    barrett_reduce(coefficient_normal_form + error_as_ntt[i].coefficients[j])
-            }
-        }
-    }
-
-    result
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/ntt.rs b/libcrux-ml-kem/src/kem/kyber/ntt.rs
deleted file mode 100644
index 6d154211e..000000000
--- a/libcrux-ml-kem/src/kem/kyber/ntt.rs
+++ /dev/null
@@ -1,341 +0,0 @@
-use crate::hax_utils::hax_debug_assert;
-
-use super::{
-    arithmetic::{
-        barrett_reduce, montgomery_multiply_fe_by_fer, montgomery_reduce, FieldElement,
-        FieldElementTimesMontgomeryR, MontgomeryFieldElement, PolynomialRingElement,
-    },
-    constants::COEFFICIENTS_IN_RING_ELEMENT,
-};
-#[cfg(hax)]
-use crate::kem::kyber::constants::FIELD_MODULUS;
-
-const ZETAS_TIMES_MONTGOMERY_R: [FieldElementTimesMontgomeryR; 128] = [
-    -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468,
-    573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571,
-    1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469,
-    -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275,
-    -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246,
-    778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097,
-    603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185,
-    -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628,
-];
-
-/// Represents an intermediate polynomial splitting step in the NTT. All
-/// resulting coefficients are in the normal domain since the zetas have been
-/// multiplied by MONTGOMERY_R.
-#[inline(always)]
-fn ntt_at_layer(
-    zeta_i: &mut usize,
-    mut re: PolynomialRingElement,
-    layer: usize,
-    _initial_coefficient_bound: usize,
-) -> PolynomialRingElement {
-    let step = 1 << layer;
-
-    for round in 0..(128 >> layer) {
-        *zeta_i += 1;
-
-        let offset = round * step * 2;
-
-        for j in offset..offset + step {
-            let t = montgomery_multiply_fe_by_fer(
-                re.coefficients[j + step],
-                ZETAS_TIMES_MONTGOMERY_R[*zeta_i],
-            );
-            re.coefficients[j + step] = re.coefficients[j] - t;
-            re.coefficients[j] = re.coefficients[j] + t;
-        }
-    }
-
-    hax_debug_assert!(re.coefficients.into_iter().all(|coefficient| {
-        coefficient.abs()
-            < _initial_coefficient_bound as i32 + ((8 - layer as i32) * ((3 * FIELD_MODULUS) / 2))
-    }));
-
-    re
-}
-
-/// See [`ntt_at_layer`].
-#[inline(always)]
-fn ntt_at_layer_3(
-    zeta_i: &mut usize,
-    re: PolynomialRingElement,
-    layer: usize,
-) -> PolynomialRingElement {
-    ntt_at_layer(zeta_i, re, layer, 3)
-}
-
-/// See [`ntt_at_layer`].
-#[inline(always)]
-fn ntt_at_layer_3328(
-    zeta_i: &mut usize,
-    re: PolynomialRingElement,
-    layer: usize,
-) -> PolynomialRingElement {
-    ntt_at_layer(zeta_i, re, layer, 3328)
-}
-
-/// Use the Cooley–Tukey butterfly to compute an in-place NTT representation
-/// of a `KyberPolynomialRingElement`.
-///
-/// This function operates only on those which were produced by binomial
-/// sampling, and thus those which have small coefficients. The small
-/// coefficients let us skip the first round of Montgomery reductions.
-#[cfg_attr(hax, hax_lib::requires(
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < re.coefficients.len(), || re.coefficients[i].abs() <= 3
-))))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < result.coefficients.len(), ||
-            result.coefficients[i].abs() < FIELD_MODULUS
-))))]
-#[inline(always)]
-pub(in crate::kem::kyber) fn ntt_binomially_sampled_ring_element(
-    mut re: PolynomialRingElement,
-) -> PolynomialRingElement {
-    hax_debug_assert!(re
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient.abs() <= 3));
-
-    // Due to the small coefficient bound, we can skip the first round of
-    // Montgomery reductions.
-    let mut zeta_i = 1;
-
-    for j in 0..128 {
-        // Multiply by the appropriate zeta in the normal domain.
-        let t = re.coefficients[j + 128] * -1600;
-
-        re.coefficients[j + 128] = re.coefficients[j] - t;
-        re.coefficients[j] = re.coefficients[j] + t;
-    }
-
-    hax_debug_assert!(re
-        .coefficients
-        .into_iter()
-        .all(|coefficient| { coefficient.abs() < 3 + ((3 * FIELD_MODULUS) / 2) }));
-
-    re = ntt_at_layer_3(&mut zeta_i, re, 6);
-    re = ntt_at_layer_3(&mut zeta_i, re, 5);
-    re = ntt_at_layer_3(&mut zeta_i, re, 4);
-    re = ntt_at_layer_3(&mut zeta_i, re, 3);
-    re = ntt_at_layer_3(&mut zeta_i, re, 2);
-    re = ntt_at_layer_3(&mut zeta_i, re, 1);
-
-    for i in 0..COEFFICIENTS_IN_RING_ELEMENT {
-        re.coefficients[i] = barrett_reduce(re.coefficients[i]);
-    }
-
-    re
-}
-
-/// Use the Cooley–Tukey butterfly to compute an in-place NTT representation
-/// of a `KyberPolynomialRingElement`.
-///
-/// This function operates on the ring element that partly constitutes
-/// the ciphertext.
-#[cfg_attr(hax, hax_lib::requires(
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < re.coefficients.len(), || re.coefficients[i].abs() <= 3328
-))))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < result.coefficients.len(), ||
-            result.coefficients[i].abs() < FIELD_MODULUS
-))))]
-#[inline(always)]
-pub(in crate::kem::kyber) fn ntt_vector_u<const VECTOR_U_COMPRESSION_FACTOR: usize>(
-    mut re: PolynomialRingElement,
-) -> PolynomialRingElement {
-    hax_debug_assert!(re
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient.abs() <= 3328));
-
-    let mut zeta_i = 0;
-
-    re = ntt_at_layer_3328(&mut zeta_i, re, 7);
-    re = ntt_at_layer_3328(&mut zeta_i, re, 6);
-    re = ntt_at_layer_3328(&mut zeta_i, re, 5);
-    re = ntt_at_layer_3328(&mut zeta_i, re, 4);
-    re = ntt_at_layer_3328(&mut zeta_i, re, 3);
-    re = ntt_at_layer_3328(&mut zeta_i, re, 2);
-    re = ntt_at_layer_3328(&mut zeta_i, re, 1);
-
-    for i in 0..COEFFICIENTS_IN_RING_ELEMENT {
-        re.coefficients[i] = barrett_reduce(re.coefficients[i]);
-    }
-
-    re
-}
-
-#[inline(always)]
-fn invert_ntt_at_layer(
-    zeta_i: &mut usize,
-    mut re: PolynomialRingElement,
-    layer: usize,
-) -> PolynomialRingElement {
-    let step = 1 << layer;
-
-    for round in 0..(128 >> layer) {
-        *zeta_i -= 1;
-
-        let offset = round * step * 2;
-
-        for j in offset..offset + step {
-            let a_minus_b = re.coefficients[j + step] - re.coefficients[j];
-
-            // Instead of dividing by 2 here, we just divide by
-            // 2^7 in one go in the end.
-            re.coefficients[j] = re.coefficients[j] + re.coefficients[j + step];
-            re.coefficients[j + step] =
-                montgomery_reduce(a_minus_b * ZETAS_TIMES_MONTGOMERY_R[*zeta_i]);
-        }
-    }
-
-    re
-}
-
-/// Use the Gentleman-Sande butterfly to invert, in-place, the NTT representation
-/// of a `KyberPolynomialRingElement`. The coefficients of the output
-/// ring element are in the Montgomery domain.
-#[inline(always)]
-pub(crate) fn invert_ntt_montgomery<const K: usize>(
-    mut re: PolynomialRingElement,
-) -> PolynomialRingElement {
-    // We only ever call this function after matrix/vector multiplication
-    hax_debug_assert!(re
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient.abs() < (K as i32) * FIELD_MODULUS));
-
-    let mut zeta_i = COEFFICIENTS_IN_RING_ELEMENT / 2;
-
-    re = invert_ntt_at_layer(&mut zeta_i, re, 1);
-    re = invert_ntt_at_layer(&mut zeta_i, re, 2);
-    re = invert_ntt_at_layer(&mut zeta_i, re, 3);
-    re = invert_ntt_at_layer(&mut zeta_i, re, 4);
-    re = invert_ntt_at_layer(&mut zeta_i, re, 5);
-    re = invert_ntt_at_layer(&mut zeta_i, re, 6);
-    re = invert_ntt_at_layer(&mut zeta_i, re, 7);
-
-    hax_debug_assert!(
-        re.coefficients[0].abs() < 128 * (K as i32) * FIELD_MODULUS
-            && re.coefficients[1].abs() < 128 * (K as i32) * FIELD_MODULUS
-    );
-    hax_debug_assert!(re
-        .coefficients
-        .into_iter()
-        .enumerate()
-        .skip(2)
-        .all(|(i, coefficient)| coefficient.abs() < (128 / (1 << i.ilog2())) * FIELD_MODULUS));
-
-    for i in 0..2 {
-        re.coefficients[i] = barrett_reduce(re.coefficients[i]);
-    }
-    re
-}
-
-/// Compute the product of two Kyber binomials with respect to the
-/// modulus `X² - zeta`.
-///
-/// This function almost implements <strong>Algorithm 11</strong> of the
-/// NIST FIPS 203 standard, which is reproduced below:
-///
-/// ```plaintext
-/// Input:  a₀, a₁, b₀, b₁ ∈ ℤq.
-/// Input: γ ∈ ℤq.
-/// Output: c₀, c₁ ∈ ℤq.
-///
-/// c₀ ← a₀·b₀ + a₁·b₁·γ
-/// c₁ ← a₀·b₁ + a₁·b₀
-/// return c₀, c₁
-/// ```
-/// We say "almost" because the coefficients output by this function are in
-/// the Montgomery domain (unlike in the specification).
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-#[inline(always)]
-fn ntt_multiply_binomials(
-    (a0, a1): (FieldElement, FieldElement),
-    (b0, b1): (FieldElement, FieldElement),
-    zeta: FieldElementTimesMontgomeryR,
-) -> (MontgomeryFieldElement, MontgomeryFieldElement) {
-    (
-        montgomery_reduce(a0 * b0 + montgomery_reduce(a1 * b1) * zeta),
-        montgomery_reduce(a0 * b1 + a1 * b0),
-    )
-}
-
-/// Given two `KyberPolynomialRingElement`s in their NTT representations,
-/// compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
-/// the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
-///
-/// ```plaintext
-/// ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - ζ^(2·BitRev₇(i) + 1))
-/// ```
-///
-/// This function almost implements <strong>Algorithm 10</strong> of the
-/// NIST FIPS 203 standard, which is reproduced below:
-///
-/// ```plaintext
-/// Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
-/// Output: An array ĥ ∈ ℤq.
-///
-/// for(i ← 0; i < 128; i++)
-///     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], ζ^(2·BitRev₇(i) + 1))
-/// end for
-/// return ĥ
-/// ```
-/// We say "almost" because the coefficients of the ring element output by
-/// this function are in the Montgomery domain.
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-#[cfg_attr(hax, hax_lib::requires(
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < COEFFICIENTS_IN_RING_ELEMENT, ||
-            (lhs.coefficients[i] >= 0 && lhs.coefficients[i] < 4096) &&
-            (rhs.coefficients[i].abs() <= FIELD_MODULUS)
-
-))))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < result.coefficients.len(), ||
-                result.coefficients[i].abs() <= FIELD_MODULUS
-))))]
-#[inline(always)]
-pub(crate) fn ntt_multiply(
-    lhs: &PolynomialRingElement,
-    rhs: &PolynomialRingElement,
-) -> PolynomialRingElement {
-    hax_debug_assert!(lhs
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-
-    let mut out = PolynomialRingElement::ZERO;
-
-    for i in 0..(COEFFICIENTS_IN_RING_ELEMENT / 4) {
-        let product = ntt_multiply_binomials(
-            (lhs.coefficients[4 * i], lhs.coefficients[4 * i + 1]),
-            (rhs.coefficients[4 * i], rhs.coefficients[4 * i + 1]),
-            ZETAS_TIMES_MONTGOMERY_R[64 + i],
-        );
-        out.coefficients[4 * i] = product.0;
-        out.coefficients[4 * i + 1] = product.1;
-
-        let product = ntt_multiply_binomials(
-            (lhs.coefficients[4 * i + 2], lhs.coefficients[4 * i + 3]),
-            (rhs.coefficients[4 * i + 2], rhs.coefficients[4 * i + 3]),
-            -ZETAS_TIMES_MONTGOMERY_R[64 + i],
-        );
-        out.coefficients[4 * i + 2] = product.0;
-        out.coefficients[4 * i + 3] = product.1;
-    }
-
-    out
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/sampling.rs b/libcrux-ml-kem/src/kem/kyber/sampling.rs
deleted file mode 100644
index 64e74d517..000000000
--- a/libcrux-ml-kem/src/kem/kyber/sampling.rs
+++ /dev/null
@@ -1,240 +0,0 @@
-use super::{
-    arithmetic::{FieldElement, PolynomialRingElement},
-    constants::{COEFFICIENTS_IN_RING_ELEMENT, FIELD_MODULUS},
-    hash_functions::*,
-    helper::cloop,
-};
-use crate::hax_utils::hax_debug_assert;
-
-/// If `bytes` contains a set of uniformly random bytes, this function
-/// uniformly samples a ring element `â` that is treated as being the NTT representation
-/// of the corresponding polynomial `a`.
-///
-/// Since rejection sampling is used, it is possible the supplied bytes are
-/// not enough to sample the element, in which case an `Err` is returned and the
-/// caller must try again with a fresh set of bytes.
-///
-/// This function <strong>partially</strong> implements <strong>Algorithm 6</strong> of the NIST FIPS 203 standard,
-/// We say "partially" because this implementation only accepts a finite set of
-/// bytes as input and returns an error if the set is not enough; Algorithm 6 of
-/// the FIPS 203 standard on the other hand samples from an infinite stream of bytes
-/// until the ring element is filled. Algorithm 6 is reproduced below:
-///
-/// ```plaintext
-/// Input: byte stream B ∈ 𝔹*.
-/// Output: array â ∈ ℤ₂₅₆.
-///
-/// i ← 0
-/// j ← 0
-/// while j < 256 do
-///     d₁ ← B[i] + 256·(B[i+1] mod 16)
-///     d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
-///     if d₁ < q then
-///         â[j] ← d₁
-///         j ← j + 1
-///     end if
-///     if d₂ < q and j < 256 then
-///         â[j] ← d₂
-///         j ← j + 1
-///     end if
-///     i ← i + 3
-/// end while
-/// return â
-/// ```
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-fn sample_from_uniform_distribution_next<const K: usize, const N: usize>(
-    randomness: [[u8; N]; K],
-    sampled_coefficients: &mut [usize; K],
-    out: &mut [PolynomialRingElement; K],
-) -> bool {
-    let mut done = true;
-    for i in 0..K {
-        for bytes in randomness[i].chunks(3) {
-            let b1 = bytes[0] as i32;
-            let b2 = bytes[1] as i32;
-            let b3 = bytes[2] as i32;
-
-            let d1 = ((b2 & 0xF) << 8) | b1;
-            let d2 = (b3 << 4) | (b2 >> 4);
-
-            if d1 < FIELD_MODULUS && sampled_coefficients[i] < COEFFICIENTS_IN_RING_ELEMENT {
-                out[i].coefficients[sampled_coefficients[i]] = d1;
-                sampled_coefficients[i] += 1
-            }
-            if d2 < FIELD_MODULUS && sampled_coefficients[i] < COEFFICIENTS_IN_RING_ELEMENT {
-                out[i].coefficients[sampled_coefficients[i]] = d2;
-                sampled_coefficients[i] += 1;
-            }
-        }
-        if sampled_coefficients[i] < COEFFICIENTS_IN_RING_ELEMENT {
-            done = false
-        }
-    }
-    done
-}
-
-pub(super) fn sample_from_xof<const K: usize>(seeds: [[u8; 34]; K]) -> [PolynomialRingElement; K] {
-    let mut sampled_coefficients: [usize; K] = [0; K];
-    let mut out: [PolynomialRingElement; K] = [PolynomialRingElement::ZERO; K];
-
-    let mut xof_state = absorb(seeds);
-    let randomness = squeeze_three_blocks(&mut xof_state);
-
-    let mut done =
-        sample_from_uniform_distribution_next(randomness, &mut sampled_coefficients, &mut out);
-
-    // Requiring more than 5 blocks to sample a ring element should be very
-    // unlikely according to:
-    // https://eprint.iacr.org/2023/708.pdf
-    // To avoid failing here, we squeeze more blocks out of the state until
-    // we have enough.
-    while !done {
-        let randomness = squeeze_block(&mut xof_state);
-        done =
-            sample_from_uniform_distribution_next(randomness, &mut sampled_coefficients, &mut out);
-    }
-    // XXX: We have to manually free the state here due to a Eurydice issue.
-    free_state(xof_state);
-
-    out
-}
-
-/// Given a series of uniformly random bytes in `randomness`, for some number `eta`,
-/// the `sample_from_binomial_distribution_{eta}` functions sample
-/// a ring element from a binomial distribution centered at 0 that uses two sets
-/// of `eta` coin flips. If, for example,
-/// `eta = ETA`, each ring coefficient is a value `v` such
-/// such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
-///
-/// ```plaintext
-/// - If v < 0, Pr[v] = Pr[-v]
-/// - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
-/// ```
-///
-/// The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
-///
-/// The expected value is:
-///
-/// ```plaintext
-/// E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + (ETA)Pr[ETA]
-///      = 0 since Pr[-v] = Pr[v] when v < 0.
-/// ```
-///
-/// And the variance is:
-///
-/// ```plaintext
-/// Var(X) = E[(X - E[X])^2]
-///        = E[X^2]
-///        = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2^(2 * ETA))
-///        = ETA / 2
-/// ```
-///
-/// This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203 standard, which is
-/// reproduced below:
-///
-/// ```plaintext
-/// Input: byte array B ∈ 𝔹^{64η}.
-/// Output: array f ∈ ℤ₂₅₆.
-///
-/// b ← BytesToBits(B)
-/// for (i ← 0; i < 256; i++)
-///     x ← ∑(j=0 to η - 1) b[2iη + j]
-///     y ← ∑(j=0 to η - 1) b[2iη + η + j]
-///     f[i] ← x−y mod q
-/// end for
-/// return f
-/// ```
-///
-/// The NIST FIPS 203 standard can be found at
-/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-#[cfg_attr(hax, hax_lib::requires(randomness.len() == 2 * 64))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 2
-))))]
-fn sample_from_binomial_distribution_2(randomness: &[u8]) -> PolynomialRingElement {
-    let mut sampled: PolynomialRingElement = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (chunk_number, byte_chunk) in randomness.chunks_exact(4).enumerate() {
-            let random_bits_as_u32: u32 = (byte_chunk[0] as u32)
-                | (byte_chunk[1] as u32) << 8
-                | (byte_chunk[2] as u32) << 16
-                | (byte_chunk[3] as u32) << 24;
-
-            let even_bits = random_bits_as_u32 & 0x55555555;
-            let odd_bits = (random_bits_as_u32 >> 1) & 0x55555555;
-
-            let coin_toss_outcomes = even_bits + odd_bits;
-
-            cloop! {
-                for outcome_set in (0..u32::BITS).step_by(4) {
-                    let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x3) as FieldElement;
-                    let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as FieldElement;
-
-                    let offset = (outcome_set >> 2) as usize;
-                    sampled.coefficients[8 * chunk_number + offset] = outcome_1 - outcome_2;
-                }
-            }
-        }
-    }
-
-    hax_debug_assert!(sampled
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient >= -2 && coefficient <= 2));
-    sampled
-}
-
-#[cfg_attr(hax, hax_lib::requires(randomness.len() == 3 * 64))]
-#[cfg_attr(hax, hax_lib::ensures(|result|
-    hax_lib::forall(|i:usize|
-        hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 3
-))))]
-fn sample_from_binomial_distribution_3(randomness: &[u8]) -> PolynomialRingElement {
-    let mut sampled: PolynomialRingElement = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (chunk_number, byte_chunk) in randomness.chunks_exact(3).enumerate() {
-            let random_bits_as_u24: u32 =
-                (byte_chunk[0] as u32) | (byte_chunk[1] as u32) << 8 | (byte_chunk[2] as u32) << 16;
-
-            let first_bits = random_bits_as_u24 & 0x00249249;
-            let second_bits = (random_bits_as_u24 >> 1) & 0x00249249;
-            let third_bits = (random_bits_as_u24 >> 2) & 0x00249249;
-
-            let coin_toss_outcomes = first_bits + second_bits + third_bits;
-
-            cloop! {
-                for outcome_set in (0..24).step_by(6) {
-                    let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x7) as FieldElement;
-                    let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as FieldElement;
-
-                    let offset = (outcome_set / 6) as usize;
-                    sampled.coefficients[4 * chunk_number + offset] = outcome_1 - outcome_2;
-                }
-            }
-        }
-    }
-
-    hax_debug_assert!(sampled
-        .coefficients
-        .into_iter()
-        .all(|coefficient| coefficient >= -3 && coefficient <= 3));
-    sampled
-}
-
-#[inline(always)]
-pub(super) fn sample_from_binomial_distribution<const ETA: usize>(
-    randomness: &[u8],
-) -> PolynomialRingElement {
-    hax_debug_assert!(randomness.len() == ETA * 64);
-
-    match ETA as u32 {
-        2 => sample_from_binomial_distribution_2(randomness),
-        3 => sample_from_binomial_distribution_3(randomness),
-        _ => unreachable!(),
-    }
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/serialize.rs b/libcrux-ml-kem/src/kem/kyber/serialize.rs
deleted file mode 100644
index 6943b8164..000000000
--- a/libcrux-ml-kem/src/kem/kyber/serialize.rs
+++ /dev/null
@@ -1,623 +0,0 @@
-use super::{
-    arithmetic::{to_unsigned_representative, FieldElement, PolynomialRingElement},
-    compress::{
-        compress_ciphertext_coefficient, compress_message_coefficient,
-        decompress_ciphertext_coefficient, decompress_message_coefficient,
-    },
-    constants::{BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE},
-    helper::cloop,
-};
-use crate::hax_utils::hax_debug_assert;
-
-#[inline(always)]
-pub(super) fn compress_then_serialize_message(
-    re: PolynomialRingElement,
-) -> [u8; SHARED_SECRET_SIZE] {
-    let mut serialized = [0u8; SHARED_SECRET_SIZE];
-
-    cloop! {
-        for (i, coefficients) in re.coefficients.chunks_exact(8).enumerate() {
-            cloop! {
-                for (j, coefficient) in coefficients.iter().enumerate() {
-                    let coefficient = to_unsigned_representative(*coefficient);
-
-                    let coefficient_compressed = compress_message_coefficient(coefficient);
-
-                    serialized[i] |= coefficient_compressed << j
-                }
-            }
-        }
-    }
-
-    serialized
-}
-#[inline(always)]
-pub(super) fn deserialize_then_decompress_message(
-    serialized: [u8; SHARED_SECRET_SIZE],
-) -> PolynomialRingElement {
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, byte) in serialized.into_iter().enumerate() {
-            for j in 0..8 {
-                let coefficient_compressed = ((byte >> j) & 0x1) as FieldElement;
-                re.coefficients[8 * i + j] = decompress_message_coefficient(coefficient_compressed);
-            }
-        }
-    }
-
-    re
-}
-
-#[inline(always)]
-pub(super) fn serialize_uncompressed_ring_element(
-    re: PolynomialRingElement,
-) -> [u8; BYTES_PER_RING_ELEMENT] {
-    let mut serialized = [0u8; BYTES_PER_RING_ELEMENT];
-
-    cloop! {
-        for (i, coefficients) in re.coefficients.chunks_exact(2).enumerate() {
-            let coefficient1 = to_unsigned_representative(coefficients[0]);
-            let coefficient2 = to_unsigned_representative(coefficients[1]);
-
-            let (coef1, coef2, coef3) = compress_coefficients_3(coefficient1, coefficient2);
-            serialized[3 * i] = coef1;
-            serialized[3 * i + 1] = coef2;
-            serialized[3 * i + 2] = coef3;
-        }
-    }
-
-    serialized
-}
-
-#[inline(always)]
-fn compress_coefficients_3(coefficient1: u16, coefficient2: u16) -> (u8, u8, u8) {
-    let coef1 = (coefficient1 & 0xFF) as u8;
-    let coef2 = ((coefficient1 >> 8) | ((coefficient2 & 0x0F) << 4)) as u8;
-    let coef3 = ((coefficient2 >> 4) & 0xFF) as u8;
-    (coef1, coef2, coef3)
-}
-
-#[inline(always)]
-pub(super) fn deserialize_to_uncompressed_ring_element(serialized: &[u8]) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == BYTES_PER_RING_ELEMENT);
-
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, bytes) in serialized.chunks_exact(3).enumerate() {
-            let byte1 = bytes[0] as FieldElement;
-            let byte2 = bytes[1] as FieldElement;
-            let byte3 = bytes[2] as FieldElement;
-
-            re.coefficients[2 * i] = (byte2 & 0x0F) << 8 | (byte1 & 0xFF);
-            re.coefficients[2 * i + 1] = (byte3 << 4) | ((byte2 >> 4) & 0x0F);
-        }
-    }
-
-    re
-}
-
-/// Only use with public values.
-///
-/// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`.
-#[inline(always)]
-fn deserialize_to_reduced_ring_element(ring_element: &[u8]) -> PolynomialRingElement {
-    hax_debug_assert!(ring_element.len() == BYTES_PER_RING_ELEMENT);
-
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, bytes) in ring_element.chunks_exact(3).enumerate() {
-            let byte1 = bytes[0] as FieldElement;
-            let byte2 = bytes[1] as FieldElement;
-            let byte3 = bytes[2] as FieldElement;
-
-            // The modulus here is ok because the input must be public.
-            // XXX: The awkward code here is necessary to work around Charon shortcomings.
-            re.coefficients[2 * i] = (byte2 & 0x0F) << 8 | (byte1 & 0xFF);
-            let tmp = re.coefficients[2 * i] % 3329; // FIELD_MODULUS
-            re.coefficients[2 * i] = tmp;
-
-            re.coefficients[2 * i + 1] = (byte3 << 4) | ((byte2 >> 4) & 0x0F);
-            let tmp = re.coefficients[2 * i + 1] % 3329; // FIELD_MODULUS
-            re.coefficients[2 * i + 1] = tmp;
-        }
-    }
-
-    re
-}
-
-/// This function deserializes ring elements and reduces the result by the field
-/// modulus.
-///
-/// This function MUST NOT be used on secret inputs.
-#[inline(always)]
-pub(super) fn deserialize_ring_elements_reduced<const PUBLIC_KEY_SIZE: usize, const K: usize>(
-    public_key: &[u8],
-) -> [PolynomialRingElement; K] {
-    let mut deserialized_pk = [PolynomialRingElement::ZERO; K];
-    cloop! {
-        for (i, ring_element) in public_key
-            .chunks_exact(BYTES_PER_RING_ELEMENT)
-            .enumerate()
-        {
-            deserialized_pk[i] =deserialize_to_reduced_ring_element(ring_element);
-        }
-    }
-    deserialized_pk
-}
-
-#[inline(always)]
-fn compress_then_serialize_10<const OUT_LEN: usize>(re: PolynomialRingElement) -> [u8; OUT_LEN] {
-    let mut serialized = [0u8; OUT_LEN];
-
-    cloop! {
-        for (i, coefficients) in re.coefficients.chunks_exact(4).enumerate() {
-            let coefficient1 =
-                compress_ciphertext_coefficient(10, to_unsigned_representative(coefficients[0]));
-            let coefficient2 =
-                compress_ciphertext_coefficient(10, to_unsigned_representative(coefficients[1]));
-            let coefficient3 =
-                compress_ciphertext_coefficient(10, to_unsigned_representative(coefficients[2]));
-            let coefficient4 =
-                compress_ciphertext_coefficient(10, to_unsigned_representative(coefficients[3]));
-
-            let (coef1, coef2, coef3, coef4, coef5) =
-                compress_coefficients_10(coefficient1, coefficient2, coefficient3, coefficient4);
-            serialized[5 * i] = coef1;
-            serialized[5 * i + 1] = coef2;
-            serialized[5 * i + 2] = coef3;
-            serialized[5 * i + 3] = coef4;
-            serialized[5 * i + 4] = coef5;
-        }
-    }
-
-    serialized
-}
-
-#[inline(always)]
-fn compress_coefficients_10(
-    coefficient1: i32,
-    coefficient2: i32,
-    coefficient3: i32,
-    coefficient4: i32,
-) -> (u8, u8, u8, u8, u8) {
-    let coef1 = (coefficient1 & 0xFF) as u8;
-    let coef2 = ((coefficient2 & 0x3F) as u8) << 2 | ((coefficient1 >> 8) & 0x03) as u8;
-    let coef3 = ((coefficient3 & 0x0F) as u8) << 4 | ((coefficient2 >> 6) & 0x0F) as u8;
-    let coef4 = ((coefficient4 & 0x03) as u8) << 6 | ((coefficient3 >> 4) & 0x3F) as u8;
-    let coef5 = ((coefficient4 >> 2) & 0xFF) as u8;
-    (coef1, coef2, coef3, coef4, coef5)
-}
-
-#[inline(always)]
-fn compress_then_serialize_11<const OUT_LEN: usize>(re: PolynomialRingElement) -> [u8; OUT_LEN] {
-    let mut serialized = [0u8; OUT_LEN];
-
-    cloop! {
-        for (i, coefficients) in re.coefficients.chunks_exact(8).enumerate() {
-            let coefficient1 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[0]));
-            let coefficient2 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[1]));
-            let coefficient3 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[2]));
-            let coefficient4 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[3]));
-            let coefficient5 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[4]));
-            let coefficient6 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[5]));
-            let coefficient7 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[6]));
-            let coefficient8 =
-                compress_ciphertext_coefficient(11, to_unsigned_representative(coefficients[7]));
-
-            let (coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11) =
-                compress_coefficients_11(
-                    coefficient1,
-                    coefficient2,
-                    coefficient3,
-                    coefficient4,
-                    coefficient5,
-                    coefficient6,
-                    coefficient7,
-                    coefficient8,
-                );
-            serialized[11 * i] = coef1;
-            serialized[11 * i + 1] = coef2;
-            serialized[11 * i + 2] = coef3;
-            serialized[11 * i + 3] = coef4;
-            serialized[11 * i + 4] = coef5;
-            serialized[11 * i + 5] = coef6;
-            serialized[11 * i + 6] = coef7;
-            serialized[11 * i + 7] = coef8;
-            serialized[11 * i + 8] = coef9;
-            serialized[11 * i + 9] = coef10;
-            serialized[11 * i + 10] = coef11;
-        }
-    }
-
-    serialized
-}
-
-#[inline(always)]
-fn compress_coefficients_11(
-    coefficient1: i32,
-    coefficient2: i32,
-    coefficient3: i32,
-    coefficient4: i32,
-    coefficient5: i32,
-    coefficient6: i32,
-    coefficient7: i32,
-    coefficient8: i32,
-) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) {
-    let coef1 = coefficient1 as u8;
-    let coef2 = ((coefficient2 & 0x1F) as u8) << 3 | ((coefficient1 >> 8) as u8);
-    let coef3 = ((coefficient3 & 0x3) as u8) << 6 | ((coefficient2 >> 5) as u8);
-    let coef4 = ((coefficient3 >> 2) & 0xFF) as u8;
-    let coef5 = ((coefficient4 & 0x7F) as u8) << 1 | (coefficient3 >> 10) as u8;
-    let coef6 = ((coefficient5 & 0xF) as u8) << 4 | (coefficient4 >> 7) as u8;
-    let coef7 = ((coefficient6 & 0x1) as u8) << 7 | (coefficient5 >> 4) as u8;
-    let coef8 = ((coefficient6 >> 1) & 0xFF) as u8;
-    let coef9 = ((coefficient7 & 0x3F) as u8) << 2 | (coefficient6 >> 9) as u8;
-    let coef10 = ((coefficient8 & 0x7) as u8) << 5 | (coefficient7 >> 6) as u8;
-    let coef11 = (coefficient8 >> 3) as u8;
-    (
-        coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11,
-    )
-}
-#[inline(always)]
-pub(super) fn compress_then_serialize_ring_element_u<
-    const COMPRESSION_FACTOR: usize,
-    const OUT_LEN: usize,
->(
-    re: PolynomialRingElement,
-) -> [u8; OUT_LEN] {
-    hax_debug_assert!((COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN);
-
-    match COMPRESSION_FACTOR as u32 {
-        10 => compress_then_serialize_10(re),
-        11 => compress_then_serialize_11(re),
-        _ => unreachable!(),
-    }
-}
-
-#[inline(always)]
-fn compress_then_serialize_4<const OUT_LEN: usize>(re: PolynomialRingElement) -> [u8; OUT_LEN] {
-    let mut serialized = [0u8; OUT_LEN];
-
-    cloop! {
-        for (i, coefficients) in re.coefficients.chunks_exact(2).enumerate() {
-            let coefficient1 =
-                compress_ciphertext_coefficient(4, to_unsigned_representative(coefficients[0])) as u8;
-            let coefficient2 =
-                compress_ciphertext_coefficient(4, to_unsigned_representative(coefficients[1])) as u8;
-
-            serialized[i] = (coefficient2 << 4) | coefficient1;
-        }
-    }
-
-    serialized
-}
-
-#[inline(always)]
-fn compress_then_serialize_5<const OUT_LEN: usize>(re: PolynomialRingElement) -> [u8; OUT_LEN] {
-    let mut serialized = [0u8; OUT_LEN];
-
-    cloop! {
-        for (i, coefficients) in re.coefficients.chunks_exact(8).enumerate() {
-            let coefficient1 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[0])) as u8;
-            let coefficient2 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[1])) as u8;
-            let coefficient3 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[2])) as u8;
-            let coefficient4 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[3])) as u8;
-            let coefficient5 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[4])) as u8;
-            let coefficient6 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[5])) as u8;
-            let coefficient7 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[6])) as u8;
-            let coefficient8 =
-                compress_ciphertext_coefficient(5, to_unsigned_representative(coefficients[7])) as u8;
-
-            let (coef1, coef2, coef3, coef4, coef5) = compress_coefficients_5(
-                coefficient2,
-                coefficient1,
-                coefficient4,
-                coefficient3,
-                coefficient5,
-                coefficient7,
-                coefficient6,
-                coefficient8,
-            );
-            serialized[5 * i] = coef1;
-            serialized[5 * i + 1] = coef2;
-            serialized[5 * i + 2] = coef3;
-            serialized[5 * i + 3] = coef4;
-            serialized[5 * i + 4] = coef5;
-        }
-    }
-
-    serialized
-}
-
-#[inline(always)]
-fn compress_coefficients_5(
-    coefficient2: u8,
-    coefficient1: u8,
-    coefficient4: u8,
-    coefficient3: u8,
-    coefficient5: u8,
-    coefficient7: u8,
-    coefficient6: u8,
-    coefficient8: u8,
-) -> (u8, u8, u8, u8, u8) {
-    let coef1 = (coefficient2 & 0x7) << 5 | coefficient1;
-    let coef2 = ((coefficient4 & 1) << 7) | (coefficient3 << 2) | (coefficient2 >> 3);
-    let coef3 = ((coefficient5 & 0xF) << 4) | (coefficient4 >> 1);
-    let coef4 = ((coefficient7 & 0x3) << 6) | (coefficient6 << 1) | (coefficient5 >> 4);
-    let coef5 = (coefficient8 << 3) | (coefficient7 >> 2);
-    (coef1, coef2, coef3, coef4, coef5)
-}
-
-#[inline(always)]
-pub(super) fn compress_then_serialize_ring_element_v<
-    const COMPRESSION_FACTOR: usize,
-    const OUT_LEN: usize,
->(
-    re: PolynomialRingElement,
-) -> [u8; OUT_LEN] {
-    hax_debug_assert!((COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN);
-
-    match COMPRESSION_FACTOR as u32 {
-        4 => compress_then_serialize_4(re),
-        5 => compress_then_serialize_5(re),
-        _ => unreachable!(),
-    }
-}
-
-#[inline(always)]
-fn deserialize_then_decompress_10(serialized: &[u8]) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 10) / 8);
-
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, bytes) in serialized.chunks_exact(5).enumerate() {
-            let byte1 = bytes[0] as FieldElement;
-            let byte2 = bytes[1] as FieldElement;
-            let byte3 = bytes[2] as FieldElement;
-            let byte4 = bytes[3] as FieldElement;
-            let byte5 = bytes[4] as FieldElement;
-
-            let (coefficient1, coefficient2, coefficient3, coefficient4) =
-                decompress_coefficients_10(byte2, byte1, byte3, byte4, byte5);
-
-            re.coefficients[4 * i] = decompress_ciphertext_coefficient(10, coefficient1);
-            re.coefficients[4 * i + 1] = decompress_ciphertext_coefficient(10, coefficient2);
-            re.coefficients[4 * i + 2] = decompress_ciphertext_coefficient(10, coefficient3);
-            re.coefficients[4 * i + 3] = decompress_ciphertext_coefficient(10, coefficient4);
-        }
-    }
-
-    re
-}
-
-#[inline(always)]
-fn decompress_coefficients_10(
-    byte2: i32,
-    byte1: i32,
-    byte3: i32,
-    byte4: i32,
-    byte5: i32,
-) -> (i32, i32, i32, i32) {
-    let coefficient1 = (byte2 & 0x03) << 8 | (byte1 & 0xFF);
-    let coefficient2 = (byte3 & 0x0F) << 6 | (byte2 >> 2);
-    let coefficient3 = (byte4 & 0x3F) << 4 | (byte3 >> 4);
-    let coefficient4 = (byte5 << 2) | (byte4 >> 6);
-    (coefficient1, coefficient2, coefficient3, coefficient4)
-}
-
-#[inline(always)]
-fn deserialize_then_decompress_11(serialized: &[u8]) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 11) / 8);
-
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, bytes) in serialized.chunks_exact(11).enumerate() {
-            let byte1 = bytes[0] as FieldElement;
-            let byte2 = bytes[1] as FieldElement;
-            let byte3 = bytes[2] as FieldElement;
-            let byte4 = bytes[3] as FieldElement;
-            let byte5 = bytes[4] as FieldElement;
-            let byte6 = bytes[5] as FieldElement;
-            let byte7 = bytes[6] as FieldElement;
-            let byte8 = bytes[7] as FieldElement;
-            let byte9 = bytes[8] as FieldElement;
-            let byte10 = bytes[9] as FieldElement;
-            let byte11 = bytes[10] as FieldElement;
-
-            let (
-                coefficient1,
-                coefficient2,
-                coefficient3,
-                coefficient4,
-                coefficient5,
-                coefficient6,
-                coefficient7,
-                coefficient8,
-            ) = decompress_coefficients_11(
-                byte2, byte1, byte3, byte5, byte4, byte6, byte7, byte9, byte8, byte10, byte11,
-            );
-
-            re.coefficients[8 * i] = decompress_ciphertext_coefficient(11, coefficient1);
-            re.coefficients[8 * i + 1] = decompress_ciphertext_coefficient(11, coefficient2);
-            re.coefficients[8 * i + 2] = decompress_ciphertext_coefficient(11, coefficient3);
-            re.coefficients[8 * i + 3] = decompress_ciphertext_coefficient(11, coefficient4);
-            re.coefficients[8 * i + 4] = decompress_ciphertext_coefficient(11, coefficient5);
-            re.coefficients[8 * i + 5] = decompress_ciphertext_coefficient(11, coefficient6);
-            re.coefficients[8 * i + 6] = decompress_ciphertext_coefficient(11, coefficient7);
-            re.coefficients[8 * i + 7] = decompress_ciphertext_coefficient(11, coefficient8);
-        }
-    }
-
-    re
-}
-
-#[inline(always)]
-fn decompress_coefficients_11(
-    byte2: i32,
-    byte1: i32,
-    byte3: i32,
-    byte5: i32,
-    byte4: i32,
-    byte6: i32,
-    byte7: i32,
-    byte9: i32,
-    byte8: i32,
-    byte10: i32,
-    byte11: i32,
-) -> (i32, i32, i32, i32, i32, i32, i32, i32) {
-    let coefficient1 = (byte2 & 0x7) << 8 | byte1;
-    let coefficient2 = (byte3 & 0x3F) << 5 | (byte2 >> 3);
-    let coefficient3 = (byte5 & 0x1) << 10 | (byte4 << 2) | (byte3 >> 6);
-    let coefficient4 = (byte6 & 0xF) << 7 | (byte5 >> 1);
-    let coefficient5 = (byte7 & 0x7F) << 4 | (byte6 >> 4);
-    let coefficient6 = (byte9 & 0x3) << 9 | (byte8 << 1) | (byte7 >> 7);
-    let coefficient7 = (byte10 & 0x1F) << 6 | (byte9 >> 2);
-    let coefficient8 = (byte11 << 3) | (byte10 >> 5);
-    (
-        coefficient1,
-        coefficient2,
-        coefficient3,
-        coefficient4,
-        coefficient5,
-        coefficient6,
-        coefficient7,
-        coefficient8,
-    )
-}
-
-#[inline(always)]
-pub(super) fn deserialize_then_decompress_ring_element_u<const COMPRESSION_FACTOR: usize>(
-    serialized: &[u8],
-) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8);
-
-    match COMPRESSION_FACTOR as u32 {
-        10 => deserialize_then_decompress_10(serialized),
-        11 => deserialize_then_decompress_11(serialized),
-        _ => unreachable!(),
-    }
-}
-
-#[inline(always)]
-fn deserialize_then_decompress_4(serialized: &[u8]) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 4) / 8);
-
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, byte) in serialized.iter().enumerate() {
-            let (coefficient1, coefficient2) = decompress_coefficients_4(byte);
-
-            re.coefficients[2 * i] = decompress_ciphertext_coefficient(4, coefficient1);
-            re.coefficients[2 * i + 1] = decompress_ciphertext_coefficient(4, coefficient2);
-        }
-    }
-
-    re
-}
-
-#[inline(always)]
-fn decompress_coefficients_4(byte: &u8) -> (i32, i32) {
-    let coefficient1 = (byte & 0x0F) as FieldElement;
-    let coefficient2 = ((byte >> 4) & 0x0F) as FieldElement;
-    (coefficient1, coefficient2)
-}
-
-#[inline(always)]
-fn deserialize_then_decompress_5(serialized: &[u8]) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 5) / 8);
-
-    let mut re = PolynomialRingElement::ZERO;
-
-    cloop! {
-        for (i, bytes) in serialized.chunks_exact(5).enumerate() {
-            let byte1 = bytes[0] as FieldElement;
-            let byte2 = bytes[1] as FieldElement;
-            let byte3 = bytes[2] as FieldElement;
-            let byte4 = bytes[3] as FieldElement;
-            let byte5 = bytes[4] as FieldElement;
-
-            let (
-                coefficient1,
-                coefficient2,
-                coefficient3,
-                coefficient4,
-                coefficient5,
-                coefficient6,
-                coefficient7,
-                coefficient8,
-            ) = decompress_coefficients_5(byte1, byte2, byte3, byte4, byte5);
-
-            re.coefficients[8 * i] = decompress_ciphertext_coefficient(5, coefficient1);
-            re.coefficients[8 * i + 1] = decompress_ciphertext_coefficient(5, coefficient2);
-            re.coefficients[8 * i + 2] = decompress_ciphertext_coefficient(5, coefficient3);
-            re.coefficients[8 * i + 3] = decompress_ciphertext_coefficient(5, coefficient4);
-            re.coefficients[8 * i + 4] = decompress_ciphertext_coefficient(5, coefficient5);
-            re.coefficients[8 * i + 5] = decompress_ciphertext_coefficient(5, coefficient6);
-            re.coefficients[8 * i + 6] = decompress_ciphertext_coefficient(5, coefficient7);
-            re.coefficients[8 * i + 7] = decompress_ciphertext_coefficient(5, coefficient8);
-        }
-    }
-
-    re
-}
-
-#[inline(always)]
-fn decompress_coefficients_5(
-    byte1: i32,
-    byte2: i32,
-    byte3: i32,
-    byte4: i32,
-    byte5: i32,
-) -> (i32, i32, i32, i32, i32, i32, i32, i32) {
-    let coefficient1 = byte1 & 0x1F;
-    let coefficient2 = (byte2 & 0x3) << 3 | (byte1 >> 5);
-    let coefficient3 = (byte2 >> 2) & 0x1F;
-    let coefficient4 = ((byte3 & 0xF) << 1) | (byte2 >> 7);
-    let coefficient5 = ((byte4 & 1) << 4) | (byte3 >> 4);
-    let coefficient6 = (byte4 >> 1) & 0x1F;
-    let coefficient7 = ((byte5 & 0x7) << 2) | (byte4 >> 6);
-    let coefficient8 = byte5 >> 3;
-    (
-        coefficient1,
-        coefficient2,
-        coefficient3,
-        coefficient4,
-        coefficient5,
-        coefficient6,
-        coefficient7,
-        coefficient8,
-    )
-}
-
-#[inline(always)]
-pub(super) fn deserialize_then_decompress_ring_element_v<const COMPRESSION_FACTOR: usize>(
-    serialized: &[u8],
-) -> PolynomialRingElement {
-    hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8);
-
-    match COMPRESSION_FACTOR as u32 {
-        4 => deserialize_then_decompress_4(serialized),
-        5 => deserialize_then_decompress_5(serialized),
-        _ => unreachable!(),
-    }
-}
diff --git a/libcrux-ml-kem/src/kem/kyber/types.rs b/libcrux-ml-kem/src/kem/kyber/types.rs
deleted file mode 100644
index 8789a254b..000000000
--- a/libcrux-ml-kem/src/kem/kyber/types.rs
+++ /dev/null
@@ -1,166 +0,0 @@
-macro_rules! impl_generic_struct {
-    ($name:ident, $doc:expr) => {
-        #[doc = $doc]
-        pub struct $name<const SIZE: usize> {
-            pub(super) value: [u8; SIZE],
-        }
-
-        impl<const SIZE: usize> AsRef<[u8]> for $name<SIZE> {
-            fn as_ref(&self) -> &[u8] {
-                &self.value
-            }
-        }
-
-        impl<const SIZE: usize> From<[u8; SIZE]> for $name<SIZE> {
-            fn from(value: [u8; SIZE]) -> Self {
-                Self { value }
-            }
-        }
-
-        impl<const SIZE: usize> From<&[u8; SIZE]> for $name<SIZE> {
-            fn from(value: &[u8; SIZE]) -> Self {
-                Self {
-                    value: value.clone(),
-                }
-            }
-        }
-
-        impl<const SIZE: usize> From<$name<SIZE>> for [u8; SIZE] {
-            fn from(value: $name<SIZE>) -> Self {
-                value.value
-            }
-        }
-
-        impl<const SIZE: usize> TryFrom<&[u8]> for $name<SIZE> {
-            type Error = core::array::TryFromSliceError;
-
-            fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
-                match value.try_into() {
-                    Ok(value) => Ok(Self { value }),
-                    Err(e) => Err(e),
-                }
-            }
-        }
-
-        impl<const SIZE: usize> $name<SIZE> {
-            /// A reference to the raw byte slice.
-            pub fn as_slice(&self) -> &[u8; SIZE] {
-                &self.value
-            }
-
-            // This is only used for some of the macro callers.
-            #[allow(dead_code)]
-            // /// Split this value and return the raw byte slices.
-            pub(crate) fn split_at(&self, mid: usize) -> (&[u8], &[u8]) {
-                self.value.split_at(mid)
-            }
-            /// The number of bytes
-            pub const fn len() -> usize {
-                SIZE
-            }
-        }
-    };
-}
-macro_rules! impl_index_impls_for_generic_struct {
-    ($name:ident) => {
-        impl<const SIZE: usize> core::ops::Index<usize> for $name<SIZE> {
-            type Output = u8;
-
-            fn index(&self, index: usize) -> &Self::Output {
-                &self.value[index]
-            }
-        }
-
-        impl<const SIZE: usize> core::ops::Index<core::ops::Range<usize>> for $name<SIZE> {
-            type Output = [u8];
-
-            fn index(&self, range: core::ops::Range<usize>) -> &Self::Output {
-                &self.value[range]
-            }
-        }
-
-        impl<const SIZE: usize> core::ops::Index<core::ops::RangeTo<usize>> for $name<SIZE> {
-            type Output = [u8];
-
-            fn index(&self, range: core::ops::RangeTo<usize>) -> &Self::Output {
-                &self.value[range]
-            }
-        }
-
-        impl<const SIZE: usize> core::ops::Index<core::ops::RangeFrom<usize>> for $name<SIZE> {
-            type Output = [u8];
-
-            fn index(&self, range: core::ops::RangeFrom<usize>) -> &Self::Output {
-                &self.value[range]
-            }
-        }
-    };
-}
-
-impl_generic_struct!(MlKemCiphertext, "An ML-KEM Ciphertext");
-impl_generic_struct!(MlKemPrivateKey, "An ML-KEM Private key");
-impl_generic_struct!(MlKemPublicKey, "An ML-KEM Public key");
-
-// These traits are used only in `ind_cpa` for kyber cipher text.
-mod index_impls {
-    use super::*;
-    impl_index_impls_for_generic_struct!(MlKemCiphertext);
-    impl_index_impls_for_generic_struct!(MlKemPrivateKey);
-    impl_index_impls_for_generic_struct!(MlKemPublicKey);
-}
-
-/// An ML-KEM key pair
-pub struct MlKemKeyPair<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize> {
-    pub(crate) sk: MlKemPrivateKey<PRIVATE_KEY_SIZE>,
-    pub(crate) pk: MlKemPublicKey<PUBLIC_KEY_SIZE>,
-}
-
-impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
-    MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>
-{
-    /// Creates a new [`MlKemKeyPair`].
-    pub fn new(sk: [u8; PRIVATE_KEY_SIZE], pk: [u8; PUBLIC_KEY_SIZE]) -> Self {
-        Self {
-            sk: sk.into(),
-            pk: pk.into(),
-        }
-    }
-
-    /// Create a new [`MlKemKeyPair`] from the secret and public key.
-    pub fn from(
-        sk: MlKemPrivateKey<PRIVATE_KEY_SIZE>,
-        pk: MlKemPublicKey<PUBLIC_KEY_SIZE>,
-    ) -> Self {
-        Self { sk, pk }
-    }
-
-    /// Get a reference to the [`MlKemPublicKey<PUBLIC_KEY_SIZE>`].
-    pub fn public_key(&self) -> &MlKemPublicKey<PUBLIC_KEY_SIZE> {
-        &self.pk
-    }
-
-    /// Get a reference to the [`MlKemPrivateKey<PRIVATE_KEY_SIZE>`].
-    pub fn private_key(&self) -> &MlKemPrivateKey<PRIVATE_KEY_SIZE> {
-        &self.sk
-    }
-
-    /// Get a reference to the raw public key bytes.
-    pub fn pk(&self) -> &[u8; PUBLIC_KEY_SIZE] {
-        self.pk.as_slice()
-    }
-
-    /// Get a reference to the raw private key bytes.
-    pub fn sk(&self) -> &[u8; PRIVATE_KEY_SIZE] {
-        self.sk.as_slice()
-    }
-
-    /// Separate this key into the public and private key.
-    pub fn into_parts(
-        self,
-    ) -> (
-        MlKemPrivateKey<PRIVATE_KEY_SIZE>,
-        MlKemPublicKey<PUBLIC_KEY_SIZE>,
-    ) {
-        (self.sk, self.pk)
-    }
-}
diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs
index 3c3b84610..d952e656d 100644
--- a/libcrux-ml-kem/src/lib.rs
+++ b/libcrux-ml-kem/src/lib.rs
@@ -4,18 +4,14 @@
 //! formally verified using [hax](https://cryspen.com/hax) and
 //! [F*](https://fstar-lang.org).
 //!
-#![cfg_attr(
-    feature = "pre-verification",
-    doc = r##"
-Functions in this crate use CPU feature detection to pick the most efficient version
-on each platform. To use a specific version with your own feature detection
-use e.g. one of the following
-- `mlkem768::avx2::generate_key_pair`,
-- `mlkem768::neon::generate_key_pair`,
-- `mlkem768::portable::generate_key_pair`,
-
-analogously for encapsulation and decapsulation."##
-)]
+//! Functions in this crate use CPU feature detection to pick the most efficient version
+//! on each platform. To use a specific version with your own feature detection
+//! use e.g. one of the following
+//! - `mlkem768::avx2::generate_key_pair`,
+//! - `mlkem768::neon::generate_key_pair`,
+//! - `mlkem768::portable::generate_key_pair`,
+//!
+//! analogously for encapsulation and decapsulation."
 #![cfg_attr(
     feature = "mlkem768",
     doc = r##"
@@ -62,14 +58,9 @@ analogously for encapsulation and decapsulation."##
 //! available individually under feature flags `mlkem512`, `mlkem768`,
 //! `mlkem1024`.
 //!
-//! In addition to the verified implementations of the ML-KEM variants, the
-//! feature flag `pre-verification` gives access to, as yet, unverified
-//! implementations of ML-KEM that are optimized for SIMD instruction sets.
-//!
 //! ### Kyber Round 3
-//! The `kyber` flag (in combination with `pre-verification`) also gives access
-//! to an, as yet, unverified implementation of Kyber as submitted in Round 3 of
-//! the NIST PQ competition.
+//! The `kyber` flag also gives access to an, as yet, unverified implementation
+//! of Kyber as submitted in Round 3 of the NIST PQ competition.
 //!
 
 #![no_std]
@@ -90,145 +81,89 @@ mod cfg;
 
 pub(crate) mod hax_utils;
 
-// Not-yet verified ML-KEM implementation.
-// This implementation has 3 different variant.
-// - portable
-// - neon
-// - avx2
+// This module is declared here since otherwise, hax reports the following error:
 //
-// When #221 is finished, the pre-verification feature will be removed and this
-// implementation will be promoted to the default one.
-cfg_pre_verification! {
-    // This module is declared here since otherwise, hax reports the following error:
-    //
-    // The THIR body of item
-    // DefId(0:986 ~ libcrux[92b3]::kem::kyber768::parameters::COEFFICIENTS_IN_RING_ELEMENT)
-    // was stolen.
-    //
-    // This is being tracked in https://github.com/hacspec/hacspec-v2/issues/27
-    pub(crate) mod constants;
-
-    /// Helpers for verification and extraction
-    mod helper;
-
-    mod utils;
-    mod constant_time_ops;
-    mod hash_functions;
-    mod ind_cca;
-    mod ind_cpa;
-    mod variant;
-    mod invert_ntt;
-    mod matrix;
-    mod ntt;
-    mod polynomial;
-    mod sampling;
-    mod serialize;
-    mod types;
-    mod vector;
-
-    #[cfg(feature = "mlkem512")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "mlkem512")))]
-    pub mod mlkem512;
-
-    #[cfg(feature = "mlkem768")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "mlkem768")))]
-    pub mod mlkem768;
-
-    #[cfg(feature = "mlkem1024")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "mlkem1024")))]
-    pub mod mlkem1024;
-
-    pub use constants::SHARED_SECRET_SIZE;
-
-    pub use ind_cca::{MlKemSharedSecret, ENCAPS_SEED_SIZE, KEY_GENERATION_SEED_SIZE};
-
-    // These types all have type aliases for the different variants.
-    pub use types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey};
-
-    cfg_kyber! {
-        #[cfg(feature = "mlkem512")]
-        #[cfg_attr(docsrs, doc(cfg(all(feature = "kyber", feature = "mlkem512"))))]
-        pub mod kyber512 {
-            //! Kyber 512 (NIST PQC Round 3)
-            cfg_no_eurydice! {
-                pub use crate::mlkem512::kyber::generate_key_pair;
-                pub use crate::mlkem512::kyber::decapsulate;
-                pub use crate::mlkem512::kyber::encapsulate;
-                pub use crate::mlkem512::validate_public_key;
-                pub use crate::mlkem512::validate_private_key;
-            }
-        }
-
-        #[cfg(feature = "mlkem768")]
-        #[cfg_attr(docsrs, doc(cfg(all(feature = "kyber", feature = "mlkem768"))))]
-        pub mod kyber768 {
-            //! Kyber 768 (NIST PQC Round 3)
-            cfg_no_eurydice! {
-                pub use crate::mlkem768::kyber::generate_key_pair;
-                pub use crate::mlkem768::kyber::decapsulate;
-                pub use crate::mlkem768::kyber::encapsulate;
-                pub use crate::mlkem768::validate_public_key;
-                pub use crate::mlkem768::validate_private_key;
-            }
-        }
-
-        #[cfg(feature = "mlkem1024")]
-        #[cfg_attr(docsrs, doc(cfg(all(feature = "kyber", feature = "mlkem1024"))))]
-        pub mod kyber1024 {
-            //! Kyber 1024 (NIST PQC Round 3)
-            cfg_no_eurydice! {
-                pub use crate::mlkem1024::kyber::generate_key_pair;
-                pub use crate::mlkem1024::kyber::decapsulate;
-                pub use crate::mlkem1024::kyber::encapsulate;
-                pub use crate::mlkem1024::validate_public_key;
-                pub use crate::mlkem1024::validate_private_key;
-            }
-        }
-    }
-}
-
-// Verified ML-KEM implementation.
-// The proofs are in
-// - correctness: ../proofs/fstar/extraction-edited
-// - secret independence: ../proofs/fstar/extraction-secret-independent
+// The THIR body of item
+// DefId(0:986 ~ libcrux[92b3]::kem::kyber768::parameters::COEFFICIENTS_IN_RING_ELEMENT)
+// was stolen.
 //
-// When #221 is completed, this code will be removed and replaced with the, then
-// verified, code above.
-cfg_verified! {
-    mod kem;
-
-    // Variants
+// This is being tracked in https://github.com/hacspec/hacspec-v2/issues/27
+pub(crate) mod constants;
+
+/// Helpers for verification and extraction
+mod helper;
+
+mod constant_time_ops;
+mod hash_functions;
+mod ind_cca;
+mod ind_cpa;
+mod invert_ntt;
+mod matrix;
+mod ntt;
+mod polynomial;
+mod sampling;
+mod serialize;
+mod types;
+mod utils;
+mod variant;
+mod vector;
+
+#[cfg(feature = "mlkem512")]
+#[cfg_attr(docsrs, doc(cfg(feature = "mlkem512")))]
+pub mod mlkem512;
+
+#[cfg(feature = "mlkem768")]
+#[cfg_attr(docsrs, doc(cfg(feature = "mlkem768")))]
+pub mod mlkem768;
+
+#[cfg(feature = "mlkem1024")]
+#[cfg_attr(docsrs, doc(cfg(feature = "mlkem1024")))]
+pub mod mlkem1024;
+
+pub use constants::SHARED_SECRET_SIZE;
+
+pub use ind_cca::{MlKemSharedSecret, ENCAPS_SEED_SIZE, KEY_GENERATION_SEED_SIZE};
+
+// These types all have type aliases for the different variants.
+pub use types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey};
+
+cfg_kyber! {
     #[cfg(feature = "mlkem512")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "mlkem512")))]
-    pub mod mlkem512 {
-        //! ML-KEM 512
-        pub use crate::kem::kyber::kyber512::*;
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "kyber", feature = "mlkem512"))))]
+    pub mod kyber512 {
+        //! Kyber 512 (NIST PQC Round 3)
+        cfg_no_eurydice! {
+            pub use crate::mlkem512::kyber::generate_key_pair;
+            pub use crate::mlkem512::kyber::decapsulate;
+            pub use crate::mlkem512::kyber::encapsulate;
+            pub use crate::mlkem512::validate_public_key;
+            pub use crate::mlkem512::validate_private_key;
+        }
     }
 
     #[cfg(feature = "mlkem768")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "mlkem768")))]
-    pub mod mlkem768 {
-        //! ML-KEM 768
-        pub use crate::kem::kyber::kyber768::*;
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "kyber", feature = "mlkem768"))))]
+    pub mod kyber768 {
+        //! Kyber 768 (NIST PQC Round 3)
+        cfg_no_eurydice! {
+            pub use crate::mlkem768::kyber::generate_key_pair;
+            pub use crate::mlkem768::kyber::decapsulate;
+            pub use crate::mlkem768::kyber::encapsulate;
+            pub use crate::mlkem768::validate_public_key;
+            pub use crate::mlkem768::validate_private_key;
+        }
     }
 
     #[cfg(feature = "mlkem1024")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "mlkem1024")))]
-    pub mod mlkem1024 {
-        //! ML-KEM 1024
-        pub use crate::kem::kyber::kyber1024::*;
+    #[cfg_attr(docsrs, doc(cfg(all(feature = "kyber", feature = "mlkem1024"))))]
+    pub mod kyber1024 {
+        //! Kyber 1024 (NIST PQC Round 3)
+        cfg_no_eurydice! {
+            pub use crate::mlkem1024::kyber::generate_key_pair;
+            pub use crate::mlkem1024::kyber::decapsulate;
+            pub use crate::mlkem1024::kyber::encapsulate;
+            pub use crate::mlkem1024::validate_public_key;
+            pub use crate::mlkem1024::validate_private_key;
+        }
     }
-
-    /// The size of an ML-KEM shared secret.
-    pub const SHARED_SECRET_SIZE: usize = kem::kyber::constants::SHARED_SECRET_SIZE;
-    /// An ML-KEM shared secret.
-    ///
-    /// A byte array of size [`SHARED_SECRET_SIZE`].
-    pub use kem::kyber::MlKemSharedSecret;
-    /// Seed size for encapsulation
-    pub const ENCAPS_SEED_SIZE: usize = kem::kyber::constants::SHARED_SECRET_SIZE;
-    /// Seed size for key generation
-    pub const KEY_GENERATION_SEED_SIZE: usize = kem::kyber::KEY_GENERATION_SEED_SIZE;
-    // These types all have type aliases for the different variants.
-    pub use kem::kyber::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey};
 }
diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs
index 01c2d987d..29a90874c 100644
--- a/libcrux-ml-kem/src/matrix.rs
+++ b/libcrux-ml-kem/src/matrix.rs
@@ -35,7 +35,7 @@ pub(crate) fn sample_matrix_A<const K: usize, Vector: Operations, Hasher: Hash<K
                 }
             }
         }
-    };
+    }
     ()
 }
 
diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs
index 52f2b8d21..175ee8d2e 100644
--- a/libcrux-ml-kem/src/mlkem1024.rs
+++ b/libcrux-ml-kem/src/mlkem1024.rs
@@ -61,7 +61,7 @@ macro_rules! instantiate {
                         RANKED_BYTES_PER_RING_ELEMENT_1024,
                         CPA_PKE_PUBLIC_KEY_SIZE_1024,
                     >(&public_key.value)
-                
+
             }
 
             /// Validate a private key.
@@ -76,7 +76,7 @@ macro_rules! instantiate {
                         SECRET_KEY_SIZE_1024,
                         CPA_PKE_CIPHERTEXT_SIZE_1024,
                     >(private_key, ciphertext)
-                
+
             }
 
             /// Validate the private key only.
@@ -106,7 +106,7 @@ macro_rules! instantiate {
                         ETA1,
                         ETA1_RANDOMNESS_SIZE,
                     >(randomness)
-                
+
             }
 
             /// Generate ML-KEM 1024 Key Pair
@@ -122,7 +122,7 @@ macro_rules! instantiate {
                         ETA1,
                         ETA1_RANDOMNESS_SIZE,
                     >(randomness)
-                
+
             }
 
             /// Encapsulate ML-KEM 1024
@@ -149,7 +149,7 @@ macro_rules! instantiate {
                         ETA2,
                         ETA2_RANDOMNESS_SIZE,
                     >(public_key, randomness)
-                
+
             }
 
             /// Encapsulate Kyber 1024
@@ -178,7 +178,7 @@ macro_rules! instantiate {
                         ETA2,
                         ETA2_RANDOMNESS_SIZE,
                     >(public_key, randomness)
-                
+
             }
 
             /// Decapsulate ML-KEM 1024
@@ -207,7 +207,7 @@ macro_rules! instantiate {
                         ETA2_RANDOMNESS_SIZE,
                         IMPLICIT_REJECTION_HASH_INPUT_SIZE,
                     >(private_key, ciphertext)
-                
+
             }
 
             /// Decapsulate Kyber 1024
@@ -238,7 +238,7 @@ macro_rules! instantiate {
                         ETA2_RANDOMNESS_SIZE,
                         IMPLICIT_REJECTION_HASH_INPUT_SIZE,
                     >(private_key, ciphertext)
-                
+
             }
 
             /// Unpacked APIs that don't use serialized keys.
@@ -318,7 +318,7 @@ macro_rules! instantiate {
                             RANKED_BYTES_PER_RING_ELEMENT_1024,
                             CPA_PKE_PUBLIC_KEY_SIZE_1024,
                         >(public_key, unpacked_public_key)
-                    
+
                 }
 
                 /// Generate ML-KEM 1024 Key Pair in "unpacked" form.
@@ -344,7 +344,7 @@ macro_rules! instantiate {
                             ETA1,
                             ETA1_RANDOMNESS_SIZE,
                         >(randomness, key_pair)
-                    
+
                 }
 
                 /// Encapsulate ML-KEM 1024 (unpacked)
@@ -386,7 +386,7 @@ macro_rules! instantiate {
                             ETA2,
                             ETA2_RANDOMNESS_SIZE,
                         >(public_key, randomness)
-                    
+
                 }
 
                 /// Decapsulate ML-KEM 1024 (unpacked)
@@ -416,7 +416,7 @@ macro_rules! instantiate {
                             ETA2_RANDOMNESS_SIZE,
                             IMPLICIT_REJECTION_HASH_INPUT_SIZE,
                         >(private_key, ciphertext)
-                    
+
                 }
             }
         }
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index 69eb1656f..bb769cf1a 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -1,23 +1,29 @@
 use crate::{
     hax_utils::hax_debug_assert,
-    polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, get_zeta},
+    polynomial::{get_zeta, PolynomialRingElement, VECTORS_IN_RING_ELEMENT},
     vector::{montgomery_multiply_fe, Operations},
 };
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
    let ntt_re_range_2 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+)]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
     let ntt_re_range_1 (#v_Vector: Type0)
             {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
             (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
         forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
-                (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+                (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+)]
 #[hax_lib::requires(fstar!("v ${*zeta_i} == 63 /\\
     ntt_re_range_2 $re"))]
 #[hax_lib::ensures(|result| fstar!("ntt_re_range_1 ${re}_future /\\
@@ -34,41 +40,50 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
-        hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4 /\\
+        hax_lib::loop_invariant!(|round: usize| {
+            fstar!(
+                "v zeta_i == v $_zeta_i_init + v $round * 4 /\\
           (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (11207+5*3328)
               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+            )
+        });
         *zeta_i += 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::ntt_layer_1_step(
             re.coefficients[round],
-            get_zeta (*zeta_i),
-            get_zeta (*zeta_i + 1),
-            get_zeta (*zeta_i + 2),
-            get_zeta (*zeta_i + 3),
+            get_zeta(*zeta_i),
+            get_zeta(*zeta_i + 1),
+            get_zeta(*zeta_i + 2),
+            get_zeta(*zeta_i + 3),
         );
         *zeta_i += 3;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
-        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
+        hax_lib::fstar!(
+            "assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
+        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
+        );
     }
     ()
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
    let ntt_re_range_3 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+)]
 #[hax_lib::requires(fstar!("v ${*zeta_i} == 31 /\\
     ntt_re_range_3 $re"))]
 #[hax_lib::ensures(|result| fstar!("ntt_re_range_2 ${re}_future /\\
@@ -85,39 +100,48 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
-        hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2 /\\
+        hax_lib::loop_invariant!(|round: usize| {
+            fstar!(
+                "v zeta_i == v $_zeta_i_init + v $round * 2 /\\
           (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (11207+4*3328)
               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+            )
+        });
         *zeta_i += 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::ntt_layer_2_step(
             re.coefficients[round],
-            get_zeta (*zeta_i),
-            get_zeta (*zeta_i + 1),
+            get_zeta(*zeta_i),
+            get_zeta(*zeta_i + 1),
         );
         *zeta_i += 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
+        hax_lib::fstar!(
+            "assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
+        );
     }
     ()
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
    let ntt_re_range_4 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+)]
 #[hax_lib::requires(fstar!("v ${*zeta_i} == 15 /\\
     ntt_re_range_4 $re"))]
 #[hax_lib::ensures(|result| fstar!("ntt_re_range_3 ${re}_future /\\
@@ -134,23 +158,31 @@ pub(crate) fn ntt_at_layer_3<Vector: Operations>(
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
-        hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round /\\
+        hax_lib::loop_invariant!(|round: usize| {
+            fstar!(
+                "v zeta_i == v $_zeta_i_init + v $round /\\
           (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (11207+3*3328)
               (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+            )
+        });
         *zeta_i += 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+3*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] =
-            Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i));
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+            Vector::ntt_layer_3_step(re.coefficients[round], get_zeta(*zeta_i));
+        hax_lib::fstar!(
+            "reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
             (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"
+        );
+        hax_lib::fstar!(
+            "assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
+        );
     }
     ()
 }
@@ -211,7 +243,7 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
             let (x, y) = ntt_layer_int_vec_step(
                 re.coefficients[j],
                 re.coefficients[j + step_vec],
-                get_zeta (*zeta_i),
+                get_zeta(*zeta_i),
             );
             re.coefficients[j] = x;
             re.coefficients[j + step_vec] = y;
@@ -223,7 +255,9 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
 //We should make the loops inside this function `opaque_to_smt` to get it work
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
    let ntt_layer_7_pre (#v_Vector: Type0)
         {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
         (re_0 re_1: v_Vector) =
@@ -238,7 +272,8 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
     (forall i. i < 16 ==> 
       Spec.Utils.is_intb (pow2 15 - 1) 
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + 
-          v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))")]
+          v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"
+)]
 #[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
     (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
 pub(crate) fn ntt_at_layer_7<Vector: Operations>(re: &mut PolynomialRingElement<Vector>) {
@@ -247,9 +282,13 @@ pub(crate) fn ntt_at_layer_7<Vector: Operations>(re: &mut PolynomialRingElement<
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for j in 0..step {
-        hax_lib::loop_invariant!(|j: usize| { fstar!("(v j < 8 ==>
+        hax_lib::loop_invariant!(|j: usize| {
+            fstar!(
+                "(v j < 8 ==>
           (forall (i:nat). (i >= v j /\\ i < 8) ==>
-            ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))") });
+            ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))"
+            )
+        });
         hax_lib::fstar!("reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #$:Vector)");
         let t = Vector::multiply_by_constant(re.coefficients[j + step], -1600);
         re.coefficients[j + step] = Vector::sub(re.coefficients[j], &t);
@@ -275,11 +314,11 @@ pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
 
     let mut zeta_i = 1;
     ntt_at_layer_4_plus(&mut zeta_i, re, 6, 11207);
-    ntt_at_layer_4_plus(&mut zeta_i, re, 5, 11207+3328);
-    ntt_at_layer_4_plus(&mut zeta_i, re, 4, 11207+2*3328);
-    ntt_at_layer_3(&mut zeta_i, re, 3, 11207+3*3328);
-    ntt_at_layer_2(&mut zeta_i, re, 2, 11207+4*3328);
-    ntt_at_layer_1(&mut zeta_i, re, 1, 11207+5*3328);
+    ntt_at_layer_4_plus(&mut zeta_i, re, 5, 11207 + 3328);
+    ntt_at_layer_4_plus(&mut zeta_i, re, 4, 11207 + 2 * 3328);
+    ntt_at_layer_3(&mut zeta_i, re, 3, 11207 + 3 * 3328);
+    ntt_at_layer_2(&mut zeta_i, re, 2, 11207 + 4 * 3328);
+    ntt_at_layer_1(&mut zeta_i, re, 1, 11207 + 5 * 3328);
 
     re.poly_barrett_reduce()
 }
@@ -299,12 +338,12 @@ pub(crate) fn ntt_vector_u<const VECTOR_U_COMPRESSION_FACTOR: usize, Vector: Ope
     let mut zeta_i = 0;
 
     ntt_at_layer_4_plus(&mut zeta_i, re, 7, 3328);
-    ntt_at_layer_4_plus(&mut zeta_i, re, 6, 2*3328);
-    ntt_at_layer_4_plus(&mut zeta_i, re, 5, 3*3328);
-    ntt_at_layer_4_plus(&mut zeta_i, re, 4, 4*3328);
-    ntt_at_layer_3(&mut zeta_i, re, 3, 5*3328);
-    ntt_at_layer_2(&mut zeta_i, re, 2, 6*3328);
-    ntt_at_layer_1(&mut zeta_i, re, 1, 7*3328);
+    ntt_at_layer_4_plus(&mut zeta_i, re, 6, 2 * 3328);
+    ntt_at_layer_4_plus(&mut zeta_i, re, 5, 3 * 3328);
+    ntt_at_layer_4_plus(&mut zeta_i, re, 4, 4 * 3328);
+    ntt_at_layer_3(&mut zeta_i, re, 3, 5 * 3328);
+    ntt_at_layer_2(&mut zeta_i, re, 2, 6 * 3328);
+    ntt_at_layer_1(&mut zeta_i, re, 1, 7 * 3328);
 
     re.poly_barrett_reduce()
 }
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index d62225b59..9460a0cba 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -1,40 +1,61 @@
 use crate::vector::{to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR};
 
 pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = {
-    hax_lib::fstar!("assert_norm (pow2 16 == 65536)"); [
-    -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468,
-    573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571,
-    1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469,
-    -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275,
-    -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246,
-    778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097,
-    603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185,
-    -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628,
-]};
+    hax_lib::fstar!("assert_norm (pow2 16 == 65536)");
+    [
+        -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474,
+        1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411,
+        -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618,
+        -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725,
+        448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235,
+        -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872,
+        349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218,
+        -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108,
+        -308, 996, 991, 958, -1460, 1522, 1628,
+    ]
+};
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(i < 128)]
 #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 1664 result"))]
-pub fn get_zeta(i:usize) -> i16 {
+pub fn get_zeta(i: usize) -> i16 {
     ZETAS_TIMES_MONTGOMERY_R[i]
 }
 
 pub(crate) const VECTORS_IN_RING_ELEMENT: usize =
     super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR;
 
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0)
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0)
     {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
     (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r =
-    createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i]))"))]
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_vector_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0)
+    createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i]))"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "let to_spec_vector_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0)
     {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
     (m:t_Array (t_PolynomialRingElement v_Vector) r) : Spec.MLKEM.vector r =
-    createi r (fun i -> to_spec_poly_t #v_Vector (m.[i]))"))]
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_poly_t (#v_Vector: Type0)
+    createi r (fun i -> to_spec_poly_t #v_Vector (m.[i]))"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "let to_spec_poly_t (#v_Vector: Type0)
     {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
     (p: t_PolynomialRingElement v_Vector) : Spec.MLKEM.polynomial =
-    admit()"))]
+    admit()"
+    )
+)]
 // XXX: We don't want to copy this. But for eurydice we have to have this.
 #[derive(Clone, Copy)]
 pub(crate) struct PolynomialRingElement<Vector: Operations> {
@@ -220,10 +241,10 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
             out.coefficients[i] = Vector::ntt_multiply(
                 &self.coefficients[i],
                 &rhs.coefficients[i],
-                get_zeta (64 + 4 * i),
-                get_zeta (64 + 4 * i + 1),
-                get_zeta (64 + 4 * i + 2),
-                get_zeta (64 + 4 * i + 3),
+                get_zeta(64 + 4 * i),
+                get_zeta(64 + 4 * i + 1),
+                get_zeta(64 + 4 * i + 2),
+                get_zeta(64 + 4 * i + 3),
             );
         }
 
diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs
index 1a140d1a8..9f17bf8c1 100644
--- a/libcrux-ml-kem/src/sampling.rs
+++ b/libcrux-ml-kem/src/sampling.rs
@@ -1,6 +1,6 @@
 use crate::{
-    constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*,
-    helper::cloop, polynomial::PolynomialRingElement, vector::Operations,
+    constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, helper::cloop,
+    polynomial::PolynomialRingElement, vector::Operations,
 };
 
 /// If `bytes` contains a set of uniformly random bytes, this function
@@ -163,8 +163,10 @@ pub(super) fn sample_from_xof<const K: usize, Vector: Operations, Hasher: Hash<K
 fn sample_from_binomial_distribution_2<Vector: Operations>(
     randomness: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v (sz 2 *! sz 64) == 128);
-        assert (Seq.length $randomness == 128)");
+    hax_lib::fstar!(
+        "assert (v (sz 2 *! sz 64) == 128);
+        assert (Seq.length $randomness == 128)"
+    );
     let mut sampled_i16s = [0i16; 256];
 
     cloop! {
@@ -212,8 +214,10 @@ fn sample_from_binomial_distribution_2<Vector: Operations>(
 fn sample_from_binomial_distribution_3<Vector: Operations>(
     randomness: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v (sz 3 *! sz 64) == 192);
-        assert (Seq.length $randomness == 192)");
+    hax_lib::fstar!(
+        "assert (v (sz 3 *! sz 64) == 192);
+        assert (Seq.length $randomness == 192)"
+    );
     let mut sampled_i16s = [0i16; 256];
 
     cloop! {
@@ -261,9 +265,11 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
 pub(super) fn sample_from_binomial_distribution<const ETA: usize, Vector: Operations>(
     randomness: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (
+    hax_lib::fstar!(
+        "assert (
         (v (cast $ETA <: u32) == 2) \\/
-        (v (cast $ETA <: u32) == 3))");
+        (v (cast $ETA <: u32) == 3))"
+    );
     match ETA as u32 {
         2 => sample_from_binomial_distribution_2(randomness),
         3 => sample_from_binomial_distribution_3(randomness),
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index f6b196aa7..211b1a08b 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -1,31 +1,37 @@
+#[cfg(hax)]
+use crate::{constants::COEFFICIENTS_IN_RING_ELEMENT, vector::FIELD_MODULUS};
 use crate::{
-    constants::{COEFFICIENTS_IN_RING_ELEMENT, BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE},
+    constants::{BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE},
     helper::cloop,
     polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT},
-    vector::{decompress_1, to_unsigned_representative, Operations, FIELD_MODULUS},
+    vector::{decompress_1, to_unsigned_representative, Operations},
 };
 
 #[inline(always)]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
 let coefficients_field_modulus_range (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i)")]
-#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+    forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i)"
+)]
+#[hax_lib::fstar::before(
+    interface,
+    "[@@ \"opaque_to_smt\"]
 let field_modulus_range (#v_Vector: Type0)
         {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
         (a: v_Vector) =
     let coef = Libcrux_ml_kem.Vector.Traits.f_to_i16_array a in
     forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v $FIELD_MODULUS) /\\
-        v (Seq.index coef i) < v $FIELD_MODULUS")]
+        v (Seq.index coef i) < v $FIELD_MODULUS"
+)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!("field_modulus_range $a"))]
 #[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==>
     v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) >= 0 /\\
     v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) < v $FIELD_MODULUS"))]
-pub(super) fn to_unsigned_field_modulus<Vector: Operations>(
-    a: Vector,
-) -> Vector {
+pub(super) fn to_unsigned_field_modulus<Vector: Operations>(a: Vector) -> Vector {
     hax_lib::fstar!("reveal_opaque (`%field_modulus_range) (field_modulus_range #$:Vector)");
     to_unsigned_representative::<Vector>(a)
 }
@@ -42,11 +48,17 @@ pub(super) fn compress_then_serialize_message<Vector: Operations>(
 ) -> [u8; SHARED_SECRET_SIZE] {
     let mut serialized = [0u8; SHARED_SECRET_SIZE];
     for i in 0..16 {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < 16 ==>
-            coefficients_field_modulus_range $re") });
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "v $i < 16 ==>
+            coefficients_field_modulus_range $re"
+            )
+        });
         hax_lib::fstar!("assert (2 * v $i + 2 <= 32)");
-        hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range)
-            (coefficients_field_modulus_range #$:Vector)");
+        hax_lib::fstar!(
+            "reveal_opaque (`%coefficients_field_modulus_range)
+            (coefficients_field_modulus_range #$:Vector)"
+        );
         let coefficient = to_unsigned_field_modulus(re.coefficients[i]);
         let coefficient_compressed = Vector::compress_1(coefficient);
 
@@ -87,11 +99,17 @@ pub(super) fn serialize_uncompressed_ring_element<Vector: Operations>(
     hax_lib::fstar!("assert_norm (pow2 12 == 4096)");
     let mut serialized = [0u8; BYTES_PER_RING_ELEMENT];
     for i in 0..VECTORS_IN_RING_ELEMENT {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\
-            v $i < 16 ==> coefficients_field_modulus_range $re") });
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "v $i >= 0 /\\ v $i <= 16 /\\
+            v $i < 16 ==> coefficients_field_modulus_range $re"
+            )
+        });
         hax_lib::fstar!("assert (24 * v $i + 24 <= 384)");
-        hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range)
-            (coefficients_field_modulus_range #$:Vector)");
+        hax_lib::fstar!(
+            "reveal_opaque (`%coefficients_field_modulus_range)
+            (coefficients_field_modulus_range #$:Vector)"
+        );
         let coefficient = to_unsigned_field_modulus(re.coefficients[i]);
 
         let bytes = Vector::serialize_12(coefficient);
@@ -161,17 +179,11 @@ fn deserialize_to_reduced_ring_element<Vector: Operations>(
     fstar!("forall (i:nat). i < v $K ==>
         coefficients_field_modulus_range (Seq.index $result i)")
 )]
-pub(super) fn deserialize_ring_elements_reduced_out<
-    const K: usize,
-    Vector: Operations,
->(
+pub(super) fn deserialize_ring_elements_reduced_out<const K: usize, Vector: Operations>(
     public_key: &[u8],
 ) -> [PolynomialRingElement<Vector>; K] {
     let mut deserialized_pk = core::array::from_fn(|_i| PolynomialRingElement::<Vector>::ZERO());
-    deserialize_ring_elements_reduced::<K, Vector>(
-        public_key,
-        &mut deserialized_pk,
-    );
+    deserialize_ring_elements_reduced::<K, Vector>(public_key, &mut deserialized_pk);
     deserialized_pk
 }
 
@@ -186,10 +198,7 @@ pub(super) fn deserialize_ring_elements_reduced_out<
     fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${deserialized_pk}_future == 
         Spec.MLKEM.vector_decode_12 #$K $public_key")
 )]
-pub(super) fn deserialize_ring_elements_reduced<
-    const K: usize,
-    Vector: Operations,
->(
+pub(super) fn deserialize_ring_elements_reduced<const K: usize, Vector: Operations>(
     public_key: &[u8],
     deserialized_pk: &mut [PolynomialRingElement<Vector>; K],
 ) {
@@ -213,13 +222,18 @@ fn compress_then_serialize_10<const OUT_LEN: usize, Vector: Operations>(
     hax_lib::fstar!("assert_norm (pow2 10 == 1024)");
     let mut serialized = [0u8; OUT_LEN];
     for i in 0..VECTORS_IN_RING_ELEMENT {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\
-            v $i < 16 ==> coefficients_field_modulus_range $re") });
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "v $i >= 0 /\\ v $i <= 16 /\\
+            v $i < 16 ==> coefficients_field_modulus_range $re"
+            )
+        });
         hax_lib::fstar!("assert (20 * v $i + 20 <= 320)");
-        hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range)
-            (coefficients_field_modulus_range #$:Vector)");
-        let coefficient =
-            Vector::compress::<10>(to_unsigned_field_modulus(re.coefficients[i]));
+        hax_lib::fstar!(
+            "reveal_opaque (`%coefficients_field_modulus_range)
+            (coefficients_field_modulus_range #$:Vector)"
+        );
+        let coefficient = Vector::compress::<10>(to_unsigned_field_modulus(re.coefficients[i]));
 
         let bytes = Vector::serialize_10(coefficient);
         serialized[20 * i..20 * i + 20].copy_from_slice(&bytes);
@@ -258,10 +272,12 @@ pub(super) fn compress_then_serialize_ring_element_u<
 >(
     re: &PolynomialRingElement<Vector>,
 ) -> [u8; OUT_LEN] {
-    hax_lib::fstar!("assert (
+    hax_lib::fstar!(
+        "assert (
         (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/
         (v (cast $COMPRESSION_FACTOR <: u32) == 11));
-        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)");
+        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"
+    );
     match COMPRESSION_FACTOR as u32 {
         10 => compress_then_serialize_10(re),
         11 => compress_then_serialize_11(re),
@@ -285,13 +301,18 @@ fn compress_then_serialize_4<Vector: Operations>(
     // for the following bug https://github.com/hacspec/hax/issues/720
     for i in 0..VECTORS_IN_RING_ELEMENT {
         // NOTE: Using `$serialized` in loop_invariant doesn't work here
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\
-            v $i < 16 ==> (Seq.length serialized == 128 /\\ coefficients_field_modulus_range $re)") });
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "v $i >= 0 /\\ v $i <= 16 /\\
+            v $i < 16 ==> (Seq.length serialized == 128 /\\ coefficients_field_modulus_range $re)"
+            )
+        });
         hax_lib::fstar!("assert (8 * v $i + 8 <= 128)");
-        hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range)
-            (coefficients_field_modulus_range #$:Vector)");
-        let coefficient =
-            Vector::compress::<4>(to_unsigned_field_modulus(re.coefficients[i]));
+        hax_lib::fstar!(
+            "reveal_opaque (`%coefficients_field_modulus_range)
+            (coefficients_field_modulus_range #$:Vector)"
+        );
+        let coefficient = Vector::compress::<4>(to_unsigned_field_modulus(re.coefficients[i]));
 
         let bytes = Vector::serialize_4(coefficient);
         serialized[8 * i..8 * i + 8].copy_from_slice(&bytes);
@@ -343,10 +364,12 @@ pub(super) fn compress_then_serialize_ring_element_v<
     re: PolynomialRingElement<Vector>,
     out: &mut [u8],
 ) {
-    hax_lib::fstar!("assert (
+    hax_lib::fstar!(
+        "assert (
         (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/
         (v (cast $COMPRESSION_FACTOR <: u32) == 5));
-        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)");
+        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"
+    );
     match COMPRESSION_FACTOR as u32 {
         4 => compress_then_serialize_4(re, out),
         5 => compress_then_serialize_5(re, out),
@@ -411,9 +434,11 @@ pub(super) fn deserialize_then_decompress_ring_element_u<
 >(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (
+    hax_lib::fstar!(
+        "assert (
         (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/
-        (v (cast $COMPRESSION_FACTOR <: u32) == 11))");
+        (v (cast $COMPRESSION_FACTOR <: u32) == 11))"
+    );
     match COMPRESSION_FACTOR as u32 {
         10 => deserialize_then_decompress_10(serialized),
         11 => deserialize_then_decompress_11(serialized),
@@ -477,9 +502,11 @@ pub(super) fn deserialize_then_decompress_ring_element_v<
 >(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (
+    hax_lib::fstar!(
+        "assert (
         (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/
-        (v (cast $COMPRESSION_FACTOR <: u32) == 5))");
+        (v (cast $COMPRESSION_FACTOR <: u32) == 5))"
+    );
     match COMPRESSION_FACTOR as u32 {
         4 => deserialize_then_decompress_4(serialized),
         5 => deserialize_then_decompress_5(serialized),
diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs
index 3193ba19d..ec055f816 100644
--- a/libcrux-ml-kem/src/utils.rs
+++ b/libcrux-ml-kem/src/utils.rs
@@ -15,9 +15,13 @@ pub(crate) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
     out[0..slice.len()].copy_from_slice(slice);
     hax_lib::fstar!("assert (Seq.slice out 0 (Seq.length slice) == slice)");
     hax_lib::fstar!("assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN))");
-    hax_lib::fstar!("assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i)");
+    hax_lib::fstar!(
+        "assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i)"
+    );
     hax_lib::fstar!("assert (forall i. (i >= Seq.length slice && i < v v_LEN) ==> Seq.index out i == Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice))");
-    hax_lib::fstar!("Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy))");
+    hax_lib::fstar!(
+        "Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy))"
+    );
     out
 }
 
@@ -30,20 +34,20 @@ pub(crate) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
                 v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\\
                 Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)")
 )]
-pub(crate) fn prf_input_inc<
-    const K: usize,
->(
+pub(crate) fn prf_input_inc<const K: usize>(
     prf_inputs: &mut [[u8; 33]; K],
     mut domain_separator: u8,
 ) -> u8 {
     let _domain_separator_init = domain_separator;
     let _prf_inputs_init = prf_inputs.clone();
     for i in 0..K {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
           (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
             prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
           (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\\
-            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)") });
+            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)")
+        });
         prf_inputs[i][32] = domain_separator;
         domain_separator += 1;
     }
diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs
index 080559de4..0cdfa024b 100644
--- a/libcrux-ml-kem/src/variant.rs
+++ b/libcrux-ml-kem/src/variant.rs
@@ -101,8 +101,10 @@ impl Variant for MlKem {
         let mut seed = [0u8; CPA_PKE_KEY_GENERATION_SEED_SIZE + 1];
         seed[0..CPA_PKE_KEY_GENERATION_SEED_SIZE].copy_from_slice(key_generation_seed);
         seed[CPA_PKE_KEY_GENERATION_SEED_SIZE] = K as u8;
-        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #33 $seed
-            (Seq.append $key_generation_seed (Seq.create 1 (cast $K <: u8)))");
+        hax_lib::fstar!(
+            "Lib.Sequence.eq_intro #u8 #33 $seed
+            (Seq.append $key_generation_seed (Seq.create 1 (cast $K <: u8)))"
+        );
         Hasher::G(&seed)
     }
 }
diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs
index 069ab7c08..53219f3be 100644
--- a/libcrux-ml-kem/src/vector.rs
+++ b/libcrux-ml-kem/src/vector.rs
@@ -10,8 +10,6 @@
 //! FIXME: This is kyber specific for now.
 
 pub(crate) mod traits;
-use traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R;
-
 pub(crate) use traits::{
     decompress_1, montgomery_multiply_fe, to_standard_domain, to_unsigned_representative,
     Operations, FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS,
diff --git a/libcrux-ml-kem/src/vector/neon/arithmetic.rs b/libcrux-ml-kem/src/vector/neon/arithmetic.rs
index a01daba08..ff3416fe3 100644
--- a/libcrux-ml-kem/src/vector/neon/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/neon/arithmetic.rs
@@ -1,5 +1,5 @@
 use super::vector_type::*;
-use crate::vector::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R};
+use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS};
 use libcrux_intrinsics::arm64::*;
 
 #[inline(always)]
diff --git a/libcrux-ml-kem/src/vector/neon/vector_type.rs b/libcrux-ml-kem/src/vector/neon/vector_type.rs
index d711e7d6e..8ae2fd018 100644
--- a/libcrux-ml-kem/src/vector/neon/vector_type.rs
+++ b/libcrux-ml-kem/src/vector/neon/vector_type.rs
@@ -1,6 +1,6 @@
 use libcrux_intrinsics::arm64::*;
 #[derive(Clone, Copy)]
-#[hax_lib::fstar::after(interface,"val repr (x:t_SIMD128Vector) : t_Array i16 (sz 16)")]
+#[hax_lib::fstar::after(interface, "val repr (x:t_SIMD128Vector) : t_Array i16 (sz 16)")]
 #[hax_lib::fstar::after("let repr (x:t_SIMD128Vector) = admit()")]
 pub struct SIMD128Vector {
     pub low: _int16x8_t,
@@ -36,4 +36,4 @@ pub(crate) fn ZERO() -> SIMD128Vector {
         low: _vdupq_n_s16(0),
         high: _vdupq_n_s16(0),
     }
-}
\ No newline at end of file
+}
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index 7d0752f97..3eb62aa28 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -104,7 +104,7 @@ fn deserialize_12(a: &[u8]) -> PortableVector {
 
 #[hax_lib::fstar::before(r#"#push-options "--z3rlimit 400 --split_queries always""#)]
 #[hax_lib::fstar::after(r#"#pop-options"#)]
-#[hax_lib::attributes] 
+#[hax_lib::attributes]
 impl Operations for PortableVector {
     #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))]
     fn ZERO() -> Self {
@@ -252,7 +252,6 @@ impl Operations for PortableVector {
         inv_ntt_layer_3_step(a, zeta)
     }
 
-    
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
@@ -284,7 +283,7 @@ impl Operations for PortableVector {
     #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))]
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))]
     fn serialize_4(a: Self) -> [u8; 8] {
-       serialize_4(a)
+        serialize_4(a)
     }
 
     #[requires(a.len() == 8)]
diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
index 320e51a09..1eacc5285 100644
--- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
@@ -1,5 +1,8 @@
 use super::vector_type::*;
-use crate::vector::traits::{FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS, BARRETT_SHIFT, BARRETT_R, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R};
+use crate::vector::traits::{
+    BARRETT_R, BARRETT_SHIFT, FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS,
+    INVERSE_OF_MODULUS_MOD_MONTGOMERY_R,
+};
 
 /// If 'x' denotes a value of type `fe`, values having this type hold a
 /// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS).
@@ -23,7 +26,8 @@ pub(crate) const BARRETT_MULTIPLIER: i32 = 20159;
 #[inline(always)]
 pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 {
     let res = value & ((1 << n) - 1);
-    hax_lib::fstar!("calc (==) {
+    hax_lib::fstar!(
+        "calc (==) {
     v res;
     (==) { }
     v (logand value ((1ul <<! n) -! 1ul));
@@ -35,7 +39,8 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 {
     v (logand value ((mk_int (pow2 (v n))) -! (mk_int 1)));
     (==) {Math.Lemmas.pow2_lt_compat 32 (v n); logand_mask_lemma value (v n)}
     v value % (pow2 (v n));
-    }");
+    }"
+    );
     res
 }
 
@@ -49,14 +54,18 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 {
 pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
     let _lhs0 = lhs;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == 
                                      (Seq.index ${_lhs0}.f_elements j) +! (Seq.index ${rhs}.f_elements j)) /\\
-              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") });
+              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))")
+        });
         lhs.elements[i] += rhs.elements[i];
     }
-    hax_lib::fstar!("assert (forall i. v (Seq.index ${lhs}.f_elements i) ==
-    			          v (Seq.index ${_lhs0}.f_elements i) + v (Seq.index ${rhs}.f_elements i))");
+    hax_lib::fstar!(
+        "assert (forall i. v (Seq.index ${lhs}.f_elements i) ==
+    			          v (Seq.index ${_lhs0}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"
+    );
     lhs
 }
 
@@ -69,14 +78,18 @@ pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
 pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
     let _lhs0 = lhs;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == 
                                      (Seq.index ${_lhs0}.f_elements j) -! (Seq.index ${rhs}.f_elements j)) /\\
-              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") });
+              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))")
+        });
         lhs.elements[i] -= rhs.elements[i];
     }
-    hax_lib::fstar!("assert (forall i. v (Seq.index ${lhs}.f_elements i) ==
-    			          v (Seq.index ${_lhs0}.f_elements i) - v (Seq.index ${rhs}.f_elements i))");
+    hax_lib::fstar!(
+        "assert (forall i. v (Seq.index ${lhs}.f_elements i) ==
+    			          v (Seq.index ${_lhs0}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"
+    );
     lhs
 }
 
@@ -89,14 +102,18 @@ pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
 pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==> (Seq.index ${vec}.f_elements j) == 
                                      (Seq.index ${_vec0}.f_elements j) *! c) /\\
-              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") });
+              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))")
+        });
         vec.elements[i] *= c;
     }
-    hax_lib::fstar!("assert (forall i. v (Seq.index ${vec}.f_elements i) ==
-    			          v (Seq.index ${_vec0}.f_elements i) * v c)");
+    hax_lib::fstar!(
+        "assert (forall i. v (Seq.index ${vec}.f_elements i) ==
+    			          v (Seq.index ${_vec0}.f_elements i) * v c)"
+    );
     vec
 }
 
@@ -105,10 +122,12 @@ pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
 pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (Seq.index ${_vec0}.f_elements j &. c)) /\\
-              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") });
+              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)")
+        });
         vec.elements[i] &= c;
     }
     hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)");
@@ -118,14 +137,16 @@ pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVec
 #[inline(always)]
 #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
 #[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> 
-        ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"))]   
+        ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"))]
 pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (Seq.index ${_vec0}.f_elements j >>! ${SHIFT_BY})) /\\
-              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") });
+              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)")
+        });
         vec.elements[i] = vec.elements[i] >> SHIFT_BY;
     }
     hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)");
@@ -142,17 +163,21 @@ pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVect
 pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (let x = Seq.index ${_vec0}.f_elements j in
                                       if x >=. 3329s then x -! 3329s else x)) /\\
-              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") });
+              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)")
+        });
         if vec.elements[i] >= 3329 {
             vec.elements[i] -= 3329
         }
     }
-    hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array 
-                            (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)");
+    hax_lib::fstar!(
+        "Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array 
+                            (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"
+    );
     vec
 }
 
@@ -165,24 +190,27 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
 /// - the absolute value of `result` is bound as follows:
 ///
 /// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1)
-/// 
+///
 /// Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS
-/// 
+///
 #[hax_lib::fstar::options("--z3rlimit 150")]
 #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 28296 value")))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\
                 v result % 3329 == v value % 3329")))]
 pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
     let t = (i32::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1);
-    hax_lib::fstar!("assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329));
-                     assert (v t = v value * v v_BARRETT_MULTIPLIER + pow2 25)");
+    hax_lib::fstar!(
+        "assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329));
+                     assert (v t = v value * v v_BARRETT_MULTIPLIER + pow2 25)"
+    );
     hax_lib::fstar!("assert (v t / pow2 26 < 9)");
     hax_lib::fstar!("assert (v t / pow2 26 > - 9)");
     let quotient = (t >> BARRETT_SHIFT) as i16;
     hax_lib::fstar!("assert (v quotient = v t / pow2 26)");
     hax_lib::fstar!("assert (Spec.Utils.is_i16b 9 quotient)");
     let result = value - (quotient * FIELD_MODULUS);
-    hax_lib::fstar!("calc (==) {
+    hax_lib::fstar!(
+        "calc (==) {
     v result % 3329;
     (==) { }
     (v value - (v quotient * 3329)) % 3329;
@@ -192,7 +220,8 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
     (v value - 0) % 3329;    
     (==) {}
     (v value) % 3329;    
-    }");
+    }"
+    );
     result
 }
 
@@ -205,11 +234,13 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
 pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
                 (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\
                                         v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329))) /\\
                 (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\\
-                                         Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))") });
+                                         Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))")
+        });
         let vi = barrett_reduce_element(vec.elements[i]);
         vec.elements[i] = vi;
         hax_lib::fstar!("assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1);
@@ -233,7 +264,7 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
 ///
 /// In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`.
 /// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664
-/// 
+///
 #[hax_lib::fstar::options("--z3rlimit 500 --split_queries always")]
 #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\
@@ -256,11 +287,13 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
     hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 15) (3329) (cast (k <: i32) <: i16) Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS;
                      assert (Spec.Utils.is_i32b (pow2 15 * 3329) k_times_modulus)");
     let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16;
-    hax_lib::fstar!("assert (v k_times_modulus < pow2 31);
+    hax_lib::fstar!(
+        "assert (v k_times_modulus < pow2 31);
                      assert (v k_times_modulus / pow2 16 < pow2 15);
                      assert (v c == (v k_times_modulus / pow2 16) @% pow2 16);
                      assert(v c == v k_times_modulus / pow2 16); 
-                     assert(Spec.Utils.is_i16b 1665 c)");
+                     assert(Spec.Utils.is_i16b 1665 c)"
+    );
     let value_high = (value >> MONTGOMERY_SHIFT) as i16;
     hax_lib::fstar!("assert (v value < pow2 31);
                      assert (v value / pow2 16 < pow2 15);
@@ -271,7 +304,9 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
                      assert(Spec.Utils.is_i16b 3328 value_high)");
     let res = value_high - c;
     hax_lib::fstar!("assert(Spec.Utils.is_i16b (3328 + 1665) res)");
-    hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res)");
+    hax_lib::fstar!(
+        "assert(Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res)"
+    );
     hax_lib::fstar!("calc ( == ) {
         v k_times_modulus % pow2 16;
           ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) }
@@ -342,12 +377,14 @@ Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
 pub(crate) fn montgomery_multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("
               (forall j. j < v i ==>
 	      	  (let vecj = Seq.index ${vec}.f_elements j in
 		       (Spec.Utils.is_i16b 3328 vecj /\\
                 v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\\
-              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") });
+              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))")
+        });
         vec.elements[i] = montgomery_multiply_fe_by_fer(vec.elements[i], c)
     }
     vec
diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs
index ef533f712..d9628d539 100644
--- a/libcrux-ml-kem/src/vector/portable/compress.rs
+++ b/libcrux-ml-kem/src/vector/portable/compress.rs
@@ -46,10 +46,13 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     // (shifted >> 15) ^ shifted = shifted, and so
     // if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831
     let mask = shifted >> 15;
-    hax_lib::fstar!("assert (v $mask = v $shifted / pow2 15);
-        assert (if v $shifted < 0 then $mask = ones else $mask = zero)");
+    hax_lib::fstar!(
+        "assert (v $mask = v $shifted / pow2 15);
+        assert (if v $shifted < 0 then $mask = ones else $mask = zero)"
+    );
     let shifted_to_positive = mask ^ shifted;
-    hax_lib::fstar!("logxor_lemma $shifted $mask;
+    hax_lib::fstar!(
+        "logxor_lemma $shifted $mask;
         assert (v $shifted < 0 ==> v $shifted_to_positive = v (lognot $shifted));
         neg_equiv_lemma $shifted;
         assert (v (lognot $shifted) = -(v $shifted) -1);
@@ -57,25 +60,30 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
         assert (v $shifted >= 0 ==> $mask = zero);
         assert (v $shifted >= 0 ==> $mask ^. $shifted = $shifted);
         assert (v $shifted >= 0 ==> v $shifted_to_positive = v $shifted);
-        assert ($shifted_to_positive >=. mk_i16 0)");
+        assert ($shifted_to_positive >=. mk_i16 0)"
+    );
 
     let shifted_positive_in_range = shifted_to_positive - 832;
-    hax_lib::fstar!("assert (1664 - v $fe >= 0 ==> v $shifted_positive_in_range == 832 - v $fe);
-        assert (1664 - v $fe < 0 ==> v $shifted_positive_in_range == -2497 + v $fe)");
+    hax_lib::fstar!(
+        "assert (1664 - v $fe >= 0 ==> v $shifted_positive_in_range == 832 - v $fe);
+        assert (1664 - v $fe < 0 ==> v $shifted_positive_in_range == -2497 + v $fe)"
+    );
 
     // If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means
     // the most significant bit of shifted_positive_in_range will be 1.
     let r0 = shifted_positive_in_range >> 15;
     let r1: i16 = r0 & 1;
     let res = r1 as u8;
-    hax_lib::fstar!("assert (v $r0 = v $shifted_positive_in_range / pow2 15);
+    hax_lib::fstar!(
+        "assert (v $r0 = v $shifted_positive_in_range / pow2 15);
         assert (if v $shifted_positive_in_range < 0 then $r0 = ones else $r0 = zero);
         logand_lemma (mk_i16 1) $r0; 
         assert (if v $shifted_positive_in_range < 0 then $r1 = mk_i16 1 else $r1 = mk_i16 0);
         assert ((v $fe >= 833 && v $fe <= 2496) ==> $r1 = mk_i16 1);
         assert (v $fe < 833 ==> $r1 = mk_i16 0);
         assert (v $fe > 2496 ==> $r1 = mk_i16 0);
-        assert (v $res = v $r1)");
+        assert (v $res = v $r1)"
+    );
     res
 }
 
@@ -111,35 +119,52 @@ pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) ->
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::before("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::before(
+        "
 let compress_message_coefficient_range_helper (fe: u16) : Lemma
   (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16))
   (ensures v (cast (compress_message_coefficient fe) <: i16) >= 0 /\\
     v (cast (compress_message_coefficient fe) <: i16) < 2) =
   assert (v (cast (compress_message_coefficient fe) <: i16) >= 0 /\\
     v (cast (compress_message_coefficient fe) <: i16) < 2)
-"))]
+"
+    )
+)]
 #[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")]
 #[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\
     v (Seq.index ${a}.f_elements i) < 3329"))]
 #[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\
     v (${result}.f_elements.[ sz i ] <: i16) < 2"))]
 pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
-    hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <.
-        (cast ($FIELD_MODULUS) <: u16))");
+    hax_lib::fstar!(
+        "assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <.
+        (cast ($FIELD_MODULUS) <: u16))"
+    );
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
             v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\\
             (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\\
-                v (${a}.f_elements.[ sz j ] <: i16) < 2)") });
-        hax_lib::fstar!("compress_message_coefficient_range_helper (cast (${a}.f_elements.[ $i ]) <: u16)");
+                v (${a}.f_elements.[ sz j ] <: i16) < 2)"
+            )
+        });
+        hax_lib::fstar!(
+            "compress_message_coefficient_range_helper (cast (${a}.f_elements.[ $i ]) <: u16)"
+        );
         a.elements[i] = compress_message_coefficient(a.elements[i] as u16) as i16;
-        hax_lib::fstar!("assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\
-            v (${a}.f_elements.[ $i ] <: i16) < 2)");
+        hax_lib::fstar!(
+            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\
+            v (${a}.f_elements.[ $i ] <: i16) < 2)"
+        );
     }
 
-    hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\
-        v (${a}.f_elements.[ sz i ] <: i16) < 2)");
+    hax_lib::fstar!(
+        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\
+        v (${a}.f_elements.[ sz i ] <: i16) < 2)"
+    );
     a
 }
 
@@ -154,23 +179,35 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
 #[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\
     v (${result}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"))]
 pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> PortableVector {
-    hax_lib::fstar!("assert (v (cast ($COEFFICIENT_BITS) <: u8) == v $COEFFICIENT_BITS);
+    hax_lib::fstar!(
+        "assert (v (cast ($COEFFICIENT_BITS) <: u8) == v $COEFFICIENT_BITS);
         assert (v (cast ($COEFFICIENT_BITS) <: u32) == v $COEFFICIENT_BITS);
-        assert (v (cast ($FIELD_MODULUS) <: u16) == 3329)");
-    hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <.
-        (cast ($FIELD_MODULUS) <: u16))");
+        assert (v (cast ($FIELD_MODULUS) <: u16) == 3329)"
+    );
+    hax_lib::fstar!(
+        "assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <.
+        (cast ($FIELD_MODULUS) <: u16))"
+    );
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!(
+                "(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
             v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\\
             (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\\
-                v (${a}.f_elements.[ sz j ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))") });
+                v (${a}.f_elements.[ sz j ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"
+            )
+        });
         a.elements[i] =
             compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, a.elements[i] as u16) as i16;
-        hax_lib::fstar!("assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\
-            v (${a}.f_elements.[ $i ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))");
+        hax_lib::fstar!(
+            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\
+            v (${a}.f_elements.[ $i ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"
+        );
     }
-    hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\
-        v (${a}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))");
+    hax_lib::fstar!(
+        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\
+        v (${a}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"
+    );
     a
 }
 
@@ -186,18 +223,23 @@ pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> Po
 pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
     mut a: PortableVector,
 ) -> PortableVector {
-    hax_lib::fstar!("assert_norm (pow2 1 == 2);
+    hax_lib::fstar!(
+        "assert_norm (pow2 1 == 2);
         assert_norm (pow2 4 == 16);
         assert_norm (pow2 5 == 32);
         assert_norm (pow2 10 == 1024);
-        assert_norm (pow2 11 == 2048)");
+        assert_norm (pow2 11 == 2048)"
+    );
 
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
-        hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
+        hax_lib::loop_invariant!(|i: usize| {
+            fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
             v (Seq.index ${a}.f_elements j) >= 0 /\\  v (Seq.index ${a}.f_elements j) < pow2 (v $COEFFICIENT_BITS))) /\\
             (forall (j:nat). j < v $i ==>
-                v (Seq.index ${a}.f_elements j) < v $FIELD_MODULUS)") });
-        hax_lib::fstar!("assert (v (${a}.f_elements.[ $i ] <: i16) < pow2 11);
+                v (Seq.index ${a}.f_elements j) < v $FIELD_MODULUS)")
+        });
+        hax_lib::fstar!(
+            "assert (v (${a}.f_elements.[ $i ] <: i16) < pow2 11);
           assert (v (${a}.f_elements.[ $i ] <: i16) ==
             v (cast (${a}.f_elements.[ $i ] <: i16) <: i32));
           assert (v ($FIELD_MODULUS <: i16) ==
@@ -205,19 +247,26 @@ pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
           assert (v ((cast (${a}.f_elements.[ $i ] <: i16) <: i32) *!
             (cast ($FIELD_MODULUS <: i16) <: i32)) ==
               v (cast (${a}.f_elements.[ $i ] <: i16) <: i32) *
-                v (cast ($FIELD_MODULUS <: i16) <: i32))");
+                v (cast ($FIELD_MODULUS <: i16) <: i32))"
+        );
         let mut decompressed = a.elements[i] as i32 * FIELD_MODULUS as i32;
-        hax_lib::fstar!("assert (v ($decompressed <<! mk_i32 1) == v $decompressed * 2);
+        hax_lib::fstar!(
+            "assert (v ($decompressed <<! mk_i32 1) == v $decompressed * 2);
           assert (v (mk_i32 1 <<! $COEFFICIENT_BITS) == pow2 (v $COEFFICIENT_BITS));
           assert (v (($decompressed <<! mk_i32 1) +! (mk_i32 1 <<! $COEFFICIENT_BITS)) ==
-            v ($decompressed <<! mk_i32 1) + v (mk_i32 1 <<! $COEFFICIENT_BITS))");
+            v ($decompressed <<! mk_i32 1) + v (mk_i32 1 <<! $COEFFICIENT_BITS))"
+        );
         decompressed = (decompressed << 1) + (1i32 << COEFFICIENT_BITS);
-        hax_lib::fstar!("assert (v ($COEFFICIENT_BITS +! mk_i32 1) == v $COEFFICIENT_BITS + 1);
+        hax_lib::fstar!(
+            "assert (v ($COEFFICIENT_BITS +! mk_i32 1) == v $COEFFICIENT_BITS + 1);
           assert (v ($decompressed >>! ($COEFFICIENT_BITS +! mk_i32 1 <: i32)) ==
-            v $decompressed / pow2 (v $COEFFICIENT_BITS + 1))");
+            v $decompressed / pow2 (v $COEFFICIENT_BITS + 1))"
+        );
         decompressed = decompressed >> (COEFFICIENT_BITS + 1);
-        hax_lib::fstar!("assert (v $decompressed < v $FIELD_MODULUS);
-          assert (v (cast $decompressed <: i16) < v $FIELD_MODULUS)");
+        hax_lib::fstar!(
+            "assert (v $decompressed < v $FIELD_MODULUS);
+          assert (v (cast $decompressed <: i16) < v $FIELD_MODULUS)"
+        );
         a.elements[i] = decompressed as i16;
     }
 
diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs
index 35abf02ce..3cfafc9ea 100644
--- a/libcrux-ml-kem/src/vector/portable/ntt.rs
+++ b/libcrux-ml-kem/src/vector/portable/ntt.rs
@@ -17,7 +17,9 @@ use super::vector_type::*;
                                     Spec.Utils.ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))]
 pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) {
     let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta);
-    hax_lib::fstar!("assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))");
+    hax_lib::fstar!(
+        "assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))"
+    );
     let a_minus_t = vec.elements[i] - t;
     hax_lib::fstar!("
     calc (==) {
@@ -46,8 +48,10 @@ pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize)
     }");
     vec.elements[j] = a_minus_t;
     vec.elements[i] = a_plus_t;
-    hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == a_plus_t);
-                     assert (Seq.index vec.f_elements (v j) == a_minus_t)");
+    hax_lib::fstar!(
+        "assert (Seq.index vec.f_elements (v i) == a_plus_t);
+                     assert (Seq.index vec.f_elements (v j) == a_minus_t)"
+    );
 }
 
 #[inline(always)]
@@ -140,11 +144,13 @@ pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usi
         (v a_minus_b * v zeta * 169) % 3329;
         (==) { }
         ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % 3329;
-    }");     
+    }");
     vec.elements[i] = o0;
     vec.elements[j] = o1;
-    hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == o0);
-                     assert (Seq.index vec.f_elements (v j) == o1)");
+    hax_lib::fstar!(
+        "assert (Seq.index vec.f_elements (v i) == o0);
+                     assert (Seq.index vec.f_elements (v j) == o1)"
+    );
 }
 
 #[inline(always)]
@@ -249,7 +255,9 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::fstar::options("--z3rlimit 250 --split_queries always --query_stats --ext context_prune")]
+#[hax_lib::fstar::options(
+    "--z3rlimit 250 --split_queries always --query_stats --ext context_prune"
+)]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
 #[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\
         Spec.Utils.is_i16b_array 3328 ${a}.f_elements /\\
@@ -274,16 +282,18 @@ pub(crate) fn ntt_multiply_binomials(
     i: usize,
     out: &mut PortableVector,
 ) {
-    let ai = a.elements[2*i];
-    let bi = b.elements[2*i];
-    let aj = a.elements[2*i+1];
-    let bj = b.elements[2*i+1];
-    hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 $ai);
+    let ai = a.elements[2 * i];
+    let bi = b.elements[2 * i];
+    let aj = a.elements[2 * i + 1];
+    let bj = b.elements[2 * i + 1];
+    hax_lib::fstar!(
+        "assert(Spec.Utils.is_i16b 3328 $ai);
                      assert(Spec.Utils.is_i16b 3328 $bi);
                      assert(Spec.Utils.is_i16b 3328 $aj);
                      assert(Spec.Utils.is_i16b 3328 $bj);
-                     assert_norm (3328 * 3328 < pow2 31)");         
-            
+                     assert_norm (3328 * 3328 < pow2 31)"
+    );
+
     hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi");
     let ai_bi = (ai as i32) * (bi as i32);
     hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj");
@@ -331,7 +341,8 @@ pub(crate) fn ntt_multiply_binomials(
     hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) ");
     hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)");
     let o1 = montgomery_reduce_element(ai_bj_aj_bi);
-    hax_lib::fstar!("calc  ( == ) {
+    hax_lib::fstar!(
+        "calc  ( == ) {
         v $o1 % 3329;
         ( == ) { () }
         (v $ai_bj_aj_bi * 169) % 3329;
@@ -341,16 +352,19 @@ pub(crate) fn ntt_multiply_binomials(
         ((v ai * v bj + v aj_bi) * 169) % 3329;
         ( == ) { assert (v aj_bi == v aj * v bi) }
         ((v ai * v bj + v aj * v bi) * 169) % 3329;
-    }");
+    }"
+    );
     let _out0 = out.elements;
-    out.elements[2*i] = o0;
-    out.elements[2*i+1] = o1;
-    hax_lib::fstar!("assert (Seq.index out.f_elements (2 * v i) == o0);
+    out.elements[2 * i] = o0;
+    out.elements[2 * i + 1] = o1;
+    hax_lib::fstar!(
+        "assert (Seq.index out.f_elements (2 * v i) == o0);
                      assert (Seq.index out.f_elements (2 * v i + 1) == o1);
                      assert (Spec.Utils.is_i16b_array 3328 out.f_elements);
                      assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==>
                                         Seq.index out.f_elements k ==
-                                        Seq.index ${_out0} k)");
+                                        Seq.index ${_out0} k)"
+    );
 }
 
 // #[inline(always)]
diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs
index 151c1b31b..550ed5170 100644
--- a/libcrux-ml-kem/src/vector/portable/serialize.rs
+++ b/libcrux-ml-kem/src/vector/portable/serialize.rs
@@ -19,7 +19,10 @@ val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port
   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) 
   (ensures bit_vec_of_int_t_array (${serialize_1} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let serialize_1_lemma inputs =
@@ -28,8 +31,13 @@ let serialize_1_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1))
 
 #pop-options
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16))
@@ -42,38 +50,59 @@ let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[inline(always)]
 pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] {
-    let result0 = (v.elements[0] as u8) | ((v.elements[1] as u8) << 1) |
-        ((v.elements[2] as u8) << 2) | ((v.elements[3] as u8) << 3) |
-        ((v.elements[4] as u8) << 4) | ((v.elements[5] as u8) << 5) |
-        ((v.elements[6] as u8) << 6) | ((v.elements[7] as u8) << 7);
-    let result1 = (v.elements[8] as u8) | ((v.elements[9] as u8) << 1) |
-        ((v.elements[10] as u8) << 2) | ((v.elements[11] as u8) << 3) |
-        ((v.elements[12] as u8) << 4) | ((v.elements[13] as u8) << 5) |
-        ((v.elements[14] as u8) << 6) | ((v.elements[15] as u8) << 7);
-    [
-        result0,
-        result1
-    ]
+    let result0 = (v.elements[0] as u8)
+        | ((v.elements[1] as u8) << 1)
+        | ((v.elements[2] as u8) << 2)
+        | ((v.elements[3] as u8) << 3)
+        | ((v.elements[4] as u8) << 4)
+        | ((v.elements[5] as u8) << 5)
+        | ((v.elements[6] as u8) << 6)
+        | ((v.elements[7] as u8) << 7);
+    let result1 = (v.elements[8] as u8)
+        | ((v.elements[9] as u8) << 1)
+        | ((v.elements[10] as u8) << 2)
+        | ((v.elements[11] as u8) << 3)
+        | ((v.elements[12] as u8) << 4)
+        | ((v.elements[13] as u8) << 5)
+        | ((v.elements[14] as u8) << 6)
+        | ((v.elements[15] as u8) << 7);
+    [result0, result1]
 }
 
 //deserialize_1_bounded_lemma
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "
 val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma
   (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_1} inputs).f_elements i) 1)
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 let deserialize_1_bounded_lemma inputs =
   admit()
-"))]
+"
+    )
+)]
 //deserialize_1_lemma
 #[cfg_attr(hax, hax_lib::fstar::after(interface, "
 val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma
   (ensures bit_vec_of_int_t_array (${deserialize_1} inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let deserialize_1_lemma inputs =
@@ -82,9 +111,14 @@ let deserialize_1_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
 
 #pop-options
-"))]
+"
+    )
+)]
 //deserialize_1_bit_vec_lemma
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2))
@@ -96,7 +130,9 @@ let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[hax_lib::requires(fstar!(r#"
      ${v.len() == 2}
 "#))]
@@ -118,24 +154,12 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector {
     let result13 = ((v[1] >> 5) & 0x1) as i16;
     let result14 = ((v[1] >> 6) & 0x1) as i16;
     let result15 = ((v[1] >> 7) & 0x1) as i16;
-    PortableVector { elements: [
-        result0,
-        result1,
-        result2,
-        result3,
-        result4,
-        result5,
-        result6,
-        result7,
-        result8,
-        result9,
-        result10,
-        result11,
-        result12,
-        result13,
-        result14,
-        result15,
-    ] }
+    PortableVector {
+        elements: [
+            result0, result1, result2, result3, result4, result5, result6, result7, result8,
+            result9, result10, result11, result12, result13, result14, result15,
+        ],
+    }
 }
 
 #[inline(always)]
@@ -155,7 +179,10 @@ val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port
   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) 
   (ensures bit_vec_of_int_t_array (${serialize_4} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let serialize_4_lemma inputs =
@@ -164,8 +191,13 @@ let serialize_4_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 4))
 
 #pop-options
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16))
@@ -178,7 +210,9 @@ let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[inline(always)]
 pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] {
     let result0_3 = serialize_4_int(&v.elements[0..8]);
@@ -212,20 +246,34 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
 }
 
 //deserialize_4_bounded_lemma
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "
 val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma
   (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_4} inputs).f_elements i) 4)
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 let deserialize_4_bounded_lemma inputs =
   admit()
-"))]
+"
+    )
+)]
 //deserialize_4_lemma
 #[cfg_attr(hax, hax_lib::fstar::after(interface, "
 val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma
   (ensures bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let deserialize_4_lemma inputs =
@@ -234,9 +282,14 @@ let deserialize_4_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
 
 #pop-options
-"))]
+"
+    )
+)]
 //deserialize_4_bit_vec_lemma
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8))
@@ -248,7 +301,9 @@ let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[hax_lib::requires(fstar!(r#"
      ${bytes.len() == 8}
 "#))]
@@ -256,24 +311,12 @@ let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8))
 pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector {
     let v0_7 = deserialize_4_int(&bytes[0..4]);
     let v8_15 = deserialize_4_int(&bytes[4..8]);
-    PortableVector { elements: [
-        v0_7.0,
-        v0_7.1,
-        v0_7.2,
-        v0_7.3,
-        v0_7.4,
-        v0_7.5,
-        v0_7.6,
-        v0_7.7,
-        v8_15.0,
-        v8_15.1,
-        v8_15.2,
-        v8_15.3,
-        v8_15.4,
-        v8_15.5,
-        v8_15.6,
-        v8_15.7,
-    ] }
+    PortableVector {
+        elements: [
+            v0_7.0, v0_7.1, v0_7.2, v0_7.3, v0_7.4, v0_7.5, v0_7.6, v0_7.7, v8_15.0, v8_15.1,
+            v8_15.2, v8_15.3, v8_15.4, v8_15.5, v8_15.6, v8_15.7,
+        ],
+    }
 }
 
 #[inline(always)]
@@ -291,7 +334,7 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) {
 
 // #[cfg_attr(hax, hax_lib::fstar::after(interface, "
 // val serialize_5_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma
-//   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 5)) 
+//   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 5))
 //   (ensures bit_vec_of_int_t_array (${serialize_5} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 5)
 // "))]
 // #[cfg_attr(hax, hax_lib::fstar::after("
@@ -299,7 +342,7 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) {
 
 // let serialize_5_lemma inputs =
 //   serialize_5_bit_vec_lemma inputs.f_elements ();
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_5} inputs) 8) 
+//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_5} inputs) 8)
 //     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 5))
 
 // #pop-options
@@ -323,16 +366,7 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] {
     let r0_4 = serialize_5_int(&v.elements[0..8]);
     let r5_9 = serialize_5_int(&v.elements[8..16]);
     [
-        r0_4.0,
-        r0_4.1,
-        r0_4.2,
-        r0_4.3,
-        r0_4.4,
-        r5_9.0,
-        r5_9.1,
-        r5_9.2,
-        r5_9.3,
-        r5_9.4,
+        r0_4.0, r0_4.1, r0_4.2, r0_4.3, r0_4.4, r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4,
     ]
 }
 
@@ -361,7 +395,7 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
 
 // let deserialize_5_lemma inputs =
 //   deserialize_5_bit_vec_lemma inputs;
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5) 
+//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5)
 //     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
 
 // #pop-options
@@ -386,24 +420,12 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
 pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector {
     let v0_7 = deserialize_5_int(&bytes[0..5]);
     let v8_15 = deserialize_5_int(&bytes[5..10]);
-    PortableVector { elements: [
-        v0_7.0,
-        v0_7.1,
-        v0_7.2,
-        v0_7.3,
-        v0_7.4,
-        v0_7.5,
-        v0_7.6,
-        v0_7.7,
-        v8_15.0,
-        v8_15.1,
-        v8_15.2,
-        v8_15.3,
-        v8_15.4,
-        v8_15.5,
-        v8_15.6,
-        v8_15.7,
-    ] }
+    PortableVector {
+        elements: [
+            v0_7.0, v0_7.1, v0_7.2, v0_7.3, v0_7.4, v0_7.5, v0_7.6, v0_7.7, v8_15.0, v8_15.1,
+            v8_15.2, v8_15.3, v8_15.4, v8_15.5, v8_15.6, v8_15.7,
+        ],
+    }
 }
 
 #[inline(always)]
@@ -424,7 +446,10 @@ val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por
   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) 
   (ensures bit_vec_of_int_t_array (${serialize_10} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let serialize_10_lemma inputs =
@@ -433,8 +458,13 @@ let serialize_10_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10))
 
 #pop-options
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16))
@@ -447,7 +477,9 @@ let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[inline(always)]
 pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] {
     let r0_4 = serialize_10_int(&v.elements[0..4]);
@@ -477,20 +509,34 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
 }
 
 //deserialize_10_bounded_lemma
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "
 val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma
   (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_10} inputs).f_elements i) 10)
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 let deserialize_10_bounded_lemma inputs =
   admit()
-"))]
+"
+    )
+)]
 //deserialize_10_lemma
 #[cfg_attr(hax, hax_lib::fstar::after(interface, "
 val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma
   (ensures bit_vec_of_int_t_array (${deserialize_10} inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let deserialize_10_lemma inputs =
@@ -499,9 +545,14 @@ let deserialize_10_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
 
 #pop-options
-"))]
+"
+    )
+)]
 //deserialize_10_bit_vec_lemma
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20))
@@ -513,7 +564,9 @@ let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[hax_lib::requires(fstar!(r#"
      ${bytes.len() == 20}
 "#))]
@@ -521,24 +574,12 @@ let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20))
 pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector {
     let v0_7 = deserialize_10_int(&bytes[0..10]);
     let v8_15 = deserialize_10_int(&bytes[10..20]);
-    PortableVector { elements: [
-        v0_7.0,
-        v0_7.1,
-        v0_7.2,
-        v0_7.3,
-        v0_7.4,
-        v0_7.5,
-        v0_7.6,
-        v0_7.7,
-        v8_15.0,
-        v8_15.1,
-        v8_15.2,
-        v8_15.3,
-        v8_15.4,
-        v8_15.5,
-        v8_15.6,
-        v8_15.7,
-    ] }
+    PortableVector {
+        elements: [
+            v0_7.0, v0_7.1, v0_7.2, v0_7.3, v0_7.4, v0_7.5, v0_7.6, v0_7.7, v8_15.0, v8_15.1,
+            v8_15.2, v8_15.3, v8_15.4, v8_15.5, v8_15.6, v8_15.7,
+        ],
+    }
 }
 
 #[inline(always)]
@@ -562,7 +603,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8
 
 // #[cfg_attr(hax, hax_lib::fstar::after(interface, "
 // val serialize_11_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma
-//   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11)) 
+//   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11))
 //   (ensures bit_vec_of_int_t_array (${serialize_11} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 11)
 // "))]
 // #[cfg_attr(hax, hax_lib::fstar::after("
@@ -570,7 +611,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8
 
 // let serialize_11_lemma inputs =
 //   serialize_11_bit_vec_lemma inputs.f_elements ();
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8) 
+//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8)
 //     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 11))
 
 // #pop-options
@@ -594,8 +635,9 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] {
     let r0_10 = serialize_11_int(&v.elements[0..8]);
     let r11_21 = serialize_11_int(&v.elements[8..16]);
     [
-        r0_10.0, r0_10.1, r0_10.2, r0_10.3, r0_10.4, r0_10.5, r0_10.6, r0_10.7, r0_10.8, r0_10.9, r0_10.10,
-        r11_21.0, r11_21.1, r11_21.2, r11_21.3, r11_21.4, r11_21.5, r11_21.6, r11_21.7, r11_21.8, r11_21.9, r11_21.10,
+        r0_10.0, r0_10.1, r0_10.2, r0_10.3, r0_10.4, r0_10.5, r0_10.6, r0_10.7, r0_10.8, r0_10.9,
+        r0_10.10, r11_21.0, r11_21.1, r11_21.2, r11_21.3, r11_21.4, r11_21.5, r11_21.6, r11_21.7,
+        r11_21.8, r11_21.9, r11_21.10,
     ]
 }
 
@@ -624,7 +666,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
 
 // let deserialize_11_lemma inputs =
 //   deserialize_11_bit_vec_lemma inputs;
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11) 
+//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11)
 //     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
 
 // #pop-options
@@ -649,24 +691,12 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
 pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector {
     let v0_7 = deserialize_11_int(&bytes[0..11]);
     let v8_15 = deserialize_11_int(&bytes[11..22]);
-    PortableVector { elements: [
-        v0_7.0,
-        v0_7.1,
-        v0_7.2,
-        v0_7.3,
-        v0_7.4,
-        v0_7.5,
-        v0_7.6,
-        v0_7.7,
-        v8_15.0,
-        v8_15.1,
-        v8_15.2,
-        v8_15.3,
-        v8_15.4,
-        v8_15.5,
-        v8_15.6,
-        v8_15.7,
-    ] }
+    PortableVector {
+        elements: [
+            v0_7.0, v0_7.1, v0_7.2, v0_7.3, v0_7.4, v0_7.5, v0_7.6, v0_7.7, v8_15.0, v8_15.1,
+            v8_15.2, v8_15.3, v8_15.4, v8_15.5, v8_15.6, v8_15.7,
+        ],
+    }
 }
 
 #[inline(always)]
@@ -685,7 +715,10 @@ val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por
   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) 
   (ensures bit_vec_of_int_t_array (${serialize_12} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let serialize_12_lemma inputs =
@@ -694,8 +727,13 @@ let serialize_12_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12))
 
 #pop-options
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16))
@@ -708,7 +746,9 @@ let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[inline(always)]
 pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] {
     let r0_2 = serialize_12_int(&v.elements[0..2]);
@@ -720,14 +760,9 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] {
     let r18_20 = serialize_12_int(&v.elements[12..14]);
     let r21_23 = serialize_12_int(&v.elements[14..16]);
     [
-        r0_2.0, r0_2.1, r0_2.2,
-        r3_5.0, r3_5.1, r3_5.2,
-        r6_8.0, r6_8.1, r6_8.2,
-        r9_11.0, r9_11.1, r9_11.2,
-        r12_14.0, r12_14.1, r12_14.2,
-        r15_17.0, r15_17.1, r15_17.2,
-        r18_20.0, r18_20.1, r18_20.2,
-        r21_23.0, r21_23.1, r21_23.2,
+        r0_2.0, r0_2.1, r0_2.2, r3_5.0, r3_5.1, r3_5.2, r6_8.0, r6_8.1, r6_8.2, r9_11.0, r9_11.1,
+        r9_11.2, r12_14.0, r12_14.1, r12_14.2, r15_17.0, r15_17.1, r15_17.2, r18_20.0, r18_20.1,
+        r18_20.2, r21_23.0, r21_23.1, r21_23.2,
     ]
 }
 
@@ -745,20 +780,34 @@ pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) {
 }
 
 //deserialize_12_bounded_lemma
-#[cfg_attr(hax, hax_lib::fstar::after(interface, "
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        interface,
+        "
 val deserialize_12_bounded_lemma (inputs: t_Array u8 (sz 24)) : Lemma
   (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_12} inputs).f_elements i) 12)
-"))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+"
+    )
+)]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 let deserialize_12_bounded_lemma inputs =
   admit()
-"))]
+"
+    )
+)]
 //deserialize_12_lemma
 #[cfg_attr(hax, hax_lib::fstar::after(interface, "
 val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma
   (ensures bit_vec_of_int_t_array (${deserialize_12} inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8)
 "))]
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--z3rlimit 300\"
 
 let deserialize_12_lemma inputs =
@@ -767,9 +816,14 @@ let deserialize_12_lemma inputs =
     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
 
 #pop-options
-"))]
+"
+    )
+)]
 //deserialize_12_bit_vec_lemma
-#[cfg_attr(hax, hax_lib::fstar::after("
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::after(
+        "
 #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
 
 let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24))
@@ -781,7 +835,9 @@ let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24))
   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
 
 #pop-options
-"))]
+"
+    )
+)]
 #[hax_lib::requires(fstar!(r#"
      ${bytes.len() == 24}
 "#))]
@@ -795,22 +851,10 @@ pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector {
     let v10_11 = deserialize_12_int(&bytes[15..18]);
     let v12_13 = deserialize_12_int(&bytes[18..21]);
     let v14_15 = deserialize_12_int(&bytes[21..24]);
-    PortableVector { elements: [
-        v0_1.0,
-        v0_1.1,
-        v2_3.0,
-        v2_3.1,
-        v4_5.0,
-        v4_5.1,
-        v6_7.0,
-        v6_7.1,
-        v8_9.0,
-        v8_9.1,
-        v10_11.0,
-        v10_11.1,
-        v12_13.0,
-        v12_13.1,
-        v14_15.0,
-        v14_15.1,
-    ] }
+    PortableVector {
+        elements: [
+            v0_1.0, v0_1.1, v2_3.0, v2_3.1, v4_5.0, v4_5.1, v6_7.0, v6_7.1, v8_9.0, v8_9.1,
+            v10_11.0, v10_11.1, v12_13.0, v12_13.1, v14_15.0, v14_15.1,
+        ],
+    }
 }
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 50062b0f0..62e67a770 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -19,11 +19,11 @@ pub trait Operations: Copy + Clone + Repr {
     #[requires(true)]
     #[ensures(|result| fstar!("f_repr $result == Seq.create 16 0s"))]
     fn ZERO() -> Self;
-  
+
     #[requires(array.len() == 16)]
     #[ensures(|result| fstar!("f_repr $result == $array"))]
     fn from_i16_array(array: &[i16]) -> Self;
-     
+
     #[requires(true)]
     #[ensures(|result| fstar!("f_repr $x == $result"))]
     fn to_i16_array(x: Self) -> [i16; 16];
@@ -248,13 +248,17 @@ pub fn to_unsigned_representative<T: Operations>(a: T) -> T {
 #[inline(always)]
 pub fn decompress_1<T: Operations>(vec: T) -> T {
     let z = T::ZERO();
-    hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)");
-    hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
-                                      ((0 - v x) == 0 \\/ (0 - v x) == -1))"); 
+    hax_lib::fstar!(
+        "assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"
+    );
+    hax_lib::fstar!(
+        "assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
+                                      ((0 - v x) == 0 \\/ (0 - v x) == -1))"
+    );
     hax_lib::fstar!("assert(forall i. i < 16 ==>
                                       Spec.Utils.is_intb (pow2 15 - 1) 
-                                        (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))");                               
-    
+                                        (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))");
+
     let s = T::sub(z, &vec);
     hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ 
                                       Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)");
diff --git a/libcrux-ml-kem/tests/acvp.rs b/libcrux-ml-kem/tests/acvp.rs
index b187063b6..99da9be00 100644
--- a/libcrux-ml-kem/tests/acvp.rs
+++ b/libcrux-ml-kem/tests/acvp.rs
@@ -1,7 +1,4 @@
-#![cfg(all(
-    feature = "pre-verification",
-    any(feature = "mlkem512", feature = "mlkem768", feature = "mlkem1024",)
-))]
+#![cfg(any(feature = "mlkem512", feature = "mlkem768", feature = "mlkem1024",))]
 
 use serde::{de::DeserializeOwned, Deserialize};
 use std::{fs::File, io::BufReader, path::Path};
diff --git a/libcrux-ml-kem/tests/kyber.rs b/libcrux-ml-kem/tests/kyber.rs
index c2d8ea3db..52e88dce1 100644
--- a/libcrux-ml-kem/tests/kyber.rs
+++ b/libcrux-ml-kem/tests/kyber.rs
@@ -1,7 +1,7 @@
 /// This tests a single one of the Kyber 768 KATs that are also tested in BoringSSL.
 /// The values are taken from https://github.com/google/boringssl/blob/master/crypto/kyber/kyber_tests.txt.
 #[test]
-#[cfg(all(feature = "kyber", feature = "mlkem768", feature = "pre-verification"))]
+#[cfg(all(feature = "kyber", feature = "mlkem768"))]
 fn kyber768_single_kat() {
     use libcrux_ml_kem::kyber768;
     let key_pair = kyber768::generate_key_pair(hex::decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f").unwrap().try_into().unwrap());
diff --git a/libcrux-ml-kem/tests/ml-kem.rs b/libcrux-ml-kem/tests/ml-kem.rs
index ca568eb6a..b37139ab3 100644
--- a/libcrux-ml-kem/tests/ml-kem.rs
+++ b/libcrux-ml-kem/tests/ml-kem.rs
@@ -17,15 +17,15 @@ fn test_invalid_modulus(p: &str) {
         #[allow(unused_variables)]
         let pk = pk.as_slice();
         match p {
-            #[cfg(all(feature = "mlkem512", feature = "pre-verification"))]
+            #[cfg(feature = "mlkem512")]
             "512" => assert!(!libcrux_ml_kem::mlkem512::validate_public_key(
                 &pk.try_into().unwrap()
             )),
-            #[cfg(all(feature = "mlkem768", feature = "pre-verification"))]
+            #[cfg(feature = "mlkem768")]
             "768" => assert!(!libcrux_ml_kem::mlkem768::validate_public_key(
                 &pk.try_into().unwrap()
             )),
-            #[cfg(all(feature = "mlkem1024", feature = "pre-verification"))]
+            #[cfg(feature = "mlkem1024")]
             "1024" => assert!(!libcrux_ml_kem::mlkem1024::validate_public_key(
                 &pk.try_into().unwrap()
             )),
@@ -35,19 +35,19 @@ fn test_invalid_modulus(p: &str) {
 }
 
 #[test]
-#[cfg(all(feature = "mlkem512", feature = "pre-verification"))]
+#[cfg(feature = "mlkem512")]
 fn invalid_modulus_512() {
     test_invalid_modulus("512");
 }
 
 #[test]
-#[cfg(all(feature = "mlkem768", feature = "pre-verification"))]
+#[cfg(feature = "mlkem768")]
 fn invalid_modulus_768() {
     test_invalid_modulus("768");
 }
 
 #[test]
-#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))]
+#[cfg(feature = "mlkem1024")]
 fn invalid_modulus_1024() {
     test_invalid_modulus("1024");
 }
@@ -85,17 +85,17 @@ fn test_invalid_dk(p: &str) {
         #[allow(unused_variables)]
         let ct = ct.as_slice();
         match p {
-            #[cfg(all(feature = "mlkem512", feature = "pre-verification"))]
+            #[cfg(feature = "mlkem512")]
             "512" => assert!(!libcrux_ml_kem::mlkem512::validate_private_key(
                 &dk.try_into().unwrap(),
                 &ct.try_into().unwrap(),
             )),
-            #[cfg(all(feature = "mlkem768", feature = "pre-verification"))]
+            #[cfg(feature = "mlkem768")]
             "768" => assert!(!libcrux_ml_kem::mlkem768::validate_private_key(
                 &dk.try_into().unwrap(),
                 &ct.try_into().unwrap(),
             )),
-            #[cfg(all(feature = "mlkem1024", feature = "pre-verification"))]
+            #[cfg(feature = "mlkem1024")]
             "1024" => assert!(!libcrux_ml_kem::mlkem1024::validate_private_key(
                 &dk.try_into().unwrap(),
                 &ct.try_into().unwrap(),
@@ -106,19 +106,19 @@ fn test_invalid_dk(p: &str) {
 }
 
 #[test]
-#[cfg(all(feature = "mlkem512", feature = "pre-verification"))]
+#[cfg(feature = "mlkem512")]
 fn invalid_dk_512() {
     test_invalid_dk("512");
 }
 
 #[test]
-#[cfg(all(feature = "mlkem768", feature = "pre-verification"))]
+#[cfg(feature = "mlkem768")]
 fn invalid_dk_768() {
     test_invalid_dk("768");
 }
 
 #[test]
-#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))]
+#[cfg(feature = "mlkem1024")]
 fn invalid_dk_1024() {
     test_invalid_dk("1024");
 }
diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs
index c597b2bac..99acc27a4 100644
--- a/libcrux-ml-kem/tests/nistkats.rs
+++ b/libcrux-ml-kem/tests/nistkats.rs
@@ -43,10 +43,9 @@ macro_rules! impl_nist_known_answer_tests {
             for kat in nist_kats {
                 let key_pair = generate_key_pair(kat.key_generation_seed);
 
-                #[cfg(feature = "pre-verification")]
                 assert!(validate_public_key(key_pair.public_key()));
 
-                #[cfg(all(feature = "pre-verification", not(feature = "kyber")))]
+                #[cfg(not(feature = "kyber"))]
                 {
                     let unpacked_keys = unpacked::generate_key_pair(kat.key_generation_seed);
 
@@ -74,7 +73,7 @@ macro_rules! impl_nist_known_answer_tests {
                 assert_eq!(ciphertext_hash, kat.sha3_256_hash_of_ciphertext, "lhs: computed ciphertext hash, rhs: hash from akt");
                 assert_eq!(shared_secret.as_ref(), kat.shared_secret, "lhs: computed shared secret from encapsulate, rhs: shared secret from kat");
 
-                #[cfg(feature = "pre-verification")]
+
                 assert!(validate_private_key(key_pair.private_key(), &ciphertext));
 
                 let shared_secret_from_decapsulate =
@@ -84,31 +83,8 @@ macro_rules! impl_nist_known_answer_tests {
         }
     };
 }
-#[cfg(all(not(feature = "pre-verification"), feature = "mlkem512"))]
-impl_nist_known_answer_tests!(
-    mlkem512_nist_known_answer_tests,
-    "mlkem_ipd",
-    512,
-    libcrux_ml_kem::mlkem512
-);
-
-#[cfg(all(not(feature = "pre-verification"), feature = "mlkem768"))]
-impl_nist_known_answer_tests!(
-    mlkem768_nist_known_answer_tests,
-    "mlkem_ipd",
-    768,
-    libcrux_ml_kem::mlkem768
-);
-
-#[cfg(all(not(feature = "pre-verification"), feature = "mlkem1024"))]
-impl_nist_known_answer_tests!(
-    mlkem1024_nist_known_answer_tests,
-    "mlkem_ipd",
-    1024,
-    libcrux_ml_kem::mlkem1024
-);
 
-#[cfg(all(feature = "mlkem512", feature = "pre-verification"))]
+#[cfg(all(feature = "mlkem512"))]
 impl_nist_known_answer_tests!(
     mlkem512_nist_kats_portable,
     "mlkem",
@@ -116,7 +92,7 @@ impl_nist_known_answer_tests!(
     libcrux_ml_kem::mlkem512::portable
 );
 
-#[cfg(all(feature = "mlkem768", feature = "pre-verification"))]
+#[cfg(all(feature = "mlkem768"))]
 impl_nist_known_answer_tests!(
     mlkem768_nist_kats_portable,
     "mlkem",
@@ -124,7 +100,7 @@ impl_nist_known_answer_tests!(
     libcrux_ml_kem::mlkem768::portable
 );
 
-#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))]
+#[cfg(all(feature = "mlkem1024"))]
 impl_nist_known_answer_tests!(
     mlkem1024_nist_kats_portable,
     "mlkem",
@@ -132,7 +108,7 @@ impl_nist_known_answer_tests!(
     libcrux_ml_kem::mlkem1024::portable
 );
 
-#[cfg(all(feature = "mlkem512", feature = "kyber", feature = "pre-verification"))]
+#[cfg(all(feature = "mlkem512", feature = "kyber"))]
 impl_nist_known_answer_tests!(
     kyber512_nist_kats_portable,
     "kyber",
@@ -140,7 +116,7 @@ impl_nist_known_answer_tests!(
     libcrux_ml_kem::kyber512
 );
 
-#[cfg(all(feature = "mlkem768", feature = "kyber", feature = "pre-verification"))]
+#[cfg(all(feature = "mlkem768", feature = "kyber"))]
 impl_nist_known_answer_tests!(
     kyber768_nist_kats_portable,
     "kyber",
@@ -148,7 +124,7 @@ impl_nist_known_answer_tests!(
     libcrux_ml_kem::kyber768
 );
 
-#[cfg(all(feature = "mlkem1024", feature = "kyber", feature = "pre-verification"))]
+#[cfg(all(feature = "mlkem1024", feature = "kyber"))]
 impl_nist_known_answer_tests!(
     kyber1024_nist_kats_portable,
     "kyber",
diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs
index 4496b65c7..d54a72184 100644
--- a/libcrux-ml-kem/tests/self.rs
+++ b/libcrux-ml-kem/tests/self.rs
@@ -34,7 +34,6 @@ macro_rules! impl_consistency {
     };
 }
 
-#[cfg(all(feature = "pre-verification",))]
 macro_rules! impl_consistency_unpacked {
     ($name:ident, $modp:path) => {
         #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)]
@@ -293,79 +292,55 @@ impl_consistency!(
     libcrux_ml_kem::mlkem1024::decapsulate
 );
 
-#[cfg(all(feature = "mlkem512", feature = "pre-verification",))]
+#[cfg(all(feature = "mlkem512"))]
 impl_consistency_unpacked!(
     consistency_unpacked_512_portable,
     libcrux_ml_kem::mlkem512::portable
 );
 
-#[cfg(all(
-    feature = "mlkem512",
-    feature = "pre-verification",
-    feature = "simd128",
-))]
+#[cfg(all(feature = "mlkem512", feature = "simd128",))]
 impl_consistency_unpacked!(
     consistency_unpacked_512_neon,
     libcrux_ml_kem::mlkem512::neon
 );
 
-#[cfg(all(
-    feature = "mlkem512",
-    feature = "pre-verification",
-    feature = "simd256",
-))]
+#[cfg(all(feature = "mlkem512", feature = "simd256",))]
 impl_consistency_unpacked!(
     consistency_unpacked_512_avx2,
     libcrux_ml_kem::mlkem512::avx2
 );
 
-#[cfg(all(feature = "mlkem1024", feature = "pre-verification",))]
+#[cfg(all(feature = "mlkem1024"))]
 impl_consistency_unpacked!(
     consistency_unpacked_1024_portable,
     libcrux_ml_kem::mlkem1024::portable
 );
 
-#[cfg(all(
-    feature = "mlkem1024",
-    feature = "pre-verification",
-    feature = "simd128",
-))]
+#[cfg(all(feature = "mlkem1024", feature = "simd128",))]
 impl_consistency_unpacked!(
     consistency_unpacked_1024_neon,
     libcrux_ml_kem::mlkem1024::neon
 );
 
-#[cfg(all(
-    feature = "mlkem1024",
-    feature = "pre-verification",
-    feature = "simd256",
-))]
+#[cfg(all(feature = "mlkem1024", feature = "simd256",))]
 impl_consistency_unpacked!(
     consistency_unpacked_1024_avx2,
     libcrux_ml_kem::mlkem1024::avx2
 );
 
-#[cfg(all(feature = "mlkem768", feature = "pre-verification",))]
+#[cfg(all(feature = "mlkem768",))]
 impl_consistency_unpacked!(
     consistency_unpacked_768_portable,
     libcrux_ml_kem::mlkem768::portable
 );
 
-#[cfg(all(
-    feature = "mlkem768",
-    feature = "pre-verification",
-    feature = "simd128",
-))]
+#[cfg(all(feature = "mlkem768", feature = "simd128",))]
 impl_consistency_unpacked!(
     consistency_unpacked_768_neon,
     libcrux_ml_kem::mlkem768::neon
 );
 
-#[cfg(all(
-    feature = "mlkem768",
-    feature = "pre-verification",
-    feature = "simd256",
-))]
+#[cfg(all(feature = "mlkem768", feature = "simd256",))]
 impl_consistency_unpacked!(
     consistency_unpacked_768_avx2,
     libcrux_ml_kem::mlkem768::avx2
diff --git a/libcrux-psq/Cargo.toml b/libcrux-psq/Cargo.toml
index 2c172cdcf..226d69e82 100644
--- a/libcrux-psq/Cargo.toml
+++ b/libcrux-psq/Cargo.toml
@@ -14,9 +14,7 @@ publish = false
 bench = false # so libtest doesn't eat the arguments to criterion
 
 [dependencies]
-libcrux-kem = { version = "0.0.2-beta.2", path = "../libcrux-kem", features = [
-    "pre-verification",
-] }
+libcrux-kem = { version = "0.0.2-beta.2", path = "../libcrux-kem" }
 libcrux-hkdf = { version = "=0.0.2-beta.2", path = "../libcrux-hkdf" }
 libcrux-hmac = { version = "=0.0.2-beta.2", path = "../libcrux-hmac" }
 classic-mceliece-rust = { version = "2.0.0", features = [

From 4c3ea110e3cab78a452222bf654fe9e73f3e3513 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 11:03:36 +0000
Subject: [PATCH 046/142] update mlkem C code

---
 libcrux-ml-kem/c/code_gen.txt                 |   8 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |  23 +-
 .../c/internal/libcrux_mlkem_avx2.h           |  98 ++-
 .../c/internal/libcrux_mlkem_portable.h       |  98 ++-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   8 +-
 .../c/internal/libcrux_sha3_internal.h        |   8 +-
 libcrux-ml-kem/c/libcrux_core.c               |  34 +-
 libcrux-ml-kem/c/libcrux_core.h               |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |  14 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |  23 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |  14 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |  23 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |  14 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |  23 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 780 +++++++++++++++---
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   8 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 779 ++++++++++++++---
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |  34 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   8 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   8 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   8 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   8 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   8 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   8 +-
 libcrux-ml-kem/cg/code_gen.txt                |   8 +-
 libcrux-ml-kem/cg/libcrux_core.h              |  13 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |  19 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 451 ++++++++--
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 457 ++++++++--
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   8 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |   8 +-
 40 files changed, 2599 insertions(+), 482 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 72e8e591e..e86a4ecec 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
-Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
-F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index cc309c138..1c3363c9b 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __internal_libcrux_core_H
@@ -168,6 +168,11 @@ typedef struct Eurydice_slice_uint8_t_x4_s {
   Eurydice_slice f3;
 } Eurydice_slice_uint8_t_x4;
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
@@ -243,6 +248,11 @@ with const generics
 libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5f_4d(
     uint8_t value[800U]);
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
@@ -318,6 +328,11 @@ with const generics
 libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5f_af(
     uint8_t value[1568U]);
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 3b4f9397e..d73c76bc7 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
@@ -33,6 +33,13 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s {
   __m256i coefficients[16U];
 } libcrux_ml_kem_polynomial_PolynomialRingElement_f6;
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -43,6 +50,11 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -53,6 +65,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -65,6 +84,14 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_12(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -104,6 +131,9 @@ tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_701(
     libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]);
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -130,6 +160,13 @@ void libcrux_ml_kem_ind_cca_decapsulate_a11(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -140,6 +177,11 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -150,6 +192,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -162,6 +211,14 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_b9(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext);
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -201,6 +258,9 @@ tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700(
     libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]);
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -227,6 +287,13 @@ void libcrux_ml_kem_ind_cca_decapsulate_a10(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]);
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -237,6 +304,11 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -247,6 +319,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -259,6 +338,14 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_ad(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext);
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -298,6 +385,9 @@ tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70(
     libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]);
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index 4cddab71a..266e53038 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
@@ -38,6 +38,13 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
 } libcrux_ml_kem_polynomial_PolynomialRingElement_1d;
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -48,6 +55,11 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
@@ -58,6 +70,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
@@ -70,6 +89,14 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_b5(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext);
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -109,6 +136,9 @@ tuple_fa libcrux_ml_kem_ind_cca_encapsulate_ca1(
     libcrux_ml_kem_types_MlKemPublicKey_64 *public_key,
     uint8_t randomness[32U]);
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -135,6 +165,13 @@ void libcrux_ml_kem_ind_cca_decapsulate_621(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]);
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -145,6 +182,11 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
@@ -155,6 +197,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
@@ -167,6 +216,14 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fb(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext);
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -206,6 +263,9 @@ tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0(
     libcrux_ml_kem_types_MlKemPublicKey_52 *public_key,
     uint8_t randomness[32U]);
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -232,6 +292,13 @@ void libcrux_ml_kem_ind_cca_decapsulate_620(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key,
     libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]);
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -242,6 +309,11 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -252,6 +324,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key);
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -264,6 +343,14 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_37(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
     libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -303,6 +390,9 @@ tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
     libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
     uint8_t randomness[32U]);
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 771d3a368..d01340ed7 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 4701013e7..837f1ac1a 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index ce68f6089..9af198334 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -4,15 +4,18 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "internal/libcrux_core.h"
 
+/**
+ Return 1 if `value` is not zero and 0 otherwise.
+*/
 static uint8_t inz(uint8_t value) {
   uint16_t value0 = (uint16_t)value;
   uint8_t result =
@@ -22,6 +25,10 @@ static uint8_t inz(uint8_t value) {
 
 static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); }
 
+/**
+ Return 1 if the bytes of `lhs` and `rhs` do not exactly
+ match and 0 otherwise.
+*/
 static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) {
   uint8_t r = 0U;
   for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) {
@@ -39,6 +46,10 @@ compare_ciphertexts_in_constant_time(Eurydice_slice lhs, Eurydice_slice rhs) {
   return compare(lhs, rhs);
 }
 
+/**
+ If `selector` is not zero, return the bytes in `rhs`; return the bytes in
+ `lhs` otherwise.
+*/
 static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
                       uint8_t ret[32U]) {
   uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U);
@@ -210,6 +221,11 @@ libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_5f_d0(
   return lit;
 }
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
@@ -338,6 +354,11 @@ libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_5f_4d(
   return lit;
 }
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
@@ -466,6 +487,11 @@ libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_5f_af(
   return lit;
 }
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 41bbf32c7..b6753cce4 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 1458de6ac..787d47757 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 363093548..72b59452c 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_mlkem1024_avx2.h"
@@ -151,6 +151,9 @@ tuple_fa libcrux_ml_kem_mlkem1024_avx2_encapsulate(
   return encapsulate_8f(uu____0, copy_of_randomness);
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -241,6 +244,9 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
   return validate_private_key_6b(private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index cfc2f915e..4288edd6f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index b4d771a73..58104cfff 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -4,17 +4,20 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_mlkem1024_portable.h"
 
 #include "internal/libcrux_mlkem_portable.h"
 
+/**
+ Portable decapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
@@ -98,6 +101,9 @@ tuple_fa libcrux_ml_kem_mlkem1024_portable_encapsulate(
   return encapsulate_8f(uu____0, copy_of_randomness);
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
@@ -129,6 +135,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) {
   return generate_keypair_c9(copy_of_randomness);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
@@ -155,6 +164,9 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
   return validate_private_key_6b(private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
@@ -177,6 +189,9 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key_only(
   return validate_private_key_only_44(private_key);
 }
 
+/**
+ Public key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 908abf6ae..98f61cd03 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index a289a8989..256e30662 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 3c2fdb66d..66c07aba1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_mlkem512_avx2.h"
@@ -151,6 +151,9 @@ tuple_41 libcrux_ml_kem_mlkem512_avx2_encapsulate(
   return encapsulate_35(uu____0, copy_of_randomness);
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -241,6 +244,9 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
   return validate_private_key_1c(private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index e364a95e1..8f3631ead 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index a0d72c45e..5c7e48f47 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -4,17 +4,20 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_mlkem512_portable.h"
 
 #include "internal/libcrux_mlkem_portable.h"
 
+/**
+ Portable decapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
@@ -98,6 +101,9 @@ tuple_41 libcrux_ml_kem_mlkem512_portable_encapsulate(
   return encapsulate_35(uu____0, copy_of_randomness);
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
@@ -129,6 +135,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) {
   return generate_keypair_a8(copy_of_randomness);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
@@ -155,6 +164,9 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
   return validate_private_key_1c(private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
@@ -177,6 +189,9 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key_only(
   return validate_private_key_only_49(private_key);
 }
 
+/**
+ Public key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index a49a44922..62e030fdc 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 3421b1abd..86ffe77a7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index ce89c4f56..3fe0cb416 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_mlkem768_avx2.h"
@@ -151,6 +151,9 @@ tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate(
   return encapsulate_cd(uu____0, copy_of_randomness);
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -241,6 +244,9 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
   return validate_private_key_31(private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 41d4fc949..dc4abd0aa 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 15e054591..5abb4be34 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -4,17 +4,20 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_mlkem768_portable.h"
 
 #include "internal/libcrux_mlkem_portable.h"
 
+/**
+ Portable decapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
@@ -98,6 +101,9 @@ tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate(
   return encapsulate_cd(uu____0, copy_of_randomness);
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
@@ -129,6 +135,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
   return generate_keypair_c6(copy_of_randomness);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
@@ -155,6 +164,9 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
   return validate_private_key_31(private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
@@ -177,6 +189,9 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only(
   return validate_private_key_only_41(private_key);
 }
 
+/**
+ Public key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 06075ff39..98d99b51e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 83b151b39..24d4a09cd 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -64,9 +64,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array(
   int16_t output[16U] = {0U};
   mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t),
                          v);
-  int16_t result[16U];
-  memcpy(result, output, (size_t)16U * sizeof(int16_t));
-  memcpy(ret, result, (size_t)16U * sizeof(int16_t));
+  memcpy(ret, output, (size_t)16U * sizeof(int16_t));
 }
 
 /**
@@ -1477,20 +1475,18 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
                                                    compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
-  memcpy(
-      lower_shuffles,
-      /* We need to provide a definition or post-condition for
-         Core.Num.impl__u8__count_ones Each bit (and its corresponding position)
-         represents an element we want to sample. We'd like all such elements to
-         be next to each other starting at index 0, so that they can be read
-         from the vector easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the
-         byte-level shuffling indices needed to make this happen. For e.g. if
-         good[0] = 0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd
-         16-bit lane to the first. To do this, we need the byte-level shuffle
-         indices to be 2 3 X X X X ... */
-      libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
-          size_t)good[0U]],
-      (size_t)16U * sizeof(uint8_t));
+  memcpy(lower_shuffles,
+         /* Each bit (and its corresponding position) represents an element we
+            want to sample. We'd like all such elements to be next to each other
+            starting at index 0, so that they can be read from the vector
+            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
+            shuffling indices needed to make this happen. For e.g. if good[0] =
+            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
+            lane to the first. To do this, we need the byte-level shuffle
+            indices to be 2 3 X X X X ... */
+         libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
+             size_t)good[0U]],
+         (size_t)16U * sizeof(uint8_t));
   __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice(
       (size_t)16U,
       /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
@@ -1569,6 +1565,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_ef_61(void) {
   return lit;
 }
 
+/**
+ Only use with public values.
+
+ This MUST NOT be used with secret inputs, like its caller
+ `deserialize_ring_elements_reduced`.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
@@ -1590,6 +1592,9 @@ deserialize_to_reduced_ring_element_61(Eurydice_slice serialized) {
   return re;
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -1615,6 +1620,12 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ab(
   }
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -1628,12 +1639,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_ab(
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_61(););
   deserialize_ring_elements_reduced_ab(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
@@ -1702,11 +1709,12 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_61(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[384U];
-  memcpy(result, serialized, (size_t)384U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)384U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -1739,6 +1747,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ed(
   memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -1762,6 +1773,9 @@ static KRML_MUSTINLINE void serialize_public_key_mut_ed(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -1778,6 +1792,13 @@ static KRML_MUSTINLINE void serialize_public_key_ed(
   memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -1816,6 +1837,11 @@ static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -1841,6 +1867,13 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -2431,6 +2464,55 @@ static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U],
   PRFxN_41(input, ret);
 }
 
+/**
+ Given a series of uniformly random bytes in `randomness`, for some number
+ `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
+ element from a binomial distribution centered at 0 that uses two sets of `eta`
+ coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
+ such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
+
+ ```plaintext
+ - If v < 0, Pr[v] = Pr[-v]
+ - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
+ ```
+
+ The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
+
+ The expected value is:
+
+ ```plaintext
+ E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
+ + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
+ ```
+
+ And the variance is:
+
+ ```plaintext
+ Var(X) = E[(X - E[X])^2]
+        = E[X^2]
+        = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
+ 2^(2 * ETA)) = ETA / 2
+ ```
+
+ This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
+ standard, which is reproduced below:
+
+ ```plaintext
+ Input: byte array B ∈ 𝔹^{64η}.
+ Output: array f ∈ ℤ₂₅₆.
+
+ b ← BytesToBits(B)
+ for (i ← 0; i < 256; i++)
+     x ← ∑(j=0 to η - 1) b[2iη + j]
+     y ← ∑(j=0 to η - 1) b[2iη + η + j]
+     f[i] ← x−y mod q
+ end for
+ return f
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
@@ -2692,10 +2774,8 @@ static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t i0 = i;
@@ -2725,6 +2805,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_61(
   poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -2811,10 +2895,8 @@ with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-   * error while extracting hax_debug_debug_assert!(lhs .coefficients
-   * .into_iter() .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-   */
+  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
+   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2889,10 +2971,8 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -2907,6 +2987,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -2949,6 +3032,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -3065,6 +3189,9 @@ generate_keypair_bb1(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_8c(&public_key, &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -3129,6 +3256,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae(
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -3234,6 +3369,9 @@ build_unpacked_public_key_fa1(Eurydice_slice public_key) {
   return unpacked_public_key;
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -3453,10 +3591,8 @@ static KRML_MUSTINLINE void add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -3469,6 +3605,9 @@ static KRML_MUSTINLINE void add_error_reduce_ef_61(
   }
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -3563,11 +3702,7 @@ add_message_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -3600,6 +3735,9 @@ add_message_error_reduce_ef_61(
   return result;
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -3729,9 +3867,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_0e0(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[320U];
-  memcpy(result, serialized, (size_t)320U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -3829,11 +3965,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_a4(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  compress_then_serialize_10_0e0(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  compress_then_serialize_10_0e0(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -3855,15 +3994,9 @@ static KRML_MUSTINLINE void compress_then_serialize_u_8c(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out,
-                                 i0 * ((size_t)960U / (size_t)3U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)960U / (size_t)3U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)960U / (size_t)3U),
+        (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
     compress_then_serialize_ring_element_u_a4(&re, ret);
     Eurydice_slice_copy(
@@ -3973,10 +4106,8 @@ static KRML_MUSTINLINE void compress_then_serialize_4_61(
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t i0 = i;
-    __m256i coefficient = compress_09_d1(to_unsigned_field_modulus_61(
-        re.coefficients[/* NOTE: Using `$serialized` in loop_invariant doesn't
-                           work here */
-                        i0]));
+    __m256i coefficient =
+        compress_09_d1(to_unsigned_field_modulus_61(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
     Eurydice_slice_copy(
@@ -4112,6 +4243,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ed(
   compress_then_serialize_4_61(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -4335,6 +4507,9 @@ deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) {
   return re;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4593,6 +4768,10 @@ static KRML_MUSTINLINE void ntt_vector_u_ee(
   poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4852,11 +5031,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -4868,6 +5043,12 @@ subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
   return b;
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4910,11 +5091,33 @@ static KRML_MUSTINLINE void compress_then_serialize_message_61(
       Eurydice_slice_copy(uu____0,
                           Eurydice_array_to_slice((size_t)2U, bytes, uint8_t),
                           uint8_t););
-  uint8_t result[32U];
-  memcpy(result, serialized, (size_t)32U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4999,6 +5202,9 @@ static KRML_MUSTINLINE void PRF_a9_41(Eurydice_slice input, uint8_t ret[32U]) {
   PRF_9e(input, ret);
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -5083,6 +5289,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a11(
   memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -5108,6 +5317,12 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_42(
   }
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -5121,15 +5336,14 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_42(
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_61(););
   deserialize_ring_elements_reduced_42(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[4U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5162,6 +5376,9 @@ static KRML_MUSTINLINE void serialize_secret_key_78(
   memcpy(ret, out, (size_t)1536U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5185,6 +5402,9 @@ static KRML_MUSTINLINE void serialize_public_key_mut_1e(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5201,6 +5421,13 @@ static KRML_MUSTINLINE void serialize_public_key_1e(
   memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5239,6 +5466,11 @@ static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -5264,6 +5496,13 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -5847,6 +6086,10 @@ static KRML_MUSTINLINE void PRFxN_a9_44(uint8_t (*input)[33U],
   PRFxN_44(input, ret);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -5949,6 +6192,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_42(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5991,6 +6237,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_42(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6107,6 +6394,9 @@ generate_keypair_bb0(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_c9(&public_key, &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -6171,6 +6461,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e(
   memcpy(ret, out, (size_t)3168U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6276,6 +6574,9 @@ build_unpacked_public_key_fa0(Eurydice_slice public_key) {
   return unpacked_public_key;
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6357,6 +6658,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_42(
   poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6401,6 +6705,9 @@ static KRML_MUSTINLINE void compute_vector_u_42(
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6456,11 +6763,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_6f(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[352U]) {
-  uint8_t result[352U];
-  compress_then_serialize_11_0e(re, result);
-  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
+  uint8_t uu____0[352U];
+  compress_then_serialize_11_0e(re, uu____0);
+  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6482,15 +6792,9 @@ static KRML_MUSTINLINE void compress_then_serialize_u_c9(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out,
-                                 i0 * ((size_t)1408U / (size_t)4U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)1408U / (size_t)4U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)1408U / (size_t)4U),
+        (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
     compress_then_serialize_ring_element_u_6f(&re, ret);
     Eurydice_slice_copy(
@@ -6511,6 +6815,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1e(
   compress_then_serialize_5_61(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6715,6 +7060,9 @@ tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700(
   return lit;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6776,6 +7124,10 @@ static KRML_MUSTINLINE void ntt_vector_u_85(
   poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6827,6 +7179,12 @@ deserialize_then_decompress_ring_element_v_78(Eurydice_slice serialized) {
   return deserialize_then_decompress_5_61(serialized);
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6848,6 +7206,30 @@ compute_message_42(
   return result;
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6920,6 +7302,9 @@ static KRML_MUSTINLINE void PRF_a9_44(Eurydice_slice input, uint8_t ret[32U]) {
   PRF_9e(input, ret);
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -7004,6 +7389,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a10(
   memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -7029,6 +7417,12 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_89(
   }
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -7042,15 +7436,14 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_89(
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_61(););
   deserialize_ring_elements_reduced_89(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[2U];
-  memcpy(
-      result, deserialized_pk,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -7083,6 +7476,9 @@ static KRML_MUSTINLINE void serialize_secret_key_29(
   memcpy(ret, out, (size_t)768U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -7106,6 +7502,9 @@ static KRML_MUSTINLINE void serialize_public_key_mut_ba(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -7122,6 +7521,13 @@ static KRML_MUSTINLINE void serialize_public_key_ba(
   memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -7160,6 +7566,11 @@ static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_avx2_H(input, ret);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -7185,6 +7596,13 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -7747,6 +8165,10 @@ sample_from_binomial_distribution_ab(Eurydice_slice randomness) {
   return sample_from_binomial_distribution_3_61(randomness);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -7849,6 +8271,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_89(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -7891,6 +8316,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_89(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -8007,6 +8473,9 @@ generate_keypair_bb(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_2d(&public_key, &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -8071,6 +8540,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d(
   memcpy(ret, out, (size_t)1632U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -8222,6 +8699,9 @@ static KRML_MUSTINLINE void PRFxN_a9_490(uint8_t (*input)[33U],
   PRFxN_490(input, ret);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -8303,6 +8783,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_89(
   poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8347,6 +8830,9 @@ static KRML_MUSTINLINE void compute_vector_u_89(
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8369,6 +8855,9 @@ compute_ring_element_v_89(
   return result;
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8390,15 +8879,9 @@ static KRML_MUSTINLINE void compress_then_serialize_u_2d(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out,
-                                 i0 * ((size_t)640U / (size_t)2U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)640U / (size_t)2U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)640U / (size_t)2U),
+        (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
     compress_then_serialize_ring_element_u_a4(&re, ret);
     Eurydice_slice_copy(
@@ -8419,6 +8902,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba(
   compress_then_serialize_4_61(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -8623,6 +9147,9 @@ tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70(
   return lit;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8654,6 +9181,10 @@ static KRML_MUSTINLINE void deserialize_secret_key_89(
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8705,6 +9236,12 @@ deserialize_then_decompress_ring_element_v_29(Eurydice_slice serialized) {
   return deserialize_then_decompress_4_61(serialized);
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8726,6 +9263,30 @@ compute_message_89(
   return result;
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -8798,6 +9359,9 @@ static KRML_MUSTINLINE void PRF_a9_49(Eurydice_slice input, uint8_t ret[32U]) {
   PRF_9e(input, ret);
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 746140725..4e33b6fa7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 7aa7f360e..3f854646e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -974,6 +974,10 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
                                                                              c);
 }
 
+/**
+ Note: This function is not secret independent
+ Only use with public values.
+*/
 KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
@@ -1454,6 +1458,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
 }
 
+/**
+ Compute the product of two Kyber binomials with respect to the
+ modulus `X² - zeta`.
+
+ This function almost implements <strong>Algorithm 11</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input:  a₀, a₁, b₀, b₁ ∈ ℤq.
+ Input: γ ∈ ℤq.
+ Output: c₀, c₁ ∈ ℤq.
+
+ c₀ ← a₀·b₀ + a₁·b₁·γ
+ c₁ ← a₀·b₁ + a₁·b₀
+ return c₀, c₁
+ ```
+ We say "almost" because the coefficients output by this function are in
+ the Montgomery domain (unlike in the specification).
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
@@ -2409,6 +2435,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_ef_8c(void) {
   return lit;
 }
 
+/**
+ Only use with public values.
+
+ This MUST NOT be used with secret inputs, like its caller
+ `deserialize_ring_elements_reduced`.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
@@ -2432,6 +2464,9 @@ deserialize_to_reduced_ring_element_8c(Eurydice_slice serialized) {
   return re;
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -2457,6 +2492,12 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d0(
   }
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -2470,12 +2511,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_d0(
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_8c(););
   deserialize_ring_elements_reduced_d0(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[4U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
@@ -2534,9 +2571,7 @@ with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
 to_unsigned_field_modulus_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      to_unsigned_representative_8c(a);
-  return result;
+  return to_unsigned_representative_8c(a);
 }
 
 /**
@@ -2560,11 +2595,12 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8c(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[384U];
-  memcpy(result, serialized, (size_t)384U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)384U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2597,6 +2633,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ff(
   memcpy(ret, out, (size_t)1536U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2620,6 +2659,9 @@ static KRML_MUSTINLINE void serialize_public_key_mut_00(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2636,6 +2678,13 @@ static KRML_MUSTINLINE void serialize_public_key_00(
   memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2674,6 +2723,11 @@ static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
@@ -2699,6 +2753,13 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
@@ -3276,6 +3337,55 @@ static KRML_MUSTINLINE void PRFxN_f1_44(uint8_t (*input)[33U],
   PRFxN_44(input, ret);
 }
 
+/**
+ Given a series of uniformly random bytes in `randomness`, for some number
+ `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
+ element from a binomial distribution centered at 0 that uses two sets of `eta`
+ coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
+ such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
+
+ ```plaintext
+ - If v < 0, Pr[v] = Pr[-v]
+ - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
+ ```
+
+ The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
+
+ The expected value is:
+
+ ```plaintext
+ E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
+ + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
+ ```
+
+ And the variance is:
+
+ ```plaintext
+ Var(X) = E[(X - E[X])^2]
+        = E[X^2]
+        = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
+ 2^(2 * ETA)) = ETA / 2
+ ```
+
+ This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
+ standard, which is reproduced below:
+
+ ```plaintext
+ Input: byte array B ∈ 𝔹^{64η}.
+ Output: array f ∈ ℤ₂₅₆.
+
+ b ← BytesToBits(B)
+ for (i ← 0; i < 256; i++)
+     x ← ∑(j=0 to η - 1) b[2iη + j]
+     y ← ∑(j=0 to η - 1) b[2iη + η + j]
+     f[i] ← x−y mod q
+ end for
+ return f
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
@@ -3551,10 +3661,8 @@ static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t i0 = i;
@@ -3586,6 +3694,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c(
   poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -3674,10 +3786,8 @@ with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-   * error while extracting hax_debug_debug_assert!(lhs .coefficients
-   * .into_iter() .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-   */
+  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
+   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -3759,10 +3869,8 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -3780,6 +3888,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -3822,6 +3933,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -3938,6 +4090,9 @@ generate_keypair_151(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_2f(&public_key, &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
@@ -4002,6 +4157,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60(
   memcpy(ret, out, (size_t)3168U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -4109,6 +4272,9 @@ build_unpacked_public_key_3f1(Eurydice_slice public_key) {
   return unpacked_public_key;
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -4337,10 +4503,8 @@ static KRML_MUSTINLINE void add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -4356,6 +4520,9 @@ static KRML_MUSTINLINE void add_error_reduce_ef_8c(
   }
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4458,11 +4625,7 @@ add_message_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4499,6 +4662,9 @@ add_message_error_reduce_ef_8c(
   return result;
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4618,11 +4784,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_82(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[352U]) {
-  uint8_t result[352U];
-  compress_then_serialize_11_54(re, result);
-  memcpy(ret, result, (size_t)352U * sizeof(uint8_t));
+  uint8_t uu____0[352U];
+  compress_then_serialize_11_54(re, uu____0);
+  memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4644,15 +4813,9 @@ static KRML_MUSTINLINE void compress_then_serialize_u_2f(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out,
-                                 i0 * ((size_t)1408U / (size_t)4U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)1408U / (size_t)4U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)1408U / (size_t)4U),
+        (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
     uint8_t ret[352U];
     compress_then_serialize_ring_element_u_82(&re, ret);
     Eurydice_slice_copy(
@@ -4709,10 +4872,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_8c(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_d1(to_unsigned_field_modulus_8c(
-            re.coefficients[/* NOTE: Using `$serialized` in loop_invariant
-                               doesn't work here */
-                            i0]));
+        compress_0d_d1(to_unsigned_field_modulus_8c(re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
     Eurydice_slice_copy(
@@ -4794,6 +4954,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_00(
   compress_then_serialize_5_8c(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -5021,6 +5222,9 @@ deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) {
   return re;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5209,6 +5413,10 @@ static KRML_MUSTINLINE void ntt_vector_u_5e(
   poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5395,11 +5603,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -5414,6 +5618,12 @@ subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
   return b;
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5458,11 +5668,33 @@ static KRML_MUSTINLINE void compress_then_serialize_message_8c(
       Eurydice_slice_copy(uu____0,
                           Eurydice_array_to_slice((size_t)2U, bytes, uint8_t),
                           uint8_t););
-  uint8_t result[32U];
-  memcpy(result, serialized, (size_t)32U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5547,6 +5779,9 @@ static KRML_MUSTINLINE void PRF_f1_44(Eurydice_slice input, uint8_t ret[32U]) {
   PRF_9e(input, ret);
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -5631,6 +5866,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_621(
   memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -5656,6 +5894,12 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a0(
   }
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -5669,15 +5913,14 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_a0(
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_8c(););
   deserialize_ring_elements_reduced_a0(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[2U];
-  memcpy(
-      result, deserialized_pk,
-      (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5710,6 +5953,9 @@ static KRML_MUSTINLINE void serialize_secret_key_64(
   memcpy(ret, out, (size_t)768U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5733,6 +5979,9 @@ static KRML_MUSTINLINE void serialize_public_key_mut_86(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5749,6 +5998,13 @@ static KRML_MUSTINLINE void serialize_public_key_86(
   memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5787,6 +6043,11 @@ static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
@@ -5812,6 +6073,13 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
@@ -6360,6 +6628,10 @@ sample_from_binomial_distribution_1b(Eurydice_slice randomness) {
   return sample_from_binomial_distribution_3_8c(randomness);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6467,6 +6739,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -6509,6 +6784,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6625,6 +6941,9 @@ generate_keypair_150(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_6d(&public_key, &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
@@ -6689,6 +7008,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30(
   memcpy(ret, out, (size_t)1632U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6828,6 +7155,9 @@ static KRML_MUSTINLINE void PRFxN_f1_490(uint8_t (*input)[33U],
   PRFxN_490(input, ret);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6910,6 +7240,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_a0(
   poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -6954,6 +7287,9 @@ static KRML_MUSTINLINE void compute_vector_u_a0(
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -6997,9 +7333,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_ff(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[320U];
-  memcpy(result, serialized, (size_t)320U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -7011,11 +7345,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fe(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  compress_then_serialize_10_ff(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  compress_then_serialize_10_ff(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7037,15 +7374,9 @@ static KRML_MUSTINLINE void compress_then_serialize_u_6d(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out,
-                                 i0 * ((size_t)640U / (size_t)2U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)640U / (size_t)2U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)640U / (size_t)2U),
+        (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
     uint8_t ret[320U];
     compress_then_serialize_ring_element_u_fe(&re, ret);
     Eurydice_slice_copy(
@@ -7066,6 +7397,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_86(
   compress_then_serialize_4_8c(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -7273,6 +7645,9 @@ tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0(
   return lit;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7334,6 +7709,10 @@ static KRML_MUSTINLINE void ntt_vector_u_0a(
   poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7385,6 +7764,12 @@ deserialize_then_decompress_ring_element_v_64(Eurydice_slice serialized) {
   return deserialize_then_decompress_4_8c(serialized);
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7406,6 +7791,30 @@ compute_message_a0(
   return result;
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7478,6 +7887,9 @@ static KRML_MUSTINLINE void PRF_f1_49(Eurydice_slice input, uint8_t ret[32U]) {
   PRF_9e(input, ret);
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -7562,6 +7974,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_620(
   memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -7587,6 +8002,12 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b(
   }
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -7600,15 +8021,14 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_1b(
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
                   deserialized_pk[i] = ZERO_ef_8c(););
   deserialize_ring_elements_reduced_1b(public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7641,6 +8061,9 @@ static KRML_MUSTINLINE void serialize_secret_key_89(
   memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7664,6 +8087,9 @@ static KRML_MUSTINLINE void serialize_public_key_mut_6c(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7680,6 +8106,13 @@ static KRML_MUSTINLINE void serialize_public_key_6c(
   memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7718,6 +8151,11 @@ static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) {
   libcrux_ml_kem_hash_functions_portable_H(input, ret);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -7743,6 +8181,13 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -8286,6 +8731,10 @@ static KRML_MUSTINLINE void PRFxN_f1_41(uint8_t (*input)[33U],
   PRFxN_41(input, ret);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -8393,6 +8842,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -8435,6 +8887,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -8551,6 +9044,9 @@ generate_keypair_15(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_43(&public_key, &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -8615,6 +9111,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6(
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -8722,6 +9226,9 @@ build_unpacked_public_key_3f(Eurydice_slice public_key) {
   return unpacked_public_key;
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -8804,6 +9311,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_1b(
   poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -8848,6 +9358,9 @@ static KRML_MUSTINLINE void compute_vector_u_1b(
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -8870,6 +9383,9 @@ compute_ring_element_v_1b(
   return result;
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -8891,15 +9407,9 @@ static KRML_MUSTINLINE void compress_then_serialize_u_43(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out,
-                                 i0 * ((size_t)960U / (size_t)3U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)960U / (size_t)3U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)960U / (size_t)3U),
+        (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
     compress_then_serialize_ring_element_u_fe(&re, ret);
     Eurydice_slice_copy(
@@ -8920,6 +9430,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6c(
   compress_then_serialize_4_8c(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -9127,6 +9678,9 @@ tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
   return lit;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -9158,6 +9712,10 @@ static KRML_MUSTINLINE void deserialize_secret_key_1b(
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -9209,6 +9767,12 @@ deserialize_then_decompress_ring_element_v_89(Eurydice_slice serialized) {
   return deserialize_then_decompress_4_8c(serialized);
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -9230,6 +9794,30 @@ compute_message_1b(
   return result;
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -9302,6 +9890,9 @@ static KRML_MUSTINLINE void PRF_f1_41(Eurydice_slice input, uint8_t ret[32U]) {
   PRF_9e(input, ret);
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index f01803502..26f2e8434 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem_portable_H
@@ -191,6 +191,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c);
 
+/**
+ Note: This function is not secret independent
+ Only use with public values.
+*/
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec);
@@ -425,6 +429,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta);
 
+/**
+ Compute the product of two Kyber binomials with respect to the
+ modulus `X² - zeta`.
+
+ This function almost implements <strong>Algorithm 11</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input:  a₀, a₁, b₀, b₁ ∈ ℤq.
+ Input: γ ∈ ℤq.
+ Output: c₀, c₁ ∈ ℤq.
+
+ c₀ ← a₀·b₀ + a₁·b₁·γ
+ c₁ ← a₀·b₁ + a₁·b₀
+ return c₀, c₁
+ ```
+ We say "almost" because the coefficients output by this function are in
+ the Montgomery domain (unlike in the specification).
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index bd2ae688c..b15d566db 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 6b48d2f44..b8ea9175f 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 3585d26e5..ea845908b 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index b7cb02704..c28e709ff 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 4340d727d..9ae643352 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 280eb16d3..2cf81c71e 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 2ecc08ac92e56197cd05d04f3e873d8da088ad11
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index e06b07d6e..e86a4ecec 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
-Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
-F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index eb35fc5d6..2f61d1046 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_core_H
@@ -2917,6 +2917,11 @@ typedef struct Eurydice_slice_uint8_t_x2_s {
   Eurydice_slice snd;
 } Eurydice_slice_uint8_t_x2;
 
+/**
+ Unpack an incoming private key into it's different parts.
+
+ We have this here in types to extract into a common core for C.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
 with const generics
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 61a11d366..911564678 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_ct_ops_H
@@ -21,6 +21,9 @@ extern "C" {
 #include "eurydice_glue.h"
 #include "libcrux_core.h"
 
+/**
+ Return 1 if `value` is not zero and 0 otherwise.
+*/
 static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) {
   uint16_t value0 = (uint16_t)value;
   uint8_t result =
@@ -33,6 +36,10 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) {
   return libcrux_ml_kem_constant_time_ops_inz(value);
 }
 
+/**
+ Return 1 if the bytes of `lhs` and `rhs` do not exactly
+ match and 0 otherwise.
+*/
 static inline uint8_t libcrux_ml_kem_constant_time_ops_compare(
     Eurydice_slice lhs, Eurydice_slice rhs) {
   uint8_t r = 0U;
@@ -52,6 +59,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
   return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs);
 }
 
+/**
+ If `selector` is not zero, return the bytes in `rhs`; return the bytes in
+ `lhs` otherwise.
+*/
 static inline void libcrux_ml_kem_constant_time_ops_select_ct(
     Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
     uint8_t ret[32U]) {
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 3281a201c..c78977ceb 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -82,9 +82,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array(
   int16_t output[16U] = {0U};
   libcrux_intrinsics_avx2_mm256_storeu_si256_i16(
       Eurydice_array_to_slice((size_t)16U, output, int16_t), v);
-  int16_t result[16U];
-  memcpy(result, output, (size_t)16U * sizeof(int16_t));
-  memcpy(ret, result, (size_t)16U * sizeof(int16_t));
+  memcpy(ret, output, (size_t)16U * sizeof(int16_t));
 }
 
 /**
@@ -1774,20 +1772,18 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input,
                                                    compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
-  memcpy(
-      lower_shuffles,
-      /* We need to provide a definition or post-condition for
-         Core.Num.impl__u8__count_ones Each bit (and its corresponding position)
-         represents an element we want to sample. We'd like all such elements to
-         be next to each other starting at index 0, so that they can be read
-         from the vector easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the
-         byte-level shuffling indices needed to make this happen. For e.g. if
-         good[0] = 0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd
-         16-bit lane to the first. To do this, we need the byte-level shuffle
-         indices to be 2 3 X X X X ... */
-      libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
-          size_t)good[0U]],
-      (size_t)16U * sizeof(uint8_t));
+  memcpy(lower_shuffles,
+         /* Each bit (and its corresponding position) represents an element we
+            want to sample. We'd like all such elements to be next to each other
+            starting at index 0, so that they can be read from the vector
+            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
+            shuffling indices needed to make this happen. For e.g. if good[0] =
+            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
+            lane to the first. To do this, we need the byte-level shuffle
+            indices to be 2 3 X X X X ... */
+         libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
+             size_t)good[0U]],
+         (size_t)16U * sizeof(uint8_t));
   __m128i lower_shuffles0 =
       libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice(
           (size_t)16U,
@@ -1907,6 +1903,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_61(
   return re;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -2357,10 +2356,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t i0 = i;
@@ -2396,6 +2393,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ee(
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -2696,10 +2697,8 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-   * error while extracting hax_debug_debug_assert!(lhs .coefficients
-   * .into_iter() .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-   */
+  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
+   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out =
       libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
@@ -2919,11 +2918,7 @@ libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -2935,6 +2930,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
   return b;
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -3038,11 +3039,33 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_61(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[32U];
-  memcpy(result, serialized, (size_t)32U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -3201,6 +3224,12 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(void) {
   return lit;
 }
 
+/**
+ Only use with public values.
+
+ This MUST NOT be used with secret inputs, like its caller
+ `deserialize_ring_elements_reduced`.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
@@ -3225,6 +3254,9 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_61(
   return re;
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -3835,6 +3867,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(
   libcrux_ml_kem_hash_functions_avx2_PRFxN_41(input, ret);
 }
 
+/**
+ Given a series of uniformly random bytes in `randomness`, for some number
+ `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
+ element from a binomial distribution centered at 0 that uses two sets of `eta`
+ coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
+ such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
+
+ ```plaintext
+ - If v < 0, Pr[v] = Pr[-v]
+ - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
+ ```
+
+ The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
+
+ The expected value is:
+
+ ```plaintext
+ E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
+ + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
+ ```
+
+ And the variance is:
+
+ ```plaintext
+ Var(X) = E[(X - E[X])^2]
+        = E[X^2]
+        = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
+ 2^(2 * ETA)) = ETA / 2
+ ```
+
+ This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
+ standard, which is reproduced below:
+
+ ```plaintext
+ Input: byte array B ∈ 𝔹^{64η}.
+ Output: array f ∈ ℤ₂₅₆.
+
+ b ← BytesToBits(B)
+ for (i ← 0; i < 256; i++)
+     x ← ∑(j=0 to η - 1) b[2iη + j]
+     y ← ∑(j=0 to η - 1) b[2iη + η + j]
+     f[i] ← x−y mod q
+ end for
+ return f
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
@@ -3998,6 +4079,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -4080,6 +4165,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b4(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -4186,10 +4274,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -4202,6 +4288,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
   }
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4306,11 +4395,7 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -4343,6 +4428,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
   return result;
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4497,9 +4585,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_0e(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[320U];
-  memcpy(result, serialized, (size_t)320U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -4642,11 +4728,14 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_0e(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_0e(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -4669,14 +4758,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out, i0 * ((size_t)960U / (size_t)3U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)960U / (size_t)3U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)960U / (size_t)3U),
+        (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
     libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(&re,
                                                                        ret);
@@ -4807,9 +4891,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_61(
     size_t i0 = i;
     __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_d1(
         libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
-            re.coefficients[/* NOTE: Using `$serialized` in loop_invariant
-                               doesn't work here */
-                            i0]));
+            re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
     Eurydice_slice_copy(
@@ -4966,6 +5048,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
   libcrux_ml_kem_serialize_compress_then_serialize_4_61(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -5107,6 +5230,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_ae(
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -5534,10 +5660,8 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -5553,6 +5677,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5600,6 +5727,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -5682,11 +5850,12 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_61(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[384U];
-  memcpy(result, serialized, (size_t)384U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)384U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5720,6 +5889,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(
   memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5744,6 +5916,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -5834,6 +6009,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) {
                                                                  &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -5901,6 +6079,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae(
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -5949,6 +6135,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_d6(uint8_t randomness[64U]) {
       uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_avx2 with const
@@ -6040,6 +6229,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ae(
   memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6389,6 +6581,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_be(
   libcrux_ml_kem_hash_functions_avx2_G_a9_e0(key_generation_seed, ret);
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6475,6 +6708,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb0(
                                                                  &private_key);
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -6581,6 +6822,11 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) {
       copy_of_randomness);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -6607,6 +6853,13 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
@@ -6669,6 +6922,9 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
       private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const
@@ -6708,6 +6964,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ab(
   return libcrux_ml_kem_polynomial_ZERO_ef_61();
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -6725,15 +6987,18 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ab(
   }
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -6944,6 +7209,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_avx2_35(
   libcrux_ml_kem_ind_cca_unpacked_decapsulate_12(key_pair, ciphertext, ret);
 }
 
+/**
+ Unpacked decapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.decapsulate with const
@@ -7089,6 +7357,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_avx2_cd(
                                                         copy_of_randomness);
 }
 
+/**
+ Unpacked encapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.encapsulate with const
@@ -7223,6 +7494,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_ab(
              sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]));
 }
 
+/**
+ Generate Unpacked Keys
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -7306,6 +7580,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_avx2_c6(
   libcrux_ml_kem_ind_cca_unpacked_generate_keypair_d6(copy_of_randomness, out);
 }
 
+/**
+ Generate a key pair
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.generate_keypair with const
@@ -7635,6 +7912,9 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf(
   libcrux_ml_kem_matrix_sample_matrix_A_b3(uu____1, ret, false);
 }
 
+/**
+ Take a serialized private key and generate an unpacked key pair from it.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -7689,6 +7969,9 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(
                       uint8_t);
 }
 
+/**
+ Take a serialized private key and generate an unpacked key pair from it.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.keypair_from_private_key
@@ -7850,6 +8133,9 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_fc_ed(
   return libcrux_ml_kem_ind_cca_unpacked_serialized_30_ed(&self->public_key);
 }
 
+/**
+ Get the serialized public key.
+*/
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_types_MlKemPublicKey_30
 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
@@ -7904,6 +8190,9 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_ed(
                                                        serialized);
 }
 
+/**
+ Get the serialized public key.
+*/
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void
 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key_mut(
@@ -8006,6 +8295,9 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
   pk[0U] = uu____0;
 }
 
+/**
+ Get the serialized public key.
+*/
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key,
@@ -8013,6 +8305,9 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
   libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_ed(public_key, serialized);
 }
 
+/**
+ Generate an unpacked key from a serialized key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key
 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash,
@@ -8057,6 +8352,9 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_6d(
          (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ Get the unpacked public key.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.unpack_public_key_avx2 with
@@ -8076,6 +8374,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_avx2_a5(
                                                        unpacked_public_key);
 }
 
+/**
+ Get the unpacked public key.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.unpack_public_key with const
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 34d13c6e3..2593184a3 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -1040,6 +1040,10 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
                                                                              c);
 }
 
+/**
+ Note: This function is not secret independent
+ Only use with public values.
+*/
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
@@ -1538,6 +1542,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
 }
 
+/**
+ Compute the product of two Kyber binomials with respect to the
+ modulus `X² - zeta`.
+
+ This function almost implements <strong>Algorithm 11</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input:  a₀, a₁, b₀, b₁ ∈ ℤq.
+ Input: γ ∈ ℤq.
+ Output: c₀, c₁ ∈ ℤq.
+
+ c₀ ← a₀·b₀ + a₁·b₁·γ
+ c₁ ← a₀·b₁ + a₁·b₀
+ return c₀, c₁
+ ```
+ We say "almost" because the coefficients output by this function are in
+ the Montgomery domain (unlike in the specification).
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 static KRML_MUSTINLINE void
 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
@@ -2623,6 +2649,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8c(
   return re;
 }
 
+/**
+ Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -2980,10 +3009,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t i0 = i;
@@ -3020,6 +3047,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a(
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Call [`deserialize_then_decompress_ring_element_u`] on each ring element
+ in the `ciphertext`.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -3219,10 +3250,8 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-   * error while extracting hax_debug_debug_assert!(lhs .coefficients
-   * .into_iter() .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-   */
+  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
+   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d out =
       libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
@@ -3444,11 +3473,7 @@ libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -3463,6 +3488,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
   return b;
 }
 
+/**
+ The following functions compute various expressions involving
+ vectors and matrices. The computation of these expressions has been
+ abstracted away into these functions in order to save on loop iterations.
+ Compute v − InverseNTT(sᵀ ◦ NTT(u))
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -3545,9 +3576,7 @@ with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
-      libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(a);
-  return result;
+  return libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(a);
 }
 
 /**
@@ -3576,11 +3605,33 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_8c(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[32U];
-  memcpy(result, serialized, (size_t)32U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This function implements <strong>Algorithm 14</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+
+ Algorithm 14 is reproduced below:
+
+ ```plaintext
+ Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+ Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+ Output: message m ∈ 𝔹^{32}.
+
+ c₁ ← c[0 : 32dᵤk]
+ c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
+ u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
+ v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
+ ŝ ← ByteDecode₁₂(dkₚₖₑ)
+ w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
+ m ← ByteEncode₁(Compress₁(w))
+ return m
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -3733,6 +3784,12 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(void) {
   return lit;
 }
 
+/**
+ Only use with public values.
+
+ This MUST NOT be used with secret inputs, like its caller
+ `deserialize_ring_elements_reduced`.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
@@ -3758,6 +3815,9 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8c(
   return re;
 }
 
+/**
+ See [deserialize_ring_elements_reduced_out].
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
@@ -4339,6 +4399,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_41(
   libcrux_ml_kem_hash_functions_portable_PRFxN_41(input, ret);
 }
 
+/**
+ Given a series of uniformly random bytes in `randomness`, for some number
+ `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
+ element from a binomial distribution centered at 0 that uses two sets of `eta`
+ coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
+ such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
+
+ ```plaintext
+ - If v < 0, Pr[v] = Pr[-v]
+ - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
+ ```
+
+ The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
+
+ The expected value is:
+
+ ```plaintext
+ E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
+ + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
+ ```
+
+ And the variance is:
+
+ ```plaintext
+ Var(X) = E[(X - E[X])^2]
+        = E[X^2]
+        = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
+ 2^(2 * ETA)) = ETA / 2
+ ```
+
+ This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
+ standard, which is reproduced below:
+
+ ```plaintext
+ Input: byte array B ∈ 𝔹^{64η}.
+ Output: array f ∈ ℤ₂₅₆.
+
+ b ← BytesToBits(B)
+ for (i ← 0; i < 256; i++)
+     x ← ∑(j=0 to η - 1) b[2iη + j]
+     y ← ∑(j=0 to η - 1) b[2iη + η + j]
+     f[i] ← x−y mod q
+ end for
+ return f
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
@@ -4499,6 +4608,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution and
+ convert them into their NTT representations.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -4581,6 +4694,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3b(size_t _i) {
   return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
+/**
+ Sample a vector of ring elements from a centered binomial distribution.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -4683,10 +4799,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -4702,6 +4816,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
   }
 }
 
+/**
+ Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4810,11 +4927,7 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
   for (size_t i = (size_t)0U;
-       i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4852,6 +4965,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
   return result;
 }
 
+/**
+ Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -4937,9 +5053,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_ff(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[320U];
-  memcpy(result, serialized, (size_t)320U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -5013,11 +5127,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 static KRML_MUSTINLINE void
 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
-  uint8_t result[320U];
-  libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, result);
-  memcpy(ret, result, (size_t)320U * sizeof(uint8_t));
+  uint8_t uu____0[320U];
+  libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, uu____0);
+  memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
 }
 
+/**
+ Call [`compress_then_serialize_ring_element_u`] on each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5039,14 +5156,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
-    Eurydice_slice uu____0 =
-        Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of
-                                    loop are a workaround for the following bug
-                                    https://github.com/hacspec/hax/issues/720 */
-                                 out, i0 * ((size_t)960U / (size_t)3U),
-                                 (i0 + (size_t)1U) *
-                                     ((size_t)960U / (size_t)3U),
-                                 uint8_t);
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out, i0 * ((size_t)960U / (size_t)3U),
+        (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
     uint8_t ret[320U];
     libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re,
                                                                        ret);
@@ -5109,9 +5221,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_compress_0d_d1(
             libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
-                re.coefficients[/* NOTE: Using `$serialized` in loop_invariant
-                                   doesn't work here */
-                                i0]));
+                re.coefficients[i0]));
     uint8_t bytes[8U];
     libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
     Eurydice_slice_copy(
@@ -5199,6 +5309,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
   libcrux_ml_kem_serialize_compress_then_serialize_4_8c(re, out);
 }
 
+/**
+ This function implements <strong>Algorithm 13</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+
+ Algorithm 13 is reproduced below:
+
+ ```plaintext
+ Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Input: message m ∈ 𝔹^{32}.
+ Input: encryption randomness r ∈ 𝔹^{32}.
+ Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}.
+
+ N ← 0
+ t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
+ ρ ← ekₚₖₑ[384k: 384k + 32]
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+     N ← N + 1
+ end for
+ e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
+ r̂ ← NTT(r)
+ u ← NTT-¹(Âᵀ ◦ r̂) + e₁
+ μ ← Decompress₁(ByteDecode₁(m)))
+ v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
+ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
+ c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
+ return c ← (c₁ ‖ c₂)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -5339,6 +5490,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d6(
   memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -5427,6 +5581,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62(
   memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ Portable decapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
@@ -5697,10 +5854,8 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i <
-       /* Using `hax_lib::fstar::verification_status(lax)` works but produces an
-          error while extracting The semicolon and parentheses at the end of
-          loop are a workaround for the following bug
-          https://github.com/hacspec/hax/issues/720 */
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
        LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
        i++) {
     size_t j = i;
@@ -5720,6 +5875,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
   }
 }
 
+/**
+ Compute  ◦ ŝ + ê
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5766,6 +5924,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
   }
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -5847,11 +6046,12 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
   }
-  uint8_t result[384U];
-  memcpy(result, serialized, (size_t)384U * sizeof(uint8_t));
-  memcpy(ret, result, (size_t)384U * sizeof(uint8_t));
+  memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
 }
 
+/**
+ Call [`serialize_uncompressed_ring_element`] for each ring element.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5884,6 +6084,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_89(
   memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5907,6 +6110,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
       seed_for_a, uint8_t);
 }
 
+/**
+ Concatenate `t` and `ρ` into the public key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -5994,6 +6200,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) {
                                                                  &private_key);
 }
 
+/**
+ Serialize the secret key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -6059,6 +6268,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
   memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6106,6 +6323,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]) {
       uu____2, libcrux_ml_kem_types_from_5f_d0(copy_of_public_key));
 }
 
+/**
+ Portable generate key pair.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
@@ -6172,6 +6392,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_d6(
   memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ This code verifies on some machines, runs out of memory on others
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6460,6 +6683,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(
   libcrux_ml_kem_hash_functions_portable_G_f1_e0(key_generation_seed, ret);
 }
 
+/**
+ This function implements most of <strong>Algorithm 12</strong> of the
+ NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
+ algorithm.
+
+ We say "most of" since Algorithm 12 samples the required randomness within
+ the function itself, whereas this implementation expects it to be provided
+ through the `key_generation_seed` parameter.
+
+ Algorithm 12 is reproduced below:
+
+ ```plaintext
+ Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}.
+ Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}.
+
+ d ←$ B
+ (ρ,σ) ← G(d)
+ N ← 0
+ for (i ← 0; i < k; i++)
+     for(j ← 0; j < k; j++)
+         Â[i,j] ← SampleNTT(XOF(ρ, i, j))
+     end for
+ end for
+ for(i ← 0; i < k; i++)
+     s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
+     N ← N + 1
+ end for
+ for(i ← 0; i < k; i++)
+     e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
+     N ← N + 1
+ end for
+ ŝ ← NTT(s)
+ ê ← NTT(e)
+ t̂ ← Â◦ŝ + ê
+ ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
+ dkₚₖₑ ← ByteEncode₁₂(ŝ)
+ ```
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6544,6 +6808,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_150(
                                                                  &private_key);
 }
 
+/**
+ Packed API
+
+ Generate a key pair.
+
+ Depending on the `Vector` and `Hasher` used, this requires different hardware
+ features
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -6625,6 +6897,11 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
       copy_of_randomness);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -6650,6 +6927,13 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
       (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
+/**
+ Validate an ML-KEM private key.
+
+ This implements the Hash check in 7.3 3.
+ Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
+ and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
@@ -6664,6 +6948,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37(
   return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
@@ -6692,6 +6979,9 @@ static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
       private_key, ciphertext);
 }
 
+/**
+ Private key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
@@ -6729,6 +7019,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1b(
   return libcrux_ml_kem_polynomial_ZERO_ef_8c();
 }
 
+/**
+ This function deserializes ring elements and reduces the result by the field
+ modulus.
+
+ This function MUST NOT be used on secret inputs.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
@@ -6745,15 +7041,18 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(
   }
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       public_key, deserialized_pk);
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
-  memcpy(
-      result, deserialized_pk,
-      (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(
-      ret, result,
+      ret, deserialized_pk,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
 }
 
+/**
+ Validate an ML-KEM public key.
+
+ This implements the Modulus check in 7.2 2.
+ Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
+ `public_key` type.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -6780,6 +7079,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_6c(
       (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+ Public key validation
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
@@ -6920,6 +7222,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ Unpacked decapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const
@@ -7031,6 +7336,9 @@ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
   return lit;
 }
 
+/**
+ Unpacked encapsulate
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const
@@ -7162,6 +7470,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(
              sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
 }
 
+/**
+ Generate Unpacked Keys
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -7221,6 +7532,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f8(
          (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ Generate a key pair
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with
@@ -7393,6 +7707,9 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
   return libcrux_ml_kem_ind_cca_unpacked_default_09_1b();
 }
 
+/**
+ Take a serialized private key and generate an unpacked key pair from it.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -7447,6 +7764,9 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(
                       uint8_t);
 }
 
+/**
+ Take a serialized private key and generate an unpacked key pair from it.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.keypair_from_private_key
@@ -7603,6 +7923,9 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_fc_6c(
   return libcrux_ml_kem_ind_cca_unpacked_serialized_30_6c(&self->public_key);
 }
 
+/**
+ Get the serialized public key.
+*/
 static inline libcrux_ml_kem_types_MlKemPublicKey_30
 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
@@ -7655,6 +7978,9 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_fc_6c(
                                                        serialized);
 }
 
+/**
+ Get the serialized public key.
+*/
 static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut(
     libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
@@ -7752,6 +8078,9 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
   pk[0U] = uu____0;
 }
 
+/**
+ Get the serialized public key.
+*/
 static inline void
 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
     libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
@@ -7759,6 +8088,9 @@ libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
   libcrux_ml_kem_ind_cca_unpacked_serialized_mut_30_6c(public_key, serialized);
 }
 
+/**
+ Generate an unpacked key from a serialized key.
+*/
 /**
 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key
 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
@@ -7802,6 +8134,9 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_f9(
          (size_t)32U * sizeof(uint8_t));
 }
 
+/**
+ Get the unpacked public key.
+*/
 /**
 A monomorphic instance of
 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index ec647eb4a..627eab709 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 673688674..f252d33b7 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 8fa4c2d98c5fd5a203b5a37a971a46f2296646d9
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
+ * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
  */
 
 #ifndef __libcrux_sha3_portable_H

From 7fa77125b1bda2549ad1fd611331f8c883c12ae3 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 12:35:17 +0000
Subject: [PATCH 047/142] disable tests that relied on the old ipd mlkem

---
 specs/kyber/tests/interop_with_libcrux.rs | 227 +++++++++++-----------
 tests/xwing_kem.rs                        |   3 +
 tests/xwing_test_vectors.json             |  27 ++-
 3 files changed, 144 insertions(+), 113 deletions(-)

diff --git a/specs/kyber/tests/interop_with_libcrux.rs b/specs/kyber/tests/interop_with_libcrux.rs
index 22a30a5f4..67110bdbd 100644
--- a/specs/kyber/tests/interop_with_libcrux.rs
+++ b/specs/kyber/tests/interop_with_libcrux.rs
@@ -1,113 +1,116 @@
 //! Test spec - code interop
-
-use hacspec_kyber::{
-    KYBER768_CIPHERTEXT_SIZE, KYBER768_KEY_GENERATION_SEED_SIZE, KYBER768_SHARED_SECRET_SIZE,
-};
-use libcrux_kem::MlKemCiphertext;
-use rand::{rngs::OsRng, RngCore};
-
-#[test]
-fn same_inputs_result_in_same_output() {
-    let mut keygen_seed = [0u8; KYBER768_KEY_GENERATION_SEED_SIZE];
-    OsRng.fill_bytes(&mut keygen_seed);
-
-    let spec_key_pair = hacspec_kyber::generate_keypair(keygen_seed).unwrap();
-    let libcrux_key_pair =
-        libcrux_kem::deterministic::mlkem768_generate_keypair_derand(keygen_seed);
-
-    assert_eq!(libcrux_key_pair.pk(), spec_key_pair.pk());
-    assert_eq!(libcrux_key_pair.sk(), spec_key_pair.sk());
-
-    let mut message = [0u8; KYBER768_SHARED_SECRET_SIZE];
-    OsRng.fill_bytes(&mut message);
-
-    let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-    let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-        &libcrux_key_pair.pk().into(),
-        message,
-    );
-
-    assert_eq!(libcrux_ct.as_ref(), spec_ct);
-    assert_eq!(libcrux_ss.as_ref(), spec_ss);
-
-    let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-    let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-        &libcrux_key_pair.pk().into(),
-        message,
-    );
-
-    assert_eq!(libcrux_ct.as_ref(), spec_ct);
-    assert_eq!(libcrux_ss.as_ref(), spec_ss);
-
-    let spec_ss = hacspec_kyber::decapsulate(spec_ct, *spec_key_pair.sk());
-    let libcrux_ss = libcrux_kem::deterministic::mlkem768_decapsulate_derand(
-        libcrux_key_pair.private_key(),
-        &libcrux_ct,
-    );
-
-    assert_eq!(libcrux_ss, spec_ss);
-}
-
-fn modify_ciphertext_pair(
-    libcrux_ct: MlKemCiphertext<KYBER768_CIPHERTEXT_SIZE>,
-    mut spec_ct: hacspec_kyber::Ciphertext,
-) -> (
-    MlKemCiphertext<KYBER768_CIPHERTEXT_SIZE>,
-    hacspec_kyber::Ciphertext,
-) {
-    let mut random_bytes = [0u8; 3];
-    OsRng.fill_bytes(&mut random_bytes);
-
-    let mut byte_to_modify_with: u8 = random_bytes[0];
-    if byte_to_modify_with == 0 {
-        byte_to_modify_with += 1;
-    }
-
-    let random_u16 = (random_bytes[2] as usize) << 8 | random_bytes[1] as usize;
-    let position = random_u16 % KYBER768_CIPHERTEXT_SIZE;
-
-    let mut raw_libcrux_ct: [u8; KYBER768_CIPHERTEXT_SIZE] = libcrux_ct.into();
-    raw_libcrux_ct[position] ^= byte_to_modify_with;
-
-    spec_ct[position] ^= byte_to_modify_with;
-
-    (raw_libcrux_ct.try_into().unwrap(), spec_ct)
-}
-
-#[test]
-fn implicit_rejection_happens_the_same_way() {
-    let mut keygen_seed = [0u8; KYBER768_KEY_GENERATION_SEED_SIZE];
-    OsRng.fill_bytes(&mut keygen_seed);
-
-    let spec_key_pair = hacspec_kyber::generate_keypair(keygen_seed).unwrap();
-    let libcrux_key_pair =
-        libcrux_kem::deterministic::mlkem768_generate_keypair_derand(keygen_seed);
-
-    let mut message = [0u8; KYBER768_SHARED_SECRET_SIZE];
-    OsRng.fill_bytes(&mut message);
-
-    let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-    let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-        &libcrux_key_pair.pk().into(),
-        message,
-    );
-
-    assert_eq!(libcrux_ct.as_ref(), spec_ct);
-    assert_eq!(libcrux_ss.as_ref(), spec_ss);
-
-    let (spec_ct, _) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-    let (libcrux_ct, _) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-        &libcrux_key_pair.pk().into(),
-        message,
-    );
-
-    let (modified_libcrux_ct, modified_spec_ct) = modify_ciphertext_pair(libcrux_ct, spec_ct);
-
-    let spec_ss = hacspec_kyber::decapsulate(modified_spec_ct, *spec_key_pair.sk());
-    let libcrux_ss = libcrux_kem::deterministic::mlkem768_decapsulate_derand(
-        libcrux_key_pair.private_key(),
-        &modified_libcrux_ct,
-    );
-
-    assert_eq!(libcrux_ss, spec_ss);
-}
+//!
+//! This is disabled because this spec has not been updated to the final version
+//! of FIPS 203.
+
+// use hacspec_kyber::{
+//     KYBER768_CIPHERTEXT_SIZE, KYBER768_KEY_GENERATION_SEED_SIZE, KYBER768_SHARED_SECRET_SIZE,
+// };
+// use libcrux_kem::MlKemCiphertext;
+// use rand::{rngs::OsRng, RngCore};
+
+// #[test]
+// fn same_inputs_result_in_same_output() {
+//     let mut keygen_seed = [0u8; KYBER768_KEY_GENERATION_SEED_SIZE];
+//     OsRng.fill_bytes(&mut keygen_seed);
+
+//     let spec_key_pair = hacspec_kyber::generate_keypair(keygen_seed).unwrap();
+//     let libcrux_key_pair =
+//         libcrux_kem::deterministic::mlkem768_generate_keypair_derand(keygen_seed);
+
+//     assert_eq!(libcrux_key_pair.pk(), spec_key_pair.pk());
+//     assert_eq!(libcrux_key_pair.sk(), spec_key_pair.sk());
+
+//     let mut message = [0u8; KYBER768_SHARED_SECRET_SIZE];
+//     OsRng.fill_bytes(&mut message);
+
+//     let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
+//     let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
+//         &libcrux_key_pair.pk().into(),
+//         message,
+//     );
+
+//     assert_eq!(libcrux_ct.as_ref(), spec_ct);
+//     assert_eq!(libcrux_ss.as_ref(), spec_ss);
+
+//     let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
+//     let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
+//         &libcrux_key_pair.pk().into(),
+//         message,
+//     );
+
+//     assert_eq!(libcrux_ct.as_ref(), spec_ct);
+//     assert_eq!(libcrux_ss.as_ref(), spec_ss);
+
+//     let spec_ss = hacspec_kyber::decapsulate(spec_ct, *spec_key_pair.sk());
+//     let libcrux_ss = libcrux_kem::deterministic::mlkem768_decapsulate_derand(
+//         libcrux_key_pair.private_key(),
+//         &libcrux_ct,
+//     );
+
+//     assert_eq!(libcrux_ss, spec_ss);
+// }
+
+// fn modify_ciphertext_pair(
+//     libcrux_ct: MlKemCiphertext<KYBER768_CIPHERTEXT_SIZE>,
+//     mut spec_ct: hacspec_kyber::Ciphertext,
+// ) -> (
+//     MlKemCiphertext<KYBER768_CIPHERTEXT_SIZE>,
+//     hacspec_kyber::Ciphertext,
+// ) {
+//     let mut random_bytes = [0u8; 3];
+//     OsRng.fill_bytes(&mut random_bytes);
+
+//     let mut byte_to_modify_with: u8 = random_bytes[0];
+//     if byte_to_modify_with == 0 {
+//         byte_to_modify_with += 1;
+//     }
+
+//     let random_u16 = (random_bytes[2] as usize) << 8 | random_bytes[1] as usize;
+//     let position = random_u16 % KYBER768_CIPHERTEXT_SIZE;
+
+//     let mut raw_libcrux_ct: [u8; KYBER768_CIPHERTEXT_SIZE] = libcrux_ct.into();
+//     raw_libcrux_ct[position] ^= byte_to_modify_with;
+
+//     spec_ct[position] ^= byte_to_modify_with;
+
+//     (raw_libcrux_ct.try_into().unwrap(), spec_ct)
+// }
+
+// #[test]
+// fn implicit_rejection_happens_the_same_way() {
+//     let mut keygen_seed = [0u8; KYBER768_KEY_GENERATION_SEED_SIZE];
+//     OsRng.fill_bytes(&mut keygen_seed);
+
+//     let spec_key_pair = hacspec_kyber::generate_keypair(keygen_seed).unwrap();
+//     let libcrux_key_pair =
+//         libcrux_kem::deterministic::mlkem768_generate_keypair_derand(keygen_seed);
+
+//     let mut message = [0u8; KYBER768_SHARED_SECRET_SIZE];
+//     OsRng.fill_bytes(&mut message);
+
+//     let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
+//     let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
+//         &libcrux_key_pair.pk().into(),
+//         message,
+//     );
+
+//     assert_eq!(libcrux_ct.as_ref(), spec_ct);
+//     assert_eq!(libcrux_ss.as_ref(), spec_ss);
+
+//     let (spec_ct, _) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
+//     let (libcrux_ct, _) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
+//         &libcrux_key_pair.pk().into(),
+//         message,
+//     );
+
+//     let (modified_libcrux_ct, modified_spec_ct) = modify_ciphertext_pair(libcrux_ct, spec_ct);
+
+//     let spec_ss = hacspec_kyber::decapsulate(modified_spec_ct, *spec_key_pair.sk());
+//     let libcrux_ss = libcrux_kem::deterministic::mlkem768_decapsulate_derand(
+//         libcrux_key_pair.private_key(),
+//         &modified_libcrux_ct,
+//     );
+
+//     assert_eq!(libcrux_ss, spec_ss);
+// }
diff --git a/tests/xwing_kem.rs b/tests/xwing_kem.rs
index e78cbeb0f..661cd958c 100644
--- a/tests/xwing_kem.rs
+++ b/tests/xwing_kem.rs
@@ -170,7 +170,10 @@ fn kat(tests: Vec<XWingTestVector>) {
     });
 }
 
+// TODO: This uses the old xwing test vectors, but ML-KEM now.
+// https://github.com/cryspen/libcrux/issues/702
 #[test]
+#[should_panic]
 #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)]
 fn xwing_test_kat() {
     let file = "tests/xwing_test_vectors.json";
diff --git a/tests/xwing_test_vectors.json b/tests/xwing_test_vectors.json
index f7b47d38f..fd46589c2 100644
--- a/tests/xwing_test_vectors.json
+++ b/tests/xwing_test_vectors.json
@@ -1 +1,26 @@
-[{"seed": "7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef263cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e235b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b2", "eseed": "badfd6dfaac359a5efbb7bcc4b59d538df9a04302e10c8bc1cbf1a0b3a5120ea17cda7cfad765f5623474d368ccca8af0007cd9f5e4c849f167a580b14aabdef", "ss": "2fae7214767890c4703fad953f5e3f91303111498caa135d77cde634151e71b5", "sk": "24c59d1c7603e7b74bc7aa1bc2cb3a214b3cfaebb63bd85b65408427c498ba394371bb271f92a3b506b81d54a95a7c0ddfbaa1519553d6f3cd5a601b7db6b0e91a5149468f1f68ad26478bf3c6670e093ac4c49e7a90ba46595de94c50e04129a811a841b39534a87f0ae7b1116553e20c9a566b9b8ff7c7e728b8b201893403a4f252a55230874c256b897834cda349807b25cbd75a30867bfb80328200017f1cb70b56cc546b65d3dc9cdb45107cf10dba349619043ac35c0b9546309a239039813ed5c40f353a5e8e42193564496112bda56cb38c081df252ae9c2c7e441a062e92a7c8da7a240c9952d86b5f1bb6a53b38a5ac0a54a84b43f12da1d0525655684a12090b60b28b0c628db092015547d1070af5d6192e639636615d03c654bb90008ca15b784119f6178a00d7bef4a54a274ac922e55c61a3a8840aa258639484a3bce2e43b6c969b11275631daa129a61ea0e2939f0877e1a110c8a44b24c54fbb07a958db9feeca1eb52b086c87bf43a9b02a5b2c4762117c3a99ae4c4e2eaa7a33b9a714737215c10317514f6c4299ef92acd64c4858e85ce737a801890022d7381f3540230c0c8ef50a848a28b09ba0bf8b50619c905751601d7629767449c9c0b2bae321f438a77f412a55e45ecab4b39053c6561801c639be6495be8fa144ef6029af663407ca9181946de5f3aec7236343ab3bc5a38a09c01b412baf0afb23f9e9b8f2b40810f2ce4ffbcdbfd87972323e98065160bcba34b3afd6c25b664745fca99a9ea75cef019d768485ec23336d9b39e4d05d8d587b30633d4f69ade5753a39680235e44f27995da96798f3a85e184a9fad19320829629f4140417bb7dbf5851ab79258134146d088452774991a087a1c2beaea89f218087ba774ae253b494c27750b1de04b44d953c5e47ab10f65205ee212f9c30391e5299553954916873a0b41164543e801c0b099cb44f48995675823c10b40f4bbac9177a558ca0c30765c2aabfd6a4da54c8413e33902d63f064330f0464982429de2604cd03b4de84a9f821a5470423a40a964dcc41863363d77b02c3127304f942ee71c98c643a427533ef300104948b825277953aaabfd855588f75a77d199a213ad348116e9e539f6d37068a551c710548b7a2c7ee95f9cd9b3483332673cc44bcb18a778a49455c768e0b340f81102ac6b76b064057151ef101ae143787f548553558df8035a3ce00c9c43cda43142cca39034b09a7e6089867b4c64980a69ecab2e6818724c35cb909d5d45bc6a349c71b306567664adc0cc8ef698049b4b4b432dd0f69fac07580f77c4f79b22bb90cb97b341880716853431694c9120f6724ad58d57127fced999ff6229a5d4c3c240129cc812acc73698f949d8e73661f2528262bfccfa5cdf5a2104649806e295ea161217083365aa26cee6ae2f1356e8e1c5cefcc85703447ef1160a1b4a0e8c017b173802c66c88ab70d39a6c96c1569d5a86245a7eeb087d682219080768745b44bf244f65b567b2658dbae6962ba52b322118e214cfadd7cf3502582dc9cafba952a9637ad3600710259778d99d23f8235da90791604b4f0a4f7640680f59b633d93dfb84282ba54c674b115684a41bc331b659a61a04883d0c5ebbc0772754a4c33b6a90e52e0678ce06a0453ba8a188b15a496bae6a24177b636d12fbb088f2cd9504ac200231473031a31a5c62e46288fb3edb858b21bc0ea59a212fd1c6dba09e920712d068a2be7abcf4f2a3533443ee1780dd419681a960cd90af5fcaab8c1552ef25572f157a2bbb934a18a5c57a761b54a45d774ac6bc593583a1bcfc4dcd0cca87ab9cff463dc5e80ebbb501d18c8b39e324dbd07ca06cbf75ba33297abcc7aabdd5b308401ba387f533f3927b51e91380f5a59b119e354835ab182db62c76d6d85fa63241743a52012aac281222bc0037e2c493b4777a99cb5929aba155a006bc9b461c365fa3583fac5414b403af9135079b33a10df8819cb462f067253f92b3c45a7fb1c1478d4091e39010ba44071019010daa15c0f43d14641a8fa3a94cfaa2a877ae8113bbf8221ee13223376494fb128b825952d5105ae4157dd6d70f71d5bd48f34d469976629bce6c12931c88ca0882965e27538f272b19796b251226075b131b38564f90159583cd9c4c3c098c8f06a267b262b8731b9e962976c41152a76c30b502d0425635357b43cd3a3ecef5bc9910bb89ca9e91ba75e8121d53c2329b5222df12560d242724523ff60b6ead310d99954d483b91383a726a937f1b60b474b22ea5b81954580339d81c9f47bab44a3fe0c833a7dba1f5b33a5a2a459812645c6537c2317163d71b7bd7a4a5459a28a1c28659aad9a1ca9a99a363062d453355108445a673438e77624e73757c1a84d031cf0fb24b1187aafbe6738e9abaf5b42b004b1fa0d96426d3c5324235dd871e7a89364d335ebb6718ad098154208b143b2b43eb9e5fd8816c5225d494b40809b2459903c6486a1db9ac3414945e1867b5869c2f88cf9edc0a216681804578d34923e5a353babba923db907725b384e74e66987292e007e05c6766f267f839b7617c55e28b0fa2121da2d037d6830af9d869e1fb52b0cb645fe221a79b2a46e41980d34671ccc58d8756054b2cca7b13715a05f3925355cca838ab8d2425255f61135727167ad6bcb0632ebf86384b950ad21088c292b4a4fcc0e59c42d3f77fac85cd9f5cb049b3a29505a984c4c6ac98ca3d0a8f30d2b1bd9815b94b27051b40ffc3455a668b9e141428611b280c1b8f2b55f6eb04e10c68f1340ef1582115f10ee2b785b7ebb0ec3a0c61670cf48107b594cd6e238e0d68961b47983b87879771519d2b7c21681cd494b420f03d004bb06eeb54f9c080c2f2aff6759074d5b3a3b11c73f1af6dc874eeec254d5409fceaa90ff66d90b6930a540fd1d9be1844af1d861ff96a611a414a6c61a78fb2a78e74383ab05ebc73855a818a627242d523a3e2a35ab4285b4a2564f76772aaf8cdc9f87c65f1b4b5819905fb4f9ea59166fbbdb201c5eefc0df7418ca211b5b079a511b8b94429847b537fbed82d57632d63e815d8212d8a280d43328604a6c4d2c1887e7ab061f120a0168db2f4735369b193780f0aeb381ff2653f3b46e206afe77a7e814c7716a1b166727dd2a0b9a7d8aeace425da63977f8103457c9f438a2676c10e3a9c630b855873288ee560ca05c37cc7329e9e502cfac918b9420544445d4cfa93f56ee922c7d660937b5937c3074d62968f006d1211c60296685953e5def3804c2dad5c36180137c1df12f31385b670fde5cfe76447f6c4b5b50083553c3cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e235b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b2e56f17576740ce2a32fc5145030145cfb97e63e0e41d354274a079d3e6fb2e15", "pk": "1bc331b659a61a04883d0c5ebbc0772754a4c33b6a90e52e0678ce06a0453ba8a188b15a496bae6a24177b636d12fbb088f2cd9504ac200231473031a31a5c62e46288fb3edb858b21bc0ea59a212fd1c6dba09e920712d068a2be7abcf4f2a3533443ee1780dd419681a960cd90af5fcaab8c1552ef25572f157a2bbb934a18a5c57a761b54a45d774ac6bc593583a1bcfc4dcd0cca87ab9cff463dc5e80ebbb501d18c8b39e324dbd07ca06cbf75ba33297abcc7aabdd5b308401ba387f533f3927b51e91380f5a59b119e354835ab182db62c76d6d85fa63241743a52012aac281222bc0037e2c493b4777a99cb5929aba155a006bc9b461c365fa3583fac5414b403af9135079b33a10df8819cb462f067253f92b3c45a7fb1c1478d4091e39010ba44071019010daa15c0f43d14641a8fa3a94cfaa2a877ae8113bbf8221ee13223376494fb128b825952d5105ae4157dd6d70f71d5bd48f34d469976629bce6c12931c88ca0882965e27538f272b19796b251226075b131b38564f90159583cd9c4c3c098c8f06a267b262b8731b9e962976c41152a76c30b502d0425635357b43cd3a3ecef5bc9910bb89ca9e91ba75e8121d53c2329b5222df12560d242724523ff60b6ead310d99954d483b91383a726a937f1b60b474b22ea5b81954580339d81c9f47bab44a3fe0c833a7dba1f5b33a5a2a459812645c6537c2317163d71b7bd7a4a5459a28a1c28659aad9a1ca9a99a363062d453355108445a673438e77624e73757c1a84d031cf0fb24b1187aafbe6738e9abaf5b42b004b1fa0d96426d3c5324235dd871e7a89364d335ebb6718ad098154208b143b2b43eb9e5fd8816c5225d494b40809b2459903c6486a1db9ac3414945e1867b5869c2f88cf9edc0a216681804578d34923e5a353babba923db907725b384e74e66987292e007e05c6766f267f839b7617c55e28b0fa2121da2d037d6830af9d869e1fb52b0cb645fe221a79b2a46e41980d34671ccc58d8756054b2cca7b13715a05f3925355cca838ab8d2425255f61135727167ad6bcb0632ebf86384b950ad21088c292b4a4fcc0e59c42d3f77fac85cd9f5cb049b3a29505a984c4c6ac98ca3d0a8f30d2b1bd9815b94b27051b40ffc3455a668b9e141428611b280c1b8f2b55f6eb04e10c68f1340ef1582115f10ee2b785b7ebb0ec3a0c61670cf48107b594cd6e238e0d68961b47983b87879771519d2b7c21681cd494b420f03d004bb06eeb54f9c080c2f2aff6759074d5b3a3b11c73f1af6dc874eeec254d5409fceaa90ff66d90b6930a540fd1d9be1844af1d861ff96a611a414a6c61a78fb2a78e74383ab05ebc73855a818a627242d523a3e2a35ab4285b4a2564f76772aaf8cdc9f87c65f1b4b5819905fb4f9ea59166fbbdb201c5eefc0df7418ca211b5b079a511b8b94429847b537fbed82d57632d63e815d8212d8a280d43328604a6c4d2c1887e7ab061f120a0168db2f4735369b193780f0aeb381ff2653f3b46e206afe77a7e814c7716a1b166727dd2a0b9a7d8aeace425da63977f8103457c9f438a2676c10e3a9c630b855873288ee560ca05c37cc7329e9e502cfac918b9420544445d4cfa93f56ee922c7d660937b5937c3074d62968f006d1211c60296685953e5dee56f17576740ce2a32fc5145030145cfb97e63e0e41d354274a079d3e6fb2e15", "ct": "718ad10318b367fc4390f63147fa5250ef61b65384a563f2c7951b2d45881fcf9f446ddd4443417eed0c001e635a994cda366f118bdd1cf0be0417abd1b615cc669e1b949280e28f52d3d5035c6420ff6c943421ee7589e681828c95942d4f9968f32b9ad30cccff0d98fa84b187164530dc83f9cde75ab1958c22dbff8af921c9ebc678a658b69663f72e7c1632b6ac8ddcbc6c8a06c3316b1aefdd07989ef944fc51406e12db6865344e03f447520d50c93fab1513d80cbc836950e2b52f424bb46155ba4c2e21ec5dff762bf7e92e54e0fb7618e73072607ba03b1de16f109e22dd5832a7eadfeb2ef00244bbaf930106cbcd2ab008f468de6d98632e9e225091a010e361ce751d633e6c37ba2530bca6fbe9d2e5348e4e168e154922992aef45a265ec649ce21480504b609ad5f1b0b094b74d55aaea60b8f71398cd9340802e91415937ffaa482c6678f8421c63583e8acd8d00bf285b52a26fa577aed109acd94ef7559554aa378f87283a7ee94af98e21a6fbac8802336ff980e15e498042a8148b69e1d8aab0b7126d0b885f9a57c1ea83efcce8dccfee076dbc2f9c074525ed4e7472c3e09a9f1c50ff511150159c1be7730686c04e46368e37f2e8c82b8436463445b0edaefab876731497abcc563b1978eac34cf73b5b213549d1f74271d48f6a085155acd8d7db739ce6e70ad25ee636231e4151725d55ea781d483e54850e1ebda401276616e7a62b22efa2e3098a006dfacaa1fca54ade6a119f3a215b523210164a7f299d2c7b8ad8a637bc1fba56de28ffa800b522246dbec7148ced56ed292c7d92004065598bc573dd30259d84b6d923d2769ce260cdab0ad17673ef7388c020b8e8bcd055232a7240fe2fa4fcbeadbc46366aa47729f5502dbfee8a623ab8ec6f6020013aeff975f255b597a11eed1335457b9903da42a27a39fdb0edbb11742e4e521c833b7952d3fd28f428eecb6f78b99ff0a5eb097793f78f1a70612811766fcbe0f9aa3ca4afd8a364f5584333d8a4cdc096a3762ea6cce70dfa42967f5a7c2dbef688b37885fa26220dc800bcb1ae83d35ffca54a6dabba730764d60b1a4a506206efa380d7d1d89069778b082bb92396af4547024797797e01c927c78c9f70750ef2002dfe1516baa4f165a3176942d35d9527f4b33505484130cd573f9d4a1f1e6656aff881aab482fb3d6151ab02f76267033f3feb9718fbfed05a9b69a8d817a7e4a41efbe3ffeb355d1013778f14d4c30c92a386190fa23b388feddc635b22d8fa4998b65d483cd3b595553092123e144c49d91ddc2f7a88f3ef1ad2b0b19636bc3f50f61ea5157c73a1a5b956349b6cdf3ff50ec9ef7cbc1137b27d7839276a3ed4e778c505206669686ef038b5808117fedf60ef3598e8ed1db1e5ad64f04af38e60e82fe04bc75594fd9fcd8bb79237adb9c9ffd3dc2c907345f874aec7055576a32263486120ff62ad690a988919e941d33ed93706f6984032e205084cc46585b5aef035c22ddbb3b0ba04e83f80c1b06b4975f00207b357550d24405189412ea6a83ad56c4873f499fdbdc761aa72"}, {"seed": "aee7eef47cb0fca9767be1fda69419dfb927e9df07348b196691abaeb580b32def58538b8d23f87732ea63b02b4fa0f4873360e2841928cd60dd4cee8cc0d4c922a96188d032675c8ac850933c7aff1533b94c834adbb69c6115bad4692d8619", "eseed": "f90b0cdf8a7b9c264029ac185b70b83f2801f2f4b3f70c593ea3aeeb613a7f1b1de33fd75081f592305f2e4526edc09631b10958f464d889f31ba010250fda7f", "ss": "d482dd1a592f072109a0d8a86991ca6bd5bab25f13e788377fc34506f508ffdd", "sk": "89722dd1c8829af93f6e5405ecd93a5aaabcb9264aafc363d731bb4f276021b0c06826363022ae1e85acc6679ccb583a37ba4d30e0564ae6421ab1b5c2374a058cb6bca4050ce15ed5c51bcc90be82454b332aa21069623d8a8b393a2c2b6cb5bffc55ae369614a77d9bc982d47496ab21239bb7691ac65494225889b7b45ba10b0aac10c3c41fa7a4a51fa14d3e92bbd364be59ba7d9d4592944968e97a2d947868a0624a97a9c8ad226d81a12a17777eafaa6de30436a5c743003078d830734ec97e6a625f6d9c10f9da3f956b5583578478e6311f27789d6188ede84510442c9f556696378faa622b1e935be62c733da96b023c31b2ba6abfbc5c748088251042d46559bf132d2a43b7690cb4666722ebc53849843125f9a900aa476af424b7b410f18300f048ce26dc7f35b50f7eb5bccf23c95b7c0064e92662eb22927359df1b9ace43ce014384ae68822f4c3f64583643355c6746290d224a70c818158884e2aa8f15e18709100848255c277144f051ab8b40775c297cafb238cdb70e8ce687c9e195d0823b390341e245852ca99c079211161a79409247ae721a59b358ef097ed8dc386f982d36a9220c3511eacb3674f671f171afb0d14f0890c0c7f77d06f7c61ca83a15974083e72678f180f35c1aaa633166d429432599f9d9432fe791318ab14a3988496a14c2417e03990136e91aa3a817085abbc4aa0c38a45e7e009f3577739172396f7b7e61734eaacc5b484971e9a9384b58aadff9307a98222a3813f9269fe793b7ef582ab8c36feaf447d3136285f76d5f463141356773650441e092dc73bcf483cb1f2944016936db2a34b743830cb890e85660acd077ea51c07e664df7ab803c9b0c96e143b4f5788311a841b76be728aea60270104564575bb723f51dacaab5e379c3cdd97bdac84ad6738587bcbbdf1c66a0da65f87a673f840e1d7c5a722a265568429ae36cdde9cd54ac3d4a94c4c6508361984e1c211771998641816fa392a4ffb97664381a84900eb52502f04816a3d70090b55ee2d3b7f3d459af4008ec8c1b19c08d1284b6fdc81508647ecb9b45e65c084d456f9fa87a68f26bc05b4e8415887b602ff28b28e412637ff9019a90ac21c7c4ae9670a538a2bd2604616689b034c33cb1cc9d634eb37c8d4d46bc40e335582b539d3215bf70960cc1c0b11011449c2a09265101f55366dc0213a64112885176c3a223b19cf6951b5968452aa7b839370646db5eee1893346a58c116133dbc8fc1c5ac34e04cda171b041c0133563a682855a9cb18896c6179ac2eac83c70547942e54b2e133a6f68450f4f4b14bda3af5f129b3e292c6a676aa0b7a045c7251e315ca3707ff23bec349a950d49718560b2ff66cbd49c848b4036c2186a0315c4e6a32f3035207a48651891f50ec6c0eb19d13e90457611e0c7ccdf012a3e19412d8c1563f1ab22b39859b27a7bcac72cbf2c83c666deb401e4239603645872b997673b6205d97cdd68b0a782742e62c24ad746261085de3c95f49dbb8172c05f3f2414e63652c3b358d603e867173e03203af06a26bb0bfc0b521118b6fd99613a160829b04475374b8214859bcc316f4e06a84f264ec3cb513f66b71ac3a3d135aa589198cb02113cc17e13a0f15fc1d3d734966c3751a74ac27c781323043e36389dca9a2af6508bdba0260662691426d1d8899cd77736c21b17eb3a31fc118154264e2b10e22c506b7803b1f4b25d178b688b641d0943185107eed18b228e8b68753a8d75a77f29b5b5e97abd028354ce4cd6961797a757c4ff44aeea2c0a16cbfdcb07314fb3e64d7c26a4c9e5782a2ee198d73e7bf05eb85bd420cee20ac24c36613d6bd0c53133443527c32bd0f8b3b3be9918c7caea71748de6bacfa27710845ad0b528c087349e9faa3c83869e1d0ac9267974dba1dc3434976f60b59d443bad51e87d974c9f747b76017bd17021c24246a9987db1b318562bf665b41fb153c0ba675cac593b990ce595a7851fa18ea345bf20c3524862532544e05e5c69daa0dc4f2b24704338e29144d653657d47a20f39ed2b1174cb3120ed1590e4ac932579dc2da9f12f6c07ec7a31963208faa5c758615713965b9d5661860cfe5652d74231d2ce9b696ea9e45305a28d84c082709d2238bbc849b6b3cac64b78b532995af6b4ce9880f9149a5ae083320624e3b54851d48a6f24266258a0a14d342e4ca3133c33c5e16ad91b22d521100076527cefc5f0417b332463c5c5c52dc4b00a2d29959109244d2810839a310cb1df282503d5cbf3f0cbe3e68873407b7e5e960ca214709919b65301da2b3a7e488205a3a9c5f24cd61d18c757040b14a4e80e8c09e74a9a71265ed213a91da6d7a8655de3b4a83125ee2e66cb673733e3717d99023a6683712767ab2da9b54a26dd3b695a80b54226a1a967b08c3f76e679914470803bc6805a6b4b1b78261259acd8f703dd10ba6e8e1a00dd94e774113d13103253cb70edab948c38072629b949261b7c439445bc498444e86b6a9a7da8b1530380bf2939532a8e7ea84ea0b5c6db5335e826aa0325b536ccc21d943890b2c2a5c44f337682355867be87965175f2dbbb0aba89f9311b0873a15db6a4128682a8bca019a04a351a0ce646868f9bbb6f8d0bea3db0865f1239b16c93ca09d19857d747abfc846b27dd77ee5d405fab5ce949635e7d34ec1b9546aea75df571cfed74b7112218e4153e7f6a7a3a910ec4c111576b3bb27c29852746e645fa501b0642678aefa2209c745939a2ab000033862b88e7011e7e25ec1e3cd379b54bc457a85d9af0680160c57b3a4e90308bc28b8da13ac0c563c55b39a88bd90b51f691525e50a260a0507a2174447ea93f5d5acec6c16a5d7909e275f612c9f283310e8124d28f18000f811fb929e03f30d1472644851bcb73c4af6b095acd7328a072be9187a836a15307c6076210c9b410493505bc4814e3c327386796c5932c8cab7a695b97cac24561b2a9657c3157531ba3cba699b6424fda24cc6c72edac1a6bf091b87c3c594c917d24a1126f998aee120ae372a27a268a0c76ab8f84957f461e7c04dd2d59f0f217d9e07008990533b16bbc125b2737a1a7e1cc1ed7c47e8f8464ba78c5d3298f2dc7d0be944ad29907ec774ad1b1f1485b114a9a9b93c488c89c0c7609f2bf9533c2929f667bca8b68999e34054597cf83ba7450b237188c3364172c1351bd349a699672d31b9598bab79a18b3d8cb25f5f53c0b22bfa065690a16184db4f9731cea1a08f5876ec187e7b1ae79c593415d068838e5ce0bf2c28b1e389ae4a768f871b2761a29178a51845eb0b939f0ee9ef58538b8d23f87732ea63b02b4fa0f4873360e2841928cd60dd4cee8cc0d4c922a96188d032675c8ac850933c7aff1533b94c834adbb69c6115bad4692d8619c7dd2bf4e3b5b93f77f4576d55d300739e75e14084b0bc85620499bf468ae161", "pk": "3d135aa589198cb02113cc17e13a0f15fc1d3d734966c3751a74ac27c781323043e36389dca9a2af6508bdba0260662691426d1d8899cd77736c21b17eb3a31fc118154264e2b10e22c506b7803b1f4b25d178b688b641d0943185107eed18b228e8b68753a8d75a77f29b5b5e97abd028354ce4cd6961797a757c4ff44aeea2c0a16cbfdcb07314fb3e64d7c26a4c9e5782a2ee198d73e7bf05eb85bd420cee20ac24c36613d6bd0c53133443527c32bd0f8b3b3be9918c7caea71748de6bacfa27710845ad0b528c087349e9faa3c83869e1d0ac9267974dba1dc3434976f60b59d443bad51e87d974c9f747b76017bd17021c24246a9987db1b318562bf665b41fb153c0ba675cac593b990ce595a7851fa18ea345bf20c3524862532544e05e5c69daa0dc4f2b24704338e29144d653657d47a20f39ed2b1174cb3120ed1590e4ac932579dc2da9f12f6c07ec7a31963208faa5c758615713965b9d5661860cfe5652d74231d2ce9b696ea9e45305a28d84c082709d2238bbc849b6b3cac64b78b532995af6b4ce9880f9149a5ae083320624e3b54851d48a6f24266258a0a14d342e4ca3133c33c5e16ad91b22d521100076527cefc5f0417b332463c5c5c52dc4b00a2d29959109244d2810839a310cb1df282503d5cbf3f0cbe3e68873407b7e5e960ca214709919b65301da2b3a7e488205a3a9c5f24cd61d18c757040b14a4e80e8c09e74a9a71265ed213a91da6d7a8655de3b4a83125ee2e66cb673733e3717d99023a6683712767ab2da9b54a26dd3b695a80b54226a1a967b08c3f76e679914470803bc6805a6b4b1b78261259acd8f703dd10ba6e8e1a00dd94e774113d13103253cb70edab948c38072629b949261b7c439445bc498444e86b6a9a7da8b1530380bf2939532a8e7ea84ea0b5c6db5335e826aa0325b536ccc21d943890b2c2a5c44f337682355867be87965175f2dbbb0aba89f9311b0873a15db6a4128682a8bca019a04a351a0ce646868f9bbb6f8d0bea3db0865f1239b16c93ca09d19857d747abfc846b27dd77ee5d405fab5ce949635e7d34ec1b9546aea75df571cfed74b7112218e4153e7f6a7a3a910ec4c111576b3bb27c29852746e645fa501b0642678aefa2209c745939a2ab000033862b88e7011e7e25ec1e3cd379b54bc457a85d9af0680160c57b3a4e90308bc28b8da13ac0c563c55b39a88bd90b51f691525e50a260a0507a2174447ea93f5d5acec6c16a5d7909e275f612c9f283310e8124d28f18000f811fb929e03f30d1472644851bcb73c4af6b095acd7328a072be9187a836a15307c6076210c9b410493505bc4814e3c327386796c5932c8cab7a695b97cac24561b2a9657c3157531ba3cba699b6424fda24cc6c72edac1a6bf091b87c3c594c917d24a1126f998aee120ae372a27a268a0c76ab8f84957f461e7c04dd2d59f0f217d9e07008990533b16bbc125b2737a1a7e1cc1ed7c47e8f8464ba78c5d3298f2dc7d0be944ad29907ec774ad1b1f1485b114a9a9b93c488c89c0c7609f2bf9533c2929f667bca8b68999e34054597cf83ba7450b237188c3364172c1351bd349a699672d31b9598bab79a18b3d8cb25f5f53c0b22bfa065690a16184db4f9731cea1a08f5876ec187e7b1ae79c593415c7dd2bf4e3b5b93f77f4576d55d300739e75e14084b0bc85620499bf468ae161", "ct": "f98f274dc74db1798915be81f089fbf792116ec03539b6c02cfbe649267f100df0ef51ec6e51fd4a9b75cc2f1806d470b56984df3d368e4d09be4b4ffd59907e11b2d4497b7dd2b61afb3cc52a6ea661f2c6495a7f5fbef3dfac143f65bc9f6eb48d548df01d6a0bb52dab84fda5e92f7a223289ec4e45cf76d47ab3a79086481f4bb4e95cd69bfdf388762e775bf63b9694f72ca5a90883be5b8ac08c1737d5eced830466e9426fe5bec61bc63f1962358b66cb3d8fdd5dfa887b0da5f15c8868bafce3d998b85ab34ced43ac9b9869c84c59fb2f094ddca1dee97db9a941c3cc319401d9db08569d8eb248ec2ff51e7e18c22d810bf512c28d5d719c4bf5237bac6d14ec33b673453cb0129f31a0b532240ac257d7813370c7addd3ec957a1034b8e4c539506c7827a82e37f5b2405236c914783c35a8aaeaacdea194d699dcfd6d04027cbfcac58e3157a16c20b11dfaf6256ae3037252baac3a25f3d1f7e3f14dd231fc50db2f8788575799e6be241717e9634456be9eb04989cdf312dddd8a24939ebb90de0f5b006d59b2b19350dce76a415230f49374fa45ced3eed165cc92ed1d6e17c233f36030a61cb610b93a55d939c9c7e964f9086ccdb41b8638f14f9202cdb9f1e3ffac235ccda32a92a71e85188297cdba4a309e085c56826bb6121462ac6ee36beb9ee72c824294b6026c60d478f17dd082cca6d6d7a3e86dbe5f7fc9bbc2a07873c686e53f9040aa60dce89b179643741457f5de371c8aaf41eceee8e1a1b324666572322499731242ee48134eb6dfb8961b06b5a04c586c6a9113a9c161f36806a284e03b01940286b2de59689607b2b64b46d6fc2ba044c9a42c5cb600cfd6ca0bdf4915a47fe02d71b8fcc27f0f17c78a300c6345ccc2f77a438772f4297f7b2160aec93e4c8c72c0dbe67868753c18491861a1c1b96eaae07023436602fbb6f2bfb161a5f778bb3086c2255423a8c51052833f6b63ed2cc732a7e2c4d36123471b451b640830421fd4edc83a9527d91203aa7e41867e3a7dfd5610aa20646738754883935af2b09cb24d93a332c9671e6a00cc29a6346de406f5fb28fe84f0b0d3a43c98213bfc2eb2802f1ca071c560a705edceb262c44c2fd2e9e5caf0bf9eafc6be84c8a00d4bfd57e2468254e4560aa6e8d62ff72c55c403ce5a8e8c87cb4d7f693344918138a8f1621107492d8c0a8c74ae77323f7e1fa84220da14a9ae978b207aa692e2ba13ee5ed924c75e472e1b77cc496519704ab87bde2ac15fdde0184d799288b60873b7f85a113b5b8d76a5237f26586ef2cb5cb940c9c5a4789267575ed223fdb9d7ed57a390076857d3c0207360a3d039e4f7961dfe25d8e7c034df6ec0503b5589a89911e54d4831b5cc9ed0abc66143b5482d35dec97ed94e65ba7d013126348960804ec2f19463b8daaa9927c05eecae3bb58b2575fcec762c14cd7d27f51e05aec3ddf00e90dafcf91d31ac09eaad73d675504798170b703667d2175a37b40e4b7809056b1c1ca3062cdb98b0ba79b61c1c3f692b6e75940077ab7aea8649f38e34406282704f1080208a15c"}, {"seed": "1368ec2967fc84ef2ae9aff268e0b1700affc6820b523a3d917135f2dff2ee06bfe72b3124721d4a26c04e53a75e30e73a7a9c4a95d91c55d495e9f51dd0b5e9d83c6d5e8ce803aa62b8d654db53d09b8dcff273cdfeb573fad8bcd45578bec2", "eseed": "e770d01efde86e721a3f7c6cce275dabe6e2143f1af18da7efddc4c7b70b5e345db93cc936bea323491ccb38a388f546a9ff00dd4e1300b9b2153d2041d205b4", "ss": "1e037823ddbf1875756d86a3374b2d2347d5b7f3c84d229ecc5960523cdaa8b4", "sk": "f58497af7a5854c214be50bd9694011740619f4042d1a9b5e3d813bf419c9e70b6b6e33917644378d7a097047c1be007b9973f3ec7c2c1c7af23726160db834503bc5381625ab08ec831b60a04c54a360d2222ab0918358e84a038c41775456f7c6c1de0f27d5b538a9e80911484cb96d17b52825410661cc43a576669a92cb7b97b97aa0e7b55a0589bc1295000a09bdfa5236a737a95a7029d2a5f4429494ee4b1299613fb76a573092915f6c37d472beea0b93b082eb546b4ad268fc0fa9eedc8a19faab8a857ad09e24b042374ce9566e3b3ba33bc06441781f74421d00bcf0598103d9620fe0b35ab904c3676c3e970525c7507917850ff99ae4eb57eeaf4b0615097a1e970de6aa9ba609fe8ac11fdfa4e7c4cb90a30c03cb8baeb5033cb6ba6c755bdaca4c9448bcc24188991a659adfbc219b3ca16258f3c0b8791846cd9e8b17ed33f97b1bfebeaa93628421a348596a72ed8a248219779cedb38f9fb0f064a4bf89a0c5dd485564c30ab16bc83d19fc9257467598ef713cff3a0470f4983db6540e52a7667fc2785c031e989601972b2ca61c97218c6470498679523c5957ccd0b4f30836429287d47204d8a32ad0c3c01c38611537a417e28284d58b1dc415f8cc6025ba1603073206e9372bcd125d94311eb2966fa9ac48ea68fb889c292585901796118949545a77ad8129d3c989f0f044977d35ce9b715695b61e46aaf74fb9b753a489842592514c2c41b1e3a22621a5369ff4a196702b2805cba6f945209a22613ec254937bc65fb40371b26f808cac5fa66437603fe175f4f039ebef88e2e3757692718229a7167780f032666e9f35a1f316c278270891057390a1b552b9b53e92ce6325b12a8475768a5eaba388b5b4740a4b4867705c74caa54eb139d47b16b845fd6c97a01138509aa3cb34232504a4609850f464b27d3a6c792a2a326f78ea750837ffb36349405442bcb7914be2bd482f4686cebf96c38fa67db608953039eb5446a26968aa0f023499261bc29356547612a472d9dd135e8744649656995178ad2b38d80850b180b6e6c255a0aba7e8c656fe782a63f48bde8cc5899351e308a3d48e5322a7b8b48ec1c99395d9cc39d381146846567ed0143c6c1682cd06faa64467a00919c53a374281b86e6744569c0eb1b099bea5b5c8a9e8024498ad70fc2cab20bd67a72073901a3bae643619342aa01071c3992428dea1755d870cbb86315b2bea4a6753359216e939f7d1aaaf0903b82fba7228a4a15f0779de2a19056c4e0b066e98b2a99865df3825caca00a1313c2e8a66cb8165fbebbc7fefb9e2e0916f4d753bb354b1cdb0ec61840ae14a0b0a6b89419cbcd4c2cc9fa8df8da7bef4a829e17b996461b499ca051b5989b17738b158057342454745051e7b01aa5a8971181c4d44e20f3950873aa1a436cf7255328dc73f312119395213ec852dcbc9d0634c722b2593e154746402a3d289b3abb14a8d70494b761c3f66242f06cc534a761c19cee82a41ea7a308fb580a19762ea34f2f931cc3fca3a7484b0c0023ea2285dc1b04a46489ea5a673a5a4d5db5745b72704670487c1c1c61f06184d1be1fb8c770857cfb03c5c3575181cb7f54eb8b8c8b6a200a0ef6b66eec364c0015ceb802081800ab5bd1150ba20e5d2c6012d70fe700a56c101752242397627c89156f667a28ffc32c56d20abe3834d2a05a0390c7f2a893d64127fb772ae12468a1f6260af39066ab7ecf694db179436c54a707092a87aa22a274691ee0083e7a98a6d2c633d6c0f13a1542b094e7505d8dd92063b3972dd036a2e68ca9d2af000da328b27fb55178b3794d41755a4dd32abde2cf2d93a5c59605e372114bfbbbc44304536533d1aaad9d385f82278576840cb1f340c0d53db7b0c8cf3794d2f0ba99267ef5d01064c99f3aca71aaa2cbb85011c6687472e20419680441cb0c7bc70aaf1361797b1c2f5a5c60c10086d981299bbfc2c15d77f4077c40500938bbb2e52aef37c3d516148d5ac84e216e0568616ea476fde89685578f8df91281b648d1359bbd53768f27596f3b3845293d698b3a1ae2785e0190be513cf950234399a51487073671736a0c4479672595b2b07a7c3b1143a2fa46cf383a183e0880e580793e5892349600cd6c3adb903e078c31d7d50a90c5734537784267578d35a6982b61098190befc3185020d2c175df7b1acec91c3d5fc6f7cd298f878bd2ab814e7ca340ae21377f79a2f73cf219c7f9e85649d089356cc082f655d72e8035128b910b44ce7833abc11348305943b049a9d6b7df1f98af6c5bf9a6214f073ab28f1492748574881cdf160139e60307d32086515bb93c502e6c20106801c095380d82467b9d56b72f566830a7472aaaba8dbbd755c262704af12475febf3cb6268289bdaab09997b8c309dfb436927e7347dcbba3f772b85e753493417cb134c3604410399238da584d1c495c0793fc5e9583f8797e97c9d45e63c1fd42ee7c5aaf9cc901748c87438c91d6964fcab436c6c0b74b34c6a35aaf688ace32a869411ca57cc3bb0455d981a16b655984ad90bf7c3add506b6821248cc52215da27310fb57738254c8730241e2281c3b18728a12c458b8af8c2c3b500bed5c749e9979b4c44f116aa971b043a8b77b62f7a2fc9621ae71763fb0a43758b40e09aae6f574f932661372a7bc120331c34800ed2113203eeb180905d89a88a4cc48d8c3acf19f44ba00b8466e1ddc0fe1e3554ac059a9fa2b11807173f1190dea271119c087c605dc8b945fb069bfb159c464a28758c1822b2c1e5a8ba0779833c6937c9c02ca61285c67557dd958e00840fd1c599095409dc6caf13360a8d5a1d864a903c429b3054ee83448a1f71beb70a93dccae8e69a0485b47df44202d931e2c99316a23a4e396b7c704b832a0b855106f29c20c3c447ad39176b77186cfb94b3e973d415636a0950284f50efa9248bb1643e793cc7a6c343395a8a245b669b32821f2b80214481ca4416d9009dd3174c4cbb29da7386a7404b21a72ce5a295deb62712a3fb01c927b9b2e73d95aa65c3e92169c72662d7ccab10c8a369d50b90a74c41d590dbc4ac104a147855131b1da730116bc17e430599a8d64999d9450b237002fa1021237dbbfa096a95ea0542ca7937b7c1971b53ce82087d7e114e446b81265cfd540176cd069deb9886fa45bd2f3464e7cc908cac220e642fd3610f18aac2b594192bb7a72a64ffe156e77ac8f576a0511b9768798c79590d8d37f58628ef69837335bfa984cde027d87d45cf83e597b705d3130d6210e9d974bab5643cdf4d1cc7c8282ffe68f827e0cac9926bfe72b3124721d4a26c04e53a75e30e73a7a9c4a95d91c55d495e9f51dd0b5e9d83c6d5e8ce803aa62b8d654db53d09b8dcff273cdfeb573fad8bcd45578bec241c2f9459a0447d7f7ae5f1e8dc1cf4e76cdd9add2eba7768b4ac7abb269b07e", "pk": "8c8b6a200a0ef6b66eec364c0015ceb802081800ab5bd1150ba20e5d2c6012d70fe700a56c101752242397627c89156f667a28ffc32c56d20abe3834d2a05a0390c7f2a893d64127fb772ae12468a1f6260af39066ab7ecf694db179436c54a707092a87aa22a274691ee0083e7a98a6d2c633d6c0f13a1542b094e7505d8dd92063b3972dd036a2e68ca9d2af000da328b27fb55178b3794d41755a4dd32abde2cf2d93a5c59605e372114bfbbbc44304536533d1aaad9d385f82278576840cb1f340c0d53db7b0c8cf3794d2f0ba99267ef5d01064c99f3aca71aaa2cbb85011c6687472e20419680441cb0c7bc70aaf1361797b1c2f5a5c60c10086d981299bbfc2c15d77f4077c40500938bbb2e52aef37c3d516148d5ac84e216e0568616ea476fde89685578f8df91281b648d1359bbd53768f27596f3b3845293d698b3a1ae2785e0190be513cf950234399a51487073671736a0c4479672595b2b07a7c3b1143a2fa46cf383a183e0880e580793e5892349600cd6c3adb903e078c31d7d50a90c5734537784267578d35a6982b61098190befc3185020d2c175df7b1acec91c3d5fc6f7cd298f878bd2ab814e7ca340ae21377f79a2f73cf219c7f9e85649d089356cc082f655d72e8035128b910b44ce7833abc11348305943b049a9d6b7df1f98af6c5bf9a6214f073ab28f1492748574881cdf160139e60307d32086515bb93c502e6c20106801c095380d82467b9d56b72f566830a7472aaaba8dbbd755c262704af12475febf3cb6268289bdaab09997b8c309dfb436927e7347dcbba3f772b85e753493417cb134c3604410399238da584d1c495c0793fc5e9583f8797e97c9d45e63c1fd42ee7c5aaf9cc901748c87438c91d6964fcab436c6c0b74b34c6a35aaf688ace32a869411ca57cc3bb0455d981a16b655984ad90bf7c3add506b6821248cc52215da27310fb57738254c8730241e2281c3b18728a12c458b8af8c2c3b500bed5c749e9979b4c44f116aa971b043a8b77b62f7a2fc9621ae71763fb0a43758b40e09aae6f574f932661372a7bc120331c34800ed2113203eeb180905d89a88a4cc48d8c3acf19f44ba00b8466e1ddc0fe1e3554ac059a9fa2b11807173f1190dea271119c087c605dc8b945fb069bfb159c464a28758c1822b2c1e5a8ba0779833c6937c9c02ca61285c67557dd958e00840fd1c599095409dc6caf13360a8d5a1d864a903c429b3054ee83448a1f71beb70a93dccae8e69a0485b47df44202d931e2c99316a23a4e396b7c704b832a0b855106f29c20c3c447ad39176b77186cfb94b3e973d415636a0950284f50efa9248bb1643e793cc7a6c343395a8a245b669b32821f2b80214481ca4416d9009dd3174c4cbb29da7386a7404b21a72ce5a295deb62712a3fb01c927b9b2e73d95aa65c3e92169c72662d7ccab10c8a369d50b90a74c41d590dbc4ac104a147855131b1da730116bc17e430599a8d64999d9450b237002fa1021237dbbfa096a95ea0542ca7937b7c1971b53ce82087d7e114e446b81265cfd540176cd069deb9886fa45bd2f3464e7cc908cac220e642fd3610f18aac2b594192bb7a72a64ffe156e77ac8f576a0511b9768798c79590d8d37f58628ef69837335bfa984cde027d87d45cf841c2f9459a0447d7f7ae5f1e8dc1cf4e76cdd9add2eba7768b4ac7abb269b07e", "ct": "137d93a41362f50229305c688633ded3c474cf399858d60e668ca77d04fd869168a235d5e177eed970cd8c4b8a8bcad3ba1bdf3cef0d697b2c1a1e9a4259cce54248d5f47b59e93fca20799888ec7ee44efd7414bfc71a543648bea1edd9da0234a3af27dcfe4854792caae46a3dcce1eb31cf4d5d8b85855fe1ba7dd94b188ffec719354d43c445960766e26f17561a5ec3872bfa9cfa370a00ac6bb9e196bb57a9f1fd0577d664077b81558565e50b0f2964c8e0093353618de2f2f6d5999c1d27279032f788cb3cf59c127e7c7e029787111226454355d06c81b2affbd099493c34704bb8f0759c4ce568cf721239014b1f00e808b5dc76ea4fe120408c7e510e27832921b022000f9dabdac2e5bcb47060efd1a169e4eefa80ed6fbd1f94473c2038d742df4e286bbcb854281aa28c283f81d8d8c0324b5d354e8b6e2c5e28d5b39a88a790f926c7b5270630c5087990f7ce5afe2fc9e327ed33f760c8d3ea520d9c01960dd360566647820c98c859052ea770c5efbed12b0e7536a409562e2fbb0cd6ce67011f6233c623239f1ed44035963ca9470c439a7e588226307be4cf7a6e27766a28730843a6865c9a8d53f66e8ab121ff234fa3dd0cfc9736b40fb8bb3e64919ec4a5de20282928f60260c63a81439e0658339437b3f1735f38c9481d7edc344ef6dd34d93e0ee013a93cdc8a7207b9d79665bee8a768934c2b386f47d85891fd316aaa378af13c8892099075b75cc8d9ce0419ce57f0f55ea0aeea03fcce14e3a4c766ed09fe4577c6cb9372d00e95c86b41989d6e6ff2359a579b66f76a5a1bf41b2c1f53db1e8b49d822455ea4afe8198b5e7f039263e10885d38d3bfa0ee727cc4ff2769f9ed0abc08a3e77f8bc65a7a75b7b0fc74c2a9027e94f1757acaff4ee5e6e28c0b0238a5435712ea1c055d79e0558a2d149ecfb8d129e19c2d9aef804b3e49e6f60ab43c5254f81a9cccbb3bed13a67f436159b0cf5c7134d6d5a577bcea4f8648eb07b728b0864ec8751576c6fc302a76831d1672daaa2e17c5991efca743cf55d64ca59e8feeda59ec52099d7bfb00a3ccde4084825145f022d89a126519f7904eb7ec4db0b08e70d7d67bf18e537476b4ce97b2ad1c84c0630ba053a13affff42ecea695c080942df74369a23f93a1f397f14dce28acbedb6a90e7a0a6423c277254b71be2d887386915e5924e85f1c652182f8c0db076364a97d7acaf0f238c912fd56403593a8b2526884737790a887d9a8382fab3d2967803d0a1e62b610289af4ea26c66ef29c4832a4b48ffa225d5be2401656753a9ed00c45a057efc666abaecfaeef972643de281f5d6a6ef43ed2fbba963a95c8d36461323d51d18f92e58e4de1b4edd1d93ba14ea6adc3b8b63e71d0edc92555f3f962e68fbf42a0fc04cb7da107203468589655f1b3b979ccc2efee6f10f0ec631c040e4436b8acaa4716708bf96d2db8108a36117d10664cb2a3e3af672a10b0de5c2a284e6b9de37533bd181bc14fa049035d5050b5526ba59f893a1778103b6e2d946090c0eba049e5c1ad843a3121d539564866af5647437"}]
\ No newline at end of file
+[
+    {
+        "seed": "7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef263cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e235b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b2",
+        "eseed": "badfd6dfaac359a5efbb7bcc4b59d538df9a04302e10c8bc1cbf1a0b3a5120ea17cda7cfad765f5623474d368ccca8af0007cd9f5e4c849f167a580b14aabdef",
+        "ss": "2fae7214767890c4703fad953f5e3f91303111498caa135d77cde634151e71b5",
+        "sk": "24c59d1c7603e7b74bc7aa1bc2cb3a214b3cfaebb63bd85b65408427c498ba394371bb271f92a3b506b81d54a95a7c0ddfbaa1519553d6f3cd5a601b7db6b0e91a5149468f1f68ad26478bf3c6670e093ac4c49e7a90ba46595de94c50e04129a811a841b39534a87f0ae7b1116553e20c9a566b9b8ff7c7e728b8b201893403a4f252a55230874c256b897834cda349807b25cbd75a30867bfb80328200017f1cb70b56cc546b65d3dc9cdb45107cf10dba349619043ac35c0b9546309a239039813ed5c40f353a5e8e42193564496112bda56cb38c081df252ae9c2c7e441a062e92a7c8da7a240c9952d86b5f1bb6a53b38a5ac0a54a84b43f12da1d0525655684a12090b60b28b0c628db092015547d1070af5d6192e639636615d03c654bb90008ca15b784119f6178a00d7bef4a54a274ac922e55c61a3a8840aa258639484a3bce2e43b6c969b11275631daa129a61ea0e2939f0877e1a110c8a44b24c54fbb07a958db9feeca1eb52b086c87bf43a9b02a5b2c4762117c3a99ae4c4e2eaa7a33b9a714737215c10317514f6c4299ef92acd64c4858e85ce737a801890022d7381f3540230c0c8ef50a848a28b09ba0bf8b50619c905751601d7629767449c9c0b2bae321f438a77f412a55e45ecab4b39053c6561801c639be6495be8fa144ef6029af663407ca9181946de5f3aec7236343ab3bc5a38a09c01b412baf0afb23f9e9b8f2b40810f2ce4ffbcdbfd87972323e98065160bcba34b3afd6c25b664745fca99a9ea75cef019d768485ec23336d9b39e4d05d8d587b30633d4f69ade5753a39680235e44f27995da96798f3a85e184a9fad19320829629f4140417bb7dbf5851ab79258134146d088452774991a087a1c2beaea89f218087ba774ae253b494c27750b1de04b44d953c5e47ab10f65205ee212f9c30391e5299553954916873a0b41164543e801c0b099cb44f48995675823c10b40f4bbac9177a558ca0c30765c2aabfd6a4da54c8413e33902d63f064330f0464982429de2604cd03b4de84a9f821a5470423a40a964dcc41863363d77b02c3127304f942ee71c98c643a427533ef300104948b825277953aaabfd855588f75a77d199a213ad348116e9e539f6d37068a551c710548b7a2c7ee95f9cd9b3483332673cc44bcb18a778a49455c768e0b340f81102ac6b76b064057151ef101ae143787f548553558df8035a3ce00c9c43cda43142cca39034b09a7e6089867b4c64980a69ecab2e6818724c35cb909d5d45bc6a349c71b306567664adc0cc8ef698049b4b4b432dd0f69fac07580f77c4f79b22bb90cb97b341880716853431694c9120f6724ad58d57127fced999ff6229a5d4c3c240129cc812acc73698f949d8e73661f2528262bfccfa5cdf5a2104649806e295ea161217083365aa26cee6ae2f1356e8e1c5cefcc85703447ef1160a1b4a0e8c017b173802c66c88ab70d39a6c96c1569d5a86245a7eeb087d682219080768745b44bf244f65b567b2658dbae6962ba52b322118e214cfadd7cf3502582dc9cafba952a9637ad3600710259778d99d23f8235da90791604b4f0a4f7640680f59b633d93dfb84282ba54c674b115684a41bc331b659a61a04883d0c5ebbc0772754a4c33b6a90e52e0678ce06a0453ba8a188b15a496bae6a24177b636d12fbb088f2cd9504ac200231473031a31a5c62e46288fb3edb858b21bc0ea59a212fd1c6dba09e920712d068a2be7abcf4f2a3533443ee1780dd419681a960cd90af5fcaab8c1552ef25572f157a2bbb934a18a5c57a761b54a45d774ac6bc593583a1bcfc4dcd0cca87ab9cff463dc5e80ebbb501d18c8b39e324dbd07ca06cbf75ba33297abcc7aabdd5b308401ba387f533f3927b51e91380f5a59b119e354835ab182db62c76d6d85fa63241743a52012aac281222bc0037e2c493b4777a99cb5929aba155a006bc9b461c365fa3583fac5414b403af9135079b33a10df8819cb462f067253f92b3c45a7fb1c1478d4091e39010ba44071019010daa15c0f43d14641a8fa3a94cfaa2a877ae8113bbf8221ee13223376494fb128b825952d5105ae4157dd6d70f71d5bd48f34d469976629bce6c12931c88ca0882965e27538f272b19796b251226075b131b38564f90159583cd9c4c3c098c8f06a267b262b8731b9e962976c41152a76c30b502d0425635357b43cd3a3ecef5bc9910bb89ca9e91ba75e8121d53c2329b5222df12560d242724523ff60b6ead310d99954d483b91383a726a937f1b60b474b22ea5b81954580339d81c9f47bab44a3fe0c833a7dba1f5b33a5a2a459812645c6537c2317163d71b7bd7a4a5459a28a1c28659aad9a1ca9a99a363062d453355108445a673438e77624e73757c1a84d031cf0fb24b1187aafbe6738e9abaf5b42b004b1fa0d96426d3c5324235dd871e7a89364d335ebb6718ad098154208b143b2b43eb9e5fd8816c5225d494b40809b2459903c6486a1db9ac3414945e1867b5869c2f88cf9edc0a216681804578d34923e5a353babba923db907725b384e74e66987292e007e05c6766f267f839b7617c55e28b0fa2121da2d037d6830af9d869e1fb52b0cb645fe221a79b2a46e41980d34671ccc58d8756054b2cca7b13715a05f3925355cca838ab8d2425255f61135727167ad6bcb0632ebf86384b950ad21088c292b4a4fcc0e59c42d3f77fac85cd9f5cb049b3a29505a984c4c6ac98ca3d0a8f30d2b1bd9815b94b27051b40ffc3455a668b9e141428611b280c1b8f2b55f6eb04e10c68f1340ef1582115f10ee2b785b7ebb0ec3a0c61670cf48107b594cd6e238e0d68961b47983b87879771519d2b7c21681cd494b420f03d004bb06eeb54f9c080c2f2aff6759074d5b3a3b11c73f1af6dc874eeec254d5409fceaa90ff66d90b6930a540fd1d9be1844af1d861ff96a611a414a6c61a78fb2a78e74383ab05ebc73855a818a627242d523a3e2a35ab4285b4a2564f76772aaf8cdc9f87c65f1b4b5819905fb4f9ea59166fbbdb201c5eefc0df7418ca211b5b079a511b8b94429847b537fbed82d57632d63e815d8212d8a280d43328604a6c4d2c1887e7ab061f120a0168db2f4735369b193780f0aeb381ff2653f3b46e206afe77a7e814c7716a1b166727dd2a0b9a7d8aeace425da63977f8103457c9f438a2676c10e3a9c630b855873288ee560ca05c37cc7329e9e502cfac918b9420544445d4cfa93f56ee922c7d660937b5937c3074d62968f006d1211c60296685953e5def3804c2dad5c36180137c1df12f31385b670fde5cfe76447f6c4b5b50083553c3cb1eea988004b93103cfb0aeefd2a686e01fa4a58e8a3639ca8a1e3f9ae57e235b8cc873c23dc62b8d260169afa2f75ab916a58d974918835d25e6a435085b2e56f17576740ce2a32fc5145030145cfb97e63e0e41d354274a079d3e6fb2e15",
+        "pk": "1bc331b659a61a04883d0c5ebbc0772754a4c33b6a90e52e0678ce06a0453ba8a188b15a496bae6a24177b636d12fbb088f2cd9504ac200231473031a31a5c62e46288fb3edb858b21bc0ea59a212fd1c6dba09e920712d068a2be7abcf4f2a3533443ee1780dd419681a960cd90af5fcaab8c1552ef25572f157a2bbb934a18a5c57a761b54a45d774ac6bc593583a1bcfc4dcd0cca87ab9cff463dc5e80ebbb501d18c8b39e324dbd07ca06cbf75ba33297abcc7aabdd5b308401ba387f533f3927b51e91380f5a59b119e354835ab182db62c76d6d85fa63241743a52012aac281222bc0037e2c493b4777a99cb5929aba155a006bc9b461c365fa3583fac5414b403af9135079b33a10df8819cb462f067253f92b3c45a7fb1c1478d4091e39010ba44071019010daa15c0f43d14641a8fa3a94cfaa2a877ae8113bbf8221ee13223376494fb128b825952d5105ae4157dd6d70f71d5bd48f34d469976629bce6c12931c88ca0882965e27538f272b19796b251226075b131b38564f90159583cd9c4c3c098c8f06a267b262b8731b9e962976c41152a76c30b502d0425635357b43cd3a3ecef5bc9910bb89ca9e91ba75e8121d53c2329b5222df12560d242724523ff60b6ead310d99954d483b91383a726a937f1b60b474b22ea5b81954580339d81c9f47bab44a3fe0c833a7dba1f5b33a5a2a459812645c6537c2317163d71b7bd7a4a5459a28a1c28659aad9a1ca9a99a363062d453355108445a673438e77624e73757c1a84d031cf0fb24b1187aafbe6738e9abaf5b42b004b1fa0d96426d3c5324235dd871e7a89364d335ebb6718ad098154208b143b2b43eb9e5fd8816c5225d494b40809b2459903c6486a1db9ac3414945e1867b5869c2f88cf9edc0a216681804578d34923e5a353babba923db907725b384e74e66987292e007e05c6766f267f839b7617c55e28b0fa2121da2d037d6830af9d869e1fb52b0cb645fe221a79b2a46e41980d34671ccc58d8756054b2cca7b13715a05f3925355cca838ab8d2425255f61135727167ad6bcb0632ebf86384b950ad21088c292b4a4fcc0e59c42d3f77fac85cd9f5cb049b3a29505a984c4c6ac98ca3d0a8f30d2b1bd9815b94b27051b40ffc3455a668b9e141428611b280c1b8f2b55f6eb04e10c68f1340ef1582115f10ee2b785b7ebb0ec3a0c61670cf48107b594cd6e238e0d68961b47983b87879771519d2b7c21681cd494b420f03d004bb06eeb54f9c080c2f2aff6759074d5b3a3b11c73f1af6dc874eeec254d5409fceaa90ff66d90b6930a540fd1d9be1844af1d861ff96a611a414a6c61a78fb2a78e74383ab05ebc73855a818a627242d523a3e2a35ab4285b4a2564f76772aaf8cdc9f87c65f1b4b5819905fb4f9ea59166fbbdb201c5eefc0df7418ca211b5b079a511b8b94429847b537fbed82d57632d63e815d8212d8a280d43328604a6c4d2c1887e7ab061f120a0168db2f4735369b193780f0aeb381ff2653f3b46e206afe77a7e814c7716a1b166727dd2a0b9a7d8aeace425da63977f8103457c9f438a2676c10e3a9c630b855873288ee560ca05c37cc7329e9e502cfac918b9420544445d4cfa93f56ee922c7d660937b5937c3074d62968f006d1211c60296685953e5dee56f17576740ce2a32fc5145030145cfb97e63e0e41d354274a079d3e6fb2e15",
+        "ct": "718ad10318b367fc4390f63147fa5250ef61b65384a563f2c7951b2d45881fcf9f446ddd4443417eed0c001e635a994cda366f118bdd1cf0be0417abd1b615cc669e1b949280e28f52d3d5035c6420ff6c943421ee7589e681828c95942d4f9968f32b9ad30cccff0d98fa84b187164530dc83f9cde75ab1958c22dbff8af921c9ebc678a658b69663f72e7c1632b6ac8ddcbc6c8a06c3316b1aefdd07989ef944fc51406e12db6865344e03f447520d50c93fab1513d80cbc836950e2b52f424bb46155ba4c2e21ec5dff762bf7e92e54e0fb7618e73072607ba03b1de16f109e22dd5832a7eadfeb2ef00244bbaf930106cbcd2ab008f468de6d98632e9e225091a010e361ce751d633e6c37ba2530bca6fbe9d2e5348e4e168e154922992aef45a265ec649ce21480504b609ad5f1b0b094b74d55aaea60b8f71398cd9340802e91415937ffaa482c6678f8421c63583e8acd8d00bf285b52a26fa577aed109acd94ef7559554aa378f87283a7ee94af98e21a6fbac8802336ff980e15e498042a8148b69e1d8aab0b7126d0b885f9a57c1ea83efcce8dccfee076dbc2f9c074525ed4e7472c3e09a9f1c50ff511150159c1be7730686c04e46368e37f2e8c82b8436463445b0edaefab876731497abcc563b1978eac34cf73b5b213549d1f74271d48f6a085155acd8d7db739ce6e70ad25ee636231e4151725d55ea781d483e54850e1ebda401276616e7a62b22efa2e3098a006dfacaa1fca54ade6a119f3a215b523210164a7f299d2c7b8ad8a637bc1fba56de28ffa800b522246dbec7148ced56ed292c7d92004065598bc573dd30259d84b6d923d2769ce260cdab0ad17673ef7388c020b8e8bcd055232a7240fe2fa4fcbeadbc46366aa47729f5502dbfee8a623ab8ec6f6020013aeff975f255b597a11eed1335457b9903da42a27a39fdb0edbb11742e4e521c833b7952d3fd28f428eecb6f78b99ff0a5eb097793f78f1a70612811766fcbe0f9aa3ca4afd8a364f5584333d8a4cdc096a3762ea6cce70dfa42967f5a7c2dbef688b37885fa26220dc800bcb1ae83d35ffca54a6dabba730764d60b1a4a506206efa380d7d1d89069778b082bb92396af4547024797797e01c927c78c9f70750ef2002dfe1516baa4f165a3176942d35d9527f4b33505484130cd573f9d4a1f1e6656aff881aab482fb3d6151ab02f76267033f3feb9718fbfed05a9b69a8d817a7e4a41efbe3ffeb355d1013778f14d4c30c92a386190fa23b388feddc635b22d8fa4998b65d483cd3b595553092123e144c49d91ddc2f7a88f3ef1ad2b0b19636bc3f50f61ea5157c73a1a5b956349b6cdf3ff50ec9ef7cbc1137b27d7839276a3ed4e778c505206669686ef038b5808117fedf60ef3598e8ed1db1e5ad64f04af38e60e82fe04bc75594fd9fcd8bb79237adb9c9ffd3dc2c907345f874aec7055576a32263486120ff62ad690a988919e941d33ed93706f6984032e205084cc46585b5aef035c22ddbb3b0ba04e83f80c1b06b4975f00207b357550d24405189412ea6a83ad56c4873f499fdbdc761aa72"
+    },
+    {
+        "seed": "aee7eef47cb0fca9767be1fda69419dfb927e9df07348b196691abaeb580b32def58538b8d23f87732ea63b02b4fa0f4873360e2841928cd60dd4cee8cc0d4c922a96188d032675c8ac850933c7aff1533b94c834adbb69c6115bad4692d8619",
+        "eseed": "f90b0cdf8a7b9c264029ac185b70b83f2801f2f4b3f70c593ea3aeeb613a7f1b1de33fd75081f592305f2e4526edc09631b10958f464d889f31ba010250fda7f",
+        "ss": "d482dd1a592f072109a0d8a86991ca6bd5bab25f13e788377fc34506f508ffdd",
+        "sk": "89722dd1c8829af93f6e5405ecd93a5aaabcb9264aafc363d731bb4f276021b0c06826363022ae1e85acc6679ccb583a37ba4d30e0564ae6421ab1b5c2374a058cb6bca4050ce15ed5c51bcc90be82454b332aa21069623d8a8b393a2c2b6cb5bffc55ae369614a77d9bc982d47496ab21239bb7691ac65494225889b7b45ba10b0aac10c3c41fa7a4a51fa14d3e92bbd364be59ba7d9d4592944968e97a2d947868a0624a97a9c8ad226d81a12a17777eafaa6de30436a5c743003078d830734ec97e6a625f6d9c10f9da3f956b5583578478e6311f27789d6188ede84510442c9f556696378faa622b1e935be62c733da96b023c31b2ba6abfbc5c748088251042d46559bf132d2a43b7690cb4666722ebc53849843125f9a900aa476af424b7b410f18300f048ce26dc7f35b50f7eb5bccf23c95b7c0064e92662eb22927359df1b9ace43ce014384ae68822f4c3f64583643355c6746290d224a70c818158884e2aa8f15e18709100848255c277144f051ab8b40775c297cafb238cdb70e8ce687c9e195d0823b390341e245852ca99c079211161a79409247ae721a59b358ef097ed8dc386f982d36a9220c3511eacb3674f671f171afb0d14f0890c0c7f77d06f7c61ca83a15974083e72678f180f35c1aaa633166d429432599f9d9432fe791318ab14a3988496a14c2417e03990136e91aa3a817085abbc4aa0c38a45e7e009f3577739172396f7b7e61734eaacc5b484971e9a9384b58aadff9307a98222a3813f9269fe793b7ef582ab8c36feaf447d3136285f76d5f463141356773650441e092dc73bcf483cb1f2944016936db2a34b743830cb890e85660acd077ea51c07e664df7ab803c9b0c96e143b4f5788311a841b76be728aea60270104564575bb723f51dacaab5e379c3cdd97bdac84ad6738587bcbbdf1c66a0da65f87a673f840e1d7c5a722a265568429ae36cdde9cd54ac3d4a94c4c6508361984e1c211771998641816fa392a4ffb97664381a84900eb52502f04816a3d70090b55ee2d3b7f3d459af4008ec8c1b19c08d1284b6fdc81508647ecb9b45e65c084d456f9fa87a68f26bc05b4e8415887b602ff28b28e412637ff9019a90ac21c7c4ae9670a538a2bd2604616689b034c33cb1cc9d634eb37c8d4d46bc40e335582b539d3215bf70960cc1c0b11011449c2a09265101f55366dc0213a64112885176c3a223b19cf6951b5968452aa7b839370646db5eee1893346a58c116133dbc8fc1c5ac34e04cda171b041c0133563a682855a9cb18896c6179ac2eac83c70547942e54b2e133a6f68450f4f4b14bda3af5f129b3e292c6a676aa0b7a045c7251e315ca3707ff23bec349a950d49718560b2ff66cbd49c848b4036c2186a0315c4e6a32f3035207a48651891f50ec6c0eb19d13e90457611e0c7ccdf012a3e19412d8c1563f1ab22b39859b27a7bcac72cbf2c83c666deb401e4239603645872b997673b6205d97cdd68b0a782742e62c24ad746261085de3c95f49dbb8172c05f3f2414e63652c3b358d603e867173e03203af06a26bb0bfc0b521118b6fd99613a160829b04475374b8214859bcc316f4e06a84f264ec3cb513f66b71ac3a3d135aa589198cb02113cc17e13a0f15fc1d3d734966c3751a74ac27c781323043e36389dca9a2af6508bdba0260662691426d1d8899cd77736c21b17eb3a31fc118154264e2b10e22c506b7803b1f4b25d178b688b641d0943185107eed18b228e8b68753a8d75a77f29b5b5e97abd028354ce4cd6961797a757c4ff44aeea2c0a16cbfdcb07314fb3e64d7c26a4c9e5782a2ee198d73e7bf05eb85bd420cee20ac24c36613d6bd0c53133443527c32bd0f8b3b3be9918c7caea71748de6bacfa27710845ad0b528c087349e9faa3c83869e1d0ac9267974dba1dc3434976f60b59d443bad51e87d974c9f747b76017bd17021c24246a9987db1b318562bf665b41fb153c0ba675cac593b990ce595a7851fa18ea345bf20c3524862532544e05e5c69daa0dc4f2b24704338e29144d653657d47a20f39ed2b1174cb3120ed1590e4ac932579dc2da9f12f6c07ec7a31963208faa5c758615713965b9d5661860cfe5652d74231d2ce9b696ea9e45305a28d84c082709d2238bbc849b6b3cac64b78b532995af6b4ce9880f9149a5ae083320624e3b54851d48a6f24266258a0a14d342e4ca3133c33c5e16ad91b22d521100076527cefc5f0417b332463c5c5c52dc4b00a2d29959109244d2810839a310cb1df282503d5cbf3f0cbe3e68873407b7e5e960ca214709919b65301da2b3a7e488205a3a9c5f24cd61d18c757040b14a4e80e8c09e74a9a71265ed213a91da6d7a8655de3b4a83125ee2e66cb673733e3717d99023a6683712767ab2da9b54a26dd3b695a80b54226a1a967b08c3f76e679914470803bc6805a6b4b1b78261259acd8f703dd10ba6e8e1a00dd94e774113d13103253cb70edab948c38072629b949261b7c439445bc498444e86b6a9a7da8b1530380bf2939532a8e7ea84ea0b5c6db5335e826aa0325b536ccc21d943890b2c2a5c44f337682355867be87965175f2dbbb0aba89f9311b0873a15db6a4128682a8bca019a04a351a0ce646868f9bbb6f8d0bea3db0865f1239b16c93ca09d19857d747abfc846b27dd77ee5d405fab5ce949635e7d34ec1b9546aea75df571cfed74b7112218e4153e7f6a7a3a910ec4c111576b3bb27c29852746e645fa501b0642678aefa2209c745939a2ab000033862b88e7011e7e25ec1e3cd379b54bc457a85d9af0680160c57b3a4e90308bc28b8da13ac0c563c55b39a88bd90b51f691525e50a260a0507a2174447ea93f5d5acec6c16a5d7909e275f612c9f283310e8124d28f18000f811fb929e03f30d1472644851bcb73c4af6b095acd7328a072be9187a836a15307c6076210c9b410493505bc4814e3c327386796c5932c8cab7a695b97cac24561b2a9657c3157531ba3cba699b6424fda24cc6c72edac1a6bf091b87c3c594c917d24a1126f998aee120ae372a27a268a0c76ab8f84957f461e7c04dd2d59f0f217d9e07008990533b16bbc125b2737a1a7e1cc1ed7c47e8f8464ba78c5d3298f2dc7d0be944ad29907ec774ad1b1f1485b114a9a9b93c488c89c0c7609f2bf9533c2929f667bca8b68999e34054597cf83ba7450b237188c3364172c1351bd349a699672d31b9598bab79a18b3d8cb25f5f53c0b22bfa065690a16184db4f9731cea1a08f5876ec187e7b1ae79c593415d068838e5ce0bf2c28b1e389ae4a768f871b2761a29178a51845eb0b939f0ee9ef58538b8d23f87732ea63b02b4fa0f4873360e2841928cd60dd4cee8cc0d4c922a96188d032675c8ac850933c7aff1533b94c834adbb69c6115bad4692d8619c7dd2bf4e3b5b93f77f4576d55d300739e75e14084b0bc85620499bf468ae161",
+        "pk": "3d135aa589198cb02113cc17e13a0f15fc1d3d734966c3751a74ac27c781323043e36389dca9a2af6508bdba0260662691426d1d8899cd77736c21b17eb3a31fc118154264e2b10e22c506b7803b1f4b25d178b688b641d0943185107eed18b228e8b68753a8d75a77f29b5b5e97abd028354ce4cd6961797a757c4ff44aeea2c0a16cbfdcb07314fb3e64d7c26a4c9e5782a2ee198d73e7bf05eb85bd420cee20ac24c36613d6bd0c53133443527c32bd0f8b3b3be9918c7caea71748de6bacfa27710845ad0b528c087349e9faa3c83869e1d0ac9267974dba1dc3434976f60b59d443bad51e87d974c9f747b76017bd17021c24246a9987db1b318562bf665b41fb153c0ba675cac593b990ce595a7851fa18ea345bf20c3524862532544e05e5c69daa0dc4f2b24704338e29144d653657d47a20f39ed2b1174cb3120ed1590e4ac932579dc2da9f12f6c07ec7a31963208faa5c758615713965b9d5661860cfe5652d74231d2ce9b696ea9e45305a28d84c082709d2238bbc849b6b3cac64b78b532995af6b4ce9880f9149a5ae083320624e3b54851d48a6f24266258a0a14d342e4ca3133c33c5e16ad91b22d521100076527cefc5f0417b332463c5c5c52dc4b00a2d29959109244d2810839a310cb1df282503d5cbf3f0cbe3e68873407b7e5e960ca214709919b65301da2b3a7e488205a3a9c5f24cd61d18c757040b14a4e80e8c09e74a9a71265ed213a91da6d7a8655de3b4a83125ee2e66cb673733e3717d99023a6683712767ab2da9b54a26dd3b695a80b54226a1a967b08c3f76e679914470803bc6805a6b4b1b78261259acd8f703dd10ba6e8e1a00dd94e774113d13103253cb70edab948c38072629b949261b7c439445bc498444e86b6a9a7da8b1530380bf2939532a8e7ea84ea0b5c6db5335e826aa0325b536ccc21d943890b2c2a5c44f337682355867be87965175f2dbbb0aba89f9311b0873a15db6a4128682a8bca019a04a351a0ce646868f9bbb6f8d0bea3db0865f1239b16c93ca09d19857d747abfc846b27dd77ee5d405fab5ce949635e7d34ec1b9546aea75df571cfed74b7112218e4153e7f6a7a3a910ec4c111576b3bb27c29852746e645fa501b0642678aefa2209c745939a2ab000033862b88e7011e7e25ec1e3cd379b54bc457a85d9af0680160c57b3a4e90308bc28b8da13ac0c563c55b39a88bd90b51f691525e50a260a0507a2174447ea93f5d5acec6c16a5d7909e275f612c9f283310e8124d28f18000f811fb929e03f30d1472644851bcb73c4af6b095acd7328a072be9187a836a15307c6076210c9b410493505bc4814e3c327386796c5932c8cab7a695b97cac24561b2a9657c3157531ba3cba699b6424fda24cc6c72edac1a6bf091b87c3c594c917d24a1126f998aee120ae372a27a268a0c76ab8f84957f461e7c04dd2d59f0f217d9e07008990533b16bbc125b2737a1a7e1cc1ed7c47e8f8464ba78c5d3298f2dc7d0be944ad29907ec774ad1b1f1485b114a9a9b93c488c89c0c7609f2bf9533c2929f667bca8b68999e34054597cf83ba7450b237188c3364172c1351bd349a699672d31b9598bab79a18b3d8cb25f5f53c0b22bfa065690a16184db4f9731cea1a08f5876ec187e7b1ae79c593415c7dd2bf4e3b5b93f77f4576d55d300739e75e14084b0bc85620499bf468ae161",
+        "ct": "f98f274dc74db1798915be81f089fbf792116ec03539b6c02cfbe649267f100df0ef51ec6e51fd4a9b75cc2f1806d470b56984df3d368e4d09be4b4ffd59907e11b2d4497b7dd2b61afb3cc52a6ea661f2c6495a7f5fbef3dfac143f65bc9f6eb48d548df01d6a0bb52dab84fda5e92f7a223289ec4e45cf76d47ab3a79086481f4bb4e95cd69bfdf388762e775bf63b9694f72ca5a90883be5b8ac08c1737d5eced830466e9426fe5bec61bc63f1962358b66cb3d8fdd5dfa887b0da5f15c8868bafce3d998b85ab34ced43ac9b9869c84c59fb2f094ddca1dee97db9a941c3cc319401d9db08569d8eb248ec2ff51e7e18c22d810bf512c28d5d719c4bf5237bac6d14ec33b673453cb0129f31a0b532240ac257d7813370c7addd3ec957a1034b8e4c539506c7827a82e37f5b2405236c914783c35a8aaeaacdea194d699dcfd6d04027cbfcac58e3157a16c20b11dfaf6256ae3037252baac3a25f3d1f7e3f14dd231fc50db2f8788575799e6be241717e9634456be9eb04989cdf312dddd8a24939ebb90de0f5b006d59b2b19350dce76a415230f49374fa45ced3eed165cc92ed1d6e17c233f36030a61cb610b93a55d939c9c7e964f9086ccdb41b8638f14f9202cdb9f1e3ffac235ccda32a92a71e85188297cdba4a309e085c56826bb6121462ac6ee36beb9ee72c824294b6026c60d478f17dd082cca6d6d7a3e86dbe5f7fc9bbc2a07873c686e53f9040aa60dce89b179643741457f5de371c8aaf41eceee8e1a1b324666572322499731242ee48134eb6dfb8961b06b5a04c586c6a9113a9c161f36806a284e03b01940286b2de59689607b2b64b46d6fc2ba044c9a42c5cb600cfd6ca0bdf4915a47fe02d71b8fcc27f0f17c78a300c6345ccc2f77a438772f4297f7b2160aec93e4c8c72c0dbe67868753c18491861a1c1b96eaae07023436602fbb6f2bfb161a5f778bb3086c2255423a8c51052833f6b63ed2cc732a7e2c4d36123471b451b640830421fd4edc83a9527d91203aa7e41867e3a7dfd5610aa20646738754883935af2b09cb24d93a332c9671e6a00cc29a6346de406f5fb28fe84f0b0d3a43c98213bfc2eb2802f1ca071c560a705edceb262c44c2fd2e9e5caf0bf9eafc6be84c8a00d4bfd57e2468254e4560aa6e8d62ff72c55c403ce5a8e8c87cb4d7f693344918138a8f1621107492d8c0a8c74ae77323f7e1fa84220da14a9ae978b207aa692e2ba13ee5ed924c75e472e1b77cc496519704ab87bde2ac15fdde0184d799288b60873b7f85a113b5b8d76a5237f26586ef2cb5cb940c9c5a4789267575ed223fdb9d7ed57a390076857d3c0207360a3d039e4f7961dfe25d8e7c034df6ec0503b5589a89911e54d4831b5cc9ed0abc66143b5482d35dec97ed94e65ba7d013126348960804ec2f19463b8daaa9927c05eecae3bb58b2575fcec762c14cd7d27f51e05aec3ddf00e90dafcf91d31ac09eaad73d675504798170b703667d2175a37b40e4b7809056b1c1ca3062cdb98b0ba79b61c1c3f692b6e75940077ab7aea8649f38e34406282704f1080208a15c"
+    },
+    {
+        "seed": "1368ec2967fc84ef2ae9aff268e0b1700affc6820b523a3d917135f2dff2ee06bfe72b3124721d4a26c04e53a75e30e73a7a9c4a95d91c55d495e9f51dd0b5e9d83c6d5e8ce803aa62b8d654db53d09b8dcff273cdfeb573fad8bcd45578bec2",
+        "eseed": "e770d01efde86e721a3f7c6cce275dabe6e2143f1af18da7efddc4c7b70b5e345db93cc936bea323491ccb38a388f546a9ff00dd4e1300b9b2153d2041d205b4",
+        "ss": "1e037823ddbf1875756d86a3374b2d2347d5b7f3c84d229ecc5960523cdaa8b4",
+        "sk": "f58497af7a5854c214be50bd9694011740619f4042d1a9b5e3d813bf419c9e70b6b6e33917644378d7a097047c1be007b9973f3ec7c2c1c7af23726160db834503bc5381625ab08ec831b60a04c54a360d2222ab0918358e84a038c41775456f7c6c1de0f27d5b538a9e80911484cb96d17b52825410661cc43a576669a92cb7b97b97aa0e7b55a0589bc1295000a09bdfa5236a737a95a7029d2a5f4429494ee4b1299613fb76a573092915f6c37d472beea0b93b082eb546b4ad268fc0fa9eedc8a19faab8a857ad09e24b042374ce9566e3b3ba33bc06441781f74421d00bcf0598103d9620fe0b35ab904c3676c3e970525c7507917850ff99ae4eb57eeaf4b0615097a1e970de6aa9ba609fe8ac11fdfa4e7c4cb90a30c03cb8baeb5033cb6ba6c755bdaca4c9448bcc24188991a659adfbc219b3ca16258f3c0b8791846cd9e8b17ed33f97b1bfebeaa93628421a348596a72ed8a248219779cedb38f9fb0f064a4bf89a0c5dd485564c30ab16bc83d19fc9257467598ef713cff3a0470f4983db6540e52a7667fc2785c031e989601972b2ca61c97218c6470498679523c5957ccd0b4f30836429287d47204d8a32ad0c3c01c38611537a417e28284d58b1dc415f8cc6025ba1603073206e9372bcd125d94311eb2966fa9ac48ea68fb889c292585901796118949545a77ad8129d3c989f0f044977d35ce9b715695b61e46aaf74fb9b753a489842592514c2c41b1e3a22621a5369ff4a196702b2805cba6f945209a22613ec254937bc65fb40371b26f808cac5fa66437603fe175f4f039ebef88e2e3757692718229a7167780f032666e9f35a1f316c278270891057390a1b552b9b53e92ce6325b12a8475768a5eaba388b5b4740a4b4867705c74caa54eb139d47b16b845fd6c97a01138509aa3cb34232504a4609850f464b27d3a6c792a2a326f78ea750837ffb36349405442bcb7914be2bd482f4686cebf96c38fa67db608953039eb5446a26968aa0f023499261bc29356547612a472d9dd135e8744649656995178ad2b38d80850b180b6e6c255a0aba7e8c656fe782a63f48bde8cc5899351e308a3d48e5322a7b8b48ec1c99395d9cc39d381146846567ed0143c6c1682cd06faa64467a00919c53a374281b86e6744569c0eb1b099bea5b5c8a9e8024498ad70fc2cab20bd67a72073901a3bae643619342aa01071c3992428dea1755d870cbb86315b2bea4a6753359216e939f7d1aaaf0903b82fba7228a4a15f0779de2a19056c4e0b066e98b2a99865df3825caca00a1313c2e8a66cb8165fbebbc7fefb9e2e0916f4d753bb354b1cdb0ec61840ae14a0b0a6b89419cbcd4c2cc9fa8df8da7bef4a829e17b996461b499ca051b5989b17738b158057342454745051e7b01aa5a8971181c4d44e20f3950873aa1a436cf7255328dc73f312119395213ec852dcbc9d0634c722b2593e154746402a3d289b3abb14a8d70494b761c3f66242f06cc534a761c19cee82a41ea7a308fb580a19762ea34f2f931cc3fca3a7484b0c0023ea2285dc1b04a46489ea5a673a5a4d5db5745b72704670487c1c1c61f06184d1be1fb8c770857cfb03c5c3575181cb7f54eb8b8c8b6a200a0ef6b66eec364c0015ceb802081800ab5bd1150ba20e5d2c6012d70fe700a56c101752242397627c89156f667a28ffc32c56d20abe3834d2a05a0390c7f2a893d64127fb772ae12468a1f6260af39066ab7ecf694db179436c54a707092a87aa22a274691ee0083e7a98a6d2c633d6c0f13a1542b094e7505d8dd92063b3972dd036a2e68ca9d2af000da328b27fb55178b3794d41755a4dd32abde2cf2d93a5c59605e372114bfbbbc44304536533d1aaad9d385f82278576840cb1f340c0d53db7b0c8cf3794d2f0ba99267ef5d01064c99f3aca71aaa2cbb85011c6687472e20419680441cb0c7bc70aaf1361797b1c2f5a5c60c10086d981299bbfc2c15d77f4077c40500938bbb2e52aef37c3d516148d5ac84e216e0568616ea476fde89685578f8df91281b648d1359bbd53768f27596f3b3845293d698b3a1ae2785e0190be513cf950234399a51487073671736a0c4479672595b2b07a7c3b1143a2fa46cf383a183e0880e580793e5892349600cd6c3adb903e078c31d7d50a90c5734537784267578d35a6982b61098190befc3185020d2c175df7b1acec91c3d5fc6f7cd298f878bd2ab814e7ca340ae21377f79a2f73cf219c7f9e85649d089356cc082f655d72e8035128b910b44ce7833abc11348305943b049a9d6b7df1f98af6c5bf9a6214f073ab28f1492748574881cdf160139e60307d32086515bb93c502e6c20106801c095380d82467b9d56b72f566830a7472aaaba8dbbd755c262704af12475febf3cb6268289bdaab09997b8c309dfb436927e7347dcbba3f772b85e753493417cb134c3604410399238da584d1c495c0793fc5e9583f8797e97c9d45e63c1fd42ee7c5aaf9cc901748c87438c91d6964fcab436c6c0b74b34c6a35aaf688ace32a869411ca57cc3bb0455d981a16b655984ad90bf7c3add506b6821248cc52215da27310fb57738254c8730241e2281c3b18728a12c458b8af8c2c3b500bed5c749e9979b4c44f116aa971b043a8b77b62f7a2fc9621ae71763fb0a43758b40e09aae6f574f932661372a7bc120331c34800ed2113203eeb180905d89a88a4cc48d8c3acf19f44ba00b8466e1ddc0fe1e3554ac059a9fa2b11807173f1190dea271119c087c605dc8b945fb069bfb159c464a28758c1822b2c1e5a8ba0779833c6937c9c02ca61285c67557dd958e00840fd1c599095409dc6caf13360a8d5a1d864a903c429b3054ee83448a1f71beb70a93dccae8e69a0485b47df44202d931e2c99316a23a4e396b7c704b832a0b855106f29c20c3c447ad39176b77186cfb94b3e973d415636a0950284f50efa9248bb1643e793cc7a6c343395a8a245b669b32821f2b80214481ca4416d9009dd3174c4cbb29da7386a7404b21a72ce5a295deb62712a3fb01c927b9b2e73d95aa65c3e92169c72662d7ccab10c8a369d50b90a74c41d590dbc4ac104a147855131b1da730116bc17e430599a8d64999d9450b237002fa1021237dbbfa096a95ea0542ca7937b7c1971b53ce82087d7e114e446b81265cfd540176cd069deb9886fa45bd2f3464e7cc908cac220e642fd3610f18aac2b594192bb7a72a64ffe156e77ac8f576a0511b9768798c79590d8d37f58628ef69837335bfa984cde027d87d45cf83e597b705d3130d6210e9d974bab5643cdf4d1cc7c8282ffe68f827e0cac9926bfe72b3124721d4a26c04e53a75e30e73a7a9c4a95d91c55d495e9f51dd0b5e9d83c6d5e8ce803aa62b8d654db53d09b8dcff273cdfeb573fad8bcd45578bec241c2f9459a0447d7f7ae5f1e8dc1cf4e76cdd9add2eba7768b4ac7abb269b07e",
+        "pk": "8c8b6a200a0ef6b66eec364c0015ceb802081800ab5bd1150ba20e5d2c6012d70fe700a56c101752242397627c89156f667a28ffc32c56d20abe3834d2a05a0390c7f2a893d64127fb772ae12468a1f6260af39066ab7ecf694db179436c54a707092a87aa22a274691ee0083e7a98a6d2c633d6c0f13a1542b094e7505d8dd92063b3972dd036a2e68ca9d2af000da328b27fb55178b3794d41755a4dd32abde2cf2d93a5c59605e372114bfbbbc44304536533d1aaad9d385f82278576840cb1f340c0d53db7b0c8cf3794d2f0ba99267ef5d01064c99f3aca71aaa2cbb85011c6687472e20419680441cb0c7bc70aaf1361797b1c2f5a5c60c10086d981299bbfc2c15d77f4077c40500938bbb2e52aef37c3d516148d5ac84e216e0568616ea476fde89685578f8df91281b648d1359bbd53768f27596f3b3845293d698b3a1ae2785e0190be513cf950234399a51487073671736a0c4479672595b2b07a7c3b1143a2fa46cf383a183e0880e580793e5892349600cd6c3adb903e078c31d7d50a90c5734537784267578d35a6982b61098190befc3185020d2c175df7b1acec91c3d5fc6f7cd298f878bd2ab814e7ca340ae21377f79a2f73cf219c7f9e85649d089356cc082f655d72e8035128b910b44ce7833abc11348305943b049a9d6b7df1f98af6c5bf9a6214f073ab28f1492748574881cdf160139e60307d32086515bb93c502e6c20106801c095380d82467b9d56b72f566830a7472aaaba8dbbd755c262704af12475febf3cb6268289bdaab09997b8c309dfb436927e7347dcbba3f772b85e753493417cb134c3604410399238da584d1c495c0793fc5e9583f8797e97c9d45e63c1fd42ee7c5aaf9cc901748c87438c91d6964fcab436c6c0b74b34c6a35aaf688ace32a869411ca57cc3bb0455d981a16b655984ad90bf7c3add506b6821248cc52215da27310fb57738254c8730241e2281c3b18728a12c458b8af8c2c3b500bed5c749e9979b4c44f116aa971b043a8b77b62f7a2fc9621ae71763fb0a43758b40e09aae6f574f932661372a7bc120331c34800ed2113203eeb180905d89a88a4cc48d8c3acf19f44ba00b8466e1ddc0fe1e3554ac059a9fa2b11807173f1190dea271119c087c605dc8b945fb069bfb159c464a28758c1822b2c1e5a8ba0779833c6937c9c02ca61285c67557dd958e00840fd1c599095409dc6caf13360a8d5a1d864a903c429b3054ee83448a1f71beb70a93dccae8e69a0485b47df44202d931e2c99316a23a4e396b7c704b832a0b855106f29c20c3c447ad39176b77186cfb94b3e973d415636a0950284f50efa9248bb1643e793cc7a6c343395a8a245b669b32821f2b80214481ca4416d9009dd3174c4cbb29da7386a7404b21a72ce5a295deb62712a3fb01c927b9b2e73d95aa65c3e92169c72662d7ccab10c8a369d50b90a74c41d590dbc4ac104a147855131b1da730116bc17e430599a8d64999d9450b237002fa1021237dbbfa096a95ea0542ca7937b7c1971b53ce82087d7e114e446b81265cfd540176cd069deb9886fa45bd2f3464e7cc908cac220e642fd3610f18aac2b594192bb7a72a64ffe156e77ac8f576a0511b9768798c79590d8d37f58628ef69837335bfa984cde027d87d45cf841c2f9459a0447d7f7ae5f1e8dc1cf4e76cdd9add2eba7768b4ac7abb269b07e",
+        "ct": "137d93a41362f50229305c688633ded3c474cf399858d60e668ca77d04fd869168a235d5e177eed970cd8c4b8a8bcad3ba1bdf3cef0d697b2c1a1e9a4259cce54248d5f47b59e93fca20799888ec7ee44efd7414bfc71a543648bea1edd9da0234a3af27dcfe4854792caae46a3dcce1eb31cf4d5d8b85855fe1ba7dd94b188ffec719354d43c445960766e26f17561a5ec3872bfa9cfa370a00ac6bb9e196bb57a9f1fd0577d664077b81558565e50b0f2964c8e0093353618de2f2f6d5999c1d27279032f788cb3cf59c127e7c7e029787111226454355d06c81b2affbd099493c34704bb8f0759c4ce568cf721239014b1f00e808b5dc76ea4fe120408c7e510e27832921b022000f9dabdac2e5bcb47060efd1a169e4eefa80ed6fbd1f94473c2038d742df4e286bbcb854281aa28c283f81d8d8c0324b5d354e8b6e2c5e28d5b39a88a790f926c7b5270630c5087990f7ce5afe2fc9e327ed33f760c8d3ea520d9c01960dd360566647820c98c859052ea770c5efbed12b0e7536a409562e2fbb0cd6ce67011f6233c623239f1ed44035963ca9470c439a7e588226307be4cf7a6e27766a28730843a6865c9a8d53f66e8ab121ff234fa3dd0cfc9736b40fb8bb3e64919ec4a5de20282928f60260c63a81439e0658339437b3f1735f38c9481d7edc344ef6dd34d93e0ee013a93cdc8a7207b9d79665bee8a768934c2b386f47d85891fd316aaa378af13c8892099075b75cc8d9ce0419ce57f0f55ea0aeea03fcce14e3a4c766ed09fe4577c6cb9372d00e95c86b41989d6e6ff2359a579b66f76a5a1bf41b2c1f53db1e8b49d822455ea4afe8198b5e7f039263e10885d38d3bfa0ee727cc4ff2769f9ed0abc08a3e77f8bc65a7a75b7b0fc74c2a9027e94f1757acaff4ee5e6e28c0b0238a5435712ea1c055d79e0558a2d149ecfb8d129e19c2d9aef804b3e49e6f60ab43c5254f81a9cccbb3bed13a67f436159b0cf5c7134d6d5a577bcea4f8648eb07b728b0864ec8751576c6fc302a76831d1672daaa2e17c5991efca743cf55d64ca59e8feeda59ec52099d7bfb00a3ccde4084825145f022d89a126519f7904eb7ec4db0b08e70d7d67bf18e537476b4ce97b2ad1c84c0630ba053a13affff42ecea695c080942df74369a23f93a1f397f14dce28acbedb6a90e7a0a6423c277254b71be2d887386915e5924e85f1c652182f8c0db076364a97d7acaf0f238c912fd56403593a8b2526884737790a887d9a8382fab3d2967803d0a1e62b610289af4ea26c66ef29c4832a4b48ffa225d5be2401656753a9ed00c45a057efc666abaecfaeef972643de281f5d6a6ef43ed2fbba963a95c8d36461323d51d18f92e58e4de1b4edd1d93ba14ea6adc3b8b63e71d0edc92555f3f962e68fbf42a0fc04cb7da107203468589655f1b3b979ccc2efee6f10f0ec631c040e4436b8acaa4716708bf96d2db8108a36117d10664cb2a3e3af672a10b0de5c2a284e6b9de37533bd181bc14fa049035d5050b5526ba59f893a1778103b6e2d946090c0eba049e5c1ad843a3121d539564866af5647437"
+    }
+]

From 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 13:10:43 +0000
Subject: [PATCH 048/142] fix acvp mlekm tests

---
 libcrux-ml-kem/tests/acvp.rs | 115 ++++++++++++++++++++++-------------
 1 file changed, 72 insertions(+), 43 deletions(-)

diff --git a/libcrux-ml-kem/tests/acvp.rs b/libcrux-ml-kem/tests/acvp.rs
index 99da9be00..1ba30f640 100644
--- a/libcrux-ml-kem/tests/acvp.rs
+++ b/libcrux-ml-kem/tests/acvp.rs
@@ -111,12 +111,23 @@ fn keygen() {
                 .unwrap();
 
             match parameter_set.as_str() {
-                #[cfg(feature = "mlkem512")]
-                "ML-KEM-512" => check(mlkem512::generate_key_pair(seed), expected_result),
-                #[cfg(feature = "mlkem768")]
-                "ML-KEM-768" => check(mlkem768::generate_key_pair(seed), expected_result),
-                #[cfg(feature = "mlkem1024")]
-                "ML-KEM-1024" => check(mlkem1024::generate_key_pair(seed), expected_result),
+                "ML-KEM-512" =>
+                {
+                    #[cfg(feature = "mlkem512")]
+                    check(mlkem512::generate_key_pair(seed), expected_result)
+                }
+
+                "ML-KEM-768" =>
+                {
+                    #[cfg(feature = "mlkem768")]
+                    check(mlkem768::generate_key_pair(seed), expected_result)
+                }
+
+                "ML-KEM-1024" =>
+                {
+                    #[cfg(feature = "mlkem1024")]
+                    check(mlkem1024::generate_key_pair(seed), expected_result)
+                }
                 _ => unimplemented!(),
             }
         }
@@ -252,32 +263,39 @@ fn encap_decap() {
                     let ek = test.ek;
                     let randomness = test.m;
                     match parameter_set.as_str() {
-                        #[cfg(feature = "mlkem512")]
                         "ML-KEM-512" => {
-                            let (actual_ct, actual_k) = mlkem512::encapsulate(
-                                &mlkem512::MlKem512PublicKey::try_from(ek.as_slice()).unwrap(),
-                                randomness,
-                            );
-                            assert_eq!(actual_ct.as_ref(), c);
-                            assert_eq!(actual_k.as_ref(), k);
+                            #[cfg(feature = "mlkem512")]
+                            {
+                                let (actual_ct, actual_k) = mlkem512::encapsulate(
+                                    &mlkem512::MlKem512PublicKey::try_from(ek.as_slice()).unwrap(),
+                                    randomness,
+                                );
+                                assert_eq!(actual_ct.as_ref(), c);
+                                assert_eq!(actual_k.as_ref(), k);
+                            }
                         }
-                        #[cfg(feature = "mlkem768")]
                         "ML-KEM-768" => {
-                            let (actual_ct, actual_k) = mlkem768::encapsulate(
-                                &mlkem768::MlKem768PublicKey::try_from(ek.as_slice()).unwrap(),
-                                randomness,
-                            );
-                            assert_eq!(actual_ct.as_ref(), c);
-                            assert_eq!(actual_k.as_ref(), k);
+                            #[cfg(feature = "mlkem768")]
+                            {
+                                let (actual_ct, actual_k) = mlkem768::encapsulate(
+                                    &mlkem768::MlKem768PublicKey::try_from(ek.as_slice()).unwrap(),
+                                    randomness,
+                                );
+                                assert_eq!(actual_ct.as_ref(), c);
+                                assert_eq!(actual_k.as_ref(), k);
+                            }
                         }
-                        #[cfg(feature = "mlkem1024")]
                         "ML-KEM-1024" => {
-                            let (actual_ct, actual_k) = mlkem1024::encapsulate(
-                                &mlkem1024::MlKem1024PublicKey::try_from(ek.as_slice()).unwrap(),
-                                randomness,
-                            );
-                            assert_eq!(actual_ct.as_ref(), c);
-                            assert_eq!(actual_k.as_ref(), k);
+                            #[cfg(feature = "mlkem1024")]
+                            {
+                                let (actual_ct, actual_k) = mlkem1024::encapsulate(
+                                    &mlkem1024::MlKem1024PublicKey::try_from(ek.as_slice())
+                                        .unwrap(),
+                                    randomness,
+                                );
+                                assert_eq!(actual_ct.as_ref(), c);
+                                assert_eq!(actual_k.as_ref(), k);
+                            }
                         }
                         _ => unimplemented!(),
                     }
@@ -307,27 +325,38 @@ fn encap_decap() {
 
                     let c = test.c;
                     match parameter_set.as_str() {
-                        #[cfg(feature = "mlkem512")]
                         "ML-KEM-512" => {
-                            let dk = mlkem512::MlKem512PrivateKey::try_from(dk.as_slice()).unwrap();
-                            let c = mlkem512::MlKem512Ciphertext::try_from(c.as_slice()).unwrap();
-                            let actual_k = mlkem512::decapsulate(&dk, &c);
-                            assert_eq!(actual_k.as_ref(), k);
+                            #[cfg(feature = "mlkem512")]
+                            {
+                                let dk =
+                                    mlkem512::MlKem512PrivateKey::try_from(dk.as_slice()).unwrap();
+                                let c =
+                                    mlkem512::MlKem512Ciphertext::try_from(c.as_slice()).unwrap();
+                                let actual_k = mlkem512::decapsulate(&dk, &c);
+                                assert_eq!(actual_k.as_ref(), k);
+                            }
                         }
-                        #[cfg(feature = "mlkem768")]
                         "ML-KEM-768" => {
-                            let dk = mlkem768::MlKem768PrivateKey::try_from(dk.as_slice()).unwrap();
-                            let c = mlkem768::MlKem768Ciphertext::try_from(c.as_slice()).unwrap();
-                            let actual_k = mlkem768::decapsulate(&dk, &c);
-                            assert_eq!(actual_k.as_ref(), k);
+                            #[cfg(feature = "mlkem768")]
+                            {
+                                let dk =
+                                    mlkem768::MlKem768PrivateKey::try_from(dk.as_slice()).unwrap();
+                                let c =
+                                    mlkem768::MlKem768Ciphertext::try_from(c.as_slice()).unwrap();
+                                let actual_k = mlkem768::decapsulate(&dk, &c);
+                                assert_eq!(actual_k.as_ref(), k);
+                            }
                         }
-                        #[cfg(feature = "mlkem1024")]
                         "ML-KEM-1024" => {
-                            let dk =
-                                mlkem1024::MlKem1024PrivateKey::try_from(dk.as_slice()).unwrap();
-                            let c = mlkem1024::MlKem1024Ciphertext::try_from(c.as_slice()).unwrap();
-                            let actual_k = mlkem1024::decapsulate(&dk, &c);
-                            assert_eq!(actual_k.as_ref(), k);
+                            #[cfg(feature = "mlkem1024")]
+                            {
+                                let dk = mlkem1024::MlKem1024PrivateKey::try_from(dk.as_slice())
+                                    .unwrap();
+                                let c =
+                                    mlkem1024::MlKem1024Ciphertext::try_from(c.as_slice()).unwrap();
+                                let actual_k = mlkem1024::decapsulate(&dk, &c);
+                                assert_eq!(actual_k.as_ref(), k);
+                            }
                         }
 
                         _ => unimplemented!(),

From 3e54f3c659bef6ee815d197ee5c74dd40c75186a Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 14:38:09 +0000
Subject: [PATCH 049/142] update C code extraction

---
 libcrux-ml-kem/boring.sh                      |   8 +-
 libcrux-ml-kem/c/CMakeLists.txt               |  88 ++++-----
 libcrux-ml-kem/c/benches/mlkem768.cc          |   2 +-
 libcrux-ml-kem/c/benches/mlkem768_encaps.cc   |   2 +-
 libcrux-ml-kem/c/benches/mlkem768_keygen.cc   |   2 +-
 libcrux-ml-kem/c/code_gen.txt                 |   2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   2 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   2 +-
 .../c/internal/libcrux_mlkem_portable.h       |   2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   2 +-
 .../c/internal/libcrux_sha3_internal.h        |   2 +-
 libcrux-ml-kem/c/libcrux_core.c               |   2 +-
 libcrux-ml-kem/c/libcrux_core.h               |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   2 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   2 +-
 libcrux-ml-kem/cg/CMakeLists.txt              |  86 +++++----
 libcrux-ml-kem/cg/boring/eurydice_glue.h      | 182 ++++++++++++++++++
 libcrux-ml-kem/cg/boring/karamel/target.h     |  55 ++++++
 libcrux-ml-kem/cg/code_gen.txt                |   2 +-
 libcrux-ml-kem/cg/eurydice_glue.h             |  15 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   2 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     |   2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |   2 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |   2 +-
 49 files changed, 380 insertions(+), 140 deletions(-)
 create mode 100644 libcrux-ml-kem/cg/boring/eurydice_glue.h
 create mode 100644 libcrux-ml-kem/cg/boring/karamel/target.h

diff --git a/libcrux-ml-kem/boring.sh b/libcrux-ml-kem/boring.sh
index 43a9d499a..3ba5c2e1c 100755
--- a/libcrux-ml-kem/boring.sh
+++ b/libcrux-ml-kem/boring.sh
@@ -27,10 +27,14 @@ clang-format-18 --style=Google -i cg/*.h
 if [[ -n "$BORINGSSL_HOME" ]]; then
     echo "Copying the files into $BORINGSSL_HOME/third_party/libcrux/"
 
-    cp cg/*.h $BORINGSSL_HOME/third_party/libcrux/
+    cp cg/libcrux_*.h $BORINGSSL_HOME/third_party/libcrux/
     cp cg/code_gen.txt $BORINGSSL_HOME/third_party/libcrux/
-    cp -r cg/karamel $BORINGSSL_HOME/third_party/libcrux/
     cp -r cg/intrinsics $BORINGSSL_HOME/third_party/libcrux/
+
+    # We use special files here.
+    cp cg/boring/eurydice_glue.h $BORINGSSL_HOME/third_party/libcrux/
+    cp -r cg/boring/karamel $BORINGSSL_HOME/third_party/libcrux/
+
     libcrux_rev=$(git rev-parse HEAD)
     echo "libcrux: $libcrux_rev" >> $BORINGSSL_HOME/third_party/libcrux/code_gen.txt
 fi
diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt
index 121558310..7eb5cd5ca 100644
--- a/libcrux-ml-kem/c/CMakeLists.txt
+++ b/libcrux-ml-kem/c/CMakeLists.txt
@@ -17,6 +17,7 @@ if(NOT MSVC)
     # TODO: Clean up
     add_compile_options(
         -Wall
+
         # -Wextra
         # -pedantic
         # -Wconversion
@@ -29,6 +30,7 @@ if(NOT MSVC)
 endif(NOT MSVC)
 
 set(CMAKE_COLOR_DIAGNOSTICS "ON")
+
 # For LSP-based editors
 set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
 include_directories(
@@ -101,12 +103,10 @@ if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8" AND DEFINED ENV{LIBCRU
 endif()
 
 # --- Tests
-
 if(DEFINED ENV{LIBCRUX_UNPACKED})
     add_compile_definitions(LIBCRUX_UNPACKED)
 endif(DEFINED ENV{LIBCRUX_UNPACKED})
 
-
 # Get gtests
 include(FetchContent)
 FetchContent_Declare(googletest
@@ -144,52 +144,54 @@ target_link_libraries(sha3_test PRIVATE
 )
 
 # --- Benchmarks
-FetchContent_Declare(benchmark
-    GIT_REPOSITORY https://github.com/google/benchmark.git
-    GIT_TAG v1.8.4
-)
-FetchContent_MakeAvailable(benchmark)
+if(DEFINED ENV{LIBCRUX_BENCHMARKS})
+    FetchContent_Declare(benchmark
+        GIT_REPOSITORY https://github.com/google/benchmark.git
+        GIT_TAG v1.8.4
+    )
+    FetchContent_MakeAvailable(benchmark)
 
-add_executable(ml_kem_bench
-    ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc
-)
-target_link_libraries(ml_kem_bench PRIVATE
-    ml_kem_static
-    benchmark::benchmark
-)
+    add_executable(ml_kem_bench
+        ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc
+    )
+    target_link_libraries(ml_kem_bench PRIVATE
+        ml_kem_static
+        benchmark::benchmark
+    )
 
-if(DEFINED ENV{SYMCRYPT_PATH})
-    message("Symcrypt path: $ENV{SYMCRYPT_PATH}")
-    add_compile_definitions(LIBCRUX_SYMCRYPT)
-    target_include_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH})
-    target_link_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH}/bin/lib)
-    target_link_libraries(ml_kem_bench PRIVATE symcrypt)
-endif(DEFINED ENV{SYMCRYPT_PATH})
+    if(DEFINED ENV{SYMCRYPT_PATH})
+        message("Symcrypt path: $ENV{SYMCRYPT_PATH}")
+        add_compile_definitions(LIBCRUX_SYMCRYPT)
+        target_include_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH})
+        target_link_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH}/bin/lib)
+        target_link_libraries(ml_kem_bench PRIVATE symcrypt)
+    endif(DEFINED ENV{SYMCRYPT_PATH})
 
-add_executable(ml_kem_keygen
-    ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc
-)
-target_link_libraries(ml_kem_keygen PRIVATE
-    ml_kem_static
-    benchmark::benchmark
-)
-
-add_executable(ml_kem_encaps
-    ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc
-)
-target_link_libraries(ml_kem_encaps PRIVATE
-    ml_kem_static
-    benchmark::benchmark
-)
+    add_executable(ml_kem_keygen
+        ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc
+    )
+    target_link_libraries(ml_kem_keygen PRIVATE
+        ml_kem_static
+        benchmark::benchmark
+    )
 
-if(NOT MSVC)
-    # We benchmark internal functions here that are inlined and thus not available
-    # in MSVC.
-    add_executable(sha3_bench
-        ${PROJECT_SOURCE_DIR}/benches/sha3.cc
+    add_executable(ml_kem_encaps
+        ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc
     )
-    target_link_libraries(sha3_bench PRIVATE
+    target_link_libraries(ml_kem_encaps PRIVATE
         ml_kem_static
         benchmark::benchmark
     )
-endif(NOT MSVC)
+
+    if(NOT MSVC)
+        # We benchmark internal functions here that are inlined and thus not available
+        # in MSVC.
+        add_executable(sha3_bench
+            ${PROJECT_SOURCE_DIR}/benches/sha3.cc
+        )
+        target_link_libraries(sha3_bench PRIVATE
+            ml_kem_static
+            benchmark::benchmark
+        )
+    endif(NOT MSVC)
+endif(DEFINED ENV{LIBCRUX_BENCHMARKS})
diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc
index 1efe8a607..ad97886b8 100644
--- a/libcrux-ml-kem/c/benches/mlkem768.cc
+++ b/libcrux-ml-kem/c/benches/mlkem768.cc
@@ -14,7 +14,7 @@
 
 void generate_random(uint8_t *output, uint32_t output_len)
 {
-  for (int i = 0; i < output_len; i++)
+  for (uint32_t i = 0; i < output_len; i++)
     output[i] = 13;
 }
 
diff --git a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc
index d7c2a5076..e7212a944 100644
--- a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc
+++ b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc
@@ -14,7 +14,7 @@
 
 void generate_random(uint8_t *output, uint32_t output_len)
 {
-    for (int i = 0; i < output_len; i++)
+    for (uint32_t i = 0; i < output_len; i++)
         output[i] = 13;
 }
 
diff --git a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc
index a7271277f..b557d16b9 100644
--- a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc
+++ b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc
@@ -14,7 +14,7 @@
 
 void generate_random(uint8_t *output, uint32_t output_len)
 {
-    for (int i = 0; i < output_len; i++)
+    for (uint32_t i = 0; i < output_len; i++)
         output[i] = 13;
 }
 
diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index e86a4ecec..7a47df612 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 1c3363c9b..8cc44a3a9 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index d73c76bc7..68711c486 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index 266e53038..cabe4d144 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index d01340ed7..dfe1128cb 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 837f1ac1a..10bbf3d2a 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 9af198334..0fefd7f60 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index b6753cce4..d57d420d1 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 787d47757..a35470e40 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 72b59452c..111078eb1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 4288edd6f..03f0bb0f6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 58104cfff..534866299 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 98f61cd03..7f190c690 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 256e30662..0a9a083e1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 66c07aba1..f6887d04b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 8f3631ead..29db1ada7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 5c7e48f47..9fbd54390 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 62e030fdc..af0ef20f4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 86ffe77a7..02c9b01ac 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 3fe0cb416..44efd0086 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index dc4abd0aa..137d7e7da 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 5abb4be34..46744ca7e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 98d99b51e..aa96f9f4d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 24d4a09cd..1e62fbc12 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 4e33b6fa7..8c8ecaf37 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 3f854646e..cb7f734b3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "internal/libcrux_mlkem_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 26f2e8434..ac6ffd774 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index b15d566db..02cbdbbe7 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index b8ea9175f..f7175755f 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index ea845908b..4f12372a4 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index c28e709ff..8e4e14f98 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 9ae643352..88962fca5 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 2cf81c71e..804cd8b90 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/CMakeLists.txt b/libcrux-ml-kem/cg/CMakeLists.txt
index ce8ed53c2..e18520d55 100644
--- a/libcrux-ml-kem/cg/CMakeLists.txt
+++ b/libcrux-ml-kem/cg/CMakeLists.txt
@@ -26,10 +26,10 @@ if(NOT MSVC)
 endif(NOT MSVC)
 
 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND
-      CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR
-     (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND
-      CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6"))
-      add_compile_options(-Werror -Wframe-larger-than=25344)
+    CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR
+    (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND
+    CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6"))
+    add_compile_options(-Werror -Wframe-larger-than=25344)
 endif()
 
 set(CMAKE_COLOR_DIAGNOSTICS "ON")
@@ -95,48 +95,50 @@ target_link_libraries(sha3_test PRIVATE
 )
 
 # --- Benchmarks
-FetchContent_Declare(benchmark
-    GIT_REPOSITORY https://github.com/google/benchmark.git
-    GIT_TAG v1.8.4
-)
-FetchContent_MakeAvailable(benchmark)
-
-add_executable(ml_kem_bench
-    ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc
-)
-target_link_libraries(ml_kem_bench PRIVATE
-    benchmark::benchmark
-)
+if(DEFINED ENV{LIBCRUX_BENCHMARKS})
+    FetchContent_Declare(benchmark
+        GIT_REPOSITORY https://github.com/google/benchmark.git
+        GIT_TAG v1.8.4
+    )
+    FetchContent_MakeAvailable(benchmark)
 
-if(DEFINED ENV{SYMCRYPT_PATH})
-    message("Symcrypt path: $ENV{SYMCRYPT_PATH}")
-    add_compile_definitions(LIBCRUX_SYMCRYPT)
-    target_include_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH})
-    target_link_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH}/bin/lib)
-    target_link_libraries(ml_kem_bench PRIVATE symcrypt)
-endif(DEFINED ENV{SYMCRYPT_PATH})
+    add_executable(ml_kem_bench
+        ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc
+    )
+    target_link_libraries(ml_kem_bench PRIVATE
+        benchmark::benchmark
+    )
 
-add_executable(ml_kem_keygen
-    ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc
-)
-target_link_libraries(ml_kem_keygen PRIVATE
-    benchmark::benchmark
-)
+    if(DEFINED ENV{SYMCRYPT_PATH})
+        message("Symcrypt path: $ENV{SYMCRYPT_PATH}")
+        add_compile_definitions(LIBCRUX_SYMCRYPT)
+        target_include_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH})
+        target_link_directories(ml_kem_bench PRIVATE $ENV{SYMCRYPT_PATH}/bin/lib)
+        target_link_libraries(ml_kem_bench PRIVATE symcrypt)
+    endif(DEFINED ENV{SYMCRYPT_PATH})
 
-add_executable(ml_kem_encaps
-    ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc
-)
-target_link_libraries(ml_kem_encaps PRIVATE
-    benchmark::benchmark
-)
+    add_executable(ml_kem_keygen
+        ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc
+    )
+    target_link_libraries(ml_kem_keygen PRIVATE
+        benchmark::benchmark
+    )
 
-if(NOT MSVC)
-    # We benchmark internal functions here that are inlined and thus not available
-    # in MSVC.
-    add_executable(sha3_bench
-        ${PROJECT_SOURCE_DIR}/benches/sha3.cc
+    add_executable(ml_kem_encaps
+        ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc
     )
-    target_link_libraries(sha3_bench PRIVATE
+    target_link_libraries(ml_kem_encaps PRIVATE
         benchmark::benchmark
     )
-endif(NOT MSVC)
+
+    if(NOT MSVC)
+        # We benchmark internal functions here that are inlined and thus not available
+        # in MSVC.
+        add_executable(sha3_bench
+            ${PROJECT_SOURCE_DIR}/benches/sha3.cc
+        )
+        target_link_libraries(sha3_bench PRIVATE
+            benchmark::benchmark
+        )
+    endif(NOT MSVC)
+endif(DEFINED ENV{LIBCRUX_BENCHMARKS})
diff --git a/libcrux-ml-kem/cg/boring/eurydice_glue.h b/libcrux-ml-kem/cg/boring/eurydice_glue.h
new file mode 100644
index 000000000..79cf1285b
--- /dev/null
+++ b/libcrux-ml-kem/cg/boring/eurydice_glue.h
@@ -0,0 +1,182 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Eurydice Contributors
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ */
+
+#pragma once
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "karamel/target.h"
+
+// SLICES, ARRAYS, ETC.
+
+// The MSVC C++ compiler does not support compound literals.
+// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++
+// compiler.
+#if defined(__cplusplus)
+#define CLITERAL(type) type
+#else
+#define CLITERAL(type) (type)
+#endif
+
+// We represent a slice as a pair of an (untyped) pointer, along with the length
+// of the slice, i.e. the number of elements in the slice (this is NOT the
+// number of bytes). This design choice has two important consequences.
+// - if you need to use `ptr`, you MUST cast it to a proper type *before*
+// performing pointer
+//   arithmetic on it (remember that C desugars pointer arithmetic based on the
+//   type of the address)
+// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you
+// need to multiply it
+//   by sizeof t, where t is the type of the elements.
+//
+// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that
+// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL +
+// start`).
+typedef struct {
+  void *ptr;
+  size_t len;
+} Eurydice_slice;
+
+// Helper macro to create a slice out of a pointer x, a start index in x
+// (included), and an end index in x (excluded). The argument x must be suitably
+// cast to something that can decay (see remark above about how pointer
+// arithmetic works in C), meaning either pointer or array type.
+#define EURYDICE_SLICE(x, start, end) \
+  (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})
+#define EURYDICE_SLICE_LEN(s, _) s.len
+// This macro is a pain because in case the dereferenced element type is an
+// array, you cannot simply write `t x` as it would yield `int[4] x` instead,
+// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that
+// adds an extra argument to this macro at the last minute so that we have the
+// correct type of *pointers* to elements.
+#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
+#define Eurydice_slice_subslice(s, r, t, _) \
+  EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
+// Variant for when the start and end indices are statically known (i.e., the
+// range argument `r` is a literal).
+#define Eurydice_slice_subslice2(s, start, end, t) \
+  EURYDICE_SLICE((t *)s.ptr, start, end)
+#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \
+  EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
+#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \
+  EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
+#define Eurydice_array_to_slice(end, x, t) \
+  EURYDICE_SLICE(x, 0,                     \
+                 end) /* x is already at an array type, no need for cast */
+#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \
+  EURYDICE_SLICE((t *)x, r.start, r.end)
+// Same as above, variant for when start and end are statically known
+#define Eurydice_array_to_subslice2(x, start, end, t) \
+  EURYDICE_SLICE((t *)x, start, end)
+#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \
+  EURYDICE_SLICE((t *)x, 0, r)
+#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \
+  EURYDICE_SLICE((t *)x, r, size)
+#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)
+#define Eurydice_slice_copy(dst, src, t) \
+  memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
+#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
+  ((Eurydice_slice){.ptr = ptr_, .len = len_})
+
+#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
+    len, src, dst, elem_type, _ret_t)                                \
+  (memcpy(dst, src, len * sizeof(elem_type)))
+#define TryFromSliceError uint8_t
+
+#define Eurydice_array_eq(sz, a1, a2, t, _) \
+  (memcmp(a1, a2, sz * sizeof(t)) == 0)
+#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
+    sz, a1, a2, t, _, _ret_t)                                                           \
+  Eurydice_array_eq(sz, a1, a2, t, _)
+#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \
+    sz, a1, a2, t, _, _ret_t)                                                               \
+  Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
+
+#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
+  (CLITERAL(ret_t){                                              \
+      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),  \
+      .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})
+#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
+  (CLITERAL(ret_t){                                                  \
+      .fst = {.ptr = slice.ptr, .len = mid},                         \
+      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \
+              .len = slice.len - mid}})
+
+// Conversion of slice to an array, rewritten (by Eurydice) to name the
+// destination array, since arrays are not values in C.
+// N.B.: see note in karamel/lib/Inlining.ml if you change this.
+#define Eurydice_slice_to_array2(dst, src, _, t_arr)                      \
+  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
+                           sizeof(t_arr))
+
+static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
+                                            Eurydice_slice src, size_t sz) {
+  *dst_tag = 0;
+  memcpy(dst_ok, src.ptr, sz);
+}
+
+// CORE STUFF (conversions, endianness, ...)
+
+static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {
+  CRYPTO_store_u64_le(buf, v);
+}
+static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {
+  return CRYPTO_load_u64_le(buf);
+}
+
+static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {
+  return CRYPTO_load_u32_le(buf);
+}
+
+static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {
+#if defined(__GNUC__) || defined(__clang__)
+  return __builtin_popcount(x0);
+#elif defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_X64))
+  // || defined(_M_ARM64)) // since MSVC 2022 17.11 Preview 3
+  return __popcnt(x0);
+#else
+  x0 = (x0 & 0b01010101) + (x0 >> 1 & 0b01010101);
+  x0 = (x0 & 0b00110011) + (x0 >> 2 & 0b00110011);
+  x0 = (x0 & 0b00001111) + (x0 >> 4 & 0b00001111);
+  return x0;
+#endif
+}
+
+// unsigned overflow wraparound semantics in C
+static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) {
+  return x + y;
+}
+static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
+  return x - y;
+}
+
+// ITERATORS
+
+#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
+  (((iter_ptr)->start == (iter_ptr)->end)            \
+       ? (CLITERAL(ret_t){.tag = None})              \
+       : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
+
+#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \
+  Eurydice_range_iter_next
+
+// See note in karamel/lib/Inlining.ml if you change this
+#define Eurydice_into_iter(x, t, _ret_t) (x)
+#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \
+  Eurydice_into_iter
+
+#if defined(__cplusplus)
+}
+#endif
diff --git a/libcrux-ml-kem/cg/boring/karamel/target.h b/libcrux-ml-kem/cg/boring/karamel/target.h
new file mode 100644
index 000000000..f05271541
--- /dev/null
+++ b/libcrux-ml-kem/cg/boring/karamel/target.h
@@ -0,0 +1,55 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ * Licensed under the Apache 2.0 and MIT Licenses.
+ *
+ * SPDX-FileCopyrightText: 2024 INRIA and Microsoft Corporation
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ */
+
+#ifndef __KRML_TARGET_H
+#define __KRML_TARGET_H
+
+#ifndef KRML_HOST_PRINTF
+#define KRML_HOST_PRINTF printf
+#endif
+
+#if ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+     (defined(__cplusplus) && __cplusplus > 199711L)) &&           \
+    (!defined(KRML_HOST_EPRINTF))
+#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
+#elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER)
+#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
+#endif
+
+#ifndef KRML_HOST_EXIT
+#define KRML_HOST_EXIT exit
+#endif
+
+// This does not actually force inline.
+// Forcing inline increases stack usage beyond acceptable limits
+#define KRML_MUSTINLINE inline
+
+#ifndef KRML_NOINLINE
+#if defined(_MSC_VER)
+#define KRML_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__) || defined(__clang__)
+#define KRML_NOINLINE __attribute__((noinline, unused))
+#else
+#define KRML_NOINLINE
+#warning "The KRML_NOINLINE macro is not defined for this toolchain!"
+#warning "The compiler may defeat side-channel resistance with optimizations."
+#warning \
+    "Please locate target.h and try to fill it out with a suitable definition for this compiler."
+#endif
+#endif
+
+#ifndef KRML_ATTRIBUTE_TARGET
+#if defined(__GNUC__) || defined(__clang__)
+#define KRML_ATTRIBUTE_TARGET(x) __attribute__((target(x)))
+#else
+#define KRML_ATTRIBUTE_TARGET(x)
+#endif
+#endif
+
+#endif
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index e86a4ecec..7a47df612 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h
index 408699596..3f9b35cc2 100644
--- a/libcrux-ml-kem/cg/eurydice_glue.h
+++ b/libcrux-ml-kem/cg/eurydice_glue.h
@@ -17,6 +17,7 @@ extern "C" {
 #include <stdlib.h>
 #include <string.h>
 
+#include "karamel/endianness.h"
 #include "karamel/target.h"
 
 // SLICES, ARRAYS, ETC.
@@ -30,8 +31,6 @@ extern "C" {
 #define CLITERAL(type) (type)
 #endif
 
-#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e)
-
 // We represent a slice as a pair of an (untyped) pointer, along with the length
 // of the slice, i.e. the number of elements in the slice (this is NOT the
 // number of bytes). This design choice has two important consequences.
@@ -90,7 +89,7 @@ typedef struct {
 #define Eurydice_slice_copy(dst, src, t) \
   memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
 #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
-  ((Eurydice_slice){.ptr = ptr_, .len = len_})
+  (CLITERAL(Eurydice_slice){.ptr = ptr_, .len = len_})
 
 #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
     len, src, dst, elem_type, _ret_t)                                \
@@ -132,18 +131,14 @@ static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
 // CORE STUFF (conversions, endianness, ...)
 
 static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {
-  memcpy(buf, &v, sizeof(v));
+  store64_le(buf, v);
 }
 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {
-  uint64_t v;
-  memcpy(&v, buf, sizeof(v));
-  return v;
+  return load64_le(buf);
 }
 
 static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {
-  uint32_t v;
-  memcpy(&v, buf, sizeof(v));
-  return v;
+  return load32_le(buf);
 }
 
 static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 2f61d1046..d00e0bb1f 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 911564678..6f4f9eeeb 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index c78977ceb..809203215 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 2593184a3..64071fef7 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 627eab709..10c065571 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index f252d33b7..5b8729fa0 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: e7d31cc9d00fb10b9002777a3fc8a209dba74b83
+ * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
  */
 
 #ifndef __libcrux_sha3_portable_H

From 470eb78cb70a42a1b212cdba9d9547cf1a7f498d Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 15:54:27 +0000
Subject: [PATCH 050/142] udpate C extraction

---
 libcrux-ml-kem/c/code_gen.txt                 |    4 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |    4 +-
 .../c/internal/libcrux_mlkem_avx2.h           |    4 +-
 .../c/internal/libcrux_mlkem_portable.h       |    4 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |    4 +-
 .../c/internal/libcrux_sha3_internal.h        |   72 +-
 libcrux-ml-kem/c/libcrux_core.c               |    4 +-
 libcrux-ml-kem/c/libcrux_core.h               |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c     |  304 ----
 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h     |   98 --
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_neon.c      |  298 ----
 libcrux-ml-kem/c/libcrux_mlkem512_neon.h      |   96 --
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_neon.c      |  298 ----
 libcrux-ml-kem/c/libcrux_mlkem768_neon.h      |   96 --
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 1299 ++++------------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |    4 +-
 libcrux-ml-kem/c/libcrux_mlkem_neon.c         |   30 -
 libcrux-ml-kem/c/libcrux_mlkem_neon.h         |   36 -
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     |  369 +----
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |    4 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |    4 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   46 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |    4 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   24 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |    4 +-
 libcrux-ml-kem/cg/code_gen.txt                |    4 +-
 libcrux-ml-kem/cg/libcrux_core.h              |    4 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |    4 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 1305 +++--------------
 .../cg/libcrux_mlkem768_avx2_types.h          |   92 --
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  226 +--
 .../cg/libcrux_mlkem768_portable_types.h      |   95 --
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   22 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |   98 +-
 50 files changed, 706 insertions(+), 4328 deletions(-)
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.c
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.h
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.c
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.h
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c
 delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h
 delete mode 100644 libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
 delete mode 100644 libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 7a47df612..420446603 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
 Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
-Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 8cc44a3a9..69032a33e 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 68711c486..9baf58ca5 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index cabe4d144..7ba532d5e 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index dfe1128cb..0d99b2edd 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 10bbf3d2a..6d47ffcbc 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
@@ -273,13 +273,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)136U) {
-      consumed = (size_t)136U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)136U) {
+      consumed = (size_t)136U - self->buf_len;
       {
         size_t i = (size_t)0U;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -385,9 +380,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
       size_t i = (size_t)0U;
@@ -734,13 +727,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)168U) {
-      consumed = (size_t)168U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)168U) {
+      consumed = (size_t)168U - self->buf_len;
       {
         size_t i = (size_t)0U;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -846,9 +834,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
       size_t i = (size_t)0U;
@@ -1238,13 +1224,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   size_t blocks = out_len / (size_t)136U;
   size_t last = out_len - out_len % (size_t)136U;
   size_t mid;
-  if ((size_t)136U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)136U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)136U;
@@ -1258,11 +1238,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -1271,11 +1248,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)136U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
@@ -1370,13 +1343,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   size_t blocks = out_len / (size_t)168U;
   size_t last = out_len - out_len % (size_t)168U;
   size_t mid;
-  if ((size_t)168U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)168U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)168U;
@@ -1390,11 +1357,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -1403,11 +1367,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)168U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 0fefd7f60..03c9cddb6 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index d57d420d1..f1e63c7a9 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index a35470e40..6ba68daf6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 111078eb1..6aa0b5776 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 03f0bb0f6..c662e3584 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c
deleted file mode 100644
index c95f9f673..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 53530427db2941ce784201e64086766504bc5642
- * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb
- * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85
- * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38
- * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221
- */
-
-#include "libcrux_mlkem1024_neon.h"
-
-#include "internal/libcrux_mlkem_neon.h"
-
-/**
- Portable decapsulate
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate
-with const generics
-- K= 4
-- SECRET_KEY_SIZE= 3168
-- CPA_SECRET_KEY_SIZE= 1536
-- PUBLIC_KEY_SIZE= 1568
-- CIPHERTEXT_SIZE= 1568
-- T_AS_NTT_ENCODED_SIZE= 1536
-- C1_SIZE= 1408
-- C2_SIZE= 160
-- VECTOR_U_COMPRESSION_FACTOR= 11
-- VECTOR_V_COMPRESSION_FACTOR= 5
-- C1_BLOCK_SIZE= 352
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
-*/
-static void decapsulate_f8(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext,
-    uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret);
-}
-
-/**
- Decapsulate ML-KEM 1024
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an [`MlKem1024PrivateKey`] and an
- [`MlKem1024Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem1024_neon_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext,
-    uint8_t ret[32U]) {
-  decapsulate_f8(private_key, ciphertext, ret);
-}
-
-/**
- Portable decapsulate
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const
-generics
-- K= 4
-- SECRET_KEY_SIZE= 3168
-- CPA_SECRET_KEY_SIZE= 1536
-- PUBLIC_KEY_SIZE= 1568
-- CIPHERTEXT_SIZE= 1568
-- T_AS_NTT_ENCODED_SIZE= 1536
-- C1_SIZE= 1408
-- C2_SIZE= 160
-- VECTOR_U_COMPRESSION_FACTOR= 11
-- VECTOR_V_COMPRESSION_FACTOR= 5
-- C1_BLOCK_SIZE= 352
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
-*/
-static void decapsulate_unpacked_c2(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair,
-    libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext,
-    uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret);
-}
-
-/**
- Decapsulate ML-KEM 1024 (unpacked)
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an unpacked key pair of type
- [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key,
-    libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext,
-    uint8_t ret[32U]) {
-  decapsulate_unpacked_c2(private_key, ciphertext, ret);
-}
-
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate
-with const generics
-- K= 4
-- CIPHERTEXT_SIZE= 1568
-- PUBLIC_KEY_SIZE= 1568
-- T_AS_NTT_ENCODED_SIZE= 1536
-- C1_SIZE= 1408
-- C2_SIZE= 160
-- VECTOR_U_COMPRESSION_FACTOR= 11
-- VECTOR_V_COMPRESSION_FACTOR= 5
-- VECTOR_U_BLOCK_LEN= 352
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-*/
-static tuple_21 encapsulate_6b(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness);
-}
-
-/**
- Encapsulate ML-KEM 1024
-
- Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an [`MlKem1024PublicKey`] and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
-*/
-tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_6b(uu____0, copy_of_randomness);
-}
-
-/**
- Portable encapsualte
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const
-generics
-- K= 4
-- CIPHERTEXT_SIZE= 1568
-- PUBLIC_KEY_SIZE= 1568
-- T_AS_NTT_ENCODED_SIZE= 1536
-- C1_SIZE= 1408
-- C2_SIZE= 160
-- VECTOR_U_COMPRESSION_FACTOR= 11
-- VECTOR_V_COMPRESSION_FACTOR= 5
-- VECTOR_U_BLOCK_LEN= 352
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-*/
-static tuple_21 encapsulate_unpacked_1c(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 =
-      public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0,
-                                                        copy_of_randomness);
-}
-
-/**
- Encapsulate ML-KEM 1024 (unpacked)
-
- Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an unpacked public key of type
- [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
- TODO: The F* prefix opens required modules, it should go away when the
- following issue is resolved: https://github.com/hacspec/hax/issues/770
-*/
-tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 =
-      public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_unpacked_1c(uu____0, copy_of_randomness);
-}
-
-/**
- Portable generate key pair.
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics
-- K= 4
-- CPA_PRIVATE_KEY_SIZE= 1536
-- PRIVATE_KEY_SIZE= 3168
-- PUBLIC_KEY_SIZE= 1568
-- BYTES_PER_RING_ELEMENT= 1536
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-*/
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91(
-    uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness);
-}
-
-/**
- Generate ML-KEM 1024 Key Pair
-*/
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_91(copy_of_randomness);
-}
-
-/**
- Unpacked API
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const
-generics
-- K= 4
-- CPA_PRIVATE_KEY_SIZE= 1536
-- PRIVATE_KEY_SIZE= 3168
-- PUBLIC_KEY_SIZE= 1568
-- BYTES_PER_RING_ELEMENT= 1536
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-*/
-static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c
-generate_keypair_unpacked_87(uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(
-      copy_of_randomness);
-}
-
-/**
- Generate ML-KEM 1024 Key Pair in "unpacked" form
-*/
-libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c
-libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked(
-    uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_unpacked_87(copy_of_randomness);
-}
-
-/**
- Portable public key validation
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const
-generics
-- K= 4
-- RANKED_BYTES_PER_RING_ELEMENT= 1536
-- PUBLIC_KEY_SIZE= 1568
-*/
-static bool validate_public_key_a3(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key);
-}
-
-/**
- Validate a public key.
-
- Returns `Some(public_key)` if valid, and `None` otherwise.
-*/
-core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_1f public_key) {
-  core_option_Option_99 uu____0;
-  if (validate_public_key_a3(public_key.value)) {
-    uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some,
-                                               .f0 = public_key});
-  } else {
-    uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None});
-  }
-  return uu____0;
-}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h
deleted file mode 100644
index 1ed96ad65..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 53530427db2941ce784201e64086766504bc5642
- * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb
- * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85
- * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38
- * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221
- */
-
-#ifndef __libcrux_mlkem1024_neon_H
-#define __libcrux_mlkem1024_neon_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "eurydice_glue.h"
-#include "libcrux_core.h"
-#include "libcrux_mlkem_neon.h"
-
-/**
- Decapsulate ML-KEM 1024
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an [`MlKem1024PrivateKey`] and an
- [`MlKem1024Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem1024_neon_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
-    libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]);
-
-/**
- Decapsulate ML-KEM 1024 (unpacked)
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an unpacked key pair of type
- [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key,
-    libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]);
-
-/**
- Encapsulate ML-KEM 1024
-
- Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an [`MlKem1024PublicKey`] and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
-*/
-tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
-    uint8_t randomness[32U]);
-
-/**
- Encapsulate ML-KEM 1024 (unpacked)
-
- Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an unpacked public key of type
- [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
- TODO: The F* prefix opens required modules, it should go away when the
- following issue is resolved: https://github.com/hacspec/hax/issues/770
-*/
-tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key,
-    uint8_t randomness[32U]);
-
-/**
- Generate ML-KEM 1024 Key Pair
-*/
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]);
-
-/**
- Generate ML-KEM 1024 Key Pair in "unpacked" form
-*/
-libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c
-libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked(
-    uint8_t randomness[64U]);
-
-/**
- Validate a public key.
-
- Returns `Some(public_key)` if valid, and `None` otherwise.
-*/
-core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_1f public_key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __libcrux_mlkem1024_neon_H_DEFINED
-#endif
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 534866299..bc4294748 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 7f190c690..90211f1e5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 0a9a083e1..d27735aa5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index f6887d04b..b45c8295b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 29db1ada7..d5ec40d83 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c
deleted file mode 100644
index 5b9b0ad47..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 53530427db2941ce784201e64086766504bc5642
- * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb
- * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85
- * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38
- * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221
- */
-
-#include "libcrux_mlkem512_neon.h"
-
-#include "internal/libcrux_mlkem_neon.h"
-
-/**
- Portable decapsulate
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate
-with const generics
-- K= 2
-- SECRET_KEY_SIZE= 1632
-- CPA_SECRET_KEY_SIZE= 768
-- PUBLIC_KEY_SIZE= 800
-- CIPHERTEXT_SIZE= 768
-- T_AS_NTT_ENCODED_SIZE= 768
-- C1_SIZE= 640
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- C1_BLOCK_SIZE= 320
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
-*/
-static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-                           libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext,
-                           uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret);
-}
-
-/**
- Decapsulate ML-KEM 512
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an [`MlKem512PrivateKey`] and an
- [`MlKem512Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem512_neon_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_55(private_key, ciphertext, ret);
-}
-
-/**
- Portable decapsulate
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const
-generics
-- K= 2
-- SECRET_KEY_SIZE= 1632
-- CPA_SECRET_KEY_SIZE= 768
-- PUBLIC_KEY_SIZE= 800
-- CIPHERTEXT_SIZE= 768
-- T_AS_NTT_ENCODED_SIZE= 768
-- C1_SIZE= 640
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- C1_BLOCK_SIZE= 320
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
-*/
-static void decapsulate_unpacked_53(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret);
-}
-
-/**
- Decapsulate ML-KEM 512 (unpacked)
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an unpacked key pair of type
- [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
-  decapsulate_unpacked_53(private_key, ciphertext, ret);
-}
-
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate
-with const generics
-- K= 2
-- CIPHERTEXT_SIZE= 768
-- PUBLIC_KEY_SIZE= 800
-- T_AS_NTT_ENCODED_SIZE= 768
-- C1_SIZE= 640
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- VECTOR_U_BLOCK_LEN= 320
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-*/
-static tuple_ec encapsulate_f8(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness);
-}
-
-/**
- Encapsulate ML-KEM 512
-
- Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`]
- bytes of `randomness`.
-*/
-tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_f8(uu____0, copy_of_randomness);
-}
-
-/**
- Portable encapsualte
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const
-generics
-- K= 2
-- CIPHERTEXT_SIZE= 768
-- PUBLIC_KEY_SIZE= 800
-- T_AS_NTT_ENCODED_SIZE= 768
-- C1_SIZE= 640
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- VECTOR_U_BLOCK_LEN= 320
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-*/
-static tuple_ec encapsulate_unpacked_ce(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 =
-      public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0,
-                                                         copy_of_randomness);
-}
-
-/**
- Encapsulate ML-KEM 512 (unpacked)
-
- Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an unpacked public key of type
- [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
-*/
-tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 =
-      public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_unpacked_ce(uu____0, copy_of_randomness);
-}
-
-/**
- Portable generate key pair.
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics
-- K= 2
-- CPA_PRIVATE_KEY_SIZE= 768
-- PRIVATE_KEY_SIZE= 1632
-- PUBLIC_KEY_SIZE= 800
-- BYTES_PER_RING_ELEMENT= 768
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
-*/
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a(
-    uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness);
-}
-
-/**
- Generate ML-KEM 512 Key Pair
-*/
-libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_1a(copy_of_randomness);
-}
-
-/**
- Unpacked API
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const
-generics
-- K= 2
-- CPA_PRIVATE_KEY_SIZE= 768
-- PRIVATE_KEY_SIZE= 1632
-- PUBLIC_KEY_SIZE= 800
-- BYTES_PER_RING_ELEMENT= 768
-- ETA1= 3
-- ETA1_RANDOMNESS_SIZE= 192
-*/
-static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66
-generate_keypair_unpacked_38(uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(
-      copy_of_randomness);
-}
-
-/**
- Generate ML-KEM 512 Key Pair in "unpacked" form
-*/
-libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66
-libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked(
-    uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_unpacked_38(copy_of_randomness);
-}
-
-/**
- Portable public key validation
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const
-generics
-- K= 2
-- RANKED_BYTES_PER_RING_ELEMENT= 768
-- PUBLIC_KEY_SIZE= 800
-*/
-static bool validate_public_key_a31(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key);
-}
-
-/**
- Validate a public key.
-
- Returns `Some(public_key)` if valid, and `None` otherwise.
-*/
-core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_be public_key) {
-  core_option_Option_04 uu____0;
-  if (validate_public_key_a31(public_key.value)) {
-    uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some,
-                                               .f0 = public_key});
-  } else {
-    uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None});
-  }
-  return uu____0;
-}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h
deleted file mode 100644
index 211c714fc..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 53530427db2941ce784201e64086766504bc5642
- * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb
- * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85
- * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38
- * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221
- */
-
-#ifndef __libcrux_mlkem512_neon_H
-#define __libcrux_mlkem512_neon_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "eurydice_glue.h"
-#include "libcrux_core.h"
-#include "libcrux_mlkem_neon.h"
-
-/**
- Decapsulate ML-KEM 512
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an [`MlKem512PrivateKey`] and an
- [`MlKem512Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem512_neon_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
-
-/**
- Decapsulate ML-KEM 512 (unpacked)
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an unpacked key pair of type
- [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key,
-    libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
-
-/**
- Encapsulate ML-KEM 512
-
- Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`]
- bytes of `randomness`.
-*/
-tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
-    uint8_t randomness[32U]);
-
-/**
- Encapsulate ML-KEM 512 (unpacked)
-
- Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an unpacked public key of type
- [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
-*/
-tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key,
-    uint8_t randomness[32U]);
-
-/**
- Generate ML-KEM 512 Key Pair
-*/
-libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]);
-
-/**
- Generate ML-KEM 512 Key Pair in "unpacked" form
-*/
-libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66
-libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked(
-    uint8_t randomness[64U]);
-
-/**
- Validate a public key.
-
- Returns `Some(public_key)` if valid, and `None` otherwise.
-*/
-core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_be public_key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __libcrux_mlkem512_neon_H_DEFINED
-#endif
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 9fbd54390..2fc72d307 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index af0ef20f4..6e3d9755b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 02c9b01ac..bcfb76ff3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 44efd0086..fdf226bd8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 137d7e7da..08c3fa5b7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c
deleted file mode 100644
index c252832a1..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 53530427db2941ce784201e64086766504bc5642
- * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb
- * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85
- * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38
- * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221
- */
-
-#include "libcrux_mlkem768_neon.h"
-
-#include "internal/libcrux_mlkem_neon.h"
-
-/**
- Portable decapsulate
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate
-with const generics
-- K= 3
-- SECRET_KEY_SIZE= 2400
-- CPA_SECRET_KEY_SIZE= 1152
-- PUBLIC_KEY_SIZE= 1184
-- CIPHERTEXT_SIZE= 1088
-- T_AS_NTT_ENCODED_SIZE= 1152
-- C1_SIZE= 960
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- C1_BLOCK_SIZE= 320
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
-*/
-static void decapsulate_67(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret);
-}
-
-/**
- Decapsulate ML-KEM 768
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an [`MlKem768PrivateKey`] and an
- [`MlKem768Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem768_neon_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_67(private_key, ciphertext, ret);
-}
-
-/**
- Portable decapsulate
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const
-generics
-- K= 3
-- SECRET_KEY_SIZE= 2400
-- CPA_SECRET_KEY_SIZE= 1152
-- PUBLIC_KEY_SIZE= 1184
-- CIPHERTEXT_SIZE= 1088
-- T_AS_NTT_ENCODED_SIZE= 1152
-- C1_SIZE= 960
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- C1_BLOCK_SIZE= 320
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
-*/
-static void decapsulate_unpacked_70(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret);
-}
-
-/**
- Decapsulate ML-KEM 768 (unpacked)
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an unpacked key pair of type
- [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
-  decapsulate_unpacked_70(private_key, ciphertext, ret);
-}
-
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate
-with const generics
-- K= 3
-- CIPHERTEXT_SIZE= 1088
-- PUBLIC_KEY_SIZE= 1184
-- T_AS_NTT_ENCODED_SIZE= 1152
-- C1_SIZE= 960
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- VECTOR_U_BLOCK_LEN= 320
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-*/
-static tuple_3c encapsulate_ea(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness);
-}
-
-/**
- Encapsulate ML-KEM 768
-
- Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
- bytes of `randomness`.
-*/
-tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_ea(uu____0, copy_of_randomness);
-}
-
-/**
- Portable encapsualte
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const
-generics
-- K= 3
-- CIPHERTEXT_SIZE= 1088
-- PUBLIC_KEY_SIZE= 1184
-- T_AS_NTT_ENCODED_SIZE= 1152
-- C1_SIZE= 960
-- C2_SIZE= 128
-- VECTOR_U_COMPRESSION_FACTOR= 10
-- VECTOR_V_COMPRESSION_FACTOR= 4
-- VECTOR_U_BLOCK_LEN= 320
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-- ETA2= 2
-- ETA2_RANDOMNESS_SIZE= 128
-*/
-static tuple_3c encapsulate_unpacked_29(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 =
-      public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0,
-                                                         copy_of_randomness);
-}
-
-/**
- Encapsulate ML-KEM 768 (unpacked)
-
- Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an unpacked public key of type
- [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
-*/
-tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key,
-    uint8_t randomness[32U]) {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 =
-      public_key;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return encapsulate_unpacked_29(uu____0, copy_of_randomness);
-}
-
-/**
- Portable generate key pair.
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics
-- K= 3
-- CPA_PRIVATE_KEY_SIZE= 1152
-- PRIVATE_KEY_SIZE= 2400
-- PUBLIC_KEY_SIZE= 1184
-- BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-*/
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b(
-    uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness);
-}
-
-/**
- Generate ML-KEM 768 Key Pair
-*/
-libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_1b(copy_of_randomness);
-}
-
-/**
- Unpacked API
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const
-generics
-- K= 3
-- CPA_PRIVATE_KEY_SIZE= 1152
-- PRIVATE_KEY_SIZE= 2400
-- PUBLIC_KEY_SIZE= 1184
-- BYTES_PER_RING_ELEMENT= 1152
-- ETA1= 2
-- ETA1_RANDOMNESS_SIZE= 128
-*/
-static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd
-generate_keypair_unpacked_42(uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(
-      copy_of_randomness);
-}
-
-/**
- Generate ML-KEM 768 Key Pair in "unpacked" form
-*/
-libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd
-libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked(
-    uint8_t randomness[64U]) {
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[64U];
-  memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
-  return generate_keypair_unpacked_42(copy_of_randomness);
-}
-
-/**
- Portable public key validation
-*/
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const
-generics
-- K= 3
-- RANKED_BYTES_PER_RING_ELEMENT= 1152
-- PUBLIC_KEY_SIZE= 1184
-*/
-static bool validate_public_key_a30(uint8_t *public_key) {
-  return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key);
-}
-
-/**
- Validate a public key.
-
- Returns `Some(public_key)` if valid, and `None` otherwise.
-*/
-core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 public_key) {
-  core_option_Option_92 uu____0;
-  if (validate_public_key_a30(public_key.value)) {
-    uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some,
-                                               .f0 = public_key});
-  } else {
-    uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None});
-  }
-  return uu____0;
-}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h
deleted file mode 100644
index aaf2756d9..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 53530427db2941ce784201e64086766504bc5642
- * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb
- * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85
- * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38
- * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221
- */
-
-#ifndef __libcrux_mlkem768_neon_H
-#define __libcrux_mlkem768_neon_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "eurydice_glue.h"
-#include "libcrux_core.h"
-#include "libcrux_mlkem_neon.h"
-
-/**
- Decapsulate ML-KEM 768
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an [`MlKem768PrivateKey`] and an
- [`MlKem768Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem768_neon_decapsulate(
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
-
-/**
- Decapsulate ML-KEM 768 (unpacked)
-
- Generates an [`MlKemSharedSecret`].
- The input is a reference to an unpacked key pair of type
- [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`].
-*/
-void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key,
-    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
-
-/**
- Encapsulate ML-KEM 768
-
- Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
- bytes of `randomness`.
-*/
-tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate(
-    libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
-    uint8_t randomness[32U]);
-
-/**
- Encapsulate ML-KEM 768 (unpacked)
-
- Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
- The input is a reference to an unpacked public key of type
- [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
- [`SHARED_SECRET_SIZE`] bytes of `randomness`.
-*/
-tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked(
-    libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key,
-    uint8_t randomness[32U]);
-
-/**
- Generate ML-KEM 768 Key Pair
-*/
-libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]);
-
-/**
- Generate ML-KEM 768 Key Pair in "unpacked" form
-*/
-libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd
-libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked(
-    uint8_t randomness[64U]);
-
-/**
- Validate a public key.
-
- Returns `Some(public_key)` if valid, and `None` otherwise.
-*/
-core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key(
-    libcrux_ml_kem_types_MlKemPublicKey_15 public_key);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __libcrux_mlkem768_neon_H_DEFINED
-#endif
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 46744ca7e..c59bc0046 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index aa96f9f4d..03f9d22a4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 1e62fbc12..61f343a77 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -141,16 +141,11 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  __m256i v_minus_field_modulus =
-      mm256_sub_epi16(/* Compute v_i - Q and crate a mask from the sign bit of
-                         each of these quantities. */
-                      vector,
-                      field_modulus);
+  __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus);
   __m256i sign_mask =
       mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i);
-  __m256i conditional_add_field_modulus = mm256_and_si256(
-      /* If v_i - Q < 0 then add back Q to (v_i - Q). */ sign_mask,
-      field_modulus);
+  __m256i conditional_add_field_modulus =
+      mm256_and_si256(sign_mask, field_modulus);
   return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus);
 }
 
@@ -455,7 +450,6 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) {
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
     __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  /* Compute the first term of the product */
   __m256i shuffle_with = mm256_set_epi8(
       (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6,
       (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8,
@@ -463,8 +457,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2,
       (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4,
       (int8_t)1, (int8_t)0);
-  __m256i lhs_shuffled =
-      mm256_shuffle_epi8(/* Prepare the left hand side */ lhs, shuffle_with);
+  __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with);
   __m256i lhs_shuffled0 =
       mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i);
   __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0);
@@ -472,8 +465,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i lhs_odds =
       mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i);
   __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds);
-  __m256i rhs_shuffled =
-      mm256_shuffle_epi8(/* Prepare the right hand side */ rhs, shuffle_with);
+  __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with);
   __m256i rhs_shuffled0 =
       mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i);
   __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0);
@@ -481,8 +473,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i rhs_odds =
       mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i);
   __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds);
-  __m256i left =
-      mm256_mullo_epi32(/* Start operating with them */ lhs_evens0, rhs_evens0);
+  __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0);
   __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0);
   __m256i right0 =
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right);
@@ -495,7 +486,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
           products_left);
   __m256i rhs_adjacent_swapped = mm256_shuffle_epi8(
-      /* Compute the second term of the product */ rhs,
+      rhs,
       mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9,
                      (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4,
                      (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3,
@@ -509,9 +500,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
           products_right);
   __m256i products_right1 =
       mm256_slli_epi32((int32_t)16, products_right0, __m256i);
-  return mm256_blend_epi16((int32_t)170,
-                           /* Combine them into one vector */ products_left0,
-                           products_right1, __m256i);
+  return mm256_blend_epi16((int32_t)170, products_left0, products_right1,
+                           __m256i);
 }
 
 /**
@@ -527,44 +517,11 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
     __m256i vector, uint8_t ret[2U]) {
-  __m256i lsb_to_msb = mm256_slli_epi16(
-      (int32_t)15,
-      /* Suppose |vector| is laid out as follows (superscript number indicates
-         the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀
-         0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least
-         significant bit in each lane, move it to the most significant position
-         to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵
-         d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵
-         n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */
-      vector, __m256i);
-  __m128i low_msbs = mm256_castsi256_si128(
-      /* Get the first 8 16-bit elements ... */ lsb_to_msb);
-  __m128i high_msbs = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i);
-  __m128i msbs =
-      mm_packs_epi16(/* ... and then pack them into 8-bit values using signed
-                        saturation. This function packs all the |low_msbs|, and
-                        then the high ones. low_msbs = a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ |
-                        e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵ j₀0¹⁵ k₀0¹⁵
-                        l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ We shifted by 15 above
-                        to take advantage of the signed saturation performed by
-                        mm_packs_epi16: - if the sign bit of the 16-bit element
-                        being packed is 1, the corresponding 8-bit element in
-                        |msbs| will be 0xFF. - if the sign bit of the 16-bit
-                        element being packed is 0, the corresponding 8-bit
-                        element in |msbs| will be 0. Thus, if, for example, a₀ =
-                        1, e₀ = 1, and p₀ = 1, and every other bit is 0, after
-                        packing into 8 bit value, |msbs| will look like: 0xFF
-                        0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00
-                        0x00 | 0x00 0x00 0x00 0xFF */
-                     low_msbs,
-                     high_msbs);
-  int32_t bits_packed =
-      mm_movemask_epi8(/* Now that every element is either 0xFF or 0x00, we just
-                          extract the most significant bit from each element and
-                          collate them into two bytes. */
-                       msbs);
+  __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i);
+  __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb);
+  __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i);
+  __m128i msbs = mm_packs_epi16(low_msbs, high_msbs);
+  int32_t bits_packed = mm_movemask_epi8(msbs);
   uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)};
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
@@ -582,39 +539,16 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b) {
   __m256i coefficients =
-      mm256_set_epi16(/* We need to take each bit from the 2 bytes of input and
-                         put them into their own 16-bit lane. Ideally, we'd load
-                         the two bytes into the vector, duplicate them, and
-                         right-shift the 0th element by 0 bits, the first
-                         element by 1 bit, the second by 2 bits and so on before
-                         AND-ing with 0x1 to leave only the least signifinicant
-                         bit. But since |_mm256_srlv_epi16| does not exist, so
-                         we have to resort to a workaround. Rather than shifting
-                         each element by a different amount, we'll multiply each
-                         element by a value such that the bit we're interested
-                         in becomes the most significant bit. The coefficients
-                         are loaded as follows: */
-                      b,
-                      b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
-  __m256i coefficients_in_msb =
-      mm256_mullo_epi16(/* And this vector, when multiplied with the previous
-                           one, ensures that the bit we'd like to keep in each
-                           lane becomes the most significant bit upon
-                           multiplication. */
-                        coefficients,
-                        mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U,
-                                        (int16_t)1 << 10U, (int16_t)1 << 11U,
-                                        (int16_t)1 << 12U, (int16_t)1 << 13U,
-                                        (int16_t)1 << 14U, (int16_t)-32768,
-                                        (int16_t)1 << 8U, (int16_t)1 << 9U,
-                                        (int16_t)1 << 10U, (int16_t)1 << 11U,
-                                        (int16_t)1 << 12U, (int16_t)1 << 13U,
-                                        (int16_t)1 << 14U, (int16_t)-32768));
-  return mm256_srli_epi16(
-      (int32_t)15,
-      /* Now that they're all in the most significant bit position, shift them
-         down to the least significant bit. */
-      coefficients_in_msb, __m256i);
+      mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
+  __m256i coefficients_in_msb = mm256_mullo_epi16(
+      coefficients,
+      mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U,
+                      (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U,
+                      (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U,
+                      (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U,
+                      (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U,
+                      (int16_t)-32768));
+  return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i);
 }
 
 KRML_MUSTINLINE __m256i
@@ -627,23 +561,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* We need to take each bit from the 2 bytes of input and put them
-             into their own 16-bit lane. Ideally, we'd load the two bytes into
-             the vector, duplicate them, and right-shift the 0th element by 0
-             bits, the first element by 1 bit, the second by 2 bits and so on
-             before AND-ing with 0x1 to leave only the least signifinicant bit.
-             But since |_mm256_srlv_epi16| does not exist, so we have to resort
-             to a workaround. Rather than shifting each element by a different
-             amount, we'll multiply each element by a value such that the bit
-             we're interested in becomes the most significant bit. The
-             coefficients are loaded as follows: And this vector, when
-             multiplied with the previous one, ensures that the bit we'd like to
-             keep in each lane becomes the most significant bit upon
-             multiplication. Now that they're all in the most significant bit
-             position, shift them down to the least significant bit. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
@@ -676,47 +594,23 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
     __m256i vector, uint8_t ret[8U]) {
   uint8_t serialized[16U] = {0U};
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          4U,
-          /* If |vector| is laid out as follows: 0x000A 0x000B 0x000C 0x000D |
-             0x000E 0x000F 0x000G 0x000H | .... |adjacent_2_combined| will be
-             laid out as a series of 32-bit integeres, as follows: 0x00_00_00_BA
-             0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */
-          vector);
-  __m256i adjacent_8_combined =
-      mm256_shuffle_epi8(/* Recall that |adjacent_2_combined| goes as follows:
-                            0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE
-                            0x00_00_00_HG | ... Out of this, we only need the
-                            first byte, the 4th byte, the 8th byte and so on
-                            from the bottom and the top 128 bits. */
-                         adjacent_2_combined,
-                         mm256_set_epi8(
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0));
-  __m256i combined =
-      mm256_permutevar8x32_epi32(/* |adjacent_8_combined| looks like this: 0:
-                                    0xHG_FE_DC_BA 1: 0x00_00_00_00 | 2:
-                                    0x00_00_00_00 3: 0x00_00_00_00 | 4:
-                                    0xPO_NM_LK_JI .... We put the element at 4
-                                    after the element at 0 ... */
-                                 adjacent_8_combined,
-                                 mm256_set_epi32((int32_t)0, (int32_t)0,
-                                                 (int32_t)0, (int32_t)0,
-                                                 (int32_t)0, (int32_t)0,
-                                                 (int32_t)4, (int32_t)0));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector);
+  __m256i adjacent_8_combined = mm256_shuffle_epi8(
+      adjacent_2_combined,
+      mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4,
+                     (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8,
+                     (int8_t)4, (int8_t)0));
+  __m256i combined = mm256_permutevar8x32_epi32(
+      adjacent_8_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
+                      (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0));
   __m128i combined0 = mm256_castsi256_si128(combined);
   mm_storeu_bytes_si128(
-      Eurydice_array_to_slice(
-          (size_t)16U,
-          /* ... so that we can read them out in one go. */ serialized,
-          uint8_t),
-      combined0);
+      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
   uint8_t ret0[8U];
   core_result_Result_15 dst;
   Eurydice_slice_to_array2(
@@ -740,23 +634,8 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
     int16_t b6, int16_t b7) {
-  __m256i coefficients =
-      mm256_set_epi16(/* Every 4 bits from each byte of input should be put into
-                         its own 16-bit lane. Since |_mm256_srlv_epi16| does not
-                         exist, we have to resort to a workaround. Rather than
-                         shifting each element by a different amount, we'll
-                         multiply each element by a value such that the bits
-                         we're interested in become the most significant bits
-                         (of an 8-bit value). In this lane, the 4 bits we need
-                         to put are already the most significant bits of
-                         |bytes[7]| (that is, b7). */
-                      b7,
-                      /* In this lane, the 4 bits we need to put are the least
-                         significant bits, so we need to shift the 4
-                         least-significant bits of |b7| to the most significant
-                         bits (of an 8-bit value). */
-                      b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0,
-                      b0);
+  __m256i coefficients = mm256_set_epi16(b7, b7, b6, b6, b5, b5, b4, b4, b3, b3,
+                                         b2, b2, b1, b1, b0, b0);
   __m256i coefficients_in_msb = mm256_mullo_epi16(
       coefficients,
       mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
@@ -765,12 +644,9 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
                       (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U,
                       (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
                       (int16_t)1 << 4U));
-  __m256i coefficients_in_lsb = mm256_srli_epi16(
-      (int32_t)4,
-      /* Once the 4-bit coefficients are in the most significant positions (of
-         an 8-bit value), shift them all down by 4. */
-      coefficients_in_msb, __m256i);
-  return mm256_and_si256(/* Zero the remaining bits. */ coefficients_in_lsb,
+  __m256i coefficients_in_lsb =
+      mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i);
+  return mm256_and_si256(coefficients_in_lsb,
                          mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1));
 }
 
@@ -786,23 +662,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* Every 4 bits from each byte of input should be put into its own
-             16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to
-             resort to a workaround. Rather than shifting each element by a
-             different amount, we'll multiply each element by a value such that
-             the bits we're interested in become the most significant bits (of
-             an 8-bit value). In this lane, the 4 bits we need to put are
-             already the most significant bits of |bytes[7]| (that is, b7). In
-             this lane, the 4 bits we need to put are the least significant
-             bits, so we need to shift the 4 least-significant bits of |b7| to
-             the most significant bits (of an 8-bit value). These constants are
-             chosen to shift the bits of the values that we loaded into
-             |coefficients|. Once the 4-bit coefficients are in the most
-             significant positions (of an 8-bit value), shift them all down
-             by 4. Zero the remaining bits. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
@@ -824,78 +684,32 @@ libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
     __m256i vector, uint8_t ret[10U]) {
   uint8_t serialized[32U] = {0U};
-  __m256i adjacent_2_combined =
-      mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number
-                          indicates the corresponding bit is duplicated that
-                          many times): 0¹¹a₄a₃a₂a₁a₀ 0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀
-                          0¹¹d₄d₃d₂d₁d₀ | ↩ 0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀
-                          0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ | ↩ |adjacent_2_combined|
-                          will be laid out as a series of 32-bit integers, as
-                          follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                          0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                          0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... */
-                       vector,
-                       mm256_set_epi16(
-                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
-                           (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
-                           (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
-                           (int16_t)1));
-  __m256i adjacent_4_combined =
-      mm256_sllv_epi32(/* Recall that |adjacent_2_combined| is laid out as
-                          follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                          0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                          0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... This shift results
-                          in: b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ |
-                          ↩ f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                          .... */
-                       adjacent_2_combined,
-                       mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0,
-                                       (int32_t)22, (int32_t)0, (int32_t)22,
-                                       (int32_t)0, (int32_t)22));
-  __m256i adjacent_4_combined0 = mm256_srli_epi64(
-      (int32_t)22,
-      /* |adjacent_4_combined|, when viewed as 64-bit lanes, is:
-         0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩
-         0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift
-         down by 22 bits to remove the least significant 0 bits that aren't part
-         of the bits we need. */
-      adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined = mm256_shuffle_epi32(
-      (int32_t)8,
-      /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks
-         like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³²
-         2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to
-         read out the bytes in one go, we need to shifts the bits in position 2
-         to position 1 in each 128-bit lane. */
-      adjacent_4_combined0, __m256i);
-  __m256i adjacent_8_combined0 =
-      mm256_sllv_epi32(/* |adjacent_8_combined|, when viewed as a set of 32-bit
-                          values, now looks like:
-                          0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                          0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 0³² 0³² |
-                          ↩ Once again, we line these bits up by shifting the up
-                          values at indices 0 and 5 by 12, viewing the resulting
-                          register as a set of 64-bit values, and then shifting
-                          down the 64-bit values by 12 bits. */
-                       adjacent_8_combined,
-                       mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0,
-                                       (int32_t)12, (int32_t)0, (int32_t)0,
-                                       (int32_t)0, (int32_t)12));
+  __m256i adjacent_2_combined = mm256_madd_epi16(
+      vector, mm256_set_epi16(
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1));
+  __m256i adjacent_4_combined = mm256_sllv_epi32(
+      adjacent_2_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22,
+                      (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22));
+  __m256i adjacent_4_combined0 =
+      mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined =
+      mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i);
+  __m256i adjacent_8_combined0 = mm256_sllv_epi32(
+      adjacent_8_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12,
+                      (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12));
   __m256i adjacent_8_combined1 =
       mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i);
-  __m128i lower_8 =
-      mm256_castsi256_si128(/* We now have 40 bits starting at position 0 in the
-                               lower 128-bit lane, ... */
-                            adjacent_8_combined1);
+  __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1);
   mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
       lower_8);
-  __m128i upper_8 = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the second 40 bits at position 0 in the upper 128-bit lane */
-      adjacent_8_combined1, __m128i);
+  __m128i upper_8 =
+      mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i);
   mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
@@ -989,67 +803,25 @@ core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
     __m256i vector) {
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          10U,
-          /* If |vector| is laid out as follows (superscript number indicates
-             the corresponding bit is duplicated that many times):
-             0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-             0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩
-             0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-             0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ...
-             |adjacent_2_combined| will be laid out as a series of 32-bit
-             integers, as follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-             0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
-             0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-             0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... */
-          vector);
-  __m256i adjacent_4_combined =
-      mm256_sllv_epi32(/* Shifting up the values at the even indices by 12, we
-                          get: b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                          0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
-                          f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                          0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ ... */
-                       adjacent_2_combined,
-                       mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0,
-                                       (int32_t)12, (int32_t)0, (int32_t)12,
-                                       (int32_t)0, (int32_t)12));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector);
+  __m256i adjacent_4_combined = mm256_sllv_epi32(
+      adjacent_2_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12,
+                      (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12));
   __m256i adjacent_4_combined0 =
-      mm256_srli_epi64((int32_t)12,
-                       /* Viewing this as a set of 64-bit integers we get:
-                          0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                          | ↩
-                          0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                          | ↩ ... Shifting down by 12 gives us:
-                          0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                          | ↩
-                          0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                          | ↩ ... */
-                       adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined =
-      mm256_shuffle_epi8(/* |adjacent_4_combined|, when the bottom and top 128
-                            bit-lanes are grouped into bytes, looks like:
-                            0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ In
-                            each 128-bit lane, we want to put bytes 8, 9, 10,
-                            11, 12 after bytes 0, 1, 2, 3 to allow for
-                            sequential reading. */
-                         adjacent_4_combined0,
-                         mm256_set_epi8(
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11,
-                             (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
-                             (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11,
-                             (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
-                             (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
-  __m128i lower_8 =
-      mm256_castsi256_si128(/* We now have 64 bits starting at position 0 in the
-                               lower 128-bit lane, ... */
-                            adjacent_8_combined);
-  __m128i upper_8 = mm256_extracti128_si256(
-      (int32_t)1,
-      /* and 64 bits starting at position 0 in the upper 128-bit lane. */
-      adjacent_8_combined, __m128i);
+      mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined = mm256_shuffle_epi8(
+      adjacent_4_combined0,
+      mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9,
+                     (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1,
+                     (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10,
+                     (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2,
+                     (int8_t)1, (int8_t)0));
+  __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined);
+  __m128i upper_8 =
+      mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i);
   return (
       CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8});
 }
@@ -1057,167 +829,8 @@ libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
     __m256i vector, uint8_t ret[20U]) {
   core_core_arch_x86___m128i_x2 uu____0 =
-      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(/* If
-                                                                            |vector|
-                                                                            is
-                                                                            laid
-                                                                            out
-                                                                            as
-                                                                            follows
-                                                                            (superscript
-                                                                            number
-                                                                            indicates
-                                                                            the
-                                                                            corresponding
-                                                                            bit
-                                                                            is
-                                                                            duplicated
-                                                                            that
-                                                                            many
-                                                                            times):
-                                                                            0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-                                                                            0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀
-                                                                            | ↩
-                                                                            0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-                                                                            0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_2_combined|
-                                                                            will
-                                                                            be
-                                                                            laid
-                                                                            out
-                                                                            as a
-                                                                            series
-                                                                            of
-                                                                            32-bit
-                                                                            integers,
-                                                                            as
-                                                                            follows:
-                                                                            0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ....
-                                                                            Shifting
-                                                                            up
-                                                                            the
-                                                                            values
-                                                                            at
-                                                                            the
-                                                                            even
-                                                                            indices
-                                                                            by
-                                                                            12,
-                                                                            we
-                                                                            get:
-                                                                            b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ...
-                                                                            Viewing
-                                                                            this
-                                                                            as a
-                                                                            set
-                                                                            of
-                                                                            64-bit
-                                                                            integers
-                                                                            we
-                                                                            get:
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            | ↩
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            | ↩
-                                                                            ...
-                                                                            Shifting
-                                                                            down
-                                                                            by
-                                                                            12
-                                                                            gives
-                                                                            us:
-                                                                            0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            | ↩
-                                                                            0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_4_combined|,
-                                                                            when
-                                                                            the
-                                                                            bottom
-                                                                            and
-                                                                            top
-                                                                            128
-                                                                            bit-lanes
-                                                                            are
-                                                                            grouped
-                                                                            into
-                                                                            bytes,
-                                                                            looks
-                                                                            like:
-                                                                            0₇0₆0₅B₄B₃B₂B₁B₀
-                                                                            | ↩
-                                                                            0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈
-                                                                            | ↩
-                                                                            In
-                                                                            each
-                                                                            128-bit
-                                                                            lane,
-                                                                            we
-                                                                            want
-                                                                            to
-                                                                            put
-                                                                            bytes
-                                                                            8,
-                                                                            9,
-                                                                            10,
-                                                                            11,
-                                                                            12
-                                                                            after
-                                                                            bytes
-                                                                            0,
-                                                                            1,
-                                                                            2, 3
-                                                                            to
-                                                                            allow
-                                                                            for
-                                                                            sequential
-                                                                            reading.
-                                                                            We
-                                                                            now
-                                                                            have
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            lower
-                                                                            128-bit
-                                                                            lane,
-                                                                            ...
-                                                                            and
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            upper
-                                                                            128-bit
-                                                                            lane.
-                                                                          */
-                                                                         vector);
+      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
+          vector);
   __m128i lower_8 = uu____0.fst;
   __m128i upper_8 = uu____0.snd;
   uint8_t serialized[32U] = {0U};
@@ -1267,16 +880,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
                       (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U,
                       (int16_t)1 << 6U));
   __m256i coefficients1 = mm256_srli_epi16((int32_t)6, coefficients0, __m256i);
-  return mm256_and_si256(
-      /* Here I can prove this `and` is not useful */ coefficients1,
-      mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1));
+  return mm256_and_si256(coefficients1,
+                         mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1));
 }
 
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
-  Eurydice_slice lower_coefficients = Eurydice_slice_subslice2(
-      /* Here I can prove this `and` is not useful */ bytes, (size_t)0U,
-      (size_t)16U, uint8_t);
+  Eurydice_slice lower_coefficients =
+      Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t);
   Eurydice_slice upper_coefficients =
       Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t);
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -1442,64 +1053,26 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
   __m256i field_modulus =
       mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i potential_coefficients =
-      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can
-                                                             be interpreted as a
-                                                             sequence of
-                                                             serialized 12-bit
-                                                             (i.e. uncompressed)
-                                                             coefficients. Not
-                                                             all coefficients
-                                                             may be less than
-                                                             FIELD_MODULUS
-                                                             though. */
-                                                          input);
+      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input);
   __m256i compare_with_field_modulus =
-      mm256_cmpgt_epi16(/* Suppose we view |potential_coefficients| as follows
-                           (grouping 64-bit elements): A B C D | E F G H | ....
-                           and A < 3329, D < 3329 and H < 3329,
-                           |compare_with_field_modulus| will look like: 0xFF 0 0
-                           0xFF | 0 0 0 0xFF | ... */
-                        field_modulus,
-                        potential_coefficients);
+      mm256_cmpgt_epi16(field_modulus, potential_coefficients);
   uint8_t good[2U];
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each
-                                                      lane is either 0 or 1, we
-                                                      only need one bit from
-                                                      each lane in the register
-                                                      to tell us what
-                                                      coefficients to keep and
-                                                      what to throw-away.
-                                                      Combine all the bits
-                                                      (there are 16) into two
-                                                      bytes. */
-                                                   compare_with_field_modulus,
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
   memcpy(lower_shuffles,
-         /* Each bit (and its corresponding position) represents an element we
-            want to sample. We'd like all such elements to be next to each other
-            starting at index 0, so that they can be read from the vector
-            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
-            shuffling indices needed to make this happen. For e.g. if good[0] =
-            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
-            lane to the first. To do this, we need the byte-level shuffle
-            indices to be 2 3 X X X X ... */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[0U]],
          (size_t)16U * sizeof(uint8_t));
-  __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice(
-      (size_t)16U,
-      /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
-      uint8_t));
+  __m128i lower_shuffles0 = mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
   __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients);
   __m128i lower_coefficients0 =
       mm_shuffle_epi8(lower_coefficients, lower_shuffles0);
-  mm_storeu_si128(/* ... then write them out ... */ output,
-                  lower_coefficients0);
+  mm_storeu_si128(output, lower_coefficients0);
   size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]);
   uint8_t upper_shuffles[16U];
   memcpy(upper_shuffles,
-         /* Do the same for |goood[1]| */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[1U]],
          (size_t)16U * sizeof(uint8_t));
@@ -1852,13 +1425,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
-  H_a9_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)3U,
-                                      (size_t)768U * (size_t)3U + (size_t)32U,
-                                      uint8_t),
+  H_a9_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
@@ -2345,10 +1914,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c1(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -2407,7 +1972,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c1(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -2622,12 +2187,7 @@ with const generics
 static KRML_MUSTINLINE void ntt_at_layer_7_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
         re->coefficients[j + step], (int16_t)-1600);
@@ -2679,13 +2239,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2773,11 +2327,7 @@ with const generics
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     self->coefficients[i0] =
         libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
@@ -2792,9 +2342,7 @@ with const generics
 */
 static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  ntt_at_layer_7_61(/* Due to the small coefficient bound, we can skip the first
-                       round of Montgomery reductions. */
-                    re);
+  ntt_at_layer_7_61(re);
   size_t zeta_i = (size_t)1U;
   ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
   ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
@@ -2895,8 +2443,6 @@ with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
-   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_ef_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2929,14 +2475,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -2970,17 +2511,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
-    __m256i coefficient_normal_form = to_standard_domain_61(
-        self->coefficients[/* The coefficients are of the form aR^{-1} mod q,
-                              which means calling to_montgomery_domain() on them
-                              should return a mod q. */
-                           j]);
+    __m256i coefficient_normal_form =
+        to_standard_domain_61(self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -3010,8 +2544,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -3087,10 +2619,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
     IndCpaPrivateKeyUnpacked_63 *private_key,
     IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -3120,8 +2649,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
       sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_ab(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_ab(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -3146,13 +2675,11 @@ serialize_unpacked_secret_key_8c(IndCpaPublicKeyUnpacked_63 *public_key,
                                  IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_ed(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_ed(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_ed(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -3339,15 +2866,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa1(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_63 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   deserialize_ring_elements_reduced_ab(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -3524,13 +3047,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3561,10 +3078,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -3590,11 +3104,7 @@ static KRML_MUSTINLINE void add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -3707,26 +3217,8 @@ add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients
-            [/* FIXME: Eurydice crashes with: Warning 11: in top-level
-                declaration
-                libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                this expression is not Low*; the enclosing function cannot be
-                translated into C*: let mutable ret(Mark.Present,(Mark.AtMost
-                2), ): int16_t[16size_t] = $any in
-                libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                ((@9:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                &(((@8:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                @0; @0 Warning 11 is fatal, exiting. On the following code:
-                ```rust result.coefficients[i] =
-                Vector::barrett_reduce(Vector::add( coefficient_normal_form,
-                &Vector::add(self.coefficients[i], &message.coefficients[i]),
-                )); ``` */
-             i0],
-        &message->coefficients[i0]);
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
+                                                    &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
@@ -3774,18 +3266,8 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3793,18 +3275,12 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i);
@@ -3817,20 +3293,8 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -3884,18 +3348,8 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3903,18 +3357,12 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i);
@@ -3927,20 +3375,8 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4018,18 +3454,8 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -4037,18 +3463,12 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i);
@@ -4061,20 +3481,8 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4100,11 +3508,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
         compress_09_d1(to_unsigned_field_modulus_61(re.coefficients[i0]));
@@ -4131,18 +3535,8 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -4150,18 +3544,12 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i);
@@ -4174,20 +3562,8 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4213,11 +3589,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients =
         compress_09_f4(to_unsigned_representative_61(re.coefficients[i0]));
@@ -4305,11 +3677,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
     IndCpaPublicKeyUnpacked_63 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -4321,7 +3689,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_23 uu____3 =
       sample_ring_element_cbd_b41(copy_of_prf_input, domain_separator0);
@@ -4330,7 +3697,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -4338,11 +3705,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
-  compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_ab(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -4351,14 +3716,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
                                 &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -4553,8 +3916,7 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4562,16 +3924,12 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4579,27 +3937,12 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4654,8 +3997,7 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4663,16 +4005,12 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4680,27 +4018,12 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4823,8 +4146,7 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4832,16 +4154,12 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4849,27 +4167,12 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4919,8 +4222,7 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4928,16 +4230,12 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4945,27 +4243,12 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -5132,14 +4415,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_2f(
     IndCpaPrivateKeyUnpacked_63 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
-  deserialize_then_decompress_u_ed(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_ed(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -5160,8 +4440,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_2f(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-  deserialize_secret_key_ab(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -5481,13 +4760,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
-  H_a9_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)4U,
-                                      (size_t)768U * (size_t)4U + (size_t)32U,
-                                      uint8_t),
+  H_a9_ac(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)4U,
+              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
@@ -5964,10 +5239,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c(
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_78(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -6026,7 +5297,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -6177,14 +5448,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -6215,8 +5481,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_42(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -6292,10 +5556,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
     IndCpaPrivateKeyUnpacked_39 *private_key,
     IndCpaPublicKeyUnpacked_39 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_6a(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_6a(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6325,8 +5586,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
       sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_42(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_42(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6351,13 +5612,11 @@ serialize_unpacked_secret_key_c9(IndCpaPublicKeyUnpacked_39 *public_key,
                                  IndCpaPrivateKeyUnpacked_39 *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_1e(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_78(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_78(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6544,15 +5803,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa0(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_39 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t);
   deserialize_ring_elements_reduced_42(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1536U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -6644,10 +5899,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -6877,11 +6129,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
     IndCpaPublicKeyUnpacked_39 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -6893,7 +6141,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_dd uu____3 =
       sample_ring_element_cbd_b4(copy_of_prf_input, domain_separator0);
@@ -6902,7 +6149,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
       error_1, uu____3.fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -6910,11 +6157,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[4U];
-  compute_vector_u_42(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_42(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -6923,14 +6168,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[4U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_c9(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_1e(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
@@ -7244,14 +6487,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_37(
     IndCpaPrivateKeyUnpacked_39 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U];
-  deserialize_then_decompress_u_1e(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_1e(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_78(
-          Eurydice_array_to_subslice_from(
-              (size_t)1568U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)1408U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
+                                          (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -7272,8 +6512,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_37(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
-  deserialize_secret_key_42(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_42(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -7581,13 +6820,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
-  H_a9_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)2U,
-                                      (size_t)768U * (size_t)2U + (size_t)32U,
-                                      uint8_t),
+  H_a9_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
@@ -8038,10 +7273,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c0(
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_29(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -8100,7 +7331,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c0(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -8256,14 +7487,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -8294,8 +7520,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_89(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -8371,10 +7595,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
     IndCpaPrivateKeyUnpacked_94 *private_key,
     IndCpaPublicKeyUnpacked_94 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_f8(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_f8(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8404,8 +7625,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
       sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_89(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_89(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -8430,13 +7651,11 @@ serialize_unpacked_secret_key_2d(IndCpaPublicKeyUnpacked_94 *public_key,
                                  IndCpaPrivateKeyUnpacked_94 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_ba(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_29(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_29(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -8623,15 +7842,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_94 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t);
   deserialize_ring_elements_reduced_89(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)768U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -8769,10 +7984,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -8964,11 +8176,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
     IndCpaPublicKeyUnpacked_94 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -8980,7 +8188,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_40 uu____3 =
       sample_ring_element_cbd_b40(copy_of_prf_input, domain_separator0);
@@ -8989,7 +8196,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
       error_1, uu____3.fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -8997,11 +8204,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[2U];
-  compute_vector_u_89(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_89(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -9010,14 +8215,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
                                 &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[2U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_2d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_ba(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
@@ -9301,14 +8504,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_4b(
     IndCpaPrivateKeyUnpacked_94 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U];
-  deserialize_then_decompress_u_ba(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_ba(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_29(
-          Eurydice_array_to_subslice_from(
-              (size_t)768U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)640U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
+                                          (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -9329,8 +8529,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_4b(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
-  deserialize_secret_key_89(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_89(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[2U];
   memcpy(
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 8c8ecaf37..c127a7b25 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c
deleted file mode 100644
index 68997c944..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405
- * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3
- * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a
- * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7
- * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d
- */
-
-#include "libcrux_mlkem_neon.h"
-
-KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input,
-                                                          uint8_t ret[64U]) {
-  uint8_t digest[64U] = {0U};
-  libcrux_sha3_neon_sha512(
-      Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input);
-  memcpy(ret, digest, (size_t)64U * sizeof(uint8_t));
-}
-
-KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input,
-                                                          uint8_t ret[32U]) {
-  uint8_t digest[32U] = {0U};
-  libcrux_sha3_neon_sha256(
-      Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
-  memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
-}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h
deleted file mode 100644
index aee7d70ec..000000000
--- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405
- * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3
- * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a
- * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7
- * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d
- */
-
-#ifndef __libcrux_mlkem_neon_H
-#define __libcrux_mlkem_neon_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "eurydice_glue.h"
-#include "libcrux_core.h"
-#include "libcrux_sha3_neon.h"
-
-void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input,
-                                          uint8_t ret[64U]);
-
-void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input,
-                                          uint8_t ret[32U]);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __libcrux_mlkem_neon_H_DEFINED
-#endif
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index cb7f734b3..128049b3b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -1152,28 +1152,11 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
 */
 uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
     uint16_t fe) {
-  int16_t shifted =
-      (int16_t)1664 -
-      (int16_t) /* The approach used here is inspired by:
-                   https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
-                   If 833 <= fe <= 2496, then -832 <= shifted <= 831 */
-      fe;
-  int16_t mask =
-      /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) =
-         -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive
-         <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so
-         if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */
-      shifted
-
-      >> 15U;
+  int16_t shifted = (int16_t)1664 - (int16_t)fe;
+  int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 =
-      /* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means the
-         most significant bit of shifted_positive_in_range will be 1. */
-      shifted_positive_in_range
-
-      >> 15U;
+  int16_t r0 = shifted_positive_in_range >> 15U;
   int16_t r1 = r0 & (int16_t)1;
   return (uint8_t)r1;
 }
@@ -1209,16 +1192,7 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
 
 int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
     uint8_t coefficient_bits, uint16_t fe) {
-  uint64_t compressed =
-      (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits
-                    == 5 || coefficient_bits == 10 || coefficient_bits == 11 );
-                    hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to
-                    be constant time due to:
-                    https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
-                  */
-      fe
-
-      << (uint32_t)coefficient_bits;
+  uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
   compressed = compressed + 1664ULL;
   compressed = compressed * 10321340ULL;
   compressed = compressed >> 35U;
@@ -2738,13 +2712,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
-  H_f1_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)4U,
-                                      (size_t)768U * (size_t)4U + (size_t)32U,
-                                      uint8_t),
+  H_f1_ac(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)4U,
+              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
@@ -3234,10 +3204,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b(
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_ff(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -3297,7 +3263,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -3495,12 +3461,7 @@ with const generics
 static KRML_MUSTINLINE void ntt_at_layer_7_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
         libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
@@ -3562,13 +3523,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3660,11 +3615,7 @@ with const generics
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -3681,9 +3632,7 @@ with const generics
 */
 static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  ntt_at_layer_7_8c(/* Due to the small coefficient bound, we can skip the first
-                       round of Montgomery reductions. */
-                    re);
+  ntt_at_layer_7_8c(re);
   size_t zeta_i = (size_t)1U;
   ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
   ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
@@ -3786,8 +3735,6 @@ with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
-   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_ef_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -3824,11 +3771,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_d0(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -3868,18 +3811,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_8c(
-            self->coefficients[/* The coefficients are of the form aR^{-1} mod
-                                  q, which means calling to_montgomery_domain()
-                                  on them should return a mod q. */
-                               j]);
+        coefficient_normal_form = to_standard_domain_8c(self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3911,8 +3846,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -3988,10 +3921,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
     IndCpaPrivateKeyUnpacked_af *private_key,
     IndCpaPublicKeyUnpacked_af *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_03(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_03(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -4021,8 +3951,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
       sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_d0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_d0(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -4047,13 +3977,11 @@ serialize_unpacked_secret_key_2f(IndCpaPublicKeyUnpacked_af *public_key,
                                  IndCpaPrivateKeyUnpacked_af *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_00(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_ff(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_ff(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -4241,15 +4169,11 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_af *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t);
   deserialize_ring_elements_reduced_d0(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1536U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4436,13 +4360,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -4473,10 +4391,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -4502,11 +4417,7 @@ static KRML_MUSTINLINE void add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4632,27 +4543,8 @@ add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(
-            self->coefficients[/* FIXME: Eurydice crashes with: Warning 11: in
-                                  top-level declaration
-                                  libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                                  this expression is not Low*; the enclosing
-                                  function cannot be translated into C*: let
-                                  mutable ret(Mark.Present,(Mark.AtMost 2), ):
-                                  int16_t[16size_t] = $any in
-                                  libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                                  ((@9:
-                                  libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                                  &(((@8:
-                                  libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                                  @0; @0 Warning 11 is fatal, exiting. On the
-                                  following code: ```rust result.coefficients[i]
-                                  = Vector::barrett_reduce(Vector::add(
-                                  coefficient_normal_form,
-                                  &Vector::add(self.coefficients[i],
-                                  &message.coefficients[i]), )); ``` */
-                               i0],
-            &message->coefficients[i0]);
+        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+                                              &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
@@ -4865,11 +4757,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         compress_0d_d1(to_unsigned_field_modulus_8c(re.coefficients[i0]));
@@ -4924,11 +4812,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
         compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0]));
@@ -5017,11 +4901,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
     IndCpaPublicKeyUnpacked_af *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5033,7 +4913,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_dd0 uu____3 =
       sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0);
@@ -5042,7 +4921,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
       error_1, uu____3.fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -5050,11 +4929,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[4U];
-  compute_vector_u_d0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_d0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -5063,14 +4940,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[4U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_2f(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_00(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
@@ -5709,14 +5584,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_7d(
     IndCpaPrivateKeyUnpacked_af *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U];
-  deserialize_then_decompress_u_00(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_00(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_ff(
-          Eurydice_array_to_subslice_from(
-              (size_t)1568U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)1408U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
+                                          (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -5737,8 +5609,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_7d(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
-  deserialize_secret_key_d0(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_d0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[4U];
   memcpy(
@@ -6058,13 +5929,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
-  H_f1_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)2U,
-                                      (size_t)768U * (size_t)2U + (size_t)32U,
-                                      uint8_t),
+  H_f1_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
@@ -6514,10 +6381,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b0(
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_64(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -6577,7 +6440,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b0(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -6723,11 +6586,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -6762,8 +6621,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -6839,10 +6696,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
     IndCpaPrivateKeyUnpacked_d4 *private_key,
     IndCpaPublicKeyUnpacked_d4 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_10(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_10(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6872,8 +6726,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
       sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_a0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_a0(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6898,13 +6752,11 @@ serialize_unpacked_secret_key_6d(IndCpaPublicKeyUnpacked_d4 *public_key,
                                  IndCpaPrivateKeyUnpacked_d4 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_86(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_64(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_64(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7092,15 +6944,11 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f0(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_d4 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t);
   deserialize_ring_elements_reduced_a0(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)768U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7226,10 +7074,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -7460,11 +7305,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
     IndCpaPublicKeyUnpacked_d4 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -7477,7 +7318,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_400 uu____3 =
       sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0);
@@ -7486,7 +7326,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
       error_1, uu____3.fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -7494,11 +7334,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[2U];
-  compute_vector_u_a0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_a0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -7507,14 +7345,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
                                 &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[2U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_6d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_86(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
@@ -7829,14 +7665,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_d1(
     IndCpaPrivateKeyUnpacked_d4 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U];
-  deserialize_then_decompress_u_86(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_86(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_64(
-          Eurydice_array_to_subslice_from(
-              (size_t)768U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)640U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
+                                          (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -7857,8 +7690,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_d1(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
-  deserialize_secret_key_a0(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_a0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[2U];
   memcpy(
@@ -8166,13 +7998,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
-  H_f1_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)3U,
-                                      (size_t)768U * (size_t)3U + (size_t)32U,
-                                      uint8_t),
+  H_f1_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
@@ -8628,10 +8456,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b1(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -8691,7 +8515,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b1(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -8826,11 +8650,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -8865,8 +8685,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -8942,10 +8760,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
     IndCpaPrivateKeyUnpacked_a0 *private_key,
     IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8975,8 +8790,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
       sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_1b(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_1b(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -9001,13 +8816,11 @@ serialize_unpacked_secret_key_43(IndCpaPublicKeyUnpacked_a0 *public_key,
                                  IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_6c(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_89(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_89(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -9195,15 +9008,11 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f1(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_a0 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   deserialize_ring_elements_reduced_1b(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -9297,10 +9106,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -9493,11 +9299,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
     IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -9510,7 +9312,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_230 uu____3 =
       sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0);
@@ -9519,7 +9320,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -9527,11 +9328,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
-  compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_1b(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -9540,14 +9339,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
                                 &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -9832,14 +9629,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_42(
     IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
-  deserialize_then_decompress_u_6c(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_89(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -9860,8 +9654,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_42(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-  deserialize_secret_key_1b(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_1b(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index ac6ffd774..33fff6338 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 02cbdbbe7..3101a818f 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index f7175755f..4e234ddec 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "internal/libcrux_sha3_avx2.h"
@@ -77,8 +77,7 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
 }
 
 static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) {
-  __m256i c0 = mm256_set1_epi64x(
-      (int64_t) /* Casting here is required, doesn't change the value. */ c);
+  __m256i c0 = mm256_set1_epi64x((int64_t)c);
   return mm256_xor_si256(a, c0);
 }
 
@@ -1431,13 +1430,13 @@ static KRML_MUSTINLINE void store_block_5b(__m256i (*s)[5U],
         s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
         __m256i);
-    __m256i v1h = mm256_permute2x128_si256(
-        (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
-        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
-        __m256i);
+    __m256i v1h =
+        mm256_permute2x128_si256((int32_t)32,
+                                 s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+                                 s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+                                 __m256i);
     __m256i v2l = mm256_permute2x128_si256(
         (int32_t)49,
         s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
@@ -1748,16 +1747,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1,
                                    Eurydice_slice input2, Eurydice_slice input3,
                                    Eurydice_slice out0, Eurydice_slice out1,
                                    Eurydice_slice out2, Eurydice_slice out3) {
-  Eurydice_slice buf0[4U] = {
-      /* XXX: These functions could alternatively implement the same with the
-         portable implementation #[cfg(feature = "simd128")] { keccakx2::<136,
-         0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136,
-         0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136,
-         0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]);
-         keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136,
-         0x1fu8>([input3], [out3]); } */
-      input0,
-      input1, input2, input3};
+  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
   keccak_fb(buf0, buf);
 }
@@ -1972,13 +1962,13 @@ static KRML_MUSTINLINE void store_block_3a(__m256i (*s)[5U],
         s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
         __m256i);
-    __m256i v1h = mm256_permute2x128_si256(
-        (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
-        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
-        __m256i);
+    __m256i v1h =
+        mm256_permute2x128_si256((int32_t)32,
+                                 s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+                                 s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+                                 __m256i);
     __m256i v2l = mm256_permute2x128_si256(
         (int32_t)49,
         s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 4f12372a4..7a6e0c8cb 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 8e4e14f98..7c140d2b8 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_sha3_internal_H
@@ -1811,7 +1811,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
@@ -2160,7 +2159,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
@@ -2509,7 +2507,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
@@ -2698,7 +2695,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
@@ -2817,7 +2813,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
@@ -3166,7 +3161,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 88962fca5..c16b77594 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #include "libcrux_sha3_neon.h"
@@ -62,7 +62,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
                                                    Eurydice_slice input1,
                                                    Eurydice_slice out0,
                                                    Eurydice_slice out1) {
-  /* TODO: make argument ordering consistent */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -73,9 +72,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
 */
 KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
 libcrux_sha3_neon_x2_incremental_init(void) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let s0 = KeccakState::new(); let s1 =
-   * KeccakState::new(); [s0, s1] } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -87,10 +83,6 @@ libcrux_sha3_neon_x2_incremental_init(void) {
 KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -104,10 +96,6 @@ KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_first_three_blocks(&mut s0, out0);
-   * shake128_squeeze_first_three_blocks(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -121,10 +109,6 @@ KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_next_block(&mut s0, out0);
-   * shake128_squeeze_next_block(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -148,10 +132,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks(
 KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 804cd8b90..2f179ee38 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 7a47df612..420446603 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
 Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
-Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index d00e0bb1f..b5a34d0e2 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 6f4f9eeeb..ddf47bd96 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 809203215..aa0858642 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -171,16 +171,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16(
       LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i v_minus_field_modulus =
-      libcrux_intrinsics_avx2_mm256_sub_epi16(/* Compute v_i - Q and crate a
-                                                 mask from the sign bit of each
-                                                 of these quantities. */
-                                              vector, field_modulus);
+      libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus);
   __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16(
       (int32_t)15, v_minus_field_modulus, __m256i);
   __m256i conditional_add_field_modulus =
-      libcrux_intrinsics_avx2_mm256_and_si256(/* If v_i - Q < 0 then add back Q
-                                                 to (v_i - Q). */
-                                              sign_mask, field_modulus);
+      libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus);
   return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus,
                                                  conditional_add_field_modulus);
 }
@@ -562,7 +557,6 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
     __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  /* Compute the first term of the product */
   __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8(
       (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6,
       (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8,
@@ -570,8 +564,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2,
       (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4,
       (int8_t)1, (int8_t)0);
-  __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      /* Prepare the left hand side */ lhs, shuffle_with);
+  __m256i lhs_shuffled =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with);
   __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
       (int32_t)216, lhs_shuffled, __m256i);
   __m128i lhs_evens =
@@ -580,8 +574,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256(
       (int32_t)1, lhs_shuffled0, __m128i);
   __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds);
-  __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      /* Prepare the right hand side */ rhs, shuffle_with);
+  __m256i rhs_shuffled =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with);
   __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
       (int32_t)216, rhs_shuffled, __m256i);
   __m128i rhs_evens =
@@ -590,8 +584,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256(
       (int32_t)1, rhs_shuffled0, __m128i);
   __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds);
-  __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(
-      /* Start operating with them */ lhs_evens0, rhs_evens0);
+  __m256i left =
+      libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0);
   __m256i right =
       libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0);
   __m256i right0 =
@@ -606,7 +600,7 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
           products_left);
   __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      /* Compute the second term of the product */ rhs,
+      rhs,
       libcrux_intrinsics_avx2_mm256_set_epi8(
           (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8,
           (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6,
@@ -621,10 +615,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
           products_right);
   __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)16, products_right0, __m256i);
-  return libcrux_intrinsics_avx2_mm256_blend_epi16(
-      (int32_t)170,
-      /* Combine them into one vector */ products_left0, products_right1,
-      __m256i);
+  return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0,
+                                                   products_right1, __m256i);
 }
 
 /**
@@ -642,60 +634,13 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
     __m256i vector, uint8_t ret[2U]) {
-  __m256i lsb_to_msb = libcrux_intrinsics_avx2_mm256_slli_epi16(
-      (int32_t)15,
-      /* Suppose |vector| is laid out as follows (superscript number indicates
-         the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀
-         0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least
-         significant bit in each lane, move it to the most significant position
-         to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵
-         d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵
-         n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */
-      vector, __m256i);
-  __m128i low_msbs =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* Get the first 8 16-bit
-                                                       elements ... */
-                                                    lsb_to_msb);
+  __m256i lsb_to_msb =
+      libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i);
+  __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb);
   __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i);
-  __m128i msbs =
-      libcrux_intrinsics_avx2_mm_packs_epi16(/* ... and then pack them into
-                                                8-bit values using signed
-                                                saturation. This function packs
-                                                all the |low_msbs|, and then the
-                                                high ones. low_msbs = a₀0¹⁵
-                                                b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵
-                                                g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵
-                                                j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵
-                                                o₀0¹⁵ p₀0¹⁵ We shifted by 15
-                                                above to take advantage of the
-                                                signed saturation performed by
-                                                mm_packs_epi16: - if the sign
-                                                bit of the 16-bit element being
-                                                packed is 1, the corresponding
-                                                8-bit element in |msbs| will be
-                                                0xFF. - if the sign bit of the
-                                                16-bit element being packed is
-                                                0, the corresponding 8-bit
-                                                element in |msbs| will be 0.
-                                                Thus, if, for example, a₀ = 1,
-                                                e₀ = 1, and p₀ = 1, and every
-                                                other bit is 0, after packing
-                                                into 8 bit value, |msbs| will
-                                                look like: 0xFF 0x00 0x00 0x00 |
-                                                0xFF 0x00 0x00 0x00 | 0x00 0x00
-                                                0x00 0x00 | 0x00 0x00 0x00 0xFF
-                                              */
-                                             low_msbs, high_msbs);
-  int32_t bits_packed =
-      libcrux_intrinsics_avx2_mm_movemask_epi8(/* Now that every element is
-                                                  either 0xFF or 0x00, we just
-                                                  extract the most significant
-                                                  bit from each element and
-                                                  collate them into two bytes.
-                                                */
-                                               msbs);
+      (int32_t)1, lsb_to_msb, __m128i);
+  __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs);
+  int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs);
   uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)};
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
@@ -714,63 +659,18 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b) {
-  __m256i coefficients =
-      libcrux_intrinsics_avx2_mm256_set_epi16(/* We need to take each bit from
-                                                 the 2 bytes of input and put
-                                                 them into their own 16-bit
-                                                 lane. Ideally, we'd load the
-                                                 two bytes into the vector,
-                                                 duplicate them, and right-shift
-                                                 the 0th element by 0 bits, the
-                                                 first element by 1 bit, the
-                                                 second by 2 bits and so on
-                                                 before AND-ing with 0x1 to
-                                                 leave only the least
-                                                 signifinicant bit. But since
-                                                 |_mm256_srlv_epi16| does not
-                                                 exist, so we have to resort to
-                                                 a workaround. Rather than
-                                                 shifting each element by a
-                                                 different amount, we'll
-                                                 multiply each element by a
-                                                 value such that the bit we're
-                                                 interested in becomes the most
-                                                 significant bit. The
-                                                 coefficients are loaded as
-                                                 follows: */
-                                              b, b, b, b, b, b, b, b, a, a, a,
-                                              a, a, a, a, a);
-  __m256i coefficients_in_msb =
-      libcrux_intrinsics_avx2_mm256_mullo_epi16(/* And this vector, when
-                                                   multiplied with the previous
-                                                   one, ensures that the bit
-                                                   we'd like to keep in each
-                                                   lane becomes the most
-                                                   significant bit upon
-                                                   multiplication. */
-                                                coefficients,
-                                                libcrux_intrinsics_avx2_mm256_set_epi16(
-                                                    (int16_t)1 << 8U,
-                                                    (int16_t)1 << 9U,
-                                                    (int16_t)1 << 10U,
-                                                    (int16_t)1 << 11U,
-                                                    (int16_t)1 << 12U,
-                                                    (int16_t)1 << 13U,
-                                                    (int16_t)1 << 14U,
-                                                    (int16_t)-32768,
-                                                    (int16_t)1 << 8U,
-                                                    (int16_t)1 << 9U,
-                                                    (int16_t)1 << 10U,
-                                                    (int16_t)1 << 11U,
-                                                    (int16_t)1 << 12U,
-                                                    (int16_t)1 << 13U,
-                                                    (int16_t)1 << 14U,
-                                                    (int16_t)-32768));
-  return libcrux_intrinsics_avx2_mm256_srli_epi16(
-      (int32_t)15,
-      /* Now that they're all in the most significant bit position, shift them
-         down to the least significant bit. */
-      coefficients_in_msb, __m256i);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(
+      b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
+  __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi16(
+                        (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U,
+                        (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U,
+                        (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U,
+                        (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U,
+                        (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U,
+                        (int16_t)-32768));
+  return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15,
+                                                  coefficients_in_msb, __m256i);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -785,23 +685,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* We need to take each bit from the 2 bytes of input and put them
-             into their own 16-bit lane. Ideally, we'd load the two bytes into
-             the vector, duplicate them, and right-shift the 0th element by 0
-             bits, the first element by 1 bit, the second by 2 bits and so on
-             before AND-ing with 0x1 to leave only the least signifinicant bit.
-             But since |_mm256_srlv_epi16| does not exist, so we have to resort
-             to a workaround. Rather than shifting each element by a different
-             amount, we'll multiply each element by a value such that the bit
-             we're interested in becomes the most significant bit. The
-             coefficients are loaded as follows: And this vector, when
-             multiplied with the previous one, ensures that the bit we'd like to
-             keep in each lane becomes the most significant bit upon
-             multiplication. Now that they're all in the most significant bit
-             position, shift them down to the least significant bit. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
@@ -837,70 +721,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
     __m256i vector, uint8_t ret[8U]) {
   uint8_t serialized[16U] = {0U};
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          4U,
-          /* If |vector| is laid out as follows: 0x000A 0x000B 0x000C 0x000D |
-             0x000E 0x000F 0x000G 0x000H | .... |adjacent_2_combined| will be
-             laid out as a series of 32-bit integeres, as follows: 0x00_00_00_BA
-             0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */
-          vector);
-  __m256i adjacent_8_combined =
-      libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* Recall that
-                                                    |adjacent_2_combined| goes
-                                                    as follows: 0x00_00_00_BA
-                                                    0x00_00_00_DC |
-                                                    0x00_00_00_FE 0x00_00_00_HG
-                                                    | ... Out of this, we only
-                                                    need the first byte, the 4th
-                                                    byte, the 8th byte and so on
-                                                    from the bottom and the top
-                                                    128 bits. */
-                                                 adjacent_2_combined,
-                                                 libcrux_intrinsics_avx2_mm256_set_epi8(
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)8,
-                                                     (int8_t)4, (int8_t)0,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)8,
-                                                     (int8_t)4, (int8_t)0));
-  __m256i combined =
-      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(/* |adjacent_8_combined|
-                                                            looks like this: 0:
-                                                            0xHG_FE_DC_BA 1:
-                                                            0x00_00_00_00 | 2:
-                                                            0x00_00_00_00 3:
-                                                            0x00_00_00_00 | 4:
-                                                            0xPO_NM_LK_JI ....
-                                                            We put the element
-                                                            at 4 after the
-                                                            element at 0 ... */
-                                                         adjacent_8_combined,
-                                                         libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)4,
-                                                             (int32_t)0));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector);
+  __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      adjacent_2_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0));
+  __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+      adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32(
+                               (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
+                               (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0));
   __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
-      Eurydice_array_to_slice(
-          (size_t)16U,
-          /* ... so that we can read them out in one go. */ serialized,
-          uint8_t),
-      combined0);
+      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
   uint8_t ret0[8U];
   Result_15 dst;
   Eurydice_slice_to_array2(
@@ -926,33 +763,8 @@ static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
     int16_t b6, int16_t b7) {
-  __m256i coefficients =
-      libcrux_intrinsics_avx2_mm256_set_epi16(/* Every 4 bits from each byte of
-                                                 input should be put into its
-                                                 own 16-bit lane. Since
-                                                 |_mm256_srlv_epi16| does not
-                                                 exist, we have to resort to a
-                                                 workaround. Rather than
-                                                 shifting each element by a
-                                                 different amount, we'll
-                                                 multiply each element by a
-                                                 value such that the bits we're
-                                                 interested in become the most
-                                                 significant bits (of an 8-bit
-                                                 value). In this lane, the 4
-                                                 bits we need to put are already
-                                                 the most significant bits of
-                                                 |bytes[7]| (that is, b7). */
-                                              b7,
-                                              /* In this lane, the 4 bits we
-                                                 need to put are the least
-                                                 significant bits, so we need to
-                                                 shift the 4 least-significant
-                                                 bits of |b7| to the most
-                                                 significant bits (of an 8-bit
-                                                 value). */
-                                              b7, b6, b6, b5, b5, b4, b4, b3,
-                                              b3, b2, b2, b1, b1, b0, b0);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(
+      b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0);
   __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(
       coefficients, libcrux_intrinsics_avx2_mm256_set_epi16(
                         (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
@@ -962,14 +774,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
                         (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
                         (int16_t)1 << 4U));
   __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16(
-      (int32_t)4,
-      /* Once the 4-bit coefficients are in the most significant positions (of
-         an 8-bit value), shift them all down by 4. */
-      coefficients_in_msb, __m256i);
+      (int32_t)4, coefficients_in_msb, __m256i);
   return libcrux_intrinsics_avx2_mm256_and_si256(
-      /* Zero the remaining bits. */ coefficients_in_lsb,
-      libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) -
-                                               (int16_t)1));
+      coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16(
+                               ((int16_t)1 << 4U) - (int16_t)1));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -986,23 +794,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* Every 4 bits from each byte of input should be put into its own
-             16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to
-             resort to a workaround. Rather than shifting each element by a
-             different amount, we'll multiply each element by a value such that
-             the bits we're interested in become the most significant bits (of
-             an 8-bit value). In this lane, the 4 bits we need to put are
-             already the most significant bits of |bytes[7]| (that is, b7). In
-             this lane, the 4 bits we need to put are the least significant
-             bits, so we need to shift the 4 least-significant bits of |b7| to
-             the most significant bits (of an 8-bit value). These constants are
-             chosen to shift the bits of the values that we loaded into
-             |coefficients|. Once the 4-bit coefficients are in the most
-             significant positions (of an 8-bit value), shift them all down
-             by 4. Zero the remaining bits. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
@@ -1026,106 +818,35 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
     __m256i vector, uint8_t ret[10U]) {
   uint8_t serialized[32U] = {0U};
-  __m256i adjacent_2_combined =
-      libcrux_intrinsics_avx2_mm256_madd_epi16(/* If |vector| is laid out as
-                                                  follows (superscript number
-                                                  indicates the corresponding
-                                                  bit is duplicated that many
-                                                  times): 0¹¹a₄a₃a₂a₁a₀
-                                                  0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀
-                                                  0¹¹d₄d₃d₂d₁d₀ | ↩
-                                                  0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀
-                                                  0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ |
-                                                  ↩ |adjacent_2_combined| will
-                                                  be laid out as a series of
-                                                  32-bit integers, as follows:
-                                                  0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
-                                                  0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                                                  .... */
-                                               vector,
-                                               libcrux_intrinsics_avx2_mm256_set_epi16(
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U,
-                                                   (int16_t)1));
-  __m256i adjacent_4_combined =
-      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Recall that
-                                                  |adjacent_2_combined| is laid
-                                                  out as follows:
-                                                  0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
-                                                  0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                                                  .... This shift results in:
-                                                  b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²²
-                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
-                                                  f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²²
-                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                                                  .... */
-                                               adjacent_2_combined,
-                                               libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                   (int32_t)0, (int32_t)22,
-                                                   (int32_t)0, (int32_t)22,
-                                                   (int32_t)0, (int32_t)22,
-                                                   (int32_t)0, (int32_t)22));
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16(
+      vector, libcrux_intrinsics_avx2_mm256_set_epi16(
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1));
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_2_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0,
+          (int32_t)22, (int32_t)0, (int32_t)22));
   __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
-      (int32_t)22,
-      /* |adjacent_4_combined|, when viewed as 64-bit lanes, is:
-         0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩
-         0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift
-         down by 22 bits to remove the least significant 0 bits that aren't part
-         of the bits we need. */
-      adjacent_4_combined, __m256i);
+      (int32_t)22, adjacent_4_combined, __m256i);
   __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
-      (int32_t)8,
-      /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks
-         like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³²
-         2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to
-         read out the bytes in one go, we need to shifts the bits in position 2
-         to position 1 in each 128-bit lane. */
-      adjacent_4_combined0, __m256i);
-  __m256i adjacent_8_combined0 =
-      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* |adjacent_8_combined|, when
-                                                  viewed as a set of 32-bit
-                                                  values, now looks like:
-                                                  0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                                                  0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                                                  0³² 0³² | ↩ Once again, we
-                                                  line these bits up by shifting
-                                                  the up values at indices 0 and
-                                                  5 by 12, viewing the resulting
-                                                  register as a set of 64-bit
-                                                  values, and then shifting down
-                                                  the 64-bit values by 12 bits.
-                                                */
-                                               adjacent_8_combined,
-                                               libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                   (int32_t)0, (int32_t)0,
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)0,
-                                                   (int32_t)0, (int32_t)12));
+      (int32_t)8, adjacent_4_combined0, __m256i);
+  __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_8_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0,
+          (int32_t)0, (int32_t)0, (int32_t)12));
   __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64(
       (int32_t)12, adjacent_8_combined0, __m256i);
   __m128i lower_8 =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 40 bits
-                                                       starting at position 0 in
-                                                       the lower 128-bit lane,
-                                                       ... */
-                                                    adjacent_8_combined1);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
       lower_8);
   __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the second 40 bits at position 0 in the upper 128-bit lane */
-      adjacent_8_combined1, __m128i);
+      (int32_t)1, adjacent_8_combined1, __m128i);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
@@ -1231,87 +952,27 @@ static inline core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
     __m256i vector) {
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          10U,
-          /* If |vector| is laid out as follows (superscript number indicates
-             the corresponding bit is duplicated that many times):
-             0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-             0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩
-             0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-             0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ...
-             |adjacent_2_combined| will be laid out as a series of 32-bit
-             integers, as follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-             0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
-             0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-             0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... */
-          vector);
-  __m256i adjacent_4_combined =
-      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Shifting up the values at the
-                                                  even indices by 12, we get:
-                                                  b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                  0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                  | ↩
-                                                  f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                  0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                  | ↩ ... */
-                                               adjacent_2_combined,
-                                               libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)12));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector);
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_2_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0,
+          (int32_t)12, (int32_t)0, (int32_t)12));
   __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
-      (int32_t)12,
-      /* Viewing this as a set of 64-bit integers we get:
-         0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-         | ↩
-         0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-         | ↩ ... Shifting down by 12 gives us:
-         0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-         | ↩
-         0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-         | ↩ ... */
-      adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined =
-      libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* |adjacent_4_combined|, when
-                                                    the bottom and top 128
-                                                    bit-lanes are grouped into
-                                                    bytes, looks like:
-                                                    0₇0₆0₅B₄B₃B₂B₁B₀ | ↩
-                                                    0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩
-                                                    In each 128-bit lane, we
-                                                    want to put bytes 8, 9, 10,
-                                                    11, 12 after bytes 0, 1, 2,
-                                                    3 to allow for sequential
-                                                    reading. */
-                                                 adjacent_4_combined0,
-                                                 libcrux_intrinsics_avx2_mm256_set_epi8(
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)11,
-                                                     (int8_t)10, (int8_t)9,
-                                                     (int8_t)8, (int8_t)4,
-                                                     (int8_t)3, (int8_t)2,
-                                                     (int8_t)1, (int8_t)0,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)11,
-                                                     (int8_t)10, (int8_t)9,
-                                                     (int8_t)8, (int8_t)4,
-                                                     (int8_t)3, (int8_t)2,
-                                                     (int8_t)1, (int8_t)0));
+      (int32_t)12, adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      adjacent_4_combined0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8,
+          (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
+          (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
   __m128i lower_8 =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 64 bits
-                                                       starting at position 0 in
-                                                       the lower 128-bit lane,
-                                                       ... */
-                                                    adjacent_8_combined);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined);
   __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* and 64 bits starting at position 0 in the upper 128-bit lane. */
-      adjacent_8_combined, __m128i);
+      (int32_t)1, adjacent_8_combined, __m128i);
   return (
       CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8});
 }
@@ -1320,167 +981,8 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
     __m256i vector, uint8_t ret[20U]) {
   core_core_arch_x86___m128i_x2 uu____0 =
-      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(/* If
-                                                                            |vector|
-                                                                            is
-                                                                            laid
-                                                                            out
-                                                                            as
-                                                                            follows
-                                                                            (superscript
-                                                                            number
-                                                                            indicates
-                                                                            the
-                                                                            corresponding
-                                                                            bit
-                                                                            is
-                                                                            duplicated
-                                                                            that
-                                                                            many
-                                                                            times):
-                                                                            0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-                                                                            0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀
-                                                                            | ↩
-                                                                            0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-                                                                            0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_2_combined|
-                                                                            will
-                                                                            be
-                                                                            laid
-                                                                            out
-                                                                            as a
-                                                                            series
-                                                                            of
-                                                                            32-bit
-                                                                            integers,
-                                                                            as
-                                                                            follows:
-                                                                            0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ....
-                                                                            Shifting
-                                                                            up
-                                                                            the
-                                                                            values
-                                                                            at
-                                                                            the
-                                                                            even
-                                                                            indices
-                                                                            by
-                                                                            12,
-                                                                            we
-                                                                            get:
-                                                                            b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ...
-                                                                            Viewing
-                                                                            this
-                                                                            as a
-                                                                            set
-                                                                            of
-                                                                            64-bit
-                                                                            integers
-                                                                            we
-                                                                            get:
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            | ↩
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            | ↩
-                                                                            ...
-                                                                            Shifting
-                                                                            down
-                                                                            by
-                                                                            12
-                                                                            gives
-                                                                            us:
-                                                                            0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            | ↩
-                                                                            0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_4_combined|,
-                                                                            when
-                                                                            the
-                                                                            bottom
-                                                                            and
-                                                                            top
-                                                                            128
-                                                                            bit-lanes
-                                                                            are
-                                                                            grouped
-                                                                            into
-                                                                            bytes,
-                                                                            looks
-                                                                            like:
-                                                                            0₇0₆0₅B₄B₃B₂B₁B₀
-                                                                            | ↩
-                                                                            0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈
-                                                                            | ↩
-                                                                            In
-                                                                            each
-                                                                            128-bit
-                                                                            lane,
-                                                                            we
-                                                                            want
-                                                                            to
-                                                                            put
-                                                                            bytes
-                                                                            8,
-                                                                            9,
-                                                                            10,
-                                                                            11,
-                                                                            12
-                                                                            after
-                                                                            bytes
-                                                                            0,
-                                                                            1,
-                                                                            2, 3
-                                                                            to
-                                                                            allow
-                                                                            for
-                                                                            sequential
-                                                                            reading.
-                                                                            We
-                                                                            now
-                                                                            have
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            lower
-                                                                            128-bit
-                                                                            lane,
-                                                                            ...
-                                                                            and
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            upper
-                                                                            128-bit
-                                                                            lane.
-                                                                          */
-                                                                         vector);
+      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
+          vector);
   __m128i lower_8 = uu____0.fst;
   __m128i upper_8 = uu____0.snd;
   uint8_t serialized[32U] = {0U};
@@ -1536,20 +1038,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
                         (int16_t)1 << 6U));
   __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16(
       (int32_t)6, coefficients0, __m256i);
-  return libcrux_intrinsics_avx2_mm256_and_si256(/* Here I can prove this `and`
-                                                    is not useful */
-                                                 coefficients1,
-                                                 libcrux_intrinsics_avx2_mm256_set1_epi16(
-                                                     ((int16_t)1 << 10U) -
-                                                     (int16_t)1));
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16(
+                         ((int16_t)1 << 10U) - (int16_t)1));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
-  Eurydice_slice lower_coefficients = Eurydice_slice_subslice2(
-      /* Here I can prove this `and` is not useful */ bytes, (size_t)0U,
-      (size_t)16U, uint8_t);
+  Eurydice_slice lower_coefficients =
+      Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t);
   Eurydice_slice upper_coefficients =
       Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t);
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -1735,70 +1233,28 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input,
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16(
       LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i potential_coefficients =
-      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can
-                                                             be interpreted as a
-                                                             sequence of
-                                                             serialized 12-bit
-                                                             (i.e. uncompressed)
-                                                             coefficients. Not
-                                                             all coefficients
-                                                             may be less than
-                                                             FIELD_MODULUS
-                                                             though. */
-                                                          input);
+      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input);
   __m256i compare_with_field_modulus =
-      libcrux_intrinsics_avx2_mm256_cmpgt_epi16(/* Suppose we view
-                                                   |potential_coefficients| as
-                                                   follows (grouping 64-bit
-                                                   elements): A B C D | E F G H
-                                                   | .... and A < 3329, D < 3329
-                                                   and H < 3329,
-                                                   |compare_with_field_modulus|
-                                                   will look like: 0xFF 0 0 0xFF
-                                                   | 0 0 0 0xFF | ... */
-                                                field_modulus,
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus,
                                                 potential_coefficients);
   uint8_t good[2U];
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each
-                                                      lane is either 0 or 1, we
-                                                      only need one bit from
-                                                      each lane in the register
-                                                      to tell us what
-                                                      coefficients to keep and
-                                                      what to throw-away.
-                                                      Combine all the bits
-                                                      (there are 16) into two
-                                                      bytes. */
-                                                   compare_with_field_modulus,
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
   memcpy(lower_shuffles,
-         /* Each bit (and its corresponding position) represents an element we
-            want to sample. We'd like all such elements to be next to each other
-            starting at index 0, so that they can be read from the vector
-            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
-            shuffling indices needed to make this happen. For e.g. if good[0] =
-            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
-            lane to the first. To do this, we need the byte-level shuffle
-            indices to be 2 3 X X X X ... */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[0U]],
          (size_t)16U * sizeof(uint8_t));
-  __m128i lower_shuffles0 =
-      libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice(
-          (size_t)16U,
-          /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
-          uint8_t));
+  __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
   __m128i lower_coefficients =
       libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients);
   __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
       lower_coefficients, lower_shuffles0);
-  libcrux_intrinsics_avx2_mm_storeu_si128(
-      /* ... then write them out ... */ output, lower_coefficients0);
+  libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0);
   size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]);
   uint8_t upper_shuffles[16U];
   memcpy(upper_shuffles,
-         /* Do the same for |goood[1]| */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[1U]],
          (size_t)16U * sizeof(uint8_t));
@@ -1979,9 +1435,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)10);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1991,15 +1445,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)10, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2009,29 +1459,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)10, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2097,9 +1531,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)11);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2109,15 +1541,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)11, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2127,29 +1555,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)11, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2253,13 +1665,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2355,11 +1761,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     self->coefficients[i0] =
         libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
@@ -2456,9 +1858,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)4);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2468,15 +1868,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)4, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2486,29 +1882,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)4, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2569,9 +1949,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)5);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2581,15 +1959,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)5, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2599,29 +1973,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)5, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2697,8 +2055,6 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
-   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out =
       libcrux_ml_kem_polynomial_ZERO_ef_61();
   for (size_t i = (size_t)0U;
@@ -2733,14 +2089,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -2845,13 +2196,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2883,10 +2228,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U);
@@ -3081,16 +2423,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(/* u :=
-                                                             Decompress_q(Decode_{d_u}(c),
-                                                             d_u) */
-                                                          ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       libcrux_ml_kem_matrix_compute_message_ab(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
@@ -3113,8 +2450,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_2f(
     Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
-      /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -3663,10 +2999,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -3733,7 +3065,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_6c(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+      if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -3755,15 +3087,12 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_fa(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
         *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4033,12 +3362,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
         re->coefficients[j + step], (int16_t)-1600);
@@ -4059,10 +3383,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_61(/* Due to the small coefficient bound, we
-                                          can skip the first round of Montgomery
-                                          reductions. */
-                                       re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_61(re);
   size_t zeta_i = (size_t)1U;
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
@@ -4273,11 +3594,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -4400,26 +3717,8 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients
-            [/* FIXME: Eurydice crashes with: Warning 11: in top-level
-                declaration
-                libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                this expression is not Low*; the enclosing function cannot be
-                translated into C*: let mutable ret(Mark.Present,(Mark.AtMost
-                2), ): int16_t[16size_t] = $any in
-                libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                ((@9:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                &(((@8:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                @0; @0 Warning 11 is fatal, exiting. On the following code:
-                ```rust result.coefficients[i] =
-                Vector::barrett_reduce(Vector::add( coefficient_normal_form,
-                &Vector::add(self.coefficients[i], &message.coefficients[i]),
-                )); ``` */
-             i0],
-        &message->coefficients[i0]);
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
+                                                    &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
@@ -4477,23 +3776,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)10, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4502,17 +3787,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4526,23 +3805,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -4606,23 +3872,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)11, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4631,17 +3883,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4655,23 +3901,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -4787,23 +4020,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)4, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4812,17 +4031,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4836,23 +4049,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -4883,11 +4083,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_d1(
         libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
@@ -4919,23 +4115,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)5, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4944,17 +4126,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4968,23 +4144,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -5015,11 +4178,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_f4(
         libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
@@ -5111,10 +4270,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5127,7 +4283,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_230 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(
       copy_of_prf_input, domain_separator0);
@@ -5136,7 +4291,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
@@ -5144,12 +4299,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */
-                                            public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_ab(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
@@ -5159,14 +4312,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -5659,18 +4810,11 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_traits_to_standard_domain_61(
-            self->coefficients[/* The coefficients are of the form aR^{-1} mod
-                                  q, which means calling to_montgomery_domain()
-                                  on them should return a mod q. */
-                               j]);
+            self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -5701,8 +4845,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
         libcrux_ml_kem_polynomial_ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
@@ -5783,9 +4925,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5818,8 +4958,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_matrix_compute_As_plus_e_ab(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -5955,18 +5095,12 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ
-                                                    mod^{+}q) || ρ) */
-                                                 public_key->t_as_ntt,
-                                                 Eurydice_array_to_slice(
-                                                     (size_t)32U,
-                                                     public_key->seed_for_A,
-                                                     uint8_t),
-                                                 public_key_serialized);
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
+      public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
+      public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q)
-                                                  */
-                                                 private_key->secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6638,9 +5772,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6673,8 +5805,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_matrix_compute_As_plus_e_ab(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6839,10 +5971,7 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
-      Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
-                                     the types. We need to go to the `value`
-                                     directly. */
-                                  private_key->value, (size_t)384U * (size_t)3U,
+      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
       t);
@@ -7802,10 +6931,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b3(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -7873,7 +6998,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b3(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+      if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -7896,15 +7021,12 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
         *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7939,10 +7061,7 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(
   Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
   Eurydice_slice implicit_rejection_value = uu____0.f3;
   Eurydice_slice uu____1 = Eurydice_array_to_slice(
-      (size_t)3U,
-      /* XXX: We need to copy_from_slice here because karamel can't handle the
-         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
-      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U];
   libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, ret);
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
deleted file mode 100644
index b939c9240..000000000
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
- */
-
-#ifndef __libcrux_mlkem768_avx2_types_H
-#define __libcrux_mlkem768_avx2_types_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "eurydice_glue.h"
-
-typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector;
-
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
-with types libcrux_ml_kem_vector_avx2_SIMD256Vector
-
-*/
-typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s {
-  __m256i coefficients[16U];
-} libcrux_ml_kem_polynomial_PolynomialRingElement_f6;
-
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
-libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U];
-  uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63;
-
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
-with types libcrux_ml_kem_vector_avx2_SIMD256Vector
-with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 ind_cpa_public_key;
-  uint8_t public_key_hash[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63;
-
-typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
-    libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked;
-
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
-libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63;
-
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
-libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63
-      ind_cpa_private_key;
-  uint8_t implicit_rejection_value[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63;
-
-typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 private_key;
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 public_key;
-} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked;
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __libcrux_mlkem768_avx2_types_H_DEFINED
-#endif
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 64071fef7..519b51565 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -1235,28 +1235,11 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
 static inline uint8_t
 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
     uint16_t fe) {
-  int16_t shifted =
-      (int16_t)1664 -
-      (int16_t) /* The approach used here is inspired by:
-                   https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
-                   If 833 <= fe <= 2496, then -832 <= shifted <= 831 */
-      fe;
-  int16_t mask =
-      /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) =
-         -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive
-         <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so
-         if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */
-      shifted
-
-      >> 15U;
+  int16_t shifted = (int16_t)1664 - (int16_t)fe;
+  int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 =
-      /* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means the
-         most significant bit of shifted_positive_in_range will be 1. */
-      shifted_positive_in_range
-
-      >> 15U;
+  int16_t r0 = shifted_positive_in_range >> 15U;
   int16_t r1 = r0 & (int16_t)1;
   return (uint8_t)r1;
 }
@@ -1293,16 +1276,7 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
 static inline int16_t
 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
     uint8_t coefficient_bits, uint16_t fe) {
-  uint64_t compressed =
-      (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits
-                    == 5 || coefficient_bits == 10 || coefficient_bits == 11 );
-                    hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to
-                    be constant time due to:
-                    https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
-                  */
-      fe
-
-      << (uint32_t)coefficient_bits;
+  uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
   compressed = compressed + 1664ULL;
   compressed = compressed * 10321340ULL;
   compressed = compressed >> 35U;
@@ -2904,13 +2878,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3008,11 +2976,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -3250,8 +3214,6 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient|
-   * coefficient >= 0 && coefficient < 4096)); */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d out =
       libcrux_ml_kem_polynomial_ZERO_ef_8c();
   for (size_t i = (size_t)0U;
@@ -3289,11 +3251,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -3402,13 +3360,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3439,10 +3391,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U);
@@ -3646,16 +3595,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(/* u :=
-                                                             Decompress_q(Decode_{d_u}(c),
-                                                             d_u) */
-                                                          ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
@@ -3677,8 +3621,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42(
     Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
-      /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
@@ -4213,10 +4156,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -4283,7 +4222,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+      if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -4305,15 +4244,12 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4561,12 +4497,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
         libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
@@ -4588,10 +4519,7 @@ with const generics
 static KRML_MUSTINLINE void
 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(/* Due to the small coefficient bound, we
-                                          can skip the first round of Montgomery
-                                          reductions. */
-                                       re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(re);
   size_t zeta_i = (size_t)1U;
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
@@ -4798,11 +4726,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4934,28 +4858,8 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(
-            self->coefficients
-                [/* FIXME: Eurydice crashes with: Warning 11: in
-                    top-level declaration
-                    libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                    this expression is not Low*; the enclosing
-                    function cannot be translated into C*: let
-                    mutable ret(Mark.Present,(Mark.AtMost 2), ):
-                    int16_t[16size_t] = $any in
-                    libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                    ((@9:
-                    libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                    &(((@8:
-                    libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                    @0; @0 Warning 11 is fatal, exiting. On the
-                    following code: ```rust result.coefficients[i]
-                    = Vector::barrett_reduce(Vector::add(
-                    coefficient_normal_form,
-                    &Vector::add(self.coefficients[i],
-                    &message.coefficients[i]), )); ``` */
-                 i0],
-            &message->coefficients[i0]);
+        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+                                              &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
@@ -5212,11 +5116,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_compress_0d_d1(
@@ -5276,11 +5176,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
         libcrux_ml_kem_vector_portable_compress_0d_f4(
@@ -5372,10 +5268,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5388,7 +5281,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_23 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(
       copy_of_prf_input, domain_separator0);
@@ -5397,7 +5289,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
@@ -5405,12 +5297,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */
-                                            public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_1b(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
@@ -5420,14 +5310,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -5853,20 +5741,12 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
             libcrux_ml_kem_vector_traits_to_standard_domain_8c(
-                self->coefficients[/* The coefficients are of the form aR^{-1}
-                                      mod q, which means calling
-                                      to_montgomery_domain() on them should
-                                      return a mod q. */
-                                   j]);
+                self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -5898,8 +5778,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
         libcrux_ml_kem_polynomial_ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
@@ -5979,9 +5857,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6014,8 +5890,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_matrix_compute_As_plus_e_1b(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6147,18 +6023,12 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ
-                                                    mod^{+}q) || ρ) */
-                                                 public_key->t_as_ntt,
-                                                 Eurydice_array_to_slice(
-                                                     (size_t)32U,
-                                                     public_key->seed_for_A,
-                                                     uint8_t),
-                                                 public_key_serialized);
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
+      public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
+      public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q)
-                                                  */
-                                                 private_key->secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6739,9 +6609,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6774,8 +6642,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_matrix_compute_As_plus_e_1b(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6913,10 +6781,7 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_e0(
-      Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
-                                     the types. We need to go to the `value`
-                                     directly. */
-                                  private_key->value, (size_t)384U * (size_t)3U,
+      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
       t);
@@ -7734,10 +7599,7 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(
   Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
   Eurydice_slice implicit_rejection_value = uu____0.f3;
   Eurydice_slice uu____1 = Eurydice_array_to_slice(
-      (size_t)3U,
-      /* XXX: We need to copy_from_slice here because karamel can't handle the
-         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
-      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U];
   libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, ret);
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
deleted file mode 100644
index c2aa94056..000000000
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
- *
- * SPDX-License-Identifier: MIT or Apache-2.0
- *
- * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 38837f1aab3f2ae348a0cb53cf44d97652e2c977
- */
-
-#ifndef __libcrux_mlkem768_portable_types_H
-#define __libcrux_mlkem768_portable_types_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "eurydice_glue.h"
-
-typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s {
-  int16_t elements[16U];
-} libcrux_ml_kem_vector_portable_vector_type_PortableVector;
-
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
-with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
-
-*/
-typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s {
-  libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
-} libcrux_ml_kem_polynomial_PolynomialRingElement_1d;
-
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
-libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U];
-  uint8_t seed_for_A[32U];
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0;
-
-/**
-A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
-with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
-with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key;
-  uint8_t public_key_hash[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0;
-
-typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked;
-
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
-libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0;
-
-/**
-A monomorphic instance of
-libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
-libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
-- $3size_t
-*/
-typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s {
-  libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
-      ind_cpa_private_key;
-  uint8_t implicit_rejection_value[32U];
-} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0;
-
-typedef struct
-    libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s {
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key;
-  libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key;
-} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked;
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __libcrux_mlkem768_portable_types_H_DEFINED
-#endif
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 10c065571..a77bfdbea 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_sha3_avx2_H
@@ -104,9 +104,7 @@ libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a,
                                                                    uint64_t c) {
-  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x(
-      (int64_t) /* Casting here is required, doesn't change the value. */
-      c);
+  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c);
   return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0);
 }
 
@@ -1701,7 +1699,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_5b(
         __m256i);
     __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
         (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
         s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
@@ -2036,15 +2034,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256(
     Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
     Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1,
     Eurydice_slice out2, Eurydice_slice out3) {
-  Eurydice_slice buf0[4U] = {
-      /* XXX: These functions could alternatively implement the same with the
-         portable implementation #[cfg(feature = "simd128")] { keccakx2::<136,
-         0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136,
-         0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136,
-         0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]);
-         keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136,
-         0x1fu8>([input3], [out3]); } */
-      input0, input1, input2, input3};
+  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
   libcrux_sha3_generic_keccak_keccak_fb(buf0, buf);
 }
@@ -2284,7 +2274,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_3a(
         __m256i);
     __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
         (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
         s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 5b8729fa0..d85d8e543 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -5,10 +5,10 @@
  *
  * This code was generated with the following revisions:
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 9d4ad0ef1e00d55aa483ae761f3d5b4911c0678f
+ * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
  */
 
 #ifndef __libcrux_sha3_portable_H
@@ -1654,7 +1654,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
@@ -2013,7 +2012,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
@@ -2142,7 +2140,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
@@ -2749,7 +2746,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
@@ -3108,7 +3104,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
@@ -3404,7 +3399,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
@@ -3502,7 +3496,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
                                                           Eurydice_slice input1,
                                                           Eurydice_slice out0,
                                                           Eurydice_slice out1) {
-  /* TODO: make argument ordering consistent */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3517,9 +3510,6 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
 */
 static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
 libcrux_sha3_neon_x2_incremental_init(void) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let s0 = KeccakState::new(); let s1 =
-   * KeccakState::new(); [s0, s1] } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3532,10 +3522,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3549,10 +3535,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_first_three_blocks(&mut s0, out0);
-   * shake128_squeeze_first_three_blocks(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3566,10 +3548,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_next_block(&mut s0, out0);
-   * shake128_squeeze_next_block(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3594,10 +3572,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3759,13 +3733,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)136U) {
-      consumed = (size_t)136U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)136U) {
+      consumed = (size_t)136U - self->buf_len;
       for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
         size_t i0 = i;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -3871,9 +3840,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
       size_t i0 = i;
@@ -4220,13 +4187,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)168U) {
-      consumed = (size_t)168U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)168U) {
+      consumed = (size_t)168U - self->buf_len;
       for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
         size_t i0 = i;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -4332,9 +4294,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
       size_t i0 = i;
@@ -4724,13 +4684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   size_t blocks = out_len / (size_t)136U;
   size_t last = out_len - out_len % (size_t)136U;
   size_t mid;
-  if ((size_t)136U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)136U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)136U;
@@ -4744,11 +4698,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -4757,11 +4708,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)136U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
@@ -4856,13 +4803,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   size_t blocks = out_len / (size_t)168U;
   size_t last = out_len - out_len % (size_t)168U;
   size_t mid;
-  if ((size_t)168U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)168U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)168U;
@@ -4876,11 +4817,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -4889,11 +4827,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)168U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));

From a7104e55b1cd9fa067ac003bfe5d92b3b4137fc0 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 2 Dec 2024 18:32:51 +0000
Subject: [PATCH 051/142] add ignore to mlkem cg glue

---
 libcrux-ml-kem/cg/boring/eurydice_glue.h | 2 ++
 libcrux-ml-kem/cg/eurydice_glue.h        | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/libcrux-ml-kem/cg/boring/eurydice_glue.h b/libcrux-ml-kem/cg/boring/eurydice_glue.h
index 79cf1285b..bc8f0a75a 100644
--- a/libcrux-ml-kem/cg/boring/eurydice_glue.h
+++ b/libcrux-ml-kem/cg/boring/eurydice_glue.h
@@ -19,6 +19,8 @@ extern "C" {
 
 #include "karamel/target.h"
 
+#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e)
+
 // SLICES, ARRAYS, ETC.
 
 // The MSVC C++ compiler does not support compound literals.
diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h
index 3f9b35cc2..5fdcf4265 100644
--- a/libcrux-ml-kem/cg/eurydice_glue.h
+++ b/libcrux-ml-kem/cg/eurydice_glue.h
@@ -20,6 +20,8 @@ extern "C" {
 #include "karamel/endianness.h"
 #include "karamel/target.h"
 
+#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e)
+
 // SLICES, ARRAYS, ETC.
 
 // The MSVC C++ compiler does not support compound literals.

From fe49cc565ffc9668fdcff6b99788235bd8da0fcb Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 18:40:41 +0100
Subject: [PATCH 052/142] fixing code to address review comments

---
 .../extraction/Libcrux_ml_kem.Invert_ntt.fst  |  16 +--
 .../extraction/Libcrux_ml_kem.Mlkem1024.fsti  |  59 +++------
 .../extraction/Libcrux_ml_kem.Mlkem768.fsti   |  59 +++------
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fst   |  16 +--
 .../extraction/Libcrux_ml_kem.Polynomial.fst  |  10 +-
 .../extraction/Libcrux_ml_kem.Polynomial.fsti |   2 +-
 libcrux-ml-kem/src/hash_functions.rs          |  12 --
 libcrux-ml-kem/src/ind_cca.rs                 |   7 +-
 libcrux-ml-kem/src/ind_cpa.rs                 |   1 +
 libcrux-ml-kem/src/invert_ntt.rs              |  18 +--
 libcrux-ml-kem/src/mlkem512.rs                |  30 ++---
 libcrux-ml-kem/src/ntt.rs                     |  18 +--
 libcrux-ml-kem/src/polynomial.rs              |  21 ++--
 libcrux-ml-kem/src/vector/avx2.rs             |   8 --
 libcrux-ml-kem/src/vector/avx2/arithmetic.rs  |   5 -
 libcrux-ml-kem/src/vector/portable/ntt.rs     |  15 ---
 .../src/vector/portable/serialize.rs          | 112 ------------------
 libcrux-ml-kem/src/vector/traits.rs           |   2 +
 18 files changed, 100 insertions(+), 311 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
index aeccf049f..53290fba7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
@@ -84,10 +84,10 @@ let invert_ntt_at_layer_1_
                 (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_1_step #v_Vector
                     #FStar.Tactics.Typeclasses.solve
                     (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector)
-                    (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 1 <: usize) <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 2 <: usize) <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 3 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 1 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 2 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 3 <: usize) <: i16)
                   <:
                   v_Vector)
             }
@@ -165,8 +165,8 @@ let invert_ntt_at_layer_2_
                 (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_2_step #v_Vector
                     #FStar.Tactics.Typeclasses.solve
                     (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector)
-                    (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 1 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 1 <: usize) <: i16)
                   <:
                   v_Vector)
             }
@@ -244,7 +244,7 @@ let invert_ntt_at_layer_3_
                 (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_3_step #v_Vector
                     #FStar.Tactics.Typeclasses.solve
                     (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector)
-                    (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
                   <:
                   v_Vector)
             }
@@ -317,7 +317,7 @@ let invert_ntt_at_layer_4_plus
                       (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ]
                         <:
                         v_Vector)
-                      (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
+                      (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
                   in
                   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
                     {
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
index 007e5c86f..b31f845fc 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
@@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem1024
 open Core
 open FStar.Mul
 
-let v_ETA1: usize = sz 2
+let v_C1_BLOCK_SIZE_1024_: usize = sz 352
 
-let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64
+let v_C1_SIZE_1024_: usize = sz 1408
 
-let v_ETA2: usize = sz 2
+let v_C2_SIZE_1024_: usize = sz 160
 
-let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64
+let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = sz 1568
 
-let v_RANK_1024_: usize = sz 4
+let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = sz 1568
 
-let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize =
-  ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
-    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
-    <:
-    usize) /!
-  sz 8
+let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = sz 1536
 
-let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize =
-  (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8
+let v_ETA1: usize = sz 2
 
-let v_T_AS_NTT_ENCODED_SIZE_1024_: usize =
-  ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
-    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
-    <:
-    usize) /!
-  sz 8
+let v_ETA1_RANDOMNESS_SIZE: usize = sz 128
 
-let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32
+let v_ETA2: usize = sz 2
 
-let v_SECRET_KEY_SIZE_1024_: usize =
-  ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +!
-    Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
-    <:
-    usize) +!
-  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE
+let v_ETA2_RANDOMNESS_SIZE: usize = sz 128
 
-let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11
+let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 1600
 
-let v_C1_BLOCK_SIZE_1024_: usize =
-  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_
-    <:
-    usize) /!
-  sz 8
+let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = sz 1536
 
-let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_
+let v_RANK_1024_: usize = sz 4
 
-let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5
+let v_SECRET_KEY_SIZE_1024_: usize = sz 3168
 
-let v_C2_SIZE_1024_: usize =
-  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_
-    <:
-    usize) /!
-  sz 8
+let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = sz 1536
 
-let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_
+let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11
 
-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize =
-  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_
+let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5
 
 /// Validate a private key.
 /// Returns `true` if valid, and `false` otherwise.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
index d1d7c217f..928e6a233 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
@@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem768
 open Core
 open FStar.Mul
 
-let v_ETA1: usize = sz 2
+let v_C1_BLOCK_SIZE_768_: usize = sz 320
 
-let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64
+let v_C1_SIZE_768_: usize = sz 960
 
-let v_ETA2: usize = sz 2
+let v_C2_SIZE_768_: usize = sz 128
 
-let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64
+let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = sz 1088
 
-let v_RANK_768_: usize = sz 3
+let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = sz 1184
 
-let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize =
-  ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
-    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
-    <:
-    usize) /!
-  sz 8
+let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = sz 1152
 
-let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize =
-  (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8
+let v_ETA1: usize = sz 2
 
-let v_T_AS_NTT_ENCODED_SIZE_768_: usize =
-  ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
-    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
-    <:
-    usize) /!
-  sz 8
+let v_ETA1_RANDOMNESS_SIZE: usize = sz 128
 
-let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32
+let v_ETA2: usize = sz 2
 
-let v_SECRET_KEY_SIZE_768_: usize =
-  ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +!
-    Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
-    <:
-    usize) +!
-  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE
+let v_ETA2_RANDOMNESS_SIZE: usize = sz 128
 
-let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10
+let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 1120
 
-let v_C1_BLOCK_SIZE_768_: usize =
-  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_
-    <:
-    usize) /!
-  sz 8
+let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = sz 1152
 
-let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_
+let v_RANK_768_: usize = sz 3
 
-let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4
+let v_SECRET_KEY_SIZE_768_: usize = sz 2400
 
-let v_C2_SIZE_768_: usize =
-  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_
-    <:
-    usize) /!
-  sz 8
+let v_T_AS_NTT_ENCODED_SIZE_768_: usize = sz 1152
 
-let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_
+let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10
 
-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize =
-  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_
+let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4
 
 /// Validate a private key.
 /// Returns `true` if valid, and `false` otherwise.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
index 2c5a30cb2..41d6dfad3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
@@ -81,10 +81,10 @@ let ntt_at_layer_1_
                 (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_1_step #v_Vector
                     #FStar.Tactics.Typeclasses.solve
                     (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector)
-                    (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 1 <: usize) <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 2 <: usize) <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 3 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 1 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 2 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 3 <: usize) <: i16)
                   <:
                   v_Vector)
             }
@@ -163,8 +163,8 @@ let ntt_at_layer_2_
                 (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_2_step #v_Vector
                     #FStar.Tactics.Typeclasses.solve
                     (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector)
-                    (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
-                    (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 1 <: usize) <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 1 <: usize) <: i16)
                   <:
                   v_Vector)
             }
@@ -243,7 +243,7 @@ let ntt_at_layer_3_
                 (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_3_step #v_Vector
                     #FStar.Tactics.Typeclasses.solve
                     (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector)
-                    (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
+                    (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
                   <:
                   v_Vector)
             }
@@ -315,7 +315,7 @@ let ntt_at_layer_4_plus
                       (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ]
                         <:
                         v_Vector)
-                      (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16)
+                      (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16)
                   in
                   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
                     {
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
index 4dcc55b91..fec53d917 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
@@ -9,7 +9,7 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-let get_zeta (i: usize) =
+let zeta (i: usize) =
   let result:i16 = v_ZETAS_TIMES_MONTGOMERY_R.[ i ] in
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
@@ -355,10 +355,10 @@ let impl_2__ntt_multiply
                   #FStar.Tactics.Typeclasses.solve
                   (self.f_coefficients.[ i ] <: v_Vector)
                   (rhs.f_coefficients.[ i ] <: v_Vector)
-                  (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16)
-                  (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16)
-                  (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16)
-                  (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16)
+                  (zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16)
+                  (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16)
+                  (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16)
+                  (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16)
                 <:
                 v_Vector)
             <:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
index 6ad4d7a0b..6dd0db075 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
@@ -29,7 +29,7 @@ let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) =
   FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128);
   Rust_primitives.Hax.array_of_list 128 list
 
-val get_zeta (i: usize)
+val zeta (i: usize)
     : Prims.Pure i16
       (requires i <. sz 128)
       (ensures
diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs
index 7641a7266..17d34fdc2 100644
--- a/libcrux-ml-kem/src/hash_functions.rs
+++ b/libcrux-ml-kem/src/hash_functions.rs
@@ -171,7 +171,6 @@ pub(crate) mod portable {
 
     #[hax_lib::attributes]
     impl<const K: usize> Hash<K> for PortableHash<K> {
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("$out == Spec.Utils.v_G $input"))
         ]
@@ -180,7 +179,6 @@ pub(crate) mod portable {
             G(input)
         }
 
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("$out == Spec.Utils.v_H $input"))
         ]
@@ -190,7 +188,6 @@ pub(crate) mod portable {
         }
 
         #[requires(fstar!("v $LEN < pow2 32"))]
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
             fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"))
@@ -201,7 +198,6 @@ pub(crate) mod portable {
         }
 
         #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
                 $out == Spec.Utils.v_PRFxN $K $LEN $input"))
@@ -428,7 +424,6 @@ pub(crate) mod avx2 {
 
     #[hax_lib::attributes]
     impl<const K: usize> Hash<K> for Simd256Hash {
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("$out == Spec.Utils.v_G $input"))
         ]
@@ -437,7 +432,6 @@ pub(crate) mod avx2 {
             G(input)
         }
 
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("$out == Spec.Utils.v_H $input"))
         ]
@@ -447,7 +441,6 @@ pub(crate) mod avx2 {
         }
 
         #[requires(fstar!("v $LEN < pow2 32"))]
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[hax_lib::ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
             fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"))
@@ -458,7 +451,6 @@ pub(crate) mod avx2 {
         }
 
         #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
                 $out == Spec.Utils.v_PRFxN $K $LEN $input"))
@@ -710,7 +702,6 @@ pub(crate) mod neon {
 
     #[hax_lib::attributes]
     impl<const K: usize> Hash<K> for Simd128Hash {
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("$out == Spec.Utils.v_G $input"))
         ]
@@ -719,7 +710,6 @@ pub(crate) mod neon {
             G(input)
         }
 
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             fstar!("$out == Spec.Utils.v_H $input"))
         ]
@@ -729,7 +719,6 @@ pub(crate) mod neon {
         }
 
         #[requires(fstar!("v $LEN < pow2 32"))]
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
             fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"))
@@ -740,7 +729,6 @@ pub(crate) mod neon {
         }
 
         #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
-        // Output name has be `out` https://github.com/hacspec/hax/issues/832
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
             fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 33ec390e5..18ae0db4a 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -427,13 +427,12 @@ pub(crate) fn decapsulate<
         Scheme::kdf::<K, CIPHERTEXT_SIZE, Hasher>(&implicit_rejection_shared_secret, ciphertext);
     let shared_secret = Scheme::kdf::<K, CIPHERTEXT_SIZE, Hasher>(shared_secret, ciphertext);
 
-    let shared_secret = compare_ciphertexts_select_shared_secret_in_constant_time(
+    compare_ciphertexts_select_shared_secret_in_constant_time(
         ciphertext.as_ref(),
         &expected_ciphertext,
         &shared_secret,
         &implicit_rejection_shared_secret,
-    );
-    shared_secret
+    )
 }
 
 /// Types for the unpacked API.
@@ -821,7 +820,7 @@ pub(crate) mod unpacked {
                 Seq.index (Seq.index $result i) j ==
                     Seq.index (Seq.index $ind_cpa_a j) i)"))
     ]
-    pub(crate) fn transpose_a<const K: usize, Vector: Operations>(
+    fn transpose_a<const K: usize, Vector: Operations>(
         ind_cpa_a: [[PolynomialRingElement<Vector>; K]; K],
     ) -> [[PolynomialRingElement<Vector>; K]; K] {
         // We need to un-transpose the A_transpose matrix provided by IND-CPA
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 935ef0c95..b40bd07ae 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -200,6 +200,7 @@ fn sample_ring_element_cbd<
 ) -> ([PolynomialRingElement<Vector>; K], u8) {
     let mut error_1 = from_fn(|_i| PolynomialRingElement::<Vector>::ZERO());
     let mut prf_inputs = [prf_input; K];
+    // See https://github.com/hacspec/hax/issues/1167
     let _domain_separator_init = domain_separator;
     domain_separator = prf_input_inc::<K>(&mut prf_inputs, domain_separator);
     hax_lib::fstar!("let lemma_aux (i:nat{ i < v $K }) : Lemma (${prf_inputs}.[sz i] == (Seq.append (Seq.slice $prf_input 0 32) 
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 24866eb82..7f9506731 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -1,6 +1,6 @@
 use crate::{
     hax_utils::hax_debug_assert,
-    polynomial::{get_zeta, PolynomialRingElement},
+    polynomial::{zeta, PolynomialRingElement},
     vector::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR},
 };
 
@@ -55,10 +55,10 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::inv_ntt_layer_1_step(
             re.coefficients[round],
-            get_zeta(*zeta_i),
-            get_zeta(*zeta_i - 1),
-            get_zeta(*zeta_i - 2),
-            get_zeta(*zeta_i - 3),
+            zeta(*zeta_i),
+            zeta(*zeta_i - 1),
+            zeta(*zeta_i - 2),
+            zeta(*zeta_i - 3),
         );
         *zeta_i -= 3;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
@@ -104,8 +104,8 @@ pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::inv_ntt_layer_2_step(
             re.coefficients[round],
-            get_zeta(*zeta_i),
-            get_zeta(*zeta_i - 1),
+            zeta(*zeta_i),
+            zeta(*zeta_i - 1),
         );
         *zeta_i -= 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
@@ -150,7 +150,7 @@ pub(crate) fn invert_ntt_at_layer_3<Vector: Operations>(
                         (Spec.Utils.is_i16b_array_opaque 3328 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] =
-            Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta(*zeta_i));
+            Vector::inv_ntt_layer_3_step(re.coefficients[round], zeta(*zeta_i));
         hax_lib::fstar!(
             "reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
             (Spec.Utils.is_i16b_array_opaque 3328 
@@ -210,7 +210,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus<Vector: Operations>(
             let (x, y) = inv_ntt_layer_int_vec_step_reduce(
                 re.coefficients[j],
                 re.coefficients[j + step_vec],
-                get_zeta(*zeta_i),
+                zeta(*zeta_i),
             );
             re.coefficients[j] = x;
             re.coefficients[j + step_vec] = y;
diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs
index 0d82a07a8..1af827529 100644
--- a/libcrux-ml-kem/src/mlkem512.rs
+++ b/libcrux-ml-kem/src/mlkem512.rs
@@ -3,31 +3,25 @@ use super::{constants::*, ind_cca::*, types::*, *};
 
 // Kyber 512 parameters
 const RANK_512: usize = 2;
-const RANKED_BYTES_PER_RING_ELEMENT_512: usize = 768;
-const T_AS_NTT_ENCODED_SIZE_512: usize = 768;
+const RANKED_BYTES_PER_RING_ELEMENT_512: usize = RANK_512 * BITS_PER_RING_ELEMENT / 8;
+const T_AS_NTT_ENCODED_SIZE_512: usize = (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
 const VECTOR_U_COMPRESSION_FACTOR_512: usize = 10;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_U_COMPRESSION_FACTOR_512>()
-const C1_BLOCK_SIZE_512: usize = 320;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// serialized_len::<RANK_512, C1_BLOCK_SIZE_512>()
-const C1_SIZE_512: usize = 640;
+const C1_BLOCK_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_512) / 8;
+const C1_SIZE_512: usize = C1_BLOCK_SIZE_512 * RANK_512;
 const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4;
-// [hax]: hacspec/hacspec-v2#27 stealing error
-// block_len::<VECTOR_V_COMPRESSION_FACTOR_512>()
-const C2_SIZE_512: usize = 128;
-const CPA_PKE_SECRET_KEY_SIZE_512: usize = 768;
-pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = 800;
-const CPA_PKE_CIPHERTEXT_SIZE_512: usize = 768;
+const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8;
+const CPA_PKE_SECRET_KEY_SIZE_512: usize = (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
+pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32;
+const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512;
 
-pub(crate) const SECRET_KEY_SIZE_512: usize = 1632;
+pub(crate) const SECRET_KEY_SIZE_512: usize = CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE;
 
 const ETA1: usize = 3;
-const ETA1_RANDOMNESS_SIZE: usize = 192;
+const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64;
 const ETA2: usize = 2;
-const ETA2_RANDOMNESS_SIZE: usize = 128;
+const ETA2_RANDOMNESS_SIZE: usize = ETA2 * 64;
 
-const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = 800;
+const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = SHARED_SECRET_SIZE + CPA_PKE_CIPHERTEXT_SIZE_512;
 
 // Kyber 512 types
 /// An ML-KEM 512 Ciphertext
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index bb769cf1a..973a6d945 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -1,6 +1,6 @@
 use crate::{
     hax_utils::hax_debug_assert,
-    polynomial::{get_zeta, PolynomialRingElement, VECTORS_IN_RING_ELEMENT},
+    polynomial::{zeta, PolynomialRingElement, VECTORS_IN_RING_ELEMENT},
     vector::{montgomery_multiply_fe, Operations},
 };
 
@@ -56,10 +56,10 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::ntt_layer_1_step(
             re.coefficients[round],
-            get_zeta(*zeta_i),
-            get_zeta(*zeta_i + 1),
-            get_zeta(*zeta_i + 2),
-            get_zeta(*zeta_i + 3),
+            zeta(*zeta_i),
+            zeta(*zeta_i + 1),
+            zeta(*zeta_i + 2),
+            zeta(*zeta_i + 3),
         );
         *zeta_i += 3;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
@@ -116,8 +116,8 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] = Vector::ntt_layer_2_step(
             re.coefficients[round],
-            get_zeta(*zeta_i),
-            get_zeta(*zeta_i + 1),
+            zeta(*zeta_i),
+            zeta(*zeta_i + 1),
         );
         *zeta_i += 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
@@ -173,7 +173,7 @@ pub(crate) fn ntt_at_layer_3<Vector: Operations>(
                         (Spec.Utils.is_i16b_array_opaque (11207+3*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
         re.coefficients[round] =
-            Vector::ntt_layer_3_step(re.coefficients[round], get_zeta(*zeta_i));
+            Vector::ntt_layer_3_step(re.coefficients[round], zeta(*zeta_i));
         hax_lib::fstar!(
             "reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
             (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
@@ -243,7 +243,7 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
             let (x, y) = ntt_layer_int_vec_step(
                 re.coefficients[j],
                 re.coefficients[j + step_vec],
-                get_zeta(*zeta_i),
+                zeta(*zeta_i),
             );
             re.coefficients[j] = x;
             re.coefficients[j + step_vec] = y;
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index 9460a0cba..cb6f0fe8b 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -15,11 +15,12 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = {
     ]
 };
 
+// A function to retrieve zetas so that we can add a post-condition
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(i < 128)]
 #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 1664 result"))]
-pub fn get_zeta(i: usize) -> i16 {
+pub fn zeta(i: usize) -> i16 {
     ZETAS_TIMES_MONTGOMERY_R[i]
 }
 
@@ -67,7 +68,6 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     #[allow(non_snake_case)]
     pub(crate) fn ZERO() -> Self {
         Self {
-            // FIXME:  The THIR body of item DefId(0:415 ~ libcrux_ml_kem[9000]::polynomial::{impl#0}::ZERO::{constant#0}) was stolen.
             coefficients: [Vector::ZERO(); 16],
         }
     }
@@ -213,13 +213,13 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     ///
     /// The NIST FIPS 203 standard can be found at
     /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
+    
     // TODO: Remove or replace with something that works and is useful for the proof.
     // #[cfg_attr(hax, hax_lib::requires(
     //     hax_lib::forall(|i:usize|
     //         hax_lib::implies(i < COEFFICIENTS_IN_RING_ELEMENT, ||
     //             (lhs.coefficients[i] >= 0 && lhs.coefficients[i] < 4096) &&
     //             (rhs.coefficients[i].abs() <= FIELD_MODULUS)
-
     // ))))]
     // #[cfg_attr(hax, hax_lib::ensures(|result|
     //     hax_lib::forall(|i:usize|
@@ -228,23 +228,18 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     // ))))]
     #[inline(always)]
     pub(crate) fn ntt_multiply(&self, rhs: &Self) -> Self {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
         hax_lib::fstar!("admit ()");
-        // hax_debug_debug_assert!(lhs
-        //     .coefficients
-        //     .into_iter()
-        //     .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-
+        
         let mut out = PolynomialRingElement::ZERO();
 
         for i in 0..VECTORS_IN_RING_ELEMENT {
             out.coefficients[i] = Vector::ntt_multiply(
                 &self.coefficients[i],
                 &rhs.coefficients[i],
-                get_zeta(64 + 4 * i),
-                get_zeta(64 + 4 * i + 1),
-                get_zeta(64 + 4 * i + 2),
-                get_zeta(64 + 4 * i + 3),
+                zeta(64 + 4 * i),
+                zeta(64 + 4 * i + 1),
+                zeta(64 + 4 * i + 2),
+                zeta(64 + 4 * i + 3),
             );
         }
 
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 9f3035fde..61c7ae159 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -285,7 +285,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector)"))]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_1(vector: Self) -> [u8; 2] {
@@ -293,7 +292,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(bytes.len() == 2)]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_1(bytes: &[u8]) -> Self {
@@ -303,7 +301,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector)"))]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_4(vector: Self) -> [u8; 8] {
@@ -311,7 +308,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(bytes.len() == 8)]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_4(bytes: &[u8]) -> Self {
@@ -336,7 +332,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector)"))]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_10(vector: Self) -> [u8; 20] {
@@ -344,7 +339,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(bytes.len() == 20)]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_10(bytes: &[u8]) -> Self {
@@ -367,7 +361,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector)"))]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_12(vector: Self) -> [u8; 24] {
@@ -375,7 +368,6 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(bytes.len() == 24)]
-    // Output name has be `out` https://github.com/hacspec/hax/issues/832
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_12(bytes: &[u8]) -> Self {
diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
index 1032ee28d..8c9f3ae9a 100644
--- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
@@ -94,11 +94,6 @@ pub(crate) fn shift_right<const SHIFT_BY: i32>(vector: Vec256) -> Vec256 {
     result
 }
 
-// #[inline(always)]
-// pub(crate) fn shift_left<const SHIFT_BY: i32>(vector: Vec256) -> Vec256 {
-//     mm256_slli_epi16::<{ SHIFT_BY }>(vector)
-// }
-
 #[inline(always)]
 #[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
 #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))]
diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs
index 3cfafc9ea..46ef118d5 100644
--- a/libcrux-ml-kem/src/vector/portable/ntt.rs
+++ b/libcrux-ml-kem/src/vector/portable/ntt.rs
@@ -367,21 +367,6 @@ pub(crate) fn ntt_multiply_binomials(
     );
 }
 
-// #[inline(always)]
-// pub(crate) fn ntt_multiply_binomials(
-//     (a0, a1): (FieldElement, FieldElement),
-//     (b0, b1): (FieldElement, FieldElement),
-//     zeta: FieldElementTimesMontgomeryR,
-// ) -> (MontgomeryFieldElement, MontgomeryFieldElement) {
-//     (
-//         montgomery_reduce_element(
-//             (a0 as i32) * (b0 as i32)
-//                 + (montgomery_reduce_element((a1 as i32) * (b1 as i32)) as i32) * (zeta as i32),
-//         ),
-//         montgomery_reduce_element((a0 as i32) * (b1 as i32) + (a1 as i32) * (b0 as i32)),
-//     )
-// }
-
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs
index 550ed5170..9a6522847 100644
--- a/libcrux-ml-kem/src/vector/portable/serialize.rs
+++ b/libcrux-ml-kem/src/vector/portable/serialize.rs
@@ -332,35 +332,6 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) {
     (r0, r1, r2, r3, r4)
 }
 
-// #[cfg_attr(hax, hax_lib::fstar::after(interface, "
-// val serialize_5_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma
-//   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 5))
-//   (ensures bit_vec_of_int_t_array (${serialize_5} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 5)
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--z3rlimit 300\"
-
-// let serialize_5_lemma inputs =
-//   serialize_5_bit_vec_lemma inputs.f_elements ();
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_5} inputs) 8)
-//     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 5))
-
-// #pop-options
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
-
-// let serialize_5_bit_vec_lemma (v: t_Array i16 (sz 16))
-//   (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 5))
-//    : squash (
-//      let inputs = bit_vec_of_int_t_array v 5 in
-//      let outputs = bit_vec_of_int_t_array (${serialize_5} ({ f_elements = v })) 8 in
-//      (forall (i: nat {i < 80}). inputs i == outputs i)
-//    ) =
-//   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
-
-// #pop-options
-// "))]
 #[inline(always)]
 pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] {
     let r0_4 = serialize_5_int(&v.elements[0..8]);
@@ -386,33 +357,6 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
     (v0, v1, v2, v3, v4, v5, v6, v7)
 }
 
-// #[cfg_attr(hax, hax_lib::fstar::after(interface, "
-// val deserialize_5_lemma (inputs: t_Array u8 (sz 10)) : Lemma
-//   (ensures bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5 == bit_vec_of_int_t_array inputs 8)
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--z3rlimit 300\"
-
-// let deserialize_5_lemma inputs =
-//   deserialize_5_bit_vec_lemma inputs;
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5)
-//     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
-
-// #pop-options
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
-
-// let deserialize_5_bit_vec_lemma (v: t_Array u8 (sz 10))
-//    : squash (
-//      let inputs = bit_vec_of_int_t_array v 8 in
-//      let outputs = bit_vec_of_int_t_array (${deserialize_5} v).f_elements 5 in
-//      (forall (i: nat {i < 80}). inputs i == outputs i)
-//    ) =
-//   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
-
-// #pop-options
-// "))]
 #[hax_lib::requires(fstar!(r#"
      ${bytes.len() == 10}
 "#))]
@@ -601,35 +545,6 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8
     (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10)
 }
 
-// #[cfg_attr(hax, hax_lib::fstar::after(interface, "
-// val serialize_11_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma
-//   (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11))
-//   (ensures bit_vec_of_int_t_array (${serialize_11} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 11)
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--z3rlimit 300\"
-
-// let serialize_11_lemma inputs =
-//   serialize_11_bit_vec_lemma inputs.f_elements ();
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8)
-//     (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 11))
-
-// #pop-options
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
-
-// let serialize_11_bit_vec_lemma (v: t_Array i16 (sz 16))
-//   (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 11))
-//    : squash (
-//      let inputs = bit_vec_of_int_t_array v 11 in
-//      let outputs = bit_vec_of_int_t_array (${serialize_11} ({ f_elements = v })) 8 in
-//      (forall (i: nat {i < 176}). inputs i == outputs i)
-//    ) =
-//   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
-
-// #pop-options
-// "))]
 #[inline(always)]
 pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] {
     let r0_10 = serialize_11_int(&v.elements[0..8]);
@@ -657,33 +572,6 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16,
     (r0, r1, r2, r3, r4, r5, r6, r7)
 }
 
-// #[cfg_attr(hax, hax_lib::fstar::after(interface, "
-// val deserialize_11_lemma (inputs: t_Array u8 (sz 22)) : Lemma
-//   (ensures bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11 == bit_vec_of_int_t_array inputs 8)
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--z3rlimit 300\"
-
-// let deserialize_11_lemma inputs =
-//   deserialize_11_bit_vec_lemma inputs;
-//   BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11)
-//     (BitVecEq.retype (bit_vec_of_int_t_array inputs 8))
-
-// #pop-options
-// "))]
-// #[cfg_attr(hax, hax_lib::fstar::after("
-// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\"
-
-// let deserialize_11_bit_vec_lemma (v: t_Array u8 (sz 22))
-//    : squash (
-//      let inputs = bit_vec_of_int_t_array v 8 in
-//      let outputs = bit_vec_of_int_t_array (${deserialize_11} v).f_elements 11 in
-//      (forall (i: nat {i < 176}). inputs i == outputs i)
-//    ) =
-//   _ by (Tactics.GetBit.prove_bit_vector_equality' ())
-
-// #pop-options
-// "))]
 #[hax_lib::requires(fstar!(r#"
      ${bytes.len() == 22}
 "#))]
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 62e67a770..193d0edf6 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -5,6 +5,8 @@ pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1
 pub const BARRETT_SHIFT: i32 = 26;
 pub const BARRETT_R: i32 = 1 << BARRETT_SHIFT;
 
+// We define a trait that allows us to talk about the contents of a vector.
+// This is used extensively in pre- and post-conditions to reason about the code.
 #[cfg(hax)]
 #[hax_lib::attributes]
 pub trait Repr: Copy + Clone {

From 0e587d6e842717408ea9357e00d47e372e505c80 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 19:44:12 +0100
Subject: [PATCH 053/142] assert to help proofs

---
 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst
index f598ee0ff..0ea02db6c 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst
@@ -11,13 +11,14 @@ open Spec.MLKEM
 
 let mlkem768_rank : rank = sz 3
 
-#push-options "--z3rlimit 300"
+#set-options "--z3rlimit 350"
 let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)):
                               (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) & bool =
     ind_cca_generate_keypair mlkem768_rank randomness
 
 let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)):
                          (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) & bool =
+    assert (v_CPA_CIPHERTEXT_SIZE mlkem768_rank == sz 1088);            
     ind_cca_encapsulate mlkem768_rank public_key randomness
 
 let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)):
@@ -32,7 +33,6 @@ let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)):
                                (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) & bool =
     ind_cca_generate_keypair mlkem1024_rank randomness
 
-#set-options "--z3rlimit 100"
 let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)):
                           (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) & bool  =
     assert (v_CPA_CIPHERTEXT_SIZE mlkem1024_rank == sz 1568);            

From cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 18:45:17 +0000
Subject: [PATCH 054/142] fmt

---
 libcrux-ml-kem/c/code_gen.txt                 |   10 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   10 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   10 +-
 .../c/internal/libcrux_mlkem_portable.h       |   12 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   10 +-
 .../c/internal/libcrux_sha3_internal.h        |   78 +-
 libcrux-ml-kem/c/libcrux_core.c               |   10 +-
 libcrux-ml-kem/c/libcrux_core.h               |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   70 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 1385 +++++++++++++----
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     |  455 ++++--
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   10 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   52 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   16 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   30 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   10 +-
 libcrux-ml-kem/src/invert_ntt.rs              |    7 +-
 libcrux-ml-kem/src/mlkem512.rs                |   12 +-
 libcrux-ml-kem/src/ntt.rs                     |   10 +-
 libcrux-ml-kem/src/polynomial.rs              |    4 +-
 37 files changed, 1739 insertions(+), 642 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 420446603..8606206e0 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
-Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
-Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
-F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 69032a33e..fe0dc7d7d 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 9baf58ca5..48345a968 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index 7ba532d5e..e89d87311 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
@@ -23,7 +23,7 @@ extern "C" {
 #include "internal/libcrux_core.h"
 #include "internal/libcrux_sha3_internal.h"
 
-int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i);
+int16_t libcrux_ml_kem_polynomial_zeta(size_t i);
 
 #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT  \
   (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 0d99b2edd..78fe0a95b 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 6d47ffcbc..92381f50f 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
@@ -273,8 +273,13 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (self->buf_len + input_len >= (size_t)136U) {
-      consumed = (size_t)136U - self->buf_len;
+    if (
+        /* There's something buffered internally to consume. */ self->buf_len +
+            input_len >=
+        (size_t)136U) {
+      consumed = (size_t)136U - /* We have enough data when combining the
+                                   internal buffer and the input. */
+                 self->buf_len;
       {
         size_t i = (size_t)0U;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -380,7 +385,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
-  if (input_remainder_len > (size_t)0U) {
+  if (
+      /* ... buffer the rest if there's not enough input (left). */
+      input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
       size_t i = (size_t)0U;
@@ -727,8 +734,13 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (self->buf_len + input_len >= (size_t)168U) {
-      consumed = (size_t)168U - self->buf_len;
+    if (
+        /* There's something buffered internally to consume. */ self->buf_len +
+            input_len >=
+        (size_t)168U) {
+      consumed = (size_t)168U - /* We have enough data when combining the
+                                   internal buffer and the input. */
+                 self->buf_len;
       {
         size_t i = (size_t)0U;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -834,7 +846,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
-  if (input_remainder_len > (size_t)0U) {
+  if (
+      /* ... buffer the rest if there's not enough input (left). */
+      input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
       size_t i = (size_t)0U;
@@ -1224,7 +1238,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   size_t blocks = out_len / (size_t)136U;
   size_t last = out_len - out_len % (size_t)136U;
   size_t mid;
-  if ((size_t)136U >= out_len) {
+  if ((size_t)136U >=
+      /* Squeeze out one to start with. XXX: Eurydice does not extract
+         `core::cmp::min`, so we do this instead. (cf.
+         https://github.com/AeneasVerif/eurydice/issues/49) */
+      out_len
+
+  ) {
     mid = out_len;
   } else {
     mid = (size_t)136U;
@@ -1238,8 +1258,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
-                                             .end = blocks}),
+          (CLITERAL(core_ops_range_Range_08){
+              .start = (size_t)1U,
+              .end = /* If we got asked for more than one block, squeeze out
+                        more. */
+              blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -1248,7 +1271,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
+                                                            always have full
+                                                            blocks to write out.
+                                                          */
+                                                         out_rest,
                                                          (size_t)136U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
@@ -1343,7 +1370,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   size_t blocks = out_len / (size_t)168U;
   size_t last = out_len - out_len % (size_t)168U;
   size_t mid;
-  if ((size_t)168U >= out_len) {
+  if ((size_t)168U >=
+      /* Squeeze out one to start with. XXX: Eurydice does not extract
+         `core::cmp::min`, so we do this instead. (cf.
+         https://github.com/AeneasVerif/eurydice/issues/49) */
+      out_len
+
+  ) {
     mid = out_len;
   } else {
     mid = (size_t)168U;
@@ -1357,8 +1390,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
-                                             .end = blocks}),
+          (CLITERAL(core_ops_range_Range_08){
+              .start = (size_t)1U,
+              .end = /* If we got asked for more than one block, squeeze out
+                        more. */
+              blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -1367,7 +1403,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
+                                                            always have full
+                                                            blocks to write out.
+                                                          */
+                                                         out_rest,
                                                          (size_t)168U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 03c9cddb6..de354115a 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index f1e63c7a9..55c5c5d8e 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 6ba68daf6..37334a9b1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 6aa0b5776..778d6fbf3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index c662e3584..854751c45 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index bc4294748..e463cb267 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 90211f1e5..430c904d1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index d27735aa5..fb7755a5a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem512_H
@@ -21,28 +21,52 @@ extern "C" {
 #include "eurydice_glue.h"
 #include "libcrux_core.h"
 
-#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 ((size_t)320U)
+#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U)
+
+#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512          \
+  (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
+   LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U)
+
+#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U)
+
+#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 \
+  (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512)
+
+#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 ((size_t)640U)
+#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512                \
+  (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
+   LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 ((size_t)128U)
+#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 \
+  (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512)
 
-#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 ((size_t)768U)
+#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512  \
+  (LIBCRUX_ML_KEM_MLKEM512_RANK_512 *                      \
+   LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
+   LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 ((size_t)800U)
+#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 \
+  (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 ((size_t)768U)
+#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 \
+  (LIBCRUX_ML_KEM_MLKEM512_RANK_512 *                       \
+   LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *  \
+   LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
 
 #define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE ((size_t)192U)
+#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE \
+  (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U)
 
 #define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE ((size_t)128U)
+#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE \
+  (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U)
 
 #define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \
-  ((size_t)800U)
+  (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE +                   \
+   LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512)
 
 typedef libcrux_ml_kem_types_MlKemCiphertext_1a
     libcrux_ml_kem_mlkem512_MlKem512Ciphertext;
@@ -56,17 +80,15 @@ typedef libcrux_ml_kem_types_MlKemPrivateKey_fa
 typedef libcrux_ml_kem_types_MlKemPublicKey_52
     libcrux_ml_kem_mlkem512_MlKem512PublicKey;
 
-#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 ((size_t)768U)
+#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \
+  (LIBCRUX_ML_KEM_MLKEM512_RANK_512 *                             \
+   LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
 
-#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U)
-
-#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 ((size_t)1632U)
-
-#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 ((size_t)768U)
-
-#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U)
-
-#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U)
+#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512      \
+  (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + \
+   LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + \
+   LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE +              \
+   LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index b45c8295b..3e9fbd0cc 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index d5ec40d83..79012290d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 2fc72d307..8639c4603 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 6e3d9755b..faea31c8a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index bcfb76ff3..474b96082 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index fdf226bd8..a7a0f7e7d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 08c3fa5b7..35608499b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index c59bc0046..2d21b9d89 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 03f9d22a4..514894426 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 61f343a77..64e5d2462 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -141,11 +141,16 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus);
+  __m256i v_minus_field_modulus =
+      mm256_sub_epi16(/* Compute v_i - Q and crate a mask from the sign bit of
+                         each of these quantities. */
+                      vector,
+                      field_modulus);
   __m256i sign_mask =
       mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i);
-  __m256i conditional_add_field_modulus =
-      mm256_and_si256(sign_mask, field_modulus);
+  __m256i conditional_add_field_modulus = mm256_and_si256(
+      /* If v_i - Q < 0 then add back Q to (v_i - Q). */ sign_mask,
+      field_modulus);
   return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus);
 }
 
@@ -450,6 +455,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) {
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
     __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
+  /* Compute the first term of the product */
   __m256i shuffle_with = mm256_set_epi8(
       (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6,
       (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8,
@@ -457,7 +463,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2,
       (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4,
       (int8_t)1, (int8_t)0);
-  __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with);
+  __m256i lhs_shuffled =
+      mm256_shuffle_epi8(/* Prepare the left hand side */ lhs, shuffle_with);
   __m256i lhs_shuffled0 =
       mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i);
   __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0);
@@ -465,7 +472,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i lhs_odds =
       mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i);
   __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds);
-  __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with);
+  __m256i rhs_shuffled =
+      mm256_shuffle_epi8(/* Prepare the right hand side */ rhs, shuffle_with);
   __m256i rhs_shuffled0 =
       mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i);
   __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0);
@@ -473,7 +481,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i rhs_odds =
       mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i);
   __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds);
-  __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0);
+  __m256i left =
+      mm256_mullo_epi32(/* Start operating with them */ lhs_evens0, rhs_evens0);
   __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0);
   __m256i right0 =
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right);
@@ -486,7 +495,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
           products_left);
   __m256i rhs_adjacent_swapped = mm256_shuffle_epi8(
-      rhs,
+      /* Compute the second term of the product */ rhs,
       mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9,
                      (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4,
                      (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3,
@@ -500,8 +509,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
           products_right);
   __m256i products_right1 =
       mm256_slli_epi32((int32_t)16, products_right0, __m256i);
-  return mm256_blend_epi16((int32_t)170, products_left0, products_right1,
-                           __m256i);
+  return mm256_blend_epi16((int32_t)170,
+                           /* Combine them into one vector */ products_left0,
+                           products_right1, __m256i);
 }
 
 /**
@@ -517,11 +527,44 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
     __m256i vector, uint8_t ret[2U]) {
-  __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i);
-  __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb);
-  __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i);
-  __m128i msbs = mm_packs_epi16(low_msbs, high_msbs);
-  int32_t bits_packed = mm_movemask_epi8(msbs);
+  __m256i lsb_to_msb = mm256_slli_epi16(
+      (int32_t)15,
+      /* Suppose |vector| is laid out as follows (superscript number indicates
+         the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀
+         0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least
+         significant bit in each lane, move it to the most significant position
+         to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵
+         d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵
+         n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */
+      vector, __m256i);
+  __m128i low_msbs = mm256_castsi256_si128(
+      /* Get the first 8 16-bit elements ... */ lsb_to_msb);
+  __m128i high_msbs = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i);
+  __m128i msbs =
+      mm_packs_epi16(/* ... and then pack them into 8-bit values using signed
+                        saturation. This function packs all the |low_msbs|, and
+                        then the high ones. low_msbs = a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ |
+                        e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵ j₀0¹⁵ k₀0¹⁵
+                        l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ We shifted by 15 above
+                        to take advantage of the signed saturation performed by
+                        mm_packs_epi16: - if the sign bit of the 16-bit element
+                        being packed is 1, the corresponding 8-bit element in
+                        |msbs| will be 0xFF. - if the sign bit of the 16-bit
+                        element being packed is 0, the corresponding 8-bit
+                        element in |msbs| will be 0. Thus, if, for example, a₀ =
+                        1, e₀ = 1, and p₀ = 1, and every other bit is 0, after
+                        packing into 8 bit value, |msbs| will look like: 0xFF
+                        0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00
+                        0x00 | 0x00 0x00 0x00 0xFF */
+                     low_msbs,
+                     high_msbs);
+  int32_t bits_packed =
+      mm_movemask_epi8(/* Now that every element is either 0xFF or 0x00, we just
+                          extract the most significant bit from each element and
+                          collate them into two bytes. */
+                       msbs);
   uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)};
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
@@ -539,16 +582,39 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b) {
   __m256i coefficients =
-      mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
-  __m256i coefficients_in_msb = mm256_mullo_epi16(
-      coefficients,
-      mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U,
-                      (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U,
-                      (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U,
-                      (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U,
-                      (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U,
-                      (int16_t)-32768));
-  return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i);
+      mm256_set_epi16(/* We need to take each bit from the 2 bytes of input and
+                         put them into their own 16-bit lane. Ideally, we'd load
+                         the two bytes into the vector, duplicate them, and
+                         right-shift the 0th element by 0 bits, the first
+                         element by 1 bit, the second by 2 bits and so on before
+                         AND-ing with 0x1 to leave only the least signifinicant
+                         bit. But since |_mm256_srlv_epi16| does not exist, so
+                         we have to resort to a workaround. Rather than shifting
+                         each element by a different amount, we'll multiply each
+                         element by a value such that the bit we're interested
+                         in becomes the most significant bit. The coefficients
+                         are loaded as follows: */
+                      b,
+                      b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
+  __m256i coefficients_in_msb =
+      mm256_mullo_epi16(/* And this vector, when multiplied with the previous
+                           one, ensures that the bit we'd like to keep in each
+                           lane becomes the most significant bit upon
+                           multiplication. */
+                        coefficients,
+                        mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U,
+                                        (int16_t)1 << 10U, (int16_t)1 << 11U,
+                                        (int16_t)1 << 12U, (int16_t)1 << 13U,
+                                        (int16_t)1 << 14U, (int16_t)-32768,
+                                        (int16_t)1 << 8U, (int16_t)1 << 9U,
+                                        (int16_t)1 << 10U, (int16_t)1 << 11U,
+                                        (int16_t)1 << 12U, (int16_t)1 << 13U,
+                                        (int16_t)1 << 14U, (int16_t)-32768));
+  return mm256_srli_epi16(
+      (int32_t)15,
+      /* Now that they're all in the most significant bit position, shift them
+         down to the least significant bit. */
+      coefficients_in_msb, __m256i);
 }
 
 KRML_MUSTINLINE __m256i
@@ -561,7 +627,23 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
-      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(
+          bytes,
+          /* We need to take each bit from the 2 bytes of input and put them
+             into their own 16-bit lane. Ideally, we'd load the two bytes into
+             the vector, duplicate them, and right-shift the 0th element by 0
+             bits, the first element by 1 bit, the second by 2 bits and so on
+             before AND-ing with 0x1 to leave only the least signifinicant bit.
+             But since |_mm256_srlv_epi16| does not exist, so we have to resort
+             to a workaround. Rather than shifting each element by a different
+             amount, we'll multiply each element by a value such that the bit
+             we're interested in becomes the most significant bit. The
+             coefficients are loaded as follows: And this vector, when
+             multiplied with the previous one, ensures that the bit we'd like to
+             keep in each lane becomes the most significant bit upon
+             multiplication. Now that they're all in the most significant bit
+             position, shift them down to the least significant bit. */
+          (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
@@ -594,23 +676,47 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
     __m256i vector, uint8_t ret[8U]) {
   uint8_t serialized[16U] = {0U};
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector);
-  __m256i adjacent_8_combined = mm256_shuffle_epi8(
-      adjacent_2_combined,
-      mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                     (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4,
-                     (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8,
-                     (int8_t)4, (int8_t)0));
-  __m256i combined = mm256_permutevar8x32_epi32(
-      adjacent_8_combined,
-      mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
-                      (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
+          4U,
+          /* If |vector| is laid out as follows: 0x000A 0x000B 0x000C 0x000D |
+             0x000E 0x000F 0x000G 0x000H | .... |adjacent_2_combined| will be
+             laid out as a series of 32-bit integeres, as follows: 0x00_00_00_BA
+             0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */
+          vector);
+  __m256i adjacent_8_combined =
+      mm256_shuffle_epi8(/* Recall that |adjacent_2_combined| goes as follows:
+                            0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE
+                            0x00_00_00_HG | ... Out of this, we only need the
+                            first byte, the 4th byte, the 8th byte and so on
+                            from the bottom and the top 128 bits. */
+                         adjacent_2_combined,
+                         mm256_set_epi8(
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0,
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0));
+  __m256i combined =
+      mm256_permutevar8x32_epi32(/* |adjacent_8_combined| looks like this: 0:
+                                    0xHG_FE_DC_BA 1: 0x00_00_00_00 | 2:
+                                    0x00_00_00_00 3: 0x00_00_00_00 | 4:
+                                    0xPO_NM_LK_JI .... We put the element at 4
+                                    after the element at 0 ... */
+                                 adjacent_8_combined,
+                                 mm256_set_epi32((int32_t)0, (int32_t)0,
+                                                 (int32_t)0, (int32_t)0,
+                                                 (int32_t)0, (int32_t)0,
+                                                 (int32_t)4, (int32_t)0));
   __m128i combined0 = mm256_castsi256_si128(combined);
   mm_storeu_bytes_si128(
-      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
+      Eurydice_array_to_slice(
+          (size_t)16U,
+          /* ... so that we can read them out in one go. */ serialized,
+          uint8_t),
+      combined0);
   uint8_t ret0[8U];
   core_result_Result_15 dst;
   Eurydice_slice_to_array2(
@@ -634,8 +740,23 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
     int16_t b6, int16_t b7) {
-  __m256i coefficients = mm256_set_epi16(b7, b7, b6, b6, b5, b5, b4, b4, b3, b3,
-                                         b2, b2, b1, b1, b0, b0);
+  __m256i coefficients =
+      mm256_set_epi16(/* Every 4 bits from each byte of input should be put into
+                         its own 16-bit lane. Since |_mm256_srlv_epi16| does not
+                         exist, we have to resort to a workaround. Rather than
+                         shifting each element by a different amount, we'll
+                         multiply each element by a value such that the bits
+                         we're interested in become the most significant bits
+                         (of an 8-bit value). In this lane, the 4 bits we need
+                         to put are already the most significant bits of
+                         |bytes[7]| (that is, b7). */
+                      b7,
+                      /* In this lane, the 4 bits we need to put are the least
+                         significant bits, so we need to shift the 4
+                         least-significant bits of |b7| to the most significant
+                         bits (of an 8-bit value). */
+                      b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0,
+                      b0);
   __m256i coefficients_in_msb = mm256_mullo_epi16(
       coefficients,
       mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
@@ -644,9 +765,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
                       (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U,
                       (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
                       (int16_t)1 << 4U));
-  __m256i coefficients_in_lsb =
-      mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i);
-  return mm256_and_si256(coefficients_in_lsb,
+  __m256i coefficients_in_lsb = mm256_srli_epi16(
+      (int32_t)4,
+      /* Once the 4-bit coefficients are in the most significant positions (of
+         an 8-bit value), shift them all down by 4. */
+      coefficients_in_msb, __m256i);
+  return mm256_and_si256(/* Zero the remaining bits. */ coefficients_in_lsb,
                          mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1));
 }
 
@@ -662,7 +786,23 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
-      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(
+          bytes,
+          /* Every 4 bits from each byte of input should be put into its own
+             16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to
+             resort to a workaround. Rather than shifting each element by a
+             different amount, we'll multiply each element by a value such that
+             the bits we're interested in become the most significant bits (of
+             an 8-bit value). In this lane, the 4 bits we need to put are
+             already the most significant bits of |bytes[7]| (that is, b7). In
+             this lane, the 4 bits we need to put are the least significant
+             bits, so we need to shift the 4 least-significant bits of |b7| to
+             the most significant bits (of an 8-bit value). These constants are
+             chosen to shift the bits of the values that we loaded into
+             |coefficients|. Once the 4-bit coefficients are in the most
+             significant positions (of an 8-bit value), shift them all down
+             by 4. Zero the remaining bits. */
+          (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
@@ -684,32 +824,78 @@ libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
     __m256i vector, uint8_t ret[10U]) {
   uint8_t serialized[32U] = {0U};
-  __m256i adjacent_2_combined = mm256_madd_epi16(
-      vector, mm256_set_epi16(
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1));
-  __m256i adjacent_4_combined = mm256_sllv_epi32(
-      adjacent_2_combined,
-      mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22,
-                      (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22));
-  __m256i adjacent_4_combined0 =
-      mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined =
-      mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i);
-  __m256i adjacent_8_combined0 = mm256_sllv_epi32(
-      adjacent_8_combined,
-      mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12,
-                      (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12));
+  __m256i adjacent_2_combined =
+      mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number
+                          indicates the corresponding bit is duplicated that
+                          many times): 0¹¹a₄a₃a₂a₁a₀ 0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀
+                          0¹¹d₄d₃d₂d₁d₀ | ↩ 0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀
+                          0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ | ↩ |adjacent_2_combined|
+                          will be laid out as a series of 32-bit integers, as
+                          follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
+                          0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
+                          0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... */
+                       vector,
+                       mm256_set_epi16(
+                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
+                           (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
+                           (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
+                           (int16_t)1));
+  __m256i adjacent_4_combined =
+      mm256_sllv_epi32(/* Recall that |adjacent_2_combined| is laid out as
+                          follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
+                          0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
+                          0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... This shift results
+                          in: b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ |
+                          ↩ f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
+                          .... */
+                       adjacent_2_combined,
+                       mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0,
+                                       (int32_t)22, (int32_t)0, (int32_t)22,
+                                       (int32_t)0, (int32_t)22));
+  __m256i adjacent_4_combined0 = mm256_srli_epi64(
+      (int32_t)22,
+      /* |adjacent_4_combined|, when viewed as 64-bit lanes, is:
+         0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩
+         0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift
+         down by 22 bits to remove the least significant 0 bits that aren't part
+         of the bits we need. */
+      adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined = mm256_shuffle_epi32(
+      (int32_t)8,
+      /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks
+         like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³²
+         2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to
+         read out the bytes in one go, we need to shifts the bits in position 2
+         to position 1 in each 128-bit lane. */
+      adjacent_4_combined0, __m256i);
+  __m256i adjacent_8_combined0 =
+      mm256_sllv_epi32(/* |adjacent_8_combined|, when viewed as a set of 32-bit
+                          values, now looks like:
+                          0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
+                          0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 0³² 0³² |
+                          ↩ Once again, we line these bits up by shifting the up
+                          values at indices 0 and 5 by 12, viewing the resulting
+                          register as a set of 64-bit values, and then shifting
+                          down the 64-bit values by 12 bits. */
+                       adjacent_8_combined,
+                       mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0,
+                                       (int32_t)12, (int32_t)0, (int32_t)0,
+                                       (int32_t)0, (int32_t)12));
   __m256i adjacent_8_combined1 =
       mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i);
-  __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1);
+  __m128i lower_8 =
+      mm256_castsi256_si128(/* We now have 40 bits starting at position 0 in the
+                               lower 128-bit lane, ... */
+                            adjacent_8_combined1);
   mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
       lower_8);
-  __m128i upper_8 =
-      mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i);
+  __m128i upper_8 = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ... and the second 40 bits at position 0 in the upper 128-bit lane */
+      adjacent_8_combined1, __m128i);
   mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
@@ -803,25 +989,67 @@ core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
     __m256i vector) {
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector);
-  __m256i adjacent_4_combined = mm256_sllv_epi32(
-      adjacent_2_combined,
-      mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12,
-                      (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
+          10U,
+          /* If |vector| is laid out as follows (superscript number indicates
+             the corresponding bit is duplicated that many times):
+             0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
+             0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩
+             0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
+             0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ...
+             |adjacent_2_combined| will be laid out as a series of 32-bit
+             integers, as follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+             0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
+             0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+             0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... */
+          vector);
+  __m256i adjacent_4_combined =
+      mm256_sllv_epi32(/* Shifting up the values at the even indices by 12, we
+                          get: b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                          0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
+                          f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                          0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ ... */
+                       adjacent_2_combined,
+                       mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0,
+                                       (int32_t)12, (int32_t)0, (int32_t)12,
+                                       (int32_t)0, (int32_t)12));
   __m256i adjacent_4_combined0 =
-      mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined = mm256_shuffle_epi8(
-      adjacent_4_combined0,
-      mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                     (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9,
-                     (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1,
-                     (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                     (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10,
-                     (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2,
-                     (int8_t)1, (int8_t)0));
-  __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined);
-  __m128i upper_8 =
-      mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i);
+      mm256_srli_epi64((int32_t)12,
+                       /* Viewing this as a set of 64-bit integers we get:
+                          0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                          | ↩
+                          0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                          | ↩ ... Shifting down by 12 gives us:
+                          0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                          | ↩
+                          0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                          | ↩ ... */
+                       adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined =
+      mm256_shuffle_epi8(/* |adjacent_4_combined|, when the bottom and top 128
+                            bit-lanes are grouped into bytes, looks like:
+                            0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ In
+                            each 128-bit lane, we want to put bytes 8, 9, 10,
+                            11, 12 after bytes 0, 1, 2, 3 to allow for
+                            sequential reading. */
+                         adjacent_4_combined0,
+                         mm256_set_epi8(
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11,
+                             (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
+                             (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0,
+                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                             (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11,
+                             (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
+                             (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
+  __m128i lower_8 =
+      mm256_castsi256_si128(/* We now have 64 bits starting at position 0 in the
+                               lower 128-bit lane, ... */
+                            adjacent_8_combined);
+  __m128i upper_8 = mm256_extracti128_si256(
+      (int32_t)1,
+      /* and 64 bits starting at position 0 in the upper 128-bit lane. */
+      adjacent_8_combined, __m128i);
   return (
       CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8});
 }
@@ -829,8 +1057,167 @@ libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
     __m256i vector, uint8_t ret[20U]) {
   core_core_arch_x86___m128i_x2 uu____0 =
-      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
-          vector);
+      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(/* If
+                                                                            |vector|
+                                                                            is
+                                                                            laid
+                                                                            out
+                                                                            as
+                                                                            follows
+                                                                            (superscript
+                                                                            number
+                                                                            indicates
+                                                                            the
+                                                                            corresponding
+                                                                            bit
+                                                                            is
+                                                                            duplicated
+                                                                            that
+                                                                            many
+                                                                            times):
+                                                                            0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                                                                            0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
+                                                                            0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                                            0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀
+                                                                            | ↩
+                                                                            0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                                                                            0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
+                                                                            0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                                            0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀
+                                                                            | ↩
+                                                                            ...
+                                                                            |adjacent_2_combined|
+                                                                            will
+                                                                            be
+                                                                            laid
+                                                                            out
+                                                                            as a
+                                                                            series
+                                                                            of
+                                                                            32-bit
+                                                                            integers,
+                                                                            as
+                                                                            follows:
+                                                                            0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                                            | ↩
+                                                                            0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                                            | ↩
+                                                                            ....
+                                                                            Shifting
+                                                                            up
+                                                                            the
+                                                                            values
+                                                                            at
+                                                                            the
+                                                                            even
+                                                                            indices
+                                                                            by
+                                                                            12,
+                                                                            we
+                                                                            get:
+                                                                            b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                                            | ↩
+                                                                            f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                                            | ↩
+                                                                            ...
+                                                                            Viewing
+                                                                            this
+                                                                            as a
+                                                                            set
+                                                                            of
+                                                                            64-bit
+                                                                            integers
+                                                                            we
+                                                                            get:
+                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                                                                            | ↩
+                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                                                                            | ↩
+                                                                            ...
+                                                                            Shifting
+                                                                            down
+                                                                            by
+                                                                            12
+                                                                            gives
+                                                                            us:
+                                                                            0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                                                                            | ↩
+                                                                            0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                                                                            | ↩
+                                                                            ...
+                                                                            |adjacent_4_combined|,
+                                                                            when
+                                                                            the
+                                                                            bottom
+                                                                            and
+                                                                            top
+                                                                            128
+                                                                            bit-lanes
+                                                                            are
+                                                                            grouped
+                                                                            into
+                                                                            bytes,
+                                                                            looks
+                                                                            like:
+                                                                            0₇0₆0₅B₄B₃B₂B₁B₀
+                                                                            | ↩
+                                                                            0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈
+                                                                            | ↩
+                                                                            In
+                                                                            each
+                                                                            128-bit
+                                                                            lane,
+                                                                            we
+                                                                            want
+                                                                            to
+                                                                            put
+                                                                            bytes
+                                                                            8,
+                                                                            9,
+                                                                            10,
+                                                                            11,
+                                                                            12
+                                                                            after
+                                                                            bytes
+                                                                            0,
+                                                                            1,
+                                                                            2, 3
+                                                                            to
+                                                                            allow
+                                                                            for
+                                                                            sequential
+                                                                            reading.
+                                                                            We
+                                                                            now
+                                                                            have
+                                                                            64
+                                                                            bits
+                                                                            starting
+                                                                            at
+                                                                            position
+                                                                            0 in
+                                                                            the
+                                                                            lower
+                                                                            128-bit
+                                                                            lane,
+                                                                            ...
+                                                                            and
+                                                                            64
+                                                                            bits
+                                                                            starting
+                                                                            at
+                                                                            position
+                                                                            0 in
+                                                                            the
+                                                                            upper
+                                                                            128-bit
+                                                                            lane.
+                                                                          */
+                                                                         vector);
   __m128i lower_8 = uu____0.fst;
   __m128i upper_8 = uu____0.snd;
   uint8_t serialized[32U] = {0U};
@@ -880,14 +1267,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
                       (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U,
                       (int16_t)1 << 6U));
   __m256i coefficients1 = mm256_srli_epi16((int32_t)6, coefficients0, __m256i);
-  return mm256_and_si256(coefficients1,
-                         mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1));
+  return mm256_and_si256(
+      /* Here I can prove this `and` is not useful */ coefficients1,
+      mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1));
 }
 
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
-  Eurydice_slice lower_coefficients =
-      Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t);
+  Eurydice_slice lower_coefficients = Eurydice_slice_subslice2(
+      /* Here I can prove this `and` is not useful */ bytes, (size_t)0U,
+      (size_t)16U, uint8_t);
   Eurydice_slice upper_coefficients =
       Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t);
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -1053,26 +1442,64 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
   __m256i field_modulus =
       mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i potential_coefficients =
-      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input);
+      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can
+                                                             be interpreted as a
+                                                             sequence of
+                                                             serialized 12-bit
+                                                             (i.e. uncompressed)
+                                                             coefficients. Not
+                                                             all coefficients
+                                                             may be less than
+                                                             FIELD_MODULUS
+                                                             though. */
+                                                          input);
   __m256i compare_with_field_modulus =
-      mm256_cmpgt_epi16(field_modulus, potential_coefficients);
+      mm256_cmpgt_epi16(/* Suppose we view |potential_coefficients| as follows
+                           (grouping 64-bit elements): A B C D | E F G H | ....
+                           and A < 3329, D < 3329 and H < 3329,
+                           |compare_with_field_modulus| will look like: 0xFF 0 0
+                           0xFF | 0 0 0 0xFF | ... */
+                        field_modulus,
+                        potential_coefficients);
   uint8_t good[2U];
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus,
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each
+                                                      lane is either 0 or 1, we
+                                                      only need one bit from
+                                                      each lane in the register
+                                                      to tell us what
+                                                      coefficients to keep and
+                                                      what to throw-away.
+                                                      Combine all the bits
+                                                      (there are 16) into two
+                                                      bytes. */
+                                                   compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
   memcpy(lower_shuffles,
+         /* Each bit (and its corresponding position) represents an element we
+            want to sample. We'd like all such elements to be next to each other
+            starting at index 0, so that they can be read from the vector
+            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
+            shuffling indices needed to make this happen. For e.g. if good[0] =
+            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
+            lane to the first. To do this, we need the byte-level shuffle
+            indices to be 2 3 X X X X ... */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[0U]],
          (size_t)16U * sizeof(uint8_t));
-  __m128i lower_shuffles0 = mm_loadu_si128(
-      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
+  __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice(
+      (size_t)16U,
+      /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
+      uint8_t));
   __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients);
   __m128i lower_coefficients0 =
       mm_shuffle_epi8(lower_coefficients, lower_shuffles0);
-  mm_storeu_si128(output, lower_coefficients0);
+  mm_storeu_si128(/* ... then write them out ... */ output,
+                  lower_coefficients0);
   size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]);
   uint8_t upper_shuffles[16U];
   memcpy(upper_shuffles,
+         /* Do the same for |goood[1]| */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[1U]],
          (size_t)16U * sizeof(uint8_t));
@@ -1425,9 +1852,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
-  H_a9_e0(Eurydice_array_to_subslice2(
-              private_key->value, (size_t)384U * (size_t)3U,
-              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
+  H_a9_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
+                                         on the types. We need to go to the
+                                         `value` directly. */
+                                      private_key->value,
+                                      (size_t)384U * (size_t)3U,
+                                      (size_t)768U * (size_t)3U + (size_t)32U,
+                                      uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
@@ -1914,6 +2345,10 @@ static KRML_MUSTINLINE void sample_from_xof_6c1(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -1972,7 +2407,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c1(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (transpose) {
+        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -2187,7 +2622,12 @@ with const generics
 static KRML_MUSTINLINE void ntt_at_layer_7_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U; i < step; i++) {
+  for (size_t i = (size_t)0U;
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       step;
+       i++) {
     size_t j = i;
     __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
         re->coefficients[j + step], (int16_t)-1600);
@@ -2239,7 +2679,13 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2248,9 +2694,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          ntt_layer_int_vec_step_61(
-              re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+          ntt_layer_int_vec_step_61(re->coefficients[j],
+                                    re->coefficients[j + step_vec],
+                                    libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
       __m256i y = uu____0.snd;
       re->coefficients[j] = x;
@@ -2272,7 +2718,7 @@ static KRML_MUSTINLINE void ntt_at_layer_3_61(
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
       re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(
           re->coefficients[round],
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])););
+          libcrux_ml_kem_polynomial_zeta(zeta_i[0U])););
 }
 
 /**
@@ -2287,9 +2733,8 @@ static KRML_MUSTINLINE void ntt_at_layer_2_61(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
       re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
-          re->coefficients[round],
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U));
+          re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+          libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;);
 }
 
@@ -2305,11 +2750,10 @@ static KRML_MUSTINLINE void ntt_at_layer_1_61(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
       re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
-          re->coefficients[round],
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U),
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U),
-          libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U));
+          re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+          libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
+          libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
+          libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U));
       zeta_i[0U] = zeta_i[0U] + (size_t)3U;);
 }
 
@@ -2327,7 +2771,11 @@ with const generics
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     self->coefficients[i0] =
         libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
@@ -2342,7 +2790,9 @@ with const generics
 */
 static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  ntt_at_layer_7_61(re);
+  ntt_at_layer_7_61(/* Due to the small coefficient bound, we can skip the first
+                       round of Montgomery reductions. */
+                    re);
   size_t zeta_i = (size_t)1U;
   ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
   ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
@@ -2449,13 +2899,13 @@ ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     size_t i0 = i;
     out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09(
         &self->coefficients[i0], &rhs->coefficients[i0],
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0),
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                           (size_t)1U),
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                           (size_t)2U),
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                           (size_t)3U));
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                       (size_t)1U),
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                       (size_t)2U),
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                       (size_t)3U));
   }
   return out;
 }
@@ -2475,9 +2925,14 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
-                              __m256i);
+       i <
+       Eurydice_slice_len(Eurydice_array_to_slice(
+                              (size_t)16U,
+                              /* The semicolon and parentheses at the end of
+                                 loop are a workaround for the following bug
+                                 https://github.com/hacspec/hax/issues/720 */
+                              self->coefficients, __m256i),
+                          __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -2511,10 +2966,17 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
-    __m256i coefficient_normal_form =
-        to_standard_domain_61(self->coefficients[j]);
+    __m256i coefficient_normal_form = to_standard_domain_61(
+        self->coefficients[/* The coefficients are of the form aR^{-1} mod q,
+                              which means calling to_montgomery_domain() on them
+                              should return a mod q. */
+                           j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -2544,6 +3006,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -2619,7 +3083,10 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
     IndCpaPrivateKeyUnpacked_63 *private_key,
     IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_be(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
+                           ML-KEM */
+                        key_generation_seed,
+                        hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -2649,8 +3116,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
       sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_ab(public_key->t_as_ntt, public_key->A,
-                       private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_ab(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
+                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -2675,11 +3142,13 @@ serialize_unpacked_secret_key_8c(IndCpaPublicKeyUnpacked_63 *public_key,
                                  IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_ed(
-      public_key->t_as_ntt,
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_ed(private_key->secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_ed(
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
+      secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -2866,11 +3335,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa1(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_63 *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
   deserialize_ring_elements_reduced_ab(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -2979,10 +3452,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_61(
       re->coefficients[round] =
           libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U));
       zeta_i[0U] = zeta_i[0U] - (size_t)3U;);
 }
 
@@ -3000,8 +3473,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_61(
       re->coefficients[round] =
           libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;);
 }
 
@@ -3018,7 +3491,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_3_61(
                    re->coefficients[round] =
                        libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(
                            re->coefficients[round],
-                           libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])););
+                           libcrux_ml_kem_polynomial_zeta(zeta_i[0U])););
 }
 
 /**
@@ -3047,7 +3520,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3060,7 +3539,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
           inv_ntt_layer_int_vec_step_reduce_61(
               re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
       __m256i y = uu____0.snd;
       re->coefficients[j] = x;
@@ -3078,7 +3557,10 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -3104,7 +3586,11 @@ static KRML_MUSTINLINE void add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -3217,8 +3703,26 @@ add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
-                                                    &message->coefficients[i0]);
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(
+        self->coefficients
+            [/* FIXME: Eurydice crashes with: Warning 11: in top-level
+                declaration
+                libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
+                this expression is not Low*; the enclosing function cannot be
+                translated into C*: let mutable ret(Mark.Present,(Mark.AtMost
+                2), ): int16_t[16size_t] = $any in
+                libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
+                ((@9:
+                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
+                &(((@8:
+                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
+                @0; @0 Warning 11 is fatal, exiting. On the following code:
+                ```rust result.coefficients[i] =
+                Vector::barrett_reduce(Vector::add( coefficient_normal_form,
+                &Vector::add(self.coefficients[i], &message.coefficients[i]),
+                )); ``` */
+             i0],
+        &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
@@ -3266,8 +3770,18 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
-  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
+  __m128i coefficients_low =
+      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
+                               the bottom 128 bits, i.e. the first 8 16-bit
+                               coefficients */
+                            vector);
+  __m256i coefficients_low0 =
+      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
+                              coefficients_low[16:31] = B
+                              coefficients_low[32:63] = C and so on ... after
+                              this step: coefficients_low[0:31] = A
+                              coefficients_low[32:63] = B and so on ... */
+                           coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3275,12 +3789,18 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 =
-      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
+  __m256i compressed_low2 = mm256_srli_epi32(
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i);
@@ -3293,8 +3813,20 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        compressed_low3,
+                        compressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -3348,8 +3880,18 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
-  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
+  __m128i coefficients_low =
+      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
+                               the bottom 128 bits, i.e. the first 8 16-bit
+                               coefficients */
+                            vector);
+  __m256i coefficients_low0 =
+      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
+                              coefficients_low[16:31] = B
+                              coefficients_low[32:63] = C and so on ... after
+                              this step: coefficients_low[0:31] = A
+                              coefficients_low[32:63] = B and so on ... */
+                           coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3357,12 +3899,18 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 =
-      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
+  __m256i compressed_low2 = mm256_srli_epi32(
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i);
@@ -3375,8 +3923,20 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        compressed_low3,
+                        compressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -3454,8 +4014,18 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
-  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
+  __m128i coefficients_low =
+      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
+                               the bottom 128 bits, i.e. the first 8 16-bit
+                               coefficients */
+                            vector);
+  __m256i coefficients_low0 =
+      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
+                              coefficients_low[16:31] = B
+                              coefficients_low[32:63] = C and so on ... after
+                              this step: coefficients_low[0:31] = A
+                              coefficients_low[32:63] = B and so on ... */
+                           coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3463,12 +4033,18 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 =
-      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
+  __m256i compressed_low2 = mm256_srli_epi32(
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i);
@@ -3481,8 +4057,20 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        compressed_low3,
+                        compressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -3508,7 +4096,11 @@ static KRML_MUSTINLINE void compress_then_serialize_4_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     __m256i coefficient =
         compress_09_d1(to_unsigned_field_modulus_61(re.coefficients[i0]));
@@ -3535,8 +4127,18 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
-  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
+  __m128i coefficients_low =
+      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
+                               the bottom 128 bits, i.e. the first 8 16-bit
+                               coefficients */
+                            vector);
+  __m256i coefficients_low0 =
+      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
+                              coefficients_low[16:31] = B
+                              coefficients_low[32:63] = C and so on ... after
+                              this step: coefficients_low[0:31] = A
+                              coefficients_low[32:63] = B and so on ... */
+                           coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3544,12 +4146,18 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 =
-      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
+  __m256i compressed_low2 = mm256_srli_epi32(
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i);
@@ -3562,8 +4170,20 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        compressed_low3,
+                        compressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -3589,7 +4209,11 @@ static KRML_MUSTINLINE void compress_then_serialize_5_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     __m256i coefficients =
         compress_09_f4(to_unsigned_representative_61(re.coefficients[i0]));
@@ -3677,7 +4301,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
     IndCpaPublicKeyUnpacked_63 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness,
+                                            prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -3689,6 +4317,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_23 uu____3 =
       sample_ring_element_cbd_b41(copy_of_prf_input, domain_separator0);
@@ -3697,7 +4326,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -3705,9 +4334,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
-  compute_vector_u_ab(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
+                      r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -3716,12 +4347,14 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
                                 &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -3916,7 +4549,8 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m128i coefficients_low = mm256_castsi256_si128(
+      /* ---- Compress the first 8 coefficients ---- */ vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -3924,12 +4558,16 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 =
-      mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i);
+  __m256i decompressed_low2 = mm256_srli_epi32(
+      (int32_t)10,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -3937,12 +4575,27 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 =
-      mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i);
+  __m256i decompressed_high2 = mm256_srli_epi32(
+      (int32_t)10,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        decompressed_low3,
+                        decompressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -3997,7 +4650,8 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m128i coefficients_low = mm256_castsi256_si128(
+      /* ---- Compress the first 8 coefficients ---- */ vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4005,12 +4659,16 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 =
-      mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i);
+  __m256i decompressed_low2 = mm256_srli_epi32(
+      (int32_t)11,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4018,12 +4676,27 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 =
-      mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i);
+  __m256i decompressed_high2 = mm256_srli_epi32(
+      (int32_t)11,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        decompressed_low3,
+                        decompressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -4146,7 +4819,8 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m128i coefficients_low = mm256_castsi256_si128(
+      /* ---- Compress the first 8 coefficients ---- */ vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4154,12 +4828,16 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 =
-      mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i);
+  __m256i decompressed_low2 = mm256_srli_epi32(
+      (int32_t)4,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4167,12 +4845,27 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 =
-      mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i);
+  __m256i decompressed_high2 = mm256_srli_epi32(
+      (int32_t)4,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        decompressed_low3,
+                        decompressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -4222,7 +4915,8 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5);
-  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m128i coefficients_low = mm256_castsi256_si128(
+      /* ---- Compress the first 8 coefficients ---- */ vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4230,12 +4924,16 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 =
-      mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i);
+  __m256i decompressed_low2 = mm256_srli_epi32(
+      (int32_t)5,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high =
-      mm256_extracti128_si256((int32_t)1, vector, __m128i);
+  __m128i coefficients_high = mm256_extracti128_si256(
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4243,12 +4941,27 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 =
-      mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i);
+  __m256i decompressed_high2 = mm256_srli_epi32(
+      (int32_t)5,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
-  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
+  __m256i compressed =
+      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
+                           this function results in: 0: low low low low | 1:
+                           high high high high | 2: low low low low | 3: high
+                           high high high where each |low| and |high| is a
+                           16-bit element */
+                        decompressed_low3,
+                        decompressed_high3);
+  return mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -4415,11 +5128,14 @@ static KRML_MUSTINLINE void decrypt_unpacked_2f(
     IndCpaPrivateKeyUnpacked_63 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
-  deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_ed(
+      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_ed(
-          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
-                                          (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)1088U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -4440,7 +5156,8 @@ with const generics
 static KRML_MUSTINLINE void decrypt_2f(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-  deserialize_secret_key_ab(secret_key, secret_as_ntt);
+  deserialize_secret_key_ab(/* sˆ := Decode_12(sk) */ secret_key,
+                            secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -4555,17 +5272,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_a11(
   kdf_d8_ae(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  kdf_d8_ae(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
+  kdf_d8_ae(shared_secret0, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -4760,9 +5477,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
-  H_a9_ac(Eurydice_array_to_subslice2(
-              private_key->value, (size_t)384U * (size_t)4U,
-              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
+  H_a9_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
+                                         on the types. We need to go to the
+                                         `value` directly. */
+                                      private_key->value,
+                                      (size_t)384U * (size_t)4U,
+                                      (size_t)768U * (size_t)4U + (size_t)32U,
+                                      uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
@@ -5239,6 +5960,10 @@ static KRML_MUSTINLINE void sample_from_xof_6c(
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_78(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -5297,7 +6022,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (transpose) {
+        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -5448,9 +6173,14 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
-                              __m256i);
+       i <
+       Eurydice_slice_len(Eurydice_array_to_slice(
+                              (size_t)16U,
+                              /* The semicolon and parentheses at the end of
+                                 loop are a workaround for the following bug
+                                 https://github.com/hacspec/hax/issues/720 */
+                              self->coefficients, __m256i),
+                          __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -5481,6 +6211,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_42(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -5556,7 +6288,10 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
     IndCpaPrivateKeyUnpacked_39 *private_key,
     IndCpaPublicKeyUnpacked_39 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_6a(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_6a(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
+                           ML-KEM */
+                        key_generation_seed,
+                        hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5586,8 +6321,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
       sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_42(public_key->t_as_ntt, public_key->A,
-                       private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_42(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
+                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -5612,11 +6347,13 @@ serialize_unpacked_secret_key_c9(IndCpaPublicKeyUnpacked_39 *public_key,
                                  IndCpaPrivateKeyUnpacked_39 *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_1e(
-      public_key->t_as_ntt,
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_78(private_key->secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_78(
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
+      secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -5803,11 +6540,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa0(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_39 *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
   deserialize_ring_elements_reduced_42(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1536U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -5899,7 +6640,10 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -6129,7 +6873,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
     IndCpaPublicKeyUnpacked_39 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness,
+                                            prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -6141,6 +6889,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_dd uu____3 =
       sample_ring_element_cbd_b4(copy_of_prf_input, domain_separator0);
@@ -6149,7 +6898,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
       error_1, uu____3.fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -6157,9 +6906,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[4U];
-  compute_vector_u_42(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_42(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
+                      r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -6168,12 +6919,14 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[4U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_c9(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_1e(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
@@ -6487,11 +7240,14 @@ static KRML_MUSTINLINE void decrypt_unpacked_37(
     IndCpaPrivateKeyUnpacked_39 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U];
-  deserialize_then_decompress_u_1e(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_1e(
+      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_78(
-          Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
-                                          (size_t)1408U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)1568U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -6512,7 +7268,8 @@ with const generics
 static KRML_MUSTINLINE void decrypt_37(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
-  deserialize_secret_key_42(secret_key, secret_as_ntt);
+  deserialize_secret_key_42(/* sˆ := Decode_12(sk) */ secret_key,
+                            secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -6615,17 +7372,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_a10(
   kdf_d8_5e(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  kdf_d8_5e(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
+  kdf_d8_5e(shared_secret0, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_af(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -6820,9 +7577,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
-  H_a9_fd(Eurydice_array_to_subslice2(
-              private_key->value, (size_t)384U * (size_t)2U,
-              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
+  H_a9_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
+                                         on the types. We need to go to the
+                                         `value` directly. */
+                                      private_key->value,
+                                      (size_t)384U * (size_t)2U,
+                                      (size_t)768U * (size_t)2U + (size_t)32U,
+                                      uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
@@ -7273,6 +8034,10 @@ static KRML_MUSTINLINE void sample_from_xof_6c0(
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_29(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -7331,7 +8096,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c0(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (transpose) {
+        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -7487,9 +8252,14 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
-                              __m256i);
+       i <
+       Eurydice_slice_len(Eurydice_array_to_slice(
+                              (size_t)16U,
+                              /* The semicolon and parentheses at the end of
+                                 loop are a workaround for the following bug
+                                 https://github.com/hacspec/hax/issues/720 */
+                              self->coefficients, __m256i),
+                          __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -7520,6 +8290,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_89(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -7595,7 +8367,10 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
     IndCpaPrivateKeyUnpacked_94 *private_key,
     IndCpaPublicKeyUnpacked_94 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_f8(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_f8(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
+                           ML-KEM */
+                        key_generation_seed,
+                        hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -7625,8 +8400,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
       sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_89(public_key->t_as_ntt, public_key->A,
-                       private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_89(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
+                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -7651,11 +8426,13 @@ serialize_unpacked_secret_key_2d(IndCpaPublicKeyUnpacked_94 *public_key,
                                  IndCpaPrivateKeyUnpacked_94 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_ba(
-      public_key->t_as_ntt,
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_29(private_key->secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_29(
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
+      secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7842,11 +8619,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_94 *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
   deserialize_ring_elements_reduced_89(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)768U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7984,7 +8765,10 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -8176,7 +8960,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
     IndCpaPublicKeyUnpacked_94 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness,
+                                            prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -8188,6 +8976,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_40 uu____3 =
       sample_ring_element_cbd_b40(copy_of_prf_input, domain_separator0);
@@ -8196,7 +8985,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
       error_1, uu____3.fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -8204,9 +8993,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[2U];
-  compute_vector_u_89(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_89(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
+                      r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -8215,12 +9006,14 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
                                 &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[2U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_2d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_ba(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
@@ -8504,11 +9297,14 @@ static KRML_MUSTINLINE void decrypt_unpacked_4b(
     IndCpaPrivateKeyUnpacked_94 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U];
-  deserialize_then_decompress_u_ba(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_ba(
+      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_29(
-          Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
-                                          (size_t)640U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)768U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -8529,7 +9325,8 @@ with const generics
 static KRML_MUSTINLINE void decrypt_4b(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
-  deserialize_secret_key_89(secret_key, secret_as_ntt);
+  deserialize_secret_key_89(/* sˆ := Decode_12(sk) */ secret_key,
+                            secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[2U];
   memcpy(
@@ -8631,15 +9428,15 @@ void libcrux_ml_kem_ind_cca_decapsulate_a1(
   kdf_d8_4d(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  kdf_d8_4d(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
+  kdf_d8_4d(shared_secret0, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_d0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index c127a7b25..addfdaf30 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 128049b3b..fddae347c 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -66,7 +66,7 @@ static const int16_t ZETAS_TIMES_MONTGOMERY_R[128U] = {
     (int16_t)-108,  (int16_t)-308,  (int16_t)996,   (int16_t)991,
     (int16_t)958,   (int16_t)-1460, (int16_t)1522,  (int16_t)1628};
 
-int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) {
+int16_t libcrux_ml_kem_polynomial_zeta(size_t i) {
   return ZETAS_TIMES_MONTGOMERY_R[i];
 }
 
@@ -1152,11 +1152,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
 */
 uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
     uint16_t fe) {
-  int16_t shifted = (int16_t)1664 - (int16_t)fe;
-  int16_t mask = shifted >> 15U;
+  int16_t shifted =
+      (int16_t)1664 -
+      (int16_t) /* The approach used here is inspired by:
+                   https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
+                   If 833 <= fe <= 2496, then -832 <= shifted <= 831 */
+      fe;
+  int16_t mask =
+      /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) =
+         -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive
+         <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so
+         if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */
+      shifted
+
+      >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 = shifted_positive_in_range >> 15U;
+  int16_t r0 =
+      /* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means the
+         most significant bit of shifted_positive_in_range will be 1. */
+      shifted_positive_in_range
+
+      >> 15U;
   int16_t r1 = r0 & (int16_t)1;
   return (uint8_t)r1;
 }
@@ -1192,7 +1209,16 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
 
 int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
     uint8_t coefficient_bits, uint16_t fe) {
-  uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
+  uint64_t compressed =
+      (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits
+                    == 5 || coefficient_bits == 10 || coefficient_bits == 11 );
+                    hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to
+                    be constant time due to:
+                    https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
+                  */
+      fe
+
+      << (uint32_t)coefficient_bits;
   compressed = compressed + 1664ULL;
   compressed = compressed * 10321340ULL;
   compressed = compressed >> 35U;
@@ -2712,9 +2738,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
-  H_f1_ac(Eurydice_array_to_subslice2(
-              private_key->value, (size_t)384U * (size_t)4U,
-              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
+  H_f1_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
+                                         on the types. We need to go to the
+                                         `value` directly. */
+                                      private_key->value,
+                                      (size_t)384U * (size_t)4U,
+                                      (size_t)768U * (size_t)4U + (size_t)32U,
+                                      uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
@@ -3204,6 +3234,10 @@ static KRML_MUSTINLINE void sample_from_xof_2b(
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_ff(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -3263,7 +3297,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (transpose) {
+        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -3461,7 +3495,12 @@ with const generics
 static KRML_MUSTINLINE void ntt_at_layer_7_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U; i < step; i++) {
+  for (size_t i = (size_t)0U;
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       step;
+       i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
         libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
@@ -3523,7 +3562,13 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3532,9 +3577,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          ntt_layer_int_vec_step_8c(
-              re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+          ntt_layer_int_vec_step_8c(re->coefficients[j],
+                                    re->coefficients[j + step_vec],
+                                    libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
       re->coefficients[j] = x;
@@ -3557,7 +3602,7 @@ static KRML_MUSTINLINE void ntt_at_layer_3_8c(
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
           libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       re->coefficients[round] = uu____0;);
 }
 
@@ -3575,8 +3620,8 @@ static KRML_MUSTINLINE void ntt_at_layer_2_8c(
       re->coefficients[round] =
           libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;);
 }
 
@@ -3594,10 +3639,10 @@ static KRML_MUSTINLINE void ntt_at_layer_1_8c(
       re->coefficients[round] =
           libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U));
       zeta_i[0U] = zeta_i[0U] + (size_t)3U;);
 }
 
@@ -3615,7 +3660,11 @@ with const generics
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -3632,7 +3681,9 @@ with const generics
 */
 static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  ntt_at_layer_7_8c(re);
+  ntt_at_layer_7_8c(/* Due to the small coefficient bound, we can skip the first
+                       round of Montgomery reductions. */
+                    re);
   size_t zeta_i = (size_t)1U;
   ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
   ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
@@ -3742,13 +3793,13 @@ ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_ntt_multiply_0d(
             &self->coefficients[i0], &rhs->coefficients[i0],
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0),
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                               (size_t)1U),
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                               (size_t)2U),
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                               (size_t)3U));
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                           (size_t)1U),
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                           (size_t)2U),
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                           (size_t)3U));
     out.coefficients[i0] = uu____0;
   }
   return out;
@@ -3771,7 +3822,11 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_d0(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U,
+                   /* The semicolon and parentheses at the end of loop are a
+                      workaround for the following bug
+                      https://github.com/hacspec/hax/issues/720 */
+                   self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -3811,10 +3866,18 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_8c(self->coefficients[j]);
+        coefficient_normal_form = to_standard_domain_8c(
+            self->coefficients[/* The coefficients are of the form aR^{-1} mod
+                                  q, which means calling to_montgomery_domain()
+                                  on them should return a mod q. */
+                               j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3846,6 +3909,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -3921,7 +3986,10 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
     IndCpaPrivateKeyUnpacked_af *private_key,
     IndCpaPublicKeyUnpacked_af *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_03(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_03(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
+                           ML-KEM */
+                        key_generation_seed,
+                        hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -3951,8 +4019,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
       sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_d0(public_key->t_as_ntt, public_key->A,
-                       private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_d0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
+                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -3977,11 +4045,13 @@ serialize_unpacked_secret_key_2f(IndCpaPublicKeyUnpacked_af *public_key,
                                  IndCpaPrivateKeyUnpacked_af *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_00(
-      public_key->t_as_ntt,
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_ff(private_key->secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_ff(
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
+      secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -4169,11 +4239,15 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_af *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
   deserialize_ring_elements_reduced_d0(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1536U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4284,10 +4358,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_8c(
       re->coefficients[round] =
           libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U));
       zeta_i[0U] = zeta_i[0U] - (size_t)3U;);
 }
 
@@ -4305,8 +4379,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_8c(
       re->coefficients[round] =
           libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;);
 }
 
@@ -4324,7 +4398,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_3_8c(
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
           libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
               re->coefficients[round],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       re->coefficients[round] = uu____0;);
 }
 
@@ -4360,7 +4434,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -4373,7 +4453,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
           inv_ntt_layer_int_vec_step_reduce_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
       re->coefficients[j] = x;
@@ -4391,7 +4471,10 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -4417,7 +4500,11 @@ static KRML_MUSTINLINE void add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4543,8 +4630,27 @@ add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
-                                              &message->coefficients[i0]);
+        libcrux_ml_kem_vector_portable_add_0d(
+            self->coefficients[/* FIXME: Eurydice crashes with: Warning 11: in
+                                  top-level declaration
+                                  libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
+                                  this expression is not Low*; the enclosing
+                                  function cannot be translated into C*: let
+                                  mutable ret(Mark.Present,(Mark.AtMost 2), ):
+                                  int16_t[16size_t] = $any in
+                                  libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
+                                  ((@9:
+                                  libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
+                                  &(((@8:
+                                  libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
+                                  @0; @0 Warning 11 is fatal, exiting. On the
+                                  following code: ```rust result.coefficients[i]
+                                  = Vector::barrett_reduce(Vector::add(
+                                  coefficient_normal_form,
+                                  &Vector::add(self.coefficients[i],
+                                  &message.coefficients[i]), )); ``` */
+                               i0],
+            &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
@@ -4757,7 +4863,11 @@ static KRML_MUSTINLINE void compress_then_serialize_4_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         compress_0d_d1(to_unsigned_field_modulus_8c(re.coefficients[i0]));
@@ -4812,7 +4922,11 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
         compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0]));
@@ -4901,7 +5015,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
     IndCpaPublicKeyUnpacked_af *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness,
+                                            prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -4913,6 +5031,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_dd0 uu____3 =
       sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0);
@@ -4921,7 +5040,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
       error_1, uu____3.fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -4929,9 +5048,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[4U];
-  compute_vector_u_d0(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_d0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
+                      r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -4940,12 +5061,14 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[4U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_2f(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_00(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
@@ -5584,11 +5707,14 @@ static KRML_MUSTINLINE void decrypt_unpacked_7d(
     IndCpaPrivateKeyUnpacked_af *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U];
-  deserialize_then_decompress_u_00(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_00(
+      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_ff(
-          Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
-                                          (size_t)1408U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)1568U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -5609,7 +5735,8 @@ with const generics
 static KRML_MUSTINLINE void decrypt_7d(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
-  deserialize_secret_key_d0(secret_key, secret_as_ntt);
+  deserialize_secret_key_d0(/* sˆ := Decode_12(sk) */ secret_key,
+                            secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[4U];
   memcpy(
@@ -5724,17 +5851,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_621(
   kdf_d8_60(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  kdf_d8_60(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
+  kdf_d8_60(shared_secret0, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_af(ciphertext),
       Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5929,9 +6056,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
-  H_f1_fd(Eurydice_array_to_subslice2(
-              private_key->value, (size_t)384U * (size_t)2U,
-              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
+  H_f1_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
+                                         on the types. We need to go to the
+                                         `value` directly. */
+                                      private_key->value,
+                                      (size_t)384U * (size_t)2U,
+                                      (size_t)768U * (size_t)2U + (size_t)32U,
+                                      uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
@@ -6381,6 +6512,10 @@ static KRML_MUSTINLINE void sample_from_xof_2b0(
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_64(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -6440,7 +6575,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b0(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (transpose) {
+        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -6586,7 +6721,11 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U,
+                   /* The semicolon and parentheses at the end of loop are a
+                      workaround for the following bug
+                      https://github.com/hacspec/hax/issues/720 */
+                   self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -6621,6 +6760,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -6696,7 +6837,10 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
     IndCpaPrivateKeyUnpacked_d4 *private_key,
     IndCpaPublicKeyUnpacked_d4 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_10(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_10(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
+                           ML-KEM */
+                        key_generation_seed,
+                        hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6726,8 +6870,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
       sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_a0(public_key->t_as_ntt, public_key->A,
-                       private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_a0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
+                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6752,11 +6896,13 @@ serialize_unpacked_secret_key_6d(IndCpaPublicKeyUnpacked_d4 *public_key,
                                  IndCpaPrivateKeyUnpacked_d4 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_86(
-      public_key->t_as_ntt,
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_64(private_key->secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_64(
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
+      secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6944,11 +7090,15 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f0(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_d4 *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
   deserialize_ring_elements_reduced_a0(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)768U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7074,7 +7224,10 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -7305,7 +7458,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
     IndCpaPublicKeyUnpacked_d4 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness,
+                                            prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -7318,6 +7475,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_400 uu____3 =
       sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0);
@@ -7326,7 +7484,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
       error_1, uu____3.fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -7334,9 +7492,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[2U];
-  compute_vector_u_a0(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_a0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
+                      r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -7345,12 +7505,14 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
                                 &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[2U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_6d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_86(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
@@ -7665,11 +7827,14 @@ static KRML_MUSTINLINE void decrypt_unpacked_d1(
     IndCpaPrivateKeyUnpacked_d4 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U];
-  deserialize_then_decompress_u_86(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_86(
+      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_64(
-          Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
-                                          (size_t)640U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)768U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -7690,7 +7855,8 @@ with const generics
 static KRML_MUSTINLINE void decrypt_d1(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
-  deserialize_secret_key_a0(secret_key, secret_as_ntt);
+  deserialize_secret_key_a0(/* sˆ := Decode_12(sk) */ secret_key,
+                            secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[2U];
   memcpy(
@@ -7793,17 +7959,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_620(
   kdf_d8_30(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  kdf_d8_30(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
+  kdf_d8_30(shared_secret0, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_d0(ciphertext),
       Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -7998,9 +8164,13 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
-  H_f1_e0(Eurydice_array_to_subslice2(
-              private_key->value, (size_t)384U * (size_t)3U,
-              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
+  H_f1_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
+                                         on the types. We need to go to the
+                                         `value` directly. */
+                                      private_key->value,
+                                      (size_t)384U * (size_t)3U,
+                                      (size_t)768U * (size_t)3U + (size_t)32U,
+                                      uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
@@ -8456,6 +8626,10 @@ static KRML_MUSTINLINE void sample_from_xof_2b1(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -8515,7 +8689,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b1(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (transpose) {
+        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -8650,7 +8824,11 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U,
+                   /* The semicolon and parentheses at the end of loop are a
+                      workaround for the following bug
+                      https://github.com/hacspec/hax/issues/720 */
+                   self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -8685,6 +8863,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -8760,7 +8940,10 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
     IndCpaPrivateKeyUnpacked_a0 *private_key,
     IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
+  cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
+                           ML-KEM */
+                        key_generation_seed,
+                        hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8790,8 +8973,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
       sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_1b(public_key->t_as_ntt, public_key->A,
-                       private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_1b(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
+                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -8816,11 +8999,13 @@ serialize_unpacked_secret_key_43(IndCpaPublicKeyUnpacked_a0 *public_key,
                                  IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_6c(
-      public_key->t_as_ntt,
+      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_89(private_key->secret_as_ntt, secret_key_serialized);
+  serialize_secret_key_89(
+      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
+      secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -9008,11 +9193,15 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f1(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_a0 *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
   deserialize_ring_elements_reduced_1b(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key,
+                                   (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -9106,7 +9295,10 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -9299,7 +9491,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
     IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness,
+                                            prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -9312,6 +9508,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_230 uu____3 =
       sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0);
@@ -9320,7 +9517,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -9328,9 +9525,11 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
-  compute_vector_u_1b(public_key->A, r_as_ntt, error_1, u);
+  compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
+                      r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -9339,12 +9538,14 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
                                 &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -9629,11 +9830,14 @@ static KRML_MUSTINLINE void decrypt_unpacked_42(
     IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
-  deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_6c(
+      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_89(
-          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
-                                          (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)1088U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -9654,7 +9858,8 @@ with const generics
 static KRML_MUSTINLINE void decrypt_42(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-  deserialize_secret_key_1b(secret_key, secret_as_ntt);
+  deserialize_secret_key_1b(/* sˆ := Decode_12(sk) */ secret_key,
+                            secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
@@ -9756,15 +9961,15 @@ void libcrux_ml_kem_ind_cca_decapsulate_62(
   kdf_d8_d6(Eurydice_array_to_slice((size_t)32U,
                                     implicit_rejection_shared_secret0, uint8_t),
             implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  kdf_d8_d6(shared_secret0, shared_secret1);
   uint8_t shared_secret[32U];
+  kdf_d8_d6(shared_secret0, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 33fff6338..012f00992 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 3101a818f..16a61b7e6 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 4e234ddec..23fa30cd5 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "internal/libcrux_sha3_avx2.h"
@@ -77,7 +77,8 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
 }
 
 static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) {
-  __m256i c0 = mm256_set1_epi64x((int64_t)c);
+  __m256i c0 = mm256_set1_epi64x(
+      (int64_t) /* Casting here is required, doesn't change the value. */ c);
   return mm256_xor_si256(a, c0);
 }
 
@@ -1430,13 +1431,13 @@ static KRML_MUSTINLINE void store_block_5b(__m256i (*s)[5U],
         s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
         __m256i);
-    __m256i v1h =
-        mm256_permute2x128_si256((int32_t)32,
-                                 s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
-                                  [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
-                                 s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
-                                  [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
-                                 __m256i);
+    __m256i v1h = mm256_permute2x128_si256(
+        (int32_t)32,
+        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+        __m256i);
     __m256i v2l = mm256_permute2x128_si256(
         (int32_t)49,
         s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
@@ -1747,7 +1748,16 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1,
                                    Eurydice_slice input2, Eurydice_slice input3,
                                    Eurydice_slice out0, Eurydice_slice out1,
                                    Eurydice_slice out2, Eurydice_slice out3) {
-  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
+  Eurydice_slice buf0[4U] = {
+      /* XXX: These functions could alternatively implement the same with the
+         portable implementation #[cfg(feature = "simd128")] { keccakx2::<136,
+         0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136,
+         0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136,
+         0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]);
+         keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136,
+         0x1fu8>([input3], [out3]); } */
+      input0,
+      input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
   keccak_fb(buf0, buf);
 }
@@ -1962,13 +1972,13 @@ static KRML_MUSTINLINE void store_block_3a(__m256i (*s)[5U],
         s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
         __m256i);
-    __m256i v1h =
-        mm256_permute2x128_si256((int32_t)32,
-                                 s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
-                                  [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
-                                 s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
-                                  [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
-                                 __m256i);
+    __m256i v1h = mm256_permute2x128_si256(
+        (int32_t)32,
+        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+        __m256i);
     __m256i v2l = mm256_permute2x128_si256(
         (int32_t)49,
         s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 7a6e0c8cb..645f80b34 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 7c140d2b8..74eeb47a3 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_sha3_internal_H
@@ -1811,6 +1811,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
@@ -2159,6 +2160,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
@@ -2507,6 +2509,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
@@ -2695,6 +2698,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
@@ -2813,6 +2817,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
@@ -3161,6 +3166,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index c16b77594..5e4416bcd 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #include "libcrux_sha3_neon.h"
@@ -62,6 +62,7 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
                                                    Eurydice_slice input1,
                                                    Eurydice_slice out0,
                                                    Eurydice_slice out1) {
+  /* TODO: make argument ordering consistent */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -72,6 +73,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
 */
 KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
 libcrux_sha3_neon_x2_incremental_init(void) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let s0 = KeccakState::new(); let s1 =
+   * KeccakState::new(); [s0, s1] } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -83,6 +87,10 @@ libcrux_sha3_neon_x2_incremental_init(void) {
 KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
+   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -96,6 +104,10 @@ KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_squeeze_first_three_blocks(&mut s0, out0);
+   * shake128_squeeze_first_three_blocks(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -109,6 +121,10 @@ KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_squeeze_next_block(&mut s0, out0);
+   * shake128_squeeze_next_block(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -132,6 +148,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks(
 KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
+   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 2f179ee38..6e264c84f 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 7f9506731..87bc90fed 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -102,11 +102,8 @@ pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        re.coefficients[round] = Vector::inv_ntt_layer_2_step(
-            re.coefficients[round],
-            zeta(*zeta_i),
-            zeta(*zeta_i - 1),
-        );
+        re.coefficients[round] =
+            Vector::inv_ntt_layer_2_step(re.coefficients[round], zeta(*zeta_i), zeta(*zeta_i - 1));
         *zeta_i -= 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs
index 1af827529..b9b33596d 100644
--- a/libcrux-ml-kem/src/mlkem512.rs
+++ b/libcrux-ml-kem/src/mlkem512.rs
@@ -4,17 +4,21 @@ use super::{constants::*, ind_cca::*, types::*, *};
 // Kyber 512 parameters
 const RANK_512: usize = 2;
 const RANKED_BYTES_PER_RING_ELEMENT_512: usize = RANK_512 * BITS_PER_RING_ELEMENT / 8;
-const T_AS_NTT_ENCODED_SIZE_512: usize = (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
+const T_AS_NTT_ENCODED_SIZE_512: usize =
+    (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
 const VECTOR_U_COMPRESSION_FACTOR_512: usize = 10;
-const C1_BLOCK_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_512) / 8;
+const C1_BLOCK_SIZE_512: usize =
+    (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_512) / 8;
 const C1_SIZE_512: usize = C1_BLOCK_SIZE_512 * RANK_512;
 const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4;
 const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8;
-const CPA_PKE_SECRET_KEY_SIZE_512: usize = (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
+const CPA_PKE_SECRET_KEY_SIZE_512: usize =
+    (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8;
 pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32;
 const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512;
 
-pub(crate) const SECRET_KEY_SIZE_512: usize = CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE;
+pub(crate) const SECRET_KEY_SIZE_512: usize =
+    CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE;
 
 const ETA1: usize = 3;
 const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64;
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index 973a6d945..fa08e35e5 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -114,11 +114,8 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        re.coefficients[round] = Vector::ntt_layer_2_step(
-            re.coefficients[round],
-            zeta(*zeta_i),
-            zeta(*zeta_i + 1),
-        );
+        re.coefficients[round] =
+            Vector::ntt_layer_2_step(re.coefficients[round], zeta(*zeta_i), zeta(*zeta_i + 1));
         *zeta_i += 1;
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
@@ -172,8 +169,7 @@ pub(crate) fn ntt_at_layer_3<Vector: Operations>(
         hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+3*3328)
                         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
-        re.coefficients[round] =
-            Vector::ntt_layer_3_step(re.coefficients[round], zeta(*zeta_i));
+        re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], zeta(*zeta_i));
         hax_lib::fstar!(
             "reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
             (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index cb6f0fe8b..5bad1d43a 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -213,7 +213,7 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     ///
     /// The NIST FIPS 203 standard can be found at
     /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-    
+
     // TODO: Remove or replace with something that works and is useful for the proof.
     // #[cfg_attr(hax, hax_lib::requires(
     //     hax_lib::forall(|i:usize|
@@ -229,7 +229,7 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     #[inline(always)]
     pub(crate) fn ntt_multiply(&self, rhs: &Self) -> Self {
         hax_lib::fstar!("admit ()");
-        
+
         let mut out = PolynomialRingElement::ZERO();
 
         for i in 0..VECTORS_IN_RING_ELEMENT {

From fbef3649fa222b800fc7dcc349855bcd7de48e36 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 18:47:29 +0000
Subject: [PATCH 055/142] c code refresh

---
 libcrux-ml-kem/cg/code_gen.txt                |   10 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   10 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   10 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 1378 ++++++++++++++---
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  302 +++-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   28 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |  104 +-
 7 files changed, 1463 insertions(+), 379 deletions(-)

diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 420446603..7e79f022e 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
-Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
-Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
-F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index b5a34d0e2..ca8a53171 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index ddf47bd96..5f693d09c 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index aa0858642..bb50d3eaf 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -171,11 +171,16 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16(
       LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i v_minus_field_modulus =
-      libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus);
+      libcrux_intrinsics_avx2_mm256_sub_epi16(/* Compute v_i - Q and crate a
+                                                 mask from the sign bit of each
+                                                 of these quantities. */
+                                              vector, field_modulus);
   __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16(
       (int32_t)15, v_minus_field_modulus, __m256i);
   __m256i conditional_add_field_modulus =
-      libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus);
+      libcrux_intrinsics_avx2_mm256_and_si256(/* If v_i - Q < 0 then add back Q
+                                                 to (v_i - Q). */
+                                              sign_mask, field_modulus);
   return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus,
                                                  conditional_add_field_modulus);
 }
@@ -557,6 +562,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
     __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
+  /* Compute the first term of the product */
   __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8(
       (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6,
       (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8,
@@ -564,8 +570,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2,
       (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4,
       (int8_t)1, (int8_t)0);
-  __m256i lhs_shuffled =
-      libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with);
+  __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      /* Prepare the left hand side */ lhs, shuffle_with);
   __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
       (int32_t)216, lhs_shuffled, __m256i);
   __m128i lhs_evens =
@@ -574,8 +580,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256(
       (int32_t)1, lhs_shuffled0, __m128i);
   __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds);
-  __m256i rhs_shuffled =
-      libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with);
+  __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      /* Prepare the right hand side */ rhs, shuffle_with);
   __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
       (int32_t)216, rhs_shuffled, __m256i);
   __m128i rhs_evens =
@@ -584,8 +590,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256(
       (int32_t)1, rhs_shuffled0, __m128i);
   __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds);
-  __m256i left =
-      libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0);
+  __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(
+      /* Start operating with them */ lhs_evens0, rhs_evens0);
   __m256i right =
       libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0);
   __m256i right0 =
@@ -600,7 +606,7 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
           products_left);
   __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      rhs,
+      /* Compute the second term of the product */ rhs,
       libcrux_intrinsics_avx2_mm256_set_epi8(
           (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8,
           (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6,
@@ -615,8 +621,10 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
           products_right);
   __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)16, products_right0, __m256i);
-  return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0,
-                                                   products_right1, __m256i);
+  return libcrux_intrinsics_avx2_mm256_blend_epi16(
+      (int32_t)170,
+      /* Combine them into one vector */ products_left0, products_right1,
+      __m256i);
 }
 
 /**
@@ -634,13 +642,60 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
     __m256i vector, uint8_t ret[2U]) {
-  __m256i lsb_to_msb =
-      libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i);
-  __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb);
+  __m256i lsb_to_msb = libcrux_intrinsics_avx2_mm256_slli_epi16(
+      (int32_t)15,
+      /* Suppose |vector| is laid out as follows (superscript number indicates
+         the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀
+         0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least
+         significant bit in each lane, move it to the most significant position
+         to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵
+         d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵
+         n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */
+      vector, __m256i);
+  __m128i low_msbs =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* Get the first 8 16-bit
+                                                       elements ... */
+                                                    lsb_to_msb);
   __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, lsb_to_msb, __m128i);
-  __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs);
-  int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs);
+      (int32_t)1,
+      /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i);
+  __m128i msbs =
+      libcrux_intrinsics_avx2_mm_packs_epi16(/* ... and then pack them into
+                                                8-bit values using signed
+                                                saturation. This function packs
+                                                all the |low_msbs|, and then the
+                                                high ones. low_msbs = a₀0¹⁵
+                                                b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵
+                                                g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵
+                                                j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵
+                                                o₀0¹⁵ p₀0¹⁵ We shifted by 15
+                                                above to take advantage of the
+                                                signed saturation performed by
+                                                mm_packs_epi16: - if the sign
+                                                bit of the 16-bit element being
+                                                packed is 1, the corresponding
+                                                8-bit element in |msbs| will be
+                                                0xFF. - if the sign bit of the
+                                                16-bit element being packed is
+                                                0, the corresponding 8-bit
+                                                element in |msbs| will be 0.
+                                                Thus, if, for example, a₀ = 1,
+                                                e₀ = 1, and p₀ = 1, and every
+                                                other bit is 0, after packing
+                                                into 8 bit value, |msbs| will
+                                                look like: 0xFF 0x00 0x00 0x00 |
+                                                0xFF 0x00 0x00 0x00 | 0x00 0x00
+                                                0x00 0x00 | 0x00 0x00 0x00 0xFF
+                                              */
+                                             low_msbs, high_msbs);
+  int32_t bits_packed =
+      libcrux_intrinsics_avx2_mm_movemask_epi8(/* Now that every element is
+                                                  either 0xFF or 0x00, we just
+                                                  extract the most significant
+                                                  bit from each element and
+                                                  collate them into two bytes.
+                                                */
+                                               msbs);
   uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)};
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
@@ -659,18 +714,63 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b) {
-  __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(
-      b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
-  __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(
-      coefficients, libcrux_intrinsics_avx2_mm256_set_epi16(
-                        (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U,
-                        (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U,
-                        (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U,
-                        (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U,
-                        (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U,
-                        (int16_t)-32768));
-  return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15,
-                                                  coefficients_in_msb, __m256i);
+  __m256i coefficients =
+      libcrux_intrinsics_avx2_mm256_set_epi16(/* We need to take each bit from
+                                                 the 2 bytes of input and put
+                                                 them into their own 16-bit
+                                                 lane. Ideally, we'd load the
+                                                 two bytes into the vector,
+                                                 duplicate them, and right-shift
+                                                 the 0th element by 0 bits, the
+                                                 first element by 1 bit, the
+                                                 second by 2 bits and so on
+                                                 before AND-ing with 0x1 to
+                                                 leave only the least
+                                                 signifinicant bit. But since
+                                                 |_mm256_srlv_epi16| does not
+                                                 exist, so we have to resort to
+                                                 a workaround. Rather than
+                                                 shifting each element by a
+                                                 different amount, we'll
+                                                 multiply each element by a
+                                                 value such that the bit we're
+                                                 interested in becomes the most
+                                                 significant bit. The
+                                                 coefficients are loaded as
+                                                 follows: */
+                                              b, b, b, b, b, b, b, b, a, a, a,
+                                              a, a, a, a, a);
+  __m256i coefficients_in_msb =
+      libcrux_intrinsics_avx2_mm256_mullo_epi16(/* And this vector, when
+                                                   multiplied with the previous
+                                                   one, ensures that the bit
+                                                   we'd like to keep in each
+                                                   lane becomes the most
+                                                   significant bit upon
+                                                   multiplication. */
+                                                coefficients,
+                                                libcrux_intrinsics_avx2_mm256_set_epi16(
+                                                    (int16_t)1 << 8U,
+                                                    (int16_t)1 << 9U,
+                                                    (int16_t)1 << 10U,
+                                                    (int16_t)1 << 11U,
+                                                    (int16_t)1 << 12U,
+                                                    (int16_t)1 << 13U,
+                                                    (int16_t)1 << 14U,
+                                                    (int16_t)-32768,
+                                                    (int16_t)1 << 8U,
+                                                    (int16_t)1 << 9U,
+                                                    (int16_t)1 << 10U,
+                                                    (int16_t)1 << 11U,
+                                                    (int16_t)1 << 12U,
+                                                    (int16_t)1 << 13U,
+                                                    (int16_t)1 << 14U,
+                                                    (int16_t)-32768));
+  return libcrux_intrinsics_avx2_mm256_srli_epi16(
+      (int32_t)15,
+      /* Now that they're all in the most significant bit position, shift them
+         down to the least significant bit. */
+      coefficients_in_msb, __m256i);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -685,7 +785,23 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
-      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(
+          bytes,
+          /* We need to take each bit from the 2 bytes of input and put them
+             into their own 16-bit lane. Ideally, we'd load the two bytes into
+             the vector, duplicate them, and right-shift the 0th element by 0
+             bits, the first element by 1 bit, the second by 2 bits and so on
+             before AND-ing with 0x1 to leave only the least signifinicant bit.
+             But since |_mm256_srlv_epi16| does not exist, so we have to resort
+             to a workaround. Rather than shifting each element by a different
+             amount, we'll multiply each element by a value such that the bit
+             we're interested in becomes the most significant bit. The
+             coefficients are loaded as follows: And this vector, when
+             multiplied with the previous one, ensures that the bit we'd like to
+             keep in each lane becomes the most significant bit upon
+             multiplication. Now that they're all in the most significant bit
+             position, shift them down to the least significant bit. */
+          (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
@@ -721,23 +837,70 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
     __m256i vector, uint8_t ret[8U]) {
   uint8_t serialized[16U] = {0U};
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector);
-  __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      adjacent_2_combined,
-      libcrux_intrinsics_avx2_mm256_set_epi8(
-          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0,
-          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0));
-  __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
-      adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32(
-                               (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
-                               (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
+          4U,
+          /* If |vector| is laid out as follows: 0x000A 0x000B 0x000C 0x000D |
+             0x000E 0x000F 0x000G 0x000H | .... |adjacent_2_combined| will be
+             laid out as a series of 32-bit integeres, as follows: 0x00_00_00_BA
+             0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */
+          vector);
+  __m256i adjacent_8_combined =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* Recall that
+                                                    |adjacent_2_combined| goes
+                                                    as follows: 0x00_00_00_BA
+                                                    0x00_00_00_DC |
+                                                    0x00_00_00_FE 0x00_00_00_HG
+                                                    | ... Out of this, we only
+                                                    need the first byte, the 4th
+                                                    byte, the 8th byte and so on
+                                                    from the bottom and the top
+                                                    128 bits. */
+                                                 adjacent_2_combined,
+                                                 libcrux_intrinsics_avx2_mm256_set_epi8(
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)12, (int8_t)8,
+                                                     (int8_t)4, (int8_t)0,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)12, (int8_t)8,
+                                                     (int8_t)4, (int8_t)0));
+  __m256i combined =
+      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(/* |adjacent_8_combined|
+                                                            looks like this: 0:
+                                                            0xHG_FE_DC_BA 1:
+                                                            0x00_00_00_00 | 2:
+                                                            0x00_00_00_00 3:
+                                                            0x00_00_00_00 | 4:
+                                                            0xPO_NM_LK_JI ....
+                                                            We put the element
+                                                            at 4 after the
+                                                            element at 0 ... */
+                                                         adjacent_8_combined,
+                                                         libcrux_intrinsics_avx2_mm256_set_epi32(
+                                                             (int32_t)0,
+                                                             (int32_t)0,
+                                                             (int32_t)0,
+                                                             (int32_t)0,
+                                                             (int32_t)0,
+                                                             (int32_t)0,
+                                                             (int32_t)4,
+                                                             (int32_t)0));
   __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
-      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
+      Eurydice_array_to_slice(
+          (size_t)16U,
+          /* ... so that we can read them out in one go. */ serialized,
+          uint8_t),
+      combined0);
   uint8_t ret0[8U];
   Result_15 dst;
   Eurydice_slice_to_array2(
@@ -763,8 +926,33 @@ static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
     int16_t b6, int16_t b7) {
-  __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(
-      b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0);
+  __m256i coefficients =
+      libcrux_intrinsics_avx2_mm256_set_epi16(/* Every 4 bits from each byte of
+                                                 input should be put into its
+                                                 own 16-bit lane. Since
+                                                 |_mm256_srlv_epi16| does not
+                                                 exist, we have to resort to a
+                                                 workaround. Rather than
+                                                 shifting each element by a
+                                                 different amount, we'll
+                                                 multiply each element by a
+                                                 value such that the bits we're
+                                                 interested in become the most
+                                                 significant bits (of an 8-bit
+                                                 value). In this lane, the 4
+                                                 bits we need to put are already
+                                                 the most significant bits of
+                                                 |bytes[7]| (that is, b7). */
+                                              b7,
+                                              /* In this lane, the 4 bits we
+                                                 need to put are the least
+                                                 significant bits, so we need to
+                                                 shift the 4 least-significant
+                                                 bits of |b7| to the most
+                                                 significant bits (of an 8-bit
+                                                 value). */
+                                              b7, b6, b6, b5, b5, b4, b4, b3,
+                                              b3, b2, b2, b1, b1, b0, b0);
   __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(
       coefficients, libcrux_intrinsics_avx2_mm256_set_epi16(
                         (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
@@ -774,10 +962,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
                         (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
                         (int16_t)1 << 4U));
   __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16(
-      (int32_t)4, coefficients_in_msb, __m256i);
+      (int32_t)4,
+      /* Once the 4-bit coefficients are in the most significant positions (of
+         an 8-bit value), shift them all down by 4. */
+      coefficients_in_msb, __m256i);
   return libcrux_intrinsics_avx2_mm256_and_si256(
-      coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16(
-                               ((int16_t)1 << 4U) - (int16_t)1));
+      /* Zero the remaining bits. */ coefficients_in_lsb,
+      libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) -
+                                               (int16_t)1));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -794,7 +986,23 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
-      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(
+          bytes,
+          /* Every 4 bits from each byte of input should be put into its own
+             16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to
+             resort to a workaround. Rather than shifting each element by a
+             different amount, we'll multiply each element by a value such that
+             the bits we're interested in become the most significant bits (of
+             an 8-bit value). In this lane, the 4 bits we need to put are
+             already the most significant bits of |bytes[7]| (that is, b7). In
+             this lane, the 4 bits we need to put are the least significant
+             bits, so we need to shift the 4 least-significant bits of |b7| to
+             the most significant bits (of an 8-bit value). These constants are
+             chosen to shift the bits of the values that we loaded into
+             |coefficients|. Once the 4-bit coefficients are in the most
+             significant positions (of an 8-bit value), shift them all down
+             by 4. Zero the remaining bits. */
+          (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
@@ -818,35 +1026,106 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
     __m256i vector, uint8_t ret[10U]) {
   uint8_t serialized[32U] = {0U};
-  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16(
-      vector, libcrux_intrinsics_avx2_mm256_set_epi16(
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1));
-  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
-      adjacent_2_combined,
-      libcrux_intrinsics_avx2_mm256_set_epi32(
-          (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0,
-          (int32_t)22, (int32_t)0, (int32_t)22));
+  __m256i adjacent_2_combined =
+      libcrux_intrinsics_avx2_mm256_madd_epi16(/* If |vector| is laid out as
+                                                  follows (superscript number
+                                                  indicates the corresponding
+                                                  bit is duplicated that many
+                                                  times): 0¹¹a₄a₃a₂a₁a₀
+                                                  0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀
+                                                  0¹¹d₄d₃d₂d₁d₀ | ↩
+                                                  0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀
+                                                  0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ |
+                                                  ↩ |adjacent_2_combined| will
+                                                  be laid out as a series of
+                                                  32-bit integers, as follows:
+                                                  0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
+                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
+                                                  0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
+                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
+                                                  .... */
+                                               vector,
+                                               libcrux_intrinsics_avx2_mm256_set_epi16(
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U, (int16_t)1,
+                                                   (int16_t)1 << 5U,
+                                                   (int16_t)1));
+  __m256i adjacent_4_combined =
+      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Recall that
+                                                  |adjacent_2_combined| is laid
+                                                  out as follows:
+                                                  0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
+                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
+                                                  0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
+                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
+                                                  .... This shift results in:
+                                                  b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²²
+                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
+                                                  f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²²
+                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
+                                                  .... */
+                                               adjacent_2_combined,
+                                               libcrux_intrinsics_avx2_mm256_set_epi32(
+                                                   (int32_t)0, (int32_t)22,
+                                                   (int32_t)0, (int32_t)22,
+                                                   (int32_t)0, (int32_t)22,
+                                                   (int32_t)0, (int32_t)22));
   __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
-      (int32_t)22, adjacent_4_combined, __m256i);
+      (int32_t)22,
+      /* |adjacent_4_combined|, when viewed as 64-bit lanes, is:
+         0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩
+         0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift
+         down by 22 bits to remove the least significant 0 bits that aren't part
+         of the bits we need. */
+      adjacent_4_combined, __m256i);
   __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
-      (int32_t)8, adjacent_4_combined0, __m256i);
-  __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32(
-      adjacent_8_combined,
-      libcrux_intrinsics_avx2_mm256_set_epi32(
-          (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0,
-          (int32_t)0, (int32_t)0, (int32_t)12));
+      (int32_t)8,
+      /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks
+         like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³²
+         2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to
+         read out the bytes in one go, we need to shifts the bits in position 2
+         to position 1 in each 128-bit lane. */
+      adjacent_4_combined0, __m256i);
+  __m256i adjacent_8_combined0 =
+      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* |adjacent_8_combined|, when
+                                                  viewed as a set of 32-bit
+                                                  values, now looks like:
+                                                  0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
+                                                  0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
+                                                  0³² 0³² | ↩ Once again, we
+                                                  line these bits up by shifting
+                                                  the up values at indices 0 and
+                                                  5 by 12, viewing the resulting
+                                                  register as a set of 64-bit
+                                                  values, and then shifting down
+                                                  the 64-bit values by 12 bits.
+                                                */
+                                               adjacent_8_combined,
+                                               libcrux_intrinsics_avx2_mm256_set_epi32(
+                                                   (int32_t)0, (int32_t)0,
+                                                   (int32_t)0, (int32_t)12,
+                                                   (int32_t)0, (int32_t)0,
+                                                   (int32_t)0, (int32_t)12));
   __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64(
       (int32_t)12, adjacent_8_combined0, __m256i);
   __m128i lower_8 =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 40 bits
+                                                       starting at position 0 in
+                                                       the lower 128-bit lane,
+                                                       ... */
+                                                    adjacent_8_combined1);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
       lower_8);
   __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, adjacent_8_combined1, __m128i);
+      (int32_t)1,
+      /* ... and the second 40 bits at position 0 in the upper 128-bit lane */
+      adjacent_8_combined1, __m128i);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
@@ -952,27 +1231,87 @@ static inline core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
     __m256i vector) {
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector);
-  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
-      adjacent_2_combined,
-      libcrux_intrinsics_avx2_mm256_set_epi32(
-          (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0,
-          (int32_t)12, (int32_t)0, (int32_t)12));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
+          10U,
+          /* If |vector| is laid out as follows (superscript number indicates
+             the corresponding bit is duplicated that many times):
+             0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
+             0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩
+             0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
+             0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ...
+             |adjacent_2_combined| will be laid out as a series of 32-bit
+             integers, as follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+             0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
+             0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+             0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... */
+          vector);
+  __m256i adjacent_4_combined =
+      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Shifting up the values at the
+                                                  even indices by 12, we get:
+                                                  b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                                                  0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                  | ↩
+                                                  f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                                                  0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                  | ↩ ... */
+                                               adjacent_2_combined,
+                                               libcrux_intrinsics_avx2_mm256_set_epi32(
+                                                   (int32_t)0, (int32_t)12,
+                                                   (int32_t)0, (int32_t)12,
+                                                   (int32_t)0, (int32_t)12,
+                                                   (int32_t)0, (int32_t)12));
   __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
-      (int32_t)12, adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      adjacent_4_combined0,
-      libcrux_intrinsics_avx2_mm256_set_epi8(
-          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-          (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8,
-          (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1,
-          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-          (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
-          (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
+      (int32_t)12,
+      /* Viewing this as a set of 64-bit integers we get:
+         0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+         | ↩
+         0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+         | ↩ ... Shifting down by 12 gives us:
+         0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+         | ↩
+         0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+         | ↩ ... */
+      adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* |adjacent_4_combined|, when
+                                                    the bottom and top 128
+                                                    bit-lanes are grouped into
+                                                    bytes, looks like:
+                                                    0₇0₆0₅B₄B₃B₂B₁B₀ | ↩
+                                                    0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩
+                                                    In each 128-bit lane, we
+                                                    want to put bytes 8, 9, 10,
+                                                    11, 12 after bytes 0, 1, 2,
+                                                    3 to allow for sequential
+                                                    reading. */
+                                                 adjacent_4_combined0,
+                                                 libcrux_intrinsics_avx2_mm256_set_epi8(
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)12, (int8_t)11,
+                                                     (int8_t)10, (int8_t)9,
+                                                     (int8_t)8, (int8_t)4,
+                                                     (int8_t)3, (int8_t)2,
+                                                     (int8_t)1, (int8_t)0,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)-1, (int8_t)-1,
+                                                     (int8_t)12, (int8_t)11,
+                                                     (int8_t)10, (int8_t)9,
+                                                     (int8_t)8, (int8_t)4,
+                                                     (int8_t)3, (int8_t)2,
+                                                     (int8_t)1, (int8_t)0));
   __m128i lower_8 =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 64 bits
+                                                       starting at position 0 in
+                                                       the lower 128-bit lane,
+                                                       ... */
+                                                    adjacent_8_combined);
   __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, adjacent_8_combined, __m128i);
+      (int32_t)1,
+      /* and 64 bits starting at position 0 in the upper 128-bit lane. */
+      adjacent_8_combined, __m128i);
   return (
       CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8});
 }
@@ -981,8 +1320,167 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
     __m256i vector, uint8_t ret[20U]) {
   core_core_arch_x86___m128i_x2 uu____0 =
-      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
-          vector);
+      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(/* If
+                                                                            |vector|
+                                                                            is
+                                                                            laid
+                                                                            out
+                                                                            as
+                                                                            follows
+                                                                            (superscript
+                                                                            number
+                                                                            indicates
+                                                                            the
+                                                                            corresponding
+                                                                            bit
+                                                                            is
+                                                                            duplicated
+                                                                            that
+                                                                            many
+                                                                            times):
+                                                                            0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                                                                            0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
+                                                                            0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                                            0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀
+                                                                            | ↩
+                                                                            0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                                                                            0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
+                                                                            0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                                            0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀
+                                                                            | ↩
+                                                                            ...
+                                                                            |adjacent_2_combined|
+                                                                            will
+                                                                            be
+                                                                            laid
+                                                                            out
+                                                                            as a
+                                                                            series
+                                                                            of
+                                                                            32-bit
+                                                                            integers,
+                                                                            as
+                                                                            follows:
+                                                                            0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                                            | ↩
+                                                                            0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                                            | ↩
+                                                                            ....
+                                                                            Shifting
+                                                                            up
+                                                                            the
+                                                                            values
+                                                                            at
+                                                                            the
+                                                                            even
+                                                                            indices
+                                                                            by
+                                                                            12,
+                                                                            we
+                                                                            get:
+                                                                            b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
+                                                                            | ↩
+                                                                            f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
+                                                                            | ↩
+                                                                            ...
+                                                                            Viewing
+                                                                            this
+                                                                            as a
+                                                                            set
+                                                                            of
+                                                                            64-bit
+                                                                            integers
+                                                                            we
+                                                                            get:
+                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
+                                                                            | ↩
+                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
+                                                                            | ↩
+                                                                            ...
+                                                                            Shifting
+                                                                            down
+                                                                            by
+                                                                            12
+                                                                            gives
+                                                                            us:
+                                                                            0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
+                                                                            | ↩
+                                                                            0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
+                                                                            | ↩
+                                                                            ...
+                                                                            |adjacent_4_combined|,
+                                                                            when
+                                                                            the
+                                                                            bottom
+                                                                            and
+                                                                            top
+                                                                            128
+                                                                            bit-lanes
+                                                                            are
+                                                                            grouped
+                                                                            into
+                                                                            bytes,
+                                                                            looks
+                                                                            like:
+                                                                            0₇0₆0₅B₄B₃B₂B₁B₀
+                                                                            | ↩
+                                                                            0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈
+                                                                            | ↩
+                                                                            In
+                                                                            each
+                                                                            128-bit
+                                                                            lane,
+                                                                            we
+                                                                            want
+                                                                            to
+                                                                            put
+                                                                            bytes
+                                                                            8,
+                                                                            9,
+                                                                            10,
+                                                                            11,
+                                                                            12
+                                                                            after
+                                                                            bytes
+                                                                            0,
+                                                                            1,
+                                                                            2, 3
+                                                                            to
+                                                                            allow
+                                                                            for
+                                                                            sequential
+                                                                            reading.
+                                                                            We
+                                                                            now
+                                                                            have
+                                                                            64
+                                                                            bits
+                                                                            starting
+                                                                            at
+                                                                            position
+                                                                            0 in
+                                                                            the
+                                                                            lower
+                                                                            128-bit
+                                                                            lane,
+                                                                            ...
+                                                                            and
+                                                                            64
+                                                                            bits
+                                                                            starting
+                                                                            at
+                                                                            position
+                                                                            0 in
+                                                                            the
+                                                                            upper
+                                                                            128-bit
+                                                                            lane.
+                                                                          */
+                                                                         vector);
   __m128i lower_8 = uu____0.fst;
   __m128i upper_8 = uu____0.snd;
   uint8_t serialized[32U] = {0U};
@@ -1038,16 +1536,20 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
                         (int16_t)1 << 6U));
   __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16(
       (int32_t)6, coefficients0, __m256i);
-  return libcrux_intrinsics_avx2_mm256_and_si256(
-      coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16(
-                         ((int16_t)1 << 10U) - (int16_t)1));
+  return libcrux_intrinsics_avx2_mm256_and_si256(/* Here I can prove this `and`
+                                                    is not useful */
+                                                 coefficients1,
+                                                 libcrux_intrinsics_avx2_mm256_set1_epi16(
+                                                     ((int16_t)1 << 10U) -
+                                                     (int16_t)1));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
-  Eurydice_slice lower_coefficients =
-      Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t);
+  Eurydice_slice lower_coefficients = Eurydice_slice_subslice2(
+      /* Here I can prove this `and` is not useful */ bytes, (size_t)0U,
+      (size_t)16U, uint8_t);
   Eurydice_slice upper_coefficients =
       Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t);
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -1233,28 +1735,70 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input,
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16(
       LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i potential_coefficients =
-      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input);
+      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can
+                                                             be interpreted as a
+                                                             sequence of
+                                                             serialized 12-bit
+                                                             (i.e. uncompressed)
+                                                             coefficients. Not
+                                                             all coefficients
+                                                             may be less than
+                                                             FIELD_MODULUS
+                                                             though. */
+                                                          input);
   __m256i compare_with_field_modulus =
-      libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus,
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi16(/* Suppose we view
+                                                   |potential_coefficients| as
+                                                   follows (grouping 64-bit
+                                                   elements): A B C D | E F G H
+                                                   | .... and A < 3329, D < 3329
+                                                   and H < 3329,
+                                                   |compare_with_field_modulus|
+                                                   will look like: 0xFF 0 0 0xFF
+                                                   | 0 0 0 0xFF | ... */
+                                                field_modulus,
                                                 potential_coefficients);
   uint8_t good[2U];
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus,
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each
+                                                      lane is either 0 or 1, we
+                                                      only need one bit from
+                                                      each lane in the register
+                                                      to tell us what
+                                                      coefficients to keep and
+                                                      what to throw-away.
+                                                      Combine all the bits
+                                                      (there are 16) into two
+                                                      bytes. */
+                                                   compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
   memcpy(lower_shuffles,
+         /* Each bit (and its corresponding position) represents an element we
+            want to sample. We'd like all such elements to be next to each other
+            starting at index 0, so that they can be read from the vector
+            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
+            shuffling indices needed to make this happen. For e.g. if good[0] =
+            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
+            lane to the first. To do this, we need the byte-level shuffle
+            indices to be 2 3 X X X X ... */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[0U]],
          (size_t)16U * sizeof(uint8_t));
-  __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
-      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
+  __m128i lower_shuffles0 =
+      libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice(
+          (size_t)16U,
+          /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
+          uint8_t));
   __m128i lower_coefficients =
       libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients);
   __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
       lower_coefficients, lower_shuffles0);
-  libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0);
+  libcrux_intrinsics_avx2_mm_storeu_si128(
+      /* ... then write them out ... */ output, lower_coefficients0);
   size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]);
   uint8_t upper_shuffles[16U];
   memcpy(upper_shuffles,
+         /* Do the same for |goood[1]| */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[1U]],
          (size_t)16U * sizeof(uint8_t));
@@ -1435,7 +1979,9 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)10);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- */
+                                                    vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1445,11 +1991,15 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)10, decompressed_low1, __m256i);
+      (int32_t)10,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1459,13 +2009,29 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)10, decompressed_high1, __m256i);
+      (int32_t)10,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      decompressed_low3, decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                decompressed_low3,
+                                                decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -1531,7 +2097,9 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)11);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- */
+                                                    vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1541,11 +2109,15 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)11, decompressed_low1, __m256i);
+      (int32_t)11,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1555,13 +2127,29 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)11, decompressed_high1, __m256i);
+      (int32_t)11,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      decompressed_low3, decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                decompressed_low3,
+                                                decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -1665,7 +2253,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -1676,7 +2270,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
           libcrux_ml_kem_ntt_ntt_layer_int_vec_step_61(
               re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
       __m256i y = uu____0.snd;
       re->coefficients[j] = x;
@@ -1699,8 +2293,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_61(
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(
-        re->coefficients[round],
-        libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+        re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
   }
 }
 
@@ -1718,8 +2311,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_61(
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
-        re->coefficients[round], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-        libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U));
+        re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+        libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
   }
 }
@@ -1738,10 +2331,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_61(
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
-        re->coefficients[round], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-        libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U),
-        libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U),
-        libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U));
+        re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+        libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
+        libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
+        libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U));
     zeta_i[0U] = zeta_i[0U] + (size_t)3U;
   }
 }
@@ -1761,7 +2354,11 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     self->coefficients[i0] =
         libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
@@ -1858,7 +2455,9 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)4);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- */
+                                                    vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1868,11 +2467,15 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)4, decompressed_low1, __m256i);
+      (int32_t)4,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1882,13 +2485,29 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)4, decompressed_high1, __m256i);
+      (int32_t)4,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      decompressed_low3, decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                decompressed_low3,
+                                                decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -1949,7 +2568,9 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)5);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- */
+                                                    vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1959,11 +2580,15 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)5, decompressed_low1, __m256i);
+      (int32_t)5,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1973,13 +2598,29 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)5, decompressed_high1, __m256i);
+      (int32_t)5,
+      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
+         support for const generic expressions. */
+      decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      decompressed_low3, decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                decompressed_low3,
+                                                decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -2062,13 +2703,13 @@ libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
     size_t i0 = i;
     out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09(
         &self->coefficients[i0], &rhs->coefficients[i0],
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0),
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                           (size_t)1U),
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                           (size_t)2U),
-        libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                           (size_t)3U));
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                       (size_t)1U),
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                       (size_t)2U),
+        libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                       (size_t)3U));
   }
   return out;
 }
@@ -2089,9 +2730,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
-                              __m256i);
+       i <
+       Eurydice_slice_len(Eurydice_array_to_slice(
+                              (size_t)16U,
+                              /* The semicolon and parentheses at the end of
+                                 loop are a workaround for the following bug
+                                 https://github.com/hacspec/hax/issues/720 */
+                              self->coefficients, __m256i),
+                          __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -2114,11 +2760,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
         libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
-            re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U));
+            re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U));
     zeta_i[0U] = zeta_i[0U] - (size_t)3U;
   }
 }
@@ -2138,9 +2783,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
         libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(
-            re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U));
+            re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
   }
 }
@@ -2161,7 +2805,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(
     re->coefficients[round] =
         libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(
             re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
   }
 }
 
@@ -2196,7 +2840,13 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2209,7 +2859,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
           libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(
               re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
       __m256i y = uu____0.snd;
       re->coefficients[j] = x;
@@ -2228,7 +2878,10 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U);
@@ -2423,11 +3076,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(/* u :=
+                                                             Decompress_q(Decode_{d_u}(c),
+                                                             d_u) */
+                                                          ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
-          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
-                                          (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)1088U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       libcrux_ml_kem_matrix_compute_message_ab(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
@@ -2450,7 +3108,8 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_2f(
     Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
+      /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -2999,6 +3658,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -3065,7 +3728,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_6c(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-      if (transpose) {
+      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -3087,12 +3750,15 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_fa(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
         *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -3362,7 +4028,12 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U; i < step; i++) {
+  for (size_t i = (size_t)0U;
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       step;
+       i++) {
     size_t j = i;
     __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
         re->coefficients[j + step], (int16_t)-1600);
@@ -3383,7 +4054,10 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_61(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_61(/* Due to the small coefficient bound, we
+                                          can skip the first round of Montgomery
+                                          reductions. */
+                                       re);
   size_t zeta_i = (size_t)1U;
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
@@ -3594,7 +4268,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -3717,8 +4395,26 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
-                                                    &message->coefficients[i0]);
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(
+        self->coefficients
+            [/* FIXME: Eurydice crashes with: Warning 11: in top-level
+                declaration
+                libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
+                this expression is not Low*; the enclosing function cannot be
+                translated into C*: let mutable ret(Mark.Present,(Mark.AtMost
+                2), ): int16_t[16size_t] = $any in
+                libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
+                ((@9:
+                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
+                &(((@8:
+                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
+                @0; @0 Warning 11 is fatal, exiting. On the following code:
+                ```rust result.coefficients[i] =
+                Vector::barrett_reduce(Vector::add( coefficient_normal_form,
+                &Vector::add(self.coefficients[i], &message.coefficients[i]),
+                )); ``` */
+             i0],
+        &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
@@ -3776,9 +4472,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- Take
+                                                       the bottom 128 bits, i.e.
+                                                       the first 8 16-bit
+                                                       coefficients */
+                                                    vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
+                                                      = A
+                                                      coefficients_low[16:31] =
+                                                      B coefficients_low[32:63]
+                                                      = C and so on ... after
+                                                      this step:
+                                                      coefficients_low[0:31] = A
+                                                      coefficients_low[32:63] =
+                                                      B and so on ... */
+                                                   coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)10, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -3787,11 +4497,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3, compressed_low1, __m256i);
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -3805,10 +4521,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      compressed_low3, compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                compressed_low3,
+                                                compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -3872,9 +4601,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- Take
+                                                       the bottom 128 bits, i.e.
+                                                       the first 8 16-bit
+                                                       coefficients */
+                                                    vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
+                                                      = A
+                                                      coefficients_low[16:31] =
+                                                      B coefficients_low[32:63]
+                                                      = C and so on ... after
+                                                      this step:
+                                                      coefficients_low[0:31] = A
+                                                      coefficients_low[32:63] =
+                                                      B and so on ... */
+                                                   coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)11, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -3883,11 +4626,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3, compressed_low1, __m256i);
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -3901,10 +4650,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      compressed_low3, compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                compressed_low3,
+                                                compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -4020,9 +4782,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- Take
+                                                       the bottom 128 bits, i.e.
+                                                       the first 8 16-bit
+                                                       coefficients */
+                                                    vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
+                                                      = A
+                                                      coefficients_low[16:31] =
+                                                      B coefficients_low[32:63]
+                                                      = C and so on ... after
+                                                      this step:
+                                                      coefficients_low[0:31] = A
+                                                      coefficients_low[32:63] =
+                                                      B and so on ... */
+                                                   coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)4, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4031,11 +4807,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3, compressed_low1, __m256i);
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4049,10 +4831,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      compressed_low3, compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                compressed_low3,
+                                                compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -4083,7 +4878,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_d1(
         libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
@@ -4115,9 +4914,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
+                                                       coefficients ---- Take
+                                                       the bottom 128 bits, i.e.
+                                                       the first 8 16-bit
+                                                       coefficients */
+                                                    vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
+                                                      = A
+                                                      coefficients_low[16:31] =
+                                                      B coefficients_low[32:63]
+                                                      = C and so on ... after
+                                                      this step:
+                                                      coefficients_low[0:31] = A
+                                                      coefficients_low[32:63] =
+                                                      B and so on ... */
+                                                   coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)5, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4126,11 +4939,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3, compressed_low1, __m256i);
+      (int32_t)3,
+      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
+         just need to shift right by 35 - 32 = 3 more. */
+      compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1, vector, __m128i);
+      (int32_t)1,
+      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
+         i.e. the next 8 16-bit coefficients */
+      vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4144,10 +4963,23 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
-      compressed_low3, compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
-                                                         compressed, __m256i);
+  __m256i compressed =
+      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
+                                                   each set of 64-bits, this
+                                                   function results in: 0: low
+                                                   low low low | 1: high high
+                                                   high high | 2: low low low
+                                                   low | 3: high high high high
+                                                   where each |low| and |high|
+                                                   is a 16-bit element */
+                                                compressed_low3,
+                                                compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
+      (int32_t)216,
+      /* To be in the right order, we need to move the |low|s above in position
+         2 to position 1 and the |high|s in position 1 to position 2, and leave
+         the rest unchanged. */
+      compressed, __m256i);
 }
 
 /**
@@ -4178,7 +5010,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_f4(
         libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
@@ -4270,7 +5106,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -4283,6 +5122,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_230 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(
       copy_of_prf_input, domain_separator0);
@@ -4291,7 +5131,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
@@ -4299,10 +5139,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_ab(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */
+                                            public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
@@ -4312,12 +5154,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -4460,17 +5304,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a1(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_ae(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
+  libcrux_ml_kem_variant_kdf_d8_ae(shared_secret0, ciphertext, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -4810,11 +5654,18 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_traits_to_standard_domain_61(
-            self->coefficients[j]);
+            self->coefficients[/* The coefficients are of the form aR^{-1} mod
+                                  q, which means calling to_montgomery_domain()
+                                  on them should return a mod q. */
+                               j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -4845,6 +5696,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
         libcrux_ml_kem_polynomial_ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
@@ -4925,7 +5778,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
+                                                  := G(d || K) for ML-KEM */
+                                               key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -4958,8 +5813,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_matrix_compute_As_plus_e_ab(
-      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
-      error_as_ntt);
+      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
+      private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -5095,12 +5950,18 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
-      public_key->t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
-      public_key_serialized);
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ
+                                                    mod^{+}q) || ρ) */
+                                                 public_key->t_as_ntt,
+                                                 Eurydice_array_to_slice(
+                                                     (size_t)32U,
+                                                     public_key->seed_for_A,
+                                                     uint8_t),
+                                                 public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(private_key->secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q)
+                                                  */
+                                                 private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -5442,17 +6303,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_a10(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_ae(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
+  libcrux_ml_kem_variant_kdf_33_ae(shared_secret0, ciphertext, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5772,7 +6633,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
+                                                  := G(d || K) for ML-KEM */
+                                               key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5805,8 +6668,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_matrix_compute_As_plus_e_ab(
-      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
-      error_as_ntt);
+      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
+      private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -5971,7 +6834,10 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
-      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
+      Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
+                                     the types. We need to go to the `value`
+                                     directly. */
+                                  private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
       t);
@@ -6931,6 +7797,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b3(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -6998,7 +7868,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b3(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-      if (transpose) {
+      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -7021,12 +7891,15 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
         *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7061,7 +7934,10 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(
   Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
   Eurydice_slice implicit_rejection_value = uu____0.f3;
   Eurydice_slice uu____1 = Eurydice_array_to_slice(
-      (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      (size_t)3U,
+      /* XXX: We need to copy_from_slice here because karamel can't handle the
+         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
+      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U];
   libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, ret);
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 519b51565..7a9446452 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -87,7 +87,7 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] =
      (int16_t)-108,  (int16_t)-308,  (int16_t)996,   (int16_t)991,
      (int16_t)958,   (int16_t)-1460, (int16_t)1522,  (int16_t)1628};
 
-static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) {
+static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_zeta(size_t i) {
   return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i];
 }
 
@@ -1235,11 +1235,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
 static inline uint8_t
 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
     uint16_t fe) {
-  int16_t shifted = (int16_t)1664 - (int16_t)fe;
-  int16_t mask = shifted >> 15U;
+  int16_t shifted =
+      (int16_t)1664 -
+      (int16_t) /* The approach used here is inspired by:
+                   https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
+                   If 833 <= fe <= 2496, then -832 <= shifted <= 831 */
+      fe;
+  int16_t mask =
+      /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) =
+         -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive
+         <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so
+         if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */
+      shifted
+
+      >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 = shifted_positive_in_range >> 15U;
+  int16_t r0 =
+      /* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means the
+         most significant bit of shifted_positive_in_range will be 1. */
+      shifted_positive_in_range
+
+      >> 15U;
   int16_t r1 = r0 & (int16_t)1;
   return (uint8_t)r1;
 }
@@ -1276,7 +1293,16 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
 static inline int16_t
 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
     uint8_t coefficient_bits, uint16_t fe) {
-  uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
+  uint64_t compressed =
+      (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits
+                    == 5 || coefficient_bits == 10 || coefficient_bits == 11 );
+                    hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to
+                    be constant time due to:
+                    https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
+                  */
+      fe
+
+      << (uint32_t)coefficient_bits;
   compressed = compressed + 1664ULL;
   compressed = compressed * 10321340ULL;
   compressed = compressed >> 35U;
@@ -2878,7 +2904,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2889,7 +2921,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
           libcrux_ml_kem_ntt_ntt_layer_int_vec_step_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
       re->coefficients[j] = x;
@@ -2913,7 +2945,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
             re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
     re->coefficients[round] = uu____0;
   }
 }
@@ -2932,9 +2964,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8c(
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] =
         libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
-            re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U));
+            re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
   }
 }
@@ -2953,11 +2984,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_8c(
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] =
         libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
-            re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U));
+            re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U));
     zeta_i[0U] = zeta_i[0U] + (size_t)3U;
   }
 }
@@ -2976,7 +3006,11 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -3222,13 +3256,13 @@ libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_ntt_multiply_0d(
             &self->coefficients[i0], &rhs->coefficients[i0],
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0),
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                               (size_t)1U),
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                               (size_t)2U),
-            libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 +
-                                               (size_t)3U));
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                           (size_t)1U),
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                           (size_t)2U),
+            libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
+                                           (size_t)3U));
     out.coefficients[i0] = uu____0;
   }
   return out;
@@ -3251,7 +3285,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U,
+                   /* The semicolon and parentheses at the end of loop are a
+                      workaround for the following bug
+                      https://github.com/hacspec/hax/issues/720 */
+                   self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -3277,11 +3315,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
         libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
-            re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U));
+            re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U));
     zeta_i[0U] = zeta_i[0U] - (size_t)3U;
   }
 }
@@ -3300,9 +3337,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
         libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
-            re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]),
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U));
+            re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
   }
 }
@@ -3322,7 +3358,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
             re->coefficients[round],
-            libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+            libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
     re->coefficients[round] = uu____0;
   }
 }
@@ -3360,7 +3396,13 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
+  for (size_t i0 = (size_t)0U;
+       i0 < (size_t)128U >>
+       (uint32_t) /* The semicolon and parentheses at the end of loop are a
+                     workaround for the following bug
+                     https://github.com/hacspec/hax/issues/720 */
+       layer;
+       i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3373,7 +3415,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
           libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c(
               re->coefficients[j], re->coefficients[j + step_vec],
-              libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
+              libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
       re->coefficients[j] = x;
@@ -3391,7 +3433,10 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
+      /* We only ever call this function after matrix/vector multiplication */
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
+
+      / (size_t)2U;
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U);
@@ -3595,11 +3640,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(/* u :=
+                                                             Decompress_q(Decode_{d_u}(c),
+                                                             d_u) */
+                                                          ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
-          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
-                                          (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from(
+              (size_t)1088U,
+              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
+              ciphertext, (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
@@ -3621,7 +3671,8 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42(
     Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
+      /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
@@ -4156,6 +4207,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
+  /* Requiring more than 5 blocks to sample a ring element should be very
+   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
+   * failing here, we squeeze more blocks out of the state until we have enough.
+   */
   while (true) {
     if (done) {
       break;
@@ -4222,7 +4277,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-      if (transpose) {
+      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -4244,12 +4299,15 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  Eurydice_slice uu____0 =
-      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
+      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
+                                      do for j from 0 to k − 1 do AˆT[i][j] :=
+                                      Parse(XOF(ρ, i, j)) end for end for */
+                                   public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4497,7 +4555,12 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U; i < step; i++) {
+  for (size_t i = (size_t)0U;
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       step;
+       i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
         libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
@@ -4519,7 +4582,10 @@ with const generics
 static KRML_MUSTINLINE void
 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(/* Due to the small coefficient bound, we
+                                          can skip the first round of Montgomery
+                                          reductions. */
+                                       re);
   size_t zeta_i = (size_t)1U;
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
@@ -4726,7 +4792,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4858,8 +4928,28 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
-                                              &message->coefficients[i0]);
+        libcrux_ml_kem_vector_portable_add_0d(
+            self->coefficients
+                [/* FIXME: Eurydice crashes with: Warning 11: in
+                    top-level declaration
+                    libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
+                    this expression is not Low*; the enclosing
+                    function cannot be translated into C*: let
+                    mutable ret(Mark.Present,(Mark.AtMost 2), ):
+                    int16_t[16size_t] = $any in
+                    libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
+                    ((@9:
+                    libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
+                    &(((@8:
+                    libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
+                    @0; @0 Warning 11 is fatal, exiting. On the
+                    following code: ```rust result.coefficients[i]
+                    = Vector::barrett_reduce(Vector::add(
+                    coefficient_normal_form,
+                    &Vector::add(self.coefficients[i],
+                    &message.coefficients[i]), )); ``` */
+                 i0],
+            &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
@@ -5116,7 +5206,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_compress_0d_d1(
@@ -5176,7 +5270,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
         libcrux_ml_kem_vector_portable_compress_0d_f4(
@@ -5268,7 +5366,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
+                                               CBD{η1}(PRF(r, N)) N := N + 1 end
+                                               for rˆ := NTT(r) */
+                                            randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5281,6 +5382,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
+  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_23 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(
       copy_of_prf_input, domain_separator0);
@@ -5289,7 +5391,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = domain_separator;
+  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
   uint8_t prf_output[128U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
@@ -5297,10 +5399,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_1b(public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */
+                                            public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
+  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
@@ -5310,12 +5414,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
+  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
+  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -5456,17 +5562,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_d8_d6(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
+  libcrux_ml_kem_variant_kdf_d8_d6(shared_secret0, ciphertext, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -5741,12 +5847,20 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+       i <
+       /* The semicolon and parentheses at the end of loop are a workaround for
+          the following bug https://github.com/hacspec/hax/issues/720 */
+       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
+       i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
             libcrux_ml_kem_vector_traits_to_standard_domain_8c(
-                self->coefficients[j]);
+                self->coefficients[/* The coefficients are of the form aR^{-1}
+                                      mod q, which means calling
+                                      to_montgomery_domain() on them should
+                                      return a mod q. */
+                                   j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -5778,6 +5892,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
+    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
+     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
         libcrux_ml_kem_polynomial_ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
@@ -5857,7 +5973,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
+                                                  := G(d || K) for ML-KEM */
+                                               key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5890,8 +6008,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_matrix_compute_As_plus_e_1b(
-      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
-      error_as_ntt);
+      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
+      private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6023,12 +6141,18 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
-      public_key->t_as_ntt,
-      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
-      public_key_serialized);
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ
+                                                    mod^{+}q) || ρ) */
+                                                 public_key->t_as_ntt,
+                                                 Eurydice_array_to_slice(
+                                                     (size_t)32U,
+                                                     public_key->seed_for_A,
+                                                     uint8_t),
+                                                 public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(private_key->secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q)
+                                                  */
+                                                 private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6340,17 +6464,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_620(
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
                               uint8_t),
       ciphertext, implicit_rejection_shared_secret);
-  uint8_t shared_secret1[32U];
-  libcrux_ml_kem_variant_kdf_33_d6(shared_secret0, ciphertext, shared_secret1);
   uint8_t shared_secret[32U];
+  libcrux_ml_kem_variant_kdf_33_d6(shared_secret0, ciphertext, shared_secret);
+  uint8_t ret0[32U];
   libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
       libcrux_ml_kem_types_as_ref_43_80(ciphertext),
       Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
-      Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
+      Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
       Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
                               uint8_t),
-      shared_secret);
-  memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t));
+      ret0);
+  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
 /**
@@ -6609,7 +6733,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
+                                                  := G(d || K) for ML-KEM */
+                                               key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6642,8 +6768,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_matrix_compute_As_plus_e_1b(
-      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
-      error_as_ntt);
+      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
+      private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6781,7 +6907,10 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_e0(
-      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
+      Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
+                                     the types. We need to go to the `value`
+                                     directly. */
+                                  private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
       t);
@@ -7599,7 +7728,10 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(
   Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
   Eurydice_slice implicit_rejection_value = uu____0.f3;
   Eurydice_slice uu____1 = Eurydice_array_to_slice(
-      (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      (size_t)3U,
+      /* XXX: We need to copy_from_slice here because karamel can't handle the
+         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
+      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U];
   libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, ret);
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index a77bfdbea..5955882fa 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
  */
 
 #ifndef __libcrux_sha3_avx2_H
@@ -104,7 +104,9 @@ libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a,
                                                                    uint64_t c) {
-  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c);
+  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x(
+      (int64_t) /* Casting here is required, doesn't change the value. */
+      c);
   return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0);
 }
 
@@ -1699,7 +1701,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_5b(
         __m256i);
     __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
         (int32_t)32,
-        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
         s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
@@ -2034,7 +2036,15 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256(
     Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
     Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1,
     Eurydice_slice out2, Eurydice_slice out3) {
-  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
+  Eurydice_slice buf0[4U] = {
+      /* XXX: These functions could alternatively implement the same with the
+         portable implementation #[cfg(feature = "simd128")] { keccakx2::<136,
+         0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136,
+         0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136,
+         0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]);
+         keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136,
+         0x1fu8>([input3], [out3]); } */
+      input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
   libcrux_sha3_generic_keccak_keccak_fb(buf0, buf);
 }
@@ -2274,7 +2284,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_3a(
         __m256i);
     __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
         (int32_t)32,
-        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
         s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index d85d8e543..211cf1919 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 3e54f3c659bef6ee815d197ee5c74dd40c75186a
+ * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
+ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
+ * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
+ * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
+ * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
  */
 
 #ifndef __libcrux_sha3_portable_H
@@ -1654,6 +1654,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
@@ -2012,6 +2013,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
@@ -2140,6 +2142,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
@@ -2746,6 +2749,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
@@ -3104,6 +3108,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
@@ -3399,6 +3404,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
+  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
@@ -3496,6 +3502,7 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
                                                           Eurydice_slice input1,
                                                           Eurydice_slice out0,
                                                           Eurydice_slice out1) {
+  /* TODO: make argument ordering consistent */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3510,6 +3517,9 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
 */
 static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
 libcrux_sha3_neon_x2_incremental_init(void) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let s0 = KeccakState::new(); let s1 =
+   * KeccakState::new(); [s0, s1] } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3522,6 +3532,10 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
+   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3535,6 +3549,10 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_squeeze_first_three_blocks(&mut s0, out0);
+   * shake128_squeeze_first_three_blocks(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3548,6 +3566,10 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_squeeze_next_block(&mut s0, out0);
+   * shake128_squeeze_next_block(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3572,6 +3594,10 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
+  /* XXX: These functions could alternatively implement the same with the
+   * portable implementation { let [mut s0, mut s1] = s;
+   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
+   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3733,8 +3759,13 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (self->buf_len + input_len >= (size_t)136U) {
-      consumed = (size_t)136U - self->buf_len;
+    if (
+        /* There's something buffered internally to consume. */ self->buf_len +
+            input_len >=
+        (size_t)136U) {
+      consumed = (size_t)136U - /* We have enough data when combining the
+                                   internal buffer and the input. */
+                 self->buf_len;
       for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
         size_t i0 = i;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -3840,7 +3871,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
-  if (input_remainder_len > (size_t)0U) {
+  if (
+      /* ... buffer the rest if there's not enough input (left). */
+      input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
       size_t i0 = i;
@@ -4187,8 +4220,13 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (self->buf_len + input_len >= (size_t)168U) {
-      consumed = (size_t)168U - self->buf_len;
+    if (
+        /* There's something buffered internally to consume. */ self->buf_len +
+            input_len >=
+        (size_t)168U) {
+      consumed = (size_t)168U - /* We have enough data when combining the
+                                   internal buffer and the input. */
+                 self->buf_len;
       for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
         size_t i0 = i;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -4294,7 +4332,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
-  if (input_remainder_len > (size_t)0U) {
+  if (
+      /* ... buffer the rest if there's not enough input (left). */
+      input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
       size_t i0 = i;
@@ -4684,7 +4724,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   size_t blocks = out_len / (size_t)136U;
   size_t last = out_len - out_len % (size_t)136U;
   size_t mid;
-  if ((size_t)136U >= out_len) {
+  if ((size_t)136U >=
+      /* Squeeze out one to start with. XXX: Eurydice does not extract
+         `core::cmp::min`, so we do this instead. (cf.
+         https://github.com/AeneasVerif/eurydice/issues/49) */
+      out_len
+
+  ) {
     mid = out_len;
   } else {
     mid = (size_t)136U;
@@ -4698,8 +4744,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
-                                             .end = blocks}),
+          (CLITERAL(core_ops_range_Range_08){
+              .start = (size_t)1U,
+              .end = /* If we got asked for more than one block, squeeze out
+                        more. */
+              blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -4708,7 +4757,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
+                                                            always have full
+                                                            blocks to write out.
+                                                          */
+                                                         out_rest,
                                                          (size_t)136U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
@@ -4803,7 +4856,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   size_t blocks = out_len / (size_t)168U;
   size_t last = out_len - out_len % (size_t)168U;
   size_t mid;
-  if ((size_t)168U >= out_len) {
+  if ((size_t)168U >=
+      /* Squeeze out one to start with. XXX: Eurydice does not extract
+         `core::cmp::min`, so we do this instead. (cf.
+         https://github.com/AeneasVerif/eurydice/issues/49) */
+      out_len
+
+  ) {
     mid = out_len;
   } else {
     mid = (size_t)168U;
@@ -4817,8 +4876,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
-                                             .end = blocks}),
+          (CLITERAL(core_ops_range_Range_08){
+              .start = (size_t)1U,
+              .end = /* If we got asked for more than one block, squeeze out
+                        more. */
+              blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -4827,7 +4889,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
+                                                            always have full
+                                                            blocks to write out.
+                                                          */
+                                                         out_rest,
                                                          (size_t)168U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));

From 98f9a92172d7a531ad6fa41fd018056fdbd60851 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 19:17:37 +0000
Subject: [PATCH 056/142] c code

---
 libcrux-ml-kem/c/code_gen.txt                 |   10 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   10 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   10 +-
 .../c/internal/libcrux_mlkem_portable.h       |   10 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   10 +-
 .../c/internal/libcrux_sha3_internal.h        |   78 +-
 libcrux-ml-kem/c/libcrux_core.c               |   10 +-
 libcrux-ml-kem/c/libcrux_core.h               |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 1303 ++++------------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     |  373 ++---
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   10 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   52 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   16 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   30 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   10 +-
 libcrux-ml-kem/cg/code_gen.txt                |   10 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   10 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   10 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 1309 +++--------------
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  230 +--
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   28 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |  104 +-
 40 files changed, 826 insertions(+), 2997 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 8606206e0..54242b657 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
-Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
-Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
-F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+F*: 5643e656b989aca7629723653a2570c7df6252b9
+Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index fe0dc7d7d..fe89acd19 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 48345a968..466ef3ba0 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index e89d87311..f108fb1a3 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 78fe0a95b..67b2d4675 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 92381f50f..342c481f4 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
@@ -273,13 +273,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)136U) {
-      consumed = (size_t)136U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)136U) {
+      consumed = (size_t)136U - self->buf_len;
       {
         size_t i = (size_t)0U;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -385,9 +380,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
       size_t i = (size_t)0U;
@@ -734,13 +727,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)168U) {
-      consumed = (size_t)168U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)168U) {
+      consumed = (size_t)168U - self->buf_len;
       {
         size_t i = (size_t)0U;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -846,9 +834,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     {
       size_t i = (size_t)0U;
@@ -1238,13 +1224,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   size_t blocks = out_len / (size_t)136U;
   size_t last = out_len - out_len % (size_t)136U;
   size_t mid;
-  if ((size_t)136U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)136U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)136U;
@@ -1258,11 +1238,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -1271,11 +1248,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)136U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
@@ -1370,13 +1343,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   size_t blocks = out_len / (size_t)168U;
   size_t last = out_len - out_len % (size_t)168U;
   size_t mid;
-  if ((size_t)168U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)168U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)168U;
@@ -1390,11 +1357,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -1403,11 +1367,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)168U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index de354115a..e69d41843 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 55c5c5d8e..9097eceda 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 37334a9b1..041b2ec09 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 778d6fbf3..5fec937b0 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 854751c45..96971f755 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index e463cb267..c63594eaa 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 430c904d1..f951149be 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index fb7755a5a..0e850ae5d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 3e9fbd0cc..7971b5c4f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 79012290d..3c4030f73 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 8639c4603..b8f6fd756 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index faea31c8a..7766250f2 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 474b96082..f2c7db21a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index a7a0f7e7d..d30955e8a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 35608499b..ea29365da 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 2d21b9d89..1cdebda61 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 514894426..6c512c865 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 64e5d2462..7cd2d548f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -141,16 +141,11 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   __m256i field_modulus =
       mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  __m256i v_minus_field_modulus =
-      mm256_sub_epi16(/* Compute v_i - Q and crate a mask from the sign bit of
-                         each of these quantities. */
-                      vector,
-                      field_modulus);
+  __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus);
   __m256i sign_mask =
       mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i);
-  __m256i conditional_add_field_modulus = mm256_and_si256(
-      /* If v_i - Q < 0 then add back Q to (v_i - Q). */ sign_mask,
-      field_modulus);
+  __m256i conditional_add_field_modulus =
+      mm256_and_si256(sign_mask, field_modulus);
   return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus);
 }
 
@@ -455,7 +450,6 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) {
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
     __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  /* Compute the first term of the product */
   __m256i shuffle_with = mm256_set_epi8(
       (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6,
       (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8,
@@ -463,8 +457,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2,
       (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4,
       (int8_t)1, (int8_t)0);
-  __m256i lhs_shuffled =
-      mm256_shuffle_epi8(/* Prepare the left hand side */ lhs, shuffle_with);
+  __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with);
   __m256i lhs_shuffled0 =
       mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i);
   __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0);
@@ -472,8 +465,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i lhs_odds =
       mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i);
   __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds);
-  __m256i rhs_shuffled =
-      mm256_shuffle_epi8(/* Prepare the right hand side */ rhs, shuffle_with);
+  __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with);
   __m256i rhs_shuffled0 =
       mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i);
   __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0);
@@ -481,8 +473,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i rhs_odds =
       mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i);
   __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds);
-  __m256i left =
-      mm256_mullo_epi32(/* Start operating with them */ lhs_evens0, rhs_evens0);
+  __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0);
   __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0);
   __m256i right0 =
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right);
@@ -495,7 +486,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
           products_left);
   __m256i rhs_adjacent_swapped = mm256_shuffle_epi8(
-      /* Compute the second term of the product */ rhs,
+      rhs,
       mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9,
                      (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4,
                      (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3,
@@ -509,9 +500,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
           products_right);
   __m256i products_right1 =
       mm256_slli_epi32((int32_t)16, products_right0, __m256i);
-  return mm256_blend_epi16((int32_t)170,
-                           /* Combine them into one vector */ products_left0,
-                           products_right1, __m256i);
+  return mm256_blend_epi16((int32_t)170, products_left0, products_right1,
+                           __m256i);
 }
 
 /**
@@ -527,44 +517,11 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
     __m256i vector, uint8_t ret[2U]) {
-  __m256i lsb_to_msb = mm256_slli_epi16(
-      (int32_t)15,
-      /* Suppose |vector| is laid out as follows (superscript number indicates
-         the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀
-         0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least
-         significant bit in each lane, move it to the most significant position
-         to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵
-         d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵
-         n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */
-      vector, __m256i);
-  __m128i low_msbs = mm256_castsi256_si128(
-      /* Get the first 8 16-bit elements ... */ lsb_to_msb);
-  __m128i high_msbs = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i);
-  __m128i msbs =
-      mm_packs_epi16(/* ... and then pack them into 8-bit values using signed
-                        saturation. This function packs all the |low_msbs|, and
-                        then the high ones. low_msbs = a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ |
-                        e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵ j₀0¹⁵ k₀0¹⁵
-                        l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ We shifted by 15 above
-                        to take advantage of the signed saturation performed by
-                        mm_packs_epi16: - if the sign bit of the 16-bit element
-                        being packed is 1, the corresponding 8-bit element in
-                        |msbs| will be 0xFF. - if the sign bit of the 16-bit
-                        element being packed is 0, the corresponding 8-bit
-                        element in |msbs| will be 0. Thus, if, for example, a₀ =
-                        1, e₀ = 1, and p₀ = 1, and every other bit is 0, after
-                        packing into 8 bit value, |msbs| will look like: 0xFF
-                        0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00
-                        0x00 | 0x00 0x00 0x00 0xFF */
-                     low_msbs,
-                     high_msbs);
-  int32_t bits_packed =
-      mm_movemask_epi8(/* Now that every element is either 0xFF or 0x00, we just
-                          extract the most significant bit from each element and
-                          collate them into two bytes. */
-                       msbs);
+  __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i);
+  __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb);
+  __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i);
+  __m128i msbs = mm_packs_epi16(low_msbs, high_msbs);
+  int32_t bits_packed = mm_movemask_epi8(msbs);
   uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)};
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
@@ -582,39 +539,16 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b) {
   __m256i coefficients =
-      mm256_set_epi16(/* We need to take each bit from the 2 bytes of input and
-                         put them into their own 16-bit lane. Ideally, we'd load
-                         the two bytes into the vector, duplicate them, and
-                         right-shift the 0th element by 0 bits, the first
-                         element by 1 bit, the second by 2 bits and so on before
-                         AND-ing with 0x1 to leave only the least signifinicant
-                         bit. But since |_mm256_srlv_epi16| does not exist, so
-                         we have to resort to a workaround. Rather than shifting
-                         each element by a different amount, we'll multiply each
-                         element by a value such that the bit we're interested
-                         in becomes the most significant bit. The coefficients
-                         are loaded as follows: */
-                      b,
-                      b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
-  __m256i coefficients_in_msb =
-      mm256_mullo_epi16(/* And this vector, when multiplied with the previous
-                           one, ensures that the bit we'd like to keep in each
-                           lane becomes the most significant bit upon
-                           multiplication. */
-                        coefficients,
-                        mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U,
-                                        (int16_t)1 << 10U, (int16_t)1 << 11U,
-                                        (int16_t)1 << 12U, (int16_t)1 << 13U,
-                                        (int16_t)1 << 14U, (int16_t)-32768,
-                                        (int16_t)1 << 8U, (int16_t)1 << 9U,
-                                        (int16_t)1 << 10U, (int16_t)1 << 11U,
-                                        (int16_t)1 << 12U, (int16_t)1 << 13U,
-                                        (int16_t)1 << 14U, (int16_t)-32768));
-  return mm256_srli_epi16(
-      (int32_t)15,
-      /* Now that they're all in the most significant bit position, shift them
-         down to the least significant bit. */
-      coefficients_in_msb, __m256i);
+      mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
+  __m256i coefficients_in_msb = mm256_mullo_epi16(
+      coefficients,
+      mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U,
+                      (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U,
+                      (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U,
+                      (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U,
+                      (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U,
+                      (int16_t)-32768));
+  return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i);
 }
 
 KRML_MUSTINLINE __m256i
@@ -627,23 +561,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* We need to take each bit from the 2 bytes of input and put them
-             into their own 16-bit lane. Ideally, we'd load the two bytes into
-             the vector, duplicate them, and right-shift the 0th element by 0
-             bits, the first element by 1 bit, the second by 2 bits and so on
-             before AND-ing with 0x1 to leave only the least signifinicant bit.
-             But since |_mm256_srlv_epi16| does not exist, so we have to resort
-             to a workaround. Rather than shifting each element by a different
-             amount, we'll multiply each element by a value such that the bit
-             we're interested in becomes the most significant bit. The
-             coefficients are loaded as follows: And this vector, when
-             multiplied with the previous one, ensures that the bit we'd like to
-             keep in each lane becomes the most significant bit upon
-             multiplication. Now that they're all in the most significant bit
-             position, shift them down to the least significant bit. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
@@ -676,47 +594,23 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
     __m256i vector, uint8_t ret[8U]) {
   uint8_t serialized[16U] = {0U};
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          4U,
-          /* If |vector| is laid out as follows: 0x000A 0x000B 0x000C 0x000D |
-             0x000E 0x000F 0x000G 0x000H | .... |adjacent_2_combined| will be
-             laid out as a series of 32-bit integeres, as follows: 0x00_00_00_BA
-             0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */
-          vector);
-  __m256i adjacent_8_combined =
-      mm256_shuffle_epi8(/* Recall that |adjacent_2_combined| goes as follows:
-                            0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE
-                            0x00_00_00_HG | ... Out of this, we only need the
-                            first byte, the 4th byte, the 8th byte and so on
-                            from the bottom and the top 128 bits. */
-                         adjacent_2_combined,
-                         mm256_set_epi8(
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0));
-  __m256i combined =
-      mm256_permutevar8x32_epi32(/* |adjacent_8_combined| looks like this: 0:
-                                    0xHG_FE_DC_BA 1: 0x00_00_00_00 | 2:
-                                    0x00_00_00_00 3: 0x00_00_00_00 | 4:
-                                    0xPO_NM_LK_JI .... We put the element at 4
-                                    after the element at 0 ... */
-                                 adjacent_8_combined,
-                                 mm256_set_epi32((int32_t)0, (int32_t)0,
-                                                 (int32_t)0, (int32_t)0,
-                                                 (int32_t)0, (int32_t)0,
-                                                 (int32_t)4, (int32_t)0));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector);
+  __m256i adjacent_8_combined = mm256_shuffle_epi8(
+      adjacent_2_combined,
+      mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4,
+                     (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8,
+                     (int8_t)4, (int8_t)0));
+  __m256i combined = mm256_permutevar8x32_epi32(
+      adjacent_8_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
+                      (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0));
   __m128i combined0 = mm256_castsi256_si128(combined);
   mm_storeu_bytes_si128(
-      Eurydice_array_to_slice(
-          (size_t)16U,
-          /* ... so that we can read them out in one go. */ serialized,
-          uint8_t),
-      combined0);
+      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
   uint8_t ret0[8U];
   core_result_Result_15 dst;
   Eurydice_slice_to_array2(
@@ -740,23 +634,8 @@ KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
     int16_t b6, int16_t b7) {
-  __m256i coefficients =
-      mm256_set_epi16(/* Every 4 bits from each byte of input should be put into
-                         its own 16-bit lane. Since |_mm256_srlv_epi16| does not
-                         exist, we have to resort to a workaround. Rather than
-                         shifting each element by a different amount, we'll
-                         multiply each element by a value such that the bits
-                         we're interested in become the most significant bits
-                         (of an 8-bit value). In this lane, the 4 bits we need
-                         to put are already the most significant bits of
-                         |bytes[7]| (that is, b7). */
-                      b7,
-                      /* In this lane, the 4 bits we need to put are the least
-                         significant bits, so we need to shift the 4
-                         least-significant bits of |b7| to the most significant
-                         bits (of an 8-bit value). */
-                      b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0,
-                      b0);
+  __m256i coefficients = mm256_set_epi16(b7, b7, b6, b6, b5, b5, b4, b4, b3, b3,
+                                         b2, b2, b1, b1, b0, b0);
   __m256i coefficients_in_msb = mm256_mullo_epi16(
       coefficients,
       mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
@@ -765,12 +644,9 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
                       (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U,
                       (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
                       (int16_t)1 << 4U));
-  __m256i coefficients_in_lsb = mm256_srli_epi16(
-      (int32_t)4,
-      /* Once the 4-bit coefficients are in the most significant positions (of
-         an 8-bit value), shift them all down by 4. */
-      coefficients_in_msb, __m256i);
-  return mm256_and_si256(/* Zero the remaining bits. */ coefficients_in_lsb,
+  __m256i coefficients_in_lsb =
+      mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i);
+  return mm256_and_si256(coefficients_in_lsb,
                          mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1));
 }
 
@@ -786,23 +662,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* Every 4 bits from each byte of input should be put into its own
-             16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to
-             resort to a workaround. Rather than shifting each element by a
-             different amount, we'll multiply each element by a value such that
-             the bits we're interested in become the most significant bits (of
-             an 8-bit value). In this lane, the 4 bits we need to put are
-             already the most significant bits of |bytes[7]| (that is, b7). In
-             this lane, the 4 bits we need to put are the least significant
-             bits, so we need to shift the 4 least-significant bits of |b7| to
-             the most significant bits (of an 8-bit value). These constants are
-             chosen to shift the bits of the values that we loaded into
-             |coefficients|. Once the 4-bit coefficients are in the most
-             significant positions (of an 8-bit value), shift them all down
-             by 4. Zero the remaining bits. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
@@ -824,78 +684,32 @@ libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
     __m256i vector, uint8_t ret[10U]) {
   uint8_t serialized[32U] = {0U};
-  __m256i adjacent_2_combined =
-      mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number
-                          indicates the corresponding bit is duplicated that
-                          many times): 0¹¹a₄a₃a₂a₁a₀ 0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀
-                          0¹¹d₄d₃d₂d₁d₀ | ↩ 0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀
-                          0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ | ↩ |adjacent_2_combined|
-                          will be laid out as a series of 32-bit integers, as
-                          follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                          0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                          0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... */
-                       vector,
-                       mm256_set_epi16(
-                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
-                           (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
-                           (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
-                           (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U,
-                           (int16_t)1));
-  __m256i adjacent_4_combined =
-      mm256_sllv_epi32(/* Recall that |adjacent_2_combined| is laid out as
-                          follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                          0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                          0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... This shift results
-                          in: b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ |
-                          ↩ f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                          .... */
-                       adjacent_2_combined,
-                       mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0,
-                                       (int32_t)22, (int32_t)0, (int32_t)22,
-                                       (int32_t)0, (int32_t)22));
-  __m256i adjacent_4_combined0 = mm256_srli_epi64(
-      (int32_t)22,
-      /* |adjacent_4_combined|, when viewed as 64-bit lanes, is:
-         0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩
-         0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift
-         down by 22 bits to remove the least significant 0 bits that aren't part
-         of the bits we need. */
-      adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined = mm256_shuffle_epi32(
-      (int32_t)8,
-      /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks
-         like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³²
-         2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to
-         read out the bytes in one go, we need to shifts the bits in position 2
-         to position 1 in each 128-bit lane. */
-      adjacent_4_combined0, __m256i);
-  __m256i adjacent_8_combined0 =
-      mm256_sllv_epi32(/* |adjacent_8_combined|, when viewed as a set of 32-bit
-                          values, now looks like:
-                          0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                          0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 0³² 0³² |
-                          ↩ Once again, we line these bits up by shifting the up
-                          values at indices 0 and 5 by 12, viewing the resulting
-                          register as a set of 64-bit values, and then shifting
-                          down the 64-bit values by 12 bits. */
-                       adjacent_8_combined,
-                       mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0,
-                                       (int32_t)12, (int32_t)0, (int32_t)0,
-                                       (int32_t)0, (int32_t)12));
+  __m256i adjacent_2_combined = mm256_madd_epi16(
+      vector, mm256_set_epi16(
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1));
+  __m256i adjacent_4_combined = mm256_sllv_epi32(
+      adjacent_2_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22,
+                      (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22));
+  __m256i adjacent_4_combined0 =
+      mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined =
+      mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i);
+  __m256i adjacent_8_combined0 = mm256_sllv_epi32(
+      adjacent_8_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12,
+                      (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12));
   __m256i adjacent_8_combined1 =
       mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i);
-  __m128i lower_8 =
-      mm256_castsi256_si128(/* We now have 40 bits starting at position 0 in the
-                               lower 128-bit lane, ... */
-                            adjacent_8_combined1);
+  __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1);
   mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
       lower_8);
-  __m128i upper_8 = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the second 40 bits at position 0 in the upper 128-bit lane */
-      adjacent_8_combined1, __m128i);
+  __m128i upper_8 =
+      mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i);
   mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
@@ -989,67 +803,25 @@ core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
     __m256i vector) {
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          10U,
-          /* If |vector| is laid out as follows (superscript number indicates
-             the corresponding bit is duplicated that many times):
-             0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-             0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩
-             0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-             0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ...
-             |adjacent_2_combined| will be laid out as a series of 32-bit
-             integers, as follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-             0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
-             0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-             0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... */
-          vector);
-  __m256i adjacent_4_combined =
-      mm256_sllv_epi32(/* Shifting up the values at the even indices by 12, we
-                          get: b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                          0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
-                          f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                          0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ ... */
-                       adjacent_2_combined,
-                       mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0,
-                                       (int32_t)12, (int32_t)0, (int32_t)12,
-                                       (int32_t)0, (int32_t)12));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector);
+  __m256i adjacent_4_combined = mm256_sllv_epi32(
+      adjacent_2_combined,
+      mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12,
+                      (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12));
   __m256i adjacent_4_combined0 =
-      mm256_srli_epi64((int32_t)12,
-                       /* Viewing this as a set of 64-bit integers we get:
-                          0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                          | ↩
-                          0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                          | ↩ ... Shifting down by 12 gives us:
-                          0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                          | ↩
-                          0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                          | ↩ ... */
-                       adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined =
-      mm256_shuffle_epi8(/* |adjacent_4_combined|, when the bottom and top 128
-                            bit-lanes are grouped into bytes, looks like:
-                            0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ In
-                            each 128-bit lane, we want to put bytes 8, 9, 10,
-                            11, 12 after bytes 0, 1, 2, 3 to allow for
-                            sequential reading. */
-                         adjacent_4_combined0,
-                         mm256_set_epi8(
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11,
-                             (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
-                             (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0,
-                             (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
-                             (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11,
-                             (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
-                             (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
-  __m128i lower_8 =
-      mm256_castsi256_si128(/* We now have 64 bits starting at position 0 in the
-                               lower 128-bit lane, ... */
-                            adjacent_8_combined);
-  __m128i upper_8 = mm256_extracti128_si256(
-      (int32_t)1,
-      /* and 64 bits starting at position 0 in the upper 128-bit lane. */
-      adjacent_8_combined, __m128i);
+      mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined = mm256_shuffle_epi8(
+      adjacent_4_combined0,
+      mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9,
+                     (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1,
+                     (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+                     (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10,
+                     (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2,
+                     (int8_t)1, (int8_t)0));
+  __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined);
+  __m128i upper_8 =
+      mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i);
   return (
       CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8});
 }
@@ -1057,167 +829,8 @@ libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
     __m256i vector, uint8_t ret[20U]) {
   core_core_arch_x86___m128i_x2 uu____0 =
-      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(/* If
-                                                                            |vector|
-                                                                            is
-                                                                            laid
-                                                                            out
-                                                                            as
-                                                                            follows
-                                                                            (superscript
-                                                                            number
-                                                                            indicates
-                                                                            the
-                                                                            corresponding
-                                                                            bit
-                                                                            is
-                                                                            duplicated
-                                                                            that
-                                                                            many
-                                                                            times):
-                                                                            0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-                                                                            0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀
-                                                                            | ↩
-                                                                            0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-                                                                            0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_2_combined|
-                                                                            will
-                                                                            be
-                                                                            laid
-                                                                            out
-                                                                            as a
-                                                                            series
-                                                                            of
-                                                                            32-bit
-                                                                            integers,
-                                                                            as
-                                                                            follows:
-                                                                            0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ....
-                                                                            Shifting
-                                                                            up
-                                                                            the
-                                                                            values
-                                                                            at
-                                                                            the
-                                                                            even
-                                                                            indices
-                                                                            by
-                                                                            12,
-                                                                            we
-                                                                            get:
-                                                                            b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ...
-                                                                            Viewing
-                                                                            this
-                                                                            as a
-                                                                            set
-                                                                            of
-                                                                            64-bit
-                                                                            integers
-                                                                            we
-                                                                            get:
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            | ↩
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            | ↩
-                                                                            ...
-                                                                            Shifting
-                                                                            down
-                                                                            by
-                                                                            12
-                                                                            gives
-                                                                            us:
-                                                                            0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            | ↩
-                                                                            0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_4_combined|,
-                                                                            when
-                                                                            the
-                                                                            bottom
-                                                                            and
-                                                                            top
-                                                                            128
-                                                                            bit-lanes
-                                                                            are
-                                                                            grouped
-                                                                            into
-                                                                            bytes,
-                                                                            looks
-                                                                            like:
-                                                                            0₇0₆0₅B₄B₃B₂B₁B₀
-                                                                            | ↩
-                                                                            0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈
-                                                                            | ↩
-                                                                            In
-                                                                            each
-                                                                            128-bit
-                                                                            lane,
-                                                                            we
-                                                                            want
-                                                                            to
-                                                                            put
-                                                                            bytes
-                                                                            8,
-                                                                            9,
-                                                                            10,
-                                                                            11,
-                                                                            12
-                                                                            after
-                                                                            bytes
-                                                                            0,
-                                                                            1,
-                                                                            2, 3
-                                                                            to
-                                                                            allow
-                                                                            for
-                                                                            sequential
-                                                                            reading.
-                                                                            We
-                                                                            now
-                                                                            have
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            lower
-                                                                            128-bit
-                                                                            lane,
-                                                                            ...
-                                                                            and
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            upper
-                                                                            128-bit
-                                                                            lane.
-                                                                          */
-                                                                         vector);
+      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
+          vector);
   __m128i lower_8 = uu____0.fst;
   __m128i upper_8 = uu____0.snd;
   uint8_t serialized[32U] = {0U};
@@ -1267,16 +880,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
                       (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U,
                       (int16_t)1 << 6U));
   __m256i coefficients1 = mm256_srli_epi16((int32_t)6, coefficients0, __m256i);
-  return mm256_and_si256(
-      /* Here I can prove this `and` is not useful */ coefficients1,
-      mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1));
+  return mm256_and_si256(coefficients1,
+                         mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1));
 }
 
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
-  Eurydice_slice lower_coefficients = Eurydice_slice_subslice2(
-      /* Here I can prove this `and` is not useful */ bytes, (size_t)0U,
-      (size_t)16U, uint8_t);
+  Eurydice_slice lower_coefficients =
+      Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t);
   Eurydice_slice upper_coefficients =
       Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t);
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -1442,64 +1053,26 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
   __m256i field_modulus =
       mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i potential_coefficients =
-      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can
-                                                             be interpreted as a
-                                                             sequence of
-                                                             serialized 12-bit
-                                                             (i.e. uncompressed)
-                                                             coefficients. Not
-                                                             all coefficients
-                                                             may be less than
-                                                             FIELD_MODULUS
-                                                             though. */
-                                                          input);
+      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input);
   __m256i compare_with_field_modulus =
-      mm256_cmpgt_epi16(/* Suppose we view |potential_coefficients| as follows
-                           (grouping 64-bit elements): A B C D | E F G H | ....
-                           and A < 3329, D < 3329 and H < 3329,
-                           |compare_with_field_modulus| will look like: 0xFF 0 0
-                           0xFF | 0 0 0 0xFF | ... */
-                        field_modulus,
-                        potential_coefficients);
+      mm256_cmpgt_epi16(field_modulus, potential_coefficients);
   uint8_t good[2U];
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each
-                                                      lane is either 0 or 1, we
-                                                      only need one bit from
-                                                      each lane in the register
-                                                      to tell us what
-                                                      coefficients to keep and
-                                                      what to throw-away.
-                                                      Combine all the bits
-                                                      (there are 16) into two
-                                                      bytes. */
-                                                   compare_with_field_modulus,
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
   memcpy(lower_shuffles,
-         /* Each bit (and its corresponding position) represents an element we
-            want to sample. We'd like all such elements to be next to each other
-            starting at index 0, so that they can be read from the vector
-            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
-            shuffling indices needed to make this happen. For e.g. if good[0] =
-            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
-            lane to the first. To do this, we need the byte-level shuffle
-            indices to be 2 3 X X X X ... */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[0U]],
          (size_t)16U * sizeof(uint8_t));
-  __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice(
-      (size_t)16U,
-      /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
-      uint8_t));
+  __m128i lower_shuffles0 = mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
   __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients);
   __m128i lower_coefficients0 =
       mm_shuffle_epi8(lower_coefficients, lower_shuffles0);
-  mm_storeu_si128(/* ... then write them out ... */ output,
-                  lower_coefficients0);
+  mm_storeu_si128(output, lower_coefficients0);
   size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]);
   uint8_t upper_shuffles[16U];
   memcpy(upper_shuffles,
-         /* Do the same for |goood[1]| */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[1U]],
          (size_t)16U * sizeof(uint8_t));
@@ -1852,13 +1425,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
-  H_a9_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)3U,
-                                      (size_t)768U * (size_t)3U + (size_t)32U,
-                                      uint8_t),
+  H_a9_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
@@ -2345,10 +1914,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c1(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -2407,7 +1972,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c1(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -2622,12 +2187,7 @@ with const generics
 static KRML_MUSTINLINE void ntt_at_layer_7_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
         re->coefficients[j + step], (int16_t)-1600);
@@ -2679,13 +2239,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2771,11 +2325,7 @@ with const generics
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     self->coefficients[i0] =
         libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
@@ -2790,9 +2340,7 @@ with const generics
 */
 static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  ntt_at_layer_7_61(/* Due to the small coefficient bound, we can skip the first
-                       round of Montgomery reductions. */
-                    re);
+  ntt_at_layer_7_61(re);
   size_t zeta_i = (size_t)1U;
   ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
   ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
@@ -2925,14 +2473,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -2966,17 +2509,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
-    __m256i coefficient_normal_form = to_standard_domain_61(
-        self->coefficients[/* The coefficients are of the form aR^{-1} mod q,
-                              which means calling to_montgomery_domain() on them
-                              should return a mod q. */
-                           j]);
+    __m256i coefficient_normal_form =
+        to_standard_domain_61(self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -3006,8 +2542,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -3083,10 +2617,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
     IndCpaPrivateKeyUnpacked_63 *private_key,
     IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -3116,8 +2647,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_221(
       sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_ab(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_ab(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -3142,13 +2673,11 @@ serialize_unpacked_secret_key_8c(IndCpaPublicKeyUnpacked_63 *public_key,
                                  IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_ed(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_ed(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_ed(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -3335,15 +2864,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa1(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_63 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   deserialize_ring_elements_reduced_ab(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -3520,13 +3045,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3557,10 +3076,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -3586,11 +3102,7 @@ static KRML_MUSTINLINE void add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -3703,26 +3215,8 @@ add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients
-            [/* FIXME: Eurydice crashes with: Warning 11: in top-level
-                declaration
-                libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                this expression is not Low*; the enclosing function cannot be
-                translated into C*: let mutable ret(Mark.Present,(Mark.AtMost
-                2), ): int16_t[16size_t] = $any in
-                libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                ((@9:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                &(((@8:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                @0; @0 Warning 11 is fatal, exiting. On the following code:
-                ```rust result.coefficients[i] =
-                Vector::barrett_reduce(Vector::add( coefficient_normal_form,
-                &Vector::add(self.coefficients[i], &message.coefficients[i]),
-                )); ``` */
-             i0],
-        &message->coefficients[i0]);
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
+                                                    &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
@@ -3770,18 +3264,8 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3789,18 +3273,12 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i);
@@ -3813,20 +3291,8 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -3880,18 +3346,8 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -3899,18 +3355,12 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i);
@@ -3923,20 +3373,8 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4014,18 +3452,8 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -4033,18 +3461,12 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i);
@@ -4057,20 +3479,8 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4096,11 +3506,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
         compress_09_d1(to_unsigned_field_modulus_61(re.coefficients[i0]));
@@ -4127,18 +3533,8 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i compression_factor = mm256_set1_epi32((int32_t)10321340);
   __m256i coefficient_bits_mask =
       mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1);
-  __m128i coefficients_low =
-      mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take
-                               the bottom 128 bits, i.e. the first 8 16-bit
-                               coefficients */
-                            vector);
-  __m256i coefficients_low0 =
-      mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A
-                              coefficients_low[16:31] = B
-                              coefficients_low[32:63] = C and so on ... after
-                              this step: coefficients_low[0:31] = A
-                              coefficients_low[32:63] = B and so on ... */
-                           coefficients_low);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
+  __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low =
       mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i);
   __m256i compressed_low0 =
@@ -4146,18 +3542,12 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   __m256i compressed_low1 =
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
-  __m256i compressed_low2 = mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+  __m256i compressed_low2 =
+      mm256_srli_epi32((int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 =
       mm256_and_si256(compressed_low2, coefficient_bits_mask);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high =
       mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i);
@@ -4170,20 +3560,8 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_srli_epi32((int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 =
       mm256_and_si256(compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        compressed_low3,
-                        compressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4209,11 +3587,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients =
         compress_09_f4(to_unsigned_representative_61(re.coefficients[i0]));
@@ -4301,11 +3675,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
     IndCpaPublicKeyUnpacked_63 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -4317,7 +3687,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_23 uu____3 =
       sample_ring_element_cbd_b41(copy_of_prf_input, domain_separator0);
@@ -4326,7 +3695,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -4334,11 +3703,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
-  compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_ab(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -4347,14 +3714,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
                                 &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -4549,8 +3914,7 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4558,16 +3922,12 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4575,27 +3935,12 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4650,8 +3995,7 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4659,16 +4003,12 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4676,27 +4016,12 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4819,8 +4144,7 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4828,16 +4152,12 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4845,27 +4165,12 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -4915,8 +4220,7 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i two_pow_coefficient_bits =
       mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5);
-  __m128i coefficients_low = mm256_castsi256_si128(
-      /* ---- Compress the first 8 coefficients ---- */ vector);
+  __m128i coefficients_low = mm256_castsi256_si128(vector);
   __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low =
       mm256_mullo_epi32(coefficients_low0, field_modulus);
@@ -4924,16 +4228,12 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_low, __m256i);
   __m256i decompressed_low1 =
       mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits);
-  __m256i decompressed_low2 = mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+  __m256i decompressed_low2 =
+      mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i);
   __m256i decompressed_low3 =
       mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i);
-  __m128i coefficients_high = mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+  __m128i coefficients_high =
+      mm256_extracti128_si256((int32_t)1, vector, __m128i);
   __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high =
       mm256_mullo_epi32(coefficients_high0, field_modulus);
@@ -4941,27 +4241,12 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
       mm256_slli_epi32((int32_t)1, decompressed_high, __m256i);
   __m256i decompressed_high1 =
       mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits);
-  __m256i decompressed_high2 = mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+  __m256i decompressed_high2 =
+      mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i);
   __m256i decompressed_high3 =
       mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits,
-                           this function results in: 0: low low low low | 1:
-                           high high high high | 2: low low low low | 3: high
-                           high high high where each |low| and |high| is a
-                           16-bit element */
-                        decompressed_low3,
-                        decompressed_high3);
-  return mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3);
+  return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
 /**
@@ -5128,14 +4413,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_2f(
     IndCpaPrivateKeyUnpacked_63 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
-  deserialize_then_decompress_u_ed(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_ed(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -5156,8 +4438,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_2f(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-  deserialize_secret_key_ab(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -5477,13 +4758,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
-  H_a9_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)4U,
-                                      (size_t)768U * (size_t)4U + (size_t)32U,
-                                      uint8_t),
+  H_a9_ac(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)4U,
+              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
@@ -5960,10 +5237,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c(
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_78(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -6022,7 +5295,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -6173,14 +5446,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -6211,8 +5479,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_42(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -6288,10 +5554,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
     IndCpaPrivateKeyUnpacked_39 *private_key,
     IndCpaPublicKeyUnpacked_39 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_6a(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_6a(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6321,8 +5584,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_22(
       sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_42(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_42(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6347,13 +5610,11 @@ serialize_unpacked_secret_key_c9(IndCpaPublicKeyUnpacked_39 *public_key,
                                  IndCpaPrivateKeyUnpacked_39 *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_1e(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_78(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_78(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6540,15 +5801,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa0(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_39 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t);
   deserialize_ring_elements_reduced_42(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1536U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -6640,10 +5897,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -6873,11 +6127,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
     IndCpaPublicKeyUnpacked_39 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -6889,7 +6139,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_dd uu____3 =
       sample_ring_element_cbd_b4(copy_of_prf_input, domain_separator0);
@@ -6898,7 +6147,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
       error_1, uu____3.fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -6906,11 +6155,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[4U];
-  compute_vector_u_42(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_42(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -6919,14 +6166,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[4U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_c9(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_1e(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
@@ -7240,14 +6485,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_37(
     IndCpaPrivateKeyUnpacked_39 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U];
-  deserialize_then_decompress_u_1e(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_1e(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_78(
-          Eurydice_array_to_subslice_from(
-              (size_t)1568U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)1408U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
+                                          (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -7268,8 +6510,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_37(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
-  deserialize_secret_key_42(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_42(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[4U];
   memcpy(
@@ -7577,13 +6818,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
-  H_a9_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)2U,
-                                      (size_t)768U * (size_t)2U + (size_t)32U,
-                                      uint8_t),
+  H_a9_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
@@ -8034,10 +7271,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c0(
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_29(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -8096,7 +7329,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c0(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -8252,14 +7485,9 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -8290,8 +7518,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_89(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -8367,10 +7593,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
     IndCpaPrivateKeyUnpacked_94 *private_key,
     IndCpaPublicKeyUnpacked_94 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_f8(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_f8(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8400,8 +7623,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_220(
       sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
-  compute_As_plus_e_89(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_89(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -8426,13 +7649,11 @@ serialize_unpacked_secret_key_2d(IndCpaPublicKeyUnpacked_94 *public_key,
                                  IndCpaPrivateKeyUnpacked_94 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_ba(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_29(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_29(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -8619,15 +7840,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_fa(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_94 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t);
   deserialize_ring_elements_reduced_89(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)768U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -8765,10 +7982,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_61(&zeta_i, re);
   invert_ntt_at_layer_2_61(&zeta_i, re);
   invert_ntt_at_layer_3_61(&zeta_i, re);
@@ -8960,11 +8174,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
     IndCpaPublicKeyUnpacked_94 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -8976,7 +8186,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_40 uu____3 =
       sample_ring_element_cbd_b40(copy_of_prf_input, domain_separator0);
@@ -8985,7 +8194,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
       error_1, uu____3.fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_a9_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -8993,11 +8202,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
       sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[2U];
-  compute_vector_u_89(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_89(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       deserialize_then_decompress_message_61(copy_of_message);
@@ -9006,14 +8213,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
                                 &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[2U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   compress_then_serialize_u_2d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   compress_then_serialize_ring_element_v_ba(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
@@ -9297,14 +8502,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_4b(
     IndCpaPrivateKeyUnpacked_94 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U];
-  deserialize_then_decompress_u_ba(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_ba(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       deserialize_then_decompress_ring_element_v_29(
-          Eurydice_array_to_subslice_from(
-              (size_t)768U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)640U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
+                                          (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -9325,8 +8527,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_4b(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
-  deserialize_secret_key_89(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_89(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[2U];
   memcpy(
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index addfdaf30..95dad8cf8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index fddae347c..1d3a317a8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -1152,28 +1152,11 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
 */
 uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
     uint16_t fe) {
-  int16_t shifted =
-      (int16_t)1664 -
-      (int16_t) /* The approach used here is inspired by:
-                   https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
-                   If 833 <= fe <= 2496, then -832 <= shifted <= 831 */
-      fe;
-  int16_t mask =
-      /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) =
-         -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive
-         <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so
-         if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */
-      shifted
-
-      >> 15U;
+  int16_t shifted = (int16_t)1664 - (int16_t)fe;
+  int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 =
-      /* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means the
-         most significant bit of shifted_positive_in_range will be 1. */
-      shifted_positive_in_range
-
-      >> 15U;
+  int16_t r0 = shifted_positive_in_range >> 15U;
   int16_t r1 = r0 & (int16_t)1;
   return (uint8_t)r1;
 }
@@ -1209,16 +1192,7 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
 
 int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
     uint8_t coefficient_bits, uint16_t fe) {
-  uint64_t compressed =
-      (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits
-                    == 5 || coefficient_bits == 10 || coefficient_bits == 11 );
-                    hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to
-                    be constant time due to:
-                    https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
-                  */
-      fe
-
-      << (uint32_t)coefficient_bits;
+  uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
   compressed = compressed + 1664ULL;
   compressed = compressed * 10321340ULL;
   compressed = compressed >> 35U;
@@ -2738,13 +2712,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
   uint8_t t[32U];
-  H_f1_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)4U,
-                                      (size_t)768U * (size_t)4U + (size_t)32U,
-                                      uint8_t),
+  H_f1_ac(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)4U,
+              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
@@ -3234,10 +3204,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b(
   memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_ff(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -3297,7 +3263,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -3495,12 +3461,7 @@ with const generics
 static KRML_MUSTINLINE void ntt_at_layer_7_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
         libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
@@ -3562,13 +3523,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3660,11 +3615,7 @@ with const generics
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -3681,9 +3632,7 @@ with const generics
 */
 static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  ntt_at_layer_7_8c(/* Due to the small coefficient bound, we can skip the first
-                       round of Montgomery reductions. */
-                    re);
+  ntt_at_layer_7_8c(re);
   size_t zeta_i = (size_t)1U;
   ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
   ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
@@ -3822,11 +3771,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_d0(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -3866,18 +3811,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_8c(
-            self->coefficients[/* The coefficients are of the form aR^{-1} mod
-                                  q, which means calling to_montgomery_domain()
-                                  on them should return a mod q. */
-                               j]);
+        coefficient_normal_form = to_standard_domain_8c(self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3909,8 +3846,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -3986,10 +3921,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
     IndCpaPrivateKeyUnpacked_af *private_key,
     IndCpaPublicKeyUnpacked_af *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_03(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_03(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -4019,8 +3951,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c(
       sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_d0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_d0(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -4045,13 +3977,11 @@ serialize_unpacked_secret_key_2f(IndCpaPublicKeyUnpacked_af *public_key,
                                  IndCpaPrivateKeyUnpacked_af *private_key) {
   uint8_t public_key_serialized[1568U];
   serialize_public_key_00(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1536U];
-  serialize_secret_key_ff(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_ff(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1536U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -4239,15 +4169,11 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_af *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1536U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t);
   deserialize_ring_elements_reduced_d0(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1536U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4434,13 +4360,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -4471,10 +4391,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -4500,11 +4417,7 @@ static KRML_MUSTINLINE void add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4630,27 +4543,8 @@ add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(
-            self->coefficients[/* FIXME: Eurydice crashes with: Warning 11: in
-                                  top-level declaration
-                                  libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                                  this expression is not Low*; the enclosing
-                                  function cannot be translated into C*: let
-                                  mutable ret(Mark.Present,(Mark.AtMost 2), ):
-                                  int16_t[16size_t] = $any in
-                                  libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                                  ((@9:
-                                  libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                                  &(((@8:
-                                  libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                                  @0; @0 Warning 11 is fatal, exiting. On the
-                                  following code: ```rust result.coefficients[i]
-                                  = Vector::barrett_reduce(Vector::add(
-                                  coefficient_normal_form,
-                                  &Vector::add(self.coefficients[i],
-                                  &message.coefficients[i]), )); ``` */
-                               i0],
-            &message->coefficients[i0]);
+        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+                                              &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
@@ -4863,11 +4757,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         compress_0d_d1(to_unsigned_field_modulus_8c(re.coefficients[i0]));
@@ -4922,11 +4812,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
         compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0]));
@@ -5015,11 +4901,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
     IndCpaPublicKeyUnpacked_af *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1568U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5031,7 +4913,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_dd0 uu____3 =
       sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0);
@@ -5040,7 +4921,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
       error_1, uu____3.fst,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -5048,11 +4929,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[4U];
-  compute_vector_u_d0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_d0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -5061,14 +4940,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
                                 &message_as_ring_element);
   uint8_t ciphertext[1568U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[4U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_2f(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
                                            (size_t)1408U, uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_00(
       uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
@@ -5707,14 +5584,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_7d(
     IndCpaPrivateKeyUnpacked_af *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U];
-  deserialize_then_decompress_u_00(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_00(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_ff(
-          Eurydice_array_to_subslice_from(
-              (size_t)1568U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)1408U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
+                                          (size_t)1408U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -5735,8 +5609,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_7d(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
-  deserialize_secret_key_d0(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_d0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[4U];
   memcpy(
@@ -6056,13 +5929,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
   uint8_t t[32U];
-  H_f1_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)2U,
-                                      (size_t)768U * (size_t)2U + (size_t)32U,
-                                      uint8_t),
+  H_f1_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
@@ -6512,10 +6381,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b0(
   memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_64(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -6575,7 +6440,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b0(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -6721,11 +6586,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -6760,8 +6621,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -6837,10 +6696,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
     IndCpaPrivateKeyUnpacked_d4 *private_key,
     IndCpaPublicKeyUnpacked_d4 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_10(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_10(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6870,8 +6726,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c0(
       sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_a0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_a0(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6896,13 +6752,11 @@ serialize_unpacked_secret_key_6d(IndCpaPublicKeyUnpacked_d4 *public_key,
                                  IndCpaPrivateKeyUnpacked_d4 *private_key) {
   uint8_t public_key_serialized[800U];
   serialize_public_key_86(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[768U];
-  serialize_secret_key_64(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_64(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[768U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7090,15 +6944,11 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f0(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_d4 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)768U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t);
   deserialize_ring_elements_reduced_a0(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)768U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7224,10 +7074,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -7458,11 +7305,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
     IndCpaPublicKeyUnpacked_d4 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[768U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -7475,7 +7318,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_400 uu____3 =
       sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0);
@@ -7484,7 +7326,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
       error_1, uu____3.fst,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -7492,11 +7334,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[2U];
-  compute_vector_u_a0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_a0(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -7505,14 +7345,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
                                 &message_as_ring_element);
   uint8_t ciphertext[768U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[2U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_6d(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_86(
       uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
@@ -7827,14 +7665,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_d1(
     IndCpaPrivateKeyUnpacked_d4 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U];
-  deserialize_then_decompress_u_86(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_86(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_64(
-          Eurydice_array_to_subslice_from(
-              (size_t)768U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)640U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
+                                          (size_t)640U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -7855,8 +7690,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_d1(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
-  deserialize_secret_key_a0(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_a0(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[2U];
   memcpy(
@@ -8164,13 +7998,9 @@ with const generics
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
-  H_f1_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly
-                                         on the types. We need to go to the
-                                         `value` directly. */
-                                      private_key->value,
-                                      (size_t)384U * (size_t)3U,
-                                      (size_t)768U * (size_t)3U + (size_t)32U,
-                                      uint8_t),
+  H_f1_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
           t);
   Eurydice_slice expected = Eurydice_array_to_subslice2(
       private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
@@ -8626,10 +8456,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b1(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -8689,7 +8515,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b1(
            i++) {
         size_t j = i;
         libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-        if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+        if (transpose) {
           A_transpose[j][i1] = sample;
         } else {
           A_transpose[i1][j] = sample;
@@ -8824,11 +8650,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -8863,8 +8685,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
@@ -8940,10 +8760,7 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
     IndCpaPrivateKeyUnpacked_a0 *private_key,
     IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for
-                           ML-KEM */
-                        key_generation_seed,
-                        hashed);
+  cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8973,8 +8790,8 @@ static KRML_MUSTINLINE void generate_keypair_unpacked_1c1(
       sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input, domain_separator)
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
-  compute_As_plus_e_1b(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt,
-                       public_key->A, private_key->secret_as_ntt, error_as_ntt);
+  compute_As_plus_e_1b(public_key->t_as_ntt, public_key->A,
+                       private_key->secret_as_ntt, error_as_ntt);
   uint8_t uu____5[32U];
   core_result_Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -8999,13 +8816,11 @@ serialize_unpacked_secret_key_43(IndCpaPublicKeyUnpacked_a0 *public_key,
                                  IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
   serialize_public_key_6c(
-      /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key->t_as_ntt,
+      public_key->t_as_ntt,
       Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
       public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  serialize_secret_key_89(
-      /* sk := Encode_12(sˆ mod^{+}q) */ private_key->secret_as_ntt,
-      secret_key_serialized);
+  serialize_secret_key_89(private_key->secret_as_ntt, secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
   memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -9193,15 +9008,11 @@ generics
 static KRML_MUSTINLINE void build_unpacked_public_key_mut_3f1(
     Eurydice_slice public_key,
     IndCpaPublicKeyUnpacked_a0 *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   deserialize_ring_elements_reduced_1b(uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key,
-                                   (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -9295,10 +9106,7 @@ with const generics
 static KRML_MUSTINLINE void invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   invert_ntt_at_layer_1_8c(&zeta_i, re);
   invert_ntt_at_layer_2_8c(&zeta_i, re);
   invert_ntt_at_layer_3_8c(&zeta_i, re);
@@ -9491,11 +9299,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
     IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U],
     Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness,
-                                            prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -9508,7 +9312,6 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_230 uu____3 =
       sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0);
@@ -9517,7 +9320,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   PRF_f1_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t),
              prf_output);
@@ -9525,11 +9328,9 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
       sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
-  compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A,
-                      r_as_ntt, error_1, u);
+  compute_vector_u_1b(public_key->A, r_as_ntt, error_1, u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       deserialize_then_decompress_message_8c(copy_of_message);
@@ -9538,14 +9339,12 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
                                 &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -9830,14 +9629,11 @@ static KRML_MUSTINLINE void decrypt_unpacked_42(
     IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext,
     uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
-  deserialize_then_decompress_u_6c(
-      /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt);
+  deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       deserialize_then_decompress_ring_element_v_89(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
@@ -9858,8 +9654,7 @@ with const generics
 static KRML_MUSTINLINE void decrypt_42(Eurydice_slice secret_key,
                                        uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-  deserialize_secret_key_1b(/* sˆ := Decode_12(sk) */ secret_key,
-                            secret_as_ntt);
+  deserialize_secret_key_1b(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 012f00992..ccb5a6654 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 16a61b7e6..393be1f15 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 23fa30cd5..3274dc64a 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "internal/libcrux_sha3_avx2.h"
@@ -77,8 +77,7 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
 }
 
 static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) {
-  __m256i c0 = mm256_set1_epi64x(
-      (int64_t) /* Casting here is required, doesn't change the value. */ c);
+  __m256i c0 = mm256_set1_epi64x((int64_t)c);
   return mm256_xor_si256(a, c0);
 }
 
@@ -1431,13 +1430,13 @@ static KRML_MUSTINLINE void store_block_5b(__m256i (*s)[5U],
         s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
         __m256i);
-    __m256i v1h = mm256_permute2x128_si256(
-        (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
-        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
-        __m256i);
+    __m256i v1h =
+        mm256_permute2x128_si256((int32_t)32,
+                                 s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+                                 s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+                                 __m256i);
     __m256i v2l = mm256_permute2x128_si256(
         (int32_t)49,
         s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
@@ -1748,16 +1747,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1,
                                    Eurydice_slice input2, Eurydice_slice input3,
                                    Eurydice_slice out0, Eurydice_slice out1,
                                    Eurydice_slice out2, Eurydice_slice out3) {
-  Eurydice_slice buf0[4U] = {
-      /* XXX: These functions could alternatively implement the same with the
-         portable implementation #[cfg(feature = "simd128")] { keccakx2::<136,
-         0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136,
-         0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136,
-         0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]);
-         keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136,
-         0x1fu8>([input3], [out3]); } */
-      input0,
-      input1, input2, input3};
+  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
   keccak_fb(buf0, buf);
 }
@@ -1972,13 +1962,13 @@ static KRML_MUSTINLINE void store_block_3a(__m256i (*s)[5U],
         s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
         __m256i);
-    __m256i v1h = mm256_permute2x128_si256(
-        (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
-        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
-         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
-        __m256i);
+    __m256i v1h =
+        mm256_permute2x128_si256((int32_t)32,
+                                 s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+                                 s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+                                  [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+                                 __m256i);
     __m256i v2l = mm256_permute2x128_si256(
         (int32_t)49,
         s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 645f80b34..eaa8d8c25 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 74eeb47a3..c68ee5802 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_sha3_internal_H
@@ -1811,7 +1811,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
@@ -2160,7 +2159,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
@@ -2509,7 +2507,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
@@ -2698,7 +2695,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
@@ -2817,7 +2813,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
@@ -3166,7 +3161,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 5e4416bcd..8c9edc379 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #include "libcrux_sha3_neon.h"
@@ -62,7 +62,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
                                                    Eurydice_slice input1,
                                                    Eurydice_slice out0,
                                                    Eurydice_slice out1) {
-  /* TODO: make argument ordering consistent */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -73,9 +72,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
 */
 KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
 libcrux_sha3_neon_x2_incremental_init(void) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let s0 = KeccakState::new(); let s1 =
-   * KeccakState::new(); [s0, s1] } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -87,10 +83,6 @@ libcrux_sha3_neon_x2_incremental_init(void) {
 KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -104,10 +96,6 @@ KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_first_three_blocks(&mut s0, out0);
-   * shake128_squeeze_first_three_blocks(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -121,10 +109,6 @@ KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_next_block(&mut s0, out0);
-   * shake128_squeeze_next_block(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -148,10 +132,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks(
 KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 6e264c84f..c51c09cc5 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: 0e587d6e842717408ea9357e00d47e372e505c80
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 7e79f022e..54242b657 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
-Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
-Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
-F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
-Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+F*: 5643e656b989aca7629723653a2570c7df6252b9
+Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index ca8a53171..b8e2354f8 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 5f693d09c..cf4a616ac 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index bb50d3eaf..f6933bc18 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -171,16 +171,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16(
       LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i v_minus_field_modulus =
-      libcrux_intrinsics_avx2_mm256_sub_epi16(/* Compute v_i - Q and crate a
-                                                 mask from the sign bit of each
-                                                 of these quantities. */
-                                              vector, field_modulus);
+      libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus);
   __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16(
       (int32_t)15, v_minus_field_modulus, __m256i);
   __m256i conditional_add_field_modulus =
-      libcrux_intrinsics_avx2_mm256_and_si256(/* If v_i - Q < 0 then add back Q
-                                                 to (v_i - Q). */
-                                              sign_mask, field_modulus);
+      libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus);
   return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus,
                                                  conditional_add_field_modulus);
 }
@@ -562,7 +557,6 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
     __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  /* Compute the first term of the product */
   __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8(
       (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6,
       (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8,
@@ -570,8 +564,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2,
       (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4,
       (int8_t)1, (int8_t)0);
-  __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      /* Prepare the left hand side */ lhs, shuffle_with);
+  __m256i lhs_shuffled =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with);
   __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
       (int32_t)216, lhs_shuffled, __m256i);
   __m128i lhs_evens =
@@ -580,8 +574,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256(
       (int32_t)1, lhs_shuffled0, __m128i);
   __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds);
-  __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      /* Prepare the right hand side */ rhs, shuffle_with);
+  __m256i rhs_shuffled =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with);
   __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
       (int32_t)216, rhs_shuffled, __m256i);
   __m128i rhs_evens =
@@ -590,8 +584,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
   __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256(
       (int32_t)1, rhs_shuffled0, __m128i);
   __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds);
-  __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(
-      /* Start operating with them */ lhs_evens0, rhs_evens0);
+  __m256i left =
+      libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0);
   __m256i right =
       libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0);
   __m256i right0 =
@@ -606,7 +600,7 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
       libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
           products_left);
   __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
-      /* Compute the second term of the product */ rhs,
+      rhs,
       libcrux_intrinsics_avx2_mm256_set_epi8(
           (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8,
           (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6,
@@ -621,10 +615,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
           products_right);
   __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)16, products_right0, __m256i);
-  return libcrux_intrinsics_avx2_mm256_blend_epi16(
-      (int32_t)170,
-      /* Combine them into one vector */ products_left0, products_right1,
-      __m256i);
+  return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0,
+                                                   products_right1, __m256i);
 }
 
 /**
@@ -642,60 +634,13 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
     __m256i vector, uint8_t ret[2U]) {
-  __m256i lsb_to_msb = libcrux_intrinsics_avx2_mm256_slli_epi16(
-      (int32_t)15,
-      /* Suppose |vector| is laid out as follows (superscript number indicates
-         the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀
-         0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least
-         significant bit in each lane, move it to the most significant position
-         to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵
-         d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵
-         n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */
-      vector, __m256i);
-  __m128i low_msbs =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* Get the first 8 16-bit
-                                                       elements ... */
-                                                    lsb_to_msb);
+  __m256i lsb_to_msb =
+      libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i);
+  __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb);
   __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i);
-  __m128i msbs =
-      libcrux_intrinsics_avx2_mm_packs_epi16(/* ... and then pack them into
-                                                8-bit values using signed
-                                                saturation. This function packs
-                                                all the |low_msbs|, and then the
-                                                high ones. low_msbs = a₀0¹⁵
-                                                b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵
-                                                g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵
-                                                j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵
-                                                o₀0¹⁵ p₀0¹⁵ We shifted by 15
-                                                above to take advantage of the
-                                                signed saturation performed by
-                                                mm_packs_epi16: - if the sign
-                                                bit of the 16-bit element being
-                                                packed is 1, the corresponding
-                                                8-bit element in |msbs| will be
-                                                0xFF. - if the sign bit of the
-                                                16-bit element being packed is
-                                                0, the corresponding 8-bit
-                                                element in |msbs| will be 0.
-                                                Thus, if, for example, a₀ = 1,
-                                                e₀ = 1, and p₀ = 1, and every
-                                                other bit is 0, after packing
-                                                into 8 bit value, |msbs| will
-                                                look like: 0xFF 0x00 0x00 0x00 |
-                                                0xFF 0x00 0x00 0x00 | 0x00 0x00
-                                                0x00 0x00 | 0x00 0x00 0x00 0xFF
-                                              */
-                                             low_msbs, high_msbs);
-  int32_t bits_packed =
-      libcrux_intrinsics_avx2_mm_movemask_epi8(/* Now that every element is
-                                                  either 0xFF or 0x00, we just
-                                                  extract the most significant
-                                                  bit from each element and
-                                                  collate them into two bytes.
-                                                */
-                                               msbs);
+      (int32_t)1, lsb_to_msb, __m128i);
+  __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs);
+  int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs);
   uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)};
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
@@ -714,63 +659,18 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b) {
-  __m256i coefficients =
-      libcrux_intrinsics_avx2_mm256_set_epi16(/* We need to take each bit from
-                                                 the 2 bytes of input and put
-                                                 them into their own 16-bit
-                                                 lane. Ideally, we'd load the
-                                                 two bytes into the vector,
-                                                 duplicate them, and right-shift
-                                                 the 0th element by 0 bits, the
-                                                 first element by 1 bit, the
-                                                 second by 2 bits and so on
-                                                 before AND-ing with 0x1 to
-                                                 leave only the least
-                                                 signifinicant bit. But since
-                                                 |_mm256_srlv_epi16| does not
-                                                 exist, so we have to resort to
-                                                 a workaround. Rather than
-                                                 shifting each element by a
-                                                 different amount, we'll
-                                                 multiply each element by a
-                                                 value such that the bit we're
-                                                 interested in becomes the most
-                                                 significant bit. The
-                                                 coefficients are loaded as
-                                                 follows: */
-                                              b, b, b, b, b, b, b, b, a, a, a,
-                                              a, a, a, a, a);
-  __m256i coefficients_in_msb =
-      libcrux_intrinsics_avx2_mm256_mullo_epi16(/* And this vector, when
-                                                   multiplied with the previous
-                                                   one, ensures that the bit
-                                                   we'd like to keep in each
-                                                   lane becomes the most
-                                                   significant bit upon
-                                                   multiplication. */
-                                                coefficients,
-                                                libcrux_intrinsics_avx2_mm256_set_epi16(
-                                                    (int16_t)1 << 8U,
-                                                    (int16_t)1 << 9U,
-                                                    (int16_t)1 << 10U,
-                                                    (int16_t)1 << 11U,
-                                                    (int16_t)1 << 12U,
-                                                    (int16_t)1 << 13U,
-                                                    (int16_t)1 << 14U,
-                                                    (int16_t)-32768,
-                                                    (int16_t)1 << 8U,
-                                                    (int16_t)1 << 9U,
-                                                    (int16_t)1 << 10U,
-                                                    (int16_t)1 << 11U,
-                                                    (int16_t)1 << 12U,
-                                                    (int16_t)1 << 13U,
-                                                    (int16_t)1 << 14U,
-                                                    (int16_t)-32768));
-  return libcrux_intrinsics_avx2_mm256_srli_epi16(
-      (int32_t)15,
-      /* Now that they're all in the most significant bit position, shift them
-         down to the least significant bit. */
-      coefficients_in_msb, __m256i);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(
+      b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a);
+  __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi16(
+                        (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U,
+                        (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U,
+                        (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U,
+                        (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U,
+                        (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U,
+                        (int16_t)-32768));
+  return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15,
+                                                  coefficients_in_msb, __m256i);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -785,23 +685,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* We need to take each bit from the 2 bytes of input and put them
-             into their own 16-bit lane. Ideally, we'd load the two bytes into
-             the vector, duplicate them, and right-shift the 0th element by 0
-             bits, the first element by 1 bit, the second by 2 bits and so on
-             before AND-ing with 0x1 to leave only the least signifinicant bit.
-             But since |_mm256_srlv_epi16| does not exist, so we have to resort
-             to a workaround. Rather than shifting each element by a different
-             amount, we'll multiply each element by a value such that the bit
-             we're interested in becomes the most significant bit. The
-             coefficients are loaded as follows: And this vector, when
-             multiplied with the previous one, ensures that the bit we'd like to
-             keep in each lane becomes the most significant bit upon
-             multiplication. Now that they're all in the most significant bit
-             position, shift them down to the least significant bit. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
@@ -837,70 +721,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
     __m256i vector, uint8_t ret[8U]) {
   uint8_t serialized[16U] = {0U};
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          4U,
-          /* If |vector| is laid out as follows: 0x000A 0x000B 0x000C 0x000D |
-             0x000E 0x000F 0x000G 0x000H | .... |adjacent_2_combined| will be
-             laid out as a series of 32-bit integeres, as follows: 0x00_00_00_BA
-             0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */
-          vector);
-  __m256i adjacent_8_combined =
-      libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* Recall that
-                                                    |adjacent_2_combined| goes
-                                                    as follows: 0x00_00_00_BA
-                                                    0x00_00_00_DC |
-                                                    0x00_00_00_FE 0x00_00_00_HG
-                                                    | ... Out of this, we only
-                                                    need the first byte, the 4th
-                                                    byte, the 8th byte and so on
-                                                    from the bottom and the top
-                                                    128 bits. */
-                                                 adjacent_2_combined,
-                                                 libcrux_intrinsics_avx2_mm256_set_epi8(
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)8,
-                                                     (int8_t)4, (int8_t)0,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)8,
-                                                     (int8_t)4, (int8_t)0));
-  __m256i combined =
-      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(/* |adjacent_8_combined|
-                                                            looks like this: 0:
-                                                            0xHG_FE_DC_BA 1:
-                                                            0x00_00_00_00 | 2:
-                                                            0x00_00_00_00 3:
-                                                            0x00_00_00_00 | 4:
-                                                            0xPO_NM_LK_JI ....
-                                                            We put the element
-                                                            at 4 after the
-                                                            element at 0 ... */
-                                                         adjacent_8_combined,
-                                                         libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)0,
-                                                             (int32_t)4,
-                                                             (int32_t)0));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector);
+  __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      adjacent_2_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0));
+  __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+      adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32(
+                               (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
+                               (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0));
   __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
-      Eurydice_array_to_slice(
-          (size_t)16U,
-          /* ... so that we can read them out in one go. */ serialized,
-          uint8_t),
-      combined0);
+      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0);
   uint8_t ret0[8U];
   Result_15 dst;
   Eurydice_slice_to_array2(
@@ -926,33 +763,8 @@ static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
     int16_t b6, int16_t b7) {
-  __m256i coefficients =
-      libcrux_intrinsics_avx2_mm256_set_epi16(/* Every 4 bits from each byte of
-                                                 input should be put into its
-                                                 own 16-bit lane. Since
-                                                 |_mm256_srlv_epi16| does not
-                                                 exist, we have to resort to a
-                                                 workaround. Rather than
-                                                 shifting each element by a
-                                                 different amount, we'll
-                                                 multiply each element by a
-                                                 value such that the bits we're
-                                                 interested in become the most
-                                                 significant bits (of an 8-bit
-                                                 value). In this lane, the 4
-                                                 bits we need to put are already
-                                                 the most significant bits of
-                                                 |bytes[7]| (that is, b7). */
-                                              b7,
-                                              /* In this lane, the 4 bits we
-                                                 need to put are the least
-                                                 significant bits, so we need to
-                                                 shift the 4 least-significant
-                                                 bits of |b7| to the most
-                                                 significant bits (of an 8-bit
-                                                 value). */
-                                              b7, b6, b6, b5, b5, b4, b4, b3,
-                                              b3, b2, b2, b1, b1, b0, b0);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16(
+      b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0);
   __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(
       coefficients, libcrux_intrinsics_avx2_mm256_set_epi16(
                         (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
@@ -962,14 +774,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
                         (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U,
                         (int16_t)1 << 4U));
   __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16(
-      (int32_t)4,
-      /* Once the 4-bit coefficients are in the most significant positions (of
-         an 8-bit value), shift them all down by 4. */
-      coefficients_in_msb, __m256i);
+      (int32_t)4, coefficients_in_msb, __m256i);
   return libcrux_intrinsics_avx2_mm256_and_si256(
-      /* Zero the remaining bits. */ coefficients_in_lsb,
-      libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) -
-                                               (int16_t)1));
+      coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16(
+                               ((int16_t)1 << 4U) - (int16_t)1));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -986,23 +794,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
-      Eurydice_slice_index(
-          bytes,
-          /* Every 4 bits from each byte of input should be put into its own
-             16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to
-             resort to a workaround. Rather than shifting each element by a
-             different amount, we'll multiply each element by a value such that
-             the bits we're interested in become the most significant bits (of
-             an 8-bit value). In this lane, the 4 bits we need to put are
-             already the most significant bits of |bytes[7]| (that is, b7). In
-             this lane, the 4 bits we need to put are the least significant
-             bits, so we need to shift the 4 least-significant bits of |b7| to
-             the most significant bits (of an 8-bit value). These constants are
-             chosen to shift the bits of the values that we loaded into
-             |coefficients|. Once the 4-bit coefficients are in the most
-             significant positions (of an 8-bit value), shift them all down
-             by 4. Zero the remaining bits. */
-          (size_t)0U, uint8_t, uint8_t *),
+      Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
       Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
@@ -1026,106 +818,35 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
     __m256i vector, uint8_t ret[10U]) {
   uint8_t serialized[32U] = {0U};
-  __m256i adjacent_2_combined =
-      libcrux_intrinsics_avx2_mm256_madd_epi16(/* If |vector| is laid out as
-                                                  follows (superscript number
-                                                  indicates the corresponding
-                                                  bit is duplicated that many
-                                                  times): 0¹¹a₄a₃a₂a₁a₀
-                                                  0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀
-                                                  0¹¹d₄d₃d₂d₁d₀ | ↩
-                                                  0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀
-                                                  0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ |
-                                                  ↩ |adjacent_2_combined| will
-                                                  be laid out as a series of
-                                                  32-bit integers, as follows:
-                                                  0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
-                                                  0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                                                  .... */
-                                               vector,
-                                               libcrux_intrinsics_avx2_mm256_set_epi16(
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U, (int16_t)1,
-                                                   (int16_t)1 << 5U,
-                                                   (int16_t)1));
-  __m256i adjacent_4_combined =
-      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Recall that
-                                                  |adjacent_2_combined| is laid
-                                                  out as follows:
-                                                  0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
-                                                  0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                                                  .... This shift results in:
-                                                  b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²²
-                                                  0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩
-                                                  f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²²
-                                                  0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩
-                                                  .... */
-                                               adjacent_2_combined,
-                                               libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                   (int32_t)0, (int32_t)22,
-                                                   (int32_t)0, (int32_t)22,
-                                                   (int32_t)0, (int32_t)22,
-                                                   (int32_t)0, (int32_t)22));
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16(
+      vector, libcrux_intrinsics_avx2_mm256_set_epi16(
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1,
+                  (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1));
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_2_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0,
+          (int32_t)22, (int32_t)0, (int32_t)22));
   __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
-      (int32_t)22,
-      /* |adjacent_4_combined|, when viewed as 64-bit lanes, is:
-         0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩
-         0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift
-         down by 22 bits to remove the least significant 0 bits that aren't part
-         of the bits we need. */
-      adjacent_4_combined, __m256i);
+      (int32_t)22, adjacent_4_combined, __m256i);
   __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
-      (int32_t)8,
-      /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks
-         like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³²
-         2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to
-         read out the bytes in one go, we need to shifts the bits in position 2
-         to position 1 in each 128-bit lane. */
-      adjacent_4_combined0, __m256i);
-  __m256i adjacent_8_combined0 =
-      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* |adjacent_8_combined|, when
-                                                  viewed as a set of 32-bit
-                                                  values, now looks like:
-                                                  0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀
-                                                  0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀
-                                                  0³² 0³² | ↩ Once again, we
-                                                  line these bits up by shifting
-                                                  the up values at indices 0 and
-                                                  5 by 12, viewing the resulting
-                                                  register as a set of 64-bit
-                                                  values, and then shifting down
-                                                  the 64-bit values by 12 bits.
-                                                */
-                                               adjacent_8_combined,
-                                               libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                   (int32_t)0, (int32_t)0,
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)0,
-                                                   (int32_t)0, (int32_t)12));
+      (int32_t)8, adjacent_4_combined0, __m256i);
+  __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_8_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0,
+          (int32_t)0, (int32_t)0, (int32_t)12));
   __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64(
       (int32_t)12, adjacent_8_combined0, __m256i);
   __m128i lower_8 =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 40 bits
-                                                       starting at position 0 in
-                                                       the lower 128-bit lane,
-                                                       ... */
-                                                    adjacent_8_combined1);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
       lower_8);
   __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ... and the second 40 bits at position 0 in the upper 128-bit lane */
-      adjacent_8_combined1, __m128i);
+      (int32_t)1, adjacent_8_combined1, __m128i);
   libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
       Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
       upper_8);
@@ -1231,87 +952,27 @@ static inline core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
     __m256i vector) {
   __m256i adjacent_2_combined =
-      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(
-          10U,
-          /* If |vector| is laid out as follows (superscript number indicates
-             the corresponding bit is duplicated that many times):
-             0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-             0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩
-             0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-             0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ...
-             |adjacent_2_combined| will be laid out as a series of 32-bit
-             integers, as follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-             0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩
-             0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-             0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... */
-          vector);
-  __m256i adjacent_4_combined =
-      libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Shifting up the values at the
-                                                  even indices by 12, we get:
-                                                  b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                  0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                  | ↩
-                                                  f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                  0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                  | ↩ ... */
-                                               adjacent_2_combined,
-                                               libcrux_intrinsics_avx2_mm256_set_epi32(
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)12,
-                                                   (int32_t)0, (int32_t)12));
+      libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector);
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_2_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0,
+          (int32_t)12, (int32_t)0, (int32_t)12));
   __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
-      (int32_t)12,
-      /* Viewing this as a set of 64-bit integers we get:
-         0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-         | ↩
-         0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-         | ↩ ... Shifting down by 12 gives us:
-         0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-         | ↩
-         0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-         | ↩ ... */
-      adjacent_4_combined, __m256i);
-  __m256i adjacent_8_combined =
-      libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* |adjacent_4_combined|, when
-                                                    the bottom and top 128
-                                                    bit-lanes are grouped into
-                                                    bytes, looks like:
-                                                    0₇0₆0₅B₄B₃B₂B₁B₀ | ↩
-                                                    0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩
-                                                    In each 128-bit lane, we
-                                                    want to put bytes 8, 9, 10,
-                                                    11, 12 after bytes 0, 1, 2,
-                                                    3 to allow for sequential
-                                                    reading. */
-                                                 adjacent_4_combined0,
-                                                 libcrux_intrinsics_avx2_mm256_set_epi8(
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)11,
-                                                     (int8_t)10, (int8_t)9,
-                                                     (int8_t)8, (int8_t)4,
-                                                     (int8_t)3, (int8_t)2,
-                                                     (int8_t)1, (int8_t)0,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)-1, (int8_t)-1,
-                                                     (int8_t)12, (int8_t)11,
-                                                     (int8_t)10, (int8_t)9,
-                                                     (int8_t)8, (int8_t)4,
-                                                     (int8_t)3, (int8_t)2,
-                                                     (int8_t)1, (int8_t)0));
+      (int32_t)12, adjacent_4_combined, __m256i);
+  __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      adjacent_4_combined0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8,
+          (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
+          (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
   __m128i lower_8 =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 64 bits
-                                                       starting at position 0 in
-                                                       the lower 128-bit lane,
-                                                       ... */
-                                                    adjacent_8_combined);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined);
   __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* and 64 bits starting at position 0 in the upper 128-bit lane. */
-      adjacent_8_combined, __m128i);
+      (int32_t)1, adjacent_8_combined, __m128i);
   return (
       CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8});
 }
@@ -1320,167 +981,8 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
     __m256i vector, uint8_t ret[20U]) {
   core_core_arch_x86___m128i_x2 uu____0 =
-      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(/* If
-                                                                            |vector|
-                                                                            is
-                                                                            laid
-                                                                            out
-                                                                            as
-                                                                            follows
-                                                                            (superscript
-                                                                            number
-                                                                            indicates
-                                                                            the
-                                                                            corresponding
-                                                                            bit
-                                                                            is
-                                                                            duplicated
-                                                                            that
-                                                                            many
-                                                                            times):
-                                                                            0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀
-                                                                            0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀
-                                                                            | ↩
-                                                                            0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀
-                                                                            0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_2_combined|
-                                                                            will
-                                                                            be
-                                                                            laid
-                                                                            out
-                                                                            as a
-                                                                            series
-                                                                            of
-                                                                            32-bit
-                                                                            integers,
-                                                                            as
-                                                                            follows:
-                                                                            0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ....
-                                                                            Shifting
-                                                                            up
-                                                                            the
-                                                                            values
-                                                                            at
-                                                                            the
-                                                                            even
-                                                                            indices
-                                                                            by
-                                                                            12,
-                                                                            we
-                                                                            get:
-                                                                            b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀
-                                                                            | ↩
-                                                                            f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀
-                                                                            | ↩
-                                                                            ...
-                                                                            Viewing
-                                                                            this
-                                                                            as a
-                                                                            set
-                                                                            of
-                                                                            64-bit
-                                                                            integers
-                                                                            we
-                                                                            get:
-                                                                            0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹²
-                                                                            | ↩
-                                                                            0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹²
-                                                                            | ↩
-                                                                            ...
-                                                                            Shifting
-                                                                            down
-                                                                            by
-                                                                            12
-                                                                            gives
-                                                                            us:
-                                                                            0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀
-                                                                            | ↩
-                                                                            0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀
-                                                                            | ↩
-                                                                            ...
-                                                                            |adjacent_4_combined|,
-                                                                            when
-                                                                            the
-                                                                            bottom
-                                                                            and
-                                                                            top
-                                                                            128
-                                                                            bit-lanes
-                                                                            are
-                                                                            grouped
-                                                                            into
-                                                                            bytes,
-                                                                            looks
-                                                                            like:
-                                                                            0₇0₆0₅B₄B₃B₂B₁B₀
-                                                                            | ↩
-                                                                            0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈
-                                                                            | ↩
-                                                                            In
-                                                                            each
-                                                                            128-bit
-                                                                            lane,
-                                                                            we
-                                                                            want
-                                                                            to
-                                                                            put
-                                                                            bytes
-                                                                            8,
-                                                                            9,
-                                                                            10,
-                                                                            11,
-                                                                            12
-                                                                            after
-                                                                            bytes
-                                                                            0,
-                                                                            1,
-                                                                            2, 3
-                                                                            to
-                                                                            allow
-                                                                            for
-                                                                            sequential
-                                                                            reading.
-                                                                            We
-                                                                            now
-                                                                            have
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            lower
-                                                                            128-bit
-                                                                            lane,
-                                                                            ...
-                                                                            and
-                                                                            64
-                                                                            bits
-                                                                            starting
-                                                                            at
-                                                                            position
-                                                                            0 in
-                                                                            the
-                                                                            upper
-                                                                            128-bit
-                                                                            lane.
-                                                                          */
-                                                                         vector);
+      libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
+          vector);
   __m128i lower_8 = uu____0.fst;
   __m128i upper_8 = uu____0.snd;
   uint8_t serialized[32U] = {0U};
@@ -1536,20 +1038,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
                         (int16_t)1 << 6U));
   __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16(
       (int32_t)6, coefficients0, __m256i);
-  return libcrux_intrinsics_avx2_mm256_and_si256(/* Here I can prove this `and`
-                                                    is not useful */
-                                                 coefficients1,
-                                                 libcrux_intrinsics_avx2_mm256_set1_epi16(
-                                                     ((int16_t)1 << 10U) -
-                                                     (int16_t)1));
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16(
+                         ((int16_t)1 << 10U) - (int16_t)1));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
-  Eurydice_slice lower_coefficients = Eurydice_slice_subslice2(
-      /* Here I can prove this `and` is not useful */ bytes, (size_t)0U,
-      (size_t)16U, uint8_t);
+  Eurydice_slice lower_coefficients =
+      Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t);
   Eurydice_slice upper_coefficients =
       Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t);
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -1735,70 +1233,28 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input,
   __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16(
       LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
   __m256i potential_coefficients =
-      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can
-                                                             be interpreted as a
-                                                             sequence of
-                                                             serialized 12-bit
-                                                             (i.e. uncompressed)
-                                                             coefficients. Not
-                                                             all coefficients
-                                                             may be less than
-                                                             FIELD_MODULUS
-                                                             though. */
-                                                          input);
+      libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input);
   __m256i compare_with_field_modulus =
-      libcrux_intrinsics_avx2_mm256_cmpgt_epi16(/* Suppose we view
-                                                   |potential_coefficients| as
-                                                   follows (grouping 64-bit
-                                                   elements): A B C D | E F G H
-                                                   | .... and A < 3329, D < 3329
-                                                   and H < 3329,
-                                                   |compare_with_field_modulus|
-                                                   will look like: 0xFF 0 0 0xFF
-                                                   | 0 0 0 0xFF | ... */
-                                                field_modulus,
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus,
                                                 potential_coefficients);
   uint8_t good[2U];
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each
-                                                      lane is either 0 or 1, we
-                                                      only need one bit from
-                                                      each lane in the register
-                                                      to tell us what
-                                                      coefficients to keep and
-                                                      what to throw-away.
-                                                      Combine all the bits
-                                                      (there are 16) into two
-                                                      bytes. */
-                                                   compare_with_field_modulus,
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus,
                                                    good);
   uint8_t lower_shuffles[16U];
   memcpy(lower_shuffles,
-         /* Each bit (and its corresponding position) represents an element we
-            want to sample. We'd like all such elements to be next to each other
-            starting at index 0, so that they can be read from the vector
-            easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level
-            shuffling indices needed to make this happen. For e.g. if good[0] =
-            0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit
-            lane to the first. To do this, we need the byte-level shuffle
-            indices to be 2 3 X X X X ... */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[0U]],
          (size_t)16U * sizeof(uint8_t));
-  __m128i lower_shuffles0 =
-      libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice(
-          (size_t)16U,
-          /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles,
-          uint8_t));
+  __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
   __m128i lower_coefficients =
       libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients);
   __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
       lower_coefficients, lower_shuffles0);
-  libcrux_intrinsics_avx2_mm_storeu_si128(
-      /* ... then write them out ... */ output, lower_coefficients0);
+  libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0);
   size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]);
   uint8_t upper_shuffles[16U];
   memcpy(upper_shuffles,
-         /* Do the same for |goood[1]| */
          libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[(
              size_t)good[1U]],
          (size_t)16U * sizeof(uint8_t));
@@ -1979,9 +1435,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)10);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -1991,15 +1445,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)10, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2009,29 +1459,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)10,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)10, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2097,9 +1531,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)11);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2109,15 +1541,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)11, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2127,29 +1555,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)11,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)11, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2253,13 +1665,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2354,11 +1760,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     self->coefficients[i0] =
         libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
@@ -2455,9 +1857,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)4);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2467,15 +1867,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)4, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2485,29 +1881,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)4,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)4, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2568,9 +1948,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32(
       (int32_t)1 << (uint32_t)(int32_t)5);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2580,15 +1958,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_low0, two_pow_coefficient_bits);
   __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_low1, __m256i);
+      (int32_t)5, decompressed_low1, __m256i);
   __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_low2, __m256i);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- */ vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32(
@@ -2598,29 +1972,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
   __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32(
       decompressed_high0, two_pow_coefficient_bits);
   __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)5,
-      /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of
-         support for const generic expressions. */
-      decompressed_high1, __m256i);
+      (int32_t)5, decompressed_high1, __m256i);
   __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32(
       (int32_t)1, decompressed_high2, __m256i);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                decompressed_low3,
-                                                decompressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      decompressed_low3, decompressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -2730,14 +2088,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
-       i <
-       Eurydice_slice_len(Eurydice_array_to_slice(
-                              (size_t)16U,
-                              /* The semicolon and parentheses at the end of
-                                 loop are a workaround for the following bug
-                                 https://github.com/hacspec/hax/issues/720 */
-                              self->coefficients, __m256i),
-                          __m256i);
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)16U, self->coefficients, __m256i),
+                              __m256i);
        i++) {
     size_t i0 = i;
     self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
@@ -2840,13 +2193,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -2878,10 +2225,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U);
@@ -3076,16 +2420,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(/* u :=
-                                                             Decompress_q(Decode_{d_u}(c),
-                                                             d_u) */
-                                                          ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       libcrux_ml_kem_matrix_compute_message_ab(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
@@ -3108,8 +2447,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_2f(
     Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
-      /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U];
   memcpy(
@@ -3658,10 +2996,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -3728,7 +3062,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_6c(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+      if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -3750,15 +3084,12 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_fa(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
         *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4028,12 +3359,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
         re->coefficients[j + step], (int16_t)-1600);
@@ -4054,10 +3380,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_61(/* Due to the small coefficient bound, we
-                                          can skip the first round of Montgomery
-                                          reductions. */
-                                       re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_61(re);
   size_t zeta_i = (size_t)1U;
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
@@ -4268,11 +3591,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
@@ -4395,26 +3714,8 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients
-            [/* FIXME: Eurydice crashes with: Warning 11: in top-level
-                declaration
-                libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                this expression is not Low*; the enclosing function cannot be
-                translated into C*: let mutable ret(Mark.Present,(Mark.AtMost
-                2), ): int16_t[16size_t] = $any in
-                libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                ((@9:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                &(((@8:
-                libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                @0; @0 Warning 11 is fatal, exiting. On the following code:
-                ```rust result.coefficients[i] =
-                Vector::barrett_reduce(Vector::add( coefficient_normal_form,
-                &Vector::add(self.coefficients[i], &message.coefficients[i]),
-                )); ``` */
-             i0],
-        &message->coefficients[i0]);
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
+                                                    &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
@@ -4472,23 +3773,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)10, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4497,17 +3784,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4521,23 +3802,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -4601,23 +3869,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)11, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4626,17 +3880,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4650,23 +3898,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -4782,23 +4017,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)4, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4807,17 +4028,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4831,23 +4046,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -4878,11 +4080,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_d1(
         libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
@@ -4914,23 +4112,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
   __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32(
       ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1);
   __m128i coefficients_low =
-      libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8
-                                                       coefficients ---- Take
-                                                       the bottom 128 bits, i.e.
-                                                       the first 8 16-bit
-                                                       coefficients */
-                                                    vector);
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(vector);
   __m256i coefficients_low0 =
-      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15]
-                                                      = A
-                                                      coefficients_low[16:31] =
-                                                      B coefficients_low[32:63]
-                                                      = C and so on ... after
-                                                      this step:
-                                                      coefficients_low[0:31] = A
-                                                      coefficients_low[32:63] =
-                                                      B and so on ... */
-                                                   coefficients_low);
+      libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low);
   __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32(
       (int32_t)5, coefficients_low0, __m256i);
   __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32(
@@ -4939,17 +4123,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0,
                                                             compression_factor);
   __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32(
-      (int32_t)3,
-      /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we
-         just need to shift right by 35 - 32 = 3 more. */
-      compressed_low1, __m256i);
+      (int32_t)3, compressed_low1, __m256i);
   __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_low2, coefficient_bits_mask);
   __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256(
-      (int32_t)1,
-      /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits,
-         i.e. the next 8 16-bit coefficients */
-      vector, __m128i);
+      (int32_t)1, vector, __m128i);
   __m256i coefficients_high0 =
       libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high);
   __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32(
@@ -4963,23 +4141,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
       (int32_t)3, compressed_high1, __m256i);
   __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256(
       compressed_high2, coefficient_bits_mask);
-  __m256i compressed =
-      libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping
-                                                   each set of 64-bits, this
-                                                   function results in: 0: low
-                                                   low low low | 1: high high
-                                                   high high | 2: low low low
-                                                   low | 3: high high high high
-                                                   where each |low| and |high|
-                                                   is a 16-bit element */
-                                                compressed_low3,
-                                                compressed_high3);
-  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64(
-      (int32_t)216,
-      /* To be in the right order, we need to move the |low|s above in position
-         2 to position 1 and the |high|s in position 1 to position 2, and leave
-         the rest unchanged. */
-      compressed, __m256i);
+  __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32(
+      compressed_low3, compressed_high3);
+  return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216,
+                                                         compressed, __m256i);
 }
 
 /**
@@ -5010,11 +4175,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_f4(
         libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
@@ -5106,10 +4267,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5122,7 +4280,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_230 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(
       copy_of_prf_input, domain_separator0);
@@ -5131,7 +4288,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   libcrux_ml_kem_hash_functions_avx2_PRF_a9_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
@@ -5139,12 +4296,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */
-                                            public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_ab(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
       libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
@@ -5154,14 +4309,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v;
   libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -5654,18 +4807,11 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_traits_to_standard_domain_61(
-            self->coefficients[/* The coefficients are of the form aR^{-1} mod
-                                  q, which means calling to_montgomery_domain()
-                                  on them should return a mod q. */
-                               j]);
+            self->coefficients[j]);
     self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
@@ -5696,8 +4842,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
         libcrux_ml_kem_polynomial_ZERO_ef_61();
     t_as_ntt[i0] = uu____0;
@@ -5778,9 +4922,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5813,8 +4955,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_matrix_compute_As_plus_e_ab(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -5950,18 +5092,12 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key) {
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ
-                                                    mod^{+}q) || ρ) */
-                                                 public_key->t_as_ntt,
-                                                 Eurydice_array_to_slice(
-                                                     (size_t)32U,
-                                                     public_key->seed_for_A,
-                                                     uint8_t),
-                                                 public_key_serialized);
+  libcrux_ml_kem_ind_cpa_serialize_public_key_ed(
+      public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
+      public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q)
-                                                  */
-                                                 private_key->secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6633,9 +5769,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_be(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6668,8 +5802,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   libcrux_ml_kem_matrix_compute_As_plus_e_ab(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6834,10 +5968,7 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
-      Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
-                                     the types. We need to go to the `value`
-                                     directly. */
-                                  private_key->value, (size_t)384U * (size_t)3U,
+      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
       t);
@@ -7797,10 +6928,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b3(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -7868,7 +6995,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b3(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j];
-      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+      if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -7891,15 +7018,12 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
         *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -7934,10 +7058,7 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(
   Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
   Eurydice_slice implicit_rejection_value = uu____0.f3;
   Eurydice_slice uu____1 = Eurydice_array_to_slice(
-      (size_t)3U,
-      /* XXX: We need to copy_from_slice here because karamel can't handle the
-         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
-      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U];
   libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, ret);
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 7a9446452..8f0de6a3e 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -1235,28 +1235,11 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
 static inline uint8_t
 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
     uint16_t fe) {
-  int16_t shifted =
-      (int16_t)1664 -
-      (int16_t) /* The approach used here is inspired by:
-                   https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150
-                   If 833 <= fe <= 2496, then -832 <= shifted <= 831 */
-      fe;
-  int16_t mask =
-      /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) =
-         -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive
-         <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so
-         if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */
-      shifted
-
-      >> 15U;
+  int16_t shifted = (int16_t)1664 - (int16_t)fe;
+  int16_t mask = shifted >> 15U;
   int16_t shifted_to_positive = mask ^ shifted;
   int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
-  int16_t r0 =
-      /* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means the
-         most significant bit of shifted_positive_in_range will be 1. */
-      shifted_positive_in_range
-
-      >> 15U;
+  int16_t r0 = shifted_positive_in_range >> 15U;
   int16_t r1 = r0 & (int16_t)1;
   return (uint8_t)r1;
 }
@@ -1293,16 +1276,7 @@ libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
 static inline int16_t
 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
     uint8_t coefficient_bits, uint16_t fe) {
-  uint64_t compressed =
-      (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits
-                    == 5 || coefficient_bits == 10 || coefficient_bits == 11 );
-                    hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to
-                    be constant time due to:
-                    https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ
-                  */
-      fe
-
-      << (uint32_t)coefficient_bits;
+  uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
   compressed = compressed + 1664ULL;
   compressed = compressed * 10321340ULL;
   compressed = compressed >> 35U;
@@ -2904,13 +2878,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3006,11 +2974,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -3285,11 +3249,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U,
-                   /* The semicolon and parentheses at the end of loop are a
-                      workaround for the following bug
-                      https://github.com/hacspec/hax/issues/720 */
-                   self->coefficients,
+                   (size_t)16U, self->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
@@ -3396,13 +3356,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
-  for (size_t i0 = (size_t)0U;
-       i0 < (size_t)128U >>
-       (uint32_t) /* The semicolon and parentheses at the end of loop are a
-                     workaround for the following bug
-                     https://github.com/hacspec/hax/issues/720 */
-       layer;
-       i0++) {
+  for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
     size_t round = i0;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     size_t offset = round * step * (size_t)2U;
@@ -3433,10 +3387,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
-      /* We only ever call this function after matrix/vector multiplication */
-      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT
-
-      / (size_t)2U;
+      LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U);
@@ -3640,16 +3591,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
     uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(/* u :=
-                                                             Decompress_q(Decode_{d_u}(c),
-                                                             d_u) */
-                                                          ciphertext, u_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
-          Eurydice_array_to_subslice_from(
-              (size_t)1088U,
-              /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */
-              ciphertext, (size_t)960U, uint8_t, size_t));
+          Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
+                                          (size_t)960U, uint8_t, size_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
@@ -3671,8 +3617,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42(
     Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
-  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
-      /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt);
+  libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(secret_key, secret_as_ntt);
   /* Passing arrays by value in Rust generates a copy in C */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U];
   memcpy(
@@ -4207,10 +4152,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b(
   memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
   bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
       copy_of_randomness0, sampled_coefficients, out);
-  /* Requiring more than 5 blocks to sample a ring element should be very
-   * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid
-   * failing here, we squeeze more blocks out of the state until we have enough.
-   */
   while (true) {
     if (done) {
       break;
@@ -4277,7 +4218,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b(
          i++) {
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
-      if (/* A[i][j] = A_transpose[j][i] */ transpose) {
+      if (transpose) {
         A_transpose[j][i1] = sample;
       } else {
         A_transpose[i1][j] = sample;
@@ -4299,15 +4240,12 @@ libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
     Eurydice_slice public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
         *unpacked_public_key) {
-  Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
-      /* tˆ := Decode_12(pk) */ public_key, (size_t)1152U, uint8_t, size_t);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       uu____0, unpacked_public_key->t_as_ntt);
   Eurydice_slice seed =
-      Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1
-                                      do for j from 0 to k − 1 do AˆT[i][j] :=
-                                      Parse(XOF(ρ, i, j)) end for end for */
-                                   public_key, (size_t)1152U, uint8_t, size_t);
+      Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
       unpacked_public_key->A;
   uint8_t ret[34U];
@@ -4555,12 +4493,7 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
-  for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       step;
-       i++) {
+  for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
         libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
@@ -4582,10 +4515,7 @@ with const generics
 static KRML_MUSTINLINE void
 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(/* Due to the small coefficient bound, we
-                                          can skip the first round of Montgomery
-                                          reductions. */
-                                       re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(re);
   size_t zeta_i = (size_t)1U;
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
@@ -4792,11 +4722,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
@@ -4928,28 +4854,8 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(
-            self->coefficients
-                [/* FIXME: Eurydice crashes with: Warning 11: in
-                    top-level declaration
-                    libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector:
-                    this expression is not Low*; the enclosing
-                    function cannot be translated into C*: let
-                    mutable ret(Mark.Present,(Mark.AtMost 2), ):
-                    int16_t[16size_t] = $any in
-                    libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add
-                    ((@9:
-                    libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4]
-                    &(((@8:
-                    libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4])
-                    @0; @0 Warning 11 is fatal, exiting. On the
-                    following code: ```rust result.coefficients[i]
-                    = Vector::barrett_reduce(Vector::add(
-                    coefficient_normal_form,
-                    &Vector::add(self.coefficients[i],
-                    &message.coefficients[i]), )); ``` */
-                 i0],
-            &message->coefficients[i0]);
+        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+                                              &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
@@ -5206,11 +5112,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
         libcrux_ml_kem_vector_portable_compress_0d_d1(
@@ -5270,11 +5172,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
         libcrux_ml_kem_vector_portable_compress_0d_f4(
@@ -5366,10 +5264,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
   uint8_t prf_input[33U];
-  libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] :=
-                                               CBD{η1}(PRF(r, N)) N := N + 1 end
-                                               for rˆ := NTT(r) */
-                                            randomness, prf_input);
+  libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input0[33U];
   memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5382,7 +5277,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
   uint8_t domain_separator0 = uu____1.snd;
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
-  /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
   tuple_23 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(
       copy_of_prf_input, domain_separator0);
@@ -5391,7 +5285,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       error_1, uu____3.fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   uint8_t domain_separator = uu____3.snd;
-  prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator;
+  prf_input[32U] = domain_separator;
   uint8_t prf_output[128U];
   libcrux_ml_kem_hash_functions_portable_PRF_f1_410(
       Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
@@ -5399,12 +5293,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
       libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
-  libcrux_ml_kem_matrix_compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */
-                                            public_key->A, r_as_ntt, error_1,
+  libcrux_ml_kem_matrix_compute_vector_u_1b(public_key->A, r_as_ntt, error_1,
                                             u);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_message[32U];
-  /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
       libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
@@ -5414,14 +5306,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
           public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
   uint8_t ciphertext[1088U] = {0U};
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U];
-  /* c_1 := Encode_{du}(Compress_q(u,d_u)) */
   memcpy(
       uu____5, u,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
       uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
                                            uint8_t));
-  /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v;
   libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
       uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
@@ -5847,20 +5737,12 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
-       i <
-       /* The semicolon and parentheses at the end of loop are a workaround for
-          the following bug https://github.com/hacspec/hax/issues/720 */
-       LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT;
-       i++) {
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
             libcrux_ml_kem_vector_traits_to_standard_domain_8c(
-                self->coefficients[/* The coefficients are of the form aR^{-1}
-                                      mod q, which means calling
-                                      to_montgomery_domain() on them should
-                                      return a mod q. */
-                                   j]);
+                self->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -5892,8 +5774,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0.
-     */
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
         libcrux_ml_kem_polynomial_ZERO_ef_8c();
     t_as_ntt[i0] = uu____0;
@@ -5973,9 +5853,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6008,8 +5886,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_matrix_compute_As_plus_e_1b(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6141,18 +6019,12 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) {
   uint8_t public_key_serialized[1184U];
-  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ
-                                                    mod^{+}q) || ρ) */
-                                                 public_key->t_as_ntt,
-                                                 Eurydice_array_to_slice(
-                                                     (size_t)32U,
-                                                     public_key->seed_for_A,
-                                                     uint8_t),
-                                                 public_key_serialized);
+  libcrux_ml_kem_ind_cpa_serialize_public_key_6c(
+      public_key->t_as_ntt,
+      Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
+      public_key_serialized);
   uint8_t secret_key_serialized[1152U];
-  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q)
-                                                  */
-                                                 private_key->secret_as_ntt,
+  libcrux_ml_kem_ind_cpa_serialize_secret_key_89(private_key->secret_as_ntt,
                                                  secret_key_serialized);
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_secret_key_serialized[1152U];
@@ -6733,9 +6605,7 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
     libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
   uint8_t hashed[64U];
-  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ)
-                                                  := G(d || K) for ML-KEM */
-                                               key_generation_seed, hashed);
+  libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed);
   Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
       Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
       uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6768,8 +6638,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0(
           .fst,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   libcrux_ml_kem_matrix_compute_As_plus_e_1b(
-      /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A,
-      private_key->secret_as_ntt, error_as_ntt);
+      public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
+      error_as_ntt);
   uint8_t uu____5[32U];
   Result_fb dst;
   Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
@@ -6907,10 +6777,7 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
   uint8_t t[32U];
   libcrux_ml_kem_hash_functions_portable_H_f1_e0(
-      Eurydice_array_to_subslice2(/* Eurydice can't access values directly on
-                                     the types. We need to go to the `value`
-                                     directly. */
-                                  private_key->value, (size_t)384U * (size_t)3U,
+      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
                                   (size_t)768U * (size_t)3U + (size_t)32U,
                                   uint8_t),
       t);
@@ -7728,10 +7595,7 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(
   Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
   Eurydice_slice implicit_rejection_value = uu____0.f3;
   Eurydice_slice uu____1 = Eurydice_array_to_slice(
-      (size_t)3U,
-      /* XXX: We need to copy_from_slice here because karamel can't handle the
-         assignment cf. https://github.com/FStarLang/karamel/pull/491 */
-      key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
+      (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt,
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U];
   libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, ret);
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 5955882fa..7a519bf7c 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_sha3_avx2_H
@@ -104,9 +104,7 @@ libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a,
                                                                    uint64_t c) {
-  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x(
-      (int64_t) /* Casting here is required, doesn't change the value. */
-      c);
+  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c);
   return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0);
 }
 
@@ -1701,7 +1699,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_5b(
         __m256i);
     __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
         (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
         s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
@@ -2036,15 +2034,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256(
     Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
     Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1,
     Eurydice_slice out2, Eurydice_slice out3) {
-  Eurydice_slice buf0[4U] = {
-      /* XXX: These functions could alternatively implement the same with the
-         portable implementation #[cfg(feature = "simd128")] { keccakx2::<136,
-         0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136,
-         0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136,
-         0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]);
-         keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136,
-         0x1fu8>([input3], [out3]); } */
-      input0, input1, input2, input3};
+  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
   Eurydice_slice buf[4U] = {out0, out1, out2, out3};
   libcrux_sha3_generic_keccak_keccak_fb(buf0, buf);
 }
@@ -2284,7 +2274,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_3a(
         __m256i);
     __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
         (int32_t)32,
-        s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U]
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
         s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
          [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 211cf1919..a606f5f71 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 3a133fe0eee9bd3928d5bb16c24ddd2dd0f3ee7f
- * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c
- * Karamel: c31a22c1e07d2118c07ee5cebb640d863e31a198
- * F*: 2c32d6e230851bbceadac7a21fc418fa2bb7e4bc
- * Libcrux: cbc0d48933fbcbffaaf1f817d7fbd4047a7630a1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 5643e656b989aca7629723653a2570c7df6252b9
+ * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
  */
 
 #ifndef __libcrux_sha3_portable_H
@@ -1654,7 +1654,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
 }
@@ -2013,7 +2012,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
 }
@@ -2142,7 +2140,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
 }
@@ -2749,7 +2746,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
 }
@@ -3108,7 +3104,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
 }
@@ -3404,7 +3399,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
     Eurydice_slice data[1U], Eurydice_slice out[1U]) {
   /* Passing arrays by value in Rust generates a copy in C */
   Eurydice_slice copy_of_data[1U];
-  /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */
   memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
   libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
 }
@@ -3502,7 +3496,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
                                                           Eurydice_slice input1,
                                                           Eurydice_slice out0,
                                                           Eurydice_slice out1) {
-  /* TODO: make argument ordering consistent */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3517,9 +3510,6 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
 */
 static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
 libcrux_sha3_neon_x2_incremental_init(void) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let s0 = KeccakState::new(); let s1 =
-   * KeccakState::new(); [s0, s1] } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3532,10 +3522,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3549,10 +3535,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_first_three_blocks(&mut s0, out0);
-   * shake128_squeeze_first_three_blocks(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3566,10 +3548,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
     Eurydice_slice out1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_squeeze_next_block(&mut s0, out0);
-   * shake128_squeeze_next_block(&mut s1, out1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3594,10 +3572,6 @@ static KRML_MUSTINLINE void
 libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
     libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
     Eurydice_slice data1) {
-  /* XXX: These functions could alternatively implement the same with the
-   * portable implementation { let [mut s0, mut s1] = s;
-   * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1,
-   * data1); } */
   KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
                     "panic!");
   KRML_HOST_EXIT(255U);
@@ -3759,13 +3733,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)136U) {
-      consumed = (size_t)136U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)136U) {
+      consumed = (size_t)136U - self->buf_len;
       for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
         size_t i0 = i;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -3871,9 +3840,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
       size_t i0 = i;
@@ -4220,13 +4187,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
   size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
   size_t consumed = (size_t)0U;
   if (self->buf_len > (size_t)0U) {
-    if (
-        /* There's something buffered internally to consume. */ self->buf_len +
-            input_len >=
-        (size_t)168U) {
-      consumed = (size_t)168U - /* We have enough data when combining the
-                                   internal buffer and the input. */
-                 self->buf_len;
+    if (self->buf_len + input_len >= (size_t)168U) {
+      consumed = (size_t)168U - self->buf_len;
       for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
         size_t i0 = i;
         Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
@@ -4332,9 +4294,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
   memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
   size_t input_remainder_len =
       libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
-  if (
-      /* ... buffer the rest if there's not enough input (left). */
-      input_remainder_len > (size_t)0U) {
+  if (input_remainder_len > (size_t)0U) {
     size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
     for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
       size_t i0 = i;
@@ -4724,13 +4684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   size_t blocks = out_len / (size_t)136U;
   size_t last = out_len - out_len % (size_t)136U;
   size_t mid;
-  if ((size_t)136U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)136U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)136U;
@@ -4744,11 +4698,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
   libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -4757,11 +4708,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)136U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
@@ -4856,13 +4803,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   size_t blocks = out_len / (size_t)168U;
   size_t last = out_len - out_len % (size_t)168U;
   size_t mid;
-  if ((size_t)168U >=
-      /* Squeeze out one to start with. XXX: Eurydice does not extract
-         `core::cmp::min`, so we do this instead. (cf.
-         https://github.com/AeneasVerif/eurydice/issues/49) */
-      out_len
-
-  ) {
+  if ((size_t)168U >= out_len) {
     mid = out_len;
   } else {
     mid = (size_t)168U;
@@ -4876,11 +4817,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
   libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
   core_ops_range_Range_08 iter =
       core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){
-              .start = (size_t)1U,
-              .end = /* If we got asked for more than one block, squeeze out
-                        more. */
-              blocks}),
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
           core_ops_range_Range_08, core_ops_range_Range_08);
   while (true) {
     if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
@@ -4889,11 +4827,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
       break;
     } else {
       Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we
-                                                            always have full
-                                                            blocks to write out.
-                                                          */
-                                                         out_rest,
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
                                                          (size_t)168U);
       Eurydice_slice out0[1U];
       memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));

From 294c5806abf3c530d0425cba7382c05203f2ffe2 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 22:16:16 +0000
Subject: [PATCH 057/142] fstar

---
 Cargo.lock                                    | 12 ++--
 fstar-helpers/fstar-bitvec/BitVecEq.fsti      |  4 +-
 .../extraction/Libcrux_ml_kem.Ind_cca.fst     |  2 +-
 .../extraction/Libcrux_ml_kem.Mlkem1024.fsti  | 59 +++++++++++++------
 .../extraction/Libcrux_ml_kem.Mlkem512.fsti   | 59 +++++++++++++------
 .../extraction/Libcrux_ml_kem.Mlkem768.fsti   | 59 +++++++++++++------
 ...crux_ml_kem.Vector.Portable.Arithmetic.fst |  2 +-
 .../proofs/fstar/spec/Spec.Utils.fst          |  5 +-
 8 files changed, 140 insertions(+), 62 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 363acf1a7..94f450b74 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -697,8 +697,8 @@ dependencies = [
 
 [[package]]
 name = "hax-lib"
-version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#1c5e17c9ceee5adede0f4ea7f68bb3d8337f33a0"
+version = "0.1.0-rc.1"
+source = "git+https://github.com/hacspec/hax/#de59826b832befc82905286d052c8a961c31f3cd"
 dependencies = [
  "hax-lib-macros",
  "num-bigint",
@@ -707,8 +707,8 @@ dependencies = [
 
 [[package]]
 name = "hax-lib-macros"
-version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#1c5e17c9ceee5adede0f4ea7f68bb3d8337f33a0"
+version = "0.1.0-rc.1"
+source = "git+https://github.com/hacspec/hax/#de59826b832befc82905286d052c8a961c31f3cd"
 dependencies = [
  "hax-lib-macros-types",
  "paste",
@@ -720,8 +720,8 @@ dependencies = [
 
 [[package]]
 name = "hax-lib-macros-types"
-version = "0.1.0-alpha.1"
-source = "git+https://github.com/hacspec/hax/#1c5e17c9ceee5adede0f4ea7f68bb3d8337f33a0"
+version = "0.1.0-rc.1"
+source = "git+https://github.com/hacspec/hax/#de59826b832befc82905286d052c8a961c31f3cd"
 dependencies = [
  "proc-macro2",
  "quote",
diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fsti b/fstar-helpers/fstar-bitvec/BitVecEq.fsti
index c370f28bf..6792f2b29 100644
--- a/fstar-helpers/fstar-bitvec/BitVecEq.fsti
+++ b/fstar-helpers/fstar-bitvec/BitVecEq.fsti
@@ -1,5 +1,5 @@
 module BitVecEq
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
 open Core
 open FStar.Mul
 open MkSeq
@@ -72,7 +72,7 @@ let int_t_array_bitwise_eq
 //                                 else get_bit_nat (pow2 (bits n) + v x) (v nth))
 //     with get_bit_intro #n x nth
 
-#push-options "--fuel 0 --ifuel 0 --z3rlimit 80"
+#push-options "--fuel 0 --ifuel 0 --z3rlimit 150"
 /// Rewrite a `bit_vec_of_int_t_array (Seq.slice arr ...)` into a `bit_vec_sub ...`
 let int_t_seq_slice_to_bv_sub_lemma #t #n 
   (arr: t_Array (int_t t) n)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index a6ffee609..ee9e56c50 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -235,7 +235,7 @@ let serialize_kem_secret_key
 
 #pop-options
 
-#push-options "--z3rlimit 300"
+#push-options "--z3rlimit 300 --ext context_pruning --split_queries always"
 
 let encapsulate
       (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
index b31f845fc..007e5c86f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti
@@ -3,39 +3,64 @@ module Libcrux_ml_kem.Mlkem1024
 open Core
 open FStar.Mul
 
-let v_C1_BLOCK_SIZE_1024_: usize = sz 352
+let v_ETA1: usize = sz 2
 
-let v_C1_SIZE_1024_: usize = sz 1408
+let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64
 
-let v_C2_SIZE_1024_: usize = sz 160
+let v_ETA2: usize = sz 2
 
-let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = sz 1568
+let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64
 
-let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = sz 1568
+let v_RANK_1024_: usize = sz 4
 
-let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = sz 1536
+let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize =
+  ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
+    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
+    <:
+    usize) /!
+  sz 8
 
-let v_ETA1: usize = sz 2
+let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize =
+  (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8
 
-let v_ETA1_RANDOMNESS_SIZE: usize = sz 128
+let v_T_AS_NTT_ENCODED_SIZE_1024_: usize =
+  ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
+    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
+    <:
+    usize) /!
+  sz 8
 
-let v_ETA2: usize = sz 2
+let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32
 
-let v_ETA2_RANDOMNESS_SIZE: usize = sz 128
+let v_SECRET_KEY_SIZE_1024_: usize =
+  ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +!
+    Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
+    <:
+    usize) +!
+  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE
 
-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 1600
+let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11
 
-let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = sz 1536
+let v_C1_BLOCK_SIZE_1024_: usize =
+  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_
+    <:
+    usize) /!
+  sz 8
 
-let v_RANK_1024_: usize = sz 4
+let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_
 
-let v_SECRET_KEY_SIZE_1024_: usize = sz 3168
+let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5
 
-let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = sz 1536
+let v_C2_SIZE_1024_: usize =
+  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_
+    <:
+    usize) /!
+  sz 8
 
-let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11
+let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_
 
-let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5
+let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize =
+  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_
 
 /// Validate a private key.
 /// Returns `true` if valid, and `false` otherwise.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti
index 28d905063..94590e2ee 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti
@@ -3,39 +3,64 @@ module Libcrux_ml_kem.Mlkem512
 open Core
 open FStar.Mul
 
-let v_C1_BLOCK_SIZE_512_: usize = sz 320
+let v_ETA1: usize = sz 3
 
-let v_C1_SIZE_512_: usize = sz 640
+let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64
 
-let v_C2_SIZE_512_: usize = sz 128
+let v_ETA2: usize = sz 2
 
-let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = sz 768
+let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64
 
-let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = sz 800
+let v_RANK_512_: usize = sz 2
 
-let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = sz 768
+let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize =
+  ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
+    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
+    <:
+    usize) /!
+  sz 8
 
-let v_ETA1: usize = sz 3
+let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize =
+  (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8
 
-let v_ETA1_RANDOMNESS_SIZE: usize = sz 192
+let v_T_AS_NTT_ENCODED_SIZE_512_: usize =
+  ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
+    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
+    <:
+    usize) /!
+  sz 8
 
-let v_ETA2: usize = sz 2
+let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32
 
-let v_ETA2_RANDOMNESS_SIZE: usize = sz 128
+let v_SECRET_KEY_SIZE_512_: usize =
+  ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +!
+    Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
+    <:
+    usize) +!
+  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE
 
-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 800
+let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10
 
-let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = sz 768
+let v_C1_BLOCK_SIZE_512_: usize =
+  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_
+    <:
+    usize) /!
+  sz 8
 
-let v_RANK_512_: usize = sz 2
+let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_
 
-let v_SECRET_KEY_SIZE_512_: usize = sz 1632
+let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4
 
-let v_T_AS_NTT_ENCODED_SIZE_512_: usize = sz 768
+let v_C2_SIZE_512_: usize =
+  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_
+    <:
+    usize) /!
+  sz 8
 
-let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10
+let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_
 
-let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4
+let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize =
+  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_
 
 /// Validate a private key.
 /// Returns `true` if valid, and `false` otherwise.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
index 928e6a233..d1d7c217f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti
@@ -3,39 +3,64 @@ module Libcrux_ml_kem.Mlkem768
 open Core
 open FStar.Mul
 
-let v_C1_BLOCK_SIZE_768_: usize = sz 320
+let v_ETA1: usize = sz 2
 
-let v_C1_SIZE_768_: usize = sz 960
+let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64
 
-let v_C2_SIZE_768_: usize = sz 128
+let v_ETA2: usize = sz 2
 
-let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = sz 1088
+let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64
 
-let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = sz 1184
+let v_RANK_768_: usize = sz 3
 
-let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = sz 1152
+let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize =
+  ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
+    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
+    <:
+    usize) /!
+  sz 8
 
-let v_ETA1: usize = sz 2
+let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize =
+  (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8
 
-let v_ETA1_RANDOMNESS_SIZE: usize = sz 128
+let v_T_AS_NTT_ENCODED_SIZE_768_: usize =
+  ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *!
+    Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT
+    <:
+    usize) /!
+  sz 8
 
-let v_ETA2: usize = sz 2
+let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32
 
-let v_ETA2_RANDOMNESS_SIZE: usize = sz 128
+let v_SECRET_KEY_SIZE_768_: usize =
+  ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +!
+    Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
+    <:
+    usize) +!
+  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE
 
-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 1120
+let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10
 
-let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = sz 1152
+let v_C1_BLOCK_SIZE_768_: usize =
+  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_
+    <:
+    usize) /!
+  sz 8
 
-let v_RANK_768_: usize = sz 3
+let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_
 
-let v_SECRET_KEY_SIZE_768_: usize = sz 2400
+let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4
 
-let v_T_AS_NTT_ENCODED_SIZE_768_: usize = sz 1152
+let v_C2_SIZE_768_: usize =
+  (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_
+    <:
+    usize) /!
+  sz 8
 
-let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10
+let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_
 
-let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4
+let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize =
+  Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_
 
 /// Validate a private key.
 /// Returns `true` if valid, and `false` otherwise.
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
index 9f607fddd..f400f5ccd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
@@ -28,7 +28,7 @@ let get_n_least_significant_bits (n: u8) (value: u32) =
 
 #pop-options
 
-#push-options "--z3rlimit 150"
+#push-options "--z3rlimit 200"
 
 let barrett_reduce_element (value: i16) =
   let t:i32 =
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
index 5c77472f2..cbe51c827 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
@@ -361,7 +361,9 @@ val lemma_mont_mul_red_i16_int (x y:i16): Lemma
           let result:i16 = mont_mul_red_i16 x y in
           is_i16b 3328 result /\
           v result % 3329 == (v x * v y * 169) % 3329))
-          
+
+#push-options "--z3rlimit 200"
+
 let lemma_mont_mul_red_i16_int (x y:i16) = 
   let vlow = x *. y in
   let prod = v x * v y in
@@ -429,6 +431,7 @@ let lemma_mont_mul_red_i16_int (x y:i16) =
       ((prod) * 169) % 3329; 
     }
 
+#pop-options
 
 val lemma_mont_mul_red_i16 (x y:i16): Lemma
   (requires (is_i16b 1664 y \/ is_intb (3326 * pow2 15) (v x * v y)))

From 83a72e794daa8e6943bc85af53bc2cfd7b592e9b Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 3 Dec 2024 22:58:03 +0000
Subject: [PATCH 058/142] fstar

---
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 155 ------------------
 .../extraction/Libcrux_ml_kem.Types.fsti      | 141 ++++++++++++++--
 .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst |   2 +-
 .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst  |   1 -
 4 files changed, 127 insertions(+), 172 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index 3a598d127..5748d2562 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -9,103 +9,10 @@ let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
-
 let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
-  }
-
 let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
-  }
-
 let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
 
 let impl_21__from
@@ -178,65 +85,3 @@ let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private
   <:
   (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 4f76c2ffc..1947307c5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -19,13 +19,35 @@ val impl_20__len: v_SIZE: usize -> Prims.unit
 type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemCiphertext v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
@@ -40,13 +62,35 @@ val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
 type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPrivateKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
@@ -61,13 +105,35 @@ val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
 type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPublicKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
@@ -169,22 +235,67 @@ val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private
             v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE)
+let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE)
+let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE)
+let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
+let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
+let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
+let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
index 6f960e706..cba0ea581 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
@@ -184,7 +184,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
 
 #pop-options
 
-#push-options "--z3rlimit 200"
+#push-options "--z3rlimit 250"
 
 let montgomery_multiply_by_constant
       (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
index b0c197583..00fb6832a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
@@ -38,7 +38,6 @@ let deserialize_1_ (bytes: t_Slice u8) =
   deserialize_1___deserialize_1_u8s (bytes.[ sz 0 ] <: u8) (bytes.[ sz 1 ] <: u8)
 
 [@@"opaque_to_smt"]
-
 let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) =
   let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b7 b7 b6 b6 b5 b5 b4 b4 b3 b3 b2 b2 b1 b1 b0 b0

From 52178f67f153cfcdbf0440e8f5fadc0ba0872152 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 4 Dec 2024 11:05:08 +0100
Subject: [PATCH 059/142] F* update

---
 .../extraction/Libcrux_ml_kem.Polynomial.fst  | 230 ++++++++----
 .../extraction/Libcrux_ml_kem.Polynomial.fsti |  68 +++-
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 155 --------
 .../extraction/Libcrux_ml_kem.Types.fsti      | 141 ++++++-
 libcrux-ml-kem/src/polynomial.rs              | 352 ++++++++++--------
 5 files changed, 556 insertions(+), 390 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
index 4dcc55b91..266113065 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
@@ -14,37 +14,37 @@ let get_zeta (i: usize) =
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
-let impl_2__add_error_reduce
+let add_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self error: t_PolynomialRingElement v_Vector)
+      (myself error: t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit = admit () in
-  let self:t_PolynomialRingElement v_Vector =
+  let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
-      (fun self temp_1_ ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      (fun myself temp_1_ ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let _:usize = temp_1_ in
           true)
-      self
-      (fun self j ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      myself
+      (fun myself j ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let j:usize = j in
           let coefficient_normal_form:v_Vector =
             Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              (self.f_coefficients.[ j ] <: v_Vector)
+              (myself.f_coefficients.[ j ] <: v_Vector)
               1441s
           in
-          let self:t_PolynomialRingElement v_Vector =
+          let myself:t_PolynomialRingElement v_Vector =
             {
-              self with
+              myself with
               f_coefficients
               =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize myself.f_coefficients
                 j
                 (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector
                     #FStar.Tactics.Typeclasses.solve
@@ -60,17 +60,27 @@ let impl_2__add_error_reduce
             <:
             t_PolynomialRingElement v_Vector
           in
-          self)
+          myself)
   in
   let hax_temp_output:Prims.unit = () <: Prims.unit in
-  self
+  myself
 
-let impl_2__add_message_error_reduce
+let impl_2__add_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self message result: t_PolynomialRingElement v_Vector)
+      (self error: t_PolynomialRingElement v_Vector)
+     =
+  let self:t_PolynomialRingElement v_Vector = add_error_reduce #v_Vector self error in
+  self
+
+let add_message_error_reduce
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (myself message result: t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit = admit () in
   let result:t_PolynomialRingElement v_Vector =
@@ -93,7 +103,7 @@ let impl_2__add_message_error_reduce
           let tmp:v_Vector =
             Libcrux_ml_kem.Vector.Traits.f_add #v_Vector
               #FStar.Tactics.Typeclasses.solve
-              (self.f_coefficients.[ i ] <: v_Vector)
+              (myself.f_coefficients.[ i ] <: v_Vector)
               (message.f_coefficients.[ i ] <: v_Vector)
           in
           let tmp:v_Vector =
@@ -122,35 +132,43 @@ let impl_2__add_message_error_reduce
   in
   result
 
-let impl_2__add_standard_error_reduce
+let impl_2__add_message_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self error: t_PolynomialRingElement v_Vector)
+      (self message result: t_PolynomialRingElement v_Vector)
+     = add_message_error_reduce #v_Vector self message result
+
+let add_standard_error_reduce
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (myself error: t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit = admit () in
-  let self:t_PolynomialRingElement v_Vector =
+  let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
-      (fun self temp_1_ ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      (fun myself temp_1_ ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let _:usize = temp_1_ in
           true)
-      self
-      (fun self j ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      myself
+      (fun myself j ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let j:usize = j in
           let coefficient_normal_form:v_Vector =
             Libcrux_ml_kem.Vector.Traits.to_standard_domain #v_Vector
-              (self.f_coefficients.[ j ] <: v_Vector)
+              (myself.f_coefficients.[ j ] <: v_Vector)
           in
-          let self:t_PolynomialRingElement v_Vector =
+          let myself:t_PolynomialRingElement v_Vector =
             {
-              self with
+              myself with
               f_coefficients
               =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize myself.f_coefficients
                 j
                 (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector
                     #FStar.Tactics.Typeclasses.solve
@@ -166,39 +184,49 @@ let impl_2__add_standard_error_reduce
             <:
             t_PolynomialRingElement v_Vector
           in
-          self)
+          myself)
   in
   let hax_temp_output:Prims.unit = () <: Prims.unit in
-  self
+  myself
 
-let impl_2__poly_barrett_reduce
+let impl_2__add_standard_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self: t_PolynomialRingElement v_Vector)
+      (self error: t_PolynomialRingElement v_Vector)
+     =
+  let self:t_PolynomialRingElement v_Vector = add_standard_error_reduce #v_Vector self error in
+  self
+
+let poly_barrett_reduce
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (myself: t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit = admit () in
-  let self:t_PolynomialRingElement v_Vector =
+  let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
-      (fun self temp_1_ ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      (fun myself temp_1_ ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let _:usize = temp_1_ in
           true)
-      self
-      (fun self i ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      myself
+      (fun myself i ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let i:usize = i in
           {
-            self with
+            myself with
             f_coefficients
             =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize myself.f_coefficients
               i
               (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector
                   #FStar.Tactics.Typeclasses.solve
-                  (self.f_coefficients.[ i ] <: v_Vector)
+                  (myself.f_coefficients.[ i ] <: v_Vector)
                 <:
                 v_Vector)
             <:
@@ -208,14 +236,24 @@ let impl_2__poly_barrett_reduce
           t_PolynomialRingElement v_Vector)
   in
   let hax_temp_output:Prims.unit = () <: Prims.unit in
-  self
+  myself
 
-let impl_2__subtract_reduce
+let impl_2__poly_barrett_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self b: t_PolynomialRingElement v_Vector)
+      (self: t_PolynomialRingElement v_Vector)
+     =
+  let self:t_PolynomialRingElement v_Vector = poly_barrett_reduce #v_Vector self in
+  self
+
+let subtract_reduce
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (myself b: t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit = admit () in
   let b:t_PolynomialRingElement v_Vector =
@@ -246,7 +284,7 @@ let impl_2__subtract_reduce
                     #FStar.Tactics.Typeclasses.solve
                     (Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector
                         #FStar.Tactics.Typeclasses.solve
-                        (self.f_coefficients.[ i ] <: v_Vector)
+                        (myself.f_coefficients.[ i ] <: v_Vector)
                         coefficient_normal_form
                       <:
                       v_Vector)
@@ -260,6 +298,14 @@ let impl_2__subtract_reduce
   in
   b
 
+let impl_2__subtract_reduce
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (self b: t_PolynomialRingElement v_Vector)
+     = subtract_reduce #v_Vector self b
+
 let impl_2__ZERO
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -280,14 +326,34 @@ let impl_2__ZERO
   <:
   t_PolynomialRingElement v_Vector
 
-let impl_2__from_i16_array
+let v_ZERO
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (_: Prims.unit)
+     =
+  {
+    f_coefficients
+    =
+    Rust_primitives.Hax.repeat (Libcrux_ml_kem.Vector.Traits.f_ZERO #v_Vector
+          #FStar.Tactics.Typeclasses.solve
+          ()
+        <:
+        v_Vector)
+      (sz 16)
+  }
+  <:
+  t_PolynomialRingElement v_Vector
+
+let from_i16_array
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (a: t_Slice i16)
      =
-  let result:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in
+  let result:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in
   let result:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -325,15 +391,23 @@ let impl_2__from_i16_array
   in
   result
 
-let impl_2__ntt_multiply
+let impl_2__from_i16_array
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
-      (self rhs: t_PolynomialRingElement v_Vector)
+      (a: t_Slice i16)
+     = from_i16_array #v_Vector a
+
+let ntt_multiply
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (myself rhs: t_PolynomialRingElement v_Vector)
      =
   let _:Prims.unit = admit () in
-  let out:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in
+  let out:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in
   let out:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -353,7 +427,7 @@ let impl_2__ntt_multiply
               i
               (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector
                   #FStar.Tactics.Typeclasses.solve
-                  (self.f_coefficients.[ i ] <: v_Vector)
+                  (myself.f_coefficients.[ i ] <: v_Vector)
                   (rhs.f_coefficients.[ i ] <: v_Vector)
                   (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16)
                   (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16)
@@ -369,35 +443,42 @@ let impl_2__ntt_multiply
   in
   out
 
-let impl_2__add_to_ring_element
+let impl_2__ntt_multiply
       (#v_Vector: Type0)
-      (v_K: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i2:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self rhs: t_PolynomialRingElement v_Vector)
+     = ntt_multiply #v_Vector self rhs
+
+let add_to_ring_element
+      (#v_Vector: Type0)
+      (v_K: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (myself rhs: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
-  let self:t_PolynomialRingElement v_Vector =
+  let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
-      (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize)
-      (fun self temp_1_ ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      (Core.Slice.impl__len #v_Vector (myself.f_coefficients <: t_Slice v_Vector) <: usize)
+      (fun myself temp_1_ ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let _:usize = temp_1_ in
           true)
-      self
-      (fun self i ->
-          let self:t_PolynomialRingElement v_Vector = self in
+      myself
+      (fun myself i ->
+          let myself:t_PolynomialRingElement v_Vector = myself in
           let i:usize = i in
           {
-            self with
+            myself with
             f_coefficients
             =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize myself.f_coefficients
               i
               (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector
                   #FStar.Tactics.Typeclasses.solve
-                  (self.f_coefficients.[ i ] <: v_Vector)
+                  (myself.f_coefficients.[ i ] <: v_Vector)
                   (rhs.f_coefficients.[ i ] <: v_Vector)
                 <:
                 v_Vector)
@@ -407,5 +488,18 @@ let impl_2__add_to_ring_element
           <:
           t_PolynomialRingElement v_Vector)
   in
-  let hax_temp_output:Prims.unit = () <: Prims.unit in
+  let result:Prims.unit = () <: Prims.unit in
+  let _:Prims.unit = admit () (* Panic freedom *) in
+  let hax_temp_output:Prims.unit = result in
+  myself
+
+let impl_2__add_to_ring_element
+      (#v_Vector: Type0)
+      (v_K: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (self rhs: t_PolynomialRingElement v_Vector)
+     =
+  let self:t_PolynomialRingElement v_Vector = add_to_ring_element #v_Vector v_K self rhs in
   self
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
index 6ad4d7a0b..1d0346253 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
@@ -44,7 +44,9 @@ type t_PolynomialRingElement
 let to_spec_poly_t (#v_Vector: Type0)
     {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
     (p: t_PolynomialRingElement v_Vector) : Spec.MLKEM.polynomial =
-    admit()
+    createi (sz 256) (fun i -> Spec.MLKEM.Math.to_spec_fe 
+                                (Seq.index (i2._super_8706949974463268012.f_repr 
+                                    (Seq.index p.f_coefficients (v i / 16))) (v i % 16)))
 
 let to_spec_vector_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0)
     {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -60,30 +62,60 @@ let v_VECTORS_IN_RING_ELEMENT: usize =
   Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /!
   Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR
 
+val add_error_reduce
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself error: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 val impl_2__add_error_reduce
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self error: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+val add_message_error_reduce
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself message result: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 val impl_2__add_message_error_reduce
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self message result: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+val add_standard_error_reduce
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself error: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 val impl_2__add_standard_error_reduce
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self error: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+val poly_barrett_reduce
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 val impl_2__poly_barrett_reduce
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+val subtract_reduce
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself b: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 val impl_2__subtract_reduce
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -96,6 +128,21 @@ val impl_2__ZERO:
     Prims.unit
   -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+val v_ZERO:
+    #v_Vector: Type0 ->
+    {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} ->
+    Prims.unit
+  -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
+val from_i16_array
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (a: t_Slice i16)
+    : Prims.Pure (t_PolynomialRingElement v_Vector)
+      (requires
+        (v_VECTORS_IN_RING_ELEMENT *! sz 16 <: usize) <=. (Core.Slice.impl__len #i16 a <: usize))
+      (fun _ -> Prims.l_True)
+
 val impl_2__from_i16_array
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -107,7 +154,7 @@ val impl_2__from_i16_array
 
 /// Given two `KyberPolynomialRingElement`s in their NTT representations,
 /// compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
-/// the `iᵗʰ` coefficient of the product `k\u{302}` is determined by the calculation:
+/// the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
 /// ```plaintext
 /// ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - ζ^(2·BitRev₇(i) + 1))
 /// ```
@@ -121,16 +168,31 @@ val impl_2__from_i16_array
 /// end for
 /// return ĥ
 /// ```
-/// We say \"almost\" because the coefficients of the ring element output by
+/// We say "almost" because the coefficients of the ring element output by
 /// this function are in the Montgomery domain.
 /// The NIST FIPS 203 standard can be found at
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
+val ntt_multiply
+      (#v_Vector: Type0)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself rhs: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 val impl_2__ntt_multiply
       (#v_Vector: Type0)
       {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self rhs: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+/// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+/// sum of their constituent coefficients.
+val add_to_ring_element
+      (#v_Vector: Type0)
+      (v_K: usize)
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      (myself rhs: t_PolynomialRingElement v_Vector)
+    : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
 /// sum of their constituent coefficients.
 val impl_2__add_to_ring_element
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index 3a598d127..5748d2562 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -9,103 +9,10 @@ let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
-
 let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
-  }
-
 let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
-  }
-
 let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
 
 let impl_21__from
@@ -178,65 +85,3 @@ let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private
   <:
   (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
index 4f76c2ffc..1947307c5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
@@ -19,13 +19,35 @@ val impl_20__len: v_SIZE: usize -> Prims.unit
 type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemCiphertext v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE)
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE)
+let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
@@ -40,13 +62,35 @@ val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
 type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPrivateKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE)
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
@@ -61,13 +105,35 @@ val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
 type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPublicKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE)
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE)
+let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
 
 /// A reference to the raw byte slice.
 val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
@@ -169,22 +235,67 @@ val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private
             v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE)
+let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE)
+let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE)
+let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8)
+let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8)
+let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8)
+let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index 9460a0cba..3d1c3b06e 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -53,7 +53,9 @@ pub(crate) const VECTORS_IN_RING_ELEMENT: usize =
         "let to_spec_poly_t (#v_Vector: Type0)
     {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
     (p: t_PolynomialRingElement v_Vector) : Spec.MLKEM.polynomial =
-    admit()"
+    createi (sz 256) (fun i -> Spec.MLKEM.Math.to_spec_fe 
+                                (Seq.index (i2._super_8706949974463268012.f_repr 
+                                    (Seq.index p.f_coefficients (v i / 16))) (v i % 16)))"
     )
 )]
 // XXX: We don't want to copy this. But for eurydice we have to have this.
@@ -62,6 +64,194 @@ pub(crate) struct PolynomialRingElement<Vector: Operations> {
     pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT],
 }
 
+
+#[allow(non_snake_case)]
+pub(crate) fn ZERO<Vector: Operations>() -> PolynomialRingElement<Vector> {
+    PolynomialRingElement {
+        // FIXME:  The THIR body of item DefId(0:415 ~ libcrux_ml_kem[9000]::polynomial::{impl#0}::ZERO::{constant#0}) was stolen.
+        coefficients: [Vector::ZERO(); 16],
+    }
+}
+
+#[inline(always)]
+#[hax_lib::requires(VECTORS_IN_RING_ELEMENT * 16 <= a.len())]
+pub(crate) fn from_i16_array<Vector: Operations>(a: &[i16]) -> PolynomialRingElement<Vector> {
+    let mut result = ZERO();
+    for i in 0..VECTORS_IN_RING_ELEMENT {
+        result.coefficients[i] = Vector::from_i16_array(&a[i * 16..(i + 1) * 16]);
+    }
+    result
+}
+
+/// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+/// sum of their constituent coefficients.
+#[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
+pub(crate) fn add_to_ring_element<Vector: Operations, const K: usize>(myself: &mut PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) {
+    // The semicolon and parentheses at the end of loop are a workaround
+    // for the following bug https://github.com/hacspec/hax/issues/720
+    for i in 0..myself.coefficients.len() {
+        myself.coefficients[i] = Vector::add(myself.coefficients[i], &rhs.coefficients[i]);
+    }
+    ()
+}
+
+#[inline(always)]
+pub fn poly_barrett_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>) {
+    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
+    hax_lib::fstar!("admit ()");
+    // The semicolon and parentheses at the end of loop are a workaround
+    // for the following bug https://github.com/hacspec/hax/issues/720
+    for i in 0..VECTORS_IN_RING_ELEMENT {
+        myself.coefficients[i] = Vector::barrett_reduce(myself.coefficients[i]);
+    }
+    ()
+}
+
+#[inline(always)]
+pub(crate) fn subtract_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, mut b: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
+    hax_lib::fstar!("admit ()");
+    for i in 0..VECTORS_IN_RING_ELEMENT {
+        let coefficient_normal_form =
+            Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441);
+        b.coefficients[i] =
+            Vector::barrett_reduce(Vector::sub(myself.coefficients[i], &coefficient_normal_form));
+    }
+    b
+}
+
+#[inline(always)]
+pub(crate) fn add_message_error_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, message: &PolynomialRingElement<Vector>, mut result: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
+    hax_lib::fstar!("admit ()");
+    for i in 0..VECTORS_IN_RING_ELEMENT {
+        let coefficient_normal_form =
+            Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441);
+
+        // FIXME: Eurydice crashes with:
+        //
+        // Warning 11: in top-level declaration libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: this expression is not Low*; the enclosing function cannot be translated into C*: let mutable ret(Mark.Present,(Mark.AtMost 2), ): int16_t[16size_t] = $any in
+        // libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add ((@9: libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] &(((@8: libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) @0;
+        // @0
+        // Warning 11 is fatal, exiting.
+        //
+        // On the following code:
+
+        // ```rust
+        // result.coefficients[i] = Vector::barrett_reduce(Vector::add(
+        //     coefficient_normal_form,
+        //     &Vector::add(myself.coefficients[i], &message.coefficients[i]),
+        // ));
+        // ```
+
+        let tmp = Vector::add(myself.coefficients[i], &message.coefficients[i]);
+        let tmp = Vector::add(coefficient_normal_form, &tmp);
+        result.coefficients[i] = Vector::barrett_reduce(tmp);
+    }
+    result
+}
+
+#[inline(always)]
+pub(crate) fn add_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
+    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
+    hax_lib::fstar!("admit ()");
+    // The semicolon and parentheses at the end of loop are a workaround
+    // for the following bug https://github.com/hacspec/hax/issues/720
+    for j in 0..VECTORS_IN_RING_ELEMENT {
+        let coefficient_normal_form =
+            Vector::montgomery_multiply_by_constant(myself.coefficients[j], 1441);
+
+        myself.coefficients[j] = Vector::barrett_reduce(Vector::add(
+            coefficient_normal_form,
+            &error.coefficients[j],
+        ));
+    }
+    ()
+}
+
+#[inline(always)]
+pub(crate) fn add_standard_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
+    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
+    hax_lib::fstar!("admit ()");
+    // The semicolon and parentheses at the end of loop are a workaround
+    // for the following bug https://github.com/hacspec/hax/issues/720
+    for j in 0..VECTORS_IN_RING_ELEMENT {
+        // The coefficients are of the form aR^{-1} mod q, which means
+        // calling to_montgomery_domain() on them should return a mod q.
+        let coefficient_normal_form = to_standard_domain::<Vector>(myself.coefficients[j]);
+
+        myself.coefficients[j] = Vector::barrett_reduce(Vector::add(
+            coefficient_normal_form,
+            &error.coefficients[j],
+        ));
+    }
+    ()
+}
+
+/// Given two `KyberPolynomialRingElement`s in their NTT representations,
+/// compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
+/// the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
+///
+/// ```plaintext
+/// ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - ζ^(2·BitRev₇(i) + 1))
+/// ```
+///
+/// This function almost implements <strong>Algorithm 10</strong> of the
+/// NIST FIPS 203 standard, which is reproduced below:
+///
+/// ```plaintext
+/// Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
+/// Output: An array ĥ ∈ ℤq.
+///
+/// for(i ← 0; i < 128; i++)
+///     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], ζ^(2·BitRev₇(i) + 1))
+/// end for
+/// return ĥ
+/// ```
+/// We say "almost" because the coefficients of the ring element output by
+/// this function are in the Montgomery domain.
+///
+/// The NIST FIPS 203 standard can be found at
+/// <https://csrc.nist.gov/pubs/fips/203/ipd>.
+// TODO: Remove or replace with something that works and is useful for the proof.
+// #[cfg_attr(hax, hax_lib::requires(
+//     hax_lib::forall(|i:usize|
+//         hax_lib::implies(i < COEFFICIENTS_IN_RING_ELEMENT, ||
+//             (lhs.coefficients[i] >= 0 && lhs.coefficients[i] < 4096) &&
+//             (rhs.coefficients[i].abs() <= FIELD_MODULUS)
+
+// ))))]
+// #[cfg_attr(hax, hax_lib::ensures(|result|
+//     hax_lib::forall(|i:usize|
+//         hax_lib::implies(i < result.coefficients.len(), ||
+//                 result.coefficients[i].abs() <= FIELD_MODULUS
+// ))))]
+#[inline(always)]
+pub(crate) fn ntt_multiply<Vector: Operations>(myself: &PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
+    hax_lib::fstar!("admit ()");
+    // hax_debug_debug_assert!(lhs
+    //     .coefficients
+    //     .into_iter()
+    //     .all(|coefficient| coefficient >= 0 && coefficient < 4096));
+
+    let mut out = ZERO();
+
+    for i in 0..VECTORS_IN_RING_ELEMENT {
+        out.coefficients[i] = Vector::ntt_multiply(
+            &myself.coefficients[i],
+            &rhs.coefficients[i],
+            get_zeta(64 + 4 * i),
+            get_zeta(64 + 4 * i + 1),
+            get_zeta(64 + 4 * i + 2),
+            get_zeta(64 + 4 * i + 3),
+        );
+    }
+
+    out
+}
+
 #[hax_lib::attributes]
 impl<Vector: Operations> PolynomialRingElement<Vector> {
     #[allow(non_snake_case)]
@@ -75,179 +265,43 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     #[inline(always)]
     #[requires(VECTORS_IN_RING_ELEMENT * 16 <= a.len())]
     pub(crate) fn from_i16_array(a: &[i16]) -> Self {
-        let mut result = PolynomialRingElement::ZERO();
-        for i in 0..VECTORS_IN_RING_ELEMENT {
-            result.coefficients[i] = Vector::from_i16_array(&a[i * 16..(i + 1) * 16]);
-        }
-        result
+        from_i16_array(a)
     }
 
     /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
     /// sum of their constituent coefficients.
     #[inline(always)]
     pub(crate) fn add_to_ring_element<const K: usize>(&mut self, rhs: &Self) {
-        hax_lib::fstar!("admit ()");
-        // The semicolon and parentheses at the end of loop are a workaround
-        // for the following bug https://github.com/hacspec/hax/issues/720
-        for i in 0..self.coefficients.len() {
-            self.coefficients[i] = Vector::add(self.coefficients[i], &rhs.coefficients[i]);
-        }
-        ()
+        add_to_ring_element::<Vector,K>(self, rhs);
     }
 
     #[inline(always)]
     pub fn poly_barrett_reduce(&mut self) {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-        hax_lib::fstar!("admit ()");
-        // The semicolon and parentheses at the end of loop are a workaround
-        // for the following bug https://github.com/hacspec/hax/issues/720
-        for i in 0..VECTORS_IN_RING_ELEMENT {
-            self.coefficients[i] = Vector::barrett_reduce(self.coefficients[i]);
-        }
-        ()
+        poly_barrett_reduce(self);
     }
 
     #[inline(always)]
-    pub(crate) fn subtract_reduce(&self, mut b: Self) -> Self {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-        hax_lib::fstar!("admit ()");
-        for i in 0..VECTORS_IN_RING_ELEMENT {
-            let coefficient_normal_form =
-                Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441);
-            b.coefficients[i] =
-                Vector::barrett_reduce(Vector::sub(self.coefficients[i], &coefficient_normal_form));
-        }
-        b
+    pub(crate) fn subtract_reduce(&self, b: Self) -> Self {
+        subtract_reduce(self, b)
     }
 
     #[inline(always)]
-    pub(crate) fn add_message_error_reduce(&self, message: &Self, mut result: Self) -> Self {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-        hax_lib::fstar!("admit ()");
-        for i in 0..VECTORS_IN_RING_ELEMENT {
-            let coefficient_normal_form =
-                Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441);
-
-            // FIXME: Eurydice crashes with:
-            //
-            // Warning 11: in top-level declaration libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: this expression is not Low*; the enclosing function cannot be translated into C*: let mutable ret(Mark.Present,(Mark.AtMost 2), ): int16_t[16size_t] = $any in
-            // libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add ((@9: libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] &(((@8: libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) @0;
-            // @0
-            // Warning 11 is fatal, exiting.
-            //
-            // On the following code:
-
-            // ```rust
-            // result.coefficients[i] = Vector::barrett_reduce(Vector::add(
-            //     coefficient_normal_form,
-            //     &Vector::add(self.coefficients[i], &message.coefficients[i]),
-            // ));
-            // ```
-
-            let tmp = Vector::add(self.coefficients[i], &message.coefficients[i]);
-            let tmp = Vector::add(coefficient_normal_form, &tmp);
-            result.coefficients[i] = Vector::barrett_reduce(tmp);
-        }
-        result
+    pub(crate) fn add_message_error_reduce(&self, message: &Self, result: Self) -> Self {
+        add_message_error_reduce(self, message, result)
     }
 
     #[inline(always)]
     pub(crate) fn add_error_reduce(&mut self, error: &Self) {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-        hax_lib::fstar!("admit ()");
-        // The semicolon and parentheses at the end of loop are a workaround
-        // for the following bug https://github.com/hacspec/hax/issues/720
-        for j in 0..VECTORS_IN_RING_ELEMENT {
-            let coefficient_normal_form =
-                Vector::montgomery_multiply_by_constant(self.coefficients[j], 1441);
-
-            self.coefficients[j] = Vector::barrett_reduce(Vector::add(
-                coefficient_normal_form,
-                &error.coefficients[j],
-            ));
-        }
-        ()
+        add_error_reduce(self, error);
     }
 
     #[inline(always)]
     pub(crate) fn add_standard_error_reduce(&mut self, error: &Self) {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-        hax_lib::fstar!("admit ()");
-        // The semicolon and parentheses at the end of loop are a workaround
-        // for the following bug https://github.com/hacspec/hax/issues/720
-        for j in 0..VECTORS_IN_RING_ELEMENT {
-            // The coefficients are of the form aR^{-1} mod q, which means
-            // calling to_montgomery_domain() on them should return a mod q.
-            let coefficient_normal_form = to_standard_domain::<Vector>(self.coefficients[j]);
-
-            self.coefficients[j] = Vector::barrett_reduce(Vector::add(
-                coefficient_normal_form,
-                &error.coefficients[j],
-            ));
-        }
-        ()
-    }
-
-    /// Given two `KyberPolynomialRingElement`s in their NTT representations,
-    /// compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
-    /// the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
-    ///
-    /// ```plaintext
-    /// ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - ζ^(2·BitRev₇(i) + 1))
-    /// ```
-    ///
-    /// This function almost implements <strong>Algorithm 10</strong> of the
-    /// NIST FIPS 203 standard, which is reproduced below:
-    ///
-    /// ```plaintext
-    /// Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
-    /// Output: An array ĥ ∈ ℤq.
-    ///
-    /// for(i ← 0; i < 128; i++)
-    ///     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], ζ^(2·BitRev₇(i) + 1))
-    /// end for
-    /// return ĥ
-    /// ```
-    /// We say "almost" because the coefficients of the ring element output by
-    /// this function are in the Montgomery domain.
-    ///
-    /// The NIST FIPS 203 standard can be found at
-    /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
-    // TODO: Remove or replace with something that works and is useful for the proof.
-    // #[cfg_attr(hax, hax_lib::requires(
-    //     hax_lib::forall(|i:usize|
-    //         hax_lib::implies(i < COEFFICIENTS_IN_RING_ELEMENT, ||
-    //             (lhs.coefficients[i] >= 0 && lhs.coefficients[i] < 4096) &&
-    //             (rhs.coefficients[i].abs() <= FIELD_MODULUS)
-
-    // ))))]
-    // #[cfg_attr(hax, hax_lib::ensures(|result|
-    //     hax_lib::forall(|i:usize|
-    //         hax_lib::implies(i < result.coefficients.len(), ||
-    //                 result.coefficients[i].abs() <= FIELD_MODULUS
-    // ))))]
+        add_standard_error_reduce(self, error);
+    }
+
     #[inline(always)]
     pub(crate) fn ntt_multiply(&self, rhs: &Self) -> Self {
-        // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-        hax_lib::fstar!("admit ()");
-        // hax_debug_debug_assert!(lhs
-        //     .coefficients
-        //     .into_iter()
-        //     .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-
-        let mut out = PolynomialRingElement::ZERO();
-
-        for i in 0..VECTORS_IN_RING_ELEMENT {
-            out.coefficients[i] = Vector::ntt_multiply(
-                &self.coefficients[i],
-                &rhs.coefficients[i],
-                get_zeta(64 + 4 * i),
-                get_zeta(64 + 4 * i + 1),
-                get_zeta(64 + 4 * i + 2),
-                get_zeta(64 + 4 * i + 3),
-            );
-        }
-
-        out
+        ntt_multiply(self, rhs)
     }
 }

From 18c6c50d3bfd31d3c6b30ea28f10ebadcfb09d5c Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 4 Dec 2024 15:56:44 +0100
Subject: [PATCH 060/142] f* refresh\

---
 .../extraction/Libcrux_ml_kem.Polynomial.fst  | 38 +++++++++++++----
 .../fstar/spec/Spec.MLKEM.Instances.fst       |  1 +
 libcrux-ml-kem/src/polynomial.rs              | 41 ++++++++-----------
 3 files changed, 47 insertions(+), 33 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
index 266113065..b09d2b7d2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
@@ -14,6 +14,8 @@ let get_zeta (i: usize) =
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
+#push-options "--admit_smt_queries true"
+
 let add_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -21,7 +23,6 @@ let add_error_reduce
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (myself error: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
   let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -65,6 +66,8 @@ let add_error_reduce
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   myself
 
+#pop-options
+
 let impl_2__add_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -75,6 +78,8 @@ let impl_2__add_error_reduce
   let self:t_PolynomialRingElement v_Vector = add_error_reduce #v_Vector self error in
   self
 
+#push-options "--admit_smt_queries true"
+
 let add_message_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -82,7 +87,6 @@ let add_message_error_reduce
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (myself message result: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
   let result:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -132,6 +136,8 @@ let add_message_error_reduce
   in
   result
 
+#pop-options
+
 let impl_2__add_message_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -140,6 +146,8 @@ let impl_2__add_message_error_reduce
       (self message result: t_PolynomialRingElement v_Vector)
      = add_message_error_reduce #v_Vector self message result
 
+#push-options "--admit_smt_queries true"
+
 let add_standard_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -147,7 +155,6 @@ let add_standard_error_reduce
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (myself error: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
   let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -189,6 +196,8 @@ let add_standard_error_reduce
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   myself
 
+#pop-options
+
 let impl_2__add_standard_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -199,6 +208,8 @@ let impl_2__add_standard_error_reduce
   let self:t_PolynomialRingElement v_Vector = add_standard_error_reduce #v_Vector self error in
   self
 
+#push-options "--admit_smt_queries true"
+
 let poly_barrett_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -206,7 +217,6 @@ let poly_barrett_reduce
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (myself: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
   let myself:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -238,6 +248,8 @@ let poly_barrett_reduce
   let hax_temp_output:Prims.unit = () <: Prims.unit in
   myself
 
+#pop-options
+
 let impl_2__poly_barrett_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -248,6 +260,8 @@ let impl_2__poly_barrett_reduce
   let self:t_PolynomialRingElement v_Vector = poly_barrett_reduce #v_Vector self in
   self
 
+#push-options "--admit_smt_queries true"
+
 let subtract_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -255,7 +269,6 @@ let subtract_reduce
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (myself b: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
   let b:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       v_VECTORS_IN_RING_ELEMENT
@@ -298,6 +311,8 @@ let subtract_reduce
   in
   b
 
+#pop-options
+
 let impl_2__subtract_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -399,6 +414,8 @@ let impl_2__from_i16_array
       (a: t_Slice i16)
      = from_i16_array #v_Vector a
 
+#push-options "--admit_smt_queries true"
+
 let ntt_multiply
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -406,7 +423,6 @@ let ntt_multiply
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (myself rhs: t_PolynomialRingElement v_Vector)
      =
-  let _:Prims.unit = admit () in
   let out:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in
   let out:t_PolynomialRingElement v_Vector =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
@@ -443,6 +459,8 @@ let ntt_multiply
   in
   out
 
+#pop-options
+
 let impl_2__ntt_multiply
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -451,6 +469,8 @@ let impl_2__ntt_multiply
       (self rhs: t_PolynomialRingElement v_Vector)
      = ntt_multiply #v_Vector self rhs
 
+#push-options "--admit_smt_queries true"
+
 let add_to_ring_element
       (#v_Vector: Type0)
       (v_K: usize)
@@ -488,11 +508,11 @@ let add_to_ring_element
           <:
           t_PolynomialRingElement v_Vector)
   in
-  let result:Prims.unit = () <: Prims.unit in
-  let _:Prims.unit = admit () (* Panic freedom *) in
-  let hax_temp_output:Prims.unit = result in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   myself
 
+#pop-options
+
 let impl_2__add_to_ring_element
       (#v_Vector: Type0)
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst
index f598ee0ff..b5a7ff8c5 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst
@@ -18,6 +18,7 @@ let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)):
 
 let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)):
                          (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) & bool =
+    assert (v_CPA_CIPHERTEXT_SIZE mlkem768_rank == sz 1088); 
     ind_cca_encapsulate mlkem768_rank public_key randomness
 
 let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)):
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index 3d1c3b06e..ec0e013d6 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -66,7 +66,7 @@ pub(crate) struct PolynomialRingElement<Vector: Operations> {
 
 
 #[allow(non_snake_case)]
-pub(crate) fn ZERO<Vector: Operations>() -> PolynomialRingElement<Vector> {
+fn ZERO<Vector: Operations>() -> PolynomialRingElement<Vector> {
     PolynomialRingElement {
         // FIXME:  The THIR body of item DefId(0:415 ~ libcrux_ml_kem[9000]::polynomial::{impl#0}::ZERO::{constant#0}) was stolen.
         coefficients: [Vector::ZERO(); 16],
@@ -75,7 +75,7 @@ pub(crate) fn ZERO<Vector: Operations>() -> PolynomialRingElement<Vector> {
 
 #[inline(always)]
 #[hax_lib::requires(VECTORS_IN_RING_ELEMENT * 16 <= a.len())]
-pub(crate) fn from_i16_array<Vector: Operations>(a: &[i16]) -> PolynomialRingElement<Vector> {
+fn from_i16_array<Vector: Operations>(a: &[i16]) -> PolynomialRingElement<Vector> {
     let mut result = ZERO();
     for i in 0..VECTORS_IN_RING_ELEMENT {
         result.coefficients[i] = Vector::from_i16_array(&a[i * 16..(i + 1) * 16]);
@@ -86,8 +86,8 @@ pub(crate) fn from_i16_array<Vector: Operations>(a: &[i16]) -> PolynomialRingEle
 /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
 /// sum of their constituent coefficients.
 #[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
-pub(crate) fn add_to_ring_element<Vector: Operations, const K: usize>(myself: &mut PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) {
+#[hax_lib::fstar::verification_status(lax)]
+fn add_to_ring_element<Vector: Operations, const K: usize>(myself: &mut PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) {
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for i in 0..myself.coefficients.len() {
@@ -97,9 +97,9 @@ pub(crate) fn add_to_ring_element<Vector: Operations, const K: usize>(myself: &m
 }
 
 #[inline(always)]
-pub fn poly_barrett_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>) {
+#[hax_lib::fstar::verification_status(lax)]
+fn poly_barrett_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>) {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-    hax_lib::fstar!("admit ()");
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for i in 0..VECTORS_IN_RING_ELEMENT {
@@ -109,9 +109,9 @@ pub fn poly_barrett_reduce<Vector: Operations>(myself: &mut PolynomialRingElemen
 }
 
 #[inline(always)]
-pub(crate) fn subtract_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, mut b: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+#[hax_lib::fstar::verification_status(lax)]
+fn subtract_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, mut b: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-    hax_lib::fstar!("admit ()");
     for i in 0..VECTORS_IN_RING_ELEMENT {
         let coefficient_normal_form =
             Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441);
@@ -122,9 +122,9 @@ pub(crate) fn subtract_reduce<Vector: Operations>(myself: &PolynomialRingElement
 }
 
 #[inline(always)]
-pub(crate) fn add_message_error_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, message: &PolynomialRingElement<Vector>, mut result: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+#[hax_lib::fstar::verification_status(lax)]
+fn add_message_error_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, message: &PolynomialRingElement<Vector>, mut result: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-    hax_lib::fstar!("admit ()");
     for i in 0..VECTORS_IN_RING_ELEMENT {
         let coefficient_normal_form =
             Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441);
@@ -153,9 +153,9 @@ pub(crate) fn add_message_error_reduce<Vector: Operations>(myself: &PolynomialRi
 }
 
 #[inline(always)]
-pub(crate) fn add_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
+#[hax_lib::fstar::verification_status(lax)]
+fn add_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-    hax_lib::fstar!("admit ()");
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for j in 0..VECTORS_IN_RING_ELEMENT {
@@ -171,9 +171,9 @@ pub(crate) fn add_error_reduce<Vector: Operations>(myself: &mut PolynomialRingEl
 }
 
 #[inline(always)]
-pub(crate) fn add_standard_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
+#[hax_lib::fstar::verification_status(lax)]
+fn add_standard_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-    hax_lib::fstar!("admit ()");
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for j in 0..VECTORS_IN_RING_ELEMENT {
@@ -228,14 +228,8 @@ pub(crate) fn add_standard_error_reduce<Vector: Operations>(myself: &mut Polynom
 //                 result.coefficients[i].abs() <= FIELD_MODULUS
 // ))))]
 #[inline(always)]
-pub(crate) fn ntt_multiply<Vector: Operations>(myself: &PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
-    // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
-    hax_lib::fstar!("admit ()");
-    // hax_debug_debug_assert!(lhs
-    //     .coefficients
-    //     .into_iter()
-    //     .all(|coefficient| coefficient >= 0 && coefficient < 4096));
-
+#[hax_lib::fstar::verification_status(lax)]
+fn ntt_multiply<Vector: Operations>(myself: &PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
     let mut out = ZERO();
 
     for i in 0..VECTORS_IN_RING_ELEMENT {
@@ -257,7 +251,6 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     #[allow(non_snake_case)]
     pub(crate) fn ZERO() -> Self {
         Self {
-            // FIXME:  The THIR body of item DefId(0:415 ~ libcrux_ml_kem[9000]::polynomial::{impl#0}::ZERO::{constant#0}) was stolen.
             coefficients: [Vector::ZERO(); 16],
         }
     }
@@ -276,7 +269,7 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     }
 
     #[inline(always)]
-    pub fn poly_barrett_reduce(&mut self) {
+    pub(crate) fn poly_barrett_reduce(&mut self) {
         poly_barrett_reduce(self);
     }
 

From bcca5409deb61aaed96219c46d12d1ba2b6dfb7c Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 4 Dec 2024 15:11:26 +0000
Subject: [PATCH 061/142] bitveveq

---
 fstar-helpers/fstar-bitvec/BitVecEq.fsti | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fsti b/fstar-helpers/fstar-bitvec/BitVecEq.fsti
index c370f28bf..6792f2b29 100644
--- a/fstar-helpers/fstar-bitvec/BitVecEq.fsti
+++ b/fstar-helpers/fstar-bitvec/BitVecEq.fsti
@@ -1,5 +1,5 @@
 module BitVecEq
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
 open Core
 open FStar.Mul
 open MkSeq
@@ -72,7 +72,7 @@ let int_t_array_bitwise_eq
 //                                 else get_bit_nat (pow2 (bits n) + v x) (v nth))
 //     with get_bit_intro #n x nth
 
-#push-options "--fuel 0 --ifuel 0 --z3rlimit 80"
+#push-options "--fuel 0 --ifuel 0 --z3rlimit 150"
 /// Rewrite a `bit_vec_of_int_t_array (Seq.slice arr ...)` into a `bit_vec_sub ...`
 let int_t_seq_slice_to_bv_sub_lemma #t #n 
   (arr: t_Array (int_t t) n)

From 4ac64bcaafdda062b617d491b4bd7bc65dd94a24 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 4 Dec 2024 20:28:28 +0000
Subject: [PATCH 062/142] status

---
 .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst    | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst  | 2 +-
 .../extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst   | 1 +
 .../Libcrux_ml_kem.Vector.Portable.Arithmetic.fst         | 2 +-
 libcrux-ml-kem/src/polynomial.rs                          | 8 ++++----
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
index ee9e56c50..a6ffee609 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst
@@ -235,7 +235,7 @@ let serialize_kem_secret_key
 
 #pop-options
 
-#push-options "--z3rlimit 300 --ext context_pruning --split_queries always"
+#push-options "--z3rlimit 300"
 
 let encapsulate
       (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
index cba0ea581..6f960e706 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
@@ -184,7 +184,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
 
 #pop-options
 
-#push-options "--z3rlimit 250"
+#push-options "--z3rlimit 200"
 
 let montgomery_multiply_by_constant
       (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
index 00fb6832a..b0c197583 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
@@ -38,6 +38,7 @@ let deserialize_1_ (bytes: t_Slice u8) =
   deserialize_1___deserialize_1_u8s (bytes.[ sz 0 ] <: u8) (bytes.[ sz 1 ] <: u8)
 
 [@@"opaque_to_smt"]
+
 let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) =
   let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b7 b7 b6 b6 b5 b5 b4 b4 b3 b3 b2 b2 b1 b1 b0 b0
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
index f400f5ccd..9f607fddd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
@@ -28,7 +28,7 @@ let get_n_least_significant_bits (n: u8) (value: u32) =
 
 #pop-options
 
-#push-options "--z3rlimit 200"
+#push-options "--z3rlimit 150"
 
 let barrett_reduce_element (value: i16) =
   let t:i32 =
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index 050269f8e..f4e8ca204 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -237,10 +237,10 @@ fn ntt_multiply<Vector: Operations>(myself: &PolynomialRingElement<Vector>, rhs:
         out.coefficients[i] = Vector::ntt_multiply(
             &myself.coefficients[i],
             &rhs.coefficients[i],
-            get_zeta(64 + 4 * i),
-            get_zeta(64 + 4 * i + 1),
-            get_zeta(64 + 4 * i + 2),
-            get_zeta(64 + 4 * i + 3),
+            zeta(64 + 4 * i),
+            zeta(64 + 4 * i + 1),
+            zeta(64 + 4 * i + 2),
+            zeta(64 + 4 * i + 3),
         );
     }
 

From 56424227da2a4d6bc1004cae1ad0694d331cf099 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 5 Dec 2024 07:34:36 +0000
Subject: [PATCH 063/142] wip; started cleanup hashing

---
 libcrux-ml-dsa/cg.yaml               | 45 ++++++++-------
 libcrux-ml-dsa/cg/code_gen.txt       |  2 +-
 libcrux-ml-dsa/cg/header.txt         |  2 +-
 libcrux-ml-dsa/src/hash_functions.rs | 84 +++++++++++++++++++---------
 libcrux-ml-dsa/src/ml_dsa_generic.rs | 12 ++--
 libcrux-ml-dsa/src/polynomial.rs     |  3 +
 libcrux-ml-dsa/src/sample.rs         |  2 +-
 7 files changed, 93 insertions(+), 57 deletions(-)

diff --git a/libcrux-ml-dsa/cg.yaml b/libcrux-ml-dsa/cg.yaml
index 76d5bf23d..717d14827 100644
--- a/libcrux-ml-dsa/cg.yaml
+++ b/libcrux-ml-dsa/cg.yaml
@@ -45,26 +45,6 @@ files:
       monomorphizations_using:
         - [libcrux_sha3, "*"]
 
-  # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
-  - name: libcrux_core
-    inline_static: true
-    private:
-      monomorphizations_of:
-        - [core, "*"]
-        - [libcrux_ml_dsa, types, "*"]
-        - [libcrux_ml_dsa, utils, "*" ]
-      monomorphizations_using:
-        - [Eurydice, "*" ]
-        - [libcrux_ml_dsa, types, "*"]
-      patterns:
-        - [core, "*"]
-        - [libcrux_ml_dsa, types, "*" ]
-        - [libcrux_ml_dsa, constants ]
-        - [libcrux_ml_dsa, utils, "*" ]
-        - [libcrux_ml_dsa, simd, traits ]
-    api:
-      - [Eurydice, "*"]
-
   # MLDSA-65
 
   - name: libcrux_mldsa65_avx2
@@ -78,6 +58,7 @@ files:
         - [libcrux_ml_dsa, hash_functions, simd256, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, avx2, "*"]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, avx2, "*"]
+        # - [core, option, Option_c4]
         # - [libcrux_ml_dsa, polynomial, "*" ]
       monomorphizations_of:
         - [libcrux_ml_dsa, simd, avx2, "*"]
@@ -97,17 +78,41 @@ files:
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
+        - [core, option, Option_84]
       monomorphizations_of:
         - [libcrux_ml_dsa, polynomial, "*" ]
         - [libcrux_ml_dsa, simd, "*"]
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, portable]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
+        - [core, option, Option_84]
       monomorphizations_using:
         - [libcrux_ml_dsa, polynomial, "*" ]
         - [libcrux_ml_dsa, simd, "*"]
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
+        - [core, option, Option_84]
+
+
+  # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
+  - name: libcrux_core
+    inline_static: true
+    private:
+      monomorphizations_of:
+        - [core, "*"]
+        - [libcrux_ml_dsa, types, "*"]
+        - [libcrux_ml_dsa, utils, "*" ]
+      monomorphizations_using:
+        - [Eurydice, "*" ]
+        - [libcrux_ml_dsa, types, "*"]
+      patterns:
+        - [core, "*"]
+        - [libcrux_ml_dsa, types, "*" ]
+        - [libcrux_ml_dsa, constants ]
+        - [libcrux_ml_dsa, utils, "*" ]
+        - [libcrux_ml_dsa, simd, traits ]
+    api:
+      - [Eurydice, "*"]
 
 naming:
   skip_prefix:
diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 19672611e..c7ae67f4f 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: ef3ee2539580595003c62a749034ae0c76d22a0d
+Libcrux: ebd9959e4b3ba3155e1f0225ac0764b1a8657d7f
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index cd14c7d06..a2b69ee7f 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: ef3ee2539580595003c62a749034ae0c76d22a0d
+ * Libcrux: ebd9959e4b3ba3155e1f0225ac0764b1a8657d7f
  */
diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs
index eff5d6aeb..3f79da352 100644
--- a/libcrux-ml-dsa/src/hash_functions.rs
+++ b/libcrux-ml-dsa/src/hash_functions.rs
@@ -6,7 +6,7 @@ pub(crate) mod shake256 {
 
     pub(crate) trait Xof {
         fn shake256<const OUTPUT_LENGTH: usize>(input: &[u8], out: &mut [u8; OUTPUT_LENGTH]);
-        fn init_absorb(input: &[u8]) -> Self;
+        fn init_absorb_final(input: &[u8]) -> Self;
         // TODO: There should only be a `squeeze_block`
         fn squeeze_first_block(&mut self) -> [u8; BLOCK_SIZE];
         fn squeeze_next_block(&mut self) -> [u8; BLOCK_SIZE];
@@ -77,8 +77,10 @@ pub(crate) mod shake128 {
 /// A portable implementation of [`shake128::Xof`] and [`shake256::Xof`].
 pub(crate) mod portable {
     use super::{shake128, shake256};
-    use libcrux_sha3::portable::incremental;
-    use libcrux_sha3::portable::KeccakState;
+    use libcrux_sha3::portable::{
+        incremental::{self, XofAbsorb, XofSqueeze},
+        KeccakState,
+    };
 
     /// Portable SHAKE 128 x4 state.
     ///
@@ -206,7 +208,7 @@ pub(crate) mod portable {
     }
 
     #[inline(always)]
-    fn init_absorb_shake256(input: &[u8]) -> Shake256 {
+    fn init_absorb_final_shake256(input: &[u8]) -> Shake256 {
         let mut state = incremental::shake256_init();
         incremental::shake256_absorb_final(&mut state, input);
         Shake256 { state }
@@ -232,11 +234,21 @@ pub(crate) mod portable {
             shake256(input, out);
         }
 
+        #[inline(always)]
+        fn init_absorb_final(input: &[u8]) -> Self {
+            init_absorb_final_shake256(input)
+        }
+
         #[inline(always)]
         fn init_absorb(input: &[u8]) -> Self {
             init_absorb_shake256(input)
         }
 
+        #[inline(always)]
+        fn absorb(input: &[u8]) -> Self {
+            absorb_shake256(self, input)
+        }
+
         #[inline(always)]
         fn squeeze_first_block(&mut self) -> [u8; shake256::BLOCK_SIZE] {
             squeeze_first_block_shake256(self)
@@ -373,39 +385,39 @@ pub(crate) mod portable {
 
     #[cfg_attr(hax, hax_lib::opaque_type)]
     pub(crate) struct Shake256Absorb {
-        state: libcrux_sha3::portable::incremental::Shake256Absorb,
+        state: incremental::Shake256Absorb,
     }
 
-    #[cfg_attr(hax, hax_lib::opaque_type)]
-    pub(crate) struct Shake256Squeeze {
-        state: libcrux_sha3::portable::incremental::Shake256Squeeze,
-    }
+    impl Shake256Absorb {
+        #[inline(always)]
+        pub(crate) fn init() -> Shake256Absorb {
+            Shake256Absorb {
+                state: incremental::Shake256Absorb::new(),
+            }
+        }
 
-    use libcrux_sha3::portable::incremental::{XofAbsorb, XofSqueeze};
+        #[inline(always)]
+        pub(crate) fn absorb(st: &mut Shake256Absorb, input: &[u8]) {
+            st.state.absorb(input)
+        }
 
-    #[inline(always)]
-    pub(crate) fn shake256_init() -> Shake256Absorb {
-        Shake256Absorb {
-            state: libcrux_sha3::portable::incremental::Shake256Absorb::new(),
+        #[inline(always)]
+        pub(crate) fn absorb_final(st: Shake256Absorb, input: &[u8]) -> Shake256Squeeze {
+            st.state.absorb_final(input)
         }
     }
 
-    #[inline(always)]
-    pub(crate) fn shake256_absorb(st: &mut Shake256Absorb, input: &[u8]) {
-        st.state.absorb(input)
+    #[cfg_attr(hax, hax_lib::opaque_type)]
+    pub(crate) struct Shake256Squeeze {
+        state: incremental::Shake256Squeeze,
     }
 
-    #[inline(always)]
-    pub(crate) fn shake256_absorb_final(st: Shake256Absorb, input: &[u8]) -> Shake256Squeeze {
-        Shake256Squeeze {
-            state: st.state.absorb_final(input),
+    impl Shake256Squeeze {
+        #[inline(always)]
+        pub(crate) fn shake256_squeeze(st: &mut Shake256Squeeze, out: &mut [u8]) {
+            st.state.squeeze(out)
         }
     }
-
-    #[inline(always)]
-    pub(crate) fn shake256_squeeze(st: &mut Shake256Squeeze, out: &mut [u8]) {
-        st.state.squeeze(out)
-    }
 }
 
 /// A SIMD256 implementation of [`shake128::XofX4`] and [`shake256::Xof`] for AVX2.
@@ -516,13 +528,21 @@ pub(crate) mod simd256 {
     }
 
     #[inline(always)]
-    fn init_absorb_shake256(input: &[u8]) -> Shake256 {
+    fn init_absorb_final_shake256(input: &[u8]) -> Shake256 {
         let mut state = libcrux_sha3::portable::incremental::shake256_init();
         libcrux_sha3::portable::incremental::shake256_absorb_final(&mut state, input);
 
         Shake256 { state }
     }
 
+    #[inline(always)]
+    fn init_absorb_shake256(input: &[u8]) -> Shake256 {
+        let mut state = libcrux_sha3::portable::incremental::shake256_init();
+        libcrux_sha3::portable::incremental::shake256_absorb(&mut state, input);
+
+        Shake256 { state }
+    }
+
     #[inline(always)]
     fn squeeze_first_block_shake256(state: &mut Shake256) -> [u8; shake256::BLOCK_SIZE] {
         let mut out = [0u8; shake256::BLOCK_SIZE];
@@ -549,11 +569,21 @@ pub(crate) mod simd256 {
             shake256(input, out)
         }
 
+        #[inline(always)]
+        fn init_absorb_final(input: &[u8]) -> Self {
+            init_absorb_final_shake256(input)
+        }
+
         #[inline(always)]
         fn init_absorb(input: &[u8]) -> Self {
             init_absorb_shake256(input)
         }
 
+        #[inline(always)]
+        fn absorb(input: &[u8]) -> Self {
+            absorb_shake256(self, input)
+        }
+
         #[inline(always)]
         fn squeeze_first_block(&mut self) -> [u8; shake256::BLOCK_SIZE] {
             squeeze_first_block_shake256(self)
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index c39df87a9..2bbb00b30 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -4,10 +4,7 @@ use crate::{
     },
     constants::*,
     encoding::{self, signature::Signature},
-    hash_functions::{
-        portable::{shake256_absorb, shake256_absorb_final, shake256_init, shake256_squeeze},
-        shake128, shake256,
-    },
+    hash_functions::{portable::Shake256, shake128, shake256},
     matrix::{
         add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors,
         vector_times_ring_element,
@@ -45,9 +42,10 @@ pub(crate) fn generate_key_pair<
 ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
     // 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE
     let mut seed_expanded = [0; 128];
-    let mut shake = shake256_init();
-    shake256_absorb(&mut shake, &randomness);
-    let mut shake = shake256_absorb_final(shake, &[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
+    let mut shake = Shake256::init_absorb(&randomness);
+    // let mut shake = shake256_absorb_final(shake, &[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
+    shake.absorb(&[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
+
     shake256_squeeze(&mut shake, &mut seed_expanded);
 
     let (seed_for_a, seed_expanded) = seed_expanded.split_at(SEED_FOR_A_SIZE);
diff --git a/libcrux-ml-dsa/src/polynomial.rs b/libcrux-ml-dsa/src/polynomial.rs
index 205e2f7f6..26c033ad5 100644
--- a/libcrux-ml-dsa/src/polynomial.rs
+++ b/libcrux-ml-dsa/src/polynomial.rs
@@ -7,6 +7,9 @@ use crate::{
 pub(crate) struct PolynomialRingElement<SIMDUnit: Operations> {
     pub(crate) simd_units: [SIMDUnit; SIMD_UNITS_IN_RING_ELEMENT],
 }
+
+pub type OptionalRingElement<SIMDUnit> = Option<PolynomialRingElement<SIMDUnit>>;
+
 impl<SIMDUnit: Operations> PolynomialRingElement<SIMDUnit> {
     #[allow(non_snake_case)]
     pub(crate) fn ZERO() -> Self {
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 16f2b1f65..f9de41a1b 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -459,7 +459,7 @@ pub(crate) fn sample_challenge_ring_element<
 >(
     seed: [u8; SEED_SIZE],
 ) -> PolynomialRingElement<SIMDUnit> {
-    let mut state = Shake256::init_absorb(&seed);
+    let mut state = Shake256::init_absorb_final(&seed);
     let randomness = state.squeeze_first_block();
 
     let mut signs = u64::from_le_bytes(randomness[0..8].try_into().unwrap());

From 0d5c258fdd7bbd0ebbb9f116707e61c7a33d686e Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Thu, 5 Dec 2024 12:09:08 +0100
Subject: [PATCH 064/142] rlimit

---
 libcrux-ml-kem/hax.py                         |   2 +-
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     |   2 +-
 .../fstar/extraction/Libcrux_ml_kem.Types.fst | 357 +++++++++++++++-
 .../extraction/Libcrux_ml_kem.Types.fsti      | 391 ------------------
 4 files changed, 345 insertions(+), 407 deletions(-)
 delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti

diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py
index 4855a507b..d7bbc38aa 100755
--- a/libcrux-ml-kem/hax.py
+++ b/libcrux-ml-kem/hax.py
@@ -85,7 +85,7 @@ def __call__(self, parser, args, values, option_string=None) -> None:
             "+:libcrux_ml_kem::hash_functions::*::*",
         ]
         include_str = " ".join(includes)
-        interface_include = "+**"
+        interface_include = "+** -libcrux_ml_kem::types"
         cargo_hax_into = [
             "cargo",
             "hax",
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 073e16e7d..25428a076 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -12,7 +12,7 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-#push-options "--ext context_pruning"
+#push-options "--z3rlimit 120 --ext context_pruning"
 
 let deserialize_secret_key
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
index 5748d2562..d4dea7527 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst
@@ -3,37 +3,178 @@ module Libcrux_ml_kem.Types
 open Core
 open FStar.Mul
 
-let impl_6__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
+/// The number of bytes
+let impl_6__len (v_SIZE: usize) (_: Prims.unit) : usize = v_SIZE
 
-let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
+/// The number of bytes
+let impl_13__len (v_SIZE: usize) (_: Prims.unit) : usize = v_SIZE
 
-let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
+/// The number of bytes
+let impl_20__len (v_SIZE: usize) (_: Prims.unit) : usize = v_SIZE
 
-let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value
+///An ML-KEM Ciphertext
+type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
-let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemCiphertext v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
+  }
+
+/// A reference to the raw byte slice.
+let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
+    : Prims.Pure (t_Array u8 v_SIZE)
+      Prims.l_True
+      (ensures
+        fun result ->
+          let result:t_Array u8 v_SIZE = result in
+          result == self.f_value) = self.f_value
+
+///An ML-KEM Private key
+type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPrivateKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
+  }
 
-let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
+  }
+
+/// A reference to the raw byte slice.
+let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
+    : Prims.Pure (t_Array u8 v_SIZE)
+      Prims.l_True
+      (ensures
+        fun result ->
+          let result:t_Array u8 v_SIZE = result in
+          result == self.f_value) = self.f_value
+
+///An ML-KEM Public key
+type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_from
+    =
+    fun (value: t_Array u8 v_SIZE) ->
+      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
+      <:
+      t_MlKemPublicKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
+    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
+    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+  {
+    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
+    f_from_post
+    =
+    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
+    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
+  }
+
+/// A reference to the raw byte slice.
+let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
+    : Prims.Pure (t_Array u8 v_SIZE)
+      Prims.l_True
+      (ensures
+        fun result ->
+          let result:t_Array u8 v_SIZE = result in
+          result == self.f_value) = self.f_value
+
+/// An ML-KEM key pair
+type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = {
+  f_sk:t_MlKemPrivateKey v_PRIVATE_KEY_SIZE;
+  f_pk:t_MlKemPublicKey v_PUBLIC_KEY_SIZE
+}
+
+/// Create a new [`MlKemKeyPair`] from the secret and public key.
 let impl_21__from
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
       (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-     = { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
+    : Prims.Pure (t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+      Prims.l_True
+      (ensures
+        fun result ->
+          let result:t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = result in
+          result.f_sk == sk /\ result.f_pk == pk) =
+  { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
 
+/// Separate this key into the public and private key.
 let impl_21__into_parts
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-     =
+    : (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) =
   self.f_sk, self.f_pk
   <:
   (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
 
+/// Creates a new [`MlKemKeyPair`].
 let impl_21__new
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (sk: t_Array u8 v_PRIVATE_KEY_SIZE)
       (pk: t_Array u8 v_PUBLIC_KEY_SIZE)
-     =
+    : t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
   {
     f_sk
     =
@@ -51,27 +192,60 @@ let impl_21__new
   <:
   t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
 
+/// Get a reference to the raw public key bytes.
 let impl_21__pk
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-     = impl_20__as_slice v_PUBLIC_KEY_SIZE self.f_pk
+    : t_Array u8 v_PUBLIC_KEY_SIZE = impl_20__as_slice v_PUBLIC_KEY_SIZE self.f_pk
 
+/// Get a reference to the [`MlKemPrivateKey<PRIVATE_KEY_SIZE>`].
 let impl_21__private_key
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-     = self.f_sk
+    : t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = self.f_sk
 
+/// Get a reference to the [`MlKemPublicKey<PUBLIC_KEY_SIZE>`].
 let impl_21__public_key
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-     = self.f_pk
+    : t_MlKemPublicKey v_PUBLIC_KEY_SIZE = self.f_pk
 
+/// Get a reference to the raw private key bytes.
 let impl_21__sk
       (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
       (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-     = impl_13__as_slice v_PRIVATE_KEY_SIZE self.f_sk
+    : t_Array u8 v_PRIVATE_KEY_SIZE = impl_13__as_slice v_PRIVATE_KEY_SIZE self.f_sk
 
-let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8) =
+/// Unpack an incoming private key into it\'s different parts.
+/// We have this here in types to extract into a common core for C.
+let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8)
+    : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
+      (requires
+        Seq.length private_key >=
+        v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)
+      (ensures
+        fun result ->
+          let result:(t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) = result in
+          let ind_cpa_secret_key_s, rest = split private_key v_CPA_SECRET_KEY_SIZE in
+          let ind_cpa_public_key_s, rest = split rest v_PUBLIC_KEY_SIZE in
+          let ind_cpa_public_key_hash_s, implicit_rejection_value_s =
+            split rest Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
+          in
+          let
+          ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value
+          =
+            result
+          in
+          ind_cpa_secret_key_s == ind_cpa_secret_key /\ ind_cpa_public_key_s == ind_cpa_public_key /\
+          ind_cpa_public_key_hash_s == ind_cpa_public_key_hash /\
+          implicit_rejection_value_s == implicit_rejection_value /\
+          Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\
+          Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\
+          Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\
+          Seq.length implicit_rejection_value ==
+          Seq.length private_key -
+          (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE +
+            v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)) =
   let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) =
     Core.Slice.impl__split_at #u8 private_key v_CPA_SECRET_KEY_SIZE
   in
@@ -85,3 +259,158 @@ let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private
   <:
   (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
+  {
+    f_default_pre = (fun (_: Prims.unit) -> true);
+    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
+    f_default
+    =
+    fun (_: Prims.unit) ->
+      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
+    f_as_ref_post
+    =
+    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
+    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+  {
+    f_Error = Core.Array.t_TryFromSliceError;
+    f_try_from_pre = (fun (value: t_Slice u8) -> true);
+    f_try_from_post
+    =
+    (fun
+        (value: t_Slice u8)
+        (out: Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError)
+        ->
+        true);
+    f_try_from
+    =
+    fun (value: t_Slice u8) ->
+      match
+        Core.Convert.f_try_into #(t_Slice u8)
+          #(t_Array u8 v_SIZE)
+          #FStar.Tactics.Typeclasses.solve
+          value
+      with
+      | Core.Result.Result_Ok value ->
+        Core.Result.Result_Ok ({ f_value = value } <: t_MlKemCiphertext v_SIZE)
+        <:
+        Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError
+      | Core.Result.Result_Err e ->
+        Core.Result.Result_Err e
+        <:
+        Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+  {
+    f_Error = Core.Array.t_TryFromSliceError;
+    f_try_from_pre = (fun (value: t_Slice u8) -> true);
+    f_try_from_post
+    =
+    (fun
+        (value: t_Slice u8)
+        (out: Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError)
+        ->
+        true);
+    f_try_from
+    =
+    fun (value: t_Slice u8) ->
+      match
+        Core.Convert.f_try_into #(t_Slice u8)
+          #(t_Array u8 v_SIZE)
+          #FStar.Tactics.Typeclasses.solve
+          value
+      with
+      | Core.Result.Result_Ok value ->
+        Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPrivateKey v_SIZE)
+        <:
+        Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
+      | Core.Result.Result_Err e ->
+        Core.Result.Result_Err e
+        <:
+        Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
+  }
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+  {
+    f_Error = Core.Array.t_TryFromSliceError;
+    f_try_from_pre = (fun (value: t_Slice u8) -> true);
+    f_try_from_post
+    =
+    (fun
+        (value: t_Slice u8)
+        (out: Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError)
+        ->
+        true);
+    f_try_from
+    =
+    fun (value: t_Slice u8) ->
+      match
+        Core.Convert.f_try_into #(t_Slice u8)
+          #(t_Array u8 v_SIZE)
+          #FStar.Tactics.Typeclasses.solve
+          value
+      with
+      | Core.Result.Result_Ok value ->
+        Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPublicKey v_SIZE)
+        <:
+        Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
+      | Core.Result.Result_Err e ->
+        Core.Result.Result_Err e
+        <:
+        Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
+  }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
deleted file mode 100644
index 1947307c5..000000000
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti
+++ /dev/null
@@ -1,391 +0,0 @@
-module Libcrux_ml_kem.Types
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
-open Core
-open FStar.Mul
-
-/// The number of bytes
-val impl_6__len: v_SIZE: usize -> Prims.unit
-  -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True)
-
-/// The number of bytes
-val impl_13__len: v_SIZE: usize -> Prims.unit
-  -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True)
-
-/// The number of bytes
-val impl_20__len: v_SIZE: usize -> Prims.unit
-  -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True)
-
-///An ML-KEM Ciphertext
-type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemCiphertext v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE
-  }
-
-/// A reference to the raw byte slice.
-val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE)
-    : Prims.Pure (t_Array u8 v_SIZE)
-      Prims.l_True
-      (ensures
-        fun result ->
-          let result:t_Array u8 v_SIZE = result in
-          result == self.f_value)
-
-///An ML-KEM Private key
-type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPrivateKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE
-  }
-
-/// A reference to the raw byte slice.
-val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE)
-    : Prims.Pure (t_Array u8 v_SIZE)
-      Prims.l_True
-      (ensures
-        fun result ->
-          let result:t_Array u8 v_SIZE = result in
-          result == self.f_value)
-
-///An ML-KEM Public key
-type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_from
-    =
-    fun (value: t_Array u8 v_SIZE) ->
-      { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) #FStar.Tactics.Typeclasses.solve value }
-      <:
-      t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true);
-    f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true);
-    f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
-  {
-    f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true);
-    f_from_post
-    =
-    (fun (value: t_Array u8 v_SIZE) (result: t_MlKemPublicKey v_SIZE) -> result.f_value = value);
-    f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE
-  }
-
-/// A reference to the raw byte slice.
-val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE)
-    : Prims.Pure (t_Array u8 v_SIZE)
-      Prims.l_True
-      (ensures
-        fun result ->
-          let result:t_Array u8 v_SIZE = result in
-          result == self.f_value)
-
-/// An ML-KEM key pair
-type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = {
-  f_sk:t_MlKemPrivateKey v_PRIVATE_KEY_SIZE;
-  f_pk:t_MlKemPublicKey v_PUBLIC_KEY_SIZE
-}
-
-/// Create a new [`MlKemKeyPair`] from the secret and public key.
-val impl_21__from
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
-      (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (ensures
-        fun result ->
-          let result:t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = result in
-          result.f_sk == sk /\ result.f_pk == pk)
-
-/// Separate this key into the public and private key.
-val impl_21__into_parts
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-/// Creates a new [`MlKemKeyPair`].
-val impl_21__new
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (sk: t_Array u8 v_PRIVATE_KEY_SIZE)
-      (pk: t_Array u8 v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
-/// Get a reference to the raw public key bytes.
-val impl_21__pk
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
-
-/// Get a reference to the [`MlKemPrivateKey<PRIVATE_KEY_SIZE>`].
-val impl_21__private_key
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
-
-/// Get a reference to the [`MlKemPublicKey<PUBLIC_KEY_SIZE>`].
-val impl_21__public_key
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_MlKemPublicKey v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
-
-/// Get a reference to the raw private key bytes.
-val impl_21__sk
-      (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
-      (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
-    : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
-
-/// Unpack an incoming private key into it\'s different parts.
-/// We have this here in types to extract into a common core for C.
-val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8)
-    : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8)
-      (requires
-        Seq.length private_key >=
-        v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)
-      (ensures
-        fun result ->
-          let result:(t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) = result in
-          let ind_cpa_secret_key_s, rest = split private_key v_CPA_SECRET_KEY_SIZE in
-          let ind_cpa_public_key_s, rest = split rest v_PUBLIC_KEY_SIZE in
-          let ind_cpa_public_key_hash_s, implicit_rejection_value_s =
-            split rest Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE
-          in
-          let
-          ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value
-          =
-            result
-          in
-          ind_cpa_secret_key_s == ind_cpa_secret_key /\ ind_cpa_public_key_s == ind_cpa_public_key /\
-          ind_cpa_public_key_hash_s == ind_cpa_public_key_hash /\
-          implicit_rejection_value_s == implicit_rejection_value /\
-          Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\
-          Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\
-          Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\
-          Seq.length implicit_rejection_value ==
-          Seq.length private_key -
-          (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE +
-            v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) =
-  {
-    f_default_pre = (fun (_: Prims.unit) -> true);
-    f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true);
-    f_default
-    =
-    fun (_: Prims.unit) ->
-      { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true);
-    f_as_ref_post
-    =
-    (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value);
-    f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_3 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
-  {
-    f_Error = Core.Array.t_TryFromSliceError;
-    f_try_from_pre = (fun (value: t_Slice u8) -> true);
-    f_try_from_post
-    =
-    (fun
-        (value: t_Slice u8)
-        (out: Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError)
-        ->
-        true);
-    f_try_from
-    =
-    fun (value: t_Slice u8) ->
-      match
-        Core.Convert.f_try_into #(t_Slice u8)
-          #(t_Array u8 v_SIZE)
-          #FStar.Tactics.Typeclasses.solve
-          value
-      with
-      | Core.Result.Result_Ok value ->
-        Core.Result.Result_Ok ({ f_value = value } <: t_MlKemCiphertext v_SIZE)
-        <:
-        Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError
-      | Core.Result.Result_Err e ->
-        Core.Result.Result_Err e
-        <:
-        Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
-  {
-    f_Error = Core.Array.t_TryFromSliceError;
-    f_try_from_pre = (fun (value: t_Slice u8) -> true);
-    f_try_from_post
-    =
-    (fun
-        (value: t_Slice u8)
-        (out: Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError)
-        ->
-        true);
-    f_try_from
-    =
-    fun (value: t_Slice u8) ->
-      match
-        Core.Convert.f_try_into #(t_Slice u8)
-          #(t_Array u8 v_SIZE)
-          #FStar.Tactics.Typeclasses.solve
-          value
-      with
-      | Core.Result.Result_Ok value ->
-        Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPrivateKey v_SIZE)
-        <:
-        Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
-      | Core.Result.Result_Err e ->
-        Core.Result.Result_Err e
-        <:
-        Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
-  }
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
-  {
-    f_Error = Core.Array.t_TryFromSliceError;
-    f_try_from_pre = (fun (value: t_Slice u8) -> true);
-    f_try_from_post
-    =
-    (fun
-        (value: t_Slice u8)
-        (out: Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError)
-        ->
-        true);
-    f_try_from
-    =
-    fun (value: t_Slice u8) ->
-      match
-        Core.Convert.f_try_into #(t_Slice u8)
-          #(t_Array u8 v_SIZE)
-          #FStar.Tactics.Typeclasses.solve
-          value
-      with
-      | Core.Result.Result_Ok value ->
-        Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPublicKey v_SIZE)
-        <:
-        Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
-      | Core.Result.Result_Err e ->
-        Core.Result.Result_Err e
-        <:
-        Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
-  }

From bf2b9009a05138d363549fa73628254f6e6a59ad Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 5 Dec 2024 12:25:08 +0000
Subject: [PATCH 065/142] added shake256 xof and use it everywhere

---
 libcrux-ml-dsa/src/encoding/signing_key.rs    |  2 +-
 libcrux-ml-dsa/src/hash_functions.rs          | 87 +++++++-----------
 libcrux-ml-dsa/src/ml_dsa_generic.rs          | 92 ++++++++++---------
 .../src/ml_dsa_generic/instantiations.rs      | 10 +-
 .../src/ml_dsa_generic/instantiations/avx2.rs |  7 ++
 libcrux-ml-dsa/src/sample.rs                  |  8 +-
 libcrux-sha3/src/lib.rs                       | 52 +++--------
 7 files changed, 116 insertions(+), 142 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/signing_key.rs b/libcrux-ml-dsa/src/encoding/signing_key.rs
index 0d6537325..074fe41a6 100644
--- a/libcrux-ml-dsa/src/encoding/signing_key.rs
+++ b/libcrux-ml-dsa/src/encoding/signing_key.rs
@@ -13,7 +13,7 @@ use crate::{
 #[inline(always)]
 pub(crate) fn generate_serialized<
     SIMDUnit: Operations,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
     const ETA: usize,
diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs
index 3f79da352..84ca5fbe9 100644
--- a/libcrux-ml-dsa/src/hash_functions.rs
+++ b/libcrux-ml-dsa/src/hash_functions.rs
@@ -4,7 +4,8 @@
 pub(crate) mod shake256 {
     pub(crate) const BLOCK_SIZE: usize = 136;
 
-    pub(crate) trait Xof {
+    /// An ML-DSA specific Xof trait
+    pub(crate) trait DsaXof {
         fn shake256<const OUTPUT_LENGTH: usize>(input: &[u8], out: &mut [u8; OUTPUT_LENGTH]);
         fn init_absorb_final(input: &[u8]) -> Self;
         // TODO: There should only be a `squeeze_block`
@@ -41,6 +42,21 @@ pub(crate) mod shake256 {
             out3: &mut [u8; OUT_LEN],
         );
     }
+
+    /// A generic Xof trait
+    pub(crate) trait Xof {
+        /// Initialize the state
+        fn init() -> Self;
+
+        /// Absorb
+        fn absorb(&mut self, input: &[u8]);
+
+        /// Absorb final input
+        fn absorb_final(&mut self, input: &[u8]);
+
+        /// Squeeze output bytes
+        fn squeeze(&mut self, out: &mut [u8]);
+    }
 }
 
 /// Abstraction and platform multiplexing for SHAKE 128
@@ -78,7 +94,7 @@ pub(crate) mod shake128 {
 pub(crate) mod portable {
     use super::{shake128, shake256};
     use libcrux_sha3::portable::{
-        incremental::{self, XofAbsorb, XofSqueeze},
+        incremental::{self, Xof},
         KeccakState,
     };
 
@@ -228,7 +244,7 @@ pub(crate) mod portable {
         out
     }
 
-    impl shake256::Xof for Shake256 {
+    impl shake256::DsaXof for Shake256 {
         #[inline(always)]
         fn shake256<const OUTPUT_LENGTH: usize>(input: &[u8], out: &mut [u8; OUTPUT_LENGTH]) {
             shake256(input, out);
@@ -239,16 +255,6 @@ pub(crate) mod portable {
             init_absorb_final_shake256(input)
         }
 
-        #[inline(always)]
-        fn init_absorb(input: &[u8]) -> Self {
-            init_absorb_shake256(input)
-        }
-
-        #[inline(always)]
-        fn absorb(input: &[u8]) -> Self {
-            absorb_shake256(self, input)
-        }
-
         #[inline(always)]
         fn squeeze_first_block(&mut self) -> [u8; shake256::BLOCK_SIZE] {
             squeeze_first_block_shake256(self)
@@ -384,38 +390,27 @@ pub(crate) mod portable {
     }
 
     #[cfg_attr(hax, hax_lib::opaque_type)]
-    pub(crate) struct Shake256Absorb {
-        state: incremental::Shake256Absorb,
+    pub(crate) struct Shake256Xof {
+        state: incremental::Shake256Xof,
     }
 
-    impl Shake256Absorb {
-        #[inline(always)]
-        pub(crate) fn init() -> Shake256Absorb {
-            Shake256Absorb {
-                state: incremental::Shake256Absorb::new(),
+    impl shake256::Xof for Shake256Xof {
+        fn init() -> Self {
+            Shake256Xof {
+                state: incremental::Shake256Xof::new(),
             }
         }
 
-        #[inline(always)]
-        pub(crate) fn absorb(st: &mut Shake256Absorb, input: &[u8]) {
-            st.state.absorb(input)
+        fn absorb(&mut self, input: &[u8]) {
+            self.state.absorb(input);
         }
 
-        #[inline(always)]
-        pub(crate) fn absorb_final(st: Shake256Absorb, input: &[u8]) -> Shake256Squeeze {
-            st.state.absorb_final(input)
+        fn absorb_final(&mut self, input: &[u8]) {
+            self.state.absorb_final(input);
         }
-    }
 
-    #[cfg_attr(hax, hax_lib::opaque_type)]
-    pub(crate) struct Shake256Squeeze {
-        state: incremental::Shake256Squeeze,
-    }
-
-    impl Shake256Squeeze {
-        #[inline(always)]
-        pub(crate) fn shake256_squeeze(st: &mut Shake256Squeeze, out: &mut [u8]) {
-            st.state.squeeze(out)
+        fn squeeze(&mut self, out: &mut [u8]) {
+            self.state.squeeze(out)
         }
     }
 }
@@ -535,14 +530,6 @@ pub(crate) mod simd256 {
         Shake256 { state }
     }
 
-    #[inline(always)]
-    fn init_absorb_shake256(input: &[u8]) -> Shake256 {
-        let mut state = libcrux_sha3::portable::incremental::shake256_init();
-        libcrux_sha3::portable::incremental::shake256_absorb(&mut state, input);
-
-        Shake256 { state }
-    }
-
     #[inline(always)]
     fn squeeze_first_block_shake256(state: &mut Shake256) -> [u8; shake256::BLOCK_SIZE] {
         let mut out = [0u8; shake256::BLOCK_SIZE];
@@ -563,7 +550,7 @@ pub(crate) mod simd256 {
         out
     }
 
-    impl shake256::Xof for Shake256 {
+    impl shake256::DsaXof for Shake256 {
         #[inline(always)]
         fn shake256<const OUTPUT_LENGTH: usize>(input: &[u8], out: &mut [u8; OUTPUT_LENGTH]) {
             shake256(input, out)
@@ -574,16 +561,6 @@ pub(crate) mod simd256 {
             init_absorb_final_shake256(input)
         }
 
-        #[inline(always)]
-        fn init_absorb(input: &[u8]) -> Self {
-            init_absorb_shake256(input)
-        }
-
-        #[inline(always)]
-        fn absorb(input: &[u8]) -> Self {
-            absorb_shake256(self, input)
-        }
-
         #[inline(always)]
         fn squeeze_first_block(&mut self) -> [u8; shake256::BLOCK_SIZE] {
             squeeze_first_block_shake256(self)
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 2bbb00b30..0b1a314ba 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -4,7 +4,7 @@ use crate::{
     },
     constants::*,
     encoding::{self, signature::Signature},
-    hash_functions::{portable::Shake256, shake128, shake256},
+    hash_functions::{shake128, shake256},
     matrix::{
         add_vectors, compute_A_times_mask, compute_As1_plus_s2, compute_w_approx, subtract_vectors,
         vector_times_ring_element,
@@ -29,7 +29,8 @@ pub(crate) mod multiplexing;
 pub(crate) fn generate_key_pair<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     Shake256X4: shake256::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
@@ -42,11 +43,12 @@ pub(crate) fn generate_key_pair<
 ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
     // 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE
     let mut seed_expanded = [0; 128];
-    let mut shake = Shake256::init_absorb(&randomness);
-    // let mut shake = shake256_absorb_final(shake, &[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
-    shake.absorb(&[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
-
-    shake256_squeeze(&mut shake, &mut seed_expanded);
+    {
+        let mut shake = Shake256Xof::init();
+        shake.absorb(&randomness);
+        shake.absorb_final(&[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
+        shake.squeeze(&mut seed_expanded);
+    }
 
     let (seed_for_a, seed_expanded) = seed_expanded.split_at(SEED_FOR_A_SIZE);
     let (seed_for_error_vectors, seed_for_signing) =
@@ -94,7 +96,8 @@ pub(crate) fn generate_key_pair<
 pub(crate) fn sign_pre_hashed<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     Shake256X4: shake256::XofX4,
     PH: PreHash<PH_DIGEST_LEN>,
     const PH_DIGEST_LEN: usize,
@@ -126,6 +129,7 @@ pub(crate) fn sign_pre_hashed<
         SIMDUnit,
         Shake128X4,
         Shake256,
+        Shake256Xof,
         Shake256X4,
         ROWS_IN_A,
         COLUMNS_IN_A,
@@ -154,7 +158,8 @@ pub(crate) fn sign_pre_hashed<
 pub(crate) fn sign<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     Shake256X4: shake256::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
@@ -181,6 +186,7 @@ pub(crate) fn sign<
         SIMDUnit,
         Shake128X4,
         Shake256,
+        Shake256Xof,
         Shake256X4,
         ROWS_IN_A,
         COLUMNS_IN_A,
@@ -213,7 +219,8 @@ pub(crate) fn sign<
 pub(crate) fn sign_internal<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     Shake256X4: shake256::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
@@ -249,7 +256,7 @@ pub(crate) fn sign_internal<
         samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
 
     let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
-    derive_message_representative(
+    derive_message_representative::<Shake256Xof>(
         verification_key_hash,
         domain_separation_context,
         message,
@@ -258,12 +265,12 @@ pub(crate) fn sign_internal<
 
     let mut mask_seed = [0; MASK_SEED_SIZE];
     {
-        let mut shake = shake256_init();
-        shake256_absorb(&mut shake, &seed_for_signing);
-        shake256_absorb(&mut shake, &randomness);
-        let mut shake = shake256_absorb_final(shake, &message_representative);
+        let mut shake = Shake256Xof::init();
+        shake.absorb(&seed_for_signing);
+        shake.absorb(&randomness);
+        shake.absorb_final(&message_representative);
 
-        shake256_squeeze(&mut shake, &mut mask_seed);
+        shake.squeeze(&mut mask_seed);
     }
 
     let mut domain_separator_for_mask: u16 = 0;
@@ -304,11 +311,11 @@ pub(crate) fn sign_internal<
                 COMMITMENT_VECTOR_SIZE,
             >(commitment);
 
-            let mut shake = shake256_init();
-            shake256_absorb(&mut shake, &message_representative);
-            let mut shake = shake256_absorb_final(shake, &commitment_serialized);
+            let mut shake = Shake256Xof::init();
+            shake.absorb(&message_representative);
+            shake.absorb_final(&commitment_serialized);
 
-            shake256_squeeze(&mut shake, &mut commitment_hash_candidate);
+            shake.squeeze(&mut commitment_hash_candidate);
         }
 
         let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::<
@@ -416,31 +423,25 @@ pub(crate) fn sign_internal<
 /// 23 of Algorithm 4 (and line 18 of Algorithm 5,resp.) describe domain separation for the HashMl-DSA
 /// variant.
 #[inline(always)]
-fn derive_message_representative(
+fn derive_message_representative<Shake256Xof: shake256::Xof>(
     verification_key_hash: [u8; 64],
     domain_separation_context: Option<DomainSeparationContext>,
     message: &[u8],
     message_representative: &mut [u8; 64],
 ) {
-    let mut shake = shake256_init();
-    shake256_absorb(&mut shake, &verification_key_hash);
+    let mut shake = Shake256Xof::init();
+    shake.absorb(&verification_key_hash);
     if let Some(domain_separation_context) = domain_separation_context {
-        shake256_absorb(
-            &mut shake,
-            &[domain_separation_context.pre_hash_oid().is_some() as u8],
-        );
-        shake256_absorb(
-            &mut shake,
-            &[domain_separation_context.context().len() as u8],
-        );
-        shake256_absorb(&mut shake, domain_separation_context.context());
+        shake.absorb(&[domain_separation_context.pre_hash_oid().is_some() as u8]);
+        shake.absorb(&[domain_separation_context.context().len() as u8]);
+        shake.absorb(domain_separation_context.context());
         if let Some(pre_hash_oid) = domain_separation_context.pre_hash_oid() {
-            shake256_absorb(&mut shake, pre_hash_oid)
+            shake.absorb(pre_hash_oid)
         }
     }
 
-    let mut shake = shake256_absorb_final(shake, message);
-    shake256_squeeze(&mut shake, message_representative);
+    shake.absorb_final(message);
+    shake.squeeze(message_representative);
 }
 
 /// The internal verification API.
@@ -452,7 +453,8 @@ fn derive_message_representative(
 pub(crate) fn verify_internal<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
     const SIGNATURE_SIZE: usize,
@@ -499,7 +501,7 @@ pub(crate) fn verify_internal<
             &mut verification_key_hash,
         );
         let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
-        derive_message_representative(
+        derive_message_representative::<Shake256Xof>(
             verification_key_hash,
             domain_separation_context,
             message,
@@ -530,11 +532,11 @@ pub(crate) fn verify_internal<
                 COMMITMENT_VECTOR_SIZE,
             >(commitment);
 
-            let mut shake = shake256_init();
-            shake256_absorb(&mut shake, &message_representative);
-            let mut shake = shake256_absorb_final(shake, &commitment_serialized);
+            let mut shake = Shake256Xof::init();
+            shake.absorb(&message_representative);
+            shake.absorb_final(&commitment_serialized);
 
-            shake256_squeeze(&mut shake, &mut commitment_hash);
+            shake.squeeze(&mut commitment_hash);
         }
 
         if signature.commitment_hash != commitment_hash {
@@ -552,7 +554,8 @@ pub(crate) fn verify_internal<
 pub(crate) fn verify<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
     const SIGNATURE_SIZE: usize,
@@ -577,6 +580,7 @@ pub(crate) fn verify<
         SIMDUnit,
         Shake128X4,
         Shake256,
+        Shake256Xof,
         ROWS_IN_A,
         COLUMNS_IN_A,
         SIGNATURE_SIZE,
@@ -603,7 +607,8 @@ pub(crate) fn verify<
 pub(crate) fn verify_pre_hashed<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
+    Shake256Xof: shake256::Xof,
     PH: PreHash<PH_DIGEST_LEN>,
     const PH_DIGEST_LEN: usize,
     const ROWS_IN_A: usize,
@@ -631,6 +636,7 @@ pub(crate) fn verify_pre_hashed<
         SIMDUnit,
         Shake128X4,
         Shake256,
+        Shake256Xof,
         ROWS_IN_A,
         COLUMNS_IN_A,
         SIGNATURE_SIZE,
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
index 15936617b..e5df772bc 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
@@ -1,5 +1,5 @@
 macro_rules! instantiate {
-    ($modp:ident, $simdunit:path, $shake128x4:path, $shake256:path, $shake256x4:path) => {
+    ($modp:ident, $simdunit:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path) => {
         pub mod $modp {
             use crate::{
                 constants::*,
@@ -23,6 +23,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     $shake256x4,
                     ROWS_IN_A,
                     COLUMNS_IN_A,
@@ -59,6 +60,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     $shake256x4,
                     ROWS_IN_A,
                     COLUMNS_IN_A,
@@ -103,6 +105,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     $shake256x4,
                     ROWS_IN_A,
                     COLUMNS_IN_A,
@@ -147,6 +150,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     $shake256x4,
                     SHAKE128_PH,
                     256,
@@ -192,6 +196,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     ROWS_IN_A,
                     COLUMNS_IN_A,
                     SIGNATURE_SIZE,
@@ -233,6 +238,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     ROWS_IN_A,
                     COLUMNS_IN_A,
                     SIGNATURE_SIZE,
@@ -274,6 +280,7 @@ macro_rules! instantiate {
                     $simdunit,
                     $shake128x4,
                     $shake256,
+                    $shake256xof,
                     SHAKE128_PH,
                     256,
                     ROWS_IN_A,
@@ -300,6 +307,7 @@ instantiate! {portable,
     crate::simd::portable::PortableSIMDUnit,
     crate::hash_functions::portable::Shake128X4,
     crate::hash_functions::portable::Shake256,
+    crate::hash_functions::portable::Shake256Xof,
     crate::hash_functions::portable::Shake256X4
 }
 
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
index 6f3a754a2..5c4dd2fe1 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
@@ -25,6 +25,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             crate::hash_functions::simd256::Shake256x4,
             ROWS_IN_A,
             COLUMNS_IN_A,
@@ -63,6 +64,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             crate::hash_functions::simd256::Shake256x4,
             ROWS_IN_A,
             COLUMNS_IN_A,
@@ -109,6 +111,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             crate::hash_functions::simd256::Shake256x4,
             ROWS_IN_A,
             COLUMNS_IN_A,
@@ -155,6 +158,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             crate::hash_functions::simd256::Shake256x4,
             SHAKE128_PH,
             256,
@@ -202,6 +206,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             ROWS_IN_A,
             COLUMNS_IN_A,
             SIGNATURE_SIZE,
@@ -245,6 +250,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             ROWS_IN_A,
             COLUMNS_IN_A,
             SIGNATURE_SIZE,
@@ -288,6 +294,7 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
+            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
             SHAKE128_PH,
             256,
             ROWS_IN_A,
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index f9de41a1b..14bcdca69 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -339,7 +339,7 @@ fn update_seed(mut seed: [u8; 66], domain_separator: &mut u16) -> [u8; 66] {
 #[inline(always)]
 fn sample_mask_ring_element<
     SIMDUnit: Operations,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
     const GAMMA1_EXPONENT: usize,
 >(
     seed: [u8; 66],
@@ -362,7 +362,7 @@ fn sample_mask_ring_element<
 #[inline(always)]
 pub(crate) fn sample_mask_vector<
     SIMDUnit: Operations,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
     Shake256X4: shake256::XofX4,
     const DIMENSION: usize,
     const GAMMA1_EXPONENT: usize,
@@ -453,7 +453,7 @@ fn inside_out_shuffle(
 #[inline(always)]
 pub(crate) fn sample_challenge_ring_element<
     SIMDUnit: Operations,
-    Shake256: shake256::Xof,
+    Shake256: shake256::DsaXof,
     const NUMBER_OF_ONES: usize,
     const SEED_SIZE: usize,
 >(
@@ -669,7 +669,7 @@ mod tests {
         );
     }
 
-    fn test_sample_challenge_ring_element_generic<SIMDUnit: Operations, Shake256: shake256::Xof>() {
+    fn test_sample_challenge_ring_element_generic<SIMDUnit: Operations, Shake256: shake256::DsaXof>() {
         // When TAU = 39
         let seed: [u8; 32] = [
             3, 9, 159, 119, 236, 6, 207, 7, 103, 108, 187, 137, 222, 35, 37, 30, 79, 224, 204, 186,
diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs
index c1395155d..0d5d02d8c 100644
--- a/libcrux-sha3/src/lib.rs
+++ b/libcrux-sha3/src/lib.rs
@@ -265,35 +265,23 @@ pub mod portable {
         mod private {
             pub trait Sealed {}
 
-            impl Sealed for super::Shake128Absorb {}
-            impl Sealed for super::Shake128Squeeze {}
-            impl Sealed for super::Shake256Absorb {}
-            impl Sealed for super::Shake256Squeeze {}
+            impl Sealed for super::Shake128Xof {}
+            impl Sealed for super::Shake256Xof {}
         }
         use super::*;
 
         /// SHAKE128 in absorb state
-        pub struct Shake128Absorb {
-            state: KeccakXofState<1, 168, u64>,
-        }
-        /// SHAKE128 in squeeze state
-        pub struct Shake128Squeeze {
+        pub struct Shake128Xof {
             state: KeccakXofState<1, 168, u64>,
         }
+
         /// SHAKE256 in absorb state
-        pub struct Shake256Absorb {
-            state: KeccakXofState<1, 136, u64>,
-        }
-        /// SHAKE256 in squeeze state
-        pub struct Shake256Squeeze {
+        pub struct Shake256Xof {
             state: KeccakXofState<1, 136, u64>,
         }
 
         /// An XOF in absorb state
-        pub trait XofAbsorb<const RATE: usize>: private::Sealed {
-            /// The state after final input absorption
-            type Squeeze;
-
+        pub trait Xof<const RATE: usize>: private::Sealed {
             /// Create new absorb state
             fn new() -> Self;
 
@@ -301,11 +289,13 @@ pub mod portable {
             fn absorb(&mut self, input: &[u8]);
 
             /// Absorb final input (may be empty)
-            fn absorb_final(self, input: &[u8]) -> Self::Squeeze;
+            fn absorb_final(&mut self, input: &[u8]);
+
+            /// Squeeze output bytes
+            fn squeeze(&mut self, out: &mut [u8]);
         }
 
-        impl XofAbsorb<168> for Shake128Absorb {
-            type Squeeze = Shake128Squeeze;
+        impl Xof<168> for Shake128Xof {
             fn new() -> Self {
                 Self {
                     state: KeccakXofState::<1, 168, u64>::new(),
@@ -316,19 +306,10 @@ pub mod portable {
                 self.state.absorb([input]);
             }
 
-            fn absorb_final(mut self, input: &[u8]) -> Shake128Squeeze {
+            fn absorb_final(&mut self, input: &[u8]) {
                 self.state.absorb_final::<0x1fu8>([input]);
-                Shake128Squeeze { state: self.state }
             }
-        }
-        /// An XOF in squeeze state
-        pub trait XofSqueeze<const RATE: usize>: private::Sealed {
-            /// Squeeze output bytes
-            fn squeeze(&mut self, out: &mut [u8]);
-        }
 
-        /// Shake128 XOF in squeeze state
-        impl XofSqueeze<168> for Shake128Squeeze {
             /// Shake128 squeeze
             fn squeeze(&mut self, out: &mut [u8]) {
                 self.state.squeeze([out]);
@@ -336,8 +317,7 @@ pub mod portable {
         }
 
         /// Shake256 XOF in absorb state
-        impl XofAbsorb<136> for Shake256Absorb {
-            type Squeeze = Shake256Squeeze;
+        impl Xof<136> for Shake256Xof {
             /// Shake256 new state
             fn new() -> Self {
                 Self {
@@ -351,14 +331,10 @@ pub mod portable {
             }
 
             /// Shake256 absorb final
-            fn absorb_final(mut self, input: &[u8]) -> Shake256Squeeze {
+            fn absorb_final(&mut self, input: &[u8]) {
                 self.state.absorb_final::<0x1fu8>([input]);
-                Shake256Squeeze { state: self.state }
             }
-        }
 
-        /// Shake256 XOF in squeeze state
-        impl XofSqueeze<136> for Shake256Squeeze {
             /// Shake256 squeeze
             fn squeeze(&mut self, out: &mut [u8]) {
                 self.state.squeeze([out]);

From 7bf825af76a34466b18ead540bb08b9631dbfd13 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 5 Dec 2024 13:11:49 +0000
Subject: [PATCH 066/142] F* extraction

---
 .../Libcrux_ml_dsa.Encoding.Signing_key.fst   |   2 +-
 .../Libcrux_ml_dsa.Encoding.Signing_key.fsti  |   2 +-
 ...ibcrux_ml_dsa.Hash_functions.Portable.fsti |  22 +-
 ...ibcrux_ml_dsa.Hash_functions.Shake256.fsti |  34 +-
 ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti |   4 +-
 ...neric.Instantiations.Avx2.Avx2_feature.fst |  14 +-
 ...eric.Instantiations.Avx2.Avx2_feature.fsti |   1 +
 ...dsa.Ml_dsa_generic.Instantiations.Neon.fst |  13 +-
 ...Ml_dsa_generic.Instantiations.Portable.fst |  13 +-
 .../Libcrux_ml_dsa.Ml_dsa_generic.fst         | 304 +++++++++++-------
 .../Libcrux_ml_dsa.Ml_dsa_generic.fsti        |  77 +++--
 .../extraction/Libcrux_ml_dsa.Sample.fst      |   8 +-
 .../extraction/Libcrux_ml_dsa.Sample.fsti     |   6 +-
 .../src/ml_dsa_generic/instantiations.rs      |   1 +
 14 files changed, 311 insertions(+), 190 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst
index 1394c5939..7088fe927 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst
@@ -102,7 +102,7 @@ let generate_serialized
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i3:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (seed_for_A seed_for_signing verification_key: t_Slice u8)
       (s1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       (s2 t0: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti
index b8a8f2d90..bad7c34f3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti
@@ -27,7 +27,7 @@ val generate_serialized
       (#v_SIMDUnit #v_Shake256: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize)
       {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
       (seed_for_A seed_for_signing verification_key: t_Slice u8)
       (s1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       (s2 t0: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
index 0a59a5cc8..b2a04571e 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
@@ -17,9 +17,7 @@ val t_Shake256:Type0
 /// We\'re using a portable implementation so this is actually sequential.
 val t_Shake256X4:Type0
 
-val t_Shake256Absorb:Type0
-
-val t_Shake256Squeeze:Type0
+val t_Shake256Xof:Type0
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4
@@ -28,15 +26,18 @@ val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4
 val impl_1:Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256
+val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_3:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_4:Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256Xof
+
 val init_absorb (input0 input1 input2 input3: t_Slice u8)
     : Prims.Pure t_Shake128X4 Prims.l_True (fun _ -> Prims.l_True)
 
-val init_absorb_shake256 (input: t_Slice u8)
+val init_absorb_final_shake256 (input: t_Slice u8)
     : Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True)
 
 val init_absorb_x4 (input0 input1 input2 input3: t_Slice u8)
@@ -48,17 +49,6 @@ val shake128 (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUT
 val shake256 (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH)
     : Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True)
 
-val shake256_absorb (st: t_Shake256Absorb) (input: t_Slice u8)
-    : Prims.Pure t_Shake256Absorb Prims.l_True (fun _ -> Prims.l_True)
-
-val shake256_absorb_final (st: t_Shake256Absorb) (input: t_Slice u8)
-    : Prims.Pure t_Shake256Squeeze Prims.l_True (fun _ -> Prims.l_True)
-
-val shake256_init: Prims.unit -> Prims.Pure t_Shake256Absorb Prims.l_True (fun _ -> Prims.l_True)
-
-val shake256_squeeze (st: t_Shake256Squeeze) (out: t_Slice u8)
-    : Prims.Pure (t_Shake256Squeeze & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
-
 val squeeze_first_block_shake256 (state: t_Shake256)
     : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti
index bd150aa95..4f08af6fa 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti
@@ -3,7 +3,8 @@ module Libcrux_ml_dsa.Hash_functions.Shake256
 open Core
 open FStar.Mul
 
-class t_Xof (v_Self: Type0) = {
+/// An ML-DSA specific Xof trait
+class t_DsaXof (v_Self: Type0) = {
   f_shake256_pre:v_OUTPUT_LENGTH: usize -> t_Slice u8 -> t_Array u8 v_OUTPUT_LENGTH -> Type0;
   f_shake256_post:
       v_OUTPUT_LENGTH: usize ->
@@ -15,10 +16,12 @@ class t_Xof (v_Self: Type0) = {
     -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH)
         (f_shake256_pre v_OUTPUT_LENGTH x0 x1)
         (fun result -> f_shake256_post v_OUTPUT_LENGTH x0 x1 result);
-  f_init_absorb_pre:t_Slice u8 -> Type0;
-  f_init_absorb_post:t_Slice u8 -> v_Self -> Type0;
-  f_init_absorb:x0: t_Slice u8
-    -> Prims.Pure v_Self (f_init_absorb_pre x0) (fun result -> f_init_absorb_post x0 result);
+  f_init_absorb_final_pre:t_Slice u8 -> Type0;
+  f_init_absorb_final_post:t_Slice u8 -> v_Self -> Type0;
+  f_init_absorb_final:x0: t_Slice u8
+    -> Prims.Pure v_Self
+        (f_init_absorb_final_pre x0)
+        (fun result -> f_init_absorb_final_post x0 result);
   f_squeeze_first_block_pre:v_Self -> Type0;
   f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0;
   f_squeeze_first_block:x0: v_Self
@@ -33,6 +36,27 @@ class t_Xof (v_Self: Type0) = {
         (fun result -> f_squeeze_next_block_post x0 result)
 }
 
+/// A generic Xof trait
+class t_Xof (v_Self: Type0) = {
+  f_init_pre:Prims.unit -> Type0;
+  f_init_post:Prims.unit -> v_Self -> Type0;
+  f_init:x0: Prims.unit -> Prims.Pure v_Self (f_init_pre x0) (fun result -> f_init_post x0 result);
+  f_absorb_pre:v_Self -> t_Slice u8 -> Type0;
+  f_absorb_post:v_Self -> t_Slice u8 -> v_Self -> Type0;
+  f_absorb:x0: v_Self -> x1: t_Slice u8
+    -> Prims.Pure v_Self (f_absorb_pre x0 x1) (fun result -> f_absorb_post x0 x1 result);
+  f_absorb_final_pre:v_Self -> t_Slice u8 -> Type0;
+  f_absorb_final_post:v_Self -> t_Slice u8 -> v_Self -> Type0;
+  f_absorb_final:x0: v_Self -> x1: t_Slice u8
+    -> Prims.Pure v_Self (f_absorb_final_pre x0 x1) (fun result -> f_absorb_final_post x0 x1 result);
+  f_squeeze_pre:v_Self -> t_Slice u8 -> Type0;
+  f_squeeze_post:v_Self -> t_Slice u8 -> (v_Self & t_Slice u8) -> Type0;
+  f_squeeze:x0: v_Self -> x1: t_Slice u8
+    -> Prims.Pure (v_Self & t_Slice u8)
+        (f_squeeze_pre x0 x1)
+        (fun result -> f_squeeze_post x0 x1 result)
+}
+
 class t_XofX4 (v_Self: Type0) = {
   f_init_absorb_x4_pre:t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> Type0;
   f_init_absorb_x4_post:t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> v_Self -> Type0;
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
index 32174758b..c40649c70 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
@@ -18,7 +18,7 @@ val t_Shake256:Type0
 val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
-val impl_1:Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256
+val impl_1:Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4
@@ -27,7 +27,7 @@ val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4
 val init_absorb (input0 input1 input2 input3: t_Slice u8)
     : Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True)
 
-val init_absorb_shake256 (input: t_Slice u8)
+val init_absorb_final_shake256 (input: t_Slice u8)
     : Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True)
 
 val init_absorb_x4 (input0 input1 input2 input3: t_Slice u8)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
index db410963c..ccfe9b578 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
@@ -6,6 +6,7 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Portable in
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Hash_functions.Simd256 in
@@ -22,6 +23,7 @@ let generate_key_pair
   Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
     v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE randomness
 
@@ -37,6 +39,7 @@ let sign
   Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
     v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE
     v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT
@@ -55,6 +58,7 @@ let sign_pre_hashed_shake128
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
     (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
     v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
@@ -73,9 +77,10 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
-    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE
-    v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA
-    v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
+    v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
+    v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
     v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key message context signature
 
 let verify_pre_hashed_shake128
@@ -90,7 +95,8 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
-    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
+    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
     (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT
     v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE
     v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti
index f5492bbb9..d24fb5ad1 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti
@@ -6,6 +6,7 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Portable in
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Hash_functions.Simd256 in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
index 9e12c192d..d8354ab2f 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
@@ -23,6 +23,7 @@ let generate_key_pair
   Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
     v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE randomness
 
@@ -38,6 +39,7 @@ let sign
   Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
     v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE
     v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT
@@ -56,6 +58,7 @@ let sign_pre_hashed_shake128
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH (sz 256)
     v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
     v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
@@ -74,9 +77,10 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE
-    v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA
-    v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
+    v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
+    v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
     v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key message context signature
 
 let verify_pre_hashed_shake128
@@ -91,7 +95,8 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
     (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT
     v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE
     v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
index 3ed0bdc8f..8672a8e98 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
@@ -22,6 +22,7 @@ let generate_key_pair
   Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
     v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE randomness
 
@@ -37,6 +38,7 @@ let sign
   Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
     v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE
     v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT
@@ -55,6 +57,7 @@ let sign_pre_hashed_shake128
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
     (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
     v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
@@ -73,9 +76,10 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE
-    v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA
-    v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
+    v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
+    v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
     v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key message context signature
 
 let verify_pre_hashed_shake128
@@ -90,7 +94,8 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
     (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT
     v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE
     v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
index 0af8aebcb..21226d0c1 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
@@ -13,24 +13,32 @@ let _ =
   ()
 
 let derive_message_representative
+      (#v_Shake256Xof: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (verification_key_hash: t_Array u8 (sz 64))
       (domain_separation_context:
           Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext)
       (message: t_Slice u8)
       (message_representative: t_Array u8 (sz 64))
      =
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_init ()
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve ()
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
       (verification_key_hash <: t_Slice u8)
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
+  let shake:v_Shake256Xof =
     match domain_separation_context with
     | Core.Option.Option_Some domain_separation_context ->
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
           ((let list =
                 [
                   cast (Core.Option.impl__is_some #(t_Array u8 (sz 11))
@@ -48,8 +56,10 @@ let derive_message_representative
             <:
             t_Slice u8)
       in
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
           ((let list =
                 [
                   cast (Core.Slice.impl__len #u8
@@ -67,44 +77,58 @@ let derive_message_representative
             <:
             t_Slice u8)
       in
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
           (Libcrux_ml_dsa.Pre_hash.impl_1__context domain_separation_context <: t_Slice u8)
       in
       (match Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context with
         | Core.Option.Option_Some pre_hash_oid ->
-          Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake (pre_hash_oid <: t_Slice u8)
+          Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+            #FStar.Tactics.Typeclasses.solve
+            shake
+            (pre_hash_oid <: t_Slice u8)
         | _ -> shake)
     | _ -> shake
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb_final shake message
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      message
   in
-  let tmp0, tmp1:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze & t_Array u8 (sz 64)) =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_squeeze shake message_representative
+  let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      message_representative
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze = tmp0 in
+  let shake:v_Shake256Xof = tmp0 in
   let message_representative:t_Array u8 (sz 64) = tmp1 in
   let _:Prims.unit = () in
   message_representative
 
 let sign_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i5:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i6:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i7:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message: t_Slice u8)
@@ -139,29 +163,41 @@ let sign_internal
   in
   let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
   let message_representative:t_Array u8 (sz 64) =
-    derive_message_representative verification_key_hash
+    derive_message_representative #v_Shake256Xof
+      verification_key_hash
       domain_separation_context
       message
       message_representative
   in
   let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_init ()
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve ()
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake (seed_for_signing <: t_Slice u8)
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      (seed_for_signing <: t_Slice u8)
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake (randomness <: t_Slice u8)
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      (randomness <: t_Slice u8)
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb_final shake
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
       (message_representative <: t_Slice u8)
   in
-  let tmp0, tmp1:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze & t_Array u8 (sz 64)) =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_squeeze shake mask_seed
+  let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      mask_seed
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze = tmp0 in
+  let shake:v_Shake256Xof = tmp0 in
   let mask_seed:t_Array u8 (sz 64) = tmp1 in
   let _:Prims.unit = () in
   let _:Prims.unit = () in
@@ -258,22 +294,30 @@ let sign_internal
               v_COMMITMENT_VECTOR_SIZE
               commitment
           in
-          let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-            Libcrux_ml_dsa.Hash_functions.Portable.shake256_init ()
+          let shake:v_Shake256Xof =
+            Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof
+              #FStar.Tactics.Typeclasses.solve
+              ()
           in
-          let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-            Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake
+          let shake:v_Shake256Xof =
+            Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+              #FStar.Tactics.Typeclasses.solve
+              shake
               (message_representative <: t_Slice u8)
           in
-          let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze =
-            Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb_final shake
+          let shake:v_Shake256Xof =
+            Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
+              #FStar.Tactics.Typeclasses.solve
+              shake
               (commitment_serialized <: t_Slice u8)
           in
-          let tmp0, tmp1:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze &
-            t_Array u8 v_COMMITMENT_HASH_SIZE) =
-            Libcrux_ml_dsa.Hash_functions.Portable.shake256_squeeze shake commitment_hash_candidate
+          let tmp0, tmp1:(v_Shake256Xof & t_Array u8 v_COMMITMENT_HASH_SIZE) =
+            Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
+              #FStar.Tactics.Typeclasses.solve
+              shake
+              commitment_hash_candidate
           in
-          let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze = tmp0 in
+          let shake:v_Shake256Xof = tmp0 in
           let commitment_hash_candidate:t_Array u8 v_COMMITMENT_HASH_SIZE = tmp1 in
           let _:Prims.unit = () in
           let _:Prims.unit = () in
@@ -504,22 +548,25 @@ let sign_internal
       Libcrux_ml_dsa.Types.t_SigningError
 
 let sign
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i5:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i6:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i7:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
@@ -530,11 +577,11 @@ let sign
       (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11)))
   with
   | Core.Result.Result_Ok hoist36 ->
-    sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4 v_ROWS_IN_A v_COLUMNS_IN_A
-      v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE
-      v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE
-      v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key
-      message
+    sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A
+      v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
+      v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+      v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE
+      v_SIGNATURE_SIZE signing_key message
       (Core.Option.Option_Some hoist36
         <:
         Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
@@ -549,26 +596,29 @@ let sign
       Libcrux_ml_dsa.Types.t_SigningError
 
 let sign_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4 #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
           usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i6:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i7:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i8:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i9:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i10:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i11:
           Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
@@ -595,11 +645,11 @@ let sign_pre_hashed
           Core.Option.t_Option (t_Array u8 (sz 11)))
     with
     | Core.Result.Result_Ok hoist39 ->
-      sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4 v_ROWS_IN_A v_COLUMNS_IN_A
-        v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE
-        v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE
-        v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE
-        signing_key (pre_hashed_message <: t_Slice u8)
+      sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A
+        v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
+        v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+        v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE
+        v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key (pre_hashed_message <: t_Slice u8)
         (Core.Option.Option_Some hoist39
           <:
           Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
@@ -614,21 +664,24 @@ let sign_pre_hashed
         Libcrux_ml_dsa.Types.t_SigningError
 
 let verify_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
+          i4:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
+          i5:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          i6:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i7:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message: t_Slice u8)
       (domain_separation_context:
@@ -682,7 +735,8 @@ let verify_internal
       in
       let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
       let message_representative:t_Array u8 (sz 64) =
-        derive_message_representative verification_key_hash
+        derive_message_representative #v_Shake256Xof
+          verification_key_hash
           domain_separation_context
           message
           message_representative
@@ -725,22 +779,30 @@ let verify_internal
           v_COMMITMENT_VECTOR_SIZE
           commitment
       in
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_init ()
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          ()
       in
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
           (message_representative <: t_Slice u8)
       in
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb_final shake
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
           (commitment_serialized <: t_Slice u8)
       in
-      let tmp0, tmp1:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze &
-        t_Array u8 v_COMMITMENT_HASH_SIZE) =
-        Libcrux_ml_dsa.Hash_functions.Portable.shake256_squeeze shake commitment_hash
+      let tmp0, tmp1:(v_Shake256Xof & t_Array u8 v_COMMITMENT_HASH_SIZE) =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
+          commitment_hash
       in
-      let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze = tmp0 in
+      let shake:v_Shake256Xof = tmp0 in
       let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = tmp1 in
       let _:Prims.unit = () in
       let _:Prims.unit = () in
@@ -769,21 +831,24 @@ let verify_internal
     Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
 
 let verify
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i3:
+          i4:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
+          i5:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          i6:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i7:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
@@ -793,7 +858,7 @@ let verify
       (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11)))
   with
   | Core.Result.Result_Ok hoist41 ->
-    verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A
+    verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
       v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
       v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
       v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized message
@@ -810,23 +875,26 @@ let verify
     Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
 
 let verify_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i5:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i6:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i7:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
           Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
@@ -845,7 +913,7 @@ let verify_pre_hashed
         Core.Option.t_Option (t_Array u8 (sz 11)))
   with
   | Core.Result.Result_Ok hoist43 ->
-    verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A
+    verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
       v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
       v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
       v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized
@@ -863,44 +931,56 @@ let verify_pre_hashed
     Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
 
 let generate_key_pair
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE:
           usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i5:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i6:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i7:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
       (randomness: t_Array u8 (sz 32))
      =
   let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_init ()
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve ()
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Absorb =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb shake (randomness <: t_Slice u8)
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      (randomness <: t_Slice u8)
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_absorb_final shake
+  let shake:v_Shake256Xof =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
       ((let list = [cast (v_ROWS_IN_A <: usize) <: u8; cast (v_COLUMNS_IN_A <: usize) <: u8] in
           FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2);
           Rust_primitives.Hax.array_of_list 2 list)
         <:
         t_Slice u8)
   in
-  let tmp0, tmp1:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze & t_Array u8 (sz 128)) =
-    Libcrux_ml_dsa.Hash_functions.Portable.shake256_squeeze shake seed_expanded
+  let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) =
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
+      #FStar.Tactics.Typeclasses.solve
+      shake
+      seed_expanded
   in
-  let shake:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Squeeze = tmp0 in
+  let shake:v_Shake256Xof = tmp0 in
   let seed_expanded:t_Array u8 (sz 128) = tmp1 in
   let _:Prims.unit = () in
+  let _:Prims.unit = () in
   let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) =
     Core.Slice.impl__split_at #u8
       (seed_expanded <: t_Slice u8)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
index abf9c8d7c..574ce29b4 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
@@ -30,6 +30,8 @@ let _ =
 /// 23 of Algorithm 4 (and line 18 of Algorithm 5,resp.) describe domain separation for the HashMl-DSA
 /// variant.
 val derive_message_representative
+      (#v_Shake256Xof: Type0)
+      {| i1: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
       (verification_key_hash: t_Array u8 (sz 64))
       (domain_separation_context:
           Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext)
@@ -41,15 +43,16 @@ val derive_message_representative
 /// If no `domain_separation_context` is supplied, it is assumed that
 /// `message` already contains the domain separation.
 val sign_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message: t_Slice u8)
       (domain_separation_context:
@@ -60,15 +63,16 @@ val sign_internal
           Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
 
 val sign
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
       (randomness: t_Array u8 (sz 32))
@@ -77,17 +81,18 @@ val sign
           Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
 
 val sign_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4 #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
           usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
-      {| i9: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
+      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i11: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
       (randomness: t_Array u8 (sz 32))
@@ -99,15 +104,16 @@ val sign_pre_hashed
 /// If no `domain_separation_context` is supplied, it is assumed that
 /// `message` already contains the domain separation.
 val verify_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i3: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i4: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
+      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message: t_Slice u8)
       (domain_separation_context:
@@ -118,15 +124,16 @@ val verify_internal
       (fun _ -> Prims.l_True)
 
 val verify
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i3: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i4: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
+      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
@@ -135,16 +142,17 @@ val verify
       (fun _ -> Prims.l_True)
 
 val verify_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
-      {| i7: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
+      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i9: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
@@ -154,13 +162,14 @@ val verify_pre_hashed
 
 /// Generate a key pair.
 val generate_key_pair
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE:
           usize)
-      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE)
       Prims.l_True
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
index 2c3c28d2f..2a6b43436 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
@@ -281,11 +281,11 @@ let sample_challenge_ring_element
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i3:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (seed: t_Array u8 v_SEED_SIZE)
      =
   let state:v_Shake256 =
-    Libcrux_ml_dsa.Hash_functions.Shake256.f_init_absorb #v_Shake256
+    Libcrux_ml_dsa.Hash_functions.Shake256.f_init_absorb_final #v_Shake256
       #FStar.Tactics.Typeclasses.solve
       (seed <: t_Slice u8)
   in
@@ -1047,7 +1047,7 @@ let sample_mask_ring_element
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i3:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (seed: t_Array u8 (sz 66))
      =
   match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
@@ -1085,7 +1085,7 @@ let sample_mask_vector
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i4:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256)
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i5:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
index 6f4c4d09d..02905d2e7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
@@ -59,7 +59,7 @@ val sample_challenge_ring_element
       (#v_SIMDUnit #v_Shake256: Type0)
       (v_NUMBER_OF_ONES v_SEED_SIZE: usize)
       {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
       (seed: t_Array u8 v_SEED_SIZE)
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
@@ -97,7 +97,7 @@ val sample_mask_ring_element
       (#v_SIMDUnit #v_Shake256: Type0)
       (v_GAMMA1_EXPONENT: usize)
       {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
       (seed: t_Array u8 (sz 66))
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
@@ -107,7 +107,7 @@ val sample_mask_vector
       (#v_SIMDUnit #v_Shake256 #v_Shake256X4: Type0)
       (v_DIMENSION v_GAMMA1_EXPONENT: usize)
       {| i3: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i4: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |}
+      {| i4: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
       {| i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
       (seed: t_Array u8 (sz 66))
       (domain_separator: u16)
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
index e5df772bc..e91d18387 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
@@ -321,5 +321,6 @@ instantiate! {neon,
     crate::simd::portable::PortableSIMDUnit,
     crate::hash_functions::neon::Shake128x4,
     crate::hash_functions::portable::Shake256,
+    crate::hash_functions::portable::Shake256Xof,
     crate::hash_functions::neon::Shake256x4
 }

From 38bf4698b35566ed740556f03e998f1b78e38096 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 5 Dec 2024 15:35:17 +0000
Subject: [PATCH 067/142] wip core.option.Option_c4 (found in file
 libcrux_core) mentions libcrux_ml_dsa.polynomial.PolynomialRingElement_24
 (found in file libcrux_mldsa65_avx2)

---
 libcrux-ml-dsa/cg.yaml                        | 41 +++++++++----------
 libcrux-ml-dsa/cg/code_gen.txt                | 10 ++---
 libcrux-ml-dsa/cg/header.txt                  | 10 ++---
 libcrux-ml-dsa/src/ml_dsa_generic.rs          |  6 ++-
 .../src/ml_dsa_generic/instantiations.rs      |  6 ++-
 .../src/ml_dsa_generic/instantiations/avx2.rs |  2 +
 libcrux-ml-dsa/src/polynomial.rs              |  2 -
 libcrux-ml-dsa/src/pre_hash.rs                | 12 +++---
 8 files changed, 48 insertions(+), 41 deletions(-)

diff --git a/libcrux-ml-dsa/cg.yaml b/libcrux-ml-dsa/cg.yaml
index 717d14827..3162d75b4 100644
--- a/libcrux-ml-dsa/cg.yaml
+++ b/libcrux-ml-dsa/cg.yaml
@@ -45,6 +45,26 @@ files:
       monomorphizations_using:
         - [libcrux_sha3, "*"]
 
+  # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
+  - name: libcrux_core
+    inline_static: true
+    private:
+      monomorphizations_of:
+        - [core, "*"]
+        - [libcrux_ml_dsa, types, "*"]
+        - [libcrux_ml_dsa, utils, "*" ]
+      monomorphizations_using:
+        - [Eurydice, "*" ]
+        - [libcrux_ml_dsa, types, "*"]
+      patterns:
+        - [core, "*"]
+        - [libcrux_ml_dsa, types ]
+        - [libcrux_ml_dsa, constants ]
+        - [libcrux_ml_dsa, utils, "*" ]
+        # - [libcrux_ml_dsa, simd, traits ]
+    api:
+      - [Eurydice, "*"]
+
   # MLDSA-65
 
   - name: libcrux_mldsa65_avx2
@@ -93,27 +113,6 @@ files:
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
         - [core, option, Option_84]
 
-
-  # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
-  - name: libcrux_core
-    inline_static: true
-    private:
-      monomorphizations_of:
-        - [core, "*"]
-        - [libcrux_ml_dsa, types, "*"]
-        - [libcrux_ml_dsa, utils, "*" ]
-      monomorphizations_using:
-        - [Eurydice, "*" ]
-        - [libcrux_ml_dsa, types, "*"]
-      patterns:
-        - [core, "*"]
-        - [libcrux_ml_dsa, types, "*" ]
-        - [libcrux_ml_dsa, constants ]
-        - [libcrux_ml_dsa, utils, "*" ]
-        - [libcrux_ml_dsa, simd, traits ]
-    api:
-      - [Eurydice, "*"]
-
 naming:
   skip_prefix:
     - [ core, core_arch, arm_shared, neon ]
diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index c7ae67f4f..9a67e7142 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
-Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
-Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
-F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: ebd9959e4b3ba3155e1f0225ac0764b1a8657d7f
+Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+F*: b0961063393215ca65927f017720cb365a193833-dirty
+Libcrux: 7bf825af76a34466b18ead540bb08b9631dbfd13
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index a2b69ee7f..5415927f3 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -4,9 +4,9 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
- * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
- * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: ebd9959e4b3ba3155e1f0225ac0764b1a8657d7f
+ * Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+ * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+ * F*: b0961063393215ca65927f017720cb365a193833-dirty
+ * Libcrux: 7bf825af76a34466b18ead540bb08b9631dbfd13
  */
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 0b1a314ba..da26619ea 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -95,6 +95,7 @@ pub(crate) fn generate_key_pair<
 #[inline(always)]
 pub(crate) fn sign_pre_hashed<
     SIMDUnit: Operations,
+    Shake128: shake128::Xof,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -124,7 +125,7 @@ pub(crate) fn sign_pre_hashed<
     if context.len() > CONTEXT_MAX_LEN {
         return Err(SigningError::ContextTooLongError);
     }
-    let pre_hashed_message = PH::hash(message);
+    let pre_hashed_message = PH::hash::<Shake128>(message);
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -606,6 +607,7 @@ pub(crate) fn verify<
 #[inline(always)]
 pub(crate) fn verify_pre_hashed<
     SIMDUnit: Operations,
+    Shake128: shake128::Xof,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -630,7 +632,7 @@ pub(crate) fn verify_pre_hashed<
     context: &[u8],
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
-    let pre_hashed_message = PH::hash(message);
+    let pre_hashed_message = PH::hash::<Shake128>(message);
 
     verify_internal::<
         SIMDUnit,
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
index e91d18387..07920de39 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
@@ -1,5 +1,5 @@
 macro_rules! instantiate {
-    ($modp:ident, $simdunit:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path) => {
+    ($modp:ident, $simdunit:path, $shake128:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path) => {
         pub mod $modp {
             use crate::{
                 constants::*,
@@ -148,6 +148,7 @@ macro_rules! instantiate {
             ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
                 crate::ml_dsa_generic::sign_pre_hashed::<
                     $simdunit,
+                    $shake128,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -278,6 +279,7 @@ macro_rules! instantiate {
             ) -> Result<(), VerificationError> {
                 crate::ml_dsa_generic::verify_pre_hashed::<
                     $simdunit,
+                    $shake128,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -305,6 +307,7 @@ macro_rules! instantiate {
 // Portable generic implementations.
 instantiate! {portable,
     crate::simd::portable::PortableSIMDUnit,
+    crate::hash_functions::portable::Shake128,
     crate::hash_functions::portable::Shake128X4,
     crate::hash_functions::portable::Shake256,
     crate::hash_functions::portable::Shake256Xof,
@@ -319,6 +322,7 @@ pub mod avx2;
 #[cfg(feature = "simd128")]
 instantiate! {neon,
     crate::simd::portable::PortableSIMDUnit,
+    crate::hash_functions::portable::Shake128,
     crate::hash_functions::neon::Shake128x4,
     crate::hash_functions::portable::Shake256,
     crate::hash_functions::portable::Shake256Xof,
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
index 5c4dd2fe1..92d06ad8d 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
@@ -156,6 +156,7 @@ mod avx2_feature {
     ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
         crate::ml_dsa_generic::sign_pre_hashed::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::hash_functions::portable::Shake128, // XXX: Use simd256
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
@@ -292,6 +293,7 @@ mod avx2_feature {
     ) -> Result<(), VerificationError> {
         crate::ml_dsa_generic::verify_pre_hashed::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::hash_functions::portable::Shake128, // XXX: Use simd256
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
diff --git a/libcrux-ml-dsa/src/polynomial.rs b/libcrux-ml-dsa/src/polynomial.rs
index 26c033ad5..2b2884abe 100644
--- a/libcrux-ml-dsa/src/polynomial.rs
+++ b/libcrux-ml-dsa/src/polynomial.rs
@@ -8,8 +8,6 @@ pub(crate) struct PolynomialRingElement<SIMDUnit: Operations> {
     pub(crate) simd_units: [SIMDUnit; SIMD_UNITS_IN_RING_ELEMENT],
 }
 
-pub type OptionalRingElement<SIMDUnit> = Option<PolynomialRingElement<SIMDUnit>>;
-
 impl<SIMDUnit: Operations> PolynomialRingElement<SIMDUnit> {
     #[allow(non_snake_case)]
     pub(crate) fn ZERO() -> Self {
diff --git a/libcrux-ml-dsa/src/pre_hash.rs b/libcrux-ml-dsa/src/pre_hash.rs
index 06855c0f9..480d96eb0 100644
--- a/libcrux-ml-dsa/src/pre_hash.rs
+++ b/libcrux-ml-dsa/src/pre_hash.rs
@@ -6,7 +6,7 @@
 //! pre-hash trait for SHAKE-128, with a digest length of 256 bytes.
 use crate::{
     constants::CONTEXT_MAX_LEN,
-    hash_functions::shake128::Xof,
+    hash_functions,
     types::{SigningError, VerificationError},
 };
 
@@ -19,7 +19,7 @@ pub(crate) trait PreHash<const DIGEST_LEN: usize> {
     fn oid() -> PreHashOID;
 
     /// Used to derive the pre-hash PH of the message before signing.
-    fn hash(message: &[u8]) -> [u8; DIGEST_LEN];
+    fn hash<Shake128: hash_functions::shake128::Xof>(message: &[u8]) -> [u8; DIGEST_LEN];
 }
 
 #[allow(non_camel_case_types)]
@@ -34,9 +34,9 @@ impl PreHash<256> for SHAKE128_PH {
         ]
     }
 
-    fn hash(message: &[u8]) -> [u8; 256] {
+    fn hash<Shake128: hash_functions::shake128::Xof>(message: &[u8]) -> [u8; 256] {
         let mut output = [0u8; 256];
-        crate::hash_functions::portable::Shake128::shake128(message, &mut output);
+        Shake128::shake128(message, &mut output);
 
         output
     }
@@ -53,12 +53,14 @@ pub(crate) enum DomainSeparationError {
     ContextTooLongError,
 }
 
+pub(crate) type PreHashResult<'a> = Result<DomainSeparationContext<'a>, DomainSeparationError>;
+
 impl<'a> DomainSeparationContext<'a> {
     /// `context` must be at most 255 bytes long.
     pub(crate) fn new(
         context: &'a [u8],
         pre_hash_oid: Option<&'a PreHashOID>,
-    ) -> Result<Self, DomainSeparationError> {
+    ) -> PreHashResult<'a> {
         if context.len() > CONTEXT_MAX_LEN {
             Err(DomainSeparationError::ContextTooLongError)
         } else {

From 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 5 Dec 2024 19:32:56 +0000
Subject: [PATCH 068/142] more wip eurydice changes

---
 libcrux-ml-dsa/cg.yaml                     | 53 +++++++++++++---------
 libcrux-ml-dsa/cg/code_gen.txt             |  2 +-
 libcrux-ml-dsa/cg/header.txt               |  2 +-
 libcrux-ml-dsa/src/encoding/signing_key.rs | 35 ++++++++------
 libcrux-ml-dsa/src/helper.rs               | 53 +++++++++++++---------
 libcrux-ml-dsa/src/ml_dsa_generic.rs       | 26 +++++++++--
 libcrux-ml-dsa/src/pre_hash.rs             | 22 +--------
 7 files changed, 108 insertions(+), 85 deletions(-)

diff --git a/libcrux-ml-dsa/cg.yaml b/libcrux-ml-dsa/cg.yaml
index 3162d75b4..8989a1168 100644
--- a/libcrux-ml-dsa/cg.yaml
+++ b/libcrux-ml-dsa/cg.yaml
@@ -45,26 +45,6 @@ files:
       monomorphizations_using:
         - [libcrux_sha3, "*"]
 
-  # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
-  - name: libcrux_core
-    inline_static: true
-    private:
-      monomorphizations_of:
-        - [core, "*"]
-        - [libcrux_ml_dsa, types, "*"]
-        - [libcrux_ml_dsa, utils, "*" ]
-      monomorphizations_using:
-        - [Eurydice, "*" ]
-        - [libcrux_ml_dsa, types, "*"]
-      patterns:
-        - [core, "*"]
-        - [libcrux_ml_dsa, types ]
-        - [libcrux_ml_dsa, constants ]
-        - [libcrux_ml_dsa, utils, "*" ]
-        # - [libcrux_ml_dsa, simd, traits ]
-    api:
-      - [Eurydice, "*"]
-
   # MLDSA-65
 
   - name: libcrux_mldsa65_avx2
@@ -88,6 +68,8 @@ files:
       monomorphizations_using:
         - [libcrux_ml_dsa, simd, avx2, "*"]
         - [libcrux_ml_dsa, hash_functions, simd256, "*"]
+      # monomorphizations_exact:
+      #   - [core, option, Option_c4]
 
   - name: libcrux_mldsa65_portable
     inline_static: true
@@ -98,21 +80,48 @@ files:
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
-        - [core, option, Option_84]
+        # - [libcrux_ml_dsa, pre_hash, PreHashResult]
+        # - [core, option, Option_84]
       monomorphizations_of:
         - [libcrux_ml_dsa, polynomial, "*" ]
         - [libcrux_ml_dsa, simd, "*"]
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, portable]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
-        - [core, option, Option_84]
+        # - [libcrux_ml_dsa, pre_hash, PreHashResult]
+        # - [core, option, Option_84]
       monomorphizations_using:
         - [libcrux_ml_dsa, polynomial, "*" ]
         - [libcrux_ml_dsa, simd, "*"]
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_generic, instantiations, portable, "*"]
+        # - [libcrux_ml_dsa, pre_hash, PreHashResult]
+      monomorphizations_exact:
+        - [libcrux_ml_dsa, pre_hash, PreHashResult]
+        - [core, result, Result_a8]
         - [core, option, Option_84]
 
+
+  # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS
+  - name: libcrux_core
+    inline_static: true
+    private:
+      monomorphizations_of:
+        - [core, "*"]
+        - [libcrux_ml_dsa, types, "*"]
+        - [libcrux_ml_dsa, utils, "*" ]
+      monomorphizations_using:
+        - [Eurydice, "*" ]
+        - [libcrux_ml_dsa, types, "*"]
+      patterns:
+        - [core, "*"]
+        - [libcrux_ml_dsa, types ]
+        - [libcrux_ml_dsa, constants ]
+        - [libcrux_ml_dsa, utils, "*" ]
+        # - [libcrux_ml_dsa, simd, traits ]
+    api:
+      - [Eurydice, "*"]
+
 naming:
   skip_prefix:
     - [ core, core_arch, arm_shared, neon ]
diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 9a67e7142..497ab14f5 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 7bf825af76a34466b18ead540bb08b9631dbfd13
+Libcrux: 38bf4698b35566ed740556f03e998f1b78e38096
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 5415927f3..335d58baa 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 7bf825af76a34466b18ead540bb08b9631dbfd13
+ * Libcrux: 38bf4698b35566ed740556f03e998f1b78e38096
  */
diff --git a/libcrux-ml-dsa/src/encoding/signing_key.rs b/libcrux-ml-dsa/src/encoding/signing_key.rs
index 074fe41a6..6a33c4ecc 100644
--- a/libcrux-ml-dsa/src/encoding/signing_key.rs
+++ b/libcrux-ml-dsa/src/encoding/signing_key.rs
@@ -5,6 +5,7 @@ use crate::{
     },
     encoding,
     hash_functions::shake256,
+    helper::cloop,
     polynomial::PolynomialRingElement,
     simd::traits::Operations,
 };
@@ -46,24 +47,30 @@ pub(crate) fn generate_serialized<
         .copy_from_slice(&verification_key_hash);
     offset += BYTES_FOR_VERIFICATION_KEY_HASH;
 
-    for ring_element in s1.iter() {
-        signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE].copy_from_slice(
-            &encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(*ring_element),
-        );
-        offset += ERROR_RING_ELEMENT_SIZE;
+    cloop! {
+        for ring_element in s1.iter() {
+            signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE].copy_from_slice(
+                &encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(*ring_element),
+            );
+            offset += ERROR_RING_ELEMENT_SIZE;
+        }
     }
 
-    for ring_element in s2.iter() {
-        signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE].copy_from_slice(
-            &encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(*ring_element),
-        );
-        offset += ERROR_RING_ELEMENT_SIZE;
+    cloop! {
+        for ring_element in s2.iter() {
+            signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE].copy_from_slice(
+                &encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(*ring_element),
+            );
+            offset += ERROR_RING_ELEMENT_SIZE;
+        }
     }
 
-    for ring_element in t0.iter() {
-        signing_key_serialized[offset..offset + RING_ELEMENT_OF_T0S_SIZE]
-            .copy_from_slice(&encoding::t0::serialize::<SIMDUnit>(*ring_element));
-        offset += RING_ELEMENT_OF_T0S_SIZE;
+    cloop! {
+        for ring_element in t0.iter() {
+            signing_key_serialized[offset..offset + RING_ELEMENT_OF_T0S_SIZE]
+                .copy_from_slice(&encoding::t0::serialize::<SIMDUnit>(*ring_element));
+            offset += RING_ELEMENT_OF_T0S_SIZE;
+        }
     }
 
     signing_key_serialized
diff --git a/libcrux-ml-dsa/src/helper.rs b/libcrux-ml-dsa/src/helper.rs
index 1dbb5dd22..ef66362c3 100644
--- a/libcrux-ml-dsa/src/helper.rs
+++ b/libcrux-ml-dsa/src/helper.rs
@@ -1,7 +1,7 @@
 /// The following macros are defined so that the extraction from Rust to C code
 /// can go through.
 
-#[cfg(eurydice)]
+// #[cfg(eurydice)]
 macro_rules! cloop {
     (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
         for $i in 0..$val.$values.len() / ($($chunk_size)*) {
@@ -21,6 +21,12 @@ macro_rules! cloop {
             $body
         }
     };
+    (for $item:ident in $val:ident.iter() $body:block) => {
+        for _cloop_i in 0..$val.len() {
+            let $item = &$val[_cloop_i];
+            $body
+        }
+    };
     (for ($i:ident, $item:ident) in $self:ident.$val:ident.iter().enumerate() $body:block) => {
         for $i in 0..$self.$val.len() {
             let $item = &$self.$val[$i];
@@ -41,26 +47,29 @@ macro_rules! cloop {
     };
 }
 
-#[cfg(not(eurydice))]
-macro_rules! cloop {
-    (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-        for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body
-    };
-    (for ($i:ident, $chunk:ident) in $val:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-        for ($i, $chunk) in $val.chunks_exact($($chunk_size),*).enumerate() $body
-    };
-    (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
-        for ($i, $item) in $val.iter().enumerate() $body
-    };
-    (for ($i:ident, $item:ident) in $self:ident.$val:ident.iter().enumerate() $body:block) => {
-        for ($i, $item) in $self.$val.iter().enumerate() $body
-    };
-    (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
-        for ($i, $item) in $val.into_iter().enumerate() $body
-    };
-    (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
-        for $i in ($start..$end).step_by($step) $body
-    };
-}
+// #[cfg(not(eurydice))]
+// macro_rules! cloop {
+//     (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
+//         for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body
+//     };
+//     (for ($i:ident, $chunk:ident) in $val:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
+//         for ($i, $chunk) in $val.chunks_exact($($chunk_size),*).enumerate() $body
+//     };
+//     (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
+//         for ($i, $item) in $val.iter().enumerate() $body
+//     };
+//     (for $item:ident in $val:ident.iter() $body:block) => {
+//         for $item in $val.iter() $body
+//     };
+//     (for ($i:ident, $item:ident) in $self:ident.$val:ident.iter().enumerate() $body:block) => {
+//         for ($i, $item) in $self.$val.iter().enumerate() $body
+//     };
+//     (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
+//         for ($i, $item) in $val.into_iter().enumerate() $body
+//     };
+//     (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
+//         for $i in ($start..$end).step_by($step) $body
+//     };
+// }
 
 pub(crate) use cloop;
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index da26619ea..e2d47a15f 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -126,6 +126,11 @@ pub(crate) fn sign_pre_hashed<
         return Err(SigningError::ContextTooLongError);
     }
     let pre_hashed_message = PH::hash::<Shake128>(message);
+    let oid = PH::oid();
+    let domain_separation_context = match DomainSeparationContext::new(context, Some(&oid)) {
+        Ok(domain_separation_context) => domain_separation_context,
+        Err(_) => return Err(SigningError::ContextTooLongError),
+    };
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -149,7 +154,7 @@ pub(crate) fn sign_pre_hashed<
     >(
         &signing_key,
         &pre_hashed_message,
-        Some(DomainSeparationContext::new(context, Some(&PH::oid()))?),
+        Some(domain_separation_context),
         randomness,
     )
 }
@@ -183,6 +188,10 @@ pub(crate) fn sign<
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     // TODO: Support implicit into() in ? so that this match becomes unnecessary
+    let domain_separation_context = match DomainSeparationContext::new(context, None) {
+        Ok(domain_separation_context) => domain_separation_context,
+        Err(_) => return Err(SigningError::ContextTooLongError),
+    };
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -206,7 +215,7 @@ pub(crate) fn sign<
     >(
         &signing_key,
         message,
-        Some(DomainSeparationContext::new(context, None)?),
+        Some(domain_separation_context),
         randomness,
     )
 }
@@ -577,6 +586,10 @@ pub(crate) fn verify<
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
     // TODO: Support implicit into() in ? so that this match becomes unnecessary
+    let domain_separation_context = match DomainSeparationContext::new(context, None) {
+        Ok(domain_separation_context) => domain_separation_context,
+        Err(_) => return Err(VerificationError::ContextTooLongError),
+    };
     verify_internal::<
         SIMDUnit,
         Shake128X4,
@@ -598,7 +611,7 @@ pub(crate) fn verify<
     >(
         &verification_key_serialized,
         message,
-        Some(DomainSeparationContext::new(context, None)?),
+        Some(domain_separation_context),
         &signature_serialized,
     )
 }
@@ -633,6 +646,11 @@ pub(crate) fn verify_pre_hashed<
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
     let pre_hashed_message = PH::hash::<Shake128>(message);
+    let oid = PH::oid();
+    let domain_separation_context = match DomainSeparationContext::new(context, Some(&oid)) {
+        Ok(domain_separation_context) => domain_separation_context,
+        Err(_) => return Err(VerificationError::ContextTooLongError),
+    };
 
     verify_internal::<
         SIMDUnit,
@@ -655,7 +673,7 @@ pub(crate) fn verify_pre_hashed<
     >(
         &verification_key_serialized,
         &pre_hashed_message,
-        Some(DomainSeparationContext::new(context, Some(&PH::oid()))?),
+        Some(domain_separation_context),
         &signature_serialized,
     )
 }
diff --git a/libcrux-ml-dsa/src/pre_hash.rs b/libcrux-ml-dsa/src/pre_hash.rs
index 480d96eb0..ff635536c 100644
--- a/libcrux-ml-dsa/src/pre_hash.rs
+++ b/libcrux-ml-dsa/src/pre_hash.rs
@@ -4,11 +4,7 @@
 //! of FIPS 204, any NIST-approved hash function or XOF can be used to
 //!/perform the pre-hash of the message. This module implements the
 //! pre-hash trait for SHAKE-128, with a digest length of 256 bytes.
-use crate::{
-    constants::CONTEXT_MAX_LEN,
-    hash_functions,
-    types::{SigningError, VerificationError},
-};
+use crate::{constants::CONTEXT_MAX_LEN, hash_functions};
 
 pub(crate) const PRE_HASH_OID_LEN: usize = 11;
 pub(crate) type PreHashOID = [u8; PRE_HASH_OID_LEN];
@@ -81,19 +77,3 @@ impl<'a> DomainSeparationContext<'a> {
         self.pre_hash_oid
     }
 }
-
-impl From<DomainSeparationError> for SigningError {
-    fn from(e: DomainSeparationError) -> SigningError {
-        match e {
-            DomainSeparationError::ContextTooLongError => SigningError::ContextTooLongError,
-        }
-    }
-}
-
-impl From<DomainSeparationError> for VerificationError {
-    fn from(e: DomainSeparationError) -> VerificationError {
-        match e {
-            DomainSeparationError::ContextTooLongError => VerificationError::ContextTooLongError,
-        }
-    }
-}

From 76e8015f066ed8c431a7eab8985c2bfb03ad7e93 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 12:31:19 +0000
Subject: [PATCH 069/142] update for C extraction

---
 libcrux-ml-dsa/cg/code_gen.txt       |  2 +-
 libcrux-ml-dsa/cg/header.txt         |  2 +-
 libcrux-ml-dsa/src/ml_dsa_generic.rs | 25 +++++-----------------
 libcrux-ml-dsa/src/pre_hash.rs       | 31 +++++++++++++++++++++-------
 libcrux-ml-dsa/src/types.rs          |  4 +++-
 5 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 497ab14f5..33600f72a 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 38bf4698b35566ed740556f03e998f1b78e38096
+Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 335d58baa..5d85f31d0 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 38bf4698b35566ed740556f03e998f1b78e38096
+ * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
  */
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index e2d47a15f..3883b01e0 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -126,11 +126,7 @@ pub(crate) fn sign_pre_hashed<
         return Err(SigningError::ContextTooLongError);
     }
     let pre_hashed_message = PH::hash::<Shake128>(message);
-    let oid = PH::oid();
-    let domain_separation_context = match DomainSeparationContext::new(context, Some(&oid)) {
-        Ok(domain_separation_context) => domain_separation_context,
-        Err(_) => return Err(SigningError::ContextTooLongError),
-    };
+    let domain_separation_context = DomainSeparationContext::new(context, Some(&PH::OID))?;
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -187,11 +183,7 @@ pub(crate) fn sign<
     context: &[u8],
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
-    // TODO: Support implicit into() in ? so that this match becomes unnecessary
-    let domain_separation_context = match DomainSeparationContext::new(context, None) {
-        Ok(domain_separation_context) => domain_separation_context,
-        Err(_) => return Err(SigningError::ContextTooLongError),
-    };
+    let domain_separation_context = DomainSeparationContext::new(context, None)?;
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -585,11 +577,8 @@ pub(crate) fn verify<
     context: &[u8],
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
-    // TODO: Support implicit into() in ? so that this match becomes unnecessary
-    let domain_separation_context = match DomainSeparationContext::new(context, None) {
-        Ok(domain_separation_context) => domain_separation_context,
-        Err(_) => return Err(VerificationError::ContextTooLongError),
-    };
+    // We manually do the matching here to make Eurydice happy.
+    let domain_separation_context = DomainSeparationContext::new(context, None)?;
     verify_internal::<
         SIMDUnit,
         Shake128X4,
@@ -646,11 +635,7 @@ pub(crate) fn verify_pre_hashed<
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
     let pre_hashed_message = PH::hash::<Shake128>(message);
-    let oid = PH::oid();
-    let domain_separation_context = match DomainSeparationContext::new(context, Some(&oid)) {
-        Ok(domain_separation_context) => domain_separation_context,
-        Err(_) => return Err(VerificationError::ContextTooLongError),
-    };
+    let domain_separation_context = DomainSeparationContext::new(context, Some(&PH::OID))?;
 
     verify_internal::<
         SIMDUnit,
diff --git a/libcrux-ml-dsa/src/pre_hash.rs b/libcrux-ml-dsa/src/pre_hash.rs
index ff635536c..7c259c26c 100644
--- a/libcrux-ml-dsa/src/pre_hash.rs
+++ b/libcrux-ml-dsa/src/pre_hash.rs
@@ -4,7 +4,7 @@
 //! of FIPS 204, any NIST-approved hash function or XOF can be used to
 //!/perform the pre-hash of the message. This module implements the
 //! pre-hash trait for SHAKE-128, with a digest length of 256 bytes.
-use crate::{constants::CONTEXT_MAX_LEN, hash_functions};
+use crate::{constants::CONTEXT_MAX_LEN, hash_functions, SigningError, VerificationError};
 
 pub(crate) const PRE_HASH_OID_LEN: usize = 11;
 pub(crate) type PreHashOID = [u8; PRE_HASH_OID_LEN];
@@ -12,7 +12,7 @@ pub(crate) type PreHashOID = [u8; PRE_HASH_OID_LEN];
 pub(crate) trait PreHash<const DIGEST_LEN: usize> {
     /// The object identifier (OID) of the hash function or XOF used
     /// to perform the pre-hashing of the message.
-    fn oid() -> PreHashOID;
+    const OID: PreHashOID;
 
     /// Used to derive the pre-hash PH of the message before signing.
     fn hash<Shake128: hash_functions::shake128::Xof>(message: &[u8]) -> [u8; DIGEST_LEN];
@@ -24,12 +24,11 @@ pub(crate) trait PreHash<const DIGEST_LEN: usize> {
 pub(crate) struct SHAKE128_PH();
 
 impl PreHash<256> for SHAKE128_PH {
-    fn oid() -> PreHashOID {
-        [
-            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0b,
-        ]
-    }
+    const OID: PreHashOID = [
+        0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0b,
+    ];
 
+    #[inline(always)]
     fn hash<Shake128: hash_functions::shake128::Xof>(message: &[u8]) -> [u8; 256] {
         let mut output = [0u8; 256];
         Shake128::shake128(message, &mut output);
@@ -77,3 +76,21 @@ impl<'a> DomainSeparationContext<'a> {
         self.pre_hash_oid
     }
 }
+
+impl From<DomainSeparationError> for SigningError {
+    fn from(e: DomainSeparationError) -> SigningError {
+        match e {
+            DomainSeparationError::ContextTooLongError => SigningError::ContextTooLongError,
+        }
+    }
+}
+
+impl From<DomainSeparationError> for VerificationError {
+    fn from(e: DomainSeparationError) -> VerificationError {
+        match e {
+            DomainSeparationError::ContextTooLongError => {
+                VerificationError::VerificationContextTooLongError
+            }
+        }
+    }
+}
diff --git a/libcrux-ml-dsa/src/types.rs b/libcrux-ml-dsa/src/types.rs
index c0304c654..8cc04494d 100644
--- a/libcrux-ml-dsa/src/types.rs
+++ b/libcrux-ml-dsa/src/types.rs
@@ -71,7 +71,9 @@ pub enum VerificationError {
     MalformedHintError,
     SignerResponseExceedsBoundError,
     CommitmentHashesDontMatchError,
-    ContextTooLongError,
+    // FIXME: Eurydice can't handle enum variants with the same name
+    // https://github.com/AeneasVerif/eurydice/issues/102
+    VerificationContextTooLongError,
 }
 
 #[derive(Debug)]

From 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 12:31:36 +0000
Subject: [PATCH 070/142] first C extraction

---
 libcrux-ml-dsa/cg/libcrux_core.h             |  455 ++
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 5651 ++++++++++++++++
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 6276 ++++++++++++++++++
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        | 2571 +++++++
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    | 4931 ++++++++++++++
 5 files changed, 19884 insertions(+)
 create mode 100644 libcrux-ml-dsa/cg/libcrux_core.h
 create mode 100644 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
 create mode 100644 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
 create mode 100644 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
 create mode 100644 libcrux-ml-dsa/cg/libcrux_sha3_portable.h

diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
new file mode 100644
index 000000000..50d5433fc
--- /dev/null
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -0,0 +1,455 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ *
+ * This code was generated with the following revisions:
+ * Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+ * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+ * F*: b0961063393215ca65927f017720cb365a193833-dirty
+ * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ */
+
+#ifndef __libcrux_core_H
+#define __libcrux_core_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include "eurydice_glue.h"
+
+/**
+A monomorphic instance of core.ops.range.Range
+with types size_t
+
+*/
+typedef struct core_ops_range_Range_08_s {
+  size_t start;
+  size_t end;
+} core_ops_range_Range_08;
+
+static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y);
+
+static inline uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y);
+
+#define None 0
+#define Some 1
+
+typedef uint8_t Option_08_tags;
+
+/**
+A monomorphic instance of core.option.Option
+with types size_t
+
+*/
+typedef struct Option_08_s {
+  Option_08_tags tag;
+  size_t f0;
+} Option_08;
+
+#define Ok 0
+#define Err 1
+
+typedef uint8_t Result_a9_tags;
+
+/**
+A monomorphic instance of core.result.Result
+with types (), core_fmt_Error
+
+*/
+typedef struct Result_a9_s {
+  Result_a9_tags tag;
+  void *f0;
+} Result_a9;
+
+static inline Result_a9 core_fmt__core__fmt__Formatter__a__9__write_str(
+    core_fmt_Formatter *x0, Prims_string x1);
+
+static inline uint32_t core_num__i32_2__count_ones(int32_t x0);
+
+static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
+
+static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]);
+
+/**
+A monomorphic instance of core.result.Result
+with types uint8_t[10size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_9d_s {
+  Result_a9_tags tag;
+  union {
+    uint8_t case_Ok[10U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_9d;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types uint8_t[10size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_ce(Result_9d self, uint8_t ret[10U]) {
+  if (self.tag == Ok) {
+    uint8_t f0[10U];
+    memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t));
+    memcpy(ret, f0, (size_t)10U * sizeof(uint8_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
+/**
+A monomorphic instance of core.result.Result
+with types uint8_t[13size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_b0_s {
+  Result_a9_tags tag;
+  union {
+    uint8_t case_Ok[13U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_b0;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types uint8_t[13size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_23(Result_b0 self, uint8_t ret[13U]) {
+  if (self.tag == Ok) {
+    uint8_t f0[13U];
+    memcpy(f0, self.val.case_Ok, (size_t)13U * sizeof(uint8_t));
+    memcpy(ret, f0, (size_t)13U * sizeof(uint8_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
+typedef struct libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature_s {
+  uint8_t value[3309U];
+} libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature;
+
+/**
+ A reference to the raw byte array.
+*/
+/**
+This function found in impl {libcrux_ml_dsa::types::MLDSASignature<SIZE>#4}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.types.as_raw_8f
+with const generics
+- SIZE= 3309
+*/
+static inline uint8_t *libcrux_ml_dsa_types_as_raw_8f_fa(
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *self) {
+  return self->value;
+}
+
+#define libcrux_ml_dsa_types_MalformedHintError 0
+#define libcrux_ml_dsa_types_SignerResponseExceedsBoundError 1
+#define libcrux_ml_dsa_types_CommitmentHashesDontMatchError 2
+#define libcrux_ml_dsa_types_VerificationContextTooLongError 3
+
+typedef uint8_t libcrux_ml_dsa_types_VerificationError;
+
+/**
+A monomorphic instance of core.result.Result
+with types (), libcrux_ml_dsa_types_VerificationError
+
+*/
+typedef struct Result_41_s {
+  Result_a9_tags tag;
+  libcrux_ml_dsa_types_VerificationError f0;
+} Result_41;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.types.MLDSAVerificationKey
+with const generics
+- $1952size_t
+*/
+typedef struct libcrux_ml_dsa_types_MLDSAVerificationKey_ea_s {
+  uint8_t value[1952U];
+} libcrux_ml_dsa_types_MLDSAVerificationKey_ea;
+
+/**
+ A reference to the raw byte array.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::types::MLDSAVerificationKey<SIZE>#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.types.as_raw_66
+with const generics
+- SIZE= 1952
+*/
+static inline uint8_t *libcrux_ml_dsa_types_as_raw_66_97(
+    libcrux_ml_dsa_types_MLDSAVerificationKey_ea *self) {
+  return self->value;
+}
+
+#define libcrux_ml_dsa_types_RejectionSamplingError 0
+#define libcrux_ml_dsa_types_ContextTooLongError 1
+
+typedef uint8_t libcrux_ml_dsa_types_SigningError;
+
+/**
+A monomorphic instance of core.result.Result
+with types libcrux_ml_dsa_types_MLDSASignature[[$3309size_t]],
+libcrux_ml_dsa_types_SigningError
+
+*/
+typedef struct Result_2e_s {
+  Result_a9_tags tag;
+  union {
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature case_Ok;
+    libcrux_ml_dsa_types_SigningError case_Err;
+  } val;
+} Result_2e;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.types.MLDSASigningKey
+with const generics
+- $4032size_t
+*/
+typedef struct libcrux_ml_dsa_types_MLDSASigningKey_22_s {
+  uint8_t value[4032U];
+} libcrux_ml_dsa_types_MLDSASigningKey_22;
+
+/**
+ A reference to the raw byte array.
+*/
+/**
+This function found in impl {libcrux_ml_dsa::types::MLDSASigningKey<SIZE>}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.types.as_raw_9b
+with const generics
+- SIZE= 4032
+*/
+static inline uint8_t *libcrux_ml_dsa_types_as_raw_9b_09(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *self) {
+  return self->value;
+}
+
+/**
+ Build
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::types::MLDSAVerificationKey<SIZE>#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.types.new_66
+with const generics
+- SIZE= 1952
+*/
+static inline libcrux_ml_dsa_types_MLDSAVerificationKey_ea
+libcrux_ml_dsa_types_new_66_97(uint8_t value[1952U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_value[1952U];
+  memcpy(copy_of_value, value, (size_t)1952U * sizeof(uint8_t));
+  libcrux_ml_dsa_types_MLDSAVerificationKey_ea lit;
+  memcpy(lit.value, copy_of_value, (size_t)1952U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+ Build
+*/
+/**
+This function found in impl {libcrux_ml_dsa::types::MLDSASigningKey<SIZE>}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.types.new_9b
+with const generics
+- SIZE= 4032
+*/
+static inline libcrux_ml_dsa_types_MLDSASigningKey_22
+libcrux_ml_dsa_types_new_9b_09(uint8_t value[4032U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_value[4032U];
+  memcpy(copy_of_value, value, (size_t)4032U * sizeof(uint8_t));
+  libcrux_ml_dsa_types_MLDSASigningKey_22 lit;
+  memcpy(lit.value, copy_of_value, (size_t)4032U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+ Pad the `slice` with `0`s at the end.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.utils.into_padded_array
+with const generics
+- LEN= 66
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_utils_into_padded_array_20(
+    Eurydice_slice slice, uint8_t ret[66U]) {
+  uint8_t out[66U] = {0U};
+  uint8_t *uu____0 = out;
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(uu____0, (size_t)0U,
+                                  Eurydice_slice_len(slice, uint8_t), uint8_t),
+      slice, uint8_t);
+  memcpy(ret, out, (size_t)66U * sizeof(uint8_t));
+}
+
+/**
+ Pad the `slice` with `0`s at the end.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.utils.into_padded_array
+with const generics
+- LEN= 34
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_utils_into_padded_array_b6(
+    Eurydice_slice slice, uint8_t ret[34U]) {
+  uint8_t out[34U] = {0U};
+  uint8_t *uu____0 = out;
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(uu____0, (size_t)0U,
+                                  Eurydice_slice_len(slice, uint8_t), uint8_t),
+      slice, uint8_t);
+  memcpy(ret, out, (size_t)34U * sizeof(uint8_t));
+}
+
+/**
+A monomorphic instance of core.option.Option
+with types Eurydice_slice int32_t
+
+*/
+typedef struct Option_93_s {
+  Option_08_tags tag;
+  Eurydice_slice f0;
+} Option_93;
+
+/**
+A monomorphic instance of core.option.Option
+with types Eurydice_slice uint8_t
+
+*/
+typedef struct Option_1b_s {
+  Option_08_tags tag;
+  Eurydice_slice f0;
+} Option_1b;
+
+/**
+A monomorphic instance of core.result.Result
+with types int32_t[8size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_6c_s {
+  Result_a9_tags tag;
+  union {
+    int32_t case_Ok[8U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_6c;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types int32_t[8size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_55(Result_6c self, int32_t ret[8U]) {
+  if (self.tag == Ok) {
+    int32_t f0[8U];
+    memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(int32_t));
+    memcpy(ret, f0, (size_t)8U * sizeof(int32_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
+/**
+A monomorphic instance of core.option.Option
+with types  uint8_t*
+
+*/
+typedef struct Option_3f_s {
+  Option_08_tags tag;
+  uint8_t *f0;
+} Option_3f;
+
+typedef struct libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair_s {
+  libcrux_ml_dsa_types_MLDSASigningKey_22 signing_key;
+  libcrux_ml_dsa_types_MLDSAVerificationKey_ea verification_key;
+} libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair;
+
+typedef struct Eurydice_slice_uint8_t_4size_t__x2_s {
+  Eurydice_slice fst[4U];
+  Eurydice_slice snd[4U];
+} Eurydice_slice_uint8_t_4size_t__x2;
+
+/**
+A monomorphic instance of core.result.Result
+with types uint8_t[8size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_15_s {
+  Result_a9_tags tag;
+  union {
+    uint8_t case_Ok[8U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_15;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types uint8_t[8size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) {
+  if (self.tag == Ok) {
+    uint8_t f0[8U];
+    memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));
+    memcpy(ret, f0, (size_t)8U * sizeof(uint8_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
+typedef struct Eurydice_slice_uint8_t_x2_s {
+  Eurydice_slice fst;
+  Eurydice_slice snd;
+} Eurydice_slice_uint8_t_x2;
+
+typedef struct Eurydice_slice_uint8_t_1size_t__x2_s {
+  Eurydice_slice fst[1U];
+  Eurydice_slice snd[1U];
+} Eurydice_slice_uint8_t_1size_t__x2;
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __libcrux_core_H_DEFINED
+#endif
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
new file mode 100644
index 000000000..6d3d3112f
--- /dev/null
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -0,0 +1,5651 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ *
+ * This code was generated with the following revisions:
+ * Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+ * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+ * F*: b0961063393215ca65927f017720cb365a193833-dirty
+ * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ */
+
+#ifndef __libcrux_mldsa65_avx2_H
+#define __libcrux_mldsa65_avx2_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include "eurydice_glue.h"
+#include "intrinsics/libcrux_intrinsics_avx2.h"
+#include "libcrux_core.h"
+#include "libcrux_mldsa65_portable.h"
+#include "libcrux_sha3_avx2.h"
+#include "libcrux_sha3_portable.h"
+
+typedef libcrux_sha3_avx2_x4_incremental_KeccakState
+    libcrux_ml_dsa_hash_functions_simd256_Shake128x4;
+
+/**
+ Init the state and absorb 4 blocks in parallel.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
+libcrux_ml_dsa_hash_functions_simd256_init_absorb(Eurydice_slice input0,
+                                                  Eurydice_slice input1,
+                                                  Eurydice_slice input2,
+                                                  Eurydice_slice input3) {
+  libcrux_sha3_generic_keccak_KeccakState_55 state =
+      libcrux_sha3_avx2_x4_incremental_init();
+  libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(&state, input0, input1,
+                                                         input2, input3);
+  return state;
+}
+
+typedef libcrux_sha3_portable_KeccakState
+    libcrux_ml_dsa_hash_functions_simd256_Shake256;
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_portable_KeccakState
+libcrux_ml_dsa_hash_functions_simd256_init_absorb_final_shake256(
+    Eurydice_slice input) {
+  libcrux_sha3_generic_keccak_KeccakState_17 state =
+      libcrux_sha3_portable_incremental_shake256_init();
+  libcrux_sha3_portable_incremental_shake256_absorb_final(&state, input);
+  return state;
+}
+
+typedef libcrux_sha3_avx2_x4_incremental_KeccakState
+    libcrux_ml_dsa_hash_functions_simd256_Shake256x4;
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
+libcrux_ml_dsa_hash_functions_simd256_init_absorb_x4(Eurydice_slice input0,
+                                                     Eurydice_slice input1,
+                                                     Eurydice_slice input2,
+                                                     Eurydice_slice input3) {
+  libcrux_sha3_generic_keccak_KeccakState_55 state =
+      libcrux_sha3_avx2_x4_incremental_init();
+  libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(&state, input0, input1,
+                                                         input2, input3);
+  return state;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_shake256(
+    libcrux_sha3_portable_KeccakState *state, uint8_t ret[136U]) {
+  uint8_t out[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+      state, Eurydice_array_to_slice((size_t)136U, out, uint8_t));
+  memcpy(ret, out, (size_t)136U * sizeof(uint8_t));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_x4(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *state) {
+  uint8_t out0[136U] = {0U};
+  uint8_t out1[136U] = {0U};
+  uint8_t out2[136U] = {0U};
+  uint8_t out3[136U] = {0U};
+  libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
+      state, Eurydice_array_to_slice((size_t)136U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)136U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)136U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)136U, out3, uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[136U];
+  memcpy(copy_of_out0, out0, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[136U];
+  memcpy(copy_of_out1, out1, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[136U];
+  memcpy(copy_of_out2, out2, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out3[136U];
+  memcpy(copy_of_out3, out3, (size_t)136U * sizeof(uint8_t));
+  uint8_t_136size_t__x4 lit;
+  memcpy(lit.fst, copy_of_out0, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_out1, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.thd, copy_of_out2, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.f3, copy_of_out3, (size_t)136U * sizeof(uint8_t));
+  return lit;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *state, uint8_t *out0,
+    uint8_t *out1, uint8_t *out2, uint8_t *out3) {
+  libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks(
+      state, Eurydice_array_to_slice((size_t)840U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)840U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)840U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)840U, out3, uint8_t));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE uint8_t_168size_t__x4
+libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *state) {
+  uint8_t out0[168U] = {0U};
+  uint8_t out1[168U] = {0U};
+  uint8_t out2[168U] = {0U};
+  uint8_t out3[168U] = {0U};
+  libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(
+      state, Eurydice_array_to_slice((size_t)168U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)168U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)168U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)168U, out3, uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[168U];
+  memcpy(copy_of_out0, out0, (size_t)168U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[168U];
+  memcpy(copy_of_out1, out1, (size_t)168U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[168U];
+  memcpy(copy_of_out2, out2, (size_t)168U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out3[168U];
+  memcpy(copy_of_out3, out3, (size_t)168U * sizeof(uint8_t));
+  uint8_t_168size_t__x4 lit;
+  memcpy(lit.fst, copy_of_out0, (size_t)168U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_out1, (size_t)168U * sizeof(uint8_t));
+  memcpy(lit.thd, copy_of_out2, (size_t)168U * sizeof(uint8_t));
+  memcpy(lit.f3, copy_of_out3, (size_t)168U * sizeof(uint8_t));
+  return lit;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_shake256(
+    libcrux_sha3_portable_KeccakState *state, uint8_t ret[136U]) {
+  uint8_t out[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+      state, Eurydice_array_to_slice((size_t)136U, out, uint8_t));
+  memcpy(ret, out, (size_t)136U * sizeof(uint8_t));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *state) {
+  uint8_t out0[136U] = {0U};
+  uint8_t out1[136U] = {0U};
+  uint8_t out2[136U] = {0U};
+  uint8_t out3[136U] = {0U};
+  libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block(
+      state, Eurydice_array_to_slice((size_t)136U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)136U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)136U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)136U, out3, uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[136U];
+  memcpy(copy_of_out0, out0, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[136U];
+  memcpy(copy_of_out1, out1, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[136U];
+  memcpy(copy_of_out2, out2, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out3[136U];
+  memcpy(copy_of_out3, out3, (size_t)136U * sizeof(uint8_t));
+  uint8_t_136size_t__x4 lit;
+  memcpy(lit.fst, copy_of_out0, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_out1, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.thd, copy_of_out2, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.f3, copy_of_out3, (size_t)136U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+ Init the state and absorb 4 blocks in parallel.
+*/
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake128x4)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
+libcrux_ml_dsa_hash_functions_simd256_init_absorb_7b(Eurydice_slice input0,
+                                                     Eurydice_slice input1,
+                                                     Eurydice_slice input2,
+                                                     Eurydice_slice input3) {
+  return libcrux_ml_dsa_hash_functions_simd256_init_absorb(input0, input1,
+                                                           input2, input3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake128x4)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t *out0,
+    uint8_t *out1, uint8_t *out2, uint8_t *out3) {
+  libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks(
+      self, out0, out1, out2, out3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake128x4)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE uint8_t_168size_t__x4
+libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *self) {
+  return libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block(self);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::simd256::Shake256)#1}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_portable_KeccakState
+libcrux_ml_dsa_hash_functions_simd256_init_absorb_final_d9(
+    Eurydice_slice input) {
+  return libcrux_ml_dsa_hash_functions_simd256_init_absorb_final_shake256(
+      input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::simd256::Shake256)#1}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_d9(
+    libcrux_sha3_portable_KeccakState *self, uint8_t ret[136U]) {
+  libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_shake256(self, ret);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::simd256::Shake256)#1}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_d9(
+    libcrux_sha3_portable_KeccakState *self, uint8_t ret[136U]) {
+  libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_shake256(self, ret);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake256x4)#2}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState
+libcrux_ml_dsa_hash_functions_simd256_init_absorb_x4_fb(Eurydice_slice input0,
+                                                        Eurydice_slice input1,
+                                                        Eurydice_slice input2,
+                                                        Eurydice_slice input3) {
+  return libcrux_ml_dsa_hash_functions_simd256_init_absorb_x4(input0, input1,
+                                                              input2, input3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake256x4)#2}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_x4_fb(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *self) {
+  return libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_x4(self);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake256x4)#2}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4_fb(
+    libcrux_sha3_avx2_x4_incremental_KeccakState *self) {
+  return libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4(self);
+}
+
+typedef __m256i libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit;
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i libcrux_ml_dsa_simd_avx2_vector_type_ZERO(void) {
+  return libcrux_intrinsics_avx2_mm256_setzero_si256();
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_dsa_simd_avx2_ZERO_a2(void) {
+  return libcrux_ml_dsa_simd_avx2_vector_type_ZERO();
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i
+libcrux_ml_dsa_simd_avx2_vector_type_from_coefficient_array(
+    Eurydice_slice coefficient_array) {
+  return libcrux_intrinsics_avx2_mm256_loadu_si256_i32(coefficient_array);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
+    Eurydice_slice coefficient_array) {
+  return libcrux_ml_dsa_simd_avx2_vector_type_from_coefficient_array(
+      coefficient_array);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_vector_type_to_coefficient_array(
+    __m256i *x, int32_t ret[8U]) {
+  int32_t coefficient_array[8U] = {0U};
+  libcrux_intrinsics_avx2_mm256_storeu_si256_i32(
+      Eurydice_array_to_slice((size_t)8U, coefficient_array, int32_t), x[0U]);
+  memcpy(ret, coefficient_array, (size_t)8U * sizeof(int32_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_to_coefficient_array_a2(
+    __m256i *self, int32_t ret[8U]) {
+  libcrux_ml_dsa_simd_avx2_vector_type_to_coefficient_array(self, ret);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_add(__m256i lhs, __m256i rhs) {
+  return libcrux_intrinsics_avx2_mm256_add_epi32(lhs, rhs);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_dsa_simd_avx2_add_a2(__m256i *lhs,
+                                                               __m256i *rhs) {
+  return libcrux_ml_dsa_simd_avx2_arithmetic_add(lhs[0U], rhs[0U]);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_subtract(__m256i lhs, __m256i rhs) {
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(lhs, rhs);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_subtract_a2(__m256i *lhs, __m256i *rhs) {
+  return libcrux_ml_dsa_simd_avx2_arithmetic_subtract(lhs[0U], rhs[0U]);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_simd_avx2_arithmetic_infinity_norm_exceeds(__m256i simd_unit,
+                                                          int32_t bound) {
+  __m256i absolute_values = libcrux_intrinsics_avx2_mm256_abs_epi32(simd_unit);
+  __m256i bound0 = libcrux_intrinsics_avx2_mm256_set1_epi32(bound - (int32_t)1);
+  __m256i compare_with_bound =
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi32(absolute_values, bound0);
+  int32_t result = libcrux_intrinsics_avx2_mm256_testz_si256(
+      compare_with_bound, compare_with_bound);
+  bool uu____0;
+  if (result == (int32_t)1) {
+    uu____0 = false;
+  } else {
+    uu____0 = true;
+  }
+  return uu____0;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool libcrux_ml_dsa_simd_avx2_infinity_norm_exceeds_a2(
+    __m256i simd_unit, int32_t bound) {
+  return libcrux_ml_dsa_simd_avx2_arithmetic_infinity_norm_exceeds(simd_unit,
+                                                                   bound);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_to_unsigned_representatives(__m256i t) {
+  __m256i signs =
+      libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)31, t, __m256i);
+  __m256i conditional_add_field_modulus =
+      libcrux_intrinsics_avx2_mm256_and_si256(
+          signs, libcrux_intrinsics_avx2_mm256_set1_epi32(
+                     LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS));
+  return libcrux_intrinsics_avx2_mm256_add_epi32(t,
+                                                 conditional_add_field_modulus);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(__m256i lhs,
+                                                        __m256i rhs) {
+  __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
+      LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  __m256i inverse_of_modulus_mod_montgomery_r =
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          (int32_t)
+              LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R);
+  __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epi32(lhs, rhs);
+  __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i),
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i));
+  __m256i k02 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      prod02, inverse_of_modulus_mod_montgomery_r);
+  __m256i k13 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      prod13, inverse_of_modulus_mod_montgomery_r);
+  __m256i c02 = libcrux_intrinsics_avx2_mm256_mul_epi32(k02, field_modulus);
+  __m256i c13 = libcrux_intrinsics_avx2_mm256_mul_epi32(k13, field_modulus);
+  __m256i res02 = libcrux_intrinsics_avx2_mm256_sub_epi32(prod02, c02);
+  __m256i res13 = libcrux_intrinsics_avx2_mm256_sub_epi32(prod13, c13);
+  __m256i res02_shifted =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, res02, __m256i);
+  return libcrux_intrinsics_avx2_mm256_blend_epi32((int32_t)170, res02_shifted,
+                                                   res13, __m256i);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_montgomery_multiply_a2(__m256i lhs, __m256i rhs) {
+  return libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(lhs, rhs);
+}
+
+typedef struct core_core_arch_x86___m256i_x2_s {
+  __m256i fst;
+  __m256i snd;
+} core_core_arch_x86___m256i_x2;
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_arithmetic_power2round(__m256i r) {
+  __m256i r2 =
+      libcrux_ml_dsa_simd_avx2_arithmetic_to_unsigned_representatives(r);
+  __m256i r1 = libcrux_intrinsics_avx2_mm256_add_epi32(
+      r2, libcrux_intrinsics_avx2_mm256_set1_epi32(
+              ((int32_t)1
+               << (uint32_t)(LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T -
+                             (size_t)1U)) -
+              (int32_t)1));
+  __m256i r10 =
+      libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)13, r1, __m256i);
+  __m256i r0 =
+      libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)13, r10, __m256i);
+  __m256i r00 = libcrux_intrinsics_avx2_mm256_sub_epi32(r2, r0);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = r00, .snd = r10});
+}
+
+typedef struct libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2_s {
+  __m256i fst;
+  __m256i snd;
+} libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2;
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2
+libcrux_ml_dsa_simd_avx2_power2round_a2(__m256i simd_unit) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_arithmetic_power2round(simd_unit);
+  __m256i lower = uu____0.fst;
+  __m256i upper = uu____0.snd;
+  return (CLITERAL(libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2){
+      .fst = lower, .snd = upper});
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_REJECTION_SAMPLE_LESS_THAN_FIELD_MODULUS_BYTESTREAM_TO_POTENTIAL_COEFFICIENTS_COEFFICIENT_MASK \
+  (((int32_t)1 << 23U) - (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_bytestream_to_potential_coefficients(
+    Eurydice_slice serialized) {
+  uint8_t serialized_extended[32U] = {0U};
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
+      (size_t)32U, serialized_extended, (size_t)24U, uint8_t, size_t);
+  Eurydice_slice_copy(uu____0, serialized, uint8_t);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+      Eurydice_array_to_slice((size_t)32U, serialized_extended, uint8_t));
+  __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi32(
+                        (int32_t)0, (int32_t)5, (int32_t)4, (int32_t)3,
+                        (int32_t)0, (int32_t)2, (int32_t)1, (int32_t)0));
+  __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      coefficients0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)-1, (int8_t)8,
+          (int8_t)7, (int8_t)6, (int8_t)-1, (int8_t)5, (int8_t)4, (int8_t)3,
+          (int8_t)-1, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)11,
+          (int8_t)10, (int8_t)9, (int8_t)-1, (int8_t)8, (int8_t)7, (int8_t)6,
+          (int8_t)-1, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)-1, (int8_t)2,
+          (int8_t)1, (int8_t)0));
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients1,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_REJECTION_SAMPLE_LESS_THAN_FIELD_MODULUS_BYTESTREAM_TO_POTENTIAL_COEFFICIENTS_COEFFICIENT_MASK));
+}
+
+static const uint8_t
+    libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE
+        [16U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U},
+                      {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U},
+                      {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U},
+                      {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U,
+                       255U, 255U, 255U},
+                      {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U},
+                      {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U,
+                       255U, 255U, 255U},
+                      {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
+                       255U, 255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
+                       255U, 255U, 255U, 255U},
+                      {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
+                       255U, 255U, 255U, 255U},
+                      {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U,
+                       13U, 14U, 15U}};
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_sample(
+    Eurydice_slice input, Eurydice_slice output) {
+  __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
+      LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  __m256i potential_coefficients =
+      libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_bytestream_to_potential_coefficients(
+          input);
+  __m256i compare_with_field_modulus =
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi32(field_modulus,
+                                                potential_coefficients);
+  int32_t good = libcrux_intrinsics_avx2_mm256_movemask_ps(
+      libcrux_intrinsics_avx2_mm256_castsi256_ps(compare_with_field_modulus));
+  int32_t good_lower_half = good & (int32_t)15;
+  int32_t good_upper_half = good >> 4U;
+  uint8_t lower_shuffles[16U];
+  memcpy(lower_shuffles,
+         libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE[(
+             size_t)good_lower_half],
+         (size_t)16U * sizeof(uint8_t));
+  __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
+  __m128i lower_coefficients =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients);
+  __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      lower_coefficients, lower_shuffles0);
+  libcrux_intrinsics_avx2_mm_storeu_si128_i32(
+      Eurydice_slice_subslice2(output, (size_t)0U, (size_t)4U, int32_t),
+      lower_coefficients0);
+  size_t sampled_count = (size_t)core_num__i32_2__count_ones(good_lower_half);
+  uint8_t upper_shuffles[16U];
+  memcpy(upper_shuffles,
+         libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE[(
+             size_t)good_upper_half],
+         (size_t)16U * sizeof(uint8_t));
+  __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t));
+  __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+      (int32_t)1, potential_coefficients, __m128i);
+  __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      upper_coefficients, upper_shuffles0);
+  libcrux_intrinsics_avx2_mm_storeu_si128_i32(
+      Eurydice_slice_subslice2(output, sampled_count,
+                               sampled_count + (size_t)4U, int32_t),
+      upper_coefficients0);
+  size_t uu____0 = sampled_count;
+  return uu____0 + (size_t)core_num__i32_2__count_ones(good_upper_half);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  return libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_sample(
+      randomness, out);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_DESERIALIZE_TO_UNSIGNED_WHEN_ETA_IS_2_COEFFICIENT_MASK \
+  (((int32_t)1 << 3U) - (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_when_eta_is_2(
+    Eurydice_slice bytes) {
+  __m256i bytes_in_simd_unit = libcrux_intrinsics_avx2_mm256_set_epi32(
+      (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)
+              << 8U |
+          (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)
+              << 8U |
+          (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *));
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+      bytes_in_simd_unit, libcrux_intrinsics_avx2_mm256_set_epi32(
+                              (int32_t)5, (int32_t)2, (int32_t)7, (int32_t)4,
+                              (int32_t)1, (int32_t)6, (int32_t)3, (int32_t)0));
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_DESERIALIZE_TO_UNSIGNED_WHEN_ETA_IS_2_COEFFICIENT_MASK));
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_DESERIALIZE_TO_UNSIGNED_WHEN_ETA_IS_4_COEFFICIENT_MASK \
+  (((int32_t)1 << 4U) - (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_when_eta_is_4(
+    Eurydice_slice bytes) {
+  __m256i bytes_in_simd_unit = libcrux_intrinsics_avx2_mm256_set_epi32(
+      (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *),
+      (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *));
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+      bytes_in_simd_unit, libcrux_intrinsics_avx2_mm256_set_epi32(
+                              (int32_t)4, (int32_t)0, (int32_t)4, (int32_t)0,
+                              (int32_t)4, (int32_t)0, (int32_t)4, (int32_t)0));
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_DESERIALIZE_TO_UNSIGNED_WHEN_ETA_IS_4_COEFFICIENT_MASK));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.avx2.encoding.error.deserialize_to_unsigned with const
+generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_ac(
+    Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_when_eta_is_4(
+      serialized);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.avx2.rejection_sample.less_than_eta.shift_interval with
+const generics
+- ETA= 2
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_shift_interval_fd(
+    __m256i coefficients) {
+  __m256i uu____0;
+  __m256i quotient = libcrux_intrinsics_avx2_mm256_mullo_epi32(
+      coefficients, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)26));
+  __m256i quotient0 =
+      libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)7, quotient, __m256i);
+  __m256i quotient1 = libcrux_intrinsics_avx2_mm256_mullo_epi32(
+      quotient0, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)5));
+  __m256i coefficients_mod_5 =
+      libcrux_intrinsics_avx2_mm256_sub_epi32(coefficients, quotient1);
+  uu____0 = libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)(size_t)2U),
+      coefficients_mod_5);
+  return uu____0;
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.avx2.rejection_sample.less_than_eta.sample with const
+generics
+- ETA= 2
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_sample_fd(
+    Eurydice_slice input, Eurydice_slice output) {
+  __m256i potential_coefficients =
+      libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_ac(input);
+  int32_t interval_boundary;
+  interval_boundary = (int32_t)15;
+  __m256i compare_with_interval_boundary =
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi32(
+          libcrux_intrinsics_avx2_mm256_set1_epi32(interval_boundary),
+          potential_coefficients);
+  int32_t good = libcrux_intrinsics_avx2_mm256_movemask_ps(
+      libcrux_intrinsics_avx2_mm256_castsi256_ps(
+          compare_with_interval_boundary));
+  int32_t good_lower_half = good & (int32_t)15;
+  int32_t good_upper_half = good >> 4U;
+  __m256i shifted =
+      libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_shift_interval_fd(
+          potential_coefficients);
+  uint8_t lower_shuffles[16U];
+  memcpy(lower_shuffles,
+         libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE[(
+             size_t)good_lower_half],
+         (size_t)16U * sizeof(uint8_t));
+  __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
+  __m128i lower_coefficients =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(shifted);
+  __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      lower_coefficients, lower_shuffles0);
+  libcrux_intrinsics_avx2_mm_storeu_si128_i32(
+      Eurydice_slice_subslice2(output, (size_t)0U, (size_t)4U, int32_t),
+      lower_coefficients0);
+  size_t sampled_count = (size_t)core_num__i32_2__count_ones(good_lower_half);
+  uint8_t upper_shuffles[16U];
+  memcpy(upper_shuffles,
+         libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE[(
+             size_t)good_upper_half],
+         (size_t)16U * sizeof(uint8_t));
+  __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t));
+  __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+      (int32_t)1, shifted, __m128i);
+  __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      upper_coefficients, upper_shuffles0);
+  libcrux_intrinsics_avx2_mm_storeu_si128_i32(
+      Eurydice_slice_subslice2(output, sampled_count,
+                               sampled_count + (size_t)4U, int32_t),
+      upper_coefficients0);
+  size_t uu____0 = sampled_count;
+  return uu____0 + (size_t)core_num__i32_2__count_ones(good_upper_half);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_2_a2(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  return libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_sample_fd(
+      randomness, out);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.avx2.rejection_sample.less_than_eta.shift_interval with
+const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_shift_interval_ac(
+    __m256i coefficients) {
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)(size_t)4U),
+      coefficients);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.avx2.rejection_sample.less_than_eta.sample with const
+generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_sample_ac(
+    Eurydice_slice input, Eurydice_slice output) {
+  __m256i potential_coefficients =
+      libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_ac(input);
+  int32_t interval_boundary;
+  interval_boundary = (int32_t)9;
+  __m256i compare_with_interval_boundary =
+      libcrux_intrinsics_avx2_mm256_cmpgt_epi32(
+          libcrux_intrinsics_avx2_mm256_set1_epi32(interval_boundary),
+          potential_coefficients);
+  int32_t good = libcrux_intrinsics_avx2_mm256_movemask_ps(
+      libcrux_intrinsics_avx2_mm256_castsi256_ps(
+          compare_with_interval_boundary));
+  int32_t good_lower_half = good & (int32_t)15;
+  int32_t good_upper_half = good >> 4U;
+  __m256i shifted =
+      libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_shift_interval_ac(
+          potential_coefficients);
+  uint8_t lower_shuffles[16U];
+  memcpy(lower_shuffles,
+         libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE[(
+             size_t)good_lower_half],
+         (size_t)16U * sizeof(uint8_t));
+  __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t));
+  __m128i lower_coefficients =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(shifted);
+  __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      lower_coefficients, lower_shuffles0);
+  libcrux_intrinsics_avx2_mm_storeu_si128_i32(
+      Eurydice_slice_subslice2(output, (size_t)0U, (size_t)4U, int32_t),
+      lower_coefficients0);
+  size_t sampled_count = (size_t)core_num__i32_2__count_ones(good_lower_half);
+  uint8_t upper_shuffles[16U];
+  memcpy(upper_shuffles,
+         libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_SHUFFLE_TABLE[(
+             size_t)good_upper_half],
+         (size_t)16U * sizeof(uint8_t));
+  __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t));
+  __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+      (int32_t)1, shifted, __m128i);
+  __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      upper_coefficients, upper_shuffles0);
+  libcrux_intrinsics_avx2_mm_storeu_si128_i32(
+      Eurydice_slice_subslice2(output, sampled_count,
+                               sampled_count + (size_t)4U, int32_t),
+      upper_coefficients0);
+  size_t uu____0 = sampled_count;
+  return uu____0 + (size_t)core_num__i32_2__count_ones(good_upper_half);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_4_a2(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  return libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_sample_ac(
+      randomness, out);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
+  ((int32_t)1 << 17U)
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
+  ((int32_t)1 << 19U)
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
+  ((int32_t)1 << 17U)
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_MASK \
+  ((LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1                  \
+    << 1U) -                                                                                             \
+   (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_gamma1_deserialize_when_gamma1_is_2_pow_17(
+    Eurydice_slice serialized) {
+  __m128i serialized_lower = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_slice_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t));
+  __m128i serialized_upper = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_slice_subslice2(serialized, (size_t)2U, (size_t)18U, uint8_t));
+  __m256i serialized0 = libcrux_intrinsics_avx2_mm256_set_m128i(
+      serialized_upper, serialized_lower);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      serialized0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)-1,
+          (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)-1, (int8_t)11,
+          (int8_t)10, (int8_t)9, (int8_t)-1, (int8_t)9, (int8_t)8, (int8_t)7,
+          (int8_t)-1, (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)-1, (int8_t)6,
+          (int8_t)5, (int8_t)4, (int8_t)-1, (int8_t)4, (int8_t)3, (int8_t)2,
+          (int8_t)-1, (int8_t)2, (int8_t)1, (int8_t)0));
+  __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi32(
+                        (int32_t)6, (int32_t)4, (int32_t)2, (int32_t)0,
+                        (int32_t)6, (int32_t)4, (int32_t)2, (int32_t)0));
+  __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients0,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_MASK));
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1),
+      coefficients1);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
+  ((int32_t)1 << 19U)
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1_TIMES_2_MASK \
+  ((LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1                  \
+    << 1U) -                                                                                             \
+   (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_gamma1_deserialize_when_gamma1_is_2_pow_19(
+    Eurydice_slice serialized) {
+  __m128i serialized_lower = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_slice_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t));
+  __m128i serialized_upper = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_slice_subslice2(serialized, (size_t)4U, (size_t)20U, uint8_t));
+  __m256i serialized0 = libcrux_intrinsics_avx2_mm256_set_m128i(
+      serialized_upper, serialized_lower);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      serialized0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)-1,
+          (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)-1, (int8_t)10, (int8_t)9,
+          (int8_t)8, (int8_t)-1, (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)-1,
+          (int8_t)9, (int8_t)8, (int8_t)7, (int8_t)-1, (int8_t)7, (int8_t)6,
+          (int8_t)5, (int8_t)-1, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)-1,
+          (int8_t)2, (int8_t)1, (int8_t)0));
+  __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi32(
+                        (int32_t)4, (int32_t)0, (int32_t)4, (int32_t)0,
+                        (int32_t)4, (int32_t)0, (int32_t)4, (int32_t)0));
+  __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients0,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1_TIMES_2_MASK));
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1),
+      coefficients1);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA \
+  ((int32_t)2)
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA \
+  ((int32_t)4)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_t0_change_interval(__m256i simd_unit) {
+  __m256i interval_end = libcrux_intrinsics_avx2_mm256_set1_epi32(
+      (int32_t)1
+      << (uint32_t)(LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T -
+                    (size_t)1U));
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(interval_end, simd_unit);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_encoding_t0_serialize(
+    __m256i simd_unit, uint8_t ret[13U]) {
+  uint8_t serialized[16U] = {0U};
+  __m256i simd_unit0 =
+      libcrux_ml_dsa_simd_avx2_encoding_t0_change_interval(simd_unit);
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      simd_unit0, libcrux_intrinsics_avx2_mm256_set_epi32(
+                      (int32_t)0, (int32_t)19, (int32_t)0, (int32_t)19,
+                      (int32_t)0, (int32_t)19, (int32_t)0, (int32_t)19));
+  __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)19, adjacent_2_combined, __m256i);
+  __m256i adjacent_4_combined =
+      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+          adjacent_2_combined0,
+          libcrux_intrinsics_avx2_mm256_set_epi32(
+              (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)6,
+              (int32_t)4, (int32_t)2, (int32_t)0));
+  __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_4_combined, libcrux_intrinsics_avx2_mm256_set_epi32(
+                               (int32_t)0, (int32_t)6, (int32_t)0, (int32_t)6,
+                               (int32_t)0, (int32_t)6, (int32_t)0, (int32_t)6));
+  __m256i adjacent_4_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)6, adjacent_4_combined0, __m256i);
+  __m256i second_4_combined = libcrux_intrinsics_avx2_mm256_bsrli_epi128(
+      (int32_t)8, adjacent_4_combined1, __m256i);
+  __m256i least_12_bits_shifted_up = libcrux_intrinsics_avx2_mm256_slli_epi64(
+      (int32_t)52, second_4_combined, __m256i);
+  __m256i bits_sequential = libcrux_intrinsics_avx2_mm256_add_epi64(
+      adjacent_4_combined1, least_12_bits_shifted_up);
+  __m256i bits_sequential0 = libcrux_intrinsics_avx2_mm256_srlv_epi64(
+      bits_sequential, libcrux_intrinsics_avx2_mm256_set_epi64x(
+                           (int64_t)0, (int64_t)0, (int64_t)12, (int64_t)0));
+  __m128i bits_sequential1 =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(bits_sequential0);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_slice((size_t)16U, serialized, uint8_t),
+      bits_sequential1);
+  uint8_t ret0[13U];
+  Result_b0 dst;
+  Eurydice_slice_to_array2(
+      &dst,
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)13U, uint8_t),
+      Eurydice_slice, uint8_t[13U]);
+  unwrap_26_23(dst, ret0);
+  memcpy(ret, ret0, (size_t)13U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_t0_serialize_a2(
+    __m256i simd_unit, uint8_t ret[13U]) {
+  libcrux_ml_dsa_simd_avx2_encoding_t0_serialize(simd_unit, ret);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_T0_DESERIALIZE_COEFFICIENT_MASK \
+  (((int32_t)1 << 13U) - (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_t0_deserialize(Eurydice_slice serialized) {
+  uint8_t serialized_extended[16U] = {0U};
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(serialized_extended, (size_t)0U, (size_t)13U,
+                                  uint8_t),
+      serialized, uint8_t);
+  __m128i serialized0 = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, serialized_extended, uint8_t));
+  __m256i serialized1 =
+      libcrux_intrinsics_avx2_mm256_set_m128i(serialized0, serialized0);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      serialized1,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)-1,
+          (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)-1, (int8_t)-1, (int8_t)9,
+          (int8_t)8, (int8_t)-1, (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)-1,
+          (int8_t)6, (int8_t)5, (int8_t)4, (int8_t)-1, (int8_t)-1, (int8_t)4,
+          (int8_t)3, (int8_t)-1, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)-1,
+          (int8_t)-1, (int8_t)1, (int8_t)0));
+  __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi32(
+                        (int32_t)3, (int32_t)6, (int32_t)1, (int32_t)4,
+                        (int32_t)7, (int32_t)2, (int32_t)5, (int32_t)0));
+  __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients0,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_T0_DESERIALIZE_COEFFICIENT_MASK));
+  return libcrux_ml_dsa_simd_avx2_encoding_t0_change_interval(coefficients1);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_t0_deserialize_a2(Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_avx2_encoding_t0_deserialize(serialized);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_encoding_t1_serialize(
+    __m256i simd_unit, uint8_t ret[10U]) {
+  uint8_t serialized[24U] = {0U};
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      simd_unit, libcrux_intrinsics_avx2_mm256_set_epi32(
+                     (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22,
+                     (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22));
+  __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)22, adjacent_2_combined, __m256i);
+  __m256i adjacent_4_combined =
+      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+          adjacent_2_combined0,
+          libcrux_intrinsics_avx2_mm256_set_epi32(
+              (int32_t)0, (int32_t)0, (int32_t)6, (int32_t)4, (int32_t)0,
+              (int32_t)0, (int32_t)2, (int32_t)0));
+  __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      adjacent_4_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi32(
+          (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0,
+          (int32_t)12, (int32_t)0, (int32_t)12));
+  __m256i adjacent_4_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)12, adjacent_4_combined0, __m256i);
+  __m128i lower_4 =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_4_combined1);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
+      lower_4);
+  __m128i upper_4 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+      (int32_t)1, adjacent_4_combined1, __m128i);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t),
+      upper_4);
+  uint8_t ret0[10U];
+  Result_9d dst;
+  Eurydice_slice_to_array2(
+      &dst,
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t),
+      Eurydice_slice, uint8_t[10U]);
+  unwrap_26_ce(dst, ret0);
+  memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_t1_serialize_a2(
+    __m256i simd_unit, uint8_t ret[10U]) {
+  libcrux_ml_dsa_simd_avx2_encoding_t1_serialize(simd_unit, ret);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_T1_DESERIALIZE_COEFFICIENT_MASK \
+  (((int32_t)1 << 10U) - (int32_t)1)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_t1_deserialize(Eurydice_slice bytes) {
+  uint8_t bytes_extended[16U] = {0U};
+  Eurydice_slice_copy(Eurydice_array_to_subslice2(bytes_extended, (size_t)0U,
+                                                  (size_t)10U, uint8_t),
+                      bytes, uint8_t);
+  __m128i bytes_loaded = libcrux_intrinsics_avx2_mm_loadu_si128(
+      Eurydice_array_to_slice((size_t)16U, bytes_extended, uint8_t));
+  __m256i bytes_loaded0 =
+      libcrux_intrinsics_avx2_mm256_set_m128i(bytes_loaded, bytes_loaded);
+  __m256i coefficients = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      bytes_loaded0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)9, (int8_t)8, (int8_t)-1, (int8_t)-1,
+          (int8_t)8, (int8_t)7, (int8_t)-1, (int8_t)-1, (int8_t)7, (int8_t)6,
+          (int8_t)-1, (int8_t)-1, (int8_t)6, (int8_t)5, (int8_t)-1, (int8_t)-1,
+          (int8_t)4, (int8_t)3, (int8_t)-1, (int8_t)-1, (int8_t)3, (int8_t)2,
+          (int8_t)-1, (int8_t)-1, (int8_t)2, (int8_t)1, (int8_t)-1, (int8_t)-1,
+          (int8_t)1, (int8_t)0));
+  __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+      coefficients, libcrux_intrinsics_avx2_mm256_set_epi32(
+                        (int32_t)6, (int32_t)4, (int32_t)2, (int32_t)0,
+                        (int32_t)6, (int32_t)4, (int32_t)2, (int32_t)0));
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      coefficients0,
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_T1_DESERIALIZE_COEFFICIENT_MASK));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_t1_deserialize_a2(Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_avx2_encoding_t1_deserialize(serialized);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7 \
+  ((size_t)2U * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT)
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+    __m256i *re, size_t index, __m256i zeta, size_t step_by,
+    __m256i field_modulus, __m256i inverse_of_modulus_mod_montgomery_r) {
+  __m256i prod02 =
+      libcrux_intrinsics_avx2_mm256_mul_epi32(re[index + step_by], zeta);
+  __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245,
+                                                  re[index + step_by], __m256i),
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, zeta, __m256i));
+  __m256i k02 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      prod02, inverse_of_modulus_mod_montgomery_r);
+  __m256i k13 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      prod13, inverse_of_modulus_mod_montgomery_r);
+  __m256i c02 = libcrux_intrinsics_avx2_mm256_mul_epi32(k02, field_modulus);
+  __m256i c13 = libcrux_intrinsics_avx2_mm256_mul_epi32(k13, field_modulus);
+  __m256i res02 = libcrux_intrinsics_avx2_mm256_sub_epi32(prod02, c02);
+  __m256i res13 = libcrux_intrinsics_avx2_mm256_sub_epi32(prod13, c13);
+  __m256i res02_shifted =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, res02, __m256i);
+  __m256i t = libcrux_intrinsics_avx2_mm256_blend_epi32(
+      (int32_t)170, res02_shifted, res13, __m256i);
+  re[index + step_by] =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[index], t);
+  re[index] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[index], t);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6 \
+  (((size_t)1U << 6U) / LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT)
+
+/**
+ This is equivalent to the pqclean 0 and 1
+
+ This does 32 Montgomery multiplications (192 multiplications).
+ This is the same as in pqclean. The only difference is locality of registers.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6(
+    __m256i *re) {
+  __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
+      LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  __m256i inverse_of_modulus_mod_montgomery_r =
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          (int32_t)
+              LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R);
+  __m256i zeta7 = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)25847);
+  __m256i zeta60 = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)-2608894);
+  __m256i zeta61 = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)-518909);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U + (size_t)1U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U + (size_t)2U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U + (size_t)3U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)8U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)8U + (size_t)1U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)8U + (size_t)2U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)8U + (size_t)3U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U + (size_t)1U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U + (size_t)2U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)0U + (size_t)3U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)16U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)16U + (size_t)1U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)16U + (size_t)2U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)16U + (size_t)3U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U + (size_t)1U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U + (size_t)2U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U + (size_t)3U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)12U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)12U + (size_t)1U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)12U + (size_t)2U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)12U + (size_t)3U, zeta7,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_7,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U + (size_t)1U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U + (size_t)2U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)4U + (size_t)3U, zeta60,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)20U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)20U + (size_t)1U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)20U + (size_t)2U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6_mul(
+      re, (size_t)20U + (size_t)3U, zeta61,
+      LIBCRUX_ML_DSA_SIMD_AVX2_NTT_NTT_AT_LAYER_7_AND_6_STEP_BY_6,
+      field_modulus, inverse_of_modulus_mod_montgomery_r);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.ntt.ntt_at_layer_5_to_3.round
+with const generics
+- STEP= 32
+- STEP_BY= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_f6(__m256i *re,
+                                                          size_t index,
+                                                          int32_t zeta) {
+  __m256i rhs = libcrux_intrinsics_avx2_mm256_set1_epi32(zeta);
+  size_t offset = index * (size_t)32U * (size_t)2U /
+                  LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT;
+  for (size_t i = offset; i < offset + (size_t)4U; i++) {
+    size_t j = i;
+    __m256i t = libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+        re[j + (size_t)4U], rhs);
+    re[j + (size_t)4U] = libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j], t);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.ntt.ntt_at_layer_5_to_3.round
+with const generics
+- STEP= 16
+- STEP_BY= 2
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(__m256i *re,
+                                                          size_t index,
+                                                          int32_t zeta) {
+  __m256i rhs = libcrux_intrinsics_avx2_mm256_set1_epi32(zeta);
+  size_t offset = index * (size_t)16U * (size_t)2U /
+                  LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT;
+  for (size_t i = offset; i < offset + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i t = libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+        re[j + (size_t)2U], rhs);
+    re[j + (size_t)2U] = libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j], t);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.ntt.ntt_at_layer_5_to_3.round
+with const generics
+- STEP= 8
+- STEP_BY= 1
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(__m256i *re,
+                                                          size_t index,
+                                                          int32_t zeta) {
+  __m256i rhs = libcrux_intrinsics_avx2_mm256_set1_epi32(zeta);
+  size_t offset = index * (size_t)8U * (size_t)2U /
+                  LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT;
+  for (size_t i = offset; i < offset + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i t = libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+        re[j + (size_t)1U], rhs);
+    re[j + (size_t)1U] = libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j], t);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], t);
+  }
+}
+
+/**
+ Layer 5, 4, 3
+
+ Each layer does 16 Montgomery multiplications -> 3*16 = 48 total
+ pqclean does 4 * 4 on each layer -> 48 total | plus 4 * 4 shuffles every time
+ (48)
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_f6(re, (size_t)0U,
+                                                            (int32_t)237124);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_f6(re, (size_t)1U,
+                                                            (int32_t)-777960);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_f6(re, (size_t)2U,
+                                                            (int32_t)-876248);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_f6(re, (size_t)3U,
+                                                            (int32_t)466468);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)0U,
+                                                            (int32_t)1826347);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)1U,
+                                                            (int32_t)2353451);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)2U,
+                                                            (int32_t)-359251);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)3U,
+                                                            (int32_t)-2091905);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)4U,
+                                                            (int32_t)3119733);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)5U,
+                                                            (int32_t)-2884855);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)6U,
+                                                            (int32_t)3111497);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_90(re, (size_t)7U,
+                                                            (int32_t)2680103);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)0U,
+                                                            (int32_t)2725464);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)1U,
+                                                            (int32_t)1024112);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)2U,
+                                                            (int32_t)-1079900);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)3U,
+                                                            (int32_t)3585928);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)4U,
+                                                            (int32_t)-549488);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)5U,
+                                                            (int32_t)-1119584);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)6U,
+                                                            (int32_t)2619752);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)7U,
+                                                            (int32_t)-2108549);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)8U,
+                                                            (int32_t)-2118186);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)9U,
+                                                            (int32_t)-3859737);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)10U,
+                                                            (int32_t)-1399561);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)11U,
+                                                            (int32_t)-3277672);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)12U,
+                                                            (int32_t)1757237);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)13U,
+                                                            (int32_t)-19422);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)14U,
+                                                            (int32_t)4010497);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3_round_7b(re, (size_t)15U,
+                                                            (int32_t)280005);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_ntt_butterfly_8(__m256i a, __m256i b, int32_t zeta0,
+                                         int32_t zeta1) {
+  __m256i summands = libcrux_intrinsics_avx2_mm256_set_m128i(
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(b),
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(a));
+  __m256i zeta_multiplicands = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+      (int32_t)19, b, a, __m256i);
+  __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi32(
+      zeta1, zeta1, zeta1, zeta1, zeta0, zeta0, zeta0, zeta0);
+  __m256i zeta_products =
+      libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+          zeta_multiplicands, zetas);
+  __m256i add_terms =
+      libcrux_ml_dsa_simd_avx2_arithmetic_add(summands, zeta_products);
+  __m256i sub_terms =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(summands, zeta_products);
+  __m256i a_out = libcrux_intrinsics_avx2_mm256_set_m128i(
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(sub_terms),
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(add_terms));
+  __m256i b_out = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+      (int32_t)19, sub_terms, add_terms, __m256i);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = a_out, .snd = b_out});
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+    __m256i *re, size_t index, int32_t zeta_0, int32_t zeta_1) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_ntt_butterfly_8(
+          re[index], re[index + (size_t)1U], zeta_0, zeta_1);
+  __m256i a = uu____0.fst;
+  __m256i b = uu____0.snd;
+  re[index] = a;
+  re[index + (size_t)1U] = b;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2(__m256i *re) {
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)0U, (int32_t)2706023, (int32_t)95776);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)2U, (int32_t)3077325, (int32_t)3530437);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)4U, (int32_t)-1661693, (int32_t)-3592148);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)6U, (int32_t)-2537516, (int32_t)3915439);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)8U, (int32_t)-3861115, (int32_t)-3043716);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)10U, (int32_t)3574422, (int32_t)-2867647);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)12U, (int32_t)3539968, (int32_t)-300467);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)14U, (int32_t)2348700, (int32_t)-539299);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)16U, (int32_t)-1699267, (int32_t)-1643818);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)18U, (int32_t)3505694, (int32_t)-3821735);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)20U, (int32_t)3507263, (int32_t)-2140649);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)22U, (int32_t)-1600420, (int32_t)3699596);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)24U, (int32_t)811944, (int32_t)531354);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)26U, (int32_t)954230, (int32_t)3881043);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)28U, (int32_t)3900724, (int32_t)-2556880);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2_round(
+      re, (size_t)30U, (int32_t)2071892, (int32_t)-2797779);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_ntt_butterfly_4(__m256i a, __m256i b, int32_t zeta_a0,
+                                         int32_t zeta_a1, int32_t zeta_b0,
+                                         int32_t zeta_b1) {
+  __m256i summands = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(a, b);
+  __m256i zeta_multiplicands =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(a, b);
+  __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi32(
+      zeta_b1, zeta_b1, zeta_a1, zeta_a1, zeta_b0, zeta_b0, zeta_a0, zeta_a0);
+  __m256i zeta_products =
+      libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+          zeta_multiplicands, zetas);
+  __m256i add_terms =
+      libcrux_ml_dsa_simd_avx2_arithmetic_add(summands, zeta_products);
+  __m256i sub_terms =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(summands, zeta_products);
+  __m256i a_out =
+      libcrux_intrinsics_avx2_mm256_unpacklo_epi64(add_terms, sub_terms);
+  __m256i b_out =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(add_terms, sub_terms);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = a_out, .snd = b_out});
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+    __m256i *re, size_t index, int32_t zeta_0, int32_t zeta_1, int32_t zeta_2,
+    int32_t zeta_3) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_ntt_butterfly_4(
+          re[index], re[index + (size_t)1U], zeta_0, zeta_1, zeta_2, zeta_3);
+  __m256i a = uu____0.fst;
+  __m256i b = uu____0.snd;
+  re[index] = a;
+  re[index + (size_t)1U] = b;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1(__m256i *re) {
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)0U, (int32_t)-3930395, (int32_t)-1528703, (int32_t)-3677745,
+      (int32_t)-3041255);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)2U, (int32_t)-1452451, (int32_t)3475950, (int32_t)2176455,
+      (int32_t)-1585221);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)4U, (int32_t)-1257611, (int32_t)1939314, (int32_t)-4083598,
+      (int32_t)-1000202);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)6U, (int32_t)-3190144, (int32_t)-3157330, (int32_t)-3632928,
+      (int32_t)126922);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)8U, (int32_t)3412210, (int32_t)-983419, (int32_t)2147896,
+      (int32_t)2715295);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)10U, (int32_t)-2967645, (int32_t)-3693493, (int32_t)-411027,
+      (int32_t)-2477047);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)12U, (int32_t)-671102, (int32_t)-1228525, (int32_t)-22981,
+      (int32_t)-1308169);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)14U, (int32_t)-381987, (int32_t)1349076, (int32_t)1852771,
+      (int32_t)-1430430);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)16U, (int32_t)-3343383, (int32_t)264944, (int32_t)508951,
+      (int32_t)3097992);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)18U, (int32_t)44288, (int32_t)-1100098, (int32_t)904516,
+      (int32_t)3958618);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)20U, (int32_t)-3724342, (int32_t)-8578, (int32_t)1653064,
+      (int32_t)-3249728);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)22U, (int32_t)2389356, (int32_t)-210977, (int32_t)759969,
+      (int32_t)-1316856);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)24U, (int32_t)189548, (int32_t)-3553272, (int32_t)3159746,
+      (int32_t)-1851402);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)26U, (int32_t)-2409325, (int32_t)-177440, (int32_t)1315589,
+      (int32_t)1341330);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)28U, (int32_t)1285669, (int32_t)-1584928, (int32_t)-812732,
+      (int32_t)-1439742);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1_round(
+      re, (size_t)30U, (int32_t)-3019102, (int32_t)-3881060, (int32_t)-3628969,
+      (int32_t)3839961);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_ntt_butterfly_2(__m256i a, __m256i b, int32_t zeta_a0,
+                                         int32_t zeta_a1, int32_t zeta_a2,
+                                         int32_t zeta_a3, int32_t zeta_b0,
+                                         int32_t zeta_b1, int32_t zeta_b2,
+                                         int32_t zeta_b3) {
+  __m256i a_shuffled =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)216, a, __m256i);
+  __m256i b_shuffled =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)216, b, __m256i);
+  __m256i summands =
+      libcrux_intrinsics_avx2_mm256_unpacklo_epi64(a_shuffled, b_shuffled);
+  __m256i zeta_multiplicands =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(a_shuffled, b_shuffled);
+  __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi32(
+      zeta_b3, zeta_b2, zeta_a3, zeta_a2, zeta_b1, zeta_b0, zeta_a1, zeta_a0);
+  __m256i zeta_products =
+      libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+          zeta_multiplicands, zetas);
+  __m256i add_terms =
+      libcrux_ml_dsa_simd_avx2_arithmetic_add(summands, zeta_products);
+  __m256i sub_terms =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(summands, zeta_products);
+  __m256i a_terms_shuffled =
+      libcrux_intrinsics_avx2_mm256_unpacklo_epi64(add_terms, sub_terms);
+  __m256i b_terms_shuffled =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(add_terms, sub_terms);
+  __m256i a_out = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
+      (int32_t)216, a_terms_shuffled, __m256i);
+  __m256i b_out = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
+      (int32_t)216, b_terms_shuffled, __m256i);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = a_out, .snd = b_out});
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+    __m256i *re, size_t index, int32_t zeta_0, int32_t zeta_1, int32_t zeta_2,
+    int32_t zeta_3, int32_t zeta_4, int32_t zeta_5, int32_t zeta_6,
+    int32_t zeta_7) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_ntt_butterfly_2(
+          re[index], re[index + (size_t)1U], zeta_0, zeta_1, zeta_2, zeta_3,
+          zeta_4, zeta_5, zeta_6, zeta_7);
+  __m256i a = uu____0.fst;
+  __m256i b = uu____0.snd;
+  re[index] = a;
+  re[index + (size_t)1U] = b;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0(__m256i *re) {
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)0U, (int32_t)2091667, (int32_t)3407706, (int32_t)2316500,
+      (int32_t)3817976, (int32_t)-3342478, (int32_t)2244091, (int32_t)-2446433,
+      (int32_t)-3562462);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)2U, (int32_t)266997, (int32_t)2434439, (int32_t)-1235728,
+      (int32_t)3513181, (int32_t)-3520352, (int32_t)-3759364, (int32_t)-1197226,
+      (int32_t)-3193378);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)4U, (int32_t)900702, (int32_t)1859098, (int32_t)909542,
+      (int32_t)819034, (int32_t)495491, (int32_t)-1613174, (int32_t)-43260,
+      (int32_t)-522500);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)6U, (int32_t)-655327, (int32_t)-3122442, (int32_t)2031748,
+      (int32_t)3207046, (int32_t)-3556995, (int32_t)-525098, (int32_t)-768622,
+      (int32_t)-3595838);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)8U, (int32_t)342297, (int32_t)286988, (int32_t)-2437823,
+      (int32_t)4108315, (int32_t)3437287, (int32_t)-3342277, (int32_t)1735879,
+      (int32_t)203044);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)10U, (int32_t)2842341, (int32_t)2691481, (int32_t)-2590150,
+      (int32_t)1265009, (int32_t)4055324, (int32_t)1247620, (int32_t)2486353,
+      (int32_t)1595974);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)12U, (int32_t)-3767016, (int32_t)1250494, (int32_t)2635921,
+      (int32_t)-3548272, (int32_t)-2994039, (int32_t)1869119, (int32_t)1903435,
+      (int32_t)-1050970);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)14U, (int32_t)-1333058, (int32_t)1237275, (int32_t)-3318210,
+      (int32_t)-1430225, (int32_t)-451100, (int32_t)1312455, (int32_t)3306115,
+      (int32_t)-1962642);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)16U, (int32_t)-1279661, (int32_t)1917081, (int32_t)-2546312,
+      (int32_t)-1374803, (int32_t)1500165, (int32_t)777191, (int32_t)2235880,
+      (int32_t)3406031);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)18U, (int32_t)-542412, (int32_t)-2831860, (int32_t)-1671176,
+      (int32_t)-1846953, (int32_t)-2584293, (int32_t)-3724270, (int32_t)594136,
+      (int32_t)-3776993);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)20U, (int32_t)-2013608, (int32_t)2432395, (int32_t)2454455,
+      (int32_t)-164721, (int32_t)1957272, (int32_t)3369112, (int32_t)185531,
+      (int32_t)-1207385);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)22U, (int32_t)-3183426, (int32_t)162844, (int32_t)1616392,
+      (int32_t)3014001, (int32_t)810149, (int32_t)1652634, (int32_t)-3694233,
+      (int32_t)-1799107);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)24U, (int32_t)-3038916, (int32_t)3523897, (int32_t)3866901,
+      (int32_t)269760, (int32_t)2213111, (int32_t)-975884, (int32_t)1717735,
+      (int32_t)472078);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)26U, (int32_t)-426683, (int32_t)1723600, (int32_t)-1803090,
+      (int32_t)1910376, (int32_t)-1667432, (int32_t)-1104333, (int32_t)-260646,
+      (int32_t)-3833893);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)28U, (int32_t)-2939036, (int32_t)-2235985, (int32_t)-420899,
+      (int32_t)-2286327, (int32_t)183443, (int32_t)-976891, (int32_t)1612842,
+      (int32_t)-3545687);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0_round(
+      re, (size_t)30U, (int32_t)-554416, (int32_t)3919660, (int32_t)-48306,
+      (int32_t)-1362209, (int32_t)3937738, (int32_t)1400424, (int32_t)-846154,
+      (int32_t)1976782);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_ntt_ntt(__m256i re[32U],
+                                                             __m256i ret[32U]) {
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_7_and_6(re);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_5_to_3(re);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_2(re);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_1(re);
+  libcrux_ml_dsa_simd_avx2_ntt_ntt_at_layer_0(re);
+  memcpy(ret, re, (size_t)32U * sizeof(__m256i));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i libcrux_ml_dsa_simd_avx2_ntt_closure_a2(__m256i **state,
+                                                              size_t i) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"unexpected / ill-typed projection\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_ntt_a2(
+    __m256i simd_units[32U], __m256i ret[32U]) {
+  __m256i re[32U];
+  for (size_t i = (size_t)0U; i < (size_t)32U; i++) {
+    re[i] = libcrux_intrinsics_avx2_mm256_setzero_si256();
+  }
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    re[i0] = simd_units[i0];
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  __m256i copy_of_re[32U];
+  memcpy(copy_of_re, re, (size_t)32U * sizeof(__m256i));
+  __m256i result[32U];
+  libcrux_ml_dsa_simd_avx2_ntt_ntt(copy_of_re, result);
+  __m256i ret0[32U];
+  for (size_t i = (size_t)0U; i < (size_t)32U; i++) {
+    ret0[i] = KRML_EABORT(
+        __m256i,
+        "Eurydice error: Failure(\"unexpected / ill-typed projection\")\n");
+  }
+  memcpy(ret, ret0, (size_t)32U * sizeof(__m256i));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_invntt_simd_unit_invert_ntt_at_layer_0(
+    __m256i simd_unit0, __m256i simd_unit1, int32_t zeta00, int32_t zeta01,
+    int32_t zeta02, int32_t zeta03, int32_t zeta10, int32_t zeta11,
+    int32_t zeta12, int32_t zeta13) {
+  __m256i a_shuffled0 = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
+      (int32_t)216, simd_unit0, __m256i);
+  __m256i b_shuffled0 = libcrux_intrinsics_avx2_mm256_shuffle_epi32(
+      (int32_t)216, simd_unit1, __m256i);
+  __m256i lo_values =
+      libcrux_intrinsics_avx2_mm256_unpacklo_epi64(a_shuffled0, b_shuffled0);
+  __m256i hi_values =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(a_shuffled0, b_shuffled0);
+  __m256i sums = libcrux_ml_dsa_simd_avx2_arithmetic_add(lo_values, hi_values);
+  __m256i differences =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(hi_values, lo_values);
+  __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi32(
+      zeta13, zeta12, zeta03, zeta02, zeta11, zeta10, zeta01, zeta00);
+  __m256i products = libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+      differences, zetas);
+  __m256i a_shuffled =
+      libcrux_intrinsics_avx2_mm256_unpacklo_epi64(sums, products);
+  __m256i b_shuffled =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(sums, products);
+  __m256i a = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)216,
+                                                          a_shuffled, __m256i);
+  __m256i b = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)216,
+                                                          b_shuffled, __m256i);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = a, .snd = b});
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+    __m256i *re, size_t index, int32_t zeta00, int32_t zeta01, int32_t zeta02,
+    int32_t zeta03, int32_t zeta10, int32_t zeta11, int32_t zeta12,
+    int32_t zeta13) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_invntt_simd_unit_invert_ntt_at_layer_0(
+          re[index], re[index + (size_t)1U], zeta00, zeta01, zeta02, zeta03,
+          zeta10, zeta11, zeta12, zeta13);
+  __m256i lhs0 = uu____0.fst;
+  __m256i lhs = uu____0.snd;
+  re[index] = lhs0;
+  re[index + (size_t)1U] = lhs;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)0U, (int32_t)1976782, (int32_t)-846154, (int32_t)1400424,
+      (int32_t)3937738, (int32_t)-1362209, (int32_t)-48306, (int32_t)3919660,
+      (int32_t)-554416);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)2U, (int32_t)-3545687, (int32_t)1612842, (int32_t)-976891,
+      (int32_t)183443, (int32_t)-2286327, (int32_t)-420899, (int32_t)-2235985,
+      (int32_t)-2939036);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)4U, (int32_t)-3833893, (int32_t)-260646, (int32_t)-1104333,
+      (int32_t)-1667432, (int32_t)1910376, (int32_t)-1803090, (int32_t)1723600,
+      (int32_t)-426683);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)6U, (int32_t)472078, (int32_t)1717735, (int32_t)-975884,
+      (int32_t)2213111, (int32_t)269760, (int32_t)3866901, (int32_t)3523897,
+      (int32_t)-3038916);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)8U, (int32_t)-1799107, (int32_t)-3694233, (int32_t)1652634,
+      (int32_t)810149, (int32_t)3014001, (int32_t)1616392, (int32_t)162844,
+      (int32_t)-3183426);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)10U, (int32_t)-1207385, (int32_t)185531, (int32_t)3369112,
+      (int32_t)1957272, (int32_t)-164721, (int32_t)2454455, (int32_t)2432395,
+      (int32_t)-2013608);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)12U, (int32_t)-3776993, (int32_t)594136, (int32_t)-3724270,
+      (int32_t)-2584293, (int32_t)-1846953, (int32_t)-1671176,
+      (int32_t)-2831860, (int32_t)-542412);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)14U, (int32_t)3406031, (int32_t)2235880, (int32_t)777191,
+      (int32_t)1500165, (int32_t)-1374803, (int32_t)-2546312, (int32_t)1917081,
+      (int32_t)-1279661);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)16U, (int32_t)-1962642, (int32_t)3306115, (int32_t)1312455,
+      (int32_t)-451100, (int32_t)-1430225, (int32_t)-3318210, (int32_t)1237275,
+      (int32_t)-1333058);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)18U, (int32_t)-1050970, (int32_t)1903435, (int32_t)1869119,
+      (int32_t)-2994039, (int32_t)-3548272, (int32_t)2635921, (int32_t)1250494,
+      (int32_t)-3767016);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)20U, (int32_t)1595974, (int32_t)2486353, (int32_t)1247620,
+      (int32_t)4055324, (int32_t)1265009, (int32_t)-2590150, (int32_t)2691481,
+      (int32_t)2842341);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)22U, (int32_t)203044, (int32_t)1735879, (int32_t)-3342277,
+      (int32_t)3437287, (int32_t)4108315, (int32_t)-2437823, (int32_t)286988,
+      (int32_t)342297);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)24U, (int32_t)-3595838, (int32_t)-768622, (int32_t)-525098,
+      (int32_t)-3556995, (int32_t)3207046, (int32_t)2031748, (int32_t)-3122442,
+      (int32_t)-655327);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)26U, (int32_t)-522500, (int32_t)-43260, (int32_t)-1613174,
+      (int32_t)495491, (int32_t)819034, (int32_t)909542, (int32_t)1859098,
+      (int32_t)900702);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)28U, (int32_t)-3193378, (int32_t)-1197226, (int32_t)-3759364,
+      (int32_t)-3520352, (int32_t)3513181, (int32_t)-1235728, (int32_t)2434439,
+      (int32_t)266997);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)30U, (int32_t)-3562462, (int32_t)-2446433, (int32_t)2244091,
+      (int32_t)-3342478, (int32_t)3817976, (int32_t)2316500, (int32_t)3407706,
+      (int32_t)2091667);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_invntt_simd_unit_invert_ntt_at_layer_1(
+    __m256i simd_unit0, __m256i simd_unit1, int32_t zeta00, int32_t zeta01,
+    int32_t zeta10, int32_t zeta11) {
+  __m256i lo_values =
+      libcrux_intrinsics_avx2_mm256_unpacklo_epi64(simd_unit0, simd_unit1);
+  __m256i hi_values =
+      libcrux_intrinsics_avx2_mm256_unpackhi_epi64(simd_unit0, simd_unit1);
+  __m256i sums = libcrux_ml_dsa_simd_avx2_arithmetic_add(lo_values, hi_values);
+  __m256i differences =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(hi_values, lo_values);
+  __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi32(
+      zeta11, zeta11, zeta01, zeta01, zeta10, zeta10, zeta00, zeta00);
+  __m256i products = libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+      differences, zetas);
+  __m256i a = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(sums, products);
+  __m256i b = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(sums, products);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = a, .snd = b});
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+    __m256i *re, size_t index, int32_t zeta_00, int32_t zeta_01,
+    int32_t zeta_10, int32_t zeta_11) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_invntt_simd_unit_invert_ntt_at_layer_1(
+          re[index], re[index + (size_t)1U], zeta_00, zeta_01, zeta_10,
+          zeta_11);
+  __m256i lhs0 = uu____0.fst;
+  __m256i lhs = uu____0.snd;
+  re[index] = lhs0;
+  re[index + (size_t)1U] = lhs;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)0U, (int32_t)3839961, (int32_t)-3628969, (int32_t)-3881060,
+      (int32_t)-3019102);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)2U, (int32_t)-1439742, (int32_t)-812732, (int32_t)-1584928,
+      (int32_t)1285669);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)4U, (int32_t)1341330, (int32_t)1315589, (int32_t)-177440,
+      (int32_t)-2409325);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)6U, (int32_t)-1851402, (int32_t)3159746, (int32_t)-3553272,
+      (int32_t)189548);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)8U, (int32_t)-1316856, (int32_t)759969, (int32_t)-210977,
+      (int32_t)2389356);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)10U, (int32_t)-3249728, (int32_t)1653064, (int32_t)-8578,
+      (int32_t)-3724342);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)12U, (int32_t)3958618, (int32_t)904516, (int32_t)-1100098,
+      (int32_t)44288);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)14U, (int32_t)3097992, (int32_t)508951, (int32_t)264944,
+      (int32_t)-3343383);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)16U, (int32_t)-1430430, (int32_t)1852771, (int32_t)1349076,
+      (int32_t)-381987);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)18U, (int32_t)-1308169, (int32_t)-22981, (int32_t)-1228525,
+      (int32_t)-671102);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)20U, (int32_t)-2477047, (int32_t)-411027, (int32_t)-3693493,
+      (int32_t)-2967645);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)22U, (int32_t)2715295, (int32_t)2147896, (int32_t)-983419,
+      (int32_t)3412210);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)24U, (int32_t)126922, (int32_t)-3632928, (int32_t)-3157330,
+      (int32_t)-3190144);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)26U, (int32_t)-1000202, (int32_t)-4083598, (int32_t)1939314,
+      (int32_t)-1257611);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)28U, (int32_t)-1585221, (int32_t)2176455, (int32_t)3475950,
+      (int32_t)-1452451);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)30U, (int32_t)-3041255, (int32_t)-3677745, (int32_t)-1528703,
+      (int32_t)-3930395);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_invntt_simd_unit_invert_ntt_at_layer_2(
+    __m256i simd_unit0, __m256i simd_unit1, int32_t zeta0, int32_t zeta1) {
+  __m256i lo_values = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+      (int32_t)32, simd_unit0, simd_unit1, __m256i);
+  __m256i hi_values = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+      (int32_t)49, simd_unit0, simd_unit1, __m256i);
+  __m256i sums = libcrux_ml_dsa_simd_avx2_arithmetic_add(lo_values, hi_values);
+  __m256i differences =
+      libcrux_ml_dsa_simd_avx2_arithmetic_subtract(hi_values, lo_values);
+  __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi32(
+      zeta1, zeta1, zeta1, zeta1, zeta0, zeta0, zeta0, zeta0);
+  __m256i products = libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply(
+      differences, zetas);
+  __m256i a = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+      (int32_t)32, sums, products, __m256i);
+  __m256i b = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+      (int32_t)49, sums, products, __m256i);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = a, .snd = b});
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(__m256i *re,
+                                                            size_t index,
+                                                            int32_t zeta1,
+                                                            int32_t zeta2) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_invntt_simd_unit_invert_ntt_at_layer_2(
+          re[index], re[index + (size_t)1U], zeta1, zeta2);
+  __m256i lhs0 = uu____0.fst;
+  __m256i lhs = uu____0.snd;
+  re[index] = lhs0;
+  re[index + (size_t)1U] = lhs;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)0U, (int32_t)-2797779, (int32_t)2071892);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)2U, (int32_t)-2556880, (int32_t)3900724);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)4U, (int32_t)3881043, (int32_t)954230);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)6U, (int32_t)531354, (int32_t)811944);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)8U, (int32_t)3699596, (int32_t)-1600420);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)10U, (int32_t)-2140649, (int32_t)3507263);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)12U, (int32_t)-3821735, (int32_t)3505694);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)14U, (int32_t)-1643818, (int32_t)-1699267);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)16U, (int32_t)-539299, (int32_t)2348700);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)18U, (int32_t)-300467, (int32_t)3539968);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)20U, (int32_t)-2867647, (int32_t)3574422);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)22U, (int32_t)-3043716, (int32_t)-3861115);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)24U, (int32_t)3915439, (int32_t)-2537516);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)26U, (int32_t)-3592148, (int32_t)-1661693);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)28U, (int32_t)3530437, (int32_t)3077325);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)30U, (int32_t)95776, (int32_t)2706023);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+    __m256i lhs, int32_t constant) {
+  __m256i rhs = libcrux_intrinsics_avx2_mm256_set1_epi32(constant);
+  __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
+      LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  __m256i inverse_of_modulus_mod_montgomery_r =
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          (int32_t)
+              LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R);
+  __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epi32(lhs, rhs);
+  __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i),
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i));
+  __m256i k02 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      prod02, inverse_of_modulus_mod_montgomery_r);
+  __m256i k13 = libcrux_intrinsics_avx2_mm256_mul_epi32(
+      prod13, inverse_of_modulus_mod_montgomery_r);
+  __m256i c02 = libcrux_intrinsics_avx2_mm256_mul_epi32(k02, field_modulus);
+  __m256i c13 = libcrux_intrinsics_avx2_mm256_mul_epi32(k13, field_modulus);
+  __m256i res02 = libcrux_intrinsics_avx2_mm256_sub_epi32(prod02, c02);
+  __m256i res13 = libcrux_intrinsics_avx2_mm256_sub_epi32(prod13, c13);
+  __m256i res02_shifted =
+      libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, res02, __m256i);
+  return libcrux_intrinsics_avx2_mm256_blend_epi32((int32_t)170, res02_shifted,
+                                                   res13, __m256i);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 1
+- ZETA= 280005
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_99(
+    __m256i *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)280005);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 2
+- STEP_BY= 1
+- ZETA= 4010497
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_1c(
+    __m256i *re) {
+  for (size_t i = (size_t)2U; i < (size_t)2U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)4010497);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 4
+- STEP_BY= 1
+- ZETA= -19422
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_6b(
+    __m256i *re) {
+  for (size_t i = (size_t)4U; i < (size_t)4U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-19422);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 6
+- STEP_BY= 1
+- ZETA= 1757237
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_44(
+    __m256i *re) {
+  for (size_t i = (size_t)6U; i < (size_t)6U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)1757237);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 1
+- ZETA= -3277672
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a8(
+    __m256i *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-3277672);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 10
+- STEP_BY= 1
+- ZETA= -1399561
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_1f(
+    __m256i *re) {
+  for (size_t i = (size_t)10U; i < (size_t)10U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-1399561);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 12
+- STEP_BY= 1
+- ZETA= -3859737
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_95(
+    __m256i *re) {
+  for (size_t i = (size_t)12U; i < (size_t)12U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-3859737);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 14
+- STEP_BY= 1
+- ZETA= -2118186
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3b(
+    __m256i *re) {
+  for (size_t i = (size_t)14U; i < (size_t)14U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2118186);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 1
+- ZETA= -2108549
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a(
+    __m256i *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2108549);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 18
+- STEP_BY= 1
+- ZETA= 2619752
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_e4(
+    __m256i *re) {
+  for (size_t i = (size_t)18U; i < (size_t)18U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2619752);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 20
+- STEP_BY= 1
+- ZETA= -1119584
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_de(
+    __m256i *re) {
+  for (size_t i = (size_t)20U; i < (size_t)20U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-1119584);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 22
+- STEP_BY= 1
+- ZETA= -549488
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_05(
+    __m256i *re) {
+  for (size_t i = (size_t)22U; i < (size_t)22U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-549488);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 1
+- ZETA= 3585928
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_d9(
+    __m256i *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)3585928);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 26
+- STEP_BY= 1
+- ZETA= -1079900
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3a(
+    __m256i *re) {
+  for (size_t i = (size_t)26U; i < (size_t)26U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-1079900);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 28
+- STEP_BY= 1
+- ZETA= 1024112
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3b0(
+    __m256i *re) {
+  for (size_t i = (size_t)28U; i < (size_t)28U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)1024112);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 30
+- STEP_BY= 1
+- ZETA= 2725464
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a0(
+    __m256i *re) {
+  for (size_t i = (size_t)30U; i < (size_t)30U + (size_t)1U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)1U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)1U]);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2725464);
+  }
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_3(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_99(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_1c(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_6b(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_44(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a8(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_1f(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_95(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3b(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_e4(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_de(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_05(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_d9(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3a(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3b0(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a0(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 2
+- ZETA= 2680103
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_990(
+    __m256i *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2680103);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 4
+- STEP_BY= 2
+- ZETA= 3111497
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_6b0(
+    __m256i *re) {
+  for (size_t i = (size_t)4U; i < (size_t)4U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)3111497);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 2
+- ZETA= -2884855
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a80(
+    __m256i *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2884855);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 12
+- STEP_BY= 2
+- ZETA= 3119733
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_950(
+    __m256i *re) {
+  for (size_t i = (size_t)12U; i < (size_t)12U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)3119733);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 2
+- ZETA= -2091905
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a0(
+    __m256i *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2091905);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 20
+- STEP_BY= 2
+- ZETA= -359251
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_de0(
+    __m256i *re) {
+  for (size_t i = (size_t)20U; i < (size_t)20U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-359251);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 2
+- ZETA= 2353451
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_d90(
+    __m256i *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2353451);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 28
+- STEP_BY= 2
+- ZETA= 1826347
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3b1(
+    __m256i *re) {
+  for (size_t i = (size_t)28U; i < (size_t)28U + (size_t)2U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)2U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)2U]);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)1826347);
+  }
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_4(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_990(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_6b0(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a80(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_950(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a0(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_de0(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_d90(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_3b1(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 4
+- ZETA= 466468
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_991(
+    __m256i *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)4U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)4U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)4U]);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)466468);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 4
+- ZETA= -876248
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a81(
+    __m256i *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)4U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)4U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)4U]);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-876248);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 4
+- ZETA= -777960
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a1(
+    __m256i *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)4U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)4U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)4U]);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-777960);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 4
+- ZETA= 237124
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_d91(
+    __m256i *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)4U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)4U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)4U]);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)237124);
+  }
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_5(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_991(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_a81(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a1(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_d91(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 8
+- ZETA= -518909
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_992(
+    __m256i *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)8U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)8U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)8U]);
+    re[j + (size_t)8U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-518909);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 8
+- ZETA= -2608894
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a2(
+    __m256i *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)8U; i++) {
+    size_t j = i;
+    __m256i a_minus_b =
+        libcrux_ml_dsa_simd_avx2_arithmetic_subtract(re[j + (size_t)8U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)8U]);
+    re[j + (size_t)8U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2608894);
+  }
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_6(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_992(re);
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_7a2(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 16
+- ZETA= 25847
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_993(
+    __m256i *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)16U; i++) {
+    size_t j = i;
+    __m256i a_minus_b = libcrux_ml_dsa_simd_avx2_arithmetic_subtract(
+        re[j + (size_t)16U], re[j]);
+    re[j] = libcrux_ml_dsa_simd_avx2_arithmetic_add(re[j], re[j + (size_t)16U]);
+    re[j + (size_t)16U] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)25847);
+  }
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_7(
+    __m256i *re) {
+  libcrux_ml_dsa_simd_avx2_invntt_outer_3_plus_993(re);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_montgomery(__m256i re[32U],
+                                                      __m256i ret[32U]) {
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_0(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_1(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_2(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_3(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_4(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_5(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_6(re);
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_at_layer_7(re);
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)32U, re, __m256i),
+                              __m256i);
+       i++) {
+    size_t i0 = i;
+    re[i0] =
+        libcrux_ml_dsa_simd_avx2_arithmetic_montgomery_multiply_by_constant(
+            re[i0], (int32_t)41978);
+  }
+  memcpy(ret, re, (size_t)32U * sizeof(__m256i));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i libcrux_ml_dsa_simd_avx2_invert_ntt_montgomery_closure_a2(
+    __m256i **state, size_t i) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"unexpected / ill-typed projection\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invert_ntt_montgomery_a2(
+    __m256i simd_units[32U], __m256i ret[32U]) {
+  __m256i re[32U];
+  for (size_t i = (size_t)0U; i < (size_t)32U; i++) {
+    re[i] = libcrux_intrinsics_avx2_mm256_setzero_si256();
+  }
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    re[i0] = simd_units[i0];
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  __m256i copy_of_re[32U];
+  memcpy(copy_of_re, re, (size_t)32U * sizeof(__m256i));
+  __m256i result[32U];
+  libcrux_ml_dsa_simd_avx2_invntt_invert_ntt_montgomery(copy_of_re, result);
+  __m256i ret0[32U];
+  for (size_t i = (size_t)0U; i < (size_t)32U; i++) {
+    ret0[i] = KRML_EABORT(
+        __m256i,
+        "Eurydice error: Failure(\"unexpected / ill-typed projection\")\n");
+  }
+  memcpy(ret, ret0, (size_t)32U * sizeof(__m256i));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.PolynomialRingElement
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+
+*/
+typedef struct libcrux_ml_dsa_polynomial_PolynomialRingElement_24_s {
+  __m256i simd_units[32U];
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_24;
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.ZERO_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_polynomial_ZERO_ff_ea(void) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 lit;
+  lit.simd_units[0U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[1U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[2U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[3U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[4U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[5U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[6U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[7U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[8U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[9U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[10U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[11U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[12U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[13U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[14U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[15U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[16U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[17U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[18U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[19U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[20U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[21U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[22U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[23U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[24U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[25U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[26U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[27U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[28U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[29U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[30U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  lit.simd_units[31U] = libcrux_ml_dsa_simd_avx2_ZERO_a2();
+  return lit;
+}
+
+typedef struct
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 thd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f3;
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4;
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)24U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice random_bytes = uu____0.f0;
+      if (!done) {
+        Eurydice_slice uu____1 = random_bytes;
+        size_t sampled =
+            libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2(
+                uu____1, Eurydice_array_to_subslice_from(
+                             (size_t)263U, out, sampled_coefficients[0U],
+                             int32_t, size_t));
+        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+        if (sampled_coefficients[0U] >=
+            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+          done = true;
+        }
+      }
+    }
+  }
+  return done;
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
+  core_slice_iter_Chunks array_chunks = core_slice___Slice_T___chunks(
+      array, LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, int32_t,
+      core_slice_iter_Chunks);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    __m256i uu____0 = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
+        core_option__core__option__Option_T__TraitClause_0___unwrap(
+            core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+                &array_chunks, int32_t, Option_93),
+            Eurydice_slice, Eurydice_slice));
+    result.simd_units[i0] = uu____0;
+  }
+  return result;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+libcrux_ml_dsa_sample_sample_four_ring_elements_ea(uint8_t seed0[34U],
+                                                   uint16_t domain_separator0,
+                                                   uint16_t domain_separator1,
+                                                   uint16_t domain_seperator2,
+                                                   uint16_t domain_separator3) {
+  seed0[32U] = (uint8_t)domain_separator0;
+  seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
+  uint8_t seed1[34U];
+  memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t));
+  seed1[32U] = (uint8_t)domain_separator1;
+  seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
+  uint8_t seed2[34U];
+  memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
+  seed2[32U] = (uint8_t)domain_seperator2;
+  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  uint8_t seed3[34U];
+  memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
+  seed3[32U] = (uint8_t)domain_separator3;
+  seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
+  libcrux_ml_dsa_hash_functions_portable_Shake128X4 state =
+      libcrux_ml_dsa_hash_functions_portable_init_absorb_ed(
+          Eurydice_array_to_slice((size_t)34U, seed0, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed1, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
+  uint8_t randomness0[840U] = {0U};
+  uint8_t randomness1[840U] = {0U};
+  uint8_t randomness2[840U] = {0U};
+  uint8_t randomness3[840U] = {0U};
+  libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
+      &state, randomness0, randomness1, randomness2, randomness3);
+  int32_t coefficients0[263U] = {0U};
+  int32_t coefficients1[263U] = {0U};
+  int32_t coefficients2[263U] = {0U};
+  int32_t coefficients3[263U] = {0U};
+  size_t sampled0 = (size_t)0U;
+  size_t sampled1 = (size_t)0U;
+  size_t sampled2 = (size_t)0U;
+  size_t sampled3 = (size_t)0U;
+  bool done0 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, randomness0, uint8_t),
+          &sampled0, coefficients0);
+  bool done1 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, randomness1, uint8_t),
+          &sampled1, coefficients1);
+  bool done2 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, randomness2, uint8_t),
+          &sampled2, coefficients2);
+  bool done3 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, randomness3, uint8_t),
+          &sampled3, coefficients3);
+  while (true) {
+    if (done0) {
+      if (done1) {
+        if (done2) {
+          if (done3) {
+            break;
+          } else {
+            uint8_t_168size_t__x4 randomnesses =
+                libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                    &state);
+            if (!done0) {
+              done0 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                              uint8_t),
+                      &sampled0, coefficients0);
+            }
+            if (!done1) {
+              done1 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                              uint8_t),
+                      &sampled1, coefficients1);
+            }
+            if (!done2) {
+              done2 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                              uint8_t),
+                      &sampled2, coefficients2);
+            }
+            if (!done3) {
+              done3 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                              uint8_t),
+                      &sampled3, coefficients3);
+            }
+          }
+        } else {
+          uint8_t_168size_t__x4 randomnesses =
+              libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                  &state);
+          if (!done0) {
+            done0 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                            uint8_t),
+                    &sampled0, coefficients0);
+          }
+          if (!done1) {
+            done1 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                            uint8_t),
+                    &sampled1, coefficients1);
+          }
+          if (!done2) {
+            done2 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                            uint8_t),
+                    &sampled2, coefficients2);
+          }
+          if (!done3) {
+            done3 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                            uint8_t),
+                    &sampled3, coefficients3);
+          }
+        }
+      } else {
+        uint8_t_168size_t__x4 randomnesses =
+            libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                &state);
+        if (!done0) {
+          done0 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                          uint8_t),
+                  &sampled0, coefficients0);
+        }
+        if (!done1) {
+          done1 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                          uint8_t),
+                  &sampled1, coefficients1);
+        }
+        if (!done2) {
+          done2 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                          uint8_t),
+                  &sampled2, coefficients2);
+        }
+        if (!done3) {
+          done3 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                          uint8_t),
+                  &sampled3, coefficients3);
+        }
+      }
+    } else {
+      uint8_t_168size_t__x4 randomnesses =
+          libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state);
+      if (!done0) {
+        done0 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                        uint8_t),
+                &sampled0, coefficients0);
+      }
+      if (!done1) {
+        done1 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                        uint8_t),
+                &sampled1, coefficients1);
+      }
+      if (!done2) {
+        done2 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                        uint8_t),
+                &sampled2, coefficients2);
+      }
+      if (!done3) {
+        done3 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
+                &sampled3, coefficients3);
+      }
+    }
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+          Eurydice_array_to_slice((size_t)263U, coefficients0, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+          Eurydice_array_to_slice((size_t)263U, coefficients1, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+          Eurydice_array_to_slice((size_t)263U, coefficients2, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      lit;
+  lit.fst = uu____0;
+  lit.snd = uu____1;
+  lit.thd = uu____2;
+  lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+      Eurydice_array_to_slice((size_t)263U, coefficients3, int32_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.update_matrix
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_samplex4_update_matrix_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*m)[5U], size_t i,
+    size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_24 v) {
+  m[i][j] = v;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_4_by_4
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_4_by_4_fe(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U,
+                                           four_ring_elements.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U,
+                                           four_ring_elements.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U,
+                                           four_ring_elements.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U,
+                                           four_ring_elements.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed0,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U,
+                                           four_ring_elements0.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U,
+                                           four_ring_elements0.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U,
+                                           four_ring_elements0.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U,
+                                           four_ring_elements0.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed1,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U,
+                                           four_ring_elements1.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U,
+                                           four_ring_elements1.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U,
+                                           four_ring_elements1.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U,
+                                           four_ring_elements1.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed2,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U,
+                                           four_ring_elements2.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U,
+                                           four_ring_elements2.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U,
+                                           four_ring_elements2.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U,
+                                           four_ring_elements2.f3);
+  memcpy(ret, A,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_6_by_5
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_fe(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U,
+                                           four_ring_elements.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U,
+                                           four_ring_elements.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U,
+                                           four_ring_elements.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U,
+                                           four_ring_elements.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed0,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)4U,
+                                           four_ring_elements0.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U,
+                                           four_ring_elements0.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U,
+                                           four_ring_elements0.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U,
+                                           four_ring_elements0.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed1,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U,
+                                           four_ring_elements1.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)4U,
+                                           four_ring_elements1.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U,
+                                           four_ring_elements1.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U,
+                                           four_ring_elements1.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed2,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U,
+                                           four_ring_elements2.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U,
+                                           four_ring_elements2.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)4U,
+                                           four_ring_elements2.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U,
+                                           four_ring_elements2.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[34U];
+  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed3,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U,
+                                           four_ring_elements3.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U,
+                                           four_ring_elements3.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U,
+                                           four_ring_elements3.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)4U,
+                                           four_ring_elements3.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed4[34U];
+  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed4,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)0U,
+                                           four_ring_elements4.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)1U,
+                                           four_ring_elements4.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)2U,
+                                           four_ring_elements4.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)3U,
+                                           four_ring_elements4.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed5[34U];
+  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed5,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)4U,
+                                           four_ring_elements5.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)0U,
+                                           four_ring_elements5.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)1U,
+                                           four_ring_elements5.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)2U,
+                                           four_ring_elements5.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed6[34U];
+  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed6,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)3U,
+                                           four_ring_elements6.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)4U,
+                                           four_ring_elements6.snd);
+  memcpy(ret, A,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_8_by_7
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U,
+                                           four_ring_elements.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U,
+                                           four_ring_elements.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U,
+                                           four_ring_elements.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U,
+                                           four_ring_elements.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed0,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)4U,
+                                           four_ring_elements0.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)5U,
+                                           four_ring_elements0.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)6U,
+                                           four_ring_elements0.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U,
+                                           four_ring_elements0.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed1,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U,
+                                           four_ring_elements1.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U,
+                                           four_ring_elements1.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U,
+                                           four_ring_elements1.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)4U,
+                                           four_ring_elements1.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed2,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)5U,
+                                           four_ring_elements2.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)6U,
+                                           four_ring_elements2.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U,
+                                           four_ring_elements2.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U,
+                                           four_ring_elements2.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[34U];
+  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed3,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 5U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U,
+                                           four_ring_elements3.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U,
+                                           four_ring_elements3.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)4U,
+                                           four_ring_elements3.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)5U,
+                                           four_ring_elements3.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed4[34U];
+  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed4,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)6U,
+                                           four_ring_elements4.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U,
+                                           four_ring_elements4.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U,
+                                           four_ring_elements4.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U,
+                                           four_ring_elements4.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed5[34U];
+  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed5,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 6U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U,
+                                           four_ring_elements5.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)4U,
+                                           four_ring_elements5.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)5U,
+                                           four_ring_elements5.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)6U,
+                                           four_ring_elements5.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed6[34U];
+  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed6,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)0U,
+                                           four_ring_elements6.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)1U,
+                                           four_ring_elements6.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)2U,
+                                           four_ring_elements6.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)3U,
+                                           four_ring_elements6.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed7[34U];
+  memcpy(copy_of_seed7, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements7 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed7,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)4U,
+                                           four_ring_elements7.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)5U,
+                                           four_ring_elements7.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)6U,
+                                           four_ring_elements7.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)0U,
+                                           four_ring_elements7.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed8[34U];
+  memcpy(copy_of_seed8, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements8 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed8,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)1U,
+                                           four_ring_elements8.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)2U,
+                                           four_ring_elements8.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)3U,
+                                           four_ring_elements8.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)4U,
+                                           four_ring_elements8.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed9[34U];
+  memcpy(copy_of_seed9, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements9 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed9,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 1U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)5U,
+                                           four_ring_elements9.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)6U,
+                                           four_ring_elements9.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)0U,
+                                           four_ring_elements9.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)1U,
+                                           four_ring_elements9.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed10[34U];
+  memcpy(copy_of_seed10, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements10 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed10,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 5U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)2U,
+                                           four_ring_elements10.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)3U,
+                                           four_ring_elements10.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)4U,
+                                           four_ring_elements10.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)5U,
+                                           four_ring_elements10.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed11[34U];
+  memcpy(copy_of_seed11, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements11 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed11,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)6U,
+                                           four_ring_elements11.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)0U,
+                                           four_ring_elements11.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)1U,
+                                           four_ring_elements11.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)2U,
+                                           four_ring_elements11.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed12[34U];
+  memcpy(copy_of_seed12, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four_ring_elements12 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
+          copy_of_seed12,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 6U));
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)3U,
+                                           four_ring_elements12.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)4U,
+                                           four_ring_elements12.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)5U,
+                                           four_ring_elements12.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)6U,
+                                           four_ring_elements12.f3);
+  memcpy(ret, A,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
+  uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)6U, .snd = (uint8_t)(size_t)5U};
+  switch (uu____0.fst) {
+    case 4U: {
+      switch (uu____0.snd) {
+        case 4U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[34U];
+          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
+          libcrux_ml_dsa_samplex4_matrix_A_4_by_4_fe(copy_of_seed, ret0);
+          memcpy(
+              ret, ret0,
+              (size_t)6U *
+                  sizeof(
+                      libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+          return;
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 6U: {
+      switch (uu____0.snd) {
+        case 5U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[34U];
+          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
+          libcrux_ml_dsa_samplex4_matrix_A_6_by_5_fe(copy_of_seed, ret0);
+          memcpy(
+              ret, ret0,
+              (size_t)6U *
+                  sizeof(
+                      libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+          return;
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 8U: {
+      switch (uu____0.snd) {
+        case 7U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[34U];
+          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
+          libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe(copy_of_seed, ret0);
+          memcpy(
+              ret, ret0,
+              (size_t)6U *
+                  sizeof(
+                      libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+          return;
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    default: {
+    }
+  }
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of K.
+with types libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[6size_t]
+
+*/
+typedef struct tuple_ce0_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst[5U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd[6U];
+} tuple_ce0;
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_2 with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_2_ea(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice random_bytes = uu____0.f0;
+      if (!done) {
+        Eurydice_slice uu____1 = random_bytes;
+        size_t sampled =
+            libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_2_a2(
+                uu____1, Eurydice_array_to_subslice_from(
+                             (size_t)263U, out, sampled_coefficients[0U],
+                             int32_t, size_t));
+        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+        if (sampled_coefficients[0U] >=
+            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+          done = true;
+        }
+      }
+    }
+  }
+  return done;
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_4 with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_4_ea(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice random_bytes = uu____0.f0;
+      if (!done) {
+        Eurydice_slice uu____1 = random_bytes;
+        size_t sampled =
+            libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_4_a2(
+                uu____1, Eurydice_array_to_subslice_from(
+                             (size_t)263U, out, sampled_coefficients[0U],
+                             int32_t, size_t));
+        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+        if (sampled_coefficients[0U] >=
+            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+          done = true;
+        }
+      }
+    }
+  }
+  return done;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.rejection_sample_less_than_eta
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+    Eurydice_slice randomness, size_t *sampled, int32_t *out) {
+  return libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_4_ea(
+      randomness, sampled, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+    libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+        uint8_t seed_base[66U], uint16_t domain_separator0,
+        uint16_t domain_separator1, uint16_t domain_seperator2,
+        uint16_t domain_separator3) {
+  uint8_t seed0[66U];
+  memcpy(seed0, seed_base, (size_t)66U * sizeof(uint8_t));
+  seed0[64U] = (uint8_t)domain_separator0;
+  seed0[65U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
+  uint8_t seed1[66U];
+  memcpy(seed1, seed0, (size_t)66U * sizeof(uint8_t));
+  seed1[64U] = (uint8_t)domain_separator1;
+  seed1[65U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
+  uint8_t seed2[66U];
+  memcpy(seed2, seed0, (size_t)66U * sizeof(uint8_t));
+  seed2[64U] = (uint8_t)domain_seperator2;
+  seed2[65U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  uint8_t seed3[66U];
+  memcpy(seed3, seed0, (size_t)66U * sizeof(uint8_t));
+  seed3[64U] = (uint8_t)domain_separator3;
+  seed3[65U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
+  libcrux_sha3_avx2_x4_incremental_KeccakState state =
+      libcrux_ml_dsa_hash_functions_simd256_init_absorb_x4_fb(
+          Eurydice_array_to_slice((size_t)66U, seed0, uint8_t),
+          Eurydice_array_to_slice((size_t)66U, seed1, uint8_t),
+          Eurydice_array_to_slice((size_t)66U, seed2, uint8_t),
+          Eurydice_array_to_slice((size_t)66U, seed3, uint8_t));
+  uint8_t_136size_t__x4 randomnesses0 =
+      libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_x4_fb(&state);
+  int32_t out0[263U] = {0U};
+  int32_t out1[263U] = {0U};
+  int32_t out2[263U] = {0U};
+  int32_t out3[263U] = {0U};
+  size_t sampled0 = (size_t)0U;
+  size_t sampled1 = (size_t)0U;
+  size_t sampled2 = (size_t)0U;
+  size_t sampled3 = (size_t)0U;
+  bool done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.fst, uint8_t),
+      &sampled0, out0);
+  bool done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.snd, uint8_t),
+      &sampled1, out1);
+  bool done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.thd, uint8_t),
+      &sampled2, out2);
+  bool done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.f3, uint8_t),
+      &sampled3, out3);
+  while (true) {
+    if (done0) {
+      if (done1) {
+        if (done2) {
+          if (done3) {
+            break;
+          } else {
+            uint8_t_136size_t__x4 randomnesses =
+                libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4_fb(
+                    &state);
+            if (!done0) {
+              done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.fst,
+                                          uint8_t),
+                  &sampled0, out0);
+            }
+            if (!done1) {
+              done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.snd,
+                                          uint8_t),
+                  &sampled1, out1);
+            }
+            if (!done2) {
+              done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.thd,
+                                          uint8_t),
+                  &sampled2, out2);
+            }
+            if (!done3) {
+              done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.f3,
+                                          uint8_t),
+                  &sampled3, out3);
+            }
+          }
+        } else {
+          uint8_t_136size_t__x4 randomnesses =
+              libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4_fb(
+                  &state);
+          if (!done0) {
+            done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.fst,
+                                        uint8_t),
+                &sampled0, out0);
+          }
+          if (!done1) {
+            done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.snd,
+                                        uint8_t),
+                &sampled1, out1);
+          }
+          if (!done2) {
+            done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.thd,
+                                        uint8_t),
+                &sampled2, out2);
+          }
+          if (!done3) {
+            done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.f3, uint8_t),
+                &sampled3, out3);
+          }
+        }
+      } else {
+        uint8_t_136size_t__x4 randomnesses =
+            libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4_fb(
+                &state);
+        if (!done0) {
+          done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.fst, uint8_t),
+              &sampled0, out0);
+        }
+        if (!done1) {
+          done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.snd, uint8_t),
+              &sampled1, out1);
+        }
+        if (!done2) {
+          done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.thd, uint8_t),
+              &sampled2, out2);
+        }
+        if (!done3) {
+          done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.f3, uint8_t),
+              &sampled3, out3);
+        }
+      }
+    } else {
+      uint8_t_136size_t__x4 randomnesses =
+          libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_x4_fb(
+              &state);
+      if (!done0) {
+        done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.fst, uint8_t),
+            &sampled0, out0);
+      }
+      if (!done1) {
+        done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.snd, uint8_t),
+            &sampled1, out1);
+      }
+      if (!done2) {
+        done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.thd, uint8_t),
+            &sampled2, out2);
+      }
+      if (!done3) {
+        done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.f3, uint8_t),
+            &sampled3, out3);
+      }
+    }
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+          Eurydice_array_to_slice((size_t)263U, out0, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+          Eurydice_array_to_slice((size_t)263U, out1, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+          Eurydice_array_to_slice((size_t)263U, out2, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      lit;
+  lit.fst = uu____0;
+  lit.snd = uu____1;
+  lit.thd = uu____2;
+  lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+      Eurydice_array_to_slice((size_t)263U, out3, int32_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_4_by_4
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_ce0
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_4d(uint8_t seed_base[66U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base[66U];
+  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base, 0U, 1U, 2U, 3U);
+  s1[0U] = four.fst;
+  s1[1U] = four.snd;
+  s1[2U] = four.thd;
+  s1[3U] = four.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base0[66U];
+  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base0, 4U, 5U, 6U, 7U);
+  s2[0U] = four0.fst;
+  s2[1U] = four0.snd;
+  s2[2U] = four0.thd;
+  s2[3U] = four0.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  tuple_ce0 lit;
+  memcpy(
+      lit.fst, copy_of_s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.snd, copy_of_s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_5_by_6
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_ce0
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_5_by_6_4d(uint8_t seed_base[66U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base[66U];
+  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base, 0U, 1U, 2U, 3U);
+  s1[0U] = four.fst;
+  s1[1U] = four.snd;
+  s1[2U] = four.thd;
+  s1[3U] = four.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base0[66U];
+  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base0, 4U, 5U, 6U, 7U);
+  s1[4U] = four0.fst;
+  s2[0U] = four0.snd;
+  s2[1U] = four0.thd;
+  s2[2U] = four0.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base1[66U];
+  memcpy(copy_of_seed_base1, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four1 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base1, 8U, 9U, 10U, 11U);
+  s2[3U] = four1.fst;
+  s2[4U] = four1.snd;
+  s2[5U] = four1.thd;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  tuple_ce0 lit;
+  memcpy(
+      lit.fst, copy_of_s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.snd, copy_of_s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_7_by_8
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_ce0
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_4d(uint8_t seed_base[66U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base[66U];
+  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base, 0U, 1U, 2U, 3U);
+  s1[0U] = four.fst;
+  s1[1U] = four.snd;
+  s1[2U] = four.thd;
+  s1[3U] = four.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base0[66U];
+  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base0, 4U, 5U, 6U, 7U);
+  s1[4U] = four0.fst;
+  s1[5U] = four0.snd;
+  s1[6U] = four0.thd;
+  s2[0U] = four0.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base1[66U];
+  memcpy(copy_of_seed_base1, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four1 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base1, 8U, 9U, 10U, 11U);
+  s2[1U] = four1.fst;
+  s2[2U] = four1.snd;
+  s2[3U] = four1.thd;
+  s2[4U] = four1.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base2[66U];
+  memcpy(copy_of_seed_base2, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
+      four2 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
+          copy_of_seed_base2, 12U, 13U, 14U, 15U);
+  s2[5U] = four2.fst;
+  s2[6U] = four2.snd;
+  s2[7U] = four2.thd;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  tuple_ce0 lit;
+  memcpy(
+      lit.fst, copy_of_s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.snd, copy_of_s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_ce0
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(uint8_t seed[66U]) {
+  uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)5U, .snd = (uint8_t)(size_t)6U};
+  switch (uu____0.fst) {
+    case 4U: {
+      switch (uu____0.snd) {
+        case 4U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[66U];
+          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_4d(
+              copy_of_seed);
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 5U: {
+      switch (uu____0.snd) {
+        case 6U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[66U];
+          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_5_by_6_4d(
+              copy_of_seed);
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 7U: {
+      switch (uu____0.snd) {
+        case 8U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[66U];
+          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_4d(
+              copy_of_seed);
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    default: {
+    }
+  }
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Compute InvertNTT(Â ◦ ŝ₁) + s₂
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_As1_plus_s2
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_As1_plus_s2_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*A_as_ntt)[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *s1,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *s2,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "@Array<libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>["
+      "TraitClause@0, TraitClause@1], "
+      "C@1>>[core::marker::Sized<@Array<libcrux_ml_dsa::polynomial::"
+      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1], C@1>>] "
+      "enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+typedef struct
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst[6U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd[6U];
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.power2round_vector
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
+    libcrux_ml_dsa_arithmetic_power2round_vector_a3(
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t[6U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
+      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
+      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
+      "enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.verification_key.generate_serialized with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+- ROWS_IN_A= 6
+- VERIFICATION_KEY_SIZE= 1952
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_verification_key_generate_serialized_fe(
+    Eurydice_slice seed_for_A,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U],
+    uint8_t ret[1952U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
+      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
+      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
+      "enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256
+with const generics
+- OUTPUT_LENGTH= 64
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_simd256_shake256_24(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake256(
+      Eurydice_array_to_slice((size_t)64U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::simd256::Shake256)#1}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_d9
+with const generics
+- OUTPUT_LENGTH= 64
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_d9_24(Eurydice_slice input,
+                                                     uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_simd256_shake256_24(input, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.error.serialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ETA= 4
+- OUTPUT_SIZE= 128
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_error_serialize_a8(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re, uint8_t ret[128U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "T@0>[TraitClause@0] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t0.serialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t0_serialize_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re, uint8_t ret[416U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "T@0>[TraitClause@0] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.signing_key.generate_serialized with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9(
+    Eurydice_slice seed_for_A, Eurydice_slice seed_for_signing,
+    Eurydice_slice verification_key,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t0[6U],
+    uint8_t ret[4032U]) {
+  uint8_t signing_key_serialized[4032U] = {0U};
+  size_t offset = (size_t)0U;
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(
+          signing_key_serialized, offset,
+          offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t),
+      seed_for_A, uint8_t);
+  offset = offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE;
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(
+          signing_key_serialized, offset,
+          offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE, uint8_t),
+      seed_for_signing, uint8_t);
+  offset = offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE;
+  uint8_t verification_key_hash[64U] = {0U};
+  libcrux_ml_dsa_hash_functions_simd256_shake256_d9_24(verification_key,
+                                                       verification_key_hash);
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+      signing_key_serialized, offset,
+      offset + LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH,
+      uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_slice((size_t)64U, verification_key_hash, uint8_t),
+      uint8_t);
+  offset = offset + LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, s1,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t _cloop_i = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+        &s1[_cloop_i];
+    Eurydice_slice uu____1 = Eurydice_array_to_subslice2(
+        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
+    uint8_t ret0[128U];
+    libcrux_ml_dsa_encoding_error_serialize_a8(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____1, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+    offset = offset + (size_t)128U;
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, s2,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t _cloop_i = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+        &s2[_cloop_i];
+    Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
+        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
+    uint8_t ret0[128U];
+    libcrux_ml_dsa_encoding_error_serialize_a8(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____2, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+    offset = offset + (size_t)128U;
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, t0,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t _cloop_i = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+        &t0[_cloop_i];
+    Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
+        signing_key_serialized, offset,
+        offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE, uint8_t);
+    uint8_t ret0[416U];
+    libcrux_ml_dsa_encoding_t0_serialize_ea(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____3, Eurydice_array_to_slice((size_t)416U, ret0, uint8_t), uint8_t);
+    offset = offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE;
+  }
+  memcpy(ret, signing_key_serialized, (size_t)4032U * sizeof(uint8_t));
+}
+
+/**
+ Generate a key pair.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.generate_key_pair
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+- VERIFICATION_KEY_SIZE= 1952
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_a0
+libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(uint8_t randomness[32U]) {
+  uint8_t seed_expanded0[128U] = {0U};
+  libcrux_sha3_portable_incremental_Shake256Xof shake =
+      libcrux_ml_dsa_hash_functions_portable_init_83();
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake, Eurydice_array_to_slice((size_t)32U, randomness, uint8_t));
+  uint8_t buf[2U] = {(uint8_t)(size_t)6U, (uint8_t)(size_t)5U};
+  libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+      &shake, Eurydice_array_to_slice((size_t)2U, buf, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+      &shake, Eurydice_array_to_slice((size_t)128U, seed_expanded0, uint8_t));
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)128U, seed_expanded0, uint8_t),
+      LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_a = uu____0.fst;
+  Eurydice_slice seed_expanded = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      seed_expanded, LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_ERROR_VECTORS_SIZE,
+      uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_error_vectors = uu____1.fst;
+  Eurydice_slice seed_for_signing = uu____1.snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 a_as_ntt[6U][5U];
+  uint8_t ret[34U];
+  libcrux_ml_dsa_utils_into_padded_array_b6(seed_for_a, ret);
+  libcrux_ml_dsa_samplex4_matrix_A_fe(ret, a_as_ntt);
+  uint8_t ret0[66U];
+  libcrux_ml_dsa_utils_into_padded_array_20(seed_for_error_vectors, ret0);
+  tuple_ce0 uu____2 = libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(ret0);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U];
+  memcpy(
+      s1, uu____2.fst,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U];
+  memcpy(
+      s2, uu____2.snd,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t[6U];
+  libcrux_ml_dsa_matrix_compute_As1_plus_s2_fe(a_as_ntt, s1, s2, t);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t[6U];
+  memcpy(
+      copy_of_t, t,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
+      uu____4 = libcrux_ml_dsa_arithmetic_power2round_vector_a3(copy_of_t);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t0[6U];
+  memcpy(
+      t0, uu____4.fst,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U];
+  memcpy(
+      t1, uu____4.snd,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  Eurydice_slice uu____5 = seed_for_a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t1[6U];
+  memcpy(
+      copy_of_t1, t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  uint8_t verification_key_serialized[1952U];
+  libcrux_ml_dsa_encoding_verification_key_generate_serialized_fe(
+      uu____5, copy_of_t1, verification_key_serialized);
+  Eurydice_slice uu____7 = seed_for_a;
+  Eurydice_slice uu____8 = seed_for_signing;
+  Eurydice_slice uu____9 = Eurydice_array_to_slice(
+      (size_t)1952U, verification_key_serialized, uint8_t);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t0[6U];
+  memcpy(
+      copy_of_t0, t0,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  uint8_t signing_key_serialized[4032U];
+  libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9(
+      uu____7, uu____8, uu____9, copy_of_s1, copy_of_s2, copy_of_t0,
+      signing_key_serialized);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_signing_key_serialized[4032U];
+  memcpy(copy_of_signing_key_serialized, signing_key_serialized,
+         (size_t)4032U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_verification_key_serialized[1952U];
+  memcpy(copy_of_verification_key_serialized, verification_key_serialized,
+         (size_t)1952U * sizeof(uint8_t));
+  tuple_a0 lit;
+  memcpy(lit.fst, copy_of_signing_key_serialized,
+         (size_t)4032U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_verification_key_serialized,
+         (size_t)1952U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+ Generate key pair.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.avx2_feature.generate_key_pair
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+- VERIFICATION_KEY_SIZE= 1952
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline tuple_a0
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_generate_key_pair_52(
+    uint8_t randomness[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(copy_of_randomness);
+}
+
+/**
+ Generate key pair.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.generate_key_pair with const
+generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+- VERIFICATION_KEY_SIZE= 1952
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline tuple_a0
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_generate_key_pair_52(
+    uint8_t randomness[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_generate_key_pair_52(
+      copy_of_randomness);
+}
+
+/**
+ Generate an ML-DSA-65 Key Pair
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair
+libcrux_ml_dsa_ml_dsa_65_avx2_generate_key_pair(uint8_t randomness[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  tuple_a0 uu____1 =
+      libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_generate_key_pair_52(
+          copy_of_randomness);
+  uint8_t signing_key[4032U];
+  memcpy(signing_key, uu____1.fst, (size_t)4032U * sizeof(uint8_t));
+  uint8_t verification_key[1952U];
+  memcpy(verification_key, uu____1.snd, (size_t)1952U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_signing_key[4032U];
+  memcpy(copy_of_signing_key, signing_key, (size_t)4032U * sizeof(uint8_t));
+  libcrux_ml_dsa_types_MLDSASigningKey_22 uu____3 =
+      libcrux_ml_dsa_types_new_9b_09(copy_of_signing_key);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_verification_key[1952U];
+  memcpy(copy_of_verification_key, verification_key,
+         (size_t)1952U * sizeof(uint8_t));
+  libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair lit;
+  lit.signing_key = uu____3;
+  lit.verification_key =
+      libcrux_ml_dsa_types_new_66_97(copy_of_verification_key);
+  return lit;
+}
+
+/**
+ The internal signing API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+    uint8_t *signing_key, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t randomness[32U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"TODO: TraitTypes "
+      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
+      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
+      "TraitClause@1]::Residual\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_3f){.tag = None}));
+  Result_2e uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
+        domain_separation_context;
+    uint8_t *uu____2 = signing_key;
+    Eurydice_slice uu____3 = message;
+    Option_84 uu____4 = {.tag = Some, .f0 = domain_separation_context0};
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_randomness[32U];
+    memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+        uu____2, uu____3, uu____4, copy_of_randomness);
+  } else {
+    uu____1 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+  }
+  return uu____1;
+}
+
+/**
+ Sign.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.avx2_feature.sign with const
+generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_sign_ea(uu____0, uu____1, uu____2,
+                                               copy_of_randomness);
+}
+
+/**
+ Sign.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.sign
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_sign_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ Generate an ML-DSA-65 Signature
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
+    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_sign_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4,
+libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
+- PH_DIGEST_LEN= 256
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_2e
+libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(uint8_t *signing_key,
+                                                 Eurydice_slice message,
+                                                 Eurydice_slice context,
+                                                 uint8_t randomness[32U]) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "Eurydice error: Failure(\"expression_of_operand Constant: "
+                    "TraitClause@13OID\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Sign (pre-hashed).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.avx2_feature.sign_pre_hashed_shake128
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_pre_hashed_shake128_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ Sign (pre-hashed).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.sign_pre_hashed_shake128 with
+const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_sign_pre_hashed_shake128_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_pre_hashed_shake128_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign_pre_hashed_shake128(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
+    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_sign_pre_hashed_shake128_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ The internal verification API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_41
+libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t *signature_serialized) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"TODO: TraitTypes "
+      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
+      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
+      "TraitClause@1]::Residual\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Eurydice_slice context, uint8_t *signature_serialized) {
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_3f){.tag = None}));
+  Result_41 uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
+        domain_separation_context;
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+        verification_key_serialized, message,
+        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context0}),
+        signature_serialized);
+  } else {
+    uu____1 = (CLITERAL(Result_41){
+        .tag = Err,
+        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
+  }
+  return uu____1;
+}
+
+/**
+ Verify.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.avx2_feature.verify with const
+generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_01(
+    uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_verify_d1(verification_key, message,
+                                                 context, signature);
+}
+
+/**
+ Verify.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.verify with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_01(
+    uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_01(
+      verification_key, message, context, signature);
+}
+
+/**
+ Verify an ML-DSA-65 Signature
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_41 libcrux_ml_dsa_ml_dsa_65_avx2_verify(
+    libcrux_ml_dsa_types_MLDSAVerificationKey_ea *verification_key,
+    Eurydice_slice message, Eurydice_slice context,
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_01(
+      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_pre_hashed
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
+- PH_DIGEST_LEN= 256
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_41
+libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Eurydice_slice context, uint8_t *signature_serialized) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "Eurydice error: Failure(\"expression_of_operand Constant: "
+                    "TraitClause@11OID\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Verify (pre-hashed with SHAKE-128).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.avx2_feature.verify_pre_hashed_shake128
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_pre_hashed_shake128_01(
+    uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07(
+      verification_key, message, context, signature);
+}
+
+/**
+ Verify (pre-hashed with SHAKE-128).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.avx2.verify_pre_hashed_shake128
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_pre_hashed_shake128_01(
+    uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_pre_hashed_shake128_01(
+      verification_key, message, context, signature);
+}
+
+/**
+ Verify a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_65_avx2_verify_pre_hashed_shake128(
+    libcrux_ml_dsa_types_MLDSAVerificationKey_ea *verification_key,
+    Eurydice_slice message, Eurydice_slice context,
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_pre_hashed_shake128_01(
+      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline bool
+libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_is_bit_set(
+    size_t number, uint8_t bit_position) {
+  return (number & (size_t)1U << (uint32_t)bit_position) >>
+             (uint32_t)bit_position ==
+         (size_t)1U;
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void
+libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_generate_shuffle_table(
+    uint8_t ret[16U][16U]) {
+  uint8_t byte_shuffles[16U][16U] = {
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U},
+      {255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
+       255U, 255U, 255U, 255U}};
+  for (size_t i0 = (size_t)0U; i0 < (size_t)1U << 4U; i0++) {
+    size_t bit_pattern = i0;
+    size_t byte_shuffles_index = (size_t)0U;
+    for (uint8_t i = 0U; i < 4U; i = (uint32_t)i + 1U) {
+      uint8_t bit_position = i;
+      if (libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table_is_bit_set(
+              bit_pattern, bit_position)) {
+        byte_shuffles[bit_pattern][byte_shuffles_index] =
+            (uint32_t)bit_position * 4U;
+        byte_shuffles_index++;
+        byte_shuffles[bit_pattern][byte_shuffles_index] =
+            (uint32_t)bit_position * 4U + 1U;
+        byte_shuffles_index++;
+        byte_shuffles[bit_pattern][byte_shuffles_index] =
+            (uint32_t)bit_position * 4U + 2U;
+        byte_shuffles_index++;
+        byte_shuffles[bit_pattern][byte_shuffles_index] =
+            (uint32_t)bit_position * 4U + 3U;
+        byte_shuffles_index++;
+      }
+    }
+  }
+  memcpy(ret, byte_shuffles, (size_t)16U * sizeof(uint8_t[16U]));
+}
+
+/**
+This function found in impl {(core::clone::Clone for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)#1}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i libcrux_ml_dsa_simd_avx2_vector_type_clone_0f(
+    __m256i *self) {
+  return self[0U];
+}
+
+/**
+This function found in impl {(core::convert::From<core::core_arch::x86::__m256i>
+for libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline __m256i libcrux_ml_dsa_simd_avx2_vector_type_from_af(
+    __m256i coefficients) {
+  return coefficients;
+}
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __libcrux_mldsa65_avx2_H_DEFINED
+#endif
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
new file mode 100644
index 000000000..3bbbfd2e9
--- /dev/null
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -0,0 +1,6276 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ *
+ * This code was generated with the following revisions:
+ * Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+ * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+ * F*: b0961063393215ca65927f017720cb365a193833-dirty
+ * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ */
+
+#ifndef __libcrux_mldsa65_portable_H
+#define __libcrux_mldsa65_portable_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include "eurydice_glue.h"
+#include "libcrux_core.h"
+#include "libcrux_sha3_portable.h"
+
+#define LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT ((size_t)8U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U)
+
+#define LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT \
+  (LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT /    \
+   LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T ((size_t)13U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH \
+  ((size_t)23U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_UPPER_PART_OF_T         \
+  (LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH - \
+   LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH ((size_t)64U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN ((size_t)255U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS ((int32_t)8380417)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_KEY_GENERATION_RANDOMNESS_SIZE ((size_t)32U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_MASK_SEED_SIZE ((size_t)64U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_MESSAGE_REPRESENTATIVE_SIZE ((size_t)64U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_REJECTION_SAMPLE_BOUND_SIGN ((size_t)814U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE \
+  (LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T *     \
+   LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)8U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE \
+  (LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_UPPER_PART_OF_T *     \
+   LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)8U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE ((size_t)32U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_ERROR_VECTORS_SIZE ((size_t)64U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE ((size_t)32U)
+
+#define LIBCRUX_ML_DSA_CONSTANTS_SIGNING_RANDOMNESS_SIZE ((size_t)32U)
+
+#define LIBCRUX_ML_DSA_ENCODING_COMMITMENT_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
+  ((size_t)6U)
+
+#define LIBCRUX_ML_DSA_ENCODING_ERROR_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
+  ((size_t)4U)
+
+#define LIBCRUX_ML_DSA_ENCODING_GAMMA1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
+  ((size_t)20U)
+
+#define LIBCRUX_ML_DSA_ENCODING_T0_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
+  ((size_t)13U)
+
+#define LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
+  ((size_t)10U)
+
+typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128X4_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 state0;
+  libcrux_sha3_generic_keccak_KeccakState_17 state1;
+  libcrux_sha3_generic_keccak_KeccakState_17 state2;
+  libcrux_sha3_generic_keccak_KeccakState_17 state3;
+} libcrux_ml_dsa_hash_functions_portable_Shake128X4;
+
+static KRML_MUSTINLINE libcrux_ml_dsa_hash_functions_portable_Shake128X4
+libcrux_ml_dsa_hash_functions_portable_init_absorb(Eurydice_slice input0,
+                                                   Eurydice_slice input1,
+                                                   Eurydice_slice input2,
+                                                   Eurydice_slice input3) {
+  libcrux_sha3_generic_keccak_KeccakState_17 state0 =
+      libcrux_sha3_portable_incremental_shake128_init();
+  libcrux_sha3_portable_incremental_shake128_absorb_final(&state0, input0);
+  libcrux_sha3_generic_keccak_KeccakState_17 state1 =
+      libcrux_sha3_portable_incremental_shake128_init();
+  libcrux_sha3_portable_incremental_shake128_absorb_final(&state1, input1);
+  libcrux_sha3_generic_keccak_KeccakState_17 state2 =
+      libcrux_sha3_portable_incremental_shake128_init();
+  libcrux_sha3_portable_incremental_shake128_absorb_final(&state2, input2);
+  libcrux_sha3_generic_keccak_KeccakState_17 state3 =
+      libcrux_sha3_portable_incremental_shake128_init();
+  libcrux_sha3_portable_incremental_shake128_absorb_final(&state3, input3);
+  return (CLITERAL(libcrux_ml_dsa_hash_functions_portable_Shake128X4){
+      .state0 = state0, .state1 = state1, .state2 = state2, .state3 = state3});
+}
+
+typedef libcrux_sha3_portable_KeccakState
+    libcrux_ml_dsa_hash_functions_portable_Shake256;
+
+static KRML_MUSTINLINE libcrux_sha3_portable_KeccakState
+libcrux_ml_dsa_hash_functions_portable_init_absorb_final_shake256(
+    Eurydice_slice input) {
+  libcrux_sha3_generic_keccak_KeccakState_17 state =
+      libcrux_sha3_portable_incremental_shake256_init();
+  libcrux_sha3_portable_incremental_shake256_absorb_final(&state, input);
+  return state;
+}
+
+typedef struct libcrux_ml_dsa_hash_functions_portable_Shake256X4_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 state0;
+  libcrux_sha3_generic_keccak_KeccakState_17 state1;
+  libcrux_sha3_generic_keccak_KeccakState_17 state2;
+  libcrux_sha3_generic_keccak_KeccakState_17 state3;
+} libcrux_ml_dsa_hash_functions_portable_Shake256X4;
+
+static KRML_MUSTINLINE libcrux_ml_dsa_hash_functions_portable_Shake256X4
+libcrux_ml_dsa_hash_functions_portable_init_absorb_x4(Eurydice_slice input0,
+                                                      Eurydice_slice input1,
+                                                      Eurydice_slice input2,
+                                                      Eurydice_slice input3) {
+  libcrux_sha3_generic_keccak_KeccakState_17 state0 =
+      libcrux_sha3_portable_incremental_shake256_init();
+  libcrux_sha3_portable_incremental_shake256_absorb_final(&state0, input0);
+  libcrux_sha3_generic_keccak_KeccakState_17 state1 =
+      libcrux_sha3_portable_incremental_shake256_init();
+  libcrux_sha3_portable_incremental_shake256_absorb_final(&state1, input1);
+  libcrux_sha3_generic_keccak_KeccakState_17 state2 =
+      libcrux_sha3_portable_incremental_shake256_init();
+  libcrux_sha3_portable_incremental_shake256_absorb_final(&state2, input2);
+  libcrux_sha3_generic_keccak_KeccakState_17 state3 =
+      libcrux_sha3_portable_incremental_shake256_init();
+  libcrux_sha3_portable_incremental_shake256_absorb_final(&state3, input3);
+  return (CLITERAL(libcrux_ml_dsa_hash_functions_portable_Shake256X4){
+      .state0 = state0, .state1 = state1, .state2 = state2, .state3 = state3});
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_shake256(
+    libcrux_sha3_portable_KeccakState *state, uint8_t ret[136U]) {
+  uint8_t out[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+      state, Eurydice_array_to_slice((size_t)136U, out, uint8_t));
+  memcpy(ret, out, (size_t)136U * sizeof(uint8_t));
+}
+
+typedef struct uint8_t_136size_t__x4_s {
+  uint8_t fst[136U];
+  uint8_t snd[136U];
+  uint8_t thd[136U];
+  uint8_t f3[136U];
+} uint8_t_136size_t__x4;
+
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_x4(
+    libcrux_ml_dsa_hash_functions_portable_Shake256X4 *state) {
+  uint8_t out0[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+      &state->state0, Eurydice_array_to_slice((size_t)136U, out0, uint8_t));
+  uint8_t out1[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+      &state->state1, Eurydice_array_to_slice((size_t)136U, out1, uint8_t));
+  uint8_t out2[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+      &state->state2, Eurydice_array_to_slice((size_t)136U, out2, uint8_t));
+  uint8_t out3[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+      &state->state3, Eurydice_array_to_slice((size_t)136U, out3, uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[136U];
+  memcpy(copy_of_out0, out0, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[136U];
+  memcpy(copy_of_out1, out1, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[136U];
+  memcpy(copy_of_out2, out2, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out3[136U];
+  memcpy(copy_of_out3, out3, (size_t)136U * sizeof(uint8_t));
+  uint8_t_136size_t__x4 lit;
+  memcpy(lit.fst, copy_of_out0, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_out1, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.thd, copy_of_out2, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.f3, copy_of_out3, (size_t)136U * sizeof(uint8_t));
+  return lit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks(
+    libcrux_ml_dsa_hash_functions_portable_Shake128X4 *state, uint8_t *out0,
+    uint8_t *out1, uint8_t *out2, uint8_t *out3) {
+  libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
+      &state->state0, Eurydice_array_to_slice((size_t)840U, out0, uint8_t));
+  libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
+      &state->state1, Eurydice_array_to_slice((size_t)840U, out1, uint8_t));
+  libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
+      &state->state2, Eurydice_array_to_slice((size_t)840U, out2, uint8_t));
+  libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
+      &state->state3, Eurydice_array_to_slice((size_t)840U, out3, uint8_t));
+}
+
+typedef struct uint8_t_168size_t__x4_s {
+  uint8_t fst[168U];
+  uint8_t snd[168U];
+  uint8_t thd[168U];
+  uint8_t f3[168U];
+} uint8_t_168size_t__x4;
+
+static KRML_MUSTINLINE uint8_t_168size_t__x4
+libcrux_ml_dsa_hash_functions_portable_squeeze_next_block(
+    libcrux_ml_dsa_hash_functions_portable_Shake128X4 *state) {
+  uint8_t out0[168U] = {0U};
+  libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
+      &state->state0, Eurydice_array_to_slice((size_t)168U, out0, uint8_t));
+  uint8_t out1[168U] = {0U};
+  libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
+      &state->state1, Eurydice_array_to_slice((size_t)168U, out1, uint8_t));
+  uint8_t out2[168U] = {0U};
+  libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
+      &state->state2, Eurydice_array_to_slice((size_t)168U, out2, uint8_t));
+  uint8_t out3[168U] = {0U};
+  libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
+      &state->state3, Eurydice_array_to_slice((size_t)168U, out3, uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[168U];
+  memcpy(copy_of_out0, out0, (size_t)168U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[168U];
+  memcpy(copy_of_out1, out1, (size_t)168U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[168U];
+  memcpy(copy_of_out2, out2, (size_t)168U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out3[168U];
+  memcpy(copy_of_out3, out3, (size_t)168U * sizeof(uint8_t));
+  uint8_t_168size_t__x4 lit;
+  memcpy(lit.fst, copy_of_out0, (size_t)168U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_out1, (size_t)168U * sizeof(uint8_t));
+  memcpy(lit.thd, copy_of_out2, (size_t)168U * sizeof(uint8_t));
+  memcpy(lit.f3, copy_of_out3, (size_t)168U * sizeof(uint8_t));
+  return lit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_shake256(
+    libcrux_sha3_portable_KeccakState *state, uint8_t ret[136U]) {
+  uint8_t out[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+      state, Eurydice_array_to_slice((size_t)136U, out, uint8_t));
+  memcpy(ret, out, (size_t)136U * sizeof(uint8_t));
+}
+
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4(
+    libcrux_ml_dsa_hash_functions_portable_Shake256X4 *state) {
+  uint8_t out0[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+      &state->state0, Eurydice_array_to_slice((size_t)136U, out0, uint8_t));
+  uint8_t out1[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+      &state->state1, Eurydice_array_to_slice((size_t)136U, out1, uint8_t));
+  uint8_t out2[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+      &state->state2, Eurydice_array_to_slice((size_t)136U, out2, uint8_t));
+  uint8_t out3[136U] = {0U};
+  libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+      &state->state3, Eurydice_array_to_slice((size_t)136U, out3, uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[136U];
+  memcpy(copy_of_out0, out0, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[136U];
+  memcpy(copy_of_out1, out1, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[136U];
+  memcpy(copy_of_out2, out2, (size_t)136U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out3[136U];
+  memcpy(copy_of_out3, out3, (size_t)136U * sizeof(uint8_t));
+  uint8_t_136size_t__x4 lit;
+  memcpy(lit.fst, copy_of_out0, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_out1, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.thd, copy_of_out2, (size_t)136U * sizeof(uint8_t));
+  memcpy(lit.f3, copy_of_out3, (size_t)136U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake128X4)}
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_hash_functions_portable_Shake128X4
+libcrux_ml_dsa_hash_functions_portable_init_absorb_ed(Eurydice_slice input0,
+                                                      Eurydice_slice input1,
+                                                      Eurydice_slice input2,
+                                                      Eurydice_slice input3) {
+  return libcrux_ml_dsa_hash_functions_portable_init_absorb(input0, input1,
+                                                            input2, input3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake128X4)}
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
+    libcrux_ml_dsa_hash_functions_portable_Shake128X4 *self, uint8_t *out0,
+    uint8_t *out1, uint8_t *out2, uint8_t *out3) {
+  libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks(
+      self, out0, out1, out2, out3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake128X4)}
+*/
+static KRML_MUSTINLINE uint8_t_168size_t__x4
+libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+    libcrux_ml_dsa_hash_functions_portable_Shake128X4 *self) {
+  return libcrux_ml_dsa_hash_functions_portable_squeeze_next_block(self);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::portable::Shake256)#2}
+*/
+static KRML_MUSTINLINE libcrux_sha3_portable_KeccakState
+libcrux_ml_dsa_hash_functions_portable_init_absorb_final_5c(
+    Eurydice_slice input) {
+  return libcrux_ml_dsa_hash_functions_portable_init_absorb_final_shake256(
+      input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::portable::Shake256)#2}
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_5c(
+    libcrux_sha3_portable_KeccakState *self, uint8_t ret[136U]) {
+  libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_shake256(self,
+                                                                      ret);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::portable::Shake256)#2}
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_5c(
+    libcrux_sha3_portable_KeccakState *self, uint8_t ret[136U]) {
+  libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_shake256(self, ret);
+}
+
+typedef libcrux_sha3_portable_incremental_Shake256Xof
+    libcrux_ml_dsa_hash_functions_portable_Shake256Xof;
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::Xof for
+libcrux_ml_dsa::hash_functions::portable::Shake256Xof)#4}
+*/
+static inline void libcrux_ml_dsa_hash_functions_portable_absorb_83(
+    libcrux_sha3_portable_incremental_Shake256Xof *self, Eurydice_slice input) {
+  libcrux_sha3_portable_incremental_absorb_68(self, input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::Xof for
+libcrux_ml_dsa::hash_functions::portable::Shake256Xof)#4}
+*/
+static inline void libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+    libcrux_sha3_portable_incremental_Shake256Xof *self, Eurydice_slice input) {
+  libcrux_sha3_portable_incremental_absorb_final_68(self, input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::Xof for
+libcrux_ml_dsa::hash_functions::portable::Shake256Xof)#4}
+*/
+static inline libcrux_sha3_portable_incremental_Shake256Xof
+libcrux_ml_dsa_hash_functions_portable_init_83(void) {
+  return libcrux_sha3_portable_incremental_new_68();
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::Xof for
+libcrux_ml_dsa::hash_functions::portable::Shake256Xof)#4}
+*/
+static inline void libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+    libcrux_sha3_portable_incremental_Shake256Xof *self, Eurydice_slice out) {
+  libcrux_sha3_portable_incremental_squeeze_68(self, out);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake256X4)#3}
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_hash_functions_portable_Shake256X4
+libcrux_ml_dsa_hash_functions_portable_init_absorb_x4_50(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3) {
+  return libcrux_ml_dsa_hash_functions_portable_init_absorb_x4(input0, input1,
+                                                               input2, input3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake256X4)#3}
+*/
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_x4_50(
+    libcrux_ml_dsa_hash_functions_portable_Shake256X4 *self) {
+  return libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_x4(self);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake256X4)#3}
+*/
+static KRML_MUSTINLINE uint8_t_136size_t__x4
+libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4_50(
+    libcrux_ml_dsa_hash_functions_portable_Shake256X4 *self) {
+  return libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4(self);
+}
+
+#define LIBCRUX_ML_DSA_HASH_FUNCTIONS_SHAKE128_BLOCK_SIZE ((size_t)168U)
+
+#define LIBCRUX_ML_DSA_HASH_FUNCTIONS_SHAKE128_FIVE_BLOCKS_SIZE \
+  (LIBCRUX_ML_DSA_HASH_FUNCTIONS_SHAKE128_BLOCK_SIZE * (size_t)5U)
+
+#define LIBCRUX_ML_DSA_HASH_FUNCTIONS_SHAKE256_BLOCK_SIZE ((size_t)136U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_ONES_IN_VERIFIER_CHALLENGE ((size_t)49U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_ETA ((size_t)4U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_BETA                              \
+  ((int32_t)(LIBCRUX_ML_DSA_ML_DSA_65_ONES_IN_VERIFIER_CHALLENGE * \
+             LIBCRUX_ML_DSA_ML_DSA_65_ETA))
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_BITS_PER_COMMITMENT_COEFFICIENT ((size_t)4U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_BITS_PER_ERROR_COEFFICIENT ((size_t)4U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_BITS_PER_GAMMA1_COEFFICIENT ((size_t)20U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_COLUMNS_IN_A ((size_t)5U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_COMMITMENT_HASH_SIZE ((size_t)48U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_COMMITMENT_RING_ELEMENT_SIZE \
+  (LIBCRUX_ML_DSA_ML_DSA_65_BITS_PER_COMMITMENT_COEFFICIENT * \
+   LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)8U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_ROWS_IN_A ((size_t)6U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_COMMITMENT_VECTOR_SIZE    \
+  (LIBCRUX_ML_DSA_ML_DSA_65_COMMITMENT_RING_ELEMENT_SIZE * \
+   LIBCRUX_ML_DSA_ML_DSA_65_ROWS_IN_A)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_ERROR_RING_ELEMENT_SIZE \
+  (LIBCRUX_ML_DSA_ML_DSA_65_BITS_PER_ERROR_COEFFICIENT * \
+   LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)8U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_GAMMA1_EXPONENT ((size_t)19U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_GAMMA1_RING_ELEMENT_SIZE \
+  (LIBCRUX_ML_DSA_ML_DSA_65_BITS_PER_GAMMA1_COEFFICIENT * \
+   LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)8U)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_GAMMA2 \
+  ((LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS - (int32_t)1) / (int32_t)32)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_MAX_ONES_IN_HINT ((size_t)55U)
+
+typedef libcrux_ml_dsa_types_MLDSASigningKey_22
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65SigningKey;
+
+typedef libcrux_ml_dsa_types_MLDSAVerificationKey_ea
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65VerificationKey;
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_SIGNATURE_SIZE            \
+  (LIBCRUX_ML_DSA_ML_DSA_65_COMMITMENT_HASH_SIZE +         \
+   LIBCRUX_ML_DSA_ML_DSA_65_COLUMNS_IN_A *                 \
+       LIBCRUX_ML_DSA_ML_DSA_65_GAMMA1_RING_ELEMENT_SIZE + \
+   LIBCRUX_ML_DSA_ML_DSA_65_MAX_ONES_IN_HINT +             \
+   LIBCRUX_ML_DSA_ML_DSA_65_ROWS_IN_A)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_SIGNING_KEY_SIZE             \
+  (LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE +                 \
+   LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE +           \
+   LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH + \
+   (LIBCRUX_ML_DSA_ML_DSA_65_ROWS_IN_A +                      \
+    LIBCRUX_ML_DSA_ML_DSA_65_COLUMNS_IN_A) *                  \
+       LIBCRUX_ML_DSA_ML_DSA_65_ERROR_RING_ELEMENT_SIZE +     \
+   LIBCRUX_ML_DSA_ML_DSA_65_ROWS_IN_A *                       \
+       LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE)
+
+#define LIBCRUX_ML_DSA_ML_DSA_65_VERIFICATION_KEY_SIZE                \
+  (LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE +                         \
+   LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *            \
+       LIBCRUX_ML_DSA_ML_DSA_65_ROWS_IN_A *                           \
+       (LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH - \
+        LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T) /           \
+       (size_t)8U)
+
+static KRML_MUSTINLINE uint16_t
+libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t row, uint8_t column) {
+  return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U;
+}
+
+#define LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS ((int32_t)8380417)
+
+#define LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
+  (58728449ULL)
+
+typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s {
+  Eurydice_slice context;
+  Option_3f pre_hash_oid;
+} libcrux_ml_dsa_pre_hash_DomainSeparationContext;
+
+#define libcrux_ml_dsa_pre_hash_ContextTooLongError 0
+
+typedef uint8_t libcrux_ml_dsa_pre_hash_DomainSeparationError;
+
+/**
+A monomorphic instance of core.result.Result
+with types libcrux_ml_dsa_pre_hash_DomainSeparationContext,
+libcrux_ml_dsa_pre_hash_DomainSeparationError
+
+*/
+typedef struct Result_a8_s {
+  Result_a9_tags tag;
+  union {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationError case_Err;
+  } val;
+} Result_a8;
+
+/**
+ `context` must be at most 255 bytes long.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline Result_a8 libcrux_ml_dsa_pre_hash_new_45(Eurydice_slice context,
+                                                       Option_3f pre_hash_oid) {
+  Result_a8 uu____0;
+  if (Eurydice_slice_len(context, uint8_t) >
+      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
+    uu____0 = (CLITERAL(Result_a8){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_pre_hash_ContextTooLongError}});
+  } else {
+    uu____0 = (CLITERAL(Result_a8){
+        .tag = Ok,
+        .val = {
+            .case_Ok = {.context = context, .pre_hash_oid = pre_hash_oid}}});
+  }
+  return uu____0;
+}
+
+typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s {
+} libcrux_ml_dsa_pre_hash_SHAKE128_PH;
+
+typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_s {
+  int32_t coefficients[8U];
+} libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit;
+
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_vector_type_ZERO(void) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit lit;
+  lit.coefficients[0U] = (int32_t)0;
+  lit.coefficients[1U] = (int32_t)0;
+  lit.coefficients[2U] = (int32_t)0;
+  lit.coefficients[3U] = (int32_t)0;
+  lit.coefficients[4U] = (int32_t)0;
+  lit.coefficients[5U] = (int32_t)0;
+  lit.coefficients[6U] = (int32_t)0;
+  lit.coefficients[7U] = (int32_t)0;
+  return lit;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_ZERO_36(void) {
+  return libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+}
+
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_vector_type_from_coefficient_array(
+    Eurydice_slice array) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit lit;
+  int32_t ret[8U];
+  Result_6c dst;
+  Eurydice_slice_to_array2(
+      &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)8U, int32_t),
+      Eurydice_slice, int32_t[8U]);
+  unwrap_26_55(dst, ret);
+  memcpy(lit.coefficients, ret, (size_t)8U * sizeof(int32_t));
+  return lit;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_from_coefficient_array_36(Eurydice_slice array) {
+  return libcrux_ml_dsa_simd_portable_vector_type_from_coefficient_array(array);
+}
+
+static inline void
+libcrux_ml_dsa_simd_portable_vector_type_to_coefficient_array(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *x,
+    int32_t ret[8U]) {
+  memcpy(ret, x->coefficients, (size_t)8U * sizeof(int32_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline void libcrux_ml_dsa_simd_portable_to_coefficient_array_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *self,
+    int32_t ret[8U]) {
+  libcrux_ml_dsa_simd_portable_vector_type_to_coefficient_array(self, ret);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_arithmetic_add(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *lhs,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *rhs) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit sum =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)8U, sum.coefficients, int32_t),
+               int32_t);
+       i++) {
+    size_t i0 = i;
+    sum.coefficients[i0] = lhs->coefficients[i0] + rhs->coefficients[i0];
+  }
+  return sum;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_add_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *lhs,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *rhs) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_add(lhs, rhs);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_arithmetic_subtract(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *lhs,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *rhs) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit difference =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, difference.coefficients, int32_t),
+                              int32_t);
+       i++) {
+    size_t i0 = i;
+    difference.coefficients[i0] = lhs->coefficients[i0] - rhs->coefficients[i0];
+  }
+  return difference;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_subtract_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *lhs,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *rhs) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_subtract(lhs, rhs);
+}
+
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_simd_portable_arithmetic_infinity_norm_exceeds(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t bound) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "Eurydice error: Failure(\"TODO: TraitTypes "
+                    "core::array::iter::{core::iter::traits::iterator::"
+                    "Iterator for core::array::iter::IntoIter<T, "
+                    "N>[TraitClause@0]}#2<T@0, C@0>[TraitClause@0]::Item\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline bool libcrux_ml_dsa_simd_portable_infinity_norm_exceeds_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t bound) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_infinity_norm_exceeds(
+      simd_unit, bound);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (32U)
+
+static KRML_MUSTINLINE uint64_t
+libcrux_ml_dsa_simd_portable_arithmetic_get_n_least_significant_bits(
+    uint8_t n, uint64_t value) {
+  return value & ((1ULL << (uint32_t)n) - 1ULL);
+}
+
+static KRML_MUSTINLINE int32_t
+libcrux_ml_dsa_simd_portable_arithmetic_montgomery_reduce_element(
+    int64_t value) {
+  uint64_t t =
+      libcrux_ml_dsa_simd_portable_arithmetic_get_n_least_significant_bits(
+          LIBCRUX_ML_DSA_SIMD_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT,
+          (uint64_t)value) *
+      LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R;
+  int32_t k = (int32_t)
+      libcrux_ml_dsa_simd_portable_arithmetic_get_n_least_significant_bits(
+          LIBCRUX_ML_DSA_SIMD_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT, t);
+  int64_t k_times_modulus =
+      (int64_t)k * (int64_t)LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS;
+  int32_t c =
+      (int32_t)(k_times_modulus >>
+                (uint32_t)
+                    LIBCRUX_ML_DSA_SIMD_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
+  int32_t value_high =
+      (int32_t)(value >>
+                (uint32_t)
+                    LIBCRUX_ML_DSA_SIMD_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
+  return value_high - c;
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *lhs,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *rhs) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit product =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, product.coefficients, int32_t),
+                              int32_t);
+       i++) {
+    size_t i0 = i;
+    product.coefficients[i0] =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_reduce_element(
+            (int64_t)lhs->coefficients[i0] * (int64_t)rhs->coefficients[i0]);
+  }
+  return product;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_montgomery_multiply_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit lhs,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit rhs) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply(&lhs,
+                                                                     &rhs);
+}
+
+static KRML_MUSTINLINE int32_t
+libcrux_ml_dsa_simd_portable_arithmetic_reduce_element(int32_t fe) {
+  int32_t quotient = (fe + ((int32_t)1 << 22U)) >> 23U;
+  return fe - quotient * LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS;
+}
+
+typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2_s {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit fst;
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit snd;
+} libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2;
+
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2
+libcrux_ml_dsa_simd_portable_arithmetic_power2round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::array::iter::{core::iter::traits::iterator::Iterator for "
+      "core::array::iter::IntoIter<T, N>[TraitClause@0]}#2<i32, 8: "
+      "usize>[core::marker::Sized<i32>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2
+libcrux_ml_dsa_simd_portable_power2round_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_power2round(simd_unit);
+}
+
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_field_modulus(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  size_t sampled = (size_t)0U;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)3U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice bytes = uu____0.f0;
+      int32_t b0 =
+          (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
+      int32_t b1 =
+          (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *);
+      int32_t b2 =
+          (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *);
+      int32_t coefficient = ((b2 << 16U | b1 << 8U) | b0) & (int32_t)8388607;
+      if (coefficient < LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS) {
+        Eurydice_slice_index(out, sampled, int32_t, int32_t *) = coefficient;
+        sampled++;
+      }
+    }
+  }
+  return sampled;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline size_t
+libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  return libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_field_modulus(
+      randomness, out);
+}
+
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_eta_equals_2(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  size_t sampled = (size_t)0U;
+  core_slice_iter_Iter iter =
+      core_slice_iter___core__iter__traits__collect__IntoIterator_for___a___Slice_T____1__into_iter(
+          randomness, uint8_t, core_slice_iter_Iter);
+  while (true) {
+    Option_3f uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Iter__a__T__TraitClause_0___182__next(
+            &iter, uint8_t, Option_3f);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      uint8_t *byte = uu____0.f0;
+      uint8_t try_0 = Eurydice_bitand_pv_u8(byte, 15U);
+      uint8_t try_1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
+      if (try_0 < 15U) {
+        int32_t try_00 = (int32_t)try_0;
+        int32_t try_0_mod_5 =
+            try_00 - (try_00 * (int32_t)26 >> 7U) * (int32_t)5;
+        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+            (int32_t)2 - try_0_mod_5;
+        sampled++;
+      }
+      if (try_1 < 15U) {
+        int32_t try_10 = (int32_t)try_1;
+        int32_t try_1_mod_5 =
+            try_10 - (try_10 * (int32_t)26 >> 7U) * (int32_t)5;
+        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+            (int32_t)2 - try_1_mod_5;
+        sampled++;
+      }
+    }
+  }
+  return sampled;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline size_t
+libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_2_36(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  return libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_eta_equals_2(
+      randomness, out);
+}
+
+static KRML_MUSTINLINE size_t
+libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_eta_equals_4(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  size_t sampled = (size_t)0U;
+  core_slice_iter_Iter iter =
+      core_slice_iter___core__iter__traits__collect__IntoIterator_for___a___Slice_T____1__into_iter(
+          randomness, uint8_t, core_slice_iter_Iter);
+  while (true) {
+    Option_3f uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Iter__a__T__TraitClause_0___182__next(
+            &iter, uint8_t, Option_3f);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      uint8_t *byte = uu____0.f0;
+      uint8_t try_0 = Eurydice_bitand_pv_u8(byte, 15U);
+      uint8_t try_1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
+      if (try_0 < 9U) {
+        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+            (int32_t)4 - (int32_t)try_0;
+        sampled++;
+      }
+      if (try_1 < 9U) {
+        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+            (int32_t)4 - (int32_t)try_1;
+        sampled++;
+      }
+    }
+  }
+  return sampled;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline size_t
+libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_4_36(
+    Eurydice_slice randomness, Eurydice_slice out) {
+  return libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_eta_equals_4(
+      randomness, out);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_when_gamma1_is_2_pow_17(
+    Eurydice_slice serialized) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
+      "u8>[core::marker::Sized<u8>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_when_gamma1_is_2_pow_19(
+    Eurydice_slice serialized) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
+      "u8>[core::marker::Sized<u8>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA \
+  ((int32_t)2)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA \
+  ((int32_t)2)
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_error_deserialize_when_eta_is_2(
+    Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  int32_t byte0 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)0U, uint8_t, uint8_t *);
+  int32_t byte1 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)1U, uint8_t, uint8_t *);
+  int32_t byte2 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)2U, uint8_t, uint8_t *);
+  simd_unit.coefficients[0U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      (byte0 & (int32_t)7);
+  simd_unit.coefficients[1U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      (byte0 >> 3U & (int32_t)7);
+  simd_unit.coefficients[2U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      ((byte0 >> 6U | byte1 << 2U) & (int32_t)7);
+  simd_unit.coefficients[3U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      (byte1 >> 1U & (int32_t)7);
+  simd_unit.coefficients[4U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      (byte1 >> 4U & (int32_t)7);
+  simd_unit.coefficients[5U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      ((byte1 >> 7U | byte2 << 1U) & (int32_t)7);
+  simd_unit.coefficients[6U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      (byte2 >> 2U & (int32_t)7);
+  simd_unit.coefficients[7U] =
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA -
+      (byte2 >> 5U & (int32_t)7);
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_error_deserialize_when_eta_is_4(
+    Eurydice_slice serialized) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "u8>[core::marker::Sized<u8>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+static KRML_MUSTINLINE int32_t
+libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(int32_t t0) {
+  return ((int32_t)1
+          << (uint32_t)(LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T -
+                        (size_t)1U)) -
+         t0;
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_encoding_t0_serialize(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    uint8_t ret[13U]) {
+  uint8_t serialized[13U] = {0U};
+  int32_t coefficient0 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[0U]);
+  int32_t coefficient1 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[1U]);
+  int32_t coefficient2 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[2U]);
+  int32_t coefficient3 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[3U]);
+  int32_t coefficient4 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[4U]);
+  int32_t coefficient5 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[5U]);
+  int32_t coefficient6 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[6U]);
+  int32_t coefficient7 =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(
+          simd_unit.coefficients[7U]);
+  serialized[0U] = (uint8_t)coefficient0;
+  serialized[1U] = (uint8_t)(coefficient0 >> 8U);
+  size_t uu____0 = (size_t)1U;
+  serialized[uu____0] =
+      (uint32_t)serialized[uu____0] | (uint32_t)(uint8_t)(coefficient1 << 5U);
+  serialized[2U] = (uint8_t)(coefficient1 >> 3U);
+  serialized[3U] = (uint8_t)(coefficient1 >> 11U);
+  size_t uu____1 = (size_t)3U;
+  serialized[uu____1] =
+      (uint32_t)serialized[uu____1] | (uint32_t)(uint8_t)(coefficient2 << 2U);
+  serialized[4U] = (uint8_t)(coefficient2 >> 6U);
+  size_t uu____2 = (size_t)4U;
+  serialized[uu____2] =
+      (uint32_t)serialized[uu____2] | (uint32_t)(uint8_t)(coefficient3 << 7U);
+  serialized[5U] = (uint8_t)(coefficient3 >> 1U);
+  serialized[6U] = (uint8_t)(coefficient3 >> 9U);
+  size_t uu____3 = (size_t)6U;
+  serialized[uu____3] =
+      (uint32_t)serialized[uu____3] | (uint32_t)(uint8_t)(coefficient4 << 4U);
+  serialized[7U] = (uint8_t)(coefficient4 >> 4U);
+  serialized[8U] = (uint8_t)(coefficient4 >> 12U);
+  size_t uu____4 = (size_t)8U;
+  serialized[uu____4] =
+      (uint32_t)serialized[uu____4] | (uint32_t)(uint8_t)(coefficient5 << 1U);
+  serialized[9U] = (uint8_t)(coefficient5 >> 7U);
+  size_t uu____5 = (size_t)9U;
+  serialized[uu____5] =
+      (uint32_t)serialized[uu____5] | (uint32_t)(uint8_t)(coefficient6 << 6U);
+  serialized[10U] = (uint8_t)(coefficient6 >> 2U);
+  serialized[11U] = (uint8_t)(coefficient6 >> 10U);
+  size_t uu____6 = (size_t)11U;
+  serialized[uu____6] =
+      (uint32_t)serialized[uu____6] | (uint32_t)(uint8_t)(coefficient7 << 3U);
+  serialized[12U] = (uint8_t)(coefficient7 >> 5U);
+  memcpy(ret, serialized, (size_t)13U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline void libcrux_ml_dsa_simd_portable_t0_serialize_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    uint8_t ret[13U]) {
+  libcrux_ml_dsa_simd_portable_encoding_t0_serialize(simd_unit, ret);
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK \
+  (((int32_t)1 << (uint32_t)(int32_t)                                                     \
+        LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T) -                               \
+   (int32_t)1)
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_t0_deserialize(
+    Eurydice_slice serialized) {
+  int32_t byte0 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)0U, uint8_t, uint8_t *);
+  int32_t byte1 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)1U, uint8_t, uint8_t *);
+  int32_t byte2 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)2U, uint8_t, uint8_t *);
+  int32_t byte3 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)3U, uint8_t, uint8_t *);
+  int32_t byte4 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)4U, uint8_t, uint8_t *);
+  int32_t byte5 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)5U, uint8_t, uint8_t *);
+  int32_t byte6 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)6U, uint8_t, uint8_t *);
+  int32_t byte7 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)7U, uint8_t, uint8_t *);
+  int32_t byte8 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)8U, uint8_t, uint8_t *);
+  int32_t byte9 =
+      (int32_t)Eurydice_slice_index(serialized, (size_t)9U, uint8_t, uint8_t *);
+  int32_t byte10 = (int32_t)Eurydice_slice_index(serialized, (size_t)10U,
+                                                 uint8_t, uint8_t *);
+  int32_t byte11 = (int32_t)Eurydice_slice_index(serialized, (size_t)11U,
+                                                 uint8_t, uint8_t *);
+  int32_t byte12 = (int32_t)Eurydice_slice_index(serialized, (size_t)12U,
+                                                 uint8_t, uint8_t *);
+  int32_t coefficient0 = byte0;
+  coefficient0 = coefficient0 | byte1 << 8U;
+  coefficient0 =
+      coefficient0 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient1 = byte1 >> 5U;
+  coefficient1 = coefficient1 | byte2 << 3U;
+  coefficient1 = coefficient1 | byte3 << 11U;
+  coefficient1 =
+      coefficient1 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient2 = byte3 >> 2U;
+  coefficient2 = coefficient2 | byte4 << 6U;
+  coefficient2 =
+      coefficient2 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient3 = byte4 >> 7U;
+  coefficient3 = coefficient3 | byte5 << 1U;
+  coefficient3 = coefficient3 | byte6 << 9U;
+  coefficient3 =
+      coefficient3 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient4 = byte6 >> 4U;
+  coefficient4 = coefficient4 | byte7 << 4U;
+  coefficient4 = coefficient4 | byte8 << 12U;
+  coefficient4 =
+      coefficient4 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient5 = byte8 >> 1U;
+  coefficient5 = coefficient5 | byte9 << 7U;
+  coefficient5 =
+      coefficient5 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient6 = byte9 >> 6U;
+  coefficient6 = coefficient6 | byte10 << 2U;
+  coefficient6 = coefficient6 | byte11 << 10U;
+  coefficient6 =
+      coefficient6 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  int32_t coefficient7 = byte11 >> 3U;
+  coefficient7 = coefficient7 | byte12 << 5U;
+  coefficient7 =
+      coefficient7 &
+      LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_T0_DESERIALIZE_BITS_IN_LOWER_PART_OF_T_MASK;
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  simd_unit.coefficients[0U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient0);
+  simd_unit.coefficients[1U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient1);
+  simd_unit.coefficients[2U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient2);
+  simd_unit.coefficients[3U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient3);
+  simd_unit.coefficients[4U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient4);
+  simd_unit.coefficients[5U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient5);
+  simd_unit.coefficients[6U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient6);
+  simd_unit.coefficients[7U] =
+      libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(coefficient7);
+  return simd_unit;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_t0_deserialize_36(Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_portable_encoding_t0_deserialize(serialized);
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_encoding_t1_serialize(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    uint8_t ret[10U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
+      "i32>[core::marker::Sized<i32>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline void libcrux_ml_dsa_simd_portable_t1_serialize_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    uint8_t ret[10U]) {
+  libcrux_ml_dsa_simd_portable_encoding_t1_serialize(simd_unit, ret);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_t1_deserialize(
+    Eurydice_slice serialized) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
+      "u8>[core::marker::Sized<u8>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_t1_deserialize_36(Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_portable_encoding_t1_deserialize(serialized);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t c) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t);
+       i++) {
+    size_t i0 = i;
+    simd_unit.coefficients[i0] =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_reduce_element(
+            (int64_t)simd_unit.coefficients[i0] * (int64_t)c);
+  }
+  return simd_unit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 16
+- ZETA= 25847
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_99(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)16U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)16U], (int32_t)25847);
+    re[j + (size_t)16U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_7(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_99(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 8
+- ZETA= -2608894
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_990(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)8U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)8U], (int32_t)-2608894);
+    re[j + (size_t)8U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 8
+- ZETA= -518909
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)8U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)8U], (int32_t)-518909);
+    re[j + (size_t)8U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_6(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_990(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 4
+- ZETA= 237124
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_991(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)4U], (int32_t)237124);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 4
+- ZETA= -777960
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a8(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)4U], (int32_t)-777960);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 4
+- ZETA= -876248
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)4U], (int32_t)-876248);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 4
+- ZETA= 466468
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_d9(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)4U], (int32_t)466468);
+    re[j + (size_t)4U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_5(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_991(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a8(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a0(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_d9(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 2
+- ZETA= 1826347
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_992(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)1826347);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 4
+- STEP_BY= 2
+- ZETA= 2353451
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_6b(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)4U; i < (size_t)4U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)2353451);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 2
+- ZETA= -359251
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)-359251);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 12
+- STEP_BY= 2
+- ZETA= -2091905
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_95(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)12U; i < (size_t)12U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)-2091905);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 2
+- ZETA= 3119733
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)3119733);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 20
+- STEP_BY= 2
+- ZETA= -2884855
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_de(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)20U; i < (size_t)20U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)-2884855);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 2
+- ZETA= 3111497
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_d90(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)3111497);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 28
+- STEP_BY= 2
+- ZETA= 2680103
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3b(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)28U; i < (size_t)28U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)2U], (int32_t)2680103);
+    re[j + (size_t)2U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_4(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_992(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_6b(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a80(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_95(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a1(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_de(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_d90(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3b(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 1
+- ZETA= 2725464
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_993(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)2725464);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 2
+- STEP_BY= 1
+- ZETA= 1024112
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_1c(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)2U; i < (size_t)2U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)1024112);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 4
+- STEP_BY= 1
+- ZETA= -1079900
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_6b0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)4U; i < (size_t)4U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-1079900);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 6
+- STEP_BY= 1
+- ZETA= 3585928
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_44(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)6U; i < (size_t)6U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)3585928);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 1
+- ZETA= -549488
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a81(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-549488);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 10
+- STEP_BY= 1
+- ZETA= -1119584
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_1f(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)10U; i < (size_t)10U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-1119584);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 12
+- STEP_BY= 1
+- ZETA= 2619752
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_950(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)12U; i < (size_t)12U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)2619752);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 14
+- STEP_BY= 1
+- ZETA= -2108549
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3b0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)14U; i < (size_t)14U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-2108549);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 1
+- ZETA= -2118186
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-2118186);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 18
+- STEP_BY= 1
+- ZETA= -3859737
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_e4(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)18U; i < (size_t)18U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-3859737);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 20
+- STEP_BY= 1
+- ZETA= -1399561
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_de0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)20U; i < (size_t)20U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-1399561);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 22
+- STEP_BY= 1
+- ZETA= -3277672
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_05(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)22U; i < (size_t)22U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-3277672);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 1
+- ZETA= 1757237
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_d91(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)1757237);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 26
+- STEP_BY= 1
+- ZETA= -19422
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3a(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)26U; i < (size_t)26U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)-19422);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 28
+- STEP_BY= 1
+- ZETA= 4010497
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3b1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)28U; i < (size_t)28U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)4010497);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.ntt.outer_3_plus
+with const generics
+- OFFSET= 30
+- STEP_BY= 1
+- ZETA= 280005
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)30U; i < (size_t)30U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[j + (size_t)1U], (int32_t)280005);
+    re[j + (size_t)1U] =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j], &t);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j], &t);
+    re[j] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_3(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_993(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_1c(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_6b0(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_44(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a81(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_1f(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_950(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3b0(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_7a2(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_e4(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_de0(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_05(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_d91(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3a(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_3b1(re);
+  libcrux_ml_dsa_simd_portable_ntt_outer_3_plus_a0(re);
+}
+
+static KRML_MUSTINLINE int32_t
+libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+    int32_t fe, int32_t fer) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_montgomery_reduce_element(
+      (int64_t)fe * (int64_t)fer);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_ntt_simd_unit_ntt_at_layer_2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t zeta) {
+  int32_t t =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[4U], zeta);
+  simd_unit.coefficients[4U] = simd_unit.coefficients[0U] - t;
+  simd_unit.coefficients[0U] = simd_unit.coefficients[0U] + t;
+  int32_t t0 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[5U], zeta);
+  simd_unit.coefficients[5U] = simd_unit.coefficients[1U] - t0;
+  simd_unit.coefficients[1U] = simd_unit.coefficients[1U] + t0;
+  int32_t t1 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[6U], zeta);
+  simd_unit.coefficients[6U] = simd_unit.coefficients[2U] - t1;
+  simd_unit.coefficients[2U] = simd_unit.coefficients[2U] + t1;
+  int32_t t2 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[7U], zeta);
+  simd_unit.coefficients[7U] = simd_unit.coefficients[3U] - t2;
+  simd_unit.coefficients[3U] = simd_unit.coefficients[3U] + t2;
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re, size_t index,
+    int32_t zeta) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+      libcrux_ml_dsa_simd_portable_ntt_simd_unit_ntt_at_layer_2(re[index],
+                                                                zeta);
+  re[index] = uu____0;
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)0U,
+                                                        (int32_t)2706023);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)1U,
+                                                        (int32_t)95776);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)2U,
+                                                        (int32_t)3077325);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)3U,
+                                                        (int32_t)3530437);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)4U,
+                                                        (int32_t)-1661693);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)5U,
+                                                        (int32_t)-3592148);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)6U,
+                                                        (int32_t)-2537516);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)7U,
+                                                        (int32_t)3915439);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)8U,
+                                                        (int32_t)-3861115);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)9U,
+                                                        (int32_t)-3043716);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)10U,
+                                                        (int32_t)3574422);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)11U,
+                                                        (int32_t)-2867647);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)12U,
+                                                        (int32_t)3539968);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)13U,
+                                                        (int32_t)-300467);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)14U,
+                                                        (int32_t)2348700);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)15U,
+                                                        (int32_t)-539299);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)16U,
+                                                        (int32_t)-1699267);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)17U,
+                                                        (int32_t)-1643818);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)18U,
+                                                        (int32_t)3505694);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)19U,
+                                                        (int32_t)-3821735);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)20U,
+                                                        (int32_t)3507263);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)21U,
+                                                        (int32_t)-2140649);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)22U,
+                                                        (int32_t)-1600420);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)23U,
+                                                        (int32_t)3699596);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)24U,
+                                                        (int32_t)811944);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)25U,
+                                                        (int32_t)531354);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)26U,
+                                                        (int32_t)954230);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)27U,
+                                                        (int32_t)3881043);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)28U,
+                                                        (int32_t)3900724);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)29U,
+                                                        (int32_t)-2556880);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)30U,
+                                                        (int32_t)2071892);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2_round(re, (size_t)31U,
+                                                        (int32_t)-2797779);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_ntt_simd_unit_ntt_at_layer_1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t zeta1, int32_t zeta2) {
+  int32_t t =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[2U], zeta1);
+  simd_unit.coefficients[2U] = simd_unit.coefficients[0U] - t;
+  simd_unit.coefficients[0U] = simd_unit.coefficients[0U] + t;
+  int32_t t0 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[3U], zeta1);
+  simd_unit.coefficients[3U] = simd_unit.coefficients[1U] - t0;
+  simd_unit.coefficients[1U] = simd_unit.coefficients[1U] + t0;
+  int32_t t1 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[6U], zeta2);
+  simd_unit.coefficients[6U] = simd_unit.coefficients[4U] - t1;
+  simd_unit.coefficients[4U] = simd_unit.coefficients[4U] + t1;
+  int32_t t2 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[7U], zeta2);
+  simd_unit.coefficients[7U] = simd_unit.coefficients[5U] - t2;
+  simd_unit.coefficients[5U] = simd_unit.coefficients[5U] + t2;
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re, size_t index,
+    int32_t zeta_0, int32_t zeta_1) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+      libcrux_ml_dsa_simd_portable_ntt_simd_unit_ntt_at_layer_1(re[index],
+                                                                zeta_0, zeta_1);
+  re[index] = uu____0;
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)0U, (int32_t)-3930395, (int32_t)-1528703);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)1U, (int32_t)-3677745, (int32_t)-3041255);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)2U, (int32_t)-1452451, (int32_t)3475950);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)3U, (int32_t)2176455, (int32_t)-1585221);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)4U, (int32_t)-1257611, (int32_t)1939314);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)5U, (int32_t)-4083598, (int32_t)-1000202);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)6U, (int32_t)-3190144, (int32_t)-3157330);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)7U, (int32_t)-3632928, (int32_t)126922);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)8U, (int32_t)3412210, (int32_t)-983419);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)9U, (int32_t)2147896, (int32_t)2715295);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)10U, (int32_t)-2967645, (int32_t)-3693493);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)11U, (int32_t)-411027, (int32_t)-2477047);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)12U, (int32_t)-671102, (int32_t)-1228525);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)13U, (int32_t)-22981, (int32_t)-1308169);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)14U, (int32_t)-381987, (int32_t)1349076);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)15U, (int32_t)1852771, (int32_t)-1430430);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)16U, (int32_t)-3343383, (int32_t)264944);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)17U, (int32_t)508951, (int32_t)3097992);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)18U, (int32_t)44288, (int32_t)-1100098);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)19U, (int32_t)904516, (int32_t)3958618);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)20U, (int32_t)-3724342, (int32_t)-8578);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)21U, (int32_t)1653064, (int32_t)-3249728);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)22U, (int32_t)2389356, (int32_t)-210977);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)23U, (int32_t)759969, (int32_t)-1316856);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)24U, (int32_t)189548, (int32_t)-3553272);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)25U, (int32_t)3159746, (int32_t)-1851402);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)26U, (int32_t)-2409325, (int32_t)-177440);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)27U, (int32_t)1315589, (int32_t)1341330);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)28U, (int32_t)1285669, (int32_t)-1584928);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)29U, (int32_t)-812732, (int32_t)-1439742);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)30U, (int32_t)-3019102, (int32_t)-3881060);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1_round(
+      re, (size_t)31U, (int32_t)-3628969, (int32_t)3839961);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_ntt_simd_unit_ntt_at_layer_0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t zeta0, int32_t zeta1, int32_t zeta2, int32_t zeta3) {
+  int32_t t =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[1U], zeta0);
+  simd_unit.coefficients[1U] = simd_unit.coefficients[0U] - t;
+  simd_unit.coefficients[0U] = simd_unit.coefficients[0U] + t;
+  int32_t t0 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[3U], zeta1);
+  simd_unit.coefficients[3U] = simd_unit.coefficients[2U] - t0;
+  simd_unit.coefficients[2U] = simd_unit.coefficients[2U] + t0;
+  int32_t t1 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[5U], zeta2);
+  simd_unit.coefficients[5U] = simd_unit.coefficients[4U] - t1;
+  simd_unit.coefficients[4U] = simd_unit.coefficients[4U] + t1;
+  int32_t t2 =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          simd_unit.coefficients[7U], zeta3);
+  simd_unit.coefficients[7U] = simd_unit.coefficients[6U] - t2;
+  simd_unit.coefficients[6U] = simd_unit.coefficients[6U] + t2;
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re, size_t index,
+    int32_t zeta_0, int32_t zeta_1, int32_t zeta_2, int32_t zeta_3) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+      libcrux_ml_dsa_simd_portable_ntt_simd_unit_ntt_at_layer_0(
+          re[index], zeta_0, zeta_1, zeta_2, zeta_3);
+  re[index] = uu____0;
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)0U, (int32_t)2091667, (int32_t)3407706, (int32_t)2316500,
+      (int32_t)3817976);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)1U, (int32_t)-3342478, (int32_t)2244091, (int32_t)-2446433,
+      (int32_t)-3562462);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)2U, (int32_t)266997, (int32_t)2434439, (int32_t)-1235728,
+      (int32_t)3513181);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)3U, (int32_t)-3520352, (int32_t)-3759364, (int32_t)-1197226,
+      (int32_t)-3193378);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)4U, (int32_t)900702, (int32_t)1859098, (int32_t)909542,
+      (int32_t)819034);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)5U, (int32_t)495491, (int32_t)-1613174, (int32_t)-43260,
+      (int32_t)-522500);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)6U, (int32_t)-655327, (int32_t)-3122442, (int32_t)2031748,
+      (int32_t)3207046);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)7U, (int32_t)-3556995, (int32_t)-525098, (int32_t)-768622,
+      (int32_t)-3595838);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)8U, (int32_t)342297, (int32_t)286988, (int32_t)-2437823,
+      (int32_t)4108315);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)9U, (int32_t)3437287, (int32_t)-3342277, (int32_t)1735879,
+      (int32_t)203044);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)10U, (int32_t)2842341, (int32_t)2691481, (int32_t)-2590150,
+      (int32_t)1265009);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)11U, (int32_t)4055324, (int32_t)1247620, (int32_t)2486353,
+      (int32_t)1595974);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)12U, (int32_t)-3767016, (int32_t)1250494, (int32_t)2635921,
+      (int32_t)-3548272);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)13U, (int32_t)-2994039, (int32_t)1869119, (int32_t)1903435,
+      (int32_t)-1050970);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)14U, (int32_t)-1333058, (int32_t)1237275, (int32_t)-3318210,
+      (int32_t)-1430225);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)15U, (int32_t)-451100, (int32_t)1312455, (int32_t)3306115,
+      (int32_t)-1962642);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)16U, (int32_t)-1279661, (int32_t)1917081, (int32_t)-2546312,
+      (int32_t)-1374803);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)17U, (int32_t)1500165, (int32_t)777191, (int32_t)2235880,
+      (int32_t)3406031);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)18U, (int32_t)-542412, (int32_t)-2831860, (int32_t)-1671176,
+      (int32_t)-1846953);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)19U, (int32_t)-2584293, (int32_t)-3724270, (int32_t)594136,
+      (int32_t)-3776993);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)20U, (int32_t)-2013608, (int32_t)2432395, (int32_t)2454455,
+      (int32_t)-164721);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)21U, (int32_t)1957272, (int32_t)3369112, (int32_t)185531,
+      (int32_t)-1207385);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)22U, (int32_t)-3183426, (int32_t)162844, (int32_t)1616392,
+      (int32_t)3014001);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)23U, (int32_t)810149, (int32_t)1652634, (int32_t)-3694233,
+      (int32_t)-1799107);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)24U, (int32_t)-3038916, (int32_t)3523897, (int32_t)3866901,
+      (int32_t)269760);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)25U, (int32_t)2213111, (int32_t)-975884, (int32_t)1717735,
+      (int32_t)472078);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)26U, (int32_t)-426683, (int32_t)1723600, (int32_t)-1803090,
+      (int32_t)1910376);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)27U, (int32_t)-1667432, (int32_t)-1104333, (int32_t)-260646,
+      (int32_t)-3833893);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)28U, (int32_t)-2939036, (int32_t)-2235985, (int32_t)-420899,
+      (int32_t)-2286327);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)29U, (int32_t)183443, (int32_t)-976891, (int32_t)1612842,
+      (int32_t)-3545687);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)30U, (int32_t)-554416, (int32_t)3919660, (int32_t)-48306,
+      (int32_t)-1362209);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0_round(
+      re, (size_t)31U, (int32_t)3937738, (int32_t)1400424, (int32_t)-846154,
+      (int32_t)1976782);
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_ntt_ntt(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit re[32U],
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret[32U]) {
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_7(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_6(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_5(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_4(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_3(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_2(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_1(re);
+  libcrux_ml_dsa_simd_portable_ntt_ntt_at_layer_0(re);
+  memcpy(ret, re,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline void libcrux_ml_dsa_simd_portable_ntt_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_units[32U],
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+      copy_of_simd_units[32U];
+  memcpy(copy_of_simd_units, simd_units,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret0[32U];
+  libcrux_ml_dsa_simd_portable_ntt_ntt(copy_of_simd_units, ret0);
+  memcpy(ret, ret0,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_invntt_simd_unit_invert_ntt_at_layer_0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t zeta0, int32_t zeta1, int32_t zeta2, int32_t zeta3) {
+  int32_t a_minus_b = simd_unit.coefficients[1U] - simd_unit.coefficients[0U];
+  simd_unit.coefficients[0U] =
+      simd_unit.coefficients[0U] + simd_unit.coefficients[1U];
+  simd_unit.coefficients[1U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b, zeta0);
+  int32_t a_minus_b0 = simd_unit.coefficients[3U] - simd_unit.coefficients[2U];
+  simd_unit.coefficients[2U] =
+      simd_unit.coefficients[2U] + simd_unit.coefficients[3U];
+  simd_unit.coefficients[3U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b0, zeta1);
+  int32_t a_minus_b1 = simd_unit.coefficients[5U] - simd_unit.coefficients[4U];
+  simd_unit.coefficients[4U] =
+      simd_unit.coefficients[4U] + simd_unit.coefficients[5U];
+  simd_unit.coefficients[5U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b1, zeta2);
+  int32_t a_minus_b2 = simd_unit.coefficients[7U] - simd_unit.coefficients[6U];
+  simd_unit.coefficients[6U] =
+      simd_unit.coefficients[6U] + simd_unit.coefficients[7U];
+  simd_unit.coefficients[7U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b2, zeta3);
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re, size_t index,
+    int32_t zeta0, int32_t zeta1, int32_t zeta2, int32_t zeta3) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+      libcrux_ml_dsa_simd_portable_invntt_simd_unit_invert_ntt_at_layer_0(
+          re[index], zeta0, zeta1, zeta2, zeta3);
+  re[index] = uu____0;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)0U, (int32_t)1976782, (int32_t)-846154, (int32_t)1400424,
+      (int32_t)3937738);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)1U, (int32_t)-1362209, (int32_t)-48306, (int32_t)3919660,
+      (int32_t)-554416);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)2U, (int32_t)-3545687, (int32_t)1612842, (int32_t)-976891,
+      (int32_t)183443);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)3U, (int32_t)-2286327, (int32_t)-420899, (int32_t)-2235985,
+      (int32_t)-2939036);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)4U, (int32_t)-3833893, (int32_t)-260646, (int32_t)-1104333,
+      (int32_t)-1667432);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)5U, (int32_t)1910376, (int32_t)-1803090, (int32_t)1723600,
+      (int32_t)-426683);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)6U, (int32_t)472078, (int32_t)1717735, (int32_t)-975884,
+      (int32_t)2213111);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)7U, (int32_t)269760, (int32_t)3866901, (int32_t)3523897,
+      (int32_t)-3038916);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)8U, (int32_t)-1799107, (int32_t)-3694233, (int32_t)1652634,
+      (int32_t)810149);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)9U, (int32_t)3014001, (int32_t)1616392, (int32_t)162844,
+      (int32_t)-3183426);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)10U, (int32_t)-1207385, (int32_t)185531, (int32_t)3369112,
+      (int32_t)1957272);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)11U, (int32_t)-164721, (int32_t)2454455, (int32_t)2432395,
+      (int32_t)-2013608);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)12U, (int32_t)-3776993, (int32_t)594136, (int32_t)-3724270,
+      (int32_t)-2584293);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)13U, (int32_t)-1846953, (int32_t)-1671176, (int32_t)-2831860,
+      (int32_t)-542412);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)14U, (int32_t)3406031, (int32_t)2235880, (int32_t)777191,
+      (int32_t)1500165);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)15U, (int32_t)-1374803, (int32_t)-2546312, (int32_t)1917081,
+      (int32_t)-1279661);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)16U, (int32_t)-1962642, (int32_t)3306115, (int32_t)1312455,
+      (int32_t)-451100);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)17U, (int32_t)-1430225, (int32_t)-3318210, (int32_t)1237275,
+      (int32_t)-1333058);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)18U, (int32_t)-1050970, (int32_t)1903435, (int32_t)1869119,
+      (int32_t)-2994039);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)19U, (int32_t)-3548272, (int32_t)2635921, (int32_t)1250494,
+      (int32_t)-3767016);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)20U, (int32_t)1595974, (int32_t)2486353, (int32_t)1247620,
+      (int32_t)4055324);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)21U, (int32_t)1265009, (int32_t)-2590150, (int32_t)2691481,
+      (int32_t)2842341);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)22U, (int32_t)203044, (int32_t)1735879, (int32_t)-3342277,
+      (int32_t)3437287);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)23U, (int32_t)4108315, (int32_t)-2437823, (int32_t)286988,
+      (int32_t)342297);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)24U, (int32_t)-3595838, (int32_t)-768622, (int32_t)-525098,
+      (int32_t)-3556995);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)25U, (int32_t)3207046, (int32_t)2031748, (int32_t)-3122442,
+      (int32_t)-655327);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)26U, (int32_t)-522500, (int32_t)-43260, (int32_t)-1613174,
+      (int32_t)495491);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)27U, (int32_t)819034, (int32_t)909542, (int32_t)1859098,
+      (int32_t)900702);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)28U, (int32_t)-3193378, (int32_t)-1197226, (int32_t)-3759364,
+      (int32_t)-3520352);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)29U, (int32_t)3513181, (int32_t)-1235728, (int32_t)2434439,
+      (int32_t)266997);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)30U, (int32_t)-3562462, (int32_t)-2446433, (int32_t)2244091,
+      (int32_t)-3342478);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0_round(
+      re, (size_t)31U, (int32_t)3817976, (int32_t)2316500, (int32_t)3407706,
+      (int32_t)2091667);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_invntt_simd_unit_invert_ntt_at_layer_1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t zeta0, int32_t zeta1) {
+  int32_t a_minus_b = simd_unit.coefficients[2U] - simd_unit.coefficients[0U];
+  simd_unit.coefficients[0U] =
+      simd_unit.coefficients[0U] + simd_unit.coefficients[2U];
+  simd_unit.coefficients[2U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b, zeta0);
+  int32_t a_minus_b0 = simd_unit.coefficients[3U] - simd_unit.coefficients[1U];
+  simd_unit.coefficients[1U] =
+      simd_unit.coefficients[1U] + simd_unit.coefficients[3U];
+  simd_unit.coefficients[3U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b0, zeta0);
+  int32_t a_minus_b1 = simd_unit.coefficients[6U] - simd_unit.coefficients[4U];
+  simd_unit.coefficients[4U] =
+      simd_unit.coefficients[4U] + simd_unit.coefficients[6U];
+  simd_unit.coefficients[6U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b1, zeta1);
+  int32_t a_minus_b2 = simd_unit.coefficients[7U] - simd_unit.coefficients[5U];
+  simd_unit.coefficients[5U] =
+      simd_unit.coefficients[5U] + simd_unit.coefficients[7U];
+  simd_unit.coefficients[7U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b2, zeta1);
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re, size_t index,
+    int32_t zeta_00, int32_t zeta_01) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+      libcrux_ml_dsa_simd_portable_invntt_simd_unit_invert_ntt_at_layer_1(
+          re[index], zeta_00, zeta_01);
+  re[index] = uu____0;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)0U, (int32_t)3839961, (int32_t)-3628969);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)1U, (int32_t)-3881060, (int32_t)-3019102);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)2U, (int32_t)-1439742, (int32_t)-812732);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)3U, (int32_t)-1584928, (int32_t)1285669);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)4U, (int32_t)1341330, (int32_t)1315589);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)5U, (int32_t)-177440, (int32_t)-2409325);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)6U, (int32_t)-1851402, (int32_t)3159746);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)7U, (int32_t)-3553272, (int32_t)189548);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)8U, (int32_t)-1316856, (int32_t)759969);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)9U, (int32_t)-210977, (int32_t)2389356);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)10U, (int32_t)-3249728, (int32_t)1653064);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)11U, (int32_t)-8578, (int32_t)-3724342);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)12U, (int32_t)3958618, (int32_t)904516);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)13U, (int32_t)-1100098, (int32_t)44288);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)14U, (int32_t)3097992, (int32_t)508951);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)15U, (int32_t)264944, (int32_t)-3343383);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)16U, (int32_t)-1430430, (int32_t)1852771);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)17U, (int32_t)1349076, (int32_t)-381987);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)18U, (int32_t)-1308169, (int32_t)-22981);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)19U, (int32_t)-1228525, (int32_t)-671102);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)20U, (int32_t)-2477047, (int32_t)-411027);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)21U, (int32_t)-3693493, (int32_t)-2967645);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)22U, (int32_t)2715295, (int32_t)2147896);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)23U, (int32_t)-983419, (int32_t)3412210);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)24U, (int32_t)126922, (int32_t)-3632928);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)25U, (int32_t)-3157330, (int32_t)-3190144);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)26U, (int32_t)-1000202, (int32_t)-4083598);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)27U, (int32_t)1939314, (int32_t)-1257611);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)28U, (int32_t)-1585221, (int32_t)2176455);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)29U, (int32_t)3475950, (int32_t)-1452451);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)30U, (int32_t)-3041255, (int32_t)-3677745);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1_round(
+      re, (size_t)31U, (int32_t)-1528703, (int32_t)-3930395);
+}
+
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_invntt_simd_unit_invert_ntt_at_layer_2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    int32_t zeta) {
+  int32_t a_minus_b = simd_unit.coefficients[4U] - simd_unit.coefficients[0U];
+  simd_unit.coefficients[0U] =
+      simd_unit.coefficients[0U] + simd_unit.coefficients[4U];
+  simd_unit.coefficients[4U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b, zeta);
+  int32_t a_minus_b0 = simd_unit.coefficients[5U] - simd_unit.coefficients[1U];
+  simd_unit.coefficients[1U] =
+      simd_unit.coefficients[1U] + simd_unit.coefficients[5U];
+  simd_unit.coefficients[5U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b0, zeta);
+  int32_t a_minus_b1 = simd_unit.coefficients[6U] - simd_unit.coefficients[2U];
+  simd_unit.coefficients[2U] =
+      simd_unit.coefficients[2U] + simd_unit.coefficients[6U];
+  simd_unit.coefficients[6U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b1, zeta);
+  int32_t a_minus_b2 = simd_unit.coefficients[7U] - simd_unit.coefficients[3U];
+  simd_unit.coefficients[3U] =
+      simd_unit.coefficients[3U] + simd_unit.coefficients[7U];
+  simd_unit.coefficients[7U] =
+      libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_fe_by_fer(
+          a_minus_b2, zeta);
+  return simd_unit;
+}
+
+static inline void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re, size_t index,
+    int32_t zeta1) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+      libcrux_ml_dsa_simd_portable_invntt_simd_unit_invert_ntt_at_layer_2(
+          re[index], zeta1);
+  re[index] = uu____0;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)0U, (int32_t)-2797779);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)1U, (int32_t)2071892);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)2U, (int32_t)-2556880);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)3U, (int32_t)3900724);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)4U, (int32_t)3881043);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)5U, (int32_t)954230);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)6U, (int32_t)531354);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)7U, (int32_t)811944);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)8U, (int32_t)3699596);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)9U, (int32_t)-1600420);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)10U, (int32_t)-2140649);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)11U, (int32_t)3507263);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)12U, (int32_t)-3821735);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)13U, (int32_t)3505694);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)14U, (int32_t)-1643818);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)15U, (int32_t)-1699267);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)16U, (int32_t)-539299);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)17U, (int32_t)2348700);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)18U, (int32_t)-300467);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)19U, (int32_t)3539968);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)20U, (int32_t)-2867647);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)21U, (int32_t)3574422);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)22U, (int32_t)-3043716);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)23U, (int32_t)-3861115);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)24U, (int32_t)3915439);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)25U, (int32_t)-2537516);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)26U, (int32_t)-3592148);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)27U, (int32_t)-1661693);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)28U, (int32_t)3530437);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)29U, (int32_t)3077325);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)30U, (int32_t)95776);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2_round(
+      re, (size_t)31U, (int32_t)2706023);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 1
+- ZETA= 280005
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_99(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)280005);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 2
+- STEP_BY= 1
+- ZETA= 4010497
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_1c(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)2U; i < (size_t)2U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)4010497);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 4
+- STEP_BY= 1
+- ZETA= -19422
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_6b(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)4U; i < (size_t)4U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-19422);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 6
+- STEP_BY= 1
+- ZETA= 1757237
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_44(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)6U; i < (size_t)6U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)1757237);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 1
+- ZETA= -3277672
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a8(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-3277672);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 10
+- STEP_BY= 1
+- ZETA= -1399561
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_1f(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)10U; i < (size_t)10U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-1399561);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 12
+- STEP_BY= 1
+- ZETA= -3859737
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_95(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)12U; i < (size_t)12U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-3859737);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 14
+- STEP_BY= 1
+- ZETA= -2118186
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3b(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)14U; i < (size_t)14U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2118186);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 1
+- ZETA= -2108549
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2108549);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 18
+- STEP_BY= 1
+- ZETA= 2619752
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_e4(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)18U; i < (size_t)18U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2619752);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 20
+- STEP_BY= 1
+- ZETA= -1119584
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_de(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)20U; i < (size_t)20U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-1119584);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 22
+- STEP_BY= 1
+- ZETA= -549488
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_05(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)22U; i < (size_t)22U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-549488);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 1
+- ZETA= 3585928
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_d9(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)3585928);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 26
+- STEP_BY= 1
+- ZETA= -1079900
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3a(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)26U; i < (size_t)26U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-1079900);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 28
+- STEP_BY= 1
+- ZETA= 1024112
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3b0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)28U; i < (size_t)28U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)1024112);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 30
+- STEP_BY= 1
+- ZETA= 2725464
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)30U; i < (size_t)30U + (size_t)1U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)1U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)1U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2725464);
+    re[j + (size_t)1U] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_3(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_99(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_1c(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_6b(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_44(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a8(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_1f(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_95(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3b(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_e4(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_de(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_05(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_d9(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3a(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3b0(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a0(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 2
+- ZETA= 2680103
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_990(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2680103);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 4
+- STEP_BY= 2
+- ZETA= 3111497
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_6b0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)4U; i < (size_t)4U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)3111497);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 2
+- ZETA= -2884855
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2884855);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 12
+- STEP_BY= 2
+- ZETA= 3119733
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_950(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)12U; i < (size_t)12U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)3119733);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 2
+- ZETA= -2091905
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2091905);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 20
+- STEP_BY= 2
+- ZETA= -359251
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_de0(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)20U; i < (size_t)20U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-359251);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 2
+- ZETA= 2353451
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_d90(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)2353451);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 28
+- STEP_BY= 2
+- ZETA= 1826347
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3b1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)28U; i < (size_t)28U + (size_t)2U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)2U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)2U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)1826347);
+    re[j + (size_t)2U] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_4(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_990(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_6b0(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a80(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_950(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a0(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_de0(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_d90(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_3b1(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 4
+- ZETA= 466468
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_991(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)4U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)4U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)466468);
+    re[j + (size_t)4U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 8
+- STEP_BY= 4
+- ZETA= -876248
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a81(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)8U; i < (size_t)8U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)4U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)4U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-876248);
+    re[j + (size_t)4U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 4
+- ZETA= -777960
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a1(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)4U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)4U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-777960);
+    re[j + (size_t)4U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 24
+- STEP_BY= 4
+- ZETA= 237124
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_d91(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)24U; i < (size_t)24U + (size_t)4U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)4U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)4U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)237124);
+    re[j + (size_t)4U] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_5(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_991(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_a81(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a1(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_d91(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 8
+- ZETA= -518909
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_992(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)8U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)8U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)8U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-518909);
+    re[j + (size_t)8U] = uu____1;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 16
+- STEP_BY= 8
+- ZETA= -2608894
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)16U; i < (size_t)16U + (size_t)8U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)8U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)8U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)-2608894);
+    re[j + (size_t)8U] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_6(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_992(re);
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_7a2(re);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.invntt.outer_3_plus
+with const generics
+- OFFSET= 0
+- STEP_BY= 16
+- ZETA= 25847
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_993(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  for (size_t i = (size_t)0U; i < (size_t)0U + (size_t)16U; i++) {
+    size_t j = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit a_minus_b =
+        libcrux_ml_dsa_simd_portable_arithmetic_subtract(&re[j + (size_t)16U],
+                                                         &re[j]);
+    re[j] = libcrux_ml_dsa_simd_portable_arithmetic_add(&re[j],
+                                                        &re[j + (size_t)16U]);
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____1 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            a_minus_b, (int32_t)25847);
+    re[j + (size_t)16U] = uu____1;
+  }
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_7(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *re) {
+  libcrux_ml_dsa_simd_portable_invntt_outer_3_plus_993(re);
+}
+
+static inline void libcrux_ml_dsa_simd_portable_invntt_invert_ntt_montgomery(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit re[32U],
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret[32U]) {
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_0(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_1(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_2(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_3(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_4(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_5(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_6(re);
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_at_layer_7(re);
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_arithmetic_montgomery_multiply_by_constant(
+            re[i0], (int32_t)41978);
+    re[i0] = uu____0;
+  }
+  memcpy(ret, re,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline void libcrux_ml_dsa_simd_portable_invert_ntt_montgomery_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_units[32U],
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+      copy_of_simd_units[32U];
+  memcpy(copy_of_simd_units, simd_units,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret0[32U];
+  libcrux_ml_dsa_simd_portable_invntt_invert_ntt_montgomery(copy_of_simd_units,
+                                                            ret0);
+  memcpy(ret, ret0,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+}
+
+typedef struct uint8_t_x2_s {
+  uint8_t fst;
+  uint8_t snd;
+} uint8_t_x2;
+
+/**
+A monomorphic instance of K.
+with types uint8_t[4032size_t], uint8_t[1952size_t]
+
+*/
+typedef struct tuple_a0_s {
+  uint8_t fst[4032U];
+  uint8_t snd[1952U];
+} tuple_a0;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.PolynomialRingElement
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+
+*/
+typedef struct libcrux_ml_dsa_polynomial_PolynomialRingElement_9b_s {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_units[32U];
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_9b;
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.ZERO_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_polynomial_ZERO_ff_ba(void) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b lit;
+  lit.simd_units[0U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[1U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[2U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[3U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[4U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[5U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[6U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[7U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[8U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[9U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[10U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[11U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[12U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[13U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[14U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[15U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[16U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[17U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[18U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[19U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[20U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[21U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[22U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[23U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[24U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[25U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[26U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[27U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[28U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[29U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[30U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  lit.simd_units[31U] = libcrux_ml_dsa_simd_portable_ZERO_36();
+  return lit;
+}
+
+typedef struct
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b thd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f3;
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4;
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)24U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice random_bytes = uu____0.f0;
+      if (!done) {
+        Eurydice_slice uu____1 = random_bytes;
+        size_t sampled =
+            libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36(
+                uu____1, Eurydice_array_to_subslice_from(
+                             (size_t)263U, out, sampled_coefficients[0U],
+                             int32_t, size_t));
+        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+        if (sampled_coefficients[0U] >=
+            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+          done = true;
+        }
+      }
+    }
+  }
+  return done;
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
+  core_slice_iter_Chunks array_chunks = core_slice___Slice_T___chunks(
+      array, LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, int32_t,
+      core_slice_iter_Chunks);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_from_coefficient_array_36(
+            core_option__core__option__Option_T__TraitClause_0___unwrap(
+                core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+                    &array_chunks, int32_t, Option_93),
+                Eurydice_slice, Eurydice_slice));
+    result.simd_units[i0] = uu____0;
+  }
+  return result;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+libcrux_ml_dsa_sample_sample_four_ring_elements_ba(uint8_t seed0[34U],
+                                                   uint16_t domain_separator0,
+                                                   uint16_t domain_separator1,
+                                                   uint16_t domain_seperator2,
+                                                   uint16_t domain_separator3) {
+  seed0[32U] = (uint8_t)domain_separator0;
+  seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
+  uint8_t seed1[34U];
+  memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t));
+  seed1[32U] = (uint8_t)domain_separator1;
+  seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
+  uint8_t seed2[34U];
+  memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
+  seed2[32U] = (uint8_t)domain_seperator2;
+  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  uint8_t seed3[34U];
+  memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
+  seed3[32U] = (uint8_t)domain_separator3;
+  seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
+  libcrux_ml_dsa_hash_functions_portable_Shake128X4 state =
+      libcrux_ml_dsa_hash_functions_portable_init_absorb_ed(
+          Eurydice_array_to_slice((size_t)34U, seed0, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed1, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
+  uint8_t randomness0[840U] = {0U};
+  uint8_t randomness1[840U] = {0U};
+  uint8_t randomness2[840U] = {0U};
+  uint8_t randomness3[840U] = {0U};
+  libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
+      &state, randomness0, randomness1, randomness2, randomness3);
+  int32_t coefficients0[263U] = {0U};
+  int32_t coefficients1[263U] = {0U};
+  int32_t coefficients2[263U] = {0U};
+  int32_t coefficients3[263U] = {0U};
+  size_t sampled0 = (size_t)0U;
+  size_t sampled1 = (size_t)0U;
+  size_t sampled2 = (size_t)0U;
+  size_t sampled3 = (size_t)0U;
+  bool done0 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, randomness0, uint8_t),
+          &sampled0, coefficients0);
+  bool done1 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, randomness1, uint8_t),
+          &sampled1, coefficients1);
+  bool done2 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, randomness2, uint8_t),
+          &sampled2, coefficients2);
+  bool done3 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, randomness3, uint8_t),
+          &sampled3, coefficients3);
+  while (true) {
+    if (done0) {
+      if (done1) {
+        if (done2) {
+          if (done3) {
+            break;
+          } else {
+            uint8_t_168size_t__x4 randomnesses =
+                libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                    &state);
+            if (!done0) {
+              done0 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                              uint8_t),
+                      &sampled0, coefficients0);
+            }
+            if (!done1) {
+              done1 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                              uint8_t),
+                      &sampled1, coefficients1);
+            }
+            if (!done2) {
+              done2 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                              uint8_t),
+                      &sampled2, coefficients2);
+            }
+            if (!done3) {
+              done3 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                              uint8_t),
+                      &sampled3, coefficients3);
+            }
+          }
+        } else {
+          uint8_t_168size_t__x4 randomnesses =
+              libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                  &state);
+          if (!done0) {
+            done0 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                            uint8_t),
+                    &sampled0, coefficients0);
+          }
+          if (!done1) {
+            done1 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                            uint8_t),
+                    &sampled1, coefficients1);
+          }
+          if (!done2) {
+            done2 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                            uint8_t),
+                    &sampled2, coefficients2);
+          }
+          if (!done3) {
+            done3 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                            uint8_t),
+                    &sampled3, coefficients3);
+          }
+        }
+      } else {
+        uint8_t_168size_t__x4 randomnesses =
+            libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                &state);
+        if (!done0) {
+          done0 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                          uint8_t),
+                  &sampled0, coefficients0);
+        }
+        if (!done1) {
+          done1 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                          uint8_t),
+                  &sampled1, coefficients1);
+        }
+        if (!done2) {
+          done2 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                          uint8_t),
+                  &sampled2, coefficients2);
+        }
+        if (!done3) {
+          done3 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                          uint8_t),
+                  &sampled3, coefficients3);
+        }
+      }
+    } else {
+      uint8_t_168size_t__x4 randomnesses =
+          libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state);
+      if (!done0) {
+        done0 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                        uint8_t),
+                &sampled0, coefficients0);
+      }
+      if (!done1) {
+        done1 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                        uint8_t),
+                &sampled1, coefficients1);
+      }
+      if (!done2) {
+        done2 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                        uint8_t),
+                &sampled2, coefficients2);
+      }
+      if (!done3) {
+        done3 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
+                &sampled3, coefficients3);
+      }
+    }
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+          Eurydice_array_to_slice((size_t)263U, coefficients0, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+          Eurydice_array_to_slice((size_t)263U, coefficients1, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+          Eurydice_array_to_slice((size_t)263U, coefficients2, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      lit;
+  lit.fst = uu____0;
+  lit.snd = uu____1;
+  lit.thd = uu____2;
+  lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+      Eurydice_array_to_slice((size_t)263U, coefficients3, int32_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.update_matrix
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static inline void libcrux_ml_dsa_samplex4_update_matrix_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*m)[5U], size_t i,
+    size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_9b v) {
+  m[i][j] = v;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_4_by_4
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_4_by_4_2f(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U,
+                                           four_ring_elements.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U,
+                                           four_ring_elements.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U,
+                                           four_ring_elements.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U,
+                                           four_ring_elements.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed0,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U,
+                                           four_ring_elements0.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U,
+                                           four_ring_elements0.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U,
+                                           four_ring_elements0.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U,
+                                           four_ring_elements0.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed1,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U,
+                                           four_ring_elements1.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U,
+                                           four_ring_elements1.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U,
+                                           four_ring_elements1.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U,
+                                           four_ring_elements1.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed2,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U,
+                                           four_ring_elements2.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U,
+                                           four_ring_elements2.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U,
+                                           four_ring_elements2.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U,
+                                           four_ring_elements2.f3);
+  memcpy(ret, A,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_6_by_5
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_2f(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U,
+                                           four_ring_elements.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U,
+                                           four_ring_elements.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U,
+                                           four_ring_elements.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U,
+                                           four_ring_elements.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed0,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)4U,
+                                           four_ring_elements0.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U,
+                                           four_ring_elements0.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U,
+                                           four_ring_elements0.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U,
+                                           four_ring_elements0.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed1,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U,
+                                           four_ring_elements1.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)4U,
+                                           four_ring_elements1.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U,
+                                           four_ring_elements1.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U,
+                                           four_ring_elements1.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed2,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U,
+                                           four_ring_elements2.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U,
+                                           four_ring_elements2.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)4U,
+                                           four_ring_elements2.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U,
+                                           four_ring_elements2.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[34U];
+  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed3,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U,
+                                           four_ring_elements3.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U,
+                                           four_ring_elements3.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U,
+                                           four_ring_elements3.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)4U,
+                                           four_ring_elements3.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed4[34U];
+  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed4,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)0U,
+                                           four_ring_elements4.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)1U,
+                                           four_ring_elements4.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)2U,
+                                           four_ring_elements4.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)3U,
+                                           four_ring_elements4.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed5[34U];
+  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed5,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)4U,
+                                           four_ring_elements5.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)0U,
+                                           four_ring_elements5.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)1U,
+                                           four_ring_elements5.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)2U,
+                                           four_ring_elements5.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed6[34U];
+  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed6,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)3U,
+                                           four_ring_elements6.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)4U,
+                                           four_ring_elements6.snd);
+  memcpy(ret, A,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_8_by_7
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U,
+                                           four_ring_elements.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U,
+                                           four_ring_elements.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U,
+                                           four_ring_elements.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U,
+                                           four_ring_elements.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed0,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)4U,
+                                           four_ring_elements0.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)5U,
+                                           four_ring_elements0.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)6U,
+                                           four_ring_elements0.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U,
+                                           four_ring_elements0.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed1,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U,
+                                           four_ring_elements1.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U,
+                                           four_ring_elements1.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U,
+                                           four_ring_elements1.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)4U,
+                                           four_ring_elements1.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed2,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)5U,
+                                           four_ring_elements2.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)6U,
+                                           four_ring_elements2.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U,
+                                           four_ring_elements2.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U,
+                                           four_ring_elements2.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[34U];
+  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed3,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 5U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U,
+                                           four_ring_elements3.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U,
+                                           four_ring_elements3.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)4U,
+                                           four_ring_elements3.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)5U,
+                                           four_ring_elements3.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed4[34U];
+  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed4,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)6U,
+                                           four_ring_elements4.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U,
+                                           four_ring_elements4.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U,
+                                           four_ring_elements4.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U,
+                                           four_ring_elements4.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed5[34U];
+  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed5,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 6U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U,
+                                           four_ring_elements5.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)4U,
+                                           four_ring_elements5.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)5U,
+                                           four_ring_elements5.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)6U,
+                                           four_ring_elements5.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed6[34U];
+  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed6,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)0U,
+                                           four_ring_elements6.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)1U,
+                                           four_ring_elements6.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)2U,
+                                           four_ring_elements6.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)3U,
+                                           four_ring_elements6.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed7[34U];
+  memcpy(copy_of_seed7, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements7 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed7,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)4U,
+                                           four_ring_elements7.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)5U,
+                                           four_ring_elements7.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)6U,
+                                           four_ring_elements7.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)0U,
+                                           four_ring_elements7.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed8[34U];
+  memcpy(copy_of_seed8, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements8 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed8,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)1U,
+                                           four_ring_elements8.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)2U,
+                                           four_ring_elements8.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)3U,
+                                           four_ring_elements8.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)4U,
+                                           four_ring_elements8.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed9[34U];
+  memcpy(copy_of_seed9, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements9 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed9,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 1U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)5U,
+                                           four_ring_elements9.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)6U,
+                                           four_ring_elements9.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)0U,
+                                           four_ring_elements9.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)1U,
+                                           four_ring_elements9.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed10[34U];
+  memcpy(copy_of_seed10, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements10 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed10,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 2U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 5U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)2U,
+                                           four_ring_elements10.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)3U,
+                                           four_ring_elements10.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)4U,
+                                           four_ring_elements10.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)5U,
+                                           four_ring_elements10.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed11[34U];
+  memcpy(copy_of_seed11, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements11 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed11,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 6U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 0U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 1U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 2U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)6U,
+                                           four_ring_elements11.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)0U,
+                                           four_ring_elements11.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)1U,
+                                           four_ring_elements11.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)2U,
+                                           four_ring_elements11.f3);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed12[34U];
+  memcpy(copy_of_seed12, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four_ring_elements12 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
+          copy_of_seed12,
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 3U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 4U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 5U),
+          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 6U));
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)3U,
+                                           four_ring_elements12.fst);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)4U,
+                                           four_ring_elements12.snd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)5U,
+                                           four_ring_elements12.thd);
+  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)6U,
+                                           four_ring_elements12.f3);
+  memcpy(ret, A,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
+  uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)6U, .snd = (uint8_t)(size_t)5U};
+  switch (uu____0.fst) {
+    case 4U: {
+      switch (uu____0.snd) {
+        case 4U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[34U];
+          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
+          libcrux_ml_dsa_samplex4_matrix_A_4_by_4_2f(copy_of_seed, ret0);
+          memcpy(
+              ret, ret0,
+              (size_t)6U *
+                  sizeof(
+                      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+          return;
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 6U: {
+      switch (uu____0.snd) {
+        case 5U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[34U];
+          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
+          libcrux_ml_dsa_samplex4_matrix_A_6_by_5_2f(copy_of_seed, ret0);
+          memcpy(
+              ret, ret0,
+              (size_t)6U *
+                  sizeof(
+                      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+          return;
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 8U: {
+      switch (uu____0.snd) {
+        case 7U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[34U];
+          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
+          libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f(copy_of_seed, ret0);
+          memcpy(
+              ret, ret0,
+              (size_t)6U *
+                  sizeof(
+                      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+          return;
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    default: {
+    }
+  }
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of K.
+with types libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[6size_t]
+
+*/
+typedef struct tuple_ce_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst[5U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd[6U];
+} tuple_ce;
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_2 with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_2_ba(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice random_bytes = uu____0.f0;
+      if (!done) {
+        Eurydice_slice uu____1 = random_bytes;
+        size_t sampled =
+            libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_2_36(
+                uu____1, Eurydice_array_to_subslice_from(
+                             (size_t)263U, out, sampled_coefficients[0U],
+                             int32_t, size_t));
+        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+        if (sampled_coefficients[0U] >=
+            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+          done = true;
+        }
+      }
+    }
+  }
+  return done;
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_4 with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_4_ba(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  core_slice_iter_Chunks iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
+                                        core_slice_iter_Chunks),
+          core_slice_iter_Chunks, core_slice_iter_Chunks);
+  while (true) {
+    Option_1b uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
+            &iter, uint8_t, Option_1b);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      Eurydice_slice random_bytes = uu____0.f0;
+      if (!done) {
+        Eurydice_slice uu____1 = random_bytes;
+        size_t sampled =
+            libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_4_36(
+                uu____1, Eurydice_array_to_subslice_from(
+                             (size_t)263U, out, sampled_coefficients[0U],
+                             int32_t, size_t));
+        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+        if (sampled_coefficients[0U] >=
+            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+          done = true;
+        }
+      }
+    }
+  }
+  return done;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.rejection_sample_less_than_eta
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ETA= 4
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+    Eurydice_slice randomness, size_t *sampled, int32_t *out) {
+  return libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_4_ba(
+      randomness, sampled, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ETA= 4
+*/
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+    libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+        uint8_t seed_base[66U], uint16_t domain_separator0,
+        uint16_t domain_separator1, uint16_t domain_seperator2,
+        uint16_t domain_separator3) {
+  uint8_t seed0[66U];
+  memcpy(seed0, seed_base, (size_t)66U * sizeof(uint8_t));
+  seed0[64U] = (uint8_t)domain_separator0;
+  seed0[65U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
+  uint8_t seed1[66U];
+  memcpy(seed1, seed0, (size_t)66U * sizeof(uint8_t));
+  seed1[64U] = (uint8_t)domain_separator1;
+  seed1[65U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
+  uint8_t seed2[66U];
+  memcpy(seed2, seed0, (size_t)66U * sizeof(uint8_t));
+  seed2[64U] = (uint8_t)domain_seperator2;
+  seed2[65U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  uint8_t seed3[66U];
+  memcpy(seed3, seed0, (size_t)66U * sizeof(uint8_t));
+  seed3[64U] = (uint8_t)domain_separator3;
+  seed3[65U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
+  libcrux_ml_dsa_hash_functions_portable_Shake256X4 state =
+      libcrux_ml_dsa_hash_functions_portable_init_absorb_x4_50(
+          Eurydice_array_to_slice((size_t)66U, seed0, uint8_t),
+          Eurydice_array_to_slice((size_t)66U, seed1, uint8_t),
+          Eurydice_array_to_slice((size_t)66U, seed2, uint8_t),
+          Eurydice_array_to_slice((size_t)66U, seed3, uint8_t));
+  uint8_t_136size_t__x4 randomnesses0 =
+      libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_x4_50(&state);
+  int32_t out0[263U] = {0U};
+  int32_t out1[263U] = {0U};
+  int32_t out2[263U] = {0U};
+  int32_t out3[263U] = {0U};
+  size_t sampled0 = (size_t)0U;
+  size_t sampled1 = (size_t)0U;
+  size_t sampled2 = (size_t)0U;
+  size_t sampled3 = (size_t)0U;
+  bool done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.fst, uint8_t),
+      &sampled0, out0);
+  bool done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.snd, uint8_t),
+      &sampled1, out1);
+  bool done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.thd, uint8_t),
+      &sampled2, out2);
+  bool done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+      Eurydice_array_to_slice((size_t)136U, randomnesses0.f3, uint8_t),
+      &sampled3, out3);
+  while (true) {
+    if (done0) {
+      if (done1) {
+        if (done2) {
+          if (done3) {
+            break;
+          } else {
+            uint8_t_136size_t__x4 randomnesses =
+                libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4_50(
+                    &state);
+            if (!done0) {
+              done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.fst,
+                                          uint8_t),
+                  &sampled0, out0);
+            }
+            if (!done1) {
+              done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.snd,
+                                          uint8_t),
+                  &sampled1, out1);
+            }
+            if (!done2) {
+              done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.thd,
+                                          uint8_t),
+                  &sampled2, out2);
+            }
+            if (!done3) {
+              done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                  Eurydice_array_to_slice((size_t)136U, randomnesses.f3,
+                                          uint8_t),
+                  &sampled3, out3);
+            }
+          }
+        } else {
+          uint8_t_136size_t__x4 randomnesses =
+              libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4_50(
+                  &state);
+          if (!done0) {
+            done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.fst,
+                                        uint8_t),
+                &sampled0, out0);
+          }
+          if (!done1) {
+            done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.snd,
+                                        uint8_t),
+                &sampled1, out1);
+          }
+          if (!done2) {
+            done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.thd,
+                                        uint8_t),
+                &sampled2, out2);
+          }
+          if (!done3) {
+            done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+                Eurydice_array_to_slice((size_t)136U, randomnesses.f3, uint8_t),
+                &sampled3, out3);
+          }
+        }
+      } else {
+        uint8_t_136size_t__x4 randomnesses =
+            libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4_50(
+                &state);
+        if (!done0) {
+          done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.fst, uint8_t),
+              &sampled0, out0);
+        }
+        if (!done1) {
+          done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.snd, uint8_t),
+              &sampled1, out1);
+        }
+        if (!done2) {
+          done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.thd, uint8_t),
+              &sampled2, out2);
+        }
+        if (!done3) {
+          done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+              Eurydice_array_to_slice((size_t)136U, randomnesses.f3, uint8_t),
+              &sampled3, out3);
+        }
+      }
+    } else {
+      uint8_t_136size_t__x4 randomnesses =
+          libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_x4_50(
+              &state);
+      if (!done0) {
+        done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.fst, uint8_t),
+            &sampled0, out0);
+      }
+      if (!done1) {
+        done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.snd, uint8_t),
+            &sampled1, out1);
+      }
+      if (!done2) {
+        done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.thd, uint8_t),
+            &sampled2, out2);
+      }
+      if (!done3) {
+        done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
+            Eurydice_array_to_slice((size_t)136U, randomnesses.f3, uint8_t),
+            &sampled3, out3);
+      }
+    }
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+          Eurydice_array_to_slice((size_t)263U, out0, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+          Eurydice_array_to_slice((size_t)263U, out1, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 =
+      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+          Eurydice_array_to_slice((size_t)263U, out2, int32_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      lit;
+  lit.fst = uu____0;
+  lit.snd = uu____1;
+  lit.thd = uu____2;
+  lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+      Eurydice_array_to_slice((size_t)263U, out3, int32_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_4_by_4
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+static KRML_MUSTINLINE tuple_ce
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_fe(uint8_t seed_base[66U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base[66U];
+  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base, 0U, 1U, 2U, 3U);
+  s1[0U] = four.fst;
+  s1[1U] = four.snd;
+  s1[2U] = four.thd;
+  s1[3U] = four.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base0[66U];
+  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base0, 4U, 5U, 6U, 7U);
+  s2[0U] = four0.fst;
+  s2[1U] = four0.snd;
+  s2[2U] = four0.thd;
+  s2[3U] = four0.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  tuple_ce lit;
+  memcpy(
+      lit.fst, copy_of_s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.snd, copy_of_s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_5_by_6
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+static KRML_MUSTINLINE tuple_ce
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_5_by_6_fe(uint8_t seed_base[66U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base[66U];
+  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base, 0U, 1U, 2U, 3U);
+  s1[0U] = four.fst;
+  s1[1U] = four.snd;
+  s1[2U] = four.thd;
+  s1[3U] = four.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base0[66U];
+  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base0, 4U, 5U, 6U, 7U);
+  s1[4U] = four0.fst;
+  s2[0U] = four0.snd;
+  s2[1U] = four0.thd;
+  s2[2U] = four0.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base1[66U];
+  memcpy(copy_of_seed_base1, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four1 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base1, 8U, 9U, 10U, 11U);
+  s2[3U] = four1.fst;
+  s2[4U] = four1.snd;
+  s2[5U] = four1.thd;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  tuple_ce lit;
+  memcpy(
+      lit.fst, copy_of_s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.snd, copy_of_s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_7_by_8
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+static KRML_MUSTINLINE tuple_ce
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_fe(uint8_t seed_base[66U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base[66U];
+  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base, 0U, 1U, 2U, 3U);
+  s1[0U] = four.fst;
+  s1[1U] = four.snd;
+  s1[2U] = four.thd;
+  s1[3U] = four.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base0[66U];
+  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base0, 4U, 5U, 6U, 7U);
+  s1[4U] = four0.fst;
+  s1[5U] = four0.snd;
+  s1[6U] = four0.thd;
+  s2[0U] = four0.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base1[66U];
+  memcpy(copy_of_seed_base1, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four1 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base1, 8U, 9U, 10U, 11U);
+  s2[1U] = four1.fst;
+  s2[2U] = four1.snd;
+  s2[3U] = four1.thd;
+  s2[4U] = four1.f3;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed_base2[66U];
+  memcpy(copy_of_seed_base2, seed_base, (size_t)66U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
+      four2 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
+          copy_of_seed_base2, 12U, 13U, 14U, 15U);
+  s2[5U] = four2.fst;
+  s2[6U] = four2.snd;
+  s2[7U] = four2.thd;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  tuple_ce lit;
+  memcpy(
+      lit.fst, copy_of_s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.snd, copy_of_s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ETA= 4
+- S1_DIMENSION= 5
+- S2_DIMENSION= 6
+*/
+static KRML_MUSTINLINE tuple_ce
+libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(uint8_t seed[66U]) {
+  uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)5U, .snd = (uint8_t)(size_t)6U};
+  switch (uu____0.fst) {
+    case 4U: {
+      switch (uu____0.snd) {
+        case 4U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[66U];
+          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_fe(
+              copy_of_seed);
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 5U: {
+      switch (uu____0.snd) {
+        case 6U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[66U];
+          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_5_by_6_fe(
+              copy_of_seed);
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    case 7U: {
+      switch (uu____0.snd) {
+        case 8U: {
+          /* Passing arrays by value in Rust generates a copy in C */
+          uint8_t copy_of_seed[66U];
+          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_fe(
+              copy_of_seed);
+        }
+        default: {
+        }
+      }
+      break;
+    }
+    default: {
+    }
+  }
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Compute InvertNTT(Â ◦ ŝ₁) + s₂
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_As1_plus_s2
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_As1_plus_s2_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*A_as_ntt)[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *s1,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *s2,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "@Array<libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>["
+      "TraitClause@0, TraitClause@1], "
+      "C@1>>[core::marker::Sized<@Array<libcrux_ml_dsa::polynomial::"
+      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1], C@1>>] "
+      "enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+typedef struct
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst[6U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd[6U];
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.power2round_vector
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
+    libcrux_ml_dsa_arithmetic_power2round_vector_07(
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t[6U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
+      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
+      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
+      "enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.verification_key.generate_serialized with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+- ROWS_IN_A= 6
+- VERIFICATION_KEY_SIZE= 1952
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_verification_key_generate_serialized_2f(
+    Eurydice_slice seed_for_A,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U],
+    uint8_t ret[1952U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
+      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
+      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
+      "enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256
+with const generics
+- OUTPUT_LENGTH= 64
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_portable_shake256_24(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake256(
+      Eurydice_array_to_slice((size_t)64U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::portable::Shake256)#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256_5c
+with const generics
+- OUTPUT_LENGTH= 64
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_shake256_5c_24(Eurydice_slice input,
+                                                      uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_portable_shake256_24(input, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.error.serialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ETA= 4
+- OUTPUT_SIZE= 128
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_error_serialize_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re, uint8_t ret[128U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "T@0>[TraitClause@0] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t0.serialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t0_serialize_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re, uint8_t ret[416U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
+      "T@0>[TraitClause@0] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.signing_key.generate_serialized with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2(
+    Eurydice_slice seed_for_A, Eurydice_slice seed_for_signing,
+    Eurydice_slice verification_key,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t0[6U],
+    uint8_t ret[4032U]) {
+  uint8_t signing_key_serialized[4032U] = {0U};
+  size_t offset = (size_t)0U;
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(
+          signing_key_serialized, offset,
+          offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t),
+      seed_for_A, uint8_t);
+  offset = offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE;
+  Eurydice_slice_copy(
+      Eurydice_array_to_subslice2(
+          signing_key_serialized, offset,
+          offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE, uint8_t),
+      seed_for_signing, uint8_t);
+  offset = offset + LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE;
+  uint8_t verification_key_hash[64U] = {0U};
+  libcrux_ml_dsa_hash_functions_portable_shake256_5c_24(verification_key,
+                                                        verification_key_hash);
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+      signing_key_serialized, offset,
+      offset + LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH,
+      uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_slice((size_t)64U, verification_key_hash, uint8_t),
+      uint8_t);
+  offset = offset + LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, s1,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t _cloop_i = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+        &s1[_cloop_i];
+    Eurydice_slice uu____1 = Eurydice_array_to_subslice2(
+        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
+    uint8_t ret0[128U];
+    libcrux_ml_dsa_encoding_error_serialize_ea(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____1, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+    offset = offset + (size_t)128U;
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, s2,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t _cloop_i = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+        &s2[_cloop_i];
+    Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
+        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
+    uint8_t ret0[128U];
+    libcrux_ml_dsa_encoding_error_serialize_ea(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____2, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+    offset = offset + (size_t)128U;
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, t0,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t _cloop_i = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+        &t0[_cloop_i];
+    Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
+        signing_key_serialized, offset,
+        offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE, uint8_t);
+    uint8_t ret0[416U];
+    libcrux_ml_dsa_encoding_t0_serialize_ba(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____3, Eurydice_array_to_slice((size_t)416U, ret0, uint8_t), uint8_t);
+    offset = offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE;
+  }
+  memcpy(ret, signing_key_serialized, (size_t)4032U * sizeof(uint8_t));
+}
+
+/**
+ Generate a key pair.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.generate_key_pair
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+- VERIFICATION_KEY_SIZE= 1952
+*/
+static KRML_MUSTINLINE tuple_a0
+libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(uint8_t randomness[32U]) {
+  uint8_t seed_expanded0[128U] = {0U};
+  libcrux_sha3_portable_incremental_Shake256Xof shake =
+      libcrux_ml_dsa_hash_functions_portable_init_83();
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake, Eurydice_array_to_slice((size_t)32U, randomness, uint8_t));
+  uint8_t buf[2U] = {(uint8_t)(size_t)6U, (uint8_t)(size_t)5U};
+  libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+      &shake, Eurydice_array_to_slice((size_t)2U, buf, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+      &shake, Eurydice_array_to_slice((size_t)128U, seed_expanded0, uint8_t));
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)128U, seed_expanded0, uint8_t),
+      LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_a = uu____0.fst;
+  Eurydice_slice seed_expanded = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      seed_expanded, LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_ERROR_VECTORS_SIZE,
+      uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_error_vectors = uu____1.fst;
+  Eurydice_slice seed_for_signing = uu____1.snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b a_as_ntt[6U][5U];
+  uint8_t ret[34U];
+  libcrux_ml_dsa_utils_into_padded_array_b6(seed_for_a, ret);
+  libcrux_ml_dsa_samplex4_matrix_A_2f(ret, a_as_ntt);
+  uint8_t ret0[66U];
+  libcrux_ml_dsa_utils_into_padded_array_20(seed_for_error_vectors, ret0);
+  tuple_ce uu____2 = libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(ret0);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U];
+  memcpy(
+      s1, uu____2.fst,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U];
+  memcpy(
+      s2, uu____2.snd,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t[6U];
+  libcrux_ml_dsa_matrix_compute_As1_plus_s2_2f(a_as_ntt, s1, s2, t);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t[6U];
+  memcpy(
+      copy_of_t, t,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
+      uu____4 = libcrux_ml_dsa_arithmetic_power2round_vector_07(copy_of_t);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t0[6U];
+  memcpy(
+      t0, uu____4.fst,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U];
+  memcpy(
+      t1, uu____4.snd,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  Eurydice_slice uu____5 = seed_for_a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t1[6U];
+  memcpy(
+      copy_of_t1, t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  uint8_t verification_key_serialized[1952U];
+  libcrux_ml_dsa_encoding_verification_key_generate_serialized_2f(
+      uu____5, copy_of_t1, verification_key_serialized);
+  Eurydice_slice uu____7 = seed_for_a;
+  Eurydice_slice uu____8 = seed_for_signing;
+  Eurydice_slice uu____9 = Eurydice_array_to_slice(
+      (size_t)1952U, verification_key_serialized, uint8_t);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2[6U];
+  memcpy(
+      copy_of_s2, s2,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t0[6U];
+  memcpy(
+      copy_of_t0, t0,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  uint8_t signing_key_serialized[4032U];
+  libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2(
+      uu____7, uu____8, uu____9, copy_of_s1, copy_of_s2, copy_of_t0,
+      signing_key_serialized);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_signing_key_serialized[4032U];
+  memcpy(copy_of_signing_key_serialized, signing_key_serialized,
+         (size_t)4032U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_verification_key_serialized[1952U];
+  memcpy(copy_of_verification_key_serialized, verification_key_serialized,
+         (size_t)1952U * sizeof(uint8_t));
+  tuple_a0 lit;
+  memcpy(lit.fst, copy_of_signing_key_serialized,
+         (size_t)4032U * sizeof(uint8_t));
+  memcpy(lit.snd, copy_of_verification_key_serialized,
+         (size_t)1952U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+ Generate key pair.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.generate_key_pair with
+const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+- VERIFICATION_KEY_SIZE= 1952
+*/
+static inline tuple_a0
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_generate_key_pair_52(
+    uint8_t randomness[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(copy_of_randomness);
+}
+
+/**
+ Generate an ML-DSA-65 Key Pair
+*/
+static inline libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair
+libcrux_ml_dsa_ml_dsa_65_portable_generate_key_pair(uint8_t randomness[32U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  tuple_a0 uu____1 =
+      libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_generate_key_pair_52(
+          copy_of_randomness);
+  uint8_t signing_key[4032U];
+  memcpy(signing_key, uu____1.fst, (size_t)4032U * sizeof(uint8_t));
+  uint8_t verification_key[1952U];
+  memcpy(verification_key, uu____1.snd, (size_t)1952U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_signing_key[4032U];
+  memcpy(copy_of_signing_key, signing_key, (size_t)4032U * sizeof(uint8_t));
+  libcrux_ml_dsa_types_MLDSASigningKey_22 uu____3 =
+      libcrux_ml_dsa_types_new_9b_09(copy_of_signing_key);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_verification_key[1952U];
+  memcpy(copy_of_verification_key, verification_key,
+         (size_t)1952U * sizeof(uint8_t));
+  libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair lit;
+  lit.signing_key = uu____3;
+  lit.verification_key =
+      libcrux_ml_dsa_types_new_66_97(copy_of_verification_key);
+  return lit;
+}
+
+/**
+A monomorphic instance of core.option.Option
+with types libcrux_ml_dsa_pre_hash_DomainSeparationContext
+
+*/
+typedef struct Option_84_s {
+  Option_08_tags tag;
+  libcrux_ml_dsa_pre_hash_DomainSeparationContext f0;
+} Option_84;
+
+/**
+ The internal signing API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+    uint8_t *signing_key, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t randomness[32U]) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"TODO: TraitTypes "
+      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
+      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
+      "TraitClause@1]::Residual\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_3f){.tag = None}));
+  Result_2e uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
+        domain_separation_context;
+    uint8_t *uu____2 = signing_key;
+    Eurydice_slice uu____3 = message;
+    Option_84 uu____4 = {.tag = Some, .f0 = domain_separation_context0};
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_randomness[32U];
+    memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+        uu____2, uu____3, uu____4, copy_of_randomness);
+  } else {
+    uu____1 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+  }
+  return uu____1;
+}
+
+/**
+ Sign.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.sign with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_sign_05(uu____0, uu____1, uu____2,
+                                               copy_of_randomness);
+}
+
+/**
+ Generate an ML-DSA-65 Signature
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+static inline Result_2e libcrux_ml_dsa_ml_dsa_65_portable_sign(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
+    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4,
+libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
+- PH_DIGEST_LEN= 256
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_2e
+libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key,
+                                                 Eurydice_slice message,
+                                                 Eurydice_slice context,
+                                                 uint8_t randomness[32U]) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "Eurydice error: Failure(\"expression_of_operand Constant: "
+                    "TraitClause@13OID\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Sign (pre-hashed).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.sign_pre_hashed_shake128
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_65_portable_sign_pre_hashed_shake128(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
+    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ The internal verification API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+static KRML_MUSTINLINE Result_41
+libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t *signature_serialized) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"TODO: TraitTypes "
+      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
+      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
+      "TraitClause@1]::Residual\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Eurydice_slice context, uint8_t *signature_serialized) {
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_3f){.tag = None}));
+  Result_41 uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
+        domain_separation_context;
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+        verification_key_serialized, message,
+        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context0}),
+        signature_serialized);
+  } else {
+    uu____1 = (CLITERAL(Result_41){
+        .tag = Err,
+        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
+  }
+  return uu____1;
+}
+
+/**
+ Verify.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.verify with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_01(
+    uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_verify_99(verification_key, message,
+                                                 context, signature);
+}
+
+/**
+ Verify an ML-DSA-65 Signature
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+static inline Result_41 libcrux_ml_dsa_ml_dsa_65_portable_verify(
+    libcrux_ml_dsa_types_MLDSAVerificationKey_ea *verification_key,
+    Eurydice_slice message, Eurydice_slice context,
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_01(
+      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_pre_hashed
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
+- PH_DIGEST_LEN= 256
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+static KRML_MUSTINLINE Result_41
+libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Eurydice_slice context, uint8_t *signature_serialized) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "Eurydice error: Failure(\"expression_of_operand Constant: "
+                    "TraitClause@11OID\")\n");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Verify (pre-hashed with SHAKE-128).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.verify_pre_hashed_shake128
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_pre_hashed_shake128_01(
+    uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae(
+      verification_key, message, context, signature);
+}
+
+/**
+ Verify a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+static inline Result_41
+libcrux_ml_dsa_ml_dsa_65_portable_verify_pre_hashed_shake128(
+    libcrux_ml_dsa_types_MLDSAVerificationKey_ea *verification_key,
+    Eurydice_slice message, Eurydice_slice context,
+    libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_pre_hashed_shake128_01(
+      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+}
+
+/**
+ Returns the pre-hash OID, if any.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline Option_3f libcrux_ml_dsa_pre_hash_pre_hash_oid_45(
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext *self) {
+  return self->pre_hash_oid;
+}
+
+/**
+ Returns the context, guaranteed to be at most 255 bytes long.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline Eurydice_slice libcrux_ml_dsa_pre_hash_context_45(
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext *self) {
+  return self->context;
+}
+
+#define LIBCRUX_ML_DSA_PRE_HASH_PRE_HASH_OID_LEN ((size_t)11U)
+
+typedef uint8_t libcrux_ml_dsa_pre_hash_PreHashOID[11U];
+
+/**
+This function found in impl
+{(core::convert::From<libcrux_ml_dsa::pre_hash::DomainSeparationError> for
+libcrux_ml_dsa::types::SigningError)#2}
+*/
+static inline libcrux_ml_dsa_types_SigningError libcrux_ml_dsa_pre_hash_from_4b(
+    libcrux_ml_dsa_pre_hash_DomainSeparationError e) {
+  return libcrux_ml_dsa_types_ContextTooLongError;
+}
+
+/**
+This function found in impl
+{(core::convert::From<libcrux_ml_dsa::pre_hash::DomainSeparationError> for
+libcrux_ml_dsa::types::VerificationError)#3}
+*/
+static inline libcrux_ml_dsa_types_VerificationError
+libcrux_ml_dsa_pre_hash_from_b6(
+    libcrux_ml_dsa_pre_hash_DomainSeparationError e) {
+  return libcrux_ml_dsa_types_VerificationContextTooLongError;
+}
+
+static const uint8_t
+    libcrux_ml_dsa_pre_hash___libcrux_ml_dsa__pre_hash__PreHash_256__usize__for_libcrux_ml_dsa__pre_hash__SHAKE128_PH___OID
+        [11U] = {6U, 9U, 96U, 134U, 72U, 1U, 101U, 3U, 4U, 2U, 11U};
+
+static KRML_MUSTINLINE bool libcrux_ml_dsa_sample_inside_out_shuffle(
+    Eurydice_slice randomness, size_t *out_index, uint64_t *signs,
+    int32_t *result) {
+  bool done = false;
+  core_slice_iter_Iter iter =
+      core_slice_iter___core__iter__traits__collect__IntoIterator_for___a___Slice_T____1__into_iter(
+          randomness, uint8_t, core_slice_iter_Iter);
+  while (true) {
+    Option_3f uu____0 =
+        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Iter__a__T__TraitClause_0___182__next(
+            &iter, uint8_t, Option_3f);
+    if (uu____0.tag == None) {
+      break;
+    } else {
+      uint8_t *byte = uu____0.f0;
+      if (!done) {
+        size_t sample_at = (size_t)byte[0U];
+        if (sample_at <= out_index[0U]) {
+          result[out_index[0U]] = result[sample_at];
+          out_index[0U] = out_index[0U] + (size_t)1U;
+          result[sample_at] =
+              (int32_t)1 - (int32_t)2 * (int32_t)(signs[0U] & 1ULL);
+          signs[0U] = signs[0U] >> 1U;
+          size_t uu____1 = out_index[0U];
+          done = uu____1 ==
+                 Eurydice_slice_len(
+                     Eurydice_array_to_slice((size_t)256U, result, int32_t),
+                     int32_t);
+        } else {
+          size_t uu____2 = out_index[0U];
+          done = uu____2 ==
+                 Eurydice_slice_len(
+                     Eurydice_array_to_slice((size_t)256U, result, int32_t),
+                     int32_t);
+        }
+      }
+    }
+  }
+  return done;
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_update_seed(
+    uint8_t seed[66U], uint16_t *domain_separator, uint8_t ret[66U]) {
+  seed[64U] = (uint8_t)domain_separator[0U];
+  seed[65U] = (uint8_t)((uint32_t)domain_separator[0U] >> 8U);
+  domain_separator[0U] = (uint32_t)domain_separator[0U] + 1U;
+  memcpy(ret, seed, (size_t)66U * sizeof(uint8_t));
+}
+
+typedef struct int32_t_x2_s {
+  int32_t fst;
+  int32_t snd;
+} int32_t_x2;
+
+static KRML_MUSTINLINE int32_t_x2
+libcrux_ml_dsa_simd_portable_arithmetic_power2round_element(int32_t t) {
+  int32_t t2 = t + (t >> 31U & LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  int32_t t1 =
+      (t2 - (int32_t)1 +
+       ((int32_t)1
+        << (uint32_t)(LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T -
+                      (size_t)1U))) >>
+      (uint32_t)LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T;
+  int32_t t0 =
+      t2 - (t1 << (uint32_t)LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T);
+  return (CLITERAL(int32_t_x2){.fst = t0, .snd = t1});
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_4_ETA \
+  ((int32_t)4)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA \
+  ((int32_t)4)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
+  ((int32_t)1 << 17U)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK \
+  ((LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1                     \
+    << 1U) -                                                                                                    \
+   (int32_t)1)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
+  ((int32_t)1 << 19U)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1_TIMES_2_BITMASK \
+  ((LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1                     \
+    << 1U) -                                                                                                    \
+   (int32_t)1)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
+  ((int32_t)1 << 17U)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
+  ((int32_t)1 << 19U)
+
+/**
+This function found in impl {(core::clone::Clone for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_vector_type_clone_ae(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *self) {
+  return self[0U];
+}
+
+/**
+This function found in impl {(core::fmt::Debug for
+libcrux_ml_dsa::types::SigningError)#7}
+*/
+static inline Result_a9 libcrux_ml_dsa_types_fmt_16(
+    libcrux_ml_dsa_types_SigningError *self, core_fmt_Formatter *f) {
+  core_fmt_Formatter *uu____0 = f;
+  Prims_string uu____1;
+  switch (self[0U]) {
+    case libcrux_ml_dsa_types_RejectionSamplingError: {
+      uu____1 = "RejectionSamplingError";
+      break;
+    }
+    case libcrux_ml_dsa_types_ContextTooLongError: {
+      uu____1 = "ContextTooLongError";
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
+                        __LINE__);
+      KRML_HOST_EXIT(253U);
+    }
+  }
+  return core_fmt__core__fmt__Formatter__a__9__write_str(uu____0, uu____1);
+}
+
+/**
+This function found in impl {(core::fmt::Debug for
+libcrux_ml_dsa::types::VerificationError)#6}
+*/
+static inline Result_a9 libcrux_ml_dsa_types_fmt_7e(
+    libcrux_ml_dsa_types_VerificationError *self, core_fmt_Formatter *f) {
+  core_fmt_Formatter *uu____0 = f;
+  Prims_string uu____1;
+  switch (self[0U]) {
+    case libcrux_ml_dsa_types_MalformedHintError: {
+      uu____1 = "MalformedHintError";
+      break;
+    }
+    case libcrux_ml_dsa_types_SignerResponseExceedsBoundError: {
+      uu____1 = "SignerResponseExceedsBoundError";
+      break;
+    }
+    case libcrux_ml_dsa_types_CommitmentHashesDontMatchError: {
+      uu____1 = "CommitmentHashesDontMatchError";
+      break;
+    }
+    case libcrux_ml_dsa_types_VerificationContextTooLongError: {
+      uu____1 = "VerificationContextTooLongError";
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
+                        __LINE__);
+      KRML_HOST_EXIT(253U);
+    }
+  }
+  return core_fmt__core__fmt__Formatter__a__9__write_str(uu____0, uu____1);
+}
+
+typedef int32_t libcrux_ml_dsa_simd_traits_FieldElementTimesMontgomeryR;
+
+typedef int32_t libcrux_ml_dsa_simd_portable_vector_type_FieldElement;
+
+typedef Result_a8 libcrux_ml_dsa_pre_hash_PreHashResult;
+
+typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s {
+} libcrux_ml_dsa_hash_functions_portable_Shake128;
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __libcrux_mldsa65_portable_H_DEFINED
+#endif
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
new file mode 100644
index 000000000..3c2909209
--- /dev/null
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -0,0 +1,2571 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ *
+ * This code was generated with the following revisions:
+ * Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+ * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+ * F*: b0961063393215ca65927f017720cb365a193833-dirty
+ * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ */
+
+#ifndef __libcrux_sha3_avx2_H
+#define __libcrux_sha3_avx2_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include "eurydice_glue.h"
+#include "intrinsics/libcrux_intrinsics_avx2.h"
+#include "libcrux_core.h"
+#include "libcrux_sha3_portable.h"
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_zero_ef(void) {
+  return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veor5q_u64(
+    __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d);
+  __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd);
+  return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor5_ef(
+    __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) {
+  return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 1
+- RIGHT= 63
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_76(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a,
+                                                                  __m256i b) {
+  __m256i uu____0 = a;
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      uu____0, libcrux_sha3_simd_avx2_rotate_left_76(b));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vrax1q_u64(a, b);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vbcaxq_u64(__m256i a,
+                                                                  __m256i b,
+                                                                  __m256i c) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) {
+  return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a,
+                                                                   uint64_t c) {
+  __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c);
+  return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_constant_ef(__m256i a, uint64_t c) {
+  return libcrux_sha3_simd_avx2__veorq_n_u64(a, c);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor_ef(__m256i a,
+                                                             __m256i b) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4(
+    Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) {
+  ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t);
+  ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t);
+  ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t);
+  ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef(
+    Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_a[4U];
+  memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice ret0[4U];
+  libcrux_sha3_simd_avx2_slice_4(copy_of_a, start, len, ret0);
+  memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice));
+}
+
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2
+libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) {
+  Eurydice_slice out0 = out[0U];
+  Eurydice_slice out1 = out[1U];
+  Eurydice_slice out2 = out[2U];
+  Eurydice_slice out3 = out[3U];
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut(
+      out0, mid, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice out00 = uu____0.fst;
+  Eurydice_slice out01 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut(
+      out1, mid, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice out10 = uu____1.fst;
+  Eurydice_slice out11 = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut(
+      out2, mid, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice out20 = uu____2.fst;
+  Eurydice_slice out21 = uu____2.snd;
+  Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut(
+      out3, mid, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice out30 = uu____3.fst;
+  Eurydice_slice out31 = uu____3.snd;
+  Eurydice_slice_uint8_t_4size_t__x2 lit;
+  lit.fst[0U] = out00;
+  lit.fst[1U] = out10;
+  lit.fst[2U] = out20;
+  lit.fst[3U] = out30;
+  lit.snd[0U] = out01;
+  lit.snd[1U] = out11;
+  lit.snd[2U] = out21;
+  lit.snd[3U] = out31;
+  return lit;
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2
+libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) {
+  return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
+with types core_core_arch_x86___m256i
+with const generics
+- $4size_t
+*/
+typedef struct libcrux_sha3_generic_keccak_KeccakState_55_s {
+  __m256i st[5U][5U];
+} libcrux_sha3_generic_keccak_KeccakState_55;
+
+typedef libcrux_sha3_generic_keccak_KeccakState_55
+    libcrux_sha3_avx2_x4_incremental_KeccakState;
+
+/**
+ Create a new Shake128 x4 state.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
+N>[TraitClause@0, TraitClause@1]#1}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.new_89
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_55
+libcrux_sha3_generic_keccak_new_89_a6(void) {
+  libcrux_sha3_generic_keccak_KeccakState_55 lit;
+  lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef();
+  lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef();
+  return lit;
+}
+
+/**
+ Initialise the [`KeccakState`].
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_55
+libcrux_sha3_avx2_x4_incremental_init(void) {
+  return libcrux_sha3_generic_keccak_new_89_a6();
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block
+with const generics
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_3a(
+    __m256i (*s)[5U], Eurydice_slice blocks[4U]) {
+  for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) {
+    size_t i0 = i;
+    __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10);
+    __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10);
+    __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30);
+    __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30);
+    __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32, v0l, v2l, __m256i);
+    __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32, v1h, v3h, __m256i);
+    __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49, v0l, v2l, __m256i);
+    __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49, v1h, v3h, __m256i);
+    s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] =
+        libcrux_intrinsics_avx2_mm256_xor_si256(
+            s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0);
+    s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+     [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] =
+         libcrux_intrinsics_avx2_mm256_xor_si256(
+             s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+              [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+             v1);
+    s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+     [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] =
+         libcrux_intrinsics_avx2_mm256_xor_si256(
+             s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+              [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
+             v2);
+    s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+     [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] =
+         libcrux_intrinsics_avx2_mm256_xor_si256(
+             s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+              [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+             v3);
+  }
+  size_t rem = (size_t)168U % (size_t)32U;
+  size_t start = (size_t)32U * ((size_t)168U / (size_t)32U);
+  uint8_t u8s[32U] = {0U};
+  Eurydice_slice uu____0 =
+      Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____1 =
+      Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t);
+  Eurydice_slice_copy(
+      uu____1,
+      Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____2 =
+      Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t);
+  Eurydice_slice_copy(
+      uu____2,
+      Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____3 =
+      Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t);
+  Eurydice_slice_copy(
+      uu____3,
+      Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+      core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t,
+                                            Eurydice_slice));
+  size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U;
+  size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U;
+  s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u);
+  if (rem == (size_t)16U) {
+    uint8_t u8s0[32U] = {0U};
+    Eurydice_slice uu____4 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t);
+    Eurydice_slice_copy(uu____4,
+                        Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    Eurydice_slice uu____5 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t);
+    Eurydice_slice_copy(uu____5,
+                        Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    Eurydice_slice uu____6 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t);
+    Eurydice_slice_copy(uu____6,
+                        Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    Eurydice_slice uu____7 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t);
+    Eurydice_slice_copy(uu____7,
+                        Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t,
+                                              Eurydice_slice));
+    size_t i =
+        ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U;
+    size_t j =
+        ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U;
+    s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full
+with const generics
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_3a(
+    __m256i (*s)[5U], uint8_t blocks[4U][200U]) {
+  Eurydice_slice buf[4U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t),
+      Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t),
+      Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t),
+      Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)};
+  libcrux_sha3_simd_avx2_load_block_3a(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef
+with const generics
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_3a(
+    __m256i (*a)[5U], uint8_t b[4U][200U]) {
+  __m256i(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[4U][200U];
+  memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U]));
+  libcrux_sha3_simd_avx2_load_block_full_3a(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 36
+- RIGHT= 28
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_02(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 36
+- RIGHT= 28
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_02(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_02(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 36
+- RIGHT= 28
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_02(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_02(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 3
+- RIGHT= 61
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_ac(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 3
+- RIGHT= 61
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_ac(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_ac(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 3
+- RIGHT= 61
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_ac(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_ac(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 41
+- RIGHT= 23
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_020(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 41
+- RIGHT= 23
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2__vxarq_u64_020(__m256i a, __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_020(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 41
+- RIGHT= 23
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_020(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_020(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 18
+- RIGHT= 46
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_a9(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 18
+- RIGHT= 46
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_a9(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_a9(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 18
+- RIGHT= 46
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_a9(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_a9(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 1
+- RIGHT= 63
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_76(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_76(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 1
+- RIGHT= 63
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_76(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_76(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 44
+- RIGHT= 20
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 44
+- RIGHT= 20
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_58(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_58(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 44
+- RIGHT= 20
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_58(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_58(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 10
+- RIGHT= 54
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_e0(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 10
+- RIGHT= 54
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_e0(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_e0(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 10
+- RIGHT= 54
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_e0(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_e0(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 45
+- RIGHT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_63(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 45
+- RIGHT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_63(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_63(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 45
+- RIGHT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_63(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_63(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 2
+- RIGHT= 62
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_6a(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 2
+- RIGHT= 62
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_6a(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_6a(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 2
+- RIGHT= 62
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_6a(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_6a(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 62
+- RIGHT= 2
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_ab(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 62
+- RIGHT= 2
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_ab(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_ab(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 62
+- RIGHT= 2
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_ab(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_ab(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 6
+- RIGHT= 58
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_5b(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 6
+- RIGHT= 58
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_5b(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_5b(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 6
+- RIGHT= 58
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_5b(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_5b(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 43
+- RIGHT= 21
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_6f(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 43
+- RIGHT= 21
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_6f(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_6f(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 43
+- RIGHT= 21
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_6f(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_6f(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 15
+- RIGHT= 49
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_62(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 15
+- RIGHT= 49
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_62(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_62(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 15
+- RIGHT= 49
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_62(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_62(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 61
+- RIGHT= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_23(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 61
+- RIGHT= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_23(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_23(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 61
+- RIGHT= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_23(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_23(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 28
+- RIGHT= 36
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_37(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 28
+- RIGHT= 36
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_37(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_37(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 28
+- RIGHT= 36
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_37(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_37(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 55
+- RIGHT= 9
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_bb(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 55
+- RIGHT= 9
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_bb(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_bb(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 55
+- RIGHT= 9
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_bb(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_bb(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 25
+- RIGHT= 39
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_b9(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 25
+- RIGHT= 39
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_b9(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_b9(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 25
+- RIGHT= 39
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_b9(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_b9(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 21
+- RIGHT= 43
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_54(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 21
+- RIGHT= 43
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_54(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_54(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 21
+- RIGHT= 43
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_54(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_54(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 56
+- RIGHT= 8
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_4c(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 56
+- RIGHT= 8
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_4c(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_4c(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 56
+- RIGHT= 8
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_4c(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_4c(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 27
+- RIGHT= 37
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_ce(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 27
+- RIGHT= 37
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_ce(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_ce(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 27
+- RIGHT= 37
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_ce(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_ce(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 20
+- RIGHT= 44
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_77(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 20
+- RIGHT= 44
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_77(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_77(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 20
+- RIGHT= 44
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_77(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_77(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 39
+- RIGHT= 25
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_25(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 39
+- RIGHT= 25
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_25(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_25(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 39
+- RIGHT= 25
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_25(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_25(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 8
+- RIGHT= 56
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_af(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 8
+- RIGHT= 56
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_af(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_af(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 8
+- RIGHT= 56
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_af(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_af(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left
+with const generics
+- LEFT= 14
+- RIGHT= 50
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_rotate_left_fd(__m256i x) {
+  return libcrux_intrinsics_avx2_mm256_xor_si256(
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i),
+      libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i));
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64
+with const generics
+- LEFT= 14
+- RIGHT= 50
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_fd(__m256i a,
+                                                                    __m256i b) {
+  __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b);
+  return libcrux_sha3_simd_avx2_rotate_left_fd(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef
+with const generics
+- LEFT= 14
+- RIGHT= 50
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_sha3_simd_avx2_xor_and_rotate_ef_fd(__m256i a, __m256i b) {
+  return libcrux_sha3_simd_avx2__vxarq_u64_fd(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
+  __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U],
+                                                  s->st[2U][0U], s->st[3U][0U],
+                                                  s->st[4U][0U]),
+                   libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U],
+                                                  s->st[2U][1U], s->st[3U][1U],
+                                                  s->st[4U][1U]),
+                   libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U],
+                                                  s->st[2U][2U], s->st[3U][2U],
+                                                  s->st[4U][2U]),
+                   libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U],
+                                                  s->st[2U][3U], s->st[3U][3U],
+                                                  s->st[4U][3U]),
+                   libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U],
+                                                  s->st[2U][4U], s->st[3U][4U],
+                                                  s->st[4U][4U])};
+  __m256i uu____0 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(
+      c[((size_t)0U + (size_t)4U) % (size_t)5U],
+      c[((size_t)0U + (size_t)1U) % (size_t)5U]);
+  __m256i uu____1 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(
+      c[((size_t)1U + (size_t)4U) % (size_t)5U],
+      c[((size_t)1U + (size_t)1U) % (size_t)5U]);
+  __m256i uu____2 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(
+      c[((size_t)2U + (size_t)4U) % (size_t)5U],
+      c[((size_t)2U + (size_t)1U) % (size_t)5U]);
+  __m256i uu____3 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(
+      c[((size_t)3U + (size_t)4U) % (size_t)5U],
+      c[((size_t)3U + (size_t)1U) % (size_t)5U]);
+  __m256i t[5U] = {uu____0, uu____1, uu____2, uu____3,
+                   libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(
+                       c[((size_t)4U + (size_t)4U) % (size_t)5U],
+                       c[((size_t)4U + (size_t)1U) % (size_t)5U])};
+  s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]);
+  s->st[1U][0U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_02(s->st[1U][0U], t[0U]);
+  s->st[2U][0U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_ac(s->st[2U][0U], t[0U]);
+  s->st[3U][0U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_020(s->st[3U][0U], t[0U]);
+  s->st[4U][0U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_a9(s->st[4U][0U], t[0U]);
+  s->st[0U][1U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_76(s->st[0U][1U], t[1U]);
+  s->st[1U][1U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_58(s->st[1U][1U], t[1U]);
+  s->st[2U][1U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_e0(s->st[2U][1U], t[1U]);
+  s->st[3U][1U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_63(s->st[3U][1U], t[1U]);
+  s->st[4U][1U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_6a(s->st[4U][1U], t[1U]);
+  s->st[0U][2U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_ab(s->st[0U][2U], t[2U]);
+  s->st[1U][2U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_5b(s->st[1U][2U], t[2U]);
+  s->st[2U][2U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_6f(s->st[2U][2U], t[2U]);
+  s->st[3U][2U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_62(s->st[3U][2U], t[2U]);
+  s->st[4U][2U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_23(s->st[4U][2U], t[2U]);
+  s->st[0U][3U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_37(s->st[0U][3U], t[3U]);
+  s->st[1U][3U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_bb(s->st[1U][3U], t[3U]);
+  s->st[2U][3U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_b9(s->st[2U][3U], t[3U]);
+  s->st[3U][3U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_54(s->st[3U][3U], t[3U]);
+  s->st[4U][3U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_4c(s->st[4U][3U], t[3U]);
+  s->st[0U][4U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_ce(s->st[0U][4U], t[4U]);
+  s->st[1U][4U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_77(s->st[1U][4U], t[4U]);
+  s->st[2U][4U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_25(s->st[2U][4U], t[4U]);
+  s->st[3U][4U] =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_af(s->st[3U][4U], t[4U]);
+  __m256i uu____27 =
+      libcrux_sha3_simd_avx2_xor_and_rotate_ef_fd(s->st[4U][4U], t[4U]);
+  s->st[4U][4U] = uu____27;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.pi
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
+  __m256i old[5U][5U];
+  memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U]));
+  s->st[0U][1U] = old[1U][1U];
+  s->st[0U][2U] = old[2U][2U];
+  s->st[0U][3U] = old[3U][3U];
+  s->st[0U][4U] = old[4U][4U];
+  s->st[1U][0U] = old[0U][3U];
+  s->st[1U][1U] = old[1U][4U];
+  s->st[1U][2U] = old[2U][0U];
+  s->st[1U][3U] = old[3U][1U];
+  s->st[1U][4U] = old[4U][2U];
+  s->st[2U][0U] = old[0U][1U];
+  s->st[2U][1U] = old[1U][2U];
+  s->st[2U][2U] = old[2U][3U];
+  s->st[2U][3U] = old[3U][4U];
+  s->st[2U][4U] = old[4U][0U];
+  s->st[3U][0U] = old[0U][4U];
+  s->st[3U][1U] = old[1U][0U];
+  s->st[3U][2U] = old[2U][1U];
+  s->st[3U][3U] = old[3U][2U];
+  s->st[3U][4U] = old[4U][3U];
+  s->st[4U][0U] = old[0U][2U];
+  s->st[4U][1U] = old[1U][3U];
+  s->st[4U][2U] = old[2U][4U];
+  s->st[4U][3U] = old[3U][0U];
+  s->st[4U][4U] = old[4U][1U];
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.chi
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
+  __m256i old[5U][5U];
+  memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U]));
+  for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
+    size_t i1 = i0;
+    for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+      size_t j = i;
+      s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef(
+          s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U],
+          old[i1][(j + (size_t)1U) % (size_t)5U]);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.iota
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, size_t i) {
+  s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef(
+      s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_a6(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s) {
+  for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_theta_rho_a6(s);
+    libcrux_sha3_generic_keccak_pi_a6(s);
+    libcrux_sha3_generic_keccak_chi_a6(s);
+    libcrux_sha3_generic_keccak_iota_a6(s, i0);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 168
+- DELIM= 31
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fb(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[4U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 31U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)168U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  __m256i(*uu____3)[5U] = s->st;
+  uint8_t uu____4[4U][200U];
+  memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U]));
+  libcrux_sha3_simd_avx2_load_block_full_ef_3a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+}
+
+/**
+ Absorb
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake128_absorb_final(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
+    Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) {
+  Eurydice_slice buf[4U] = {data0, data1, data2, data3};
+  libcrux_sha3_generic_keccak_absorb_final_fb(s, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_5b(
+    __m256i (*s)[5U], Eurydice_slice blocks[4U]) {
+  for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) {
+    size_t i0 = i;
+    __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t));
+    __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10);
+    __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10);
+    __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30);
+    __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30);
+    __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32, v0l, v2l, __m256i);
+    __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32, v1h, v3h, __m256i);
+    __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49, v0l, v2l, __m256i);
+    __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49, v1h, v3h, __m256i);
+    s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] =
+        libcrux_intrinsics_avx2_mm256_xor_si256(
+            s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0);
+    s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+     [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] =
+         libcrux_intrinsics_avx2_mm256_xor_si256(
+             s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+              [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+             v1);
+    s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+     [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] =
+         libcrux_intrinsics_avx2_mm256_xor_si256(
+             s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+              [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
+             v2);
+    s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+     [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] =
+         libcrux_intrinsics_avx2_mm256_xor_si256(
+             s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+              [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+             v3);
+  }
+  size_t rem = (size_t)136U % (size_t)32U;
+  size_t start = (size_t)32U * ((size_t)136U / (size_t)32U);
+  uint8_t u8s[32U] = {0U};
+  Eurydice_slice uu____0 =
+      Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____1 =
+      Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t);
+  Eurydice_slice_copy(
+      uu____1,
+      Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____2 =
+      Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t);
+  Eurydice_slice_copy(
+      uu____2,
+      Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____3 =
+      Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t);
+  Eurydice_slice_copy(
+      uu____3,
+      Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t),
+      uint8_t);
+  __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+      core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t,
+                                            Eurydice_slice));
+  size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U;
+  size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U;
+  s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u);
+  if (rem == (size_t)16U) {
+    uint8_t u8s0[32U] = {0U};
+    Eurydice_slice uu____4 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t);
+    Eurydice_slice_copy(uu____4,
+                        Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    Eurydice_slice uu____5 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t);
+    Eurydice_slice_copy(uu____5,
+                        Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    Eurydice_slice uu____6 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t);
+    Eurydice_slice_copy(uu____6,
+                        Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    Eurydice_slice uu____7 =
+        Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t);
+    Eurydice_slice_copy(uu____7,
+                        Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U,
+                                                 start + (size_t)16U, uint8_t),
+                        uint8_t);
+    __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(
+        core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t,
+                                              Eurydice_slice));
+    size_t i =
+        ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U;
+    size_t j =
+        ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U;
+    s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_5b(
+    __m256i (*s)[5U], uint8_t blocks[4U][200U]) {
+  Eurydice_slice buf[4U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t),
+      Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t),
+      Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t),
+      Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)};
+  libcrux_sha3_simd_avx2_load_block_5b(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_5b(
+    __m256i (*a)[5U], uint8_t b[4U][200U]) {
+  __m256i(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[4U][200U];
+  memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U]));
+  libcrux_sha3_simd_avx2_load_block_full_5b(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+- DELIM= 31
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fb0(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[4U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 31U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)136U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  __m256i(*uu____3)[5U] = s->st;
+  uint8_t uu____4[4U][200U];
+  memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U]));
+  libcrux_sha3_simd_avx2_load_block_full_ef_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+}
+
+/**
+ Absorb
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake256_absorb_final(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0,
+    Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) {
+  Eurydice_slice buf[4U] = {data0, data1, data2, data3};
+  libcrux_sha3_generic_keccak_absorb_final_fb0(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_5b(
+    __m256i (*a)[5U], Eurydice_slice b[4U]) {
+  __m256i(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_b[4U];
+  memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_simd_avx2_load_block_5b(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice blocks[4U]) {
+  __m256i(*uu____0)[5U] = s->st;
+  Eurydice_slice uu____1[4U];
+  memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_simd_avx2_load_block_ef_5b(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.store_block
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_5b(
+    __m256i (*s)[5U], Eurydice_slice out[4U]) {
+  for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) {
+    size_t i0 = i;
+    __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32,
+        s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
+        __m256i);
+    __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32,
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+        __m256i);
+    __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49,
+        s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
+        __m256i);
+    __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49,
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+        __m256i);
+    __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h);
+    __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h);
+    __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h);
+    __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[0U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v0);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[1U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v1);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[2U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v2);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[3U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v3);
+  }
+  size_t rem = (size_t)136U % (size_t)32U;
+  size_t start = (size_t)32U * ((size_t)136U / (size_t)32U);
+  uint8_t u8s[32U] = {0U};
+  size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U;
+  size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U;
+  libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+      Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____1 =
+      Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____1,
+      Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____2 =
+      Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____2,
+      Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____3 =
+      Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____3,
+      Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t),
+      uint8_t);
+  if (rem == (size_t)16U) {
+    uint8_t u8s0[32U] = {0U};
+    size_t i =
+        ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U;
+    size_t j =
+        ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U;
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]);
+    Eurydice_slice uu____4 = Eurydice_slice_subslice2(
+        out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____4,
+        Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t),
+        uint8_t);
+    Eurydice_slice uu____5 = Eurydice_slice_subslice2(
+        out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____5,
+        Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t),
+        uint8_t);
+    Eurydice_slice uu____6 = Eurydice_slice_subslice2(
+        out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____6,
+        Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t),
+        uint8_t);
+    Eurydice_slice uu____7 = Eurydice_slice_subslice2(
+        out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____7,
+        Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_5b(
+    __m256i (*s)[5U], uint8_t ret[4U][200U]) {
+  uint8_t out0[200U] = {0U};
+  uint8_t out1[200U] = {0U};
+  uint8_t out2[200U] = {0U};
+  uint8_t out3[200U] = {0U};
+  Eurydice_slice buf[4U] = {
+      Eurydice_array_to_slice((size_t)200U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)200U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)200U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)200U, out3, uint8_t)};
+  libcrux_sha3_simd_avx2_store_block_5b(s, buf);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out0[200U];
+  memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out1[200U];
+  memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t));
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out2[200U];
+  memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t));
+  uint8_t uu____3[200U];
+  memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_5b(
+    __m256i (*a)[5U], uint8_t ret[4U][200U]) {
+  libcrux_sha3_simd_avx2_store_block_full_5b(a, ret);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_and_last_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  uint8_t b[4U][200U];
+  libcrux_sha3_simd_avx2_store_block_full_ef_5b(s->st, b);
+  for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef
+with const generics
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_5b(
+    __m256i (*a)[5U], Eurydice_slice b[4U]) {
+  libcrux_sha3_simd_avx2_store_block_5b(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_simd_avx2_store_block_ef_5b(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+  libcrux_sha3_simd_avx2_store_block_ef_5b(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 s, Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_a6(&s);
+  uint8_t b[4U][200U];
+  libcrux_sha3_simd_avx2_store_block_full_ef_5b(s.st, b);
+  for (size_t i = (size_t)0U; i < (size_t)4U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 136
+- DELIM= 31
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_fb(
+    Eurydice_slice data[4U], Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_KeccakState_55 s =
+      libcrux_sha3_generic_keccak_new_89_a6();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_55 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[4U];
+    memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[4U];
+    libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U,
+                                      (size_t)136U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_97(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
+  libcrux_sha3_generic_keccak_KeccakState_55 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[4U];
+  memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[4U];
+  libcrux_sha3_simd_avx2_slice_n_ef(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_fb0(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)136U;
+  size_t last = outlen - outlen % (size_t)136U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_97(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_4size_t__x2 uu____4 =
+        libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U);
+    Eurydice_slice o0[4U];
+    memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[4U];
+    memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_97(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_4size_t__x2 uu____5 =
+            libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U);
+        Eurydice_slice o[4U];
+        memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[4U];
+        memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_97(&s, o);
+        memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_97(s, o1);
+    }
+  }
+}
+
+/**
+ Perform 4 SHAKE256 operations in parallel
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1,
+    Eurydice_slice out2, Eurydice_slice out3) {
+  Eurydice_slice buf0[4U] = {input0, input1, input2, input3};
+  Eurydice_slice buf[4U] = {out0, out1, out2, out3};
+  libcrux_sha3_generic_keccak_keccak_fb(buf0, buf);
+}
+
+/**
+ Squeeze block
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
+    Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
+  Eurydice_slice buf[4U] = {out0, out1, out2, out3};
+  libcrux_sha3_generic_keccak_squeeze_first_block_97(s, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.store_block
+with const generics
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_3a(
+    __m256i (*s)[5U], Eurydice_slice out[4U]) {
+  for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) {
+    size_t i0 = i;
+    __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32,
+        s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
+        __m256i);
+    __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)32,
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+        __m256i);
+    __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49,
+        s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)2U) % (size_t)5U],
+        __m256i);
+    __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256(
+        (int32_t)49,
+        s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)1U) % (size_t)5U],
+        s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U]
+         [((size_t)4U * i0 + (size_t)3U) % (size_t)5U],
+        __m256i);
+    __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h);
+    __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h);
+    __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h);
+    __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[0U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v0);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[1U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v1);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[2U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v2);
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_slice_subslice2(out[3U], (size_t)32U * i0,
+                                 (size_t)32U * (i0 + (size_t)1U), uint8_t),
+        v3);
+  }
+  size_t rem = (size_t)168U % (size_t)32U;
+  size_t start = (size_t)32U * ((size_t)168U / (size_t)32U);
+  uint8_t u8s[32U] = {0U};
+  size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U;
+  size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U;
+  libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+      Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]);
+  Eurydice_slice uu____0 =
+      Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____1 =
+      Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____1,
+      Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____2 =
+      Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____2,
+      Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t),
+      uint8_t);
+  Eurydice_slice uu____3 =
+      Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t);
+  Eurydice_slice_copy(
+      uu____3,
+      Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t),
+      uint8_t);
+  if (rem == (size_t)16U) {
+    uint8_t u8s0[32U] = {0U};
+    size_t i =
+        ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U;
+    size_t j =
+        ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U;
+    libcrux_intrinsics_avx2_mm256_storeu_si256_u8(
+        Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]);
+    Eurydice_slice uu____4 = Eurydice_slice_subslice2(
+        out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____4,
+        Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t),
+        uint8_t);
+    Eurydice_slice uu____5 = Eurydice_slice_subslice2(
+        out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____5,
+        Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t),
+        uint8_t);
+    Eurydice_slice uu____6 = Eurydice_slice_subslice2(
+        out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____6,
+        Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t),
+        uint8_t);
+    Eurydice_slice uu____7 = Eurydice_slice_subslice2(
+        out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t);
+    Eurydice_slice_copy(
+        uu____7,
+        Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4:
+usize> for core::core_arch::x86::__m256i)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef
+with const generics
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_3a(
+    __m256i (*a)[5U], Eurydice_slice b[4U]) {
+  libcrux_sha3_simd_avx2_store_block_3a(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_970(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_simd_avx2_store_block_ef_3a(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_970(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_a6(s);
+  libcrux_sha3_simd_avx2_store_block_ef_3a(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_five_blocks_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  Eurydice_slice_uint8_t_4size_t__x2 uu____0 =
+      libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U);
+  Eurydice_slice o0[4U];
+  memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice o10[4U];
+  memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_first_block_970(s, o0);
+  Eurydice_slice_uint8_t_4size_t__x2 uu____1 =
+      libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U);
+  Eurydice_slice o1[4U];
+  memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice o20[4U];
+  memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o1);
+  Eurydice_slice_uint8_t_4size_t__x2 uu____2 =
+      libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U);
+  Eurydice_slice o2[4U];
+  memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice o30[4U];
+  memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o2);
+  Eurydice_slice_uint8_t_4size_t__x2 uu____3 =
+      libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U);
+  Eurydice_slice o3[4U];
+  memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice o4[4U];
+  memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o3);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o4);
+}
+
+/**
+ Squeeze five blocks
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
+    Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
+  Eurydice_slice buf[4U] = {out0, out1, out2, out3};
+  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_97(s, buf);
+}
+
+/**
+ Squeeze another block
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
+    Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
+  Eurydice_slice buf[4U] = {out0, out1, out2, out3};
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, buf);
+}
+
+/**
+ Squeeze next block
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
+    Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
+  Eurydice_slice buf[4U] = {out0, out1, out2, out3};
+  libcrux_sha3_generic_keccak_squeeze_next_block_97(s, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks
+with types core_core_arch_x86___m256i
+with const generics
+- N= 4
+- RATE= 168
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) {
+  Eurydice_slice_uint8_t_4size_t__x2 uu____0 =
+      libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U);
+  Eurydice_slice o0[4U];
+  memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice o10[4U];
+  memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_first_block_970(s, o0);
+  Eurydice_slice_uint8_t_4size_t__x2 uu____1 =
+      libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U);
+  Eurydice_slice o1[4U];
+  memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice));
+  Eurydice_slice o2[4U];
+  memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_970(s, o2);
+}
+
+/**
+ Squeeze three blocks
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks(
+    libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0,
+    Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) {
+  Eurydice_slice buf[4U] = {out0, out1, out2, out3};
+  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(s, buf);
+}
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __libcrux_sha3_avx2_H_DEFINED
+#endif
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
new file mode 100644
index 000000000..ee42379c7
--- /dev/null
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -0,0 +1,4931 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ *
+ * This code was generated with the following revisions:
+ * Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
+ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
+ * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
+ * F*: b0961063393215ca65927f017720cb365a193833-dirty
+ * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ */
+
+#ifndef __libcrux_sha3_portable_H
+#define __libcrux_sha3_portable_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include "eurydice_glue.h"
+#include "libcrux_core.h"
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_zero_5a(void) {
+  return 0ULL;
+}
+
+static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__veor5q_u64(
+    uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
+  uint64_t ab = a ^ b;
+  uint64_t cd = c ^ d;
+  uint64_t abcd = ab ^ cd;
+  return abcd ^ e;
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_xor5_5a(
+    uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
+  return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 1
+- RIGHT= 63
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_76(uint64_t x) {
+  return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63;
+}
+
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) {
+  uint64_t uu____0 = a;
+  return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_76(b);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vrax1q_u64(a, b);
+}
+
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) {
+  return a ^ (b & ~c);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_and_not_xor_5a(
+    uint64_t a, uint64_t b, uint64_t c) {
+  return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c);
+}
+
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) {
+  return a ^ c;
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a, uint64_t c) {
+  return libcrux_sha3_portable_keccak__veorq_n_u64(a, c);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) {
+  return a ^ b;
+}
+
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1(
+    Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {
+  ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a(
+    Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_a[1U];
+  memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret0[1U];
+  libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0);
+  memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice));
+}
+
+static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2
+libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U],
+                                            size_t mid) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut(
+      out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice out00 = uu____0.fst;
+  Eurydice_slice out01 = uu____0.snd;
+  Eurydice_slice_uint8_t_1size_t__x2 lit;
+  lit.fst[0U] = out00;
+  lit.snd[0U] = out01;
+  return lit;
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2
+libcrux_sha3_portable_keccak_split_at_mut_n_5a(Eurydice_slice a[1U],
+                                               size_t mid) {
+  return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
+with types uint64_t
+with const generics
+- $1size_t
+*/
+typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s {
+  uint64_t st[5U][5U];
+} libcrux_sha3_generic_keccak_KeccakState_17;
+
+typedef libcrux_sha3_generic_keccak_KeccakState_17
+    libcrux_sha3_portable_KeccakState;
+
+/**
+ Create a new Shake128 x4 state.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
+N>[TraitClause@0, TraitClause@1]#1}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.new_89
+with types uint64_t
+with const generics
+- N= 1
+*/
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
+libcrux_sha3_generic_keccak_new_89_04(void) {
+  libcrux_sha3_generic_keccak_KeccakState_17 lit;
+  lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[0U][3U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[0U][4U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[1U][0U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[1U][1U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[1U][2U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[1U][3U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[1U][4U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[2U][0U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[2U][1U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[2U][2U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[2U][3U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[2U][4U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[3U][0U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[3U][1U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[3U][2U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[3U][3U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[3U][4U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[4U][0U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[4U][1U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[4U][2U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[4U][3U] = libcrux_sha3_portable_keccak_zero_5a();
+  lit.st[4U][4U] = libcrux_sha3_portable_keccak_zero_5a();
+  return lit;
+}
+
+/**
+ Create a new SHAKE-128 state object.
+*/
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
+libcrux_sha3_portable_incremental_shake128_init(void) {
+  return libcrux_sha3_generic_keccak_new_89_04();
+}
+
+static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = {
+    1ULL,
+    32898ULL,
+    9223372036854808714ULL,
+    9223372039002292224ULL,
+    32907ULL,
+    2147483649ULL,
+    9223372039002292353ULL,
+    9223372036854808585ULL,
+    138ULL,
+    136ULL,
+    2147516425ULL,
+    2147483658ULL,
+    2147516555ULL,
+    9223372036854775947ULL,
+    9223372036854808713ULL,
+    9223372036854808579ULL,
+    9223372036854808578ULL,
+    9223372036854775936ULL,
+    32778ULL,
+    9223372039002259466ULL,
+    9223372039002292353ULL,
+    9223372036854808704ULL,
+    2147483649ULL,
+    9223372039002292232ULL};
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_3a(
+    uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
+    size_t i0 = i;
+    uint8_t uu____0[8U];
+    Result_15 dst;
+    Eurydice_slice_to_array2(
+        &dst,
+        Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
+                                 (size_t)8U * i0 + (size_t)8U, uint8_t),
+        Eurydice_slice, uint8_t[8U]);
+    unwrap_26_68(dst, uu____0);
+    size_t uu____1 = i0 / (size_t)5U;
+    size_t uu____2 = i0 % (size_t)5U;
+    s[uu____1][uu____2] =
+        s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_3a(
+    uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
+  libcrux_sha3_portable_keccak_load_block_3a(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_3a(
+    uint64_t (*a)[5U], uint8_t b[1U][200U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[1U][200U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_3a(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 36
+- RIGHT= 28
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_02(uint64_t x) {
+  return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 36
+- RIGHT= 28
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_02(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_02(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 36
+- RIGHT= 28
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_02(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 3
+- RIGHT= 61
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_ac(uint64_t x) {
+  return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 3
+- RIGHT= 61
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_ac(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 3
+- RIGHT= 61
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 41
+- RIGHT= 23
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_020(uint64_t x) {
+  return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 41
+- RIGHT= 23
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_020(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_020(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 41
+- RIGHT= 23
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_020(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 18
+- RIGHT= 46
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_a9(uint64_t x) {
+  return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 18
+- RIGHT= 46
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_a9(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_a9(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 18
+- RIGHT= 46
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_a9(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 1
+- RIGHT= 63
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_76(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_76(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 1
+- RIGHT= 63
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_76(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 44
+- RIGHT= 20
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_58(uint64_t x) {
+  return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 44
+- RIGHT= 20
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_58(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_58(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 44
+- RIGHT= 20
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_58(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 10
+- RIGHT= 54
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_e0(uint64_t x) {
+  return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 10
+- RIGHT= 54
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_e0(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_e0(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 10
+- RIGHT= 54
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_e0(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 45
+- RIGHT= 19
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_63(uint64_t x) {
+  return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 45
+- RIGHT= 19
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_63(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_63(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 45
+- RIGHT= 19
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_63(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 2
+- RIGHT= 62
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_6a(uint64_t x) {
+  return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 2
+- RIGHT= 62
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_6a(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_6a(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 2
+- RIGHT= 62
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_6a(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 62
+- RIGHT= 2
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_ab(uint64_t x) {
+  return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 62
+- RIGHT= 2
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_ab(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_ab(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 62
+- RIGHT= 2
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ab(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 6
+- RIGHT= 58
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_5b(uint64_t x) {
+  return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 6
+- RIGHT= 58
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_5b(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_5b(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 6
+- RIGHT= 58
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_5b(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 43
+- RIGHT= 21
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_6f(uint64_t x) {
+  return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 43
+- RIGHT= 21
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_6f(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_6f(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 43
+- RIGHT= 21
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_6f(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 15
+- RIGHT= 49
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_62(uint64_t x) {
+  return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 15
+- RIGHT= 49
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_62(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_62(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 15
+- RIGHT= 49
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_62(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 61
+- RIGHT= 3
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_23(uint64_t x) {
+  return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 61
+- RIGHT= 3
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_23(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_23(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 61
+- RIGHT= 3
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_23(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 28
+- RIGHT= 36
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_37(uint64_t x) {
+  return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 28
+- RIGHT= 36
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_37(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_37(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 28
+- RIGHT= 36
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_37(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 55
+- RIGHT= 9
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_bb(uint64_t x) {
+  return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 55
+- RIGHT= 9
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_bb(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_bb(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 55
+- RIGHT= 9
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_bb(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 25
+- RIGHT= 39
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_b9(uint64_t x) {
+  return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 25
+- RIGHT= 39
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_b9(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_b9(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 25
+- RIGHT= 39
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_b9(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 21
+- RIGHT= 43
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_54(uint64_t x) {
+  return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 21
+- RIGHT= 43
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_54(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_54(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 21
+- RIGHT= 43
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_54(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 56
+- RIGHT= 8
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_4c(uint64_t x) {
+  return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 56
+- RIGHT= 8
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_4c(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_4c(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 56
+- RIGHT= 8
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_4c(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 27
+- RIGHT= 37
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_ce(uint64_t x) {
+  return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 27
+- RIGHT= 37
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_ce(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_ce(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 27
+- RIGHT= 37
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_ce(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 20
+- RIGHT= 44
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_77(uint64_t x) {
+  return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 20
+- RIGHT= 44
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_77(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_77(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 20
+- RIGHT= 44
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_77(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 39
+- RIGHT= 25
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_25(uint64_t x) {
+  return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 39
+- RIGHT= 25
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_25(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_25(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 39
+- RIGHT= 25
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_25(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 8
+- RIGHT= 56
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_af(uint64_t x) {
+  return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 8
+- RIGHT= 56
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_af(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_af(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 8
+- RIGHT= 56
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_af(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
+with const generics
+- LEFT= 14
+- RIGHT= 50
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_rotate_left_fd(uint64_t x) {
+  return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
+with const generics
+- LEFT= 14
+- RIGHT= 50
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak__vxarq_u64_fd(uint64_t a, uint64_t b) {
+  uint64_t ab = a ^ b;
+  return libcrux_sha3_portable_keccak_rotate_left_fd(ab);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
+with const generics
+- LEFT= 14
+- RIGHT= 50
+*/
+static KRML_MUSTINLINE uint64_t
+libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(uint64_t a, uint64_t b) {
+  return libcrux_sha3_portable_keccak__vxarq_u64_fd(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho
+with types uint64_t
+with const generics
+- N= 1
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
+  uint64_t c[5U] = {
+      libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U],
+                                           s->st[2U][0U], s->st[3U][0U],
+                                           s->st[4U][0U]),
+      libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][1U], s->st[1U][1U],
+                                           s->st[2U][1U], s->st[3U][1U],
+                                           s->st[4U][1U]),
+      libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][2U], s->st[1U][2U],
+                                           s->st[2U][2U], s->st[3U][2U],
+                                           s->st[4U][2U]),
+      libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][3U], s->st[1U][3U],
+                                           s->st[2U][3U], s->st[3U][3U],
+                                           s->st[4U][3U]),
+      libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][4U], s->st[1U][4U],
+                                           s->st[2U][4U], s->st[3U][4U],
+                                           s->st[4U][4U])};
+  uint64_t uu____0 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
+      c[((size_t)0U + (size_t)4U) % (size_t)5U],
+      c[((size_t)0U + (size_t)1U) % (size_t)5U]);
+  uint64_t uu____1 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
+      c[((size_t)1U + (size_t)4U) % (size_t)5U],
+      c[((size_t)1U + (size_t)1U) % (size_t)5U]);
+  uint64_t uu____2 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
+      c[((size_t)2U + (size_t)4U) % (size_t)5U],
+      c[((size_t)2U + (size_t)1U) % (size_t)5U]);
+  uint64_t uu____3 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
+      c[((size_t)3U + (size_t)4U) % (size_t)5U],
+      c[((size_t)3U + (size_t)1U) % (size_t)5U]);
+  uint64_t t[5U] = {uu____0, uu____1, uu____2, uu____3,
+                    libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
+                        c[((size_t)4U + (size_t)4U) % (size_t)5U],
+                        c[((size_t)4U + (size_t)1U) % (size_t)5U])};
+  s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]);
+  s->st[1U][0U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(s->st[1U][0U], t[0U]);
+  s->st[2U][0U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(s->st[2U][0U], t[0U]);
+  s->st[3U][0U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(s->st[3U][0U], t[0U]);
+  s->st[4U][0U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(s->st[4U][0U], t[0U]);
+  s->st[0U][1U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(s->st[0U][1U], t[1U]);
+  s->st[1U][1U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(s->st[1U][1U], t[1U]);
+  s->st[2U][1U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(s->st[2U][1U], t[1U]);
+  s->st[3U][1U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(s->st[3U][1U], t[1U]);
+  s->st[4U][1U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(s->st[4U][1U], t[1U]);
+  s->st[0U][2U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(s->st[0U][2U], t[2U]);
+  s->st[1U][2U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(s->st[1U][2U], t[2U]);
+  s->st[2U][2U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(s->st[2U][2U], t[2U]);
+  s->st[3U][2U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(s->st[3U][2U], t[2U]);
+  s->st[4U][2U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(s->st[4U][2U], t[2U]);
+  s->st[0U][3U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(s->st[0U][3U], t[3U]);
+  s->st[1U][3U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][3U], t[3U]);
+  s->st[2U][3U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(s->st[2U][3U], t[3U]);
+  s->st[3U][3U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(s->st[3U][3U], t[3U]);
+  s->st[4U][3U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(s->st[4U][3U], t[3U]);
+  s->st[0U][4U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(s->st[0U][4U], t[4U]);
+  s->st[1U][4U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(s->st[1U][4U], t[4U]);
+  s->st[2U][4U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(s->st[2U][4U], t[4U]);
+  s->st[3U][4U] =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(s->st[3U][4U], t[4U]);
+  uint64_t uu____27 =
+      libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(s->st[4U][4U], t[4U]);
+  s->st[4U][4U] = uu____27;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.pi
+with types uint64_t
+with const generics
+- N= 1
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
+  uint64_t old[5U][5U];
+  memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
+  s->st[0U][1U] = old[1U][1U];
+  s->st[0U][2U] = old[2U][2U];
+  s->st[0U][3U] = old[3U][3U];
+  s->st[0U][4U] = old[4U][4U];
+  s->st[1U][0U] = old[0U][3U];
+  s->st[1U][1U] = old[1U][4U];
+  s->st[1U][2U] = old[2U][0U];
+  s->st[1U][3U] = old[3U][1U];
+  s->st[1U][4U] = old[4U][2U];
+  s->st[2U][0U] = old[0U][1U];
+  s->st[2U][1U] = old[1U][2U];
+  s->st[2U][2U] = old[2U][3U];
+  s->st[2U][3U] = old[3U][4U];
+  s->st[2U][4U] = old[4U][0U];
+  s->st[3U][0U] = old[0U][4U];
+  s->st[3U][1U] = old[1U][0U];
+  s->st[3U][2U] = old[2U][1U];
+  s->st[3U][3U] = old[3U][2U];
+  s->st[3U][4U] = old[4U][3U];
+  s->st[4U][0U] = old[0U][2U];
+  s->st[4U][1U] = old[1U][3U];
+  s->st[4U][2U] = old[2U][4U];
+  s->st[4U][3U] = old[3U][0U];
+  s->st[4U][4U] = old[4U][1U];
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.chi
+with types uint64_t
+with const generics
+- N= 1
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
+  uint64_t old[5U][5U];
+  memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
+  for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
+    size_t i1 = i0;
+    for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+      size_t j = i;
+      s->st[i1][j] = libcrux_sha3_portable_keccak_and_not_xor_5a(
+          s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U],
+          old[i1][(j + (size_t)1U) % (size_t)5U]);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.iota
+with types uint64_t
+with const generics
+- N= 1
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, size_t i) {
+  s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a(
+      s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600
+with types uint64_t
+with const generics
+- N= 1
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_04(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s) {
+  for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_theta_rho_04(s);
+    libcrux_sha3_generic_keccak_pi_04(s);
+    libcrux_sha3_generic_keccak_chi_04(s);
+    libcrux_sha3_generic_keccak_iota_04(s, i0);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+- DELIM= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 31U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)168U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  uint64_t(*uu____3)[5U] = s->st;
+  uint8_t uu____4[1U][200U];
+  memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+ Absorb
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake128_absorb_final(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) {
+  Eurydice_slice buf[1U] = {data0};
+  libcrux_sha3_generic_keccak_absorb_final_9e(s, buf);
+}
+
+/**
+ Create a new SHAKE-256 state object.
+*/
+static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
+libcrux_sha3_portable_incremental_shake256_init(void) {
+  return libcrux_sha3_generic_keccak_new_89_04();
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5b(
+    uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
+    size_t i0 = i;
+    uint8_t uu____0[8U];
+    Result_15 dst;
+    Eurydice_slice_to_array2(
+        &dst,
+        Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
+                                 (size_t)8U * i0 + (size_t)8U, uint8_t),
+        Eurydice_slice, uint8_t[8U]);
+    unwrap_26_68(dst, uu____0);
+    size_t uu____1 = i0 / (size_t)5U;
+    size_t uu____2 = i0 % (size_t)5U;
+    s[uu____1][uu____2] =
+        s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5b(
+    uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
+  libcrux_sha3_portable_keccak_load_block_5b(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_5b(
+    uint64_t (*a)[5U], uint8_t b[1U][200U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[1U][200U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5b(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+- DELIM= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e0(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 31U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)136U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  uint64_t(*uu____3)[5U] = s->st;
+  uint8_t uu____4[1U][200U];
+  memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+ Absorb some data for SHAKE-256 for the last time
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake256_absorb_final(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) {
+  Eurydice_slice buf[1U] = {data};
+  libcrux_sha3_generic_keccak_absorb_final_9e0(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_3a(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_b[1U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_3a(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
+  uint64_t(*uu____0)[5U] = s->st;
+  Eurydice_slice uu____1[1U];
+  memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_5a_3a(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3a(
+    uint64_t (*s)[5U], Eurydice_slice out[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_3a(
+    uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
+  uint8_t out[200U] = {0U};
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
+  libcrux_sha3_portable_keccak_store_block_3a(s, buf);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out[200U];
+  memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_3a(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_3a(a, ret);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_3a(s->st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_3a(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  libcrux_sha3_portable_keccak_store_block_3a(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_3a(s.st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+- DELIM= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[1U];
+    memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U,
+                                            (size_t)168U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c6(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[1U];
+  libcrux_sha3_portable_keccak_slice_n_5a(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)168U;
+  size_t last = outlen - outlen % (size_t)168U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
+        libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
+    Eurydice_slice o0[1U];
+    memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[1U];
+    memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_c6(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
+            libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U);
+        Eurydice_slice o[1U];
+        memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[1U];
+        memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_c6(&s, o);
+        memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_c6(s, o1);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable.keccakx1
+with const generics
+- RATE= 168
+- DELIM= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out);
+}
+
+/**
+ A portable SHAKE128 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_shake128(
+    Eurydice_slice digest, Eurydice_slice data) {
+  Eurydice_slice buf0[1U] = {data};
+  Eurydice_slice buf[1U] = {digest};
+  libcrux_sha3_portable_keccakx1_c6(buf0, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_5b(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_b[1U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_5b(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
+  uint64_t(*uu____0)[5U] = s->st;
+  Eurydice_slice uu____1[1U];
+  memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_5a_5b(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5b(
+    uint64_t (*s)[5U], Eurydice_slice out[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5b(
+    uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
+  uint8_t out[200U] = {0U};
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
+  libcrux_sha3_portable_keccak_store_block_5b(s, buf);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out[200U];
+  memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_5b(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_5b(a, ret);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_5b(s->st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_5b(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5b(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c60(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_5b(s.st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+- DELIM= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e0(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[1U];
+    memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
+                                            (size_t)136U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[1U];
+  libcrux_sha3_portable_keccak_slice_n_5a(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e0(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)136U;
+  size_t last = outlen - outlen % (size_t)136U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
+        libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
+    Eurydice_slice o0[1U];
+    memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[1U];
+    memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
+            libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U);
+        Eurydice_slice o[1U];
+        memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[1U];
+        memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o);
+        memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable.keccakx1
+with const generics
+- RATE= 136
+- DELIM= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out);
+}
+
+/**
+ A portable SHAKE256 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_shake256(
+    Eurydice_slice digest, Eurydice_slice data) {
+  Eurydice_slice buf0[1U] = {data};
+  Eurydice_slice buf[1U] = {digest};
+  libcrux_sha3_portable_keccakx1_ad(buf0, buf);
+}
+
+/**
+ Squeeze the first SHAKE-256 block
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
+  Eurydice_slice buf[1U] = {out};
+  libcrux_sha3_generic_keccak_squeeze_first_block_c60(s, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
+  Eurydice_slice o0[1U];
+  memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice o10[1U];
+  memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_first_block_c6(s, o0);
+  Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
+  Eurydice_slice o1[1U];
+  memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice o20[1U];
+  memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o1);
+  Eurydice_slice_uint8_t_1size_t__x2 uu____2 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U);
+  Eurydice_slice o2[1U];
+  memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice o30[1U];
+  memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o2);
+  Eurydice_slice_uint8_t_1size_t__x2 uu____3 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U);
+  Eurydice_slice o3[1U];
+  memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice o4[1U];
+  memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o3);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o4);
+}
+
+/**
+ Squeeze five blocks
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
+  Eurydice_slice buf[1U] = {out0};
+  libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(s, buf);
+}
+
+/**
+ Squeeze another block
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
+  Eurydice_slice buf[1U] = {out0};
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, buf);
+}
+
+/**
+ Squeeze the next SHAKE-256 block
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
+  Eurydice_slice buf[1U] = {out};
+  libcrux_sha3_generic_keccak_squeeze_next_block_c60(s, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
+with types uint64_t
+with const generics
+- $1size_t
+- $136size_t
+*/
+typedef struct libcrux_sha3_generic_keccak_KeccakXofState_e2_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 inner;
+  uint8_t buf[1U][136U];
+  size_t buf_len;
+  bool sponge;
+} libcrux_sha3_generic_keccak_KeccakXofState_e2;
+
+typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
+    libcrux_sha3_portable_incremental_Shake256Xof;
+
+/**
+ Consume the internal buffer and the required amount of the input to pad to
+ `RATE`.
+
+ Returns the `consumed` bytes from `inputs` if there's enough buffered
+ content to consume, and `0` otherwise.
+ If `consumed > 0` is returned, `self.buf` contains a full block to be
+ loaded.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice inputs[1U]) {
+  size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
+  size_t consumed = (size_t)0U;
+  if (self->buf_len > (size_t)0U) {
+    if (self->buf_len + input_len >= (size_t)136U) {
+      consumed = (size_t)136U - self->buf_len;
+      for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+        size_t i0 = i;
+        Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
+            (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t);
+        Eurydice_slice_copy(
+            uu____0,
+            Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t),
+            uint8_t);
+      }
+      self->buf_len = self->buf_len + consumed;
+    }
+  }
+  return consumed;
+}
+
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice inputs[1U]) {
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_inputs0[1U];
+  memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
+  size_t input_consumed =
+      libcrux_sha3_generic_keccak_fill_buffer_8b_c6(uu____0, copy_of_inputs0);
+  if (input_consumed > (size_t)0U) {
+    Eurydice_slice borrowed[1U];
+    for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+      uint8_t buf[136U] = {0U};
+      borrowed[i] = core_array___Array_T__N__23__as_slice(
+          (size_t)136U, buf, uint8_t, Eurydice_slice);
+    }
+    for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+      size_t i0 = i;
+      borrowed[i0] =
+          Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t);
+    }
+    uint64_t(*uu____2)[5U] = self->inner.st;
+    Eurydice_slice uu____3[1U];
+    memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_portable_keccak_load_block_5a_5b(uu____2, uu____3);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    self->buf_len = (size_t)0U;
+  }
+  size_t input_to_consume =
+      Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
+  size_t num_blocks = input_to_consume / (size_t)136U;
+  size_t remainder = input_to_consume % (size_t)136U;
+  for (size_t i = (size_t)0U; i < num_blocks; i++) {
+    size_t i0 = i;
+    uint64_t(*uu____4)[5U] = self->inner.st;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_inputs[1U];
+    memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(
+        copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret);
+    libcrux_sha3_portable_keccak_load_block_5a_5b(uu____4, ret);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+  }
+  return remainder;
+}
+
+/**
+ Absorb
+
+ This function takes any number of bytes to absorb and buffers if it's not
+ enough. The function assumes that all input slices in `blocks` have the same
+ length.
+
+ Only a multiple of `RATE` blocks are absorbed.
+ For the remaining bytes [`absorb_final`] needs to be called.
+
+ This works best with relatively small `inputs`.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice inputs[1U]) {
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_inputs[1U];
+  memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
+  size_t input_remainder_len =
+      libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
+  if (input_remainder_len > (size_t)0U) {
+    size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
+    for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+      size_t i0 = i;
+      Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
+          self->buf[i0], self->buf_len, self->buf_len + input_remainder_len,
+          uint8_t);
+      Eurydice_slice_copy(
+          uu____2,
+          Eurydice_slice_subslice_from(
+              inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
+          uint8_t);
+    }
+    self->buf_len = self->buf_len + input_remainder_len;
+  }
+}
+
+/**
+ Shake256 absorb
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
+*/
+static inline void libcrux_sha3_portable_incremental_absorb_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
+  Eurydice_slice buf[1U] = {input};
+  libcrux_sha3_generic_keccak_absorb_8b_c6(self, buf);
+}
+
+/**
+ Absorb a final block.
+
+ The `inputs` block may be empty. Everything in the `inputs` block beyond
+ `RATE` bytes is ignored.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+- DELIMITER= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice inputs[1U]) {
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_inputs[1U];
+  memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
+  size_t input_remainder_len =
+      libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs);
+  size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (self->buf_len > (size_t)0U) {
+      Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, self->buf_len, uint8_t);
+      Eurydice_slice_copy(uu____2,
+                          Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U,
+                                                      self->buf_len, uint8_t),
+                          uint8_t);
+    }
+    if (input_remainder_len > (size_t)0U) {
+      Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
+          blocks[i0], self->buf_len, self->buf_len + input_remainder_len,
+          uint8_t);
+      Eurydice_slice_copy(
+          uu____3,
+          Eurydice_slice_subslice_from(
+              inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
+          uint8_t);
+    }
+    blocks[i0][self->buf_len + input_remainder_len] = 31U;
+    size_t uu____4 = i0;
+    size_t uu____5 = (size_t)136U - (size_t)1U;
+    blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U;
+  }
+  uint64_t(*uu____6)[5U] = self->inner.st;
+  uint8_t uu____7[1U][200U];
+  memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____6, uu____7);
+  libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+}
+
+/**
+ Shake256 absorb final
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
+*/
+static inline void libcrux_sha3_portable_incremental_absorb_final_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
+  Eurydice_slice buf[1U] = {input};
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e(self, buf);
+}
+
+/**
+ An all zero block
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static inline void libcrux_sha3_generic_keccak_zero_block_8b_c6(
+    uint8_t ret[136U]) {
+  ret[0U] = 0U;
+  ret[1U] = 0U;
+  ret[2U] = 0U;
+  ret[3U] = 0U;
+  ret[4U] = 0U;
+  ret[5U] = 0U;
+  ret[6U] = 0U;
+  ret[7U] = 0U;
+  ret[8U] = 0U;
+  ret[9U] = 0U;
+  ret[10U] = 0U;
+  ret[11U] = 0U;
+  ret[12U] = 0U;
+  ret[13U] = 0U;
+  ret[14U] = 0U;
+  ret[15U] = 0U;
+  ret[16U] = 0U;
+  ret[17U] = 0U;
+  ret[18U] = 0U;
+  ret[19U] = 0U;
+  ret[20U] = 0U;
+  ret[21U] = 0U;
+  ret[22U] = 0U;
+  ret[23U] = 0U;
+  ret[24U] = 0U;
+  ret[25U] = 0U;
+  ret[26U] = 0U;
+  ret[27U] = 0U;
+  ret[28U] = 0U;
+  ret[29U] = 0U;
+  ret[30U] = 0U;
+  ret[31U] = 0U;
+  ret[32U] = 0U;
+  ret[33U] = 0U;
+  ret[34U] = 0U;
+  ret[35U] = 0U;
+  ret[36U] = 0U;
+  ret[37U] = 0U;
+  ret[38U] = 0U;
+  ret[39U] = 0U;
+  ret[40U] = 0U;
+  ret[41U] = 0U;
+  ret[42U] = 0U;
+  ret[43U] = 0U;
+  ret[44U] = 0U;
+  ret[45U] = 0U;
+  ret[46U] = 0U;
+  ret[47U] = 0U;
+  ret[48U] = 0U;
+  ret[49U] = 0U;
+  ret[50U] = 0U;
+  ret[51U] = 0U;
+  ret[52U] = 0U;
+  ret[53U] = 0U;
+  ret[54U] = 0U;
+  ret[55U] = 0U;
+  ret[56U] = 0U;
+  ret[57U] = 0U;
+  ret[58U] = 0U;
+  ret[59U] = 0U;
+  ret[60U] = 0U;
+  ret[61U] = 0U;
+  ret[62U] = 0U;
+  ret[63U] = 0U;
+  ret[64U] = 0U;
+  ret[65U] = 0U;
+  ret[66U] = 0U;
+  ret[67U] = 0U;
+  ret[68U] = 0U;
+  ret[69U] = 0U;
+  ret[70U] = 0U;
+  ret[71U] = 0U;
+  ret[72U] = 0U;
+  ret[73U] = 0U;
+  ret[74U] = 0U;
+  ret[75U] = 0U;
+  ret[76U] = 0U;
+  ret[77U] = 0U;
+  ret[78U] = 0U;
+  ret[79U] = 0U;
+  ret[80U] = 0U;
+  ret[81U] = 0U;
+  ret[82U] = 0U;
+  ret[83U] = 0U;
+  ret[84U] = 0U;
+  ret[85U] = 0U;
+  ret[86U] = 0U;
+  ret[87U] = 0U;
+  ret[88U] = 0U;
+  ret[89U] = 0U;
+  ret[90U] = 0U;
+  ret[91U] = 0U;
+  ret[92U] = 0U;
+  ret[93U] = 0U;
+  ret[94U] = 0U;
+  ret[95U] = 0U;
+  ret[96U] = 0U;
+  ret[97U] = 0U;
+  ret[98U] = 0U;
+  ret[99U] = 0U;
+  ret[100U] = 0U;
+  ret[101U] = 0U;
+  ret[102U] = 0U;
+  ret[103U] = 0U;
+  ret[104U] = 0U;
+  ret[105U] = 0U;
+  ret[106U] = 0U;
+  ret[107U] = 0U;
+  ret[108U] = 0U;
+  ret[109U] = 0U;
+  ret[110U] = 0U;
+  ret[111U] = 0U;
+  ret[112U] = 0U;
+  ret[113U] = 0U;
+  ret[114U] = 0U;
+  ret[115U] = 0U;
+  ret[116U] = 0U;
+  ret[117U] = 0U;
+  ret[118U] = 0U;
+  ret[119U] = 0U;
+  ret[120U] = 0U;
+  ret[121U] = 0U;
+  ret[122U] = 0U;
+  ret[123U] = 0U;
+  ret[124U] = 0U;
+  ret[125U] = 0U;
+  ret[126U] = 0U;
+  ret[127U] = 0U;
+  ret[128U] = 0U;
+  ret[129U] = 0U;
+  ret[130U] = 0U;
+  ret[131U] = 0U;
+  ret[132U] = 0U;
+  ret[133U] = 0U;
+  ret[134U] = 0U;
+  ret[135U] = 0U;
+}
+
+/**
+ Generate a new keccak xof state.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.new_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
+libcrux_sha3_generic_keccak_new_8b_c6(void) {
+  libcrux_sha3_generic_keccak_KeccakXofState_e2 lit;
+  lit.inner = libcrux_sha3_generic_keccak_new_89_04();
+  uint8_t ret[136U];
+  libcrux_sha3_generic_keccak_zero_block_8b_c6(ret);
+  memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t));
+  lit.buf_len = (size_t)0U;
+  lit.sponge = false;
+  return lit;
+}
+
+/**
+ Shake256 new state
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
+*/
+static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
+libcrux_sha3_portable_incremental_new_68(void) {
+  return libcrux_sha3_generic_keccak_new_8b_c6();
+}
+
+/**
+ `out` has the exact size we want here. It must be less than or equal to `RATE`.
+*/
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
+    uint64_t (*state)[5U], Eurydice_slice out[1U]) {
+  size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
+  size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
+  for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+  if (last_block_len != (size_t)0U) {
+    Eurydice_slice uu____1 = Eurydice_slice_subslice2(
+        out[0U], num_full_blocks * (size_t)8U,
+        num_full_blocks * (size_t)8U + last_block_len, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(
+        state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____1,
+        Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
+        uint8_t);
+  }
+}
+
+/**
+ Squeeze `N` x `LEN` bytes.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice out[1U]) {
+  if (self->sponge) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+  }
+  size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = out_len / (size_t)136U;
+  size_t last = out_len - out_len % (size_t)136U;
+  size_t mid;
+  if ((size_t)136U >= out_len) {
+    mid = out_len;
+  } else {
+    mid = (size_t)136U;
+  }
+  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
+  Eurydice_slice out00[1U];
+  memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice out_rest[1U];
+  memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
+          core_ops_range_Range_08, core_ops_range_Range_08);
+  while (true) {
+    if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+            &iter, size_t, Option_08)
+            .tag == None) {
+      break;
+    } else {
+      Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+                                                         (size_t)136U);
+      Eurydice_slice out0[1U];
+      memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
+      Eurydice_slice tmp[1U];
+      memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
+      memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
+    }
+  }
+  if (last < out_len) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
+  }
+  self->sponge = true;
+}
+
+/**
+ Shake256 squeeze
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
+*/
+static inline void libcrux_sha3_portable_incremental_squeeze_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
+  Eurydice_slice buf[1U] = {out};
+  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
+}
+
+#define libcrux_sha3_Sha224 0
+#define libcrux_sha3_Sha256 1
+#define libcrux_sha3_Sha384 2
+#define libcrux_sha3_Sha512 3
+
+typedef uint8_t libcrux_sha3_Algorithm;
+
+/**
+ Returns the output size of a digest.
+*/
+static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) {
+  size_t uu____0;
+  switch (mode) {
+    case libcrux_sha3_Sha224: {
+      uu____0 = (size_t)28U;
+      break;
+    }
+    case libcrux_sha3_Sha256: {
+      uu____0 = (size_t)32U;
+      break;
+    }
+    case libcrux_sha3_Sha384: {
+      uu____0 = (size_t)48U;
+      break;
+    }
+    case libcrux_sha3_Sha512: {
+      uu____0 = (size_t)64U;
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
+                        __LINE__);
+      KRML_HOST_EXIT(253U);
+    }
+  }
+  return uu____0;
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c(
+    uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
+    size_t i0 = i;
+    uint8_t uu____0[8U];
+    Result_15 dst;
+    Eurydice_slice_to_array2(
+        &dst,
+        Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
+                                 (size_t)8U * i0 + (size_t)8U, uint8_t),
+        Eurydice_slice, uint8_t[8U]);
+    unwrap_26_68(dst, uu____0);
+    size_t uu____1 = i0 / (size_t)5U;
+    size_t uu____2 = i0 % (size_t)5U;
+    s[uu____1][uu____2] =
+        s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_2c(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_b[1U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
+  uint64_t(*uu____0)[5U] = s->st;
+  Eurydice_slice uu____1[1U];
+  memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_5a_2c(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_2c(
+    uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
+  libcrux_sha3_portable_keccak_load_block_2c(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2c(
+    uint64_t (*a)[5U], uint8_t b[1U][200U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[1U][200U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_2c(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e1(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 6U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)144U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  uint64_t(*uu____3)[5U] = s->st;
+  uint8_t uu____4[1U][200U];
+  memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_2c(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_2c(
+    uint64_t (*s)[5U], Eurydice_slice out[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2c(
+    uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
+  uint8_t out[200U] = {0U};
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
+  libcrux_sha3_portable_keccak_store_block_2c(s, buf);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out[200U];
+  memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_2c(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_2c(a, ret);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_2c(s->st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
+with const generics
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_2c(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  libcrux_sha3_portable_keccak_store_block_2c(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c61(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_2c(s.st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 144
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e1(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[1U];
+    memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U,
+                                            (size_t)144U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c61(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[1U];
+  libcrux_sha3_portable_keccak_slice_n_5a(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e1(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)144U;
+  size_t last = outlen - outlen % (size_t)144U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
+        libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U);
+    Eurydice_slice o0[1U];
+    memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[1U];
+    memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_c61(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
+            libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U);
+        Eurydice_slice o[1U];
+        memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[1U];
+        memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_c61(&s, o);
+        memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_c61(s, o1);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable.keccakx1
+with const generics
+- RATE= 144
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out);
+}
+
+/**
+ A portable SHA3 224 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest,
+                                                         Eurydice_slice data) {
+  Eurydice_slice buf0[1U] = {data};
+  Eurydice_slice buf[1U] = {digest};
+  libcrux_sha3_portable_keccakx1_1e(buf0, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e2(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 6U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)136U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  uint64_t(*uu____3)[5U] = s->st;
+  uint8_t uu____4[1U][200U];
+  memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 136
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e2(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[1U];
+    memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
+                                            (size_t)136U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[1U];
+  libcrux_sha3_portable_keccak_slice_n_5a(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e2(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)136U;
+  size_t last = outlen - outlen % (size_t)136U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
+        libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
+    Eurydice_slice o0[1U];
+    memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[1U];
+    memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
+            libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U);
+        Eurydice_slice o[1U];
+        memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[1U];
+        memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o);
+        memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable.keccakx1
+with const generics
+- RATE= 136
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out);
+}
+
+/**
+ A portable SHA3 256 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest,
+                                                         Eurydice_slice data) {
+  Eurydice_slice buf0[1U] = {data};
+  Eurydice_slice buf[1U] = {digest};
+  libcrux_sha3_portable_keccakx1_ad0(buf0, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_7a(
+    uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
+    size_t i0 = i;
+    uint8_t uu____0[8U];
+    Result_15 dst;
+    Eurydice_slice_to_array2(
+        &dst,
+        Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
+                                 (size_t)8U * i0 + (size_t)8U, uint8_t),
+        Eurydice_slice, uint8_t[8U]);
+    unwrap_26_68(dst, uu____0);
+    size_t uu____1 = i0 / (size_t)5U;
+    size_t uu____2 = i0 % (size_t)5U;
+    s[uu____1][uu____2] =
+        s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_7a(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_b[1U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_7a(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
+  uint64_t(*uu____0)[5U] = s->st;
+  Eurydice_slice uu____1[1U];
+  memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_5a_7a(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a(
+    uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
+  libcrux_sha3_portable_keccak_load_block_7a(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_7a(
+    uint64_t (*a)[5U], uint8_t b[1U][200U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[1U][200U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e3(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 6U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)104U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  uint64_t(*uu____3)[5U] = s->st;
+  uint8_t uu____4[1U][200U];
+  memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_7a(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_7a(
+    uint64_t (*s)[5U], Eurydice_slice out[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7a(
+    uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
+  uint8_t out[200U] = {0U};
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
+  libcrux_sha3_portable_keccak_store_block_7a(s, buf);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out[200U];
+  memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_7a(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_7a(a, ret);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_7a(s->st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
+with const generics
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7a(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  libcrux_sha3_portable_keccak_store_block_7a(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c62(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_7a(s.st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 104
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e3(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[1U];
+    memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U,
+                                            (size_t)104U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c62(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[1U];
+  libcrux_sha3_portable_keccak_slice_n_5a(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e3(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)104U;
+  size_t last = outlen - outlen % (size_t)104U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
+        libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U);
+    Eurydice_slice o0[1U];
+    memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[1U];
+    memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_c62(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
+            libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U);
+        Eurydice_slice o[1U];
+        memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[1U];
+        memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_c62(&s, o);
+        memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_c62(s, o1);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable.keccakx1
+with const generics
+- RATE= 104
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out);
+}
+
+/**
+ A portable SHA3 384 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest,
+                                                         Eurydice_slice data) {
+  Eurydice_slice buf0[1U] = {data};
+  Eurydice_slice buf[1U] = {digest};
+  libcrux_sha3_portable_keccakx1_7c(buf0, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_f8(
+    uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
+    size_t i0 = i;
+    uint8_t uu____0[8U];
+    Result_15 dst;
+    Eurydice_slice_to_array2(
+        &dst,
+        Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
+                                 (size_t)8U * i0 + (size_t)8U, uint8_t),
+        Eurydice_slice, uint8_t[8U]);
+    unwrap_26_68(dst, uu____0);
+    size_t uu____1 = i0 / (size_t)5U;
+    size_t uu____2 = i0 % (size_t)5U;
+    s[uu____1][uu____2] =
+        s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_f8(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_b[1U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_f8(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) {
+  uint64_t(*uu____0)[5U] = s->st;
+  Eurydice_slice uu____1[1U];
+  memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_load_block_5a_f8(uu____0, uu____1);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_f8(
+    uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
+  libcrux_sha3_portable_keccak_load_block_f8(s, buf);
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_f8(
+    uint64_t (*a)[5U], uint8_t b[1U][200U]) {
+  uint64_t(*uu____0)[5U] = a;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_b[1U][200U];
+  memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_f8(uu____0, copy_of_b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e4(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) {
+  size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (last_len > (size_t)0U) {
+      Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, last_len, uint8_t);
+      Eurydice_slice_copy(uu____0, last[i0], uint8_t);
+    }
+    blocks[i0][last_len] = 6U;
+    size_t uu____1 = i0;
+    size_t uu____2 = (size_t)72U - (size_t)1U;
+    blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
+  }
+  uint64_t(*uu____3)[5U] = s->st;
+  uint8_t uu____4[1U][200U];
+  memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_f8(uu____3, uu____4);
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_f8(
+    uint64_t (*s)[5U], Eurydice_slice out[1U]) {
+  for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_f8(
+    uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
+  uint8_t out[200U] = {0U};
+  Eurydice_slice buf[1U] = {
+      Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
+  libcrux_sha3_portable_keccak_store_block_f8(s, buf);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_out[200U];
+  memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
+  memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_f8(
+    uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
+  libcrux_sha3_portable_keccak_store_block_full_f8(a, ret);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_f8(s->st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
+with const generics
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_f8(
+    uint64_t (*a)[5U], Eurydice_slice b[1U]) {
+  libcrux_sha3_portable_keccak_store_block_f8(a, b);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(s);
+  libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c63(
+    libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_keccakf1600_04(&s);
+  uint8_t b[1U][200U];
+  libcrux_sha3_portable_keccak_store_block_full_5a_f8(s.st, b);
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = out[i0];
+    uint8_t *uu____1 = b[i0];
+    core_ops_range_Range_08 lit;
+    lit.start = (size_t)0U;
+    lit.end = Eurydice_slice_len(out[i0], uint8_t);
+    Eurydice_slice_copy(
+        uu____0,
+        Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
+                                   core_ops_range_Range_08),
+        uint8_t);
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.keccak
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 72
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e4(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  libcrux_sha3_generic_keccak_KeccakState_17 s =
+      libcrux_sha3_generic_keccak_new_89_04();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) {
+    size_t i0 = i;
+    libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_data[1U];
+    memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U,
+                                            (size_t)72U, ret);
+    libcrux_sha3_generic_keccak_absorb_block_c63(uu____0, ret);
+  }
+  size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U;
+  libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice ret[1U];
+  libcrux_sha3_portable_keccak_slice_n_5a(
+      copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
+  libcrux_sha3_generic_keccak_absorb_final_9e4(uu____2, ret);
+  size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = outlen / (size_t)72U;
+  size_t last = outlen - outlen % (size_t)72U;
+  if (blocks == (size_t)0U) {
+    libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(&s, out);
+  } else {
+    Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
+        libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U);
+    Eurydice_slice o0[1U];
+    memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice o1[1U];
+    memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_generic_keccak_squeeze_first_block_c63(&s, o0);
+    core_ops_range_Range_08 iter =
+        core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+            (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                               .end = blocks}),
+            core_ops_range_Range_08, core_ops_range_Range_08);
+    while (true) {
+      if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+              &iter, size_t, Option_08)
+              .tag == None) {
+        break;
+      } else {
+        Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
+            libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)72U);
+        Eurydice_slice o[1U];
+        memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
+        Eurydice_slice orest[1U];
+        memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
+        libcrux_sha3_generic_keccak_squeeze_next_block_c63(&s, o);
+        memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
+      }
+    }
+    if (last < outlen) {
+      libcrux_sha3_generic_keccak_squeeze_last_c63(s, o1);
+    }
+  }
+}
+
+/**
+A monomorphic instance of libcrux_sha3.portable.keccakx1
+with const generics
+- RATE= 72
+- DELIM= 6
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96(
+    Eurydice_slice data[1U], Eurydice_slice out[1U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_data[1U];
+  memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out);
+}
+
+/**
+ A portable SHA3 512 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest,
+                                                         Eurydice_slice data) {
+  Eurydice_slice buf0[1U] = {data};
+  Eurydice_slice buf[1U] = {digest};
+  libcrux_sha3_portable_keccakx1_96(buf0, buf);
+}
+
+/**
+ SHA3 224
+
+ Preconditions:
+ - `digest.len() == 28`
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest,
+                                                    Eurydice_slice payload) {
+  libcrux_sha3_portable_sha224(digest, payload);
+}
+
+/**
+ SHA3 224
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data,
+                                                uint8_t ret[28U]) {
+  uint8_t out[28U] = {0U};
+  libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t),
+                          data);
+  memcpy(ret, out, (size_t)28U * sizeof(uint8_t));
+}
+
+/**
+ SHA3 256
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest,
+                                                    Eurydice_slice payload) {
+  libcrux_sha3_portable_sha256(digest, payload);
+}
+
+/**
+ SHA3 256
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data,
+                                                uint8_t ret[32U]) {
+  uint8_t out[32U] = {0U};
+  libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
+                          data);
+  memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
+}
+
+/**
+ SHA3 384
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest,
+                                                    Eurydice_slice payload) {
+  libcrux_sha3_portable_sha384(digest, payload);
+}
+
+/**
+ SHA3 384
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data,
+                                                uint8_t ret[48U]) {
+  uint8_t out[48U] = {0U};
+  libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t),
+                          data);
+  memcpy(ret, out, (size_t)48U * sizeof(uint8_t));
+}
+
+/**
+ SHA3 512
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest,
+                                                    Eurydice_slice payload) {
+  libcrux_sha3_portable_sha512(digest, payload);
+}
+
+/**
+ SHA3 512
+*/
+static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data,
+                                                uint8_t ret[64U]) {
+  uint8_t out[64U] = {0U};
+  libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t),
+                          data);
+  memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
+}
+
+/**
+ SHAKE 128
+
+ Writes `out.len()` bytes.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out,
+                                                      Eurydice_slice data) {
+  libcrux_sha3_portable_shake128(out, data);
+}
+
+/**
+ SHAKE 256
+
+ Writes `out.len()` bytes.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out,
+                                                      Eurydice_slice data) {
+  libcrux_sha3_portable_shake256(out, data);
+}
+
+static const size_t libcrux_sha3_generic_keccak__PI[24U] = {
+    (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U,
+    (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U,
+    (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U,
+    (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U,
+    (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U};
+
+static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = {
+    (size_t)1U,  (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U,
+    (size_t)44U, (size_t)6U,  (size_t)55U, (size_t)20U, (size_t)3U,
+    (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U,
+    (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U,  (size_t)18U,
+    (size_t)2U,  (size_t)61U, (size_t)56U, (size_t)14U};
+
+/**
+ A portable SHA3 224 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest,
+                                                     Eurydice_slice data) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ A portable SHA3 256 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest,
+                                                     Eurydice_slice data) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ A portable SHA3 384 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest,
+                                                     Eurydice_slice data) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ A portable SHA3 512 implementation.
+*/
+static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest,
+                                                     Eurydice_slice data) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Run SHAKE256 on both inputs in parallel.
+
+ Writes the two results into `out0` and `out1`
+*/
+static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
+                                                          Eurydice_slice input1,
+                                                          Eurydice_slice out0,
+                                                          Eurydice_slice out1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 state[2U];
+} libcrux_sha3_neon_x2_incremental_KeccakState;
+
+/**
+ Initialise the `KeccakState2`.
+*/
+static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
+libcrux_sha3_neon_x2_incremental_init(void) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`.
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
+    Eurydice_slice data1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Squeeze 2 times the first three blocks in parallel in the
+ [`KeccakState`] and return the output in `out0` and `out1`.
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
+    Eurydice_slice out1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Squeeze 2 times the next block in parallel in the
+ [`KeccakState`] and return the output in `out0` and `out1`.
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
+    Eurydice_slice out1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Squeeze five blocks
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
+    Eurydice_slice out1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Shake256 absorb `data0` and `data1` in the [`KeccakState`] `s`.
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake256_absorb_final(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
+    Eurydice_slice data1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Squeeze block
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake256_squeeze_first_block(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
+    Eurydice_slice out1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+ Squeeze next block
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block(
+    libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
+    Eurydice_slice out1) {
+  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                    "panic!");
+  KRML_HOST_EXIT(255U);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks
+with types uint64_t
+with const generics
+- N= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) {
+  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
+  Eurydice_slice o0[1U];
+  memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice o10[1U];
+  memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_first_block_c6(s, o0);
+  Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
+  Eurydice_slice o1[1U];
+  memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice o2[1U];
+  memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o1);
+  libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o2);
+}
+
+/**
+ Squeeze three blocks
+*/
+static KRML_MUSTINLINE void
+libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
+    libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
+  Eurydice_slice buf[1U] = {out0};
+  libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(s, buf);
+}
+
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
+with types uint64_t
+with const generics
+- $1size_t
+- $168size_t
+*/
+typedef struct libcrux_sha3_generic_keccak_KeccakXofState_97_s {
+  libcrux_sha3_generic_keccak_KeccakState_17 inner;
+  uint8_t buf[1U][168U];
+  size_t buf_len;
+  bool sponge;
+} libcrux_sha3_generic_keccak_KeccakXofState_97;
+
+typedef libcrux_sha3_generic_keccak_KeccakXofState_97
+    libcrux_sha3_portable_incremental_Shake128Xof;
+
+/**
+ Consume the internal buffer and the required amount of the input to pad to
+ `RATE`.
+
+ Returns the `consumed` bytes from `inputs` if there's enough buffered
+ content to consume, and `0` otherwise.
+ If `consumed > 0` is returned, `self.buf` contains a full block to be
+ loaded.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+*/
+static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
+    Eurydice_slice inputs[1U]) {
+  size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
+  size_t consumed = (size_t)0U;
+  if (self->buf_len > (size_t)0U) {
+    if (self->buf_len + input_len >= (size_t)168U) {
+      consumed = (size_t)168U - self->buf_len;
+      for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+        size_t i0 = i;
+        Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
+            (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t);
+        Eurydice_slice_copy(
+            uu____0,
+            Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t),
+            uint8_t);
+      }
+      self->buf_len = self->buf_len + consumed;
+    }
+  }
+  return consumed;
+}
+
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+*/
+static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
+    Eurydice_slice inputs[1U]) {
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_inputs0[1U];
+  memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
+  size_t input_consumed =
+      libcrux_sha3_generic_keccak_fill_buffer_8b_c60(uu____0, copy_of_inputs0);
+  if (input_consumed > (size_t)0U) {
+    Eurydice_slice borrowed[1U];
+    for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+      uint8_t buf[168U] = {0U};
+      borrowed[i] = core_array___Array_T__N__23__as_slice(
+          (size_t)168U, buf, uint8_t, Eurydice_slice);
+    }
+    for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+      size_t i0 = i;
+      borrowed[i0] =
+          Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t);
+    }
+    uint64_t(*uu____2)[5U] = self->inner.st;
+    Eurydice_slice uu____3[1U];
+    memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
+    libcrux_sha3_portable_keccak_load_block_5a_3a(uu____2, uu____3);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    self->buf_len = (size_t)0U;
+  }
+  size_t input_to_consume =
+      Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
+  size_t num_blocks = input_to_consume / (size_t)168U;
+  size_t remainder = input_to_consume % (size_t)168U;
+  for (size_t i = (size_t)0U; i < num_blocks; i++) {
+    size_t i0 = i;
+    uint64_t(*uu____4)[5U] = self->inner.st;
+    /* Passing arrays by value in Rust generates a copy in C */
+    Eurydice_slice copy_of_inputs[1U];
+    memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
+    Eurydice_slice ret[1U];
+    libcrux_sha3_portable_keccak_slice_n_5a(
+        copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret);
+    libcrux_sha3_portable_keccak_load_block_5a_3a(uu____4, ret);
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+  }
+  return remainder;
+}
+
+/**
+ Absorb
+
+ This function takes any number of bytes to absorb and buffers if it's not
+ enough. The function assumes that all input slices in `blocks` have the same
+ length.
+
+ Only a multiple of `RATE` blocks are absorbed.
+ For the remaining bytes [`absorb_final`] needs to be called.
+
+ This works best with relatively small `inputs`.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
+    Eurydice_slice inputs[1U]) {
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_inputs[1U];
+  memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
+  size_t input_remainder_len =
+      libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
+  if (input_remainder_len > (size_t)0U) {
+    size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
+    for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+      size_t i0 = i;
+      Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
+          self->buf[i0], self->buf_len, self->buf_len + input_remainder_len,
+          uint8_t);
+      Eurydice_slice_copy(
+          uu____2,
+          Eurydice_slice_subslice_from(
+              inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
+          uint8_t);
+    }
+    self->buf_len = self->buf_len + input_remainder_len;
+  }
+}
+
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
+*/
+static inline void libcrux_sha3_portable_incremental_absorb_2f(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
+  Eurydice_slice buf[1U] = {input};
+  libcrux_sha3_generic_keccak_absorb_8b_c60(self, buf);
+}
+
+/**
+ Absorb a final block.
+
+ The `inputs` block may be empty. Everything in the `inputs` block beyond
+ `RATE` bytes is ignored.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+- DELIMITER= 31
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e0(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
+    Eurydice_slice inputs[1U]) {
+  libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self;
+  /* Passing arrays by value in Rust generates a copy in C */
+  Eurydice_slice copy_of_inputs[1U];
+  memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
+  size_t input_remainder_len =
+      libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs);
+  size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
+  uint8_t blocks[1U][200U] = {{0U}};
+  for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
+    size_t i0 = i;
+    if (self->buf_len > (size_t)0U) {
+      Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
+          blocks[i0], (size_t)0U, self->buf_len, uint8_t);
+      Eurydice_slice_copy(uu____2,
+                          Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U,
+                                                      self->buf_len, uint8_t),
+                          uint8_t);
+    }
+    if (input_remainder_len > (size_t)0U) {
+      Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
+          blocks[i0], self->buf_len, self->buf_len + input_remainder_len,
+          uint8_t);
+      Eurydice_slice_copy(
+          uu____3,
+          Eurydice_slice_subslice_from(
+              inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
+          uint8_t);
+    }
+    blocks[i0][self->buf_len + input_remainder_len] = 31U;
+    size_t uu____4 = i0;
+    size_t uu____5 = (size_t)168U - (size_t)1U;
+    blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U;
+  }
+  uint64_t(*uu____6)[5U] = self->inner.st;
+  uint8_t uu____7[1U][200U];
+  memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
+  libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____6, uu____7);
+  libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+}
+
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
+*/
+static inline void libcrux_sha3_portable_incremental_absorb_final_2f(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
+  Eurydice_slice buf[1U] = {input};
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(self, buf);
+}
+
+/**
+ An all zero block
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+*/
+static inline void libcrux_sha3_generic_keccak_zero_block_8b_c60(
+    uint8_t ret[168U]) {
+  ret[0U] = 0U;
+  ret[1U] = 0U;
+  ret[2U] = 0U;
+  ret[3U] = 0U;
+  ret[4U] = 0U;
+  ret[5U] = 0U;
+  ret[6U] = 0U;
+  ret[7U] = 0U;
+  ret[8U] = 0U;
+  ret[9U] = 0U;
+  ret[10U] = 0U;
+  ret[11U] = 0U;
+  ret[12U] = 0U;
+  ret[13U] = 0U;
+  ret[14U] = 0U;
+  ret[15U] = 0U;
+  ret[16U] = 0U;
+  ret[17U] = 0U;
+  ret[18U] = 0U;
+  ret[19U] = 0U;
+  ret[20U] = 0U;
+  ret[21U] = 0U;
+  ret[22U] = 0U;
+  ret[23U] = 0U;
+  ret[24U] = 0U;
+  ret[25U] = 0U;
+  ret[26U] = 0U;
+  ret[27U] = 0U;
+  ret[28U] = 0U;
+  ret[29U] = 0U;
+  ret[30U] = 0U;
+  ret[31U] = 0U;
+  ret[32U] = 0U;
+  ret[33U] = 0U;
+  ret[34U] = 0U;
+  ret[35U] = 0U;
+  ret[36U] = 0U;
+  ret[37U] = 0U;
+  ret[38U] = 0U;
+  ret[39U] = 0U;
+  ret[40U] = 0U;
+  ret[41U] = 0U;
+  ret[42U] = 0U;
+  ret[43U] = 0U;
+  ret[44U] = 0U;
+  ret[45U] = 0U;
+  ret[46U] = 0U;
+  ret[47U] = 0U;
+  ret[48U] = 0U;
+  ret[49U] = 0U;
+  ret[50U] = 0U;
+  ret[51U] = 0U;
+  ret[52U] = 0U;
+  ret[53U] = 0U;
+  ret[54U] = 0U;
+  ret[55U] = 0U;
+  ret[56U] = 0U;
+  ret[57U] = 0U;
+  ret[58U] = 0U;
+  ret[59U] = 0U;
+  ret[60U] = 0U;
+  ret[61U] = 0U;
+  ret[62U] = 0U;
+  ret[63U] = 0U;
+  ret[64U] = 0U;
+  ret[65U] = 0U;
+  ret[66U] = 0U;
+  ret[67U] = 0U;
+  ret[68U] = 0U;
+  ret[69U] = 0U;
+  ret[70U] = 0U;
+  ret[71U] = 0U;
+  ret[72U] = 0U;
+  ret[73U] = 0U;
+  ret[74U] = 0U;
+  ret[75U] = 0U;
+  ret[76U] = 0U;
+  ret[77U] = 0U;
+  ret[78U] = 0U;
+  ret[79U] = 0U;
+  ret[80U] = 0U;
+  ret[81U] = 0U;
+  ret[82U] = 0U;
+  ret[83U] = 0U;
+  ret[84U] = 0U;
+  ret[85U] = 0U;
+  ret[86U] = 0U;
+  ret[87U] = 0U;
+  ret[88U] = 0U;
+  ret[89U] = 0U;
+  ret[90U] = 0U;
+  ret[91U] = 0U;
+  ret[92U] = 0U;
+  ret[93U] = 0U;
+  ret[94U] = 0U;
+  ret[95U] = 0U;
+  ret[96U] = 0U;
+  ret[97U] = 0U;
+  ret[98U] = 0U;
+  ret[99U] = 0U;
+  ret[100U] = 0U;
+  ret[101U] = 0U;
+  ret[102U] = 0U;
+  ret[103U] = 0U;
+  ret[104U] = 0U;
+  ret[105U] = 0U;
+  ret[106U] = 0U;
+  ret[107U] = 0U;
+  ret[108U] = 0U;
+  ret[109U] = 0U;
+  ret[110U] = 0U;
+  ret[111U] = 0U;
+  ret[112U] = 0U;
+  ret[113U] = 0U;
+  ret[114U] = 0U;
+  ret[115U] = 0U;
+  ret[116U] = 0U;
+  ret[117U] = 0U;
+  ret[118U] = 0U;
+  ret[119U] = 0U;
+  ret[120U] = 0U;
+  ret[121U] = 0U;
+  ret[122U] = 0U;
+  ret[123U] = 0U;
+  ret[124U] = 0U;
+  ret[125U] = 0U;
+  ret[126U] = 0U;
+  ret[127U] = 0U;
+  ret[128U] = 0U;
+  ret[129U] = 0U;
+  ret[130U] = 0U;
+  ret[131U] = 0U;
+  ret[132U] = 0U;
+  ret[133U] = 0U;
+  ret[134U] = 0U;
+  ret[135U] = 0U;
+  ret[136U] = 0U;
+  ret[137U] = 0U;
+  ret[138U] = 0U;
+  ret[139U] = 0U;
+  ret[140U] = 0U;
+  ret[141U] = 0U;
+  ret[142U] = 0U;
+  ret[143U] = 0U;
+  ret[144U] = 0U;
+  ret[145U] = 0U;
+  ret[146U] = 0U;
+  ret[147U] = 0U;
+  ret[148U] = 0U;
+  ret[149U] = 0U;
+  ret[150U] = 0U;
+  ret[151U] = 0U;
+  ret[152U] = 0U;
+  ret[153U] = 0U;
+  ret[154U] = 0U;
+  ret[155U] = 0U;
+  ret[156U] = 0U;
+  ret[157U] = 0U;
+  ret[158U] = 0U;
+  ret[159U] = 0U;
+  ret[160U] = 0U;
+  ret[161U] = 0U;
+  ret[162U] = 0U;
+  ret[163U] = 0U;
+  ret[164U] = 0U;
+  ret[165U] = 0U;
+  ret[166U] = 0U;
+  ret[167U] = 0U;
+}
+
+/**
+ Generate a new keccak xof state.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.new_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+*/
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
+libcrux_sha3_generic_keccak_new_8b_c60(void) {
+  libcrux_sha3_generic_keccak_KeccakXofState_97 lit;
+  lit.inner = libcrux_sha3_generic_keccak_new_89_04();
+  uint8_t ret[168U];
+  libcrux_sha3_generic_keccak_zero_block_8b_c60(ret);
+  memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t));
+  lit.buf_len = (size_t)0U;
+  lit.sponge = false;
+  return lit;
+}
+
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
+*/
+static inline libcrux_sha3_generic_keccak_KeccakXofState_97
+libcrux_sha3_portable_incremental_new_2f(void) {
+  return libcrux_sha3_generic_keccak_new_8b_c60();
+}
+
+/**
+ `out` has the exact size we want here. It must be less than or equal to `RATE`.
+*/
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
+with const generics
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_3a(
+    uint64_t (*state)[5U], Eurydice_slice out[1U]) {
+  size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
+  size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
+  for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+  if (last_block_len != (size_t)0U) {
+    Eurydice_slice uu____1 = Eurydice_slice_subslice2(
+        out[0U], num_full_blocks * (size_t)8U,
+        num_full_blocks * (size_t)8U + last_block_len, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(
+        state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____1,
+        Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
+        uint8_t);
+  }
+}
+
+/**
+ Squeeze `N` x `LEN` bytes.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 168
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self,
+    Eurydice_slice out[1U]) {
+  if (self->sponge) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+  }
+  size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = out_len / (size_t)168U;
+  size_t last = out_len - out_len % (size_t)168U;
+  size_t mid;
+  if ((size_t)168U >= out_len) {
+    mid = out_len;
+  } else {
+    mid = (size_t)168U;
+  }
+  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
+  Eurydice_slice out00[1U];
+  memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice out_rest[1U];
+  memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
+          core_ops_range_Range_08, core_ops_range_Range_08);
+  while (true) {
+    if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+            &iter, size_t, Option_08)
+            .tag == None) {
+      break;
+    } else {
+      Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+                                                         (size_t)168U);
+      Eurydice_slice out0[1U];
+      memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
+      Eurydice_slice tmp[1U];
+      memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out0);
+      memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
+    }
+  }
+  if (last < out_len) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out_rest);
+  }
+  self->sponge = true;
+}
+
+/**
+ Shake128 squeeze
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
+*/
+static inline void libcrux_sha3_portable_incremental_squeeze_2f(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out) {
+  Eurydice_slice buf[1U] = {out};
+  libcrux_sha3_generic_keccak_squeeze_8b_c60(self, buf);
+}
+
+/**
+This function found in impl {(core::clone::Clone for
+libcrux_sha3::portable::KeccakState)}
+*/
+static inline libcrux_sha3_generic_keccak_KeccakState_17
+libcrux_sha3_portable_clone_3d(
+    libcrux_sha3_generic_keccak_KeccakState_17 *self) {
+  return self[0U];
+}
+
+/**
+This function found in impl {(core::convert::From<libcrux_sha3::Algorithm> for
+u32)#1}
+*/
+static inline uint32_t libcrux_sha3_from_eb(libcrux_sha3_Algorithm v) {
+  uint32_t uu____0;
+  switch (v) {
+    case libcrux_sha3_Sha224: {
+      uu____0 = 1U;
+      break;
+    }
+    case libcrux_sha3_Sha256: {
+      uu____0 = 2U;
+      break;
+    }
+    case libcrux_sha3_Sha384: {
+      uu____0 = 3U;
+      break;
+    }
+    case libcrux_sha3_Sha512: {
+      uu____0 = 4U;
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
+                        __LINE__);
+      KRML_HOST_EXIT(253U);
+    }
+  }
+  return uu____0;
+}
+
+/**
+This function found in impl {(core::convert::From<u32> for
+libcrux_sha3::Algorithm)}
+*/
+static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) {
+  libcrux_sha3_Algorithm uu____0;
+  switch (v) {
+    case 1U: {
+      uu____0 = libcrux_sha3_Sha224;
+      break;
+    }
+    case 2U: {
+      uu____0 = libcrux_sha3_Sha256;
+      break;
+    }
+    case 3U: {
+      uu____0 = libcrux_sha3_Sha384;
+      break;
+    }
+    case 4U: {
+      uu____0 = libcrux_sha3_Sha512;
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                        "panic!");
+      KRML_HOST_EXIT(255U);
+    }
+  }
+  return uu____0;
+}
+
+typedef uint8_t libcrux_sha3_Sha3_512Digest[64U];
+
+typedef uint8_t libcrux_sha3_Sha3_384Digest[48U];
+
+typedef uint8_t libcrux_sha3_Sha3_256Digest[32U];
+
+typedef uint8_t libcrux_sha3_Sha3_224Digest[28U];
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __libcrux_sha3_portable_H_DEFINED
+#endif

From 4fe679b931de6d3277233a9a22b67a64cb38e8e0 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 6 Dec 2024 15:15:59 +0000
Subject: [PATCH 071/142] Fix verification

---
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       |  2 +-
 .../extraction/Libcrux_ml_kem.Ind_cpa.fst     | 91 +++++++++++++------
 libcrux-ml-kem/src/ind_cca.rs                 |  2 +-
 libcrux-ml-kem/src/ind_cpa.rs                 | 78 +++++++++++++---
 4 files changed, 128 insertions(+), 45 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index 5e641a876..e726f4578 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -647,7 +647,7 @@ let impl_4__serialized_public_key
     v_PUBLIC_KEY_SIZE
     self.f_public_key
 
-#push-options "--z3rlimit 800 --ext context_pruning"
+#push-options "--z3rlimit 1500 --ext context_pruning --z3refresh"
 
 let generate_keypair
       (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 25428a076..2c73c49b7 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -12,7 +12,7 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
-#push-options "--z3rlimit 120 --ext context_pruning"
+#push-options "--z3rlimit 800 --ext context_pruning"
 
 let deserialize_secret_key
       (v_K: usize)
@@ -163,6 +163,57 @@ let build_unpacked_public_key
   in
   unpacked_public_key
 
+let sample_ring_element_cbd_helper_1
+      (v_K: usize)
+      (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma 
+        (requires Spec.MLKEM.is_rank v_K /\ v domain_separator < 2 * v v_K /\
+          (forall (i: nat). i < v v_K ==>
+            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\
+            Seq.slice (Seq.index prf_inputs i) 0 32 == Seq.slice prf_input 0 32))
+        (ensures prf_inputs == createi v_K
+          (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    let lemma_aux (i: nat{i < v v_K}) : Lemma
+        (prf_inputs.[ sz i ] == (Seq.append (Seq.slice prf_input 0 32) (Seq.create 1
+          (mk_int #u8_inttype (v (domain_separator +! (mk_int #u8_inttype i))))))) =
+      Lib.Sequence.eq_intro #u8 #33 prf_inputs.[ sz i ]
+        (Seq.append (Seq.slice prf_input 0 32)
+          (Seq.create 1 (mk_int #u8_inttype (v domain_separator + i))))
+    in
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
+      (createi v_K (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+
+let sample_ring_element_cbd_helper_2
+      (v_K v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (error_1: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma
+        (requires Spec.MLKEM.is_rank v_K /\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+          v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+          v domain_separator < 2 * v v_K /\ 
+          (let prf_outputs = Spec.MLKEM.v_PRFxN v_K v_ETA2_RANDOMNESS_SIZE
+            (createi v_K (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+              (Seq.slice prf_input 0 32) (sz (v domain_separator)))) in 
+          forall (i: nat). i < v v_K ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector error_1.[ sz i ] ==
+            Spec.MLKEM.sample_poly_cbd v_ETA2 prf_outputs.[ sz i ]))
+        (ensures Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1 ==
+          (Spec.MLKEM.sample_vector_cbd2 #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1) 
+    (Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))
+
 #push-options "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
 
 let sample_ring_element_cbd
@@ -194,26 +245,7 @@ let sample_ring_element_cbd
   let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in
   let domain_separator:u8 = out in
   let _:Prims.unit =
-    let lemma_aux (i: nat{i < v v_K})
-        : Lemma
-        (prf_inputs.[ sz i ] ==
-          (Seq.append (Seq.slice prf_input 0 32)
-              (Seq.create 1
-                  (mk_int #u8_inttype (v (v__domain_separator_init +! (mk_int #u8_inttype i))))))) =
-      Lib.Sequence.eq_intro #u8
-        #33
-        prf_inputs.[ sz i ]
-        (Seq.append (Seq.slice prf_input 0 32)
-            (Seq.create 1 (mk_int #u8_inttype (v v__domain_separator_init + i))))
-    in
-    Classical.forall_intro lemma_aux;
-    Lib.Sequence.eq_intro #(t_Array u8 (sz 33))
-      #(v v_K)
-      prf_inputs
-      (createi v_K
-          (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
-              (Seq.slice prf_input 0 32)
-              (sz (v v__domain_separator_init))))
+    sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input v__domain_separator_init
   in
   let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array
     (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K =
@@ -253,12 +285,13 @@ let sample_ring_element_cbd
           error_1_)
   in
   let _:Prims.unit =
-    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial)
-      #(v v_K)
-      (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1_)
-      (Spec.MLKEM.sample_vector_cbd2 #v_K
-          (Seq.slice prf_input 0 32)
-          (sz (v v__domain_separator_init)))
+    sample_ring_element_cbd_helper_2 v_K
+      v_ETA2
+      v_ETA2_RANDOMNESS_SIZE
+      #v_Vector
+      error_1_
+      prf_input
+      v__domain_separator_init
   in
   error_1_, domain_separator
   <:
@@ -319,7 +352,7 @@ let sample_vector_cbd_then_ntt_helper_2
       (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
         (Seq.slice prf_input 0 32) (sz (v domain_separator)))
 
-#push-options "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
+#push-options "--max_fuel 25 --z3rlimit 2500 --ext context_pruning --z3refresh --split_queries always"
 
 let sample_vector_cbd_then_ntt
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
@@ -991,7 +1024,7 @@ let decrypt
     secret_key_unpacked
     ciphertext
 
-#push-options "--z3rlimit 200 --ext context_pruning --z3refresh"
+#push-options "--z3rlimit 1000 --ext context_pruning --z3refresh"
 
 let serialize_secret_key
       (v_K v_OUT_LEN: usize)
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 18ae0db4a..bc7c45428 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -861,7 +861,7 @@ pub(crate) mod unpacked {
 
     /// Generate Unpacked Keys
     #[inline(always)]
-    #[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning")]
+    #[hax_lib::fstar::options("--z3rlimit 1500 --ext context_pruning --z3refresh")]
     #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index b40bd07ae..144e79e48 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -128,7 +128,7 @@ pub(crate) fn serialize_public_key_mut<
 
 /// Call [`serialize_uncompressed_ring_element`] for each ring element.
 #[inline(always)]
-#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
+#[hax_lib::fstar::options("--z3rlimit 1000 --ext context_pruning --z3refresh")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     (forall (i:nat). i < v $K ==>
@@ -178,6 +178,60 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
 #[hax_lib::fstar::options(
     "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
 )]
+#[cfg_attr(hax, hax_lib::fstar::before("let sample_ring_element_cbd_helper_2
+      (v_K v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+      (error_1: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma
+        (requires Spec.MLKEM.is_rank v_K /\\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\\
+          v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\\
+          v domain_separator < 2 * v v_K /\\ 
+          (let prf_outputs = Spec.MLKEM.v_PRFxN v_K v_ETA2_RANDOMNESS_SIZE
+            (createi v_K (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+              (Seq.slice prf_input 0 32) (sz (v domain_separator)))) in 
+          forall (i: nat). i < v v_K ==>
+            Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector error_1.[ sz i ] ==
+            Spec.MLKEM.sample_poly_cbd v_ETA2 prf_outputs.[ sz i ]))
+        (ensures Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1 ==
+          (Spec.MLKEM.sample_vector_cbd2 #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1) 
+    (Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))"))]
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::before(
+        "let sample_ring_element_cbd_helper_1
+      (v_K: usize)
+      (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
+      (prf_input: t_Array u8 (sz 33))
+      (domain_separator: u8) : Lemma 
+        (requires Spec.MLKEM.is_rank v_K /\\ v domain_separator < 2 * v v_K /\\
+          (forall (i: nat). i < v v_K ==>
+            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\\
+            Seq.slice (Seq.index prf_inputs i) 0 32 == Seq.slice prf_input 0 32))
+        (ensures prf_inputs == createi v_K
+          (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+            (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+    =
+    let lemma_aux (i: nat{i < v v_K}) : Lemma
+        (prf_inputs.[ sz i ] == (Seq.append (Seq.slice prf_input 0 32) (Seq.create 1
+          (mk_int #u8_inttype (v (domain_separator +! (mk_int #u8_inttype i))))))) =
+      Lib.Sequence.eq_intro #u8 #33 prf_inputs.[ sz i ]
+        (Seq.append (Seq.slice prf_input 0 32)
+          (Seq.create 1 (mk_int #u8_inttype (v domain_separator + i))))
+    in
+    Classical.forall_intro lemma_aux;
+    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
+      (createi v_K (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"
+    )
+)]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
@@ -203,14 +257,9 @@ fn sample_ring_element_cbd<
     // See https://github.com/hacspec/hax/issues/1167
     let _domain_separator_init = domain_separator;
     domain_separator = prf_input_inc::<K>(&mut prf_inputs, domain_separator);
-    hax_lib::fstar!("let lemma_aux (i:nat{ i < v $K }) : Lemma (${prf_inputs}.[sz i] == (Seq.append (Seq.slice $prf_input 0 32) 
-        (Seq.create 1 (mk_int #u8_inttype (v ($_domain_separator_init +! (mk_int #u8_inttype i))))))) =
-        Lib.Sequence.eq_intro #u8 #33 ${prf_inputs}.[sz i] (Seq.append (Seq.slice $prf_input 0 32) 
-        (Seq.create 1 (mk_int #u8_inttype (v $_domain_separator_init + i)))) in
-
-    Classical.forall_intro lemma_aux;
-    Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v $K) $prf_inputs 
-        (createi $K (Spec.MLKEM.sample_vector_cbd2_prf_input #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init))))");
+    hax_lib::fstar!(
+        "sample_ring_element_cbd_helper_1 $K $prf_inputs $prf_input $_domain_separator_init"
+    );
     let prf_outputs: [[u8; ETA2_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs);
     for i in 0..K {
         hax_lib::loop_invariant!(|i: usize| {
@@ -222,9 +271,10 @@ fn sample_ring_element_cbd<
         });
         error_1[i] = sample_from_binomial_distribution::<ETA2, Vector>(&prf_outputs[i]);
     }
-    hax_lib::fstar!("Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v $K)
-    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $error_1) 
-    (Spec.MLKEM.sample_vector_cbd2 #$K (Seq.slice $prf_input 0 32) (sz (v $_domain_separator_init)))");
+    hax_lib::fstar!(
+        "sample_ring_element_cbd_helper_2
+        $K $ETA2 $ETA2_RANDOMNESS_SIZE #$:Vector error_1_ $prf_input $_domain_separator_init"
+    );
     (error_1, domain_separator)
 }
 
@@ -232,7 +282,7 @@ fn sample_ring_element_cbd<
 /// convert them into their NTT representations.
 #[inline(always)]
 #[hax_lib::fstar::options(
-    "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
+    "--max_fuel 25 --z3rlimit 2500 --ext context_pruning --z3refresh --split_queries always"
 )]
 #[cfg_attr(hax, hax_lib::fstar::before("let sample_vector_cbd_then_ntt_helper_2
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
@@ -962,7 +1012,7 @@ fn deserialize_then_decompress_u<
 
 /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
 #[inline(always)]
-#[hax_lib::fstar::options("--ext context_pruning")]
+#[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning")]
 #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
     length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     v (${secret_key.len()}) / v $BYTES_PER_RING_ELEMENT <= v $K"))]

From 0972f988faf05f2e5fbe0d3722347c007f574f2f Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 6 Dec 2024 15:56:21 +0000
Subject: [PATCH 072/142] Fix verification

---
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst  | 2 +-
 libcrux-ml-kem/src/vector/avx2/arithmetic.rs                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
index 6f960e706..a80c67948 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
@@ -184,7 +184,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
 
 #pop-options
 
-#push-options "--z3rlimit 200"
+#push-options "--z3rlimit 100 --ext context_pruning"
 
 let montgomery_multiply_by_constant
       (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256)
diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
index 8c9f3ae9a..38cc0f4cd 100644
--- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
@@ -165,7 +165,7 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100 --ext context_pruning"))]
 #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 

From 0273d4a24842b89ebda8dc0374f6019bb949924d Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 16:13:33 +0000
Subject: [PATCH 073/142] more fixes for C (extracting but broken)

---
 libcrux-ml-dsa/src/encoding/gamma1.rs    | 32 +++-----
 libcrux-ml-dsa/src/encoding/signature.rs |  3 +-
 libcrux-ml-dsa/src/helper.rs             | 59 ++++++++------
 libcrux-ml-dsa/src/polynomial.rs         |  7 +-
 libcrux-ml-dsa/src/sample.rs             | 97 +++++++++++++-----------
 libcrux-ml-dsa/src/types.rs              |  4 +-
 6 files changed, 106 insertions(+), 96 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/gamma1.rs b/libcrux-ml-dsa/src/encoding/gamma1.rs
index 09e93f725..cf68b1fef 100644
--- a/libcrux-ml-dsa/src/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/encoding/gamma1.rs
@@ -42,21 +42,13 @@ pub(crate) fn serialize<
 #[inline(always)]
 pub(crate) fn deserialize<SIMDUnit: Operations, const GAMMA1_EXPONENT: usize>(
     serialized: &[u8],
-) -> PolynomialRingElement<SIMDUnit> {
-    let mut serialized_chunks = match GAMMA1_EXPONENT as u8 {
-        17 => serialized.chunks(18),
-        19 => serialized.chunks(20),
-        _ => unreachable!(),
-    };
-
-    let mut result = PolynomialRingElement::<SIMDUnit>::ZERO();
-
+    result: &mut PolynomialRingElement<SIMDUnit>,
+) {
     for i in 0..result.simd_units.len() {
-        result.simd_units[i] =
-            SIMDUnit::gamma1_deserialize::<GAMMA1_EXPONENT>(&serialized_chunks.next().unwrap());
+        result.simd_units[i] = SIMDUnit::gamma1_deserialize::<GAMMA1_EXPONENT>(
+            &serialized[i * (GAMMA1_EXPONENT + 1)..(i + 1) * (GAMMA1_EXPONENT + 1)],
+        );
     }
-
-    result
 }
 
 #[cfg(test)]
@@ -199,10 +191,9 @@ mod tests {
             -69944, -100373, 94602,
         ];
 
-        assert_eq!(
-            deserialize::<SIMDUnit, 17>(&bytes).to_i32_array(),
-            expected_coefficients
-        );
+        let mut result = PolynomialRingElement::<SIMDUnit>::ZERO();
+        deserialize::<SIMDUnit, 17>(&bytes, &mut result);
+        assert_eq!(result.to_i32_array(), expected_coefficients);
 
         let bytes: [u8; 640] = [
             253, 11, 216, 60, 251, 71, 79, 187, 242, 250, 209, 44, 72, 206, 98, 3, 22, 91, 184, 22,
@@ -270,10 +261,9 @@ mod tests {
             -138892, -414002, 42982,
         ];
 
-        assert_eq!(
-            deserialize::<SIMDUnit, 19>(&bytes).to_i32_array(),
-            expected_coefficients
-        );
+        let mut result = PolynomialRingElement::<SIMDUnit>::ZERO();
+        deserialize::<SIMDUnit, 19>(&bytes, &mut result);
+        assert_eq!(result.to_i32_array(), expected_coefficients);
     }
 
     #[cfg(not(feature = "simd256"))]
diff --git a/libcrux-ml-dsa/src/encoding/signature.rs b/libcrux-ml-dsa/src/encoding/signature.rs
index 763b9abca..6377f5e33 100644
--- a/libcrux-ml-dsa/src/encoding/signature.rs
+++ b/libcrux-ml-dsa/src/encoding/signature.rs
@@ -87,9 +87,10 @@ impl<
         let mut signer_response = [PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A];
 
         for i in 0..COLUMNS_IN_A {
-            signer_response[i] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(
                 &signer_response_serialized
                     [i * GAMMA1_RING_ELEMENT_SIZE..(i + 1) * GAMMA1_RING_ELEMENT_SIZE],
+                &mut signer_response[i],
             );
         }
 
diff --git a/libcrux-ml-dsa/src/helper.rs b/libcrux-ml-dsa/src/helper.rs
index ef66362c3..daccf62b5 100644
--- a/libcrux-ml-dsa/src/helper.rs
+++ b/libcrux-ml-dsa/src/helper.rs
@@ -1,7 +1,7 @@
 /// The following macros are defined so that the extraction from Rust to C code
 /// can go through.
 
-// #[cfg(eurydice)]
+#[cfg(eurydice)]
 macro_rules! cloop {
     (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
         for $i in 0..$val.$values.len() / ($($chunk_size)*) {
@@ -15,6 +15,12 @@ macro_rules! cloop {
             $body
         }
     };
+    (for $chunk:ident in $values:ident.chunks_exact($($chunk_size:expr),*) $body:block) => {
+        for _cloop_i in 0..$values.len() / ($($chunk_size)*) {
+            let $chunk = &$values[_cloop_i*($($chunk_size)*) .. _cloop_i*($($chunk_size)*)+($($chunk_size)*)];
+            $body
+        }
+    };
     (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
         for $i in 0..$val.len() {
             let $item = &$val[$i];
@@ -47,29 +53,32 @@ macro_rules! cloop {
     };
 }
 
-// #[cfg(not(eurydice))]
-// macro_rules! cloop {
-//     (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-//         for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body
-//     };
-//     (for ($i:ident, $chunk:ident) in $val:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
-//         for ($i, $chunk) in $val.chunks_exact($($chunk_size),*).enumerate() $body
-//     };
-//     (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
-//         for ($i, $item) in $val.iter().enumerate() $body
-//     };
-//     (for $item:ident in $val:ident.iter() $body:block) => {
-//         for $item in $val.iter() $body
-//     };
-//     (for ($i:ident, $item:ident) in $self:ident.$val:ident.iter().enumerate() $body:block) => {
-//         for ($i, $item) in $self.$val.iter().enumerate() $body
-//     };
-//     (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
-//         for ($i, $item) in $val.into_iter().enumerate() $body
-//     };
-//     (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
-//         for $i in ($start..$end).step_by($step) $body
-//     };
-// }
+#[cfg(not(eurydice))]
+macro_rules! cloop {
+    (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
+        for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body
+    };
+    (for ($i:ident, $chunk:ident) in $val:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => {
+        for ($i, $chunk) in $val.chunks_exact($($chunk_size),*).enumerate() $body
+    };
+    (for $chunk:ident in $values:ident.chunks_exact($($chunk_size:expr),*) $body:block) => {
+        for $chunk in $values.chunks_exact($($chunk_size),*) $body
+    };
+    (for ($i:ident, $item:ident) in $val:ident.iter().enumerate() $body:block) => {
+        for ($i, $item) in $val.iter().enumerate() $body
+    };
+    (for $item:ident in $val:ident.iter() $body:block) => {
+        for $item in $val.iter() $body
+    };
+    (for ($i:ident, $item:ident) in $self:ident.$val:ident.iter().enumerate() $body:block) => {
+        for ($i, $item) in $self.$val.iter().enumerate() $body
+    };
+    (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
+        for ($i, $item) in $val.into_iter().enumerate() $body
+    };
+    (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
+        for $i in ($start..$end).step_by($step) $body
+    };
+}
 
 pub(crate) use cloop;
diff --git a/libcrux-ml-dsa/src/polynomial.rs b/libcrux-ml-dsa/src/polynomial.rs
index 2b2884abe..872e24a4b 100644
--- a/libcrux-ml-dsa/src/polynomial.rs
+++ b/libcrux-ml-dsa/src/polynomial.rs
@@ -36,12 +36,11 @@ impl<SIMDUnit: Operations> PolynomialRingElement<SIMDUnit> {
     pub(crate) fn from_i32_array(array: &[i32]) -> Self {
         debug_assert!(array.len() >= 256);
 
-        let mut array_chunks = array.chunks(COEFFICIENTS_IN_SIMD_UNIT);
-
         let mut result = Self::ZERO();
-
         for i in 0..SIMD_UNITS_IN_RING_ELEMENT {
-            result.simd_units[i] = SIMDUnit::from_coefficient_array(&array_chunks.next().unwrap());
+            result.simd_units[i] = SIMDUnit::from_coefficient_array(
+                &array[i * COEFFICIENTS_IN_SIMD_UNIT..(i + 1) * COEFFICIENTS_IN_SIMD_UNIT],
+            );
         }
         result
     }
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 14bcdca69..ed61cbe7e 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -2,6 +2,7 @@ use crate::{
     constants::COEFFICIENTS_IN_RING_ELEMENT,
     encoding,
     hash_functions::{shake128, shake256},
+    helper::cloop,
     polynomial::PolynomialRingElement,
     simd::traits::Operations,
 };
@@ -14,16 +15,18 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
 ) -> bool {
     let mut done = false;
 
-    for random_bytes in randomness.chunks(24) {
-        if !done {
-            let sampled = SIMDUnit::rejection_sample_less_than_field_modulus(
-                random_bytes,
-                &mut out[*sampled_coefficients..],
-            );
-            *sampled_coefficients += sampled;
-
-            if *sampled_coefficients >= COEFFICIENTS_IN_RING_ELEMENT {
-                done = true;
+    cloop! {
+        for random_bytes in randomness.chunks_exact(24) {
+            if !done {
+                let sampled = SIMDUnit::rejection_sample_less_than_field_modulus(
+                    random_bytes,
+                    &mut out[*sampled_coefficients..],
+                );
+                *sampled_coefficients += sampled;
+
+                if *sampled_coefficients >= COEFFICIENTS_IN_RING_ELEMENT {
+                    done = true;
+                }
             }
         }
     }
@@ -168,16 +171,18 @@ fn rejection_sample_less_than_eta_equals_2<SIMDUnit: Operations>(
 
     // Since each byte can be used to sample up to 2 coefficients, and since
     // a single SIMDUnit can hold 8 coefficients, we pass in 4 bytes of randomness.
-    for random_bytes in randomness.chunks(4) {
-        if !done {
-            let sampled = SIMDUnit::rejection_sample_less_than_eta_equals_2(
-                random_bytes,
-                &mut out[*sampled_coefficients..],
-            );
-            *sampled_coefficients += sampled;
-
-            if *sampled_coefficients >= COEFFICIENTS_IN_RING_ELEMENT {
-                done = true;
+    cloop! {
+        for random_bytes in randomness.chunks_exact(4) {
+            if !done {
+                let sampled = SIMDUnit::rejection_sample_less_than_eta_equals_2(
+                    random_bytes,
+                    &mut out[*sampled_coefficients..],
+                );
+                *sampled_coefficients += sampled;
+
+                if *sampled_coefficients >= COEFFICIENTS_IN_RING_ELEMENT {
+                    done = true;
+                }
             }
         }
     }
@@ -194,16 +199,18 @@ fn rejection_sample_less_than_eta_equals_4<SIMDUnit: Operations>(
 
     // Since each byte can be used to sample up to 2 coefficients, and since
     // a single SIMDUnit can hold 8 coefficients, we pass in 4 bytes of randomness.
-    for random_bytes in randomness.chunks(4) {
-        if !done {
-            let sampled = SIMDUnit::rejection_sample_less_than_eta_equals_4(
-                random_bytes,
-                &mut out[*sampled_coefficients..],
-            );
-            *sampled_coefficients += sampled;
-
-            if *sampled_coefficients >= COEFFICIENTS_IN_RING_ELEMENT {
-                done = true;
+    cloop! {
+        for random_bytes in randomness.chunks_exact(4) {
+            if !done {
+                let sampled = SIMDUnit::rejection_sample_less_than_eta_equals_4(
+                    random_bytes,
+                    &mut out[*sampled_coefficients..],
+                );
+                *sampled_coefficients += sampled;
+
+                if *sampled_coefficients >= COEFFICIENTS_IN_RING_ELEMENT {
+                    done = true;
+                }
             }
         }
     }
@@ -343,17 +350,18 @@ fn sample_mask_ring_element<
     const GAMMA1_EXPONENT: usize,
 >(
     seed: [u8; 66],
-) -> PolynomialRingElement<SIMDUnit> {
+    result: &mut PolynomialRingElement<SIMDUnit>,
+) {
     match GAMMA1_EXPONENT as u8 {
         17 => {
             let mut out = [0u8; 576];
             Shake256::shake256::<576>(&seed, &mut out);
-            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out)
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out, result);
         }
         19 => {
             let mut out = [0u8; 640];
             Shake256::shake256::<640>(&seed, &mut out);
-            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out)
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out, result);
         }
         _ => unreachable!(),
     }
@@ -390,10 +398,10 @@ pub(crate) fn sample_mask_vector<
             Shake256X4::shake256_x4(
                 &seed0, &seed1, &seed2, &seed3, &mut out0, &mut out1, &mut out2, &mut out3,
             );
-            mask[0] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out0);
-            mask[1] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out1);
-            mask[2] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out2);
-            mask[3] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out3);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out0, &mut mask[0]);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out1, &mut mask[1]);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out2, &mut mask[2]);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out3, &mut mask[3]);
         }
         19 => {
             let mut out0 = [0; 640];
@@ -403,10 +411,10 @@ pub(crate) fn sample_mask_vector<
             Shake256X4::shake256_x4(
                 &seed0, &seed1, &seed2, &seed3, &mut out0, &mut out1, &mut out2, &mut out3,
             );
-            mask[0] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out0);
-            mask[1] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out1);
-            mask[2] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out2);
-            mask[3] = encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out3);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out0, &mut mask[0]);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out1, &mut mask[1]);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out2, &mut mask[2]);
+            encoding::gamma1::deserialize::<SIMDUnit, GAMMA1_EXPONENT>(&out3, &mut mask[3]);
         }
         _ => unreachable!(),
     }
@@ -418,7 +426,7 @@ pub(crate) fn sample_mask_vector<
         *domain_separator += 1;
 
         // TODO: For 87 we may want to do another 4 and discard 1.
-        mask[i] = sample_mask_ring_element::<SIMDUnit, Shake256, GAMMA1_EXPONENT>(seed);
+        sample_mask_ring_element::<SIMDUnit, Shake256, GAMMA1_EXPONENT>(seed, &mut mask[i]);
     }
 
     mask
@@ -669,7 +677,10 @@ mod tests {
         );
     }
 
-    fn test_sample_challenge_ring_element_generic<SIMDUnit: Operations, Shake256: shake256::DsaXof>() {
+    fn test_sample_challenge_ring_element_generic<
+        SIMDUnit: Operations,
+        Shake256: shake256::DsaXof,
+    >() {
         // When TAU = 39
         let seed: [u8; 32] = [
             3, 9, 159, 119, 236, 6, 207, 7, 103, 108, 187, 137, 222, 35, 37, 30, 79, 224, 204, 186,
diff --git a/libcrux-ml-dsa/src/types.rs b/libcrux-ml-dsa/src/types.rs
index 8cc04494d..c944ffa92 100644
--- a/libcrux-ml-dsa/src/types.rs
+++ b/libcrux-ml-dsa/src/types.rs
@@ -66,7 +66,7 @@ pub struct MLDSAKeyPair<const VERIFICATION_KEY_SIZE: usize, const SIGNING_KEY_SI
     pub verification_key: MLDSAVerificationKey<VERIFICATION_KEY_SIZE>,
 }
 
-#[derive(Debug)]
+#[cfg_attr(not(eurydice), derive(Debug))]
 pub enum VerificationError {
     MalformedHintError,
     SignerResponseExceedsBoundError,
@@ -76,7 +76,7 @@ pub enum VerificationError {
     VerificationContextTooLongError,
 }
 
-#[derive(Debug)]
+#[cfg_attr(not(eurydice), derive(Debug))]
 pub enum SigningError {
     RejectionSamplingError,
     ContextTooLongError,

From 234b7d2b5171b5f1adc2a32822b74c821fcc43dd Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 16:14:25 +0000
Subject: [PATCH 074/142] wip cg boilerplate

---
 libcrux-ml-dsa/cg/.gitignore                  |   1 +
 libcrux-ml-dsa/cg/CMakeLists.txt              | 143 ++++++
 libcrux-ml-dsa/cg/code_gen.txt                |   2 +-
 libcrux-ml-dsa/cg/eurydice_glue.h             | 177 ++++++++
 libcrux-ml-dsa/cg/header.txt                  |   2 +-
 .../cg/intrinsics/libcrux_intrinsics_avx2.h   | 216 +++++++++
 libcrux-ml-dsa/cg/karamel/endianness.h        | 228 ++++++++++
 libcrux-ml-dsa/cg/karamel/target.h            |  55 +++
 libcrux-ml-dsa/cg/libcrux_core.h              |  33 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h      | 264 +++--------
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h  | 425 +++++-------------
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h         |   2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h     |   2 +-
 libcrux-ml-dsa/cg/tests/mldsa65.cc            |  53 +++
 14 files changed, 1058 insertions(+), 545 deletions(-)
 create mode 100644 libcrux-ml-dsa/cg/.gitignore
 create mode 100644 libcrux-ml-dsa/cg/CMakeLists.txt
 create mode 100644 libcrux-ml-dsa/cg/eurydice_glue.h
 create mode 100644 libcrux-ml-dsa/cg/intrinsics/libcrux_intrinsics_avx2.h
 create mode 100644 libcrux-ml-dsa/cg/karamel/endianness.h
 create mode 100644 libcrux-ml-dsa/cg/karamel/target.h
 create mode 100644 libcrux-ml-dsa/cg/tests/mldsa65.cc

diff --git a/libcrux-ml-dsa/cg/.gitignore b/libcrux-ml-dsa/cg/.gitignore
new file mode 100644
index 000000000..567609b12
--- /dev/null
+++ b/libcrux-ml-dsa/cg/.gitignore
@@ -0,0 +1 @@
+build/
diff --git a/libcrux-ml-dsa/cg/CMakeLists.txt b/libcrux-ml-dsa/cg/CMakeLists.txt
new file mode 100644
index 000000000..b16bf8883
--- /dev/null
+++ b/libcrux-ml-dsa/cg/CMakeLists.txt
@@ -0,0 +1,143 @@
+# cmake -B build -G "Ninja Multi-Config"
+# cmake --build build
+# # For release (benchmarks)
+# cmake --build build --config Release
+
+cmake_minimum_required(VERSION 3.10)
+
+project(libcrux-ml-dsa
+    VERSION 0.1.0
+    LANGUAGES C CXX
+)
+
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_CXX_STANDARD 20)
+
+if(NOT MSVC)
+    add_compile_options(
+        -Wall
+        -fstack-usage
+        -Wunused-function
+        $<$<CONFIG:DEBUG>:-g>
+        $<$<CONFIG:DEBUG>:-Og>
+        $<$<CONFIG:RELEASE>:-g>
+        $<$<CONFIG:RELEASE>:-O3>
+    )
+endif(NOT MSVC)
+
+if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND
+    CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR
+    (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND
+    CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6"))
+    add_compile_options(-Werror -Wframe-larger-than=25344)
+endif()
+
+set(CMAKE_COLOR_DIAGNOSTICS "ON")
+set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
+include_directories(
+    ${PROJECT_SOURCE_DIR}
+    ${PROJECT_SOURCE_DIR}/karamel
+)
+
+if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64")
+    message(STATUS "Detected an x64 architecture")
+    add_compile_definitions(LIBCRUX_X64)
+endif()
+
+if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8" AND DEFINED ENV{LIBCRUX_NEON})
+    message(STATUS "Detected an arm64 architecture")
+    add_compile_definitions(LIBCRUX_AARCH64)
+endif()
+
+# --- Tests
+
+# Get gtests
+include(FetchContent)
+FetchContent_Declare(googletest
+    DOWNLOAD_EXTRACT_TIMESTAMP TRUE
+    URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip
+)
+
+# For Windows: Prevent overriding the parent project's compiler/linker settings
+set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+FetchContent_MakeAvailable(googletest)
+
+# Get nlohmann json
+FetchContent_Declare(json
+    DOWNLOAD_EXTRACT_TIMESTAMP TRUE
+    URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip
+)
+FetchContent_MakeAvailable(json)
+
+add_executable(ml_dsa_test
+    ${PROJECT_SOURCE_DIR}/tests/mldsa65.cc
+)
+target_link_libraries(ml_dsa_test PRIVATE
+    gtest_main
+    nlohmann_json::nlohmann_json
+)
+
+# add_executable(kyber_test
+#     ${PROJECT_SOURCE_DIR}/tests/kyber768.cc
+# )
+# target_link_libraries(kyber_test PRIVATE
+#     gtest_main
+#     nlohmann_json::nlohmann_json
+# )
+
+# add_executable(sha3_test
+#     ${PROJECT_SOURCE_DIR}/tests/sha3.cc
+# )
+# target_link_libraries(sha3_test PRIVATE
+#     gtest_main
+#     nlohmann_json::nlohmann_json
+# )
+
+# # --- Benchmarks
+# if(DEFINED ENV{LIBCRUX_BENCHMARKS})
+#     FetchContent_Declare(benchmark
+#         GIT_REPOSITORY https://github.com/google/benchmark.git
+#         GIT_TAG v1.8.4
+#     )
+#     FetchContent_MakeAvailable(benchmark)
+
+#     add_executable(ml_dsa_bench
+#         ${PROJECT_SOURCE_DIR}/benches/mldsa768.cc
+#     )
+#     target_link_libraries(ml_dsa_bench PRIVATE
+#         benchmark::benchmark
+#     )
+
+#     if(DEFINED ENV{SYMCRYPT_PATH})
+#         message("Symcrypt path: $ENV{SYMCRYPT_PATH}")
+#         add_compile_definitions(LIBCRUX_SYMCRYPT)
+#         target_include_directories(ml_dsa_bench PRIVATE $ENV{SYMCRYPT_PATH})
+#         target_link_directories(ml_dsa_bench PRIVATE $ENV{SYMCRYPT_PATH}/bin/lib)
+#         target_link_libraries(ml_dsa_bench PRIVATE symcrypt)
+#     endif(DEFINED ENV{SYMCRYPT_PATH})
+
+#     add_executable(ml_dsa_keygen
+#         ${PROJECT_SOURCE_DIR}/benches/mldsa768_keygen.cc
+#     )
+#     target_link_libraries(ml_dsa_keygen PRIVATE
+#         benchmark::benchmark
+#     )
+
+#     add_executable(ml_dsa_encaps
+#         ${PROJECT_SOURCE_DIR}/benches/mldsa768_encaps.cc
+#     )
+#     target_link_libraries(ml_dsa_encaps PRIVATE
+#         benchmark::benchmark
+#     )
+
+#     if(NOT MSVC)
+#         # We benchmark internal functions here that are inlined and thus not available
+#         # in MSVC.
+#         add_executable(sha3_bench
+#             ${PROJECT_SOURCE_DIR}/benches/sha3.cc
+#         )
+#         target_link_libraries(sha3_bench PRIVATE
+#             benchmark::benchmark
+#         )
+#     endif(NOT MSVC)
+# endif(DEFINED ENV{LIBCRUX_BENCHMARKS})
diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 33600f72a..6262f3ad3 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
diff --git a/libcrux-ml-dsa/cg/eurydice_glue.h b/libcrux-ml-dsa/cg/eurydice_glue.h
new file mode 100644
index 000000000..3f9b35cc2
--- /dev/null
+++ b/libcrux-ml-dsa/cg/eurydice_glue.h
@@ -0,0 +1,177 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Eurydice Contributors
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ */
+
+#pragma once
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "karamel/endianness.h"
+#include "karamel/target.h"
+
+// SLICES, ARRAYS, ETC.
+
+// The MSVC C++ compiler does not support compound literals.
+// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++
+// compiler.
+#if defined(__cplusplus)
+#define CLITERAL(type) type
+#else
+#define CLITERAL(type) (type)
+#endif
+
+// We represent a slice as a pair of an (untyped) pointer, along with the length
+// of the slice, i.e. the number of elements in the slice (this is NOT the
+// number of bytes). This design choice has two important consequences.
+// - if you need to use `ptr`, you MUST cast it to a proper type *before*
+// performing pointer
+//   arithmetic on it (remember that C desugars pointer arithmetic based on the
+//   type of the address)
+// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you
+// need to multiply it
+//   by sizeof t, where t is the type of the elements.
+//
+// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that
+// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL +
+// start`).
+typedef struct {
+  void *ptr;
+  size_t len;
+} Eurydice_slice;
+
+// Helper macro to create a slice out of a pointer x, a start index in x
+// (included), and an end index in x (excluded). The argument x must be suitably
+// cast to something that can decay (see remark above about how pointer
+// arithmetic works in C), meaning either pointer or array type.
+#define EURYDICE_SLICE(x, start, end) \
+  (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})
+#define EURYDICE_SLICE_LEN(s, _) s.len
+// This macro is a pain because in case the dereferenced element type is an
+// array, you cannot simply write `t x` as it would yield `int[4] x` instead,
+// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that
+// adds an extra argument to this macro at the last minute so that we have the
+// correct type of *pointers* to elements.
+#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
+#define Eurydice_slice_subslice(s, r, t, _) \
+  EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
+// Variant for when the start and end indices are statically known (i.e., the
+// range argument `r` is a literal).
+#define Eurydice_slice_subslice2(s, start, end, t) \
+  EURYDICE_SLICE((t *)s.ptr, start, end)
+#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \
+  EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
+#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \
+  EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
+#define Eurydice_array_to_slice(end, x, t) \
+  EURYDICE_SLICE(x, 0,                     \
+                 end) /* x is already at an array type, no need for cast */
+#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \
+  EURYDICE_SLICE((t *)x, r.start, r.end)
+// Same as above, variant for when start and end are statically known
+#define Eurydice_array_to_subslice2(x, start, end, t) \
+  EURYDICE_SLICE((t *)x, start, end)
+#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \
+  EURYDICE_SLICE((t *)x, 0, r)
+#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \
+  EURYDICE_SLICE((t *)x, r, size)
+#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)
+#define Eurydice_slice_copy(dst, src, t) \
+  memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
+#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
+  (CLITERAL(Eurydice_slice){.ptr = ptr_, .len = len_})
+
+#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
+    len, src, dst, elem_type, _ret_t)                                \
+  (memcpy(dst, src, len * sizeof(elem_type)))
+#define TryFromSliceError uint8_t
+
+#define Eurydice_array_eq(sz, a1, a2, t, _) \
+  (memcmp(a1, a2, sz * sizeof(t)) == 0)
+#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
+    sz, a1, a2, t, _, _ret_t)                                                           \
+  Eurydice_array_eq(sz, a1, a2, t, _)
+#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \
+    sz, a1, a2, t, _, _ret_t)                                                               \
+  Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
+
+#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
+  (CLITERAL(ret_t){                                              \
+      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),  \
+      .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})
+#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
+  (CLITERAL(ret_t){                                                  \
+      .fst = {.ptr = slice.ptr, .len = mid},                         \
+      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \
+              .len = slice.len - mid}})
+
+// Conversion of slice to an array, rewritten (by Eurydice) to name the
+// destination array, since arrays are not values in C.
+// N.B.: see note in karamel/lib/Inlining.ml if you change this.
+#define Eurydice_slice_to_array2(dst, src, _, t_arr)                      \
+  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
+                           sizeof(t_arr))
+
+static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
+                                            Eurydice_slice src, size_t sz) {
+  *dst_tag = 0;
+  memcpy(dst_ok, src.ptr, sz);
+}
+
+// CORE STUFF (conversions, endianness, ...)
+
+static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {
+  store64_le(buf, v);
+}
+static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {
+  return load64_le(buf);
+}
+
+static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {
+  return load32_le(buf);
+}
+
+static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {
+#ifdef _MSC_VER
+  return __popcnt(x0);
+#else
+  return __builtin_popcount(x0);
+#endif
+}
+
+// unsigned overflow wraparound semantics in C
+static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) {
+  return x + y;
+}
+static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
+  return x - y;
+}
+
+// ITERATORS
+
+#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
+  (((iter_ptr)->start == (iter_ptr)->end)            \
+       ? (CLITERAL(ret_t){.tag = None, .f0 = 0})     \
+       : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
+
+#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \
+  Eurydice_range_iter_next
+
+// See note in karamel/lib/Inlining.ml if you change this
+#define Eurydice_into_iter(x, t, _ret_t) (x)
+#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \
+  Eurydice_into_iter
+
+#if defined(__cplusplus)
+}
+#endif
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 5d85f31d0..89d611dc6 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
  */
diff --git a/libcrux-ml-dsa/cg/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-dsa/cg/intrinsics/libcrux_intrinsics_avx2.h
new file mode 100644
index 000000000..b51a17c1d
--- /dev/null
+++ b/libcrux-ml-dsa/cg/intrinsics/libcrux_intrinsics_avx2.h
@@ -0,0 +1,216 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef __libcrux_intrinsics_avx2_H
+#define __libcrux_intrinsics_avx2_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include "../eurydice_glue.h"
+#include "immintrin.h"
+
+typedef __m128i core_core_arch_x86___m128i;
+typedef __m256i core_core_arch_x86___m256i;
+
+// Cast and Convert
+
+#define libcrux_intrinsics_avx2_mm256_castsi256_si128(a) \
+  (_mm256_castsi256_si128(a))
+
+#define libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(a) \
+  (_mm256_cvtepi16_epi32(a))
+
+#define libcrux_intrinsics_avx2_mm256_castsi128_si256(a) \
+  (_mm256_castsi128_si256(a))
+
+// Initialize, Load, Store
+
+#define libcrux_intrinsics_avx2_mm256_setzero_si256(void) \
+  (_mm256_setzero_si256())
+
+#define libcrux_intrinsics_avx2_mm256_set1_epi16(a) (_mm256_set1_epi16(a))
+
+#define libcrux_intrinsics_avx2_mm256_set1_epi32(a) (_mm256_set1_epi32(a))
+
+#define libcrux_intrinsics_avx2_mm256_set1_epi64x(a) (_mm256_set1_epi64x(a))
+
+#define libcrux_intrinsics_avx2_mm_set1_epi16(a) (_mm_set1_epi16(a))
+
+#define libcrux_intrinsics_avx2_mm256_set_epi16(                           \
+    x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15)  \
+  (_mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, \
+                    x13, x14, x15))
+
+#define libcrux_intrinsics_avx2_mm256_set_epi8(                                \
+    x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, x16, \
+    x17, x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28, x29, x30, x31) \
+  (_mm256_set_epi8(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, \
+                   x14, x15, x16, x17, x18, x19, x20, x21, x22, x23, x24, x25, \
+                   x26, x27, x28, x29, x30, x31))
+
+#define libcrux_intrinsics_avx2_mm_set_epi8(                                \
+    x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15)   \
+  (_mm_set_epi8(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, \
+                x14, x15))
+
+#define libcrux_intrinsics_avx2_mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, \
+                                                x7)                         \
+  (_mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7))
+
+#define libcrux_intrinsics_avx2_mm256_loadu_si256_i16(a) \
+  (_mm256_loadu_si256((const __m256i *)a.ptr))
+
+#define libcrux_intrinsics_avx2_mm256_loadu_si256_u8(a) \
+  (_mm256_loadu_si256((const __m256i *)a.ptr))
+
+#define libcrux_intrinsics_avx2_mm_loadu_si128(a) \
+  (_mm_loadu_si128((const __m128i *)a.ptr))
+
+#define libcrux_intrinsics_avx2_mm_storeu_bytes_si128(a, b) \
+  (_mm_storeu_si128((__m128i *)a.ptr, b))
+
+#define libcrux_intrinsics_avx2_mm256_storeu_si256_i16(a, b) \
+  (_mm256_storeu_si256((__m256i *)a.ptr, b))
+
+#define libcrux_intrinsics_avx2_mm256_storeu_si256_u8(a, b) \
+  (_mm256_storeu_si256((__m256i *)a.ptr, b))
+
+#define libcrux_intrinsics_avx2_mm_storeu_si128(a, b) \
+  (_mm_storeu_si128((__m128i *)a.ptr, b))
+
+// Arithmetic: Add, Sub
+
+#define libcrux_intrinsics_avx2_mm256_add_epi16(a, b) (_mm256_add_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_add_epi32(a, b) (_mm256_add_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm_add_epi16(a, b) (_mm_add_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_sub_epi16(a, b) (_mm256_sub_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm_sub_epi16(a, b) (_mm_sub_epi16(a, b))
+
+// Arithmetic: Mul low and high, Mul-Add combinations
+
+#define libcrux_intrinsics_avx2_mm256_mullo_epi16(a, b) \
+  (_mm256_mullo_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_mulhi_epi16(a, b) \
+  (_mm256_mulhi_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_mul_epu32(a, b) (_mm256_mul_epu32(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_mullo_epi32(a, b) \
+  (_mm256_mullo_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm_mullo_epi16(a, b) (_mm_mullo_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm_mulhi_epi16(a, b) (_mm_mulhi_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_madd_epi16(a, b) (_mm256_madd_epi16(a, b))
+
+// Comparison
+
+#define libcrux_intrinsics_avx2_mm256_cmpgt_epi16(a, b) \
+  (_mm256_cmpgt_epi16(a, b))
+
+// Bitwise operations
+
+#define libcrux_intrinsics_avx2_mm256_and_si256(a, b) (_mm256_and_si256(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_andnot_si256(a, b) \
+  (_mm256_andnot_si256(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_xor_si256(a, b) (_mm256_xor_si256(a, b))
+
+#define libcrux_intrinsics_avx2_mm_movemask_epi8(a) (_mm_movemask_epi8(a))
+
+// Shift operations
+#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \
+  (_mm256_srai_epi16(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \
+  (_mm256_srli_epi16(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \
+  (_mm256_slli_epi16(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \
+  (_mm256_slli_epi32(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b) \
+  (_mm256_slli_epi64(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \
+  (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \
+  (_mm256_srai_epi32(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \
+  (_mm256_srli_epi32(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_sllv_epi32(a, b) (_mm256_sllv_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b) \
+  (_mm256_srli_epi64(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \
+  (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b))
+
+// Shuffle and Vector Interleaving
+
+#define libcrux_intrinsics_avx2_mm256_unpacklo_epi32(a, b) \
+  (_mm256_unpacklo_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_unpacklo_epi64(a, b) \
+  (_mm256_unpacklo_epi64(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_unpackhi_epi32(a, b) \
+  (_mm256_unpackhi_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_unpackhi_epi64(a, b) \
+  (_mm256_unpackhi_epi64(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_packs_epi32(a, b) \
+  (_mm256_packs_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm_packs_epi16(a, b) (_mm_packs_epi16(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \
+  (_mm256_shuffle_epi32(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \
+  (_mm256_extracti128_si256(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \
+  (_mm256_permute4x64_epi64(b, a))
+
+#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \
+  (_mm256_permute2x128_si256(b, c, a))
+
+#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \
+  (_mm256_inserti128_si256(b, c, a))
+
+#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \
+  (_mm256_blend_epi16(b, c, a))
+
+#define libcrux_intrinsics_avx2_mm256_shuffle_epi8(a, b) \
+  (_mm256_shuffle_epi8(a, b))
+
+#define libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(a, b) \
+  (_mm256_permutevar8x32_epi32(a, b))
+
+#define libcrux_intrinsics_avx2_mm_shuffle_epi8(a, b) (_mm_shuffle_epi8(a, b))
+
+#if defined(__cplusplus)
+}
+#endif
+
+#define __libcrux_intrinsics_avx2_H_DEFINED
+#endif
diff --git a/libcrux-ml-dsa/cg/karamel/endianness.h b/libcrux-ml-dsa/cg/karamel/endianness.h
new file mode 100644
index 000000000..d59d9854d
--- /dev/null
+++ b/libcrux-ml-dsa/cg/karamel/endianness.h
@@ -0,0 +1,228 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+   Licensed under the Apache 2.0 and MIT Licenses. */
+
+#ifndef __LOWSTAR_ENDIANNESS_H
+#define __LOWSTAR_ENDIANNESS_H
+
+#include <inttypes.h>
+#include <string.h>
+
+/******************************************************************************/
+/* Implementing C.fst (part 2: endian-ness macros)                            */
+/******************************************************************************/
+
+/* ... for Linux */
+#if defined(__linux__) || defined(__CYGWIN__) || \
+    defined(__USE_SYSTEM_ENDIAN_H__) || defined(__GLIBC__)
+#include <endian.h>
+
+/* ... for OSX */
+#elif defined(__APPLE__)
+#include <libkern/OSByteOrder.h>
+#define htole64(x) OSSwapHostToLittleInt64(x)
+#define le64toh(x) OSSwapLittleToHostInt64(x)
+#define htobe64(x) OSSwapHostToBigInt64(x)
+#define be64toh(x) OSSwapBigToHostInt64(x)
+
+#define htole16(x) OSSwapHostToLittleInt16(x)
+#define le16toh(x) OSSwapLittleToHostInt16(x)
+#define htobe16(x) OSSwapHostToBigInt16(x)
+#define be16toh(x) OSSwapBigToHostInt16(x)
+
+#define htole32(x) OSSwapHostToLittleInt32(x)
+#define le32toh(x) OSSwapLittleToHostInt32(x)
+#define htobe32(x) OSSwapHostToBigInt32(x)
+#define be32toh(x) OSSwapBigToHostInt32(x)
+
+/* ... for Solaris */
+#elif defined(__sun__)
+#include <sys/byteorder.h>
+#define htole64(x) LE_64(x)
+#define le64toh(x) LE_64(x)
+#define htobe64(x) BE_64(x)
+#define be64toh(x) BE_64(x)
+
+#define htole16(x) LE_16(x)
+#define le16toh(x) LE_16(x)
+#define htobe16(x) BE_16(x)
+#define be16toh(x) BE_16(x)
+
+#define htole32(x) LE_32(x)
+#define le32toh(x) LE_32(x)
+#define htobe32(x) BE_32(x)
+#define be32toh(x) BE_32(x)
+
+/* ... for the BSDs */
+#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/endian.h>
+#elif defined(__OpenBSD__)
+#include <endian.h>
+
+/* ... for Windows (MSVC)... not targeting XBOX 360! */
+#elif defined(_MSC_VER)
+
+#include <stdlib.h>
+#define htobe16(x) _byteswap_ushort(x)
+#define htole16(x) (x)
+#define be16toh(x) _byteswap_ushort(x)
+#define le16toh(x) (x)
+
+#define htobe32(x) _byteswap_ulong(x)
+#define htole32(x) (x)
+#define be32toh(x) _byteswap_ulong(x)
+#define le32toh(x) (x)
+
+#define htobe64(x) _byteswap_uint64(x)
+#define htole64(x) (x)
+#define be64toh(x) _byteswap_uint64(x)
+#define le64toh(x) (x)
+
+/* ... for Windows (GCC-like, e.g. mingw or clang) */
+#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) && \
+    (defined(__GNUC__) || defined(__clang__))
+
+#define htobe16(x) __builtin_bswap16(x)
+#define htole16(x) (x)
+#define be16toh(x) __builtin_bswap16(x)
+#define le16toh(x) (x)
+
+#define htobe32(x) __builtin_bswap32(x)
+#define htole32(x) (x)
+#define be32toh(x) __builtin_bswap32(x)
+#define le32toh(x) (x)
+
+#define htobe64(x) __builtin_bswap64(x)
+#define htole64(x) (x)
+#define be64toh(x) __builtin_bswap64(x)
+#define le64toh(x) (x)
+
+/* ... generic big-endian fallback code */
+/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always
+ * big-endian */
+#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \
+    defined(_AIX)
+
+/* byte swapping code inspired by:
+ * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
+ * */
+
+#define htobe32(x) (x)
+#define be32toh(x) (x)
+#define htole32(x)                                                  \
+  (__extension__({                                                  \
+    uint32_t _temp = (x);                                           \
+    ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
+        ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
+  }))
+#define le32toh(x) (htole32((x)))
+
+#define htobe64(x) (x)
+#define be64toh(x) (x)
+#define htole64(x)                                       \
+  (__extension__({                                       \
+    uint64_t __temp = (x);                               \
+    uint32_t __low = htobe32((uint32_t)__temp);          \
+    uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
+    (((uint64_t)__low) << 32) | __high;                  \
+  }))
+#define le64toh(x) (htole64((x)))
+
+/* ... generic little-endian fallback code */
+#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+
+#define htole32(x) (x)
+#define le32toh(x) (x)
+#define htobe32(x)                                                  \
+  (__extension__({                                                  \
+    uint32_t _temp = (x);                                           \
+    ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) |    \
+        ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \
+  }))
+#define be32toh(x) (htobe32((x)))
+
+#define htole64(x) (x)
+#define le64toh(x) (x)
+#define htobe64(x)                                       \
+  (__extension__({                                       \
+    uint64_t __temp = (x);                               \
+    uint32_t __low = htobe32((uint32_t)__temp);          \
+    uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \
+    (((uint64_t)__low) << 32) | __high;                  \
+  }))
+#define be64toh(x) (htobe64((x)))
+
+/* ... couldn't determine endian-ness of the target platform */
+#else
+#error "Please define __BYTE_ORDER__!"
+
+#endif /* defined(__linux__) || ... */
+
+/* Loads and stores. These avoid undefined behavior due to unaligned memory
+ * accesses, via memcpy. */
+
+inline static uint16_t load16(uint8_t *b) {
+  uint16_t x;
+  memcpy(&x, b, 2);
+  return x;
+}
+
+inline static uint32_t load32(uint8_t *b) {
+  uint32_t x;
+  memcpy(&x, b, 4);
+  return x;
+}
+
+inline static uint64_t load64(uint8_t *b) {
+  uint64_t x;
+  memcpy(&x, b, 8);
+  return x;
+}
+
+inline static void store16(uint8_t *b, uint16_t i) { memcpy(b, &i, 2); }
+
+inline static void store32(uint8_t *b, uint32_t i) { memcpy(b, &i, 4); }
+
+inline static void store64(uint8_t *b, uint64_t i) { memcpy(b, &i, 8); }
+
+/* Legacy accessors so that this header can serve as an implementation of
+ * C.Endianness */
+#define load16_le(b) (le16toh(load16(b)))
+#define store16_le(b, i) (store16(b, htole16(i)))
+#define load16_be(b) (be16toh(load16(b)))
+#define store16_be(b, i) (store16(b, htobe16(i)))
+
+#define load32_le(b) (le32toh(load32(b)))
+#define store32_le(b, i) (store32(b, htole32(i)))
+#define load32_be(b) (be32toh(load32(b)))
+#define store32_be(b, i) (store32(b, htobe32(i)))
+
+#define load64_le(b) (le64toh(load64(b)))
+#define store64_le(b, i) (store64(b, htole64(i)))
+#define load64_be(b) (be64toh(load64(b)))
+#define store64_be(b, i) (store64(b, htobe64(i)))
+
+/* Co-existence of LowStar.Endianness and FStar.Endianness generates name
+ * conflicts, because of course both insist on having no prefixes. Until a
+ * prefix is added, or until we truly retire FStar.Endianness, solve this issue
+ * in an elegant way. */
+#define load16_le0 load16_le
+#define store16_le0 store16_le
+#define load16_be0 load16_be
+#define store16_be0 store16_be
+
+#define load32_le0 load32_le
+#define store32_le0 store32_le
+#define load32_be0 load32_be
+#define store32_be0 store32_be
+
+#define load64_le0 load64_le
+#define store64_le0 store64_le
+#define load64_be0 load64_be
+#define store64_be0 store64_be
+
+#define load128_le0 load128_le
+#define store128_le0 store128_le
+#define load128_be0 load128_be
+#define store128_be0 store128_be
+
+#endif
diff --git a/libcrux-ml-dsa/cg/karamel/target.h b/libcrux-ml-dsa/cg/karamel/target.h
new file mode 100644
index 000000000..f34539303
--- /dev/null
+++ b/libcrux-ml-dsa/cg/karamel/target.h
@@ -0,0 +1,55 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+ * Licensed under the Apache 2.0 and MIT Licenses.
+ *
+ * SPDX-FileCopyrightText: 2024 INRIA and Microsoft Corporation
+ * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
+ *
+ * SPDX-License-Identifier: MIT or Apache-2.0
+ */
+
+#ifndef __KRML_TARGET_H
+#define __KRML_TARGET_H
+
+#ifndef KRML_HOST_PRINTF
+#define KRML_HOST_PRINTF printf
+#endif
+
+#if ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+     (defined(__cplusplus) && __cplusplus > 199711L)) &&           \
+    (!defined(KRML_HOST_EPRINTF))
+#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
+#elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER)
+#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
+#endif
+
+#ifndef KRML_HOST_EXIT
+#define KRML_HOST_EXIT exit
+#endif
+
+// This does not actually force inline.
+// Forcing inline increases stack usage beyond acceptable limits
+#define KRML_MUSTINLINE inline
+
+#ifndef KRML_NOINLINE
+#if defined(_MSC_VER)
+#define KRML_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__)
+#define KRML_NOINLINE __attribute__((noinline, unused))
+#else
+#define KRML_NOINLINE
+#warning "The KRML_NOINLINE macro is not defined for this toolchain!"
+#warning "The compiler may defeat side-channel resistance with optimizations."
+#warning \
+    "Please locate target.h and try to fill it out with a suitable definition for this compiler."
+#endif
+#endif
+
+#ifndef KRML_ATTRIBUTE_TARGET
+#if defined(__GNUC__)
+#define KRML_ATTRIBUTE_TARGET(x) __attribute__((target(x)))
+#else
+#define KRML_ATTRIBUTE_TARGET(x)
+#endif
+#endif
+
+#endif
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index 50d5433fc..c7b7b6116 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
  */
 
 #ifndef __libcrux_core_H
@@ -54,19 +54,6 @@ typedef struct Option_08_s {
 
 typedef uint8_t Result_a9_tags;
 
-/**
-A monomorphic instance of core.result.Result
-with types (), core_fmt_Error
-
-*/
-typedef struct Result_a9_s {
-  Result_a9_tags tag;
-  void *f0;
-} Result_a9;
-
-static inline Result_a9 core_fmt__core__fmt__Formatter__a__9__write_str(
-    core_fmt_Formatter *x0, Prims_string x1);
-
 static inline uint32_t core_num__i32_2__count_ones(int32_t x0);
 
 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
@@ -331,13 +318,13 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_utils_into_padded_array_b6(
 
 /**
 A monomorphic instance of core.option.Option
-with types Eurydice_slice int32_t
+with types  uint8_t*
 
 */
-typedef struct Option_93_s {
+typedef struct Option_3f_s {
   Option_08_tags tag;
-  Eurydice_slice f0;
-} Option_93;
+  uint8_t *f0;
+} Option_3f;
 
 /**
 A monomorphic instance of core.option.Option
@@ -383,16 +370,6 @@ static inline void unwrap_26_55(Result_6c self, int32_t ret[8U]) {
   }
 }
 
-/**
-A monomorphic instance of core.option.Option
-with types  uint8_t*
-
-*/
-typedef struct Option_3f_s {
-  Option_08_tags tag;
-  uint8_t *f0;
-} Option_3f;
-
 typedef struct libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair_s {
   libcrux_ml_dsa_types_MLDSASigningKey_22 signing_key;
   libcrux_ml_dsa_types_MLDSAVerificationKey_ea verification_key;
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 6d3d3112f..9bc355151 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -3027,31 +3027,23 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
     Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
   bool done = false;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)24U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice random_bytes = uu____0.f0;
-      if (!done) {
-        Eurydice_slice uu____1 = random_bytes;
-        size_t sampled =
-            libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2(
-                uu____1, Eurydice_array_to_subslice_from(
-                             (size_t)263U, out, sampled_coefficients[0U],
-                             int32_t, size_t));
-        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-        if (sampled_coefficients[0U] >=
-            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-          done = true;
-        }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U,
+                                 _cloop_i * (size_t)24U + (size_t)24U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
       }
     }
   }
@@ -3072,20 +3064,17 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
 libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
-  core_slice_iter_Chunks array_chunks = core_slice___Slice_T___chunks(
-      array, LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, int32_t,
-      core_slice_iter_Chunks);
   libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result =
       libcrux_ml_dsa_polynomial_ZERO_ff_ea();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i uu____0 = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
-        core_option__core__option__Option_T__TraitClause_0___unwrap(
-            core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-                &array_chunks, int32_t, Option_93),
-            Eurydice_slice, Eurydice_slice));
-    result.simd_units[i0] = uu____0;
+    result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
+        Eurydice_slice_subslice2(
+            array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+            int32_t));
   }
   return result;
 }
@@ -3964,31 +3953,23 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_2_ea(
     Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
   bool done = false;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice random_bytes = uu____0.f0;
-      if (!done) {
-        Eurydice_slice uu____1 = random_bytes;
-        size_t sampled =
-            libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_2_a2(
-                uu____1, Eurydice_array_to_subslice_from(
-                             (size_t)263U, out, sampled_coefficients[0U],
-                             int32_t, size_t));
-        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-        if (sampled_coefficients[0U] >=
-            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-          done = true;
-        }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)4U,
+                                 _cloop_i * (size_t)4U + (size_t)4U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_2_a2(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
       }
     }
   }
@@ -4006,31 +3987,23 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_4_ea(
     Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
   bool done = false;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice random_bytes = uu____0.f0;
-      if (!done) {
-        Eurydice_slice uu____1 = random_bytes;
-        size_t sampled =
-            libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_4_a2(
-                uu____1, Eurydice_array_to_subslice_from(
-                             (size_t)263U, out, sampled_coefficients[0U],
-                             int32_t, size_t));
-        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-        if (sampled_coefficients[0U] >=
-            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-          done = true;
-        }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)4U,
+                                 _cloop_i * (size_t)4U + (size_t)4U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_4_a2(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
       }
     }
   }
@@ -4964,13 +4937,7 @@ libcrux_ml_dsa_ml_dsa_65_avx2_generate_key_pair(uint8_t randomness[32U]) {
 }
 
 /**
- The internal signing API.
-
- If no `domain_separation_context` is supplied, it is assumed that
- `message` already contains the domain separation.
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
@@ -4992,9 +4959,9 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
 - SIGNATURE_SIZE= 3309
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
-    uint8_t *signing_key, Eurydice_slice message,
-    Option_84 domain_separation_context, uint8_t randomness[32U]) {
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
   KRML_HOST_EPRINTF(
       "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
       "Eurydice error: Failure(\"TODO: TraitTypes "
@@ -5004,56 +4971,6 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
   KRML_HOST_EXIT(255U);
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
-libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
-libcrux_ml_dsa_hash_functions_simd256_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
-libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-- ETA= 4
-- ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
-    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
-    uint8_t randomness[32U]) {
-  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
-      context, (CLITERAL(Option_3f){.tag = None}));
-  Result_2e uu____1;
-  if (uu____0.tag == Ok) {
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
-        uu____0.val.case_Ok;
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
-        domain_separation_context;
-    uint8_t *uu____2 = signing_key;
-    Eurydice_slice uu____3 = message;
-    Option_84 uu____4 = {.tag = Some, .f0 = domain_separation_context0};
-    /* Passing arrays by value in Rust generates a copy in C */
-    uint8_t copy_of_randomness[32U];
-    memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
-        uu____2, uu____3, uu____4, copy_of_randomness);
-  } else {
-    uu____1 = (CLITERAL(Result_2e){
-        .tag = Err,
-        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
-  }
-  return uu____1;
-}
-
 /**
  Sign.
 */
@@ -5281,13 +5198,7 @@ static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign_pre_hashed_shake128(
 }
 
 /**
- The internal verification API.
-
- If no `domain_separation_context` is supplied, it is assumed that
- `message` already contains the domain separation.
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
@@ -5307,10 +5218,9 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 - MAX_ONES_IN_HINT= 55
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_41
-libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1(
     uint8_t *verification_key_serialized, Eurydice_slice message,
-    Option_84 domain_separation_context, uint8_t *signature_serialized) {
+    Eurydice_slice context, uint8_t *signature_serialized) {
   KRML_HOST_EPRINTF(
       "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
       "Eurydice error: Failure(\"TODO: TraitTypes "
@@ -5320,50 +5230,6 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
   KRML_HOST_EXIT(255U);
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
-libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
-libcrux_ml_dsa_hash_functions_simd256_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-- SIGNATURE_SIZE= 3309
-- VERIFICATION_KEY_SIZE= 1952
-- GAMMA1_EXPONENT= 19
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- GAMMA2= 261888
-- BETA= 196
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1(
-    uint8_t *verification_key_serialized, Eurydice_slice message,
-    Eurydice_slice context, uint8_t *signature_serialized) {
-  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
-      context, (CLITERAL(Option_3f){.tag = None}));
-  Result_41 uu____1;
-  if (uu____0.tag == Ok) {
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
-        uu____0.val.case_Ok;
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
-        domain_separation_context;
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
-        verification_key_serialized, message,
-        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context0}),
-        signature_serialized);
-  } else {
-    uu____1 = (CLITERAL(Result_41){
-        .tag = Err,
-        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
-  }
-  return uu____1;
-}
-
 /**
  Verify.
 */
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index 3bbbfd2e9..0df065b82 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -532,53 +532,6 @@ libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t row, uint8_t column) {
 #define LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
   (58728449ULL)
 
-typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s {
-  Eurydice_slice context;
-  Option_3f pre_hash_oid;
-} libcrux_ml_dsa_pre_hash_DomainSeparationContext;
-
-#define libcrux_ml_dsa_pre_hash_ContextTooLongError 0
-
-typedef uint8_t libcrux_ml_dsa_pre_hash_DomainSeparationError;
-
-/**
-A monomorphic instance of core.result.Result
-with types libcrux_ml_dsa_pre_hash_DomainSeparationContext,
-libcrux_ml_dsa_pre_hash_DomainSeparationError
-
-*/
-typedef struct Result_a8_s {
-  Result_a9_tags tag;
-  union {
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext case_Ok;
-    libcrux_ml_dsa_pre_hash_DomainSeparationError case_Err;
-  } val;
-} Result_a8;
-
-/**
- `context` must be at most 255 bytes long.
-*/
-/**
-This function found in impl
-{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
-*/
-static inline Result_a8 libcrux_ml_dsa_pre_hash_new_45(Eurydice_slice context,
-                                                       Option_3f pre_hash_oid) {
-  Result_a8 uu____0;
-  if (Eurydice_slice_len(context, uint8_t) >
-      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
-    uu____0 = (CLITERAL(Result_a8){
-        .tag = Err,
-        .val = {.case_Err = libcrux_ml_dsa_pre_hash_ContextTooLongError}});
-  } else {
-    uu____0 = (CLITERAL(Result_a8){
-        .tag = Ok,
-        .val = {
-            .case_Ok = {.context = context, .pre_hash_oid = pre_hash_oid}}});
-  }
-  return uu____0;
-}
-
 typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s {
 } libcrux_ml_dsa_pre_hash_SHAKE128_PH;
 
@@ -3702,31 +3655,23 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
     Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
   bool done = false;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)24U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice random_bytes = uu____0.f0;
-      if (!done) {
-        Eurydice_slice uu____1 = random_bytes;
-        size_t sampled =
-            libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36(
-                uu____1, Eurydice_array_to_subslice_from(
-                             (size_t)263U, out, sampled_coefficients[0U],
-                             int32_t, size_t));
-        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-        if (sampled_coefficients[0U] >=
-            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-          done = true;
-        }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U,
+                                 _cloop_i * (size_t)24U + (size_t)24U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
       }
     }
   }
@@ -3746,9 +3691,6 @@ with const generics
 */
 static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
 libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
-  core_slice_iter_Chunks array_chunks = core_slice___Slice_T___chunks(
-      array, LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, int32_t,
-      core_slice_iter_Chunks);
   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result =
       libcrux_ml_dsa_polynomial_ZERO_ff_ba();
   for (size_t i = (size_t)0U;
@@ -3756,10 +3698,12 @@ libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
     size_t i0 = i;
     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
         libcrux_ml_dsa_simd_portable_from_coefficient_array_36(
-            core_option__core__option__Option_T__TraitClause_0___unwrap(
-                core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-                    &array_chunks, int32_t, Option_93),
-                Eurydice_slice, Eurydice_slice));
+            Eurydice_slice_subslice2(
+                array,
+                i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+                (i0 + (size_t)1U) *
+                    LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+                int32_t));
     result.simd_units[i0] = uu____0;
   }
   return result;
@@ -4632,31 +4576,23 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_2_ba(
     Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
   bool done = false;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice random_bytes = uu____0.f0;
-      if (!done) {
-        Eurydice_slice uu____1 = random_bytes;
-        size_t sampled =
-            libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_2_36(
-                uu____1, Eurydice_array_to_subslice_from(
-                             (size_t)263U, out, sampled_coefficients[0U],
-                             int32_t, size_t));
-        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-        if (sampled_coefficients[0U] >=
-            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-          done = true;
-        }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)4U,
+                                 _cloop_i * (size_t)4U + (size_t)4U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_2_36(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
       }
     }
   }
@@ -4673,31 +4609,23 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_sample_rejection_sample_less_than_eta_equals_4_ba(
     Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
   bool done = false;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)4U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice random_bytes = uu____0.f0;
-      if (!done) {
-        Eurydice_slice uu____1 = random_bytes;
-        size_t sampled =
-            libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_4_36(
-                uu____1, Eurydice_array_to_subslice_from(
-                             (size_t)263U, out, sampled_coefficients[0U],
-                             int32_t, size_t));
-        sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-        if (sampled_coefficients[0U] >=
-            LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-          done = true;
-        }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)4U,
+                                 _cloop_i * (size_t)4U + (size_t)4U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_4_36(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
       }
     }
   }
@@ -5589,23 +5517,7 @@ libcrux_ml_dsa_ml_dsa_65_portable_generate_key_pair(uint8_t randomness[32U]) {
 }
 
 /**
-A monomorphic instance of core.option.Option
-with types libcrux_ml_dsa_pre_hash_DomainSeparationContext
-
-*/
-typedef struct Option_84_s {
-  Option_08_tags tag;
-  libcrux_ml_dsa_pre_hash_DomainSeparationContext f0;
-} Option_84;
-
-/**
- The internal signing API.
-
- If no `domain_separation_context` is supplied, it is assumed that
- `message` already contains the domain separation.
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
@@ -5626,9 +5538,9 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
 - SIGNING_KEY_SIZE= 4032
 - SIGNATURE_SIZE= 3309
 */
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
-    uint8_t *signing_key, Eurydice_slice message,
-    Option_84 domain_separation_context, uint8_t randomness[32U]) {
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
   KRML_HOST_EPRINTF(
       "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
       "Eurydice error: Failure(\"TODO: TraitTypes "
@@ -5638,55 +5550,6 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
   KRML_HOST_EXIT(255U);
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
-libcrux_ml_dsa_hash_functions_portable_Shake128X4,
-libcrux_ml_dsa_hash_functions_portable_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
-libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-- ETA= 4
-- ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
-*/
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
-    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
-    uint8_t randomness[32U]) {
-  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
-      context, (CLITERAL(Option_3f){.tag = None}));
-  Result_2e uu____1;
-  if (uu____0.tag == Ok) {
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
-        uu____0.val.case_Ok;
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
-        domain_separation_context;
-    uint8_t *uu____2 = signing_key;
-    Eurydice_slice uu____3 = message;
-    Option_84 uu____4 = {.tag = Some, .f0 = domain_separation_context0};
-    /* Passing arrays by value in Rust generates a copy in C */
-    uint8_t copy_of_randomness[32U];
-    memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
-        uu____2, uu____3, uu____4, copy_of_randomness);
-  } else {
-    uu____1 = (CLITERAL(Result_2e){
-        .tag = Err,
-        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
-  }
-  return uu____1;
-}
-
 /**
  Sign.
 */
@@ -5836,13 +5699,7 @@ libcrux_ml_dsa_ml_dsa_65_portable_sign_pre_hashed_shake128(
 }
 
 /**
- The internal verification API.
-
- If no `domain_separation_context` is supplied, it is assumed that
- `message` already contains the domain separation.
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
@@ -5861,10 +5718,9 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 - ONES_IN_VERIFIER_CHALLENGE= 49
 - MAX_ONES_IN_HINT= 55
 */
-static KRML_MUSTINLINE Result_41
-libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99(
     uint8_t *verification_key_serialized, Eurydice_slice message,
-    Option_84 domain_separation_context, uint8_t *signature_serialized) {
+    Eurydice_slice context, uint8_t *signature_serialized) {
   KRML_HOST_EPRINTF(
       "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
       "Eurydice error: Failure(\"TODO: TraitTypes "
@@ -5874,49 +5730,6 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
   KRML_HOST_EXIT(255U);
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
-libcrux_ml_dsa_hash_functions_portable_Shake128X4,
-libcrux_ml_dsa_hash_functions_portable_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-- SIGNATURE_SIZE= 3309
-- VERIFICATION_KEY_SIZE= 1952
-- GAMMA1_EXPONENT= 19
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- GAMMA2= 261888
-- BETA= 196
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-*/
-static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99(
-    uint8_t *verification_key_serialized, Eurydice_slice message,
-    Eurydice_slice context, uint8_t *signature_serialized) {
-  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
-      context, (CLITERAL(Option_3f){.tag = None}));
-  Result_41 uu____1;
-  if (uu____0.tag == Ok) {
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
-        uu____0.val.case_Ok;
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
-        domain_separation_context;
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
-        verification_key_serialized, message,
-        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context0}),
-        signature_serialized);
-  } else {
-    uu____1 = (CLITERAL(Result_41){
-        .tag = Err,
-        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
-  }
-  return uu____1;
-}
-
 /**
  Verify.
 */
@@ -6040,6 +5853,11 @@ libcrux_ml_dsa_ml_dsa_65_portable_verify_pre_hashed_shake128(
       libcrux_ml_dsa_types_as_raw_8f_fa(signature));
 }
 
+typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s {
+  Eurydice_slice context;
+  Option_3f pre_hash_oid;
+} libcrux_ml_dsa_pre_hash_DomainSeparationContext;
+
 /**
  Returns the pre-hash OID, if any.
 */
@@ -6064,6 +5882,10 @@ static inline Eurydice_slice libcrux_ml_dsa_pre_hash_context_45(
   return self->context;
 }
 
+#define libcrux_ml_dsa_pre_hash_ContextTooLongError 0
+
+typedef uint8_t libcrux_ml_dsa_pre_hash_DomainSeparationError;
+
 #define LIBCRUX_ML_DSA_PRE_HASH_PRE_HASH_OID_LEN ((size_t)11U)
 
 typedef uint8_t libcrux_ml_dsa_pre_hash_PreHashOID[11U];
@@ -6093,6 +5915,43 @@ static const uint8_t
     libcrux_ml_dsa_pre_hash___libcrux_ml_dsa__pre_hash__PreHash_256__usize__for_libcrux_ml_dsa__pre_hash__SHAKE128_PH___OID
         [11U] = {6U, 9U, 96U, 134U, 72U, 1U, 101U, 3U, 4U, 2U, 11U};
 
+#define libcrux_ml_dsa_pre_hash_Ok 0
+#define libcrux_ml_dsa_pre_hash_Err 1
+
+typedef uint8_t libcrux_ml_dsa_pre_hash_PreHashResult_tags;
+
+typedef struct libcrux_ml_dsa_pre_hash_PreHashResult_s {
+  libcrux_ml_dsa_pre_hash_PreHashResult_tags tag;
+  union {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationError case_Err;
+  } val;
+} libcrux_ml_dsa_pre_hash_PreHashResult;
+
+/**
+ `context` must be at most 255 bytes long.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline libcrux_ml_dsa_pre_hash_PreHashResult
+libcrux_ml_dsa_pre_hash_new_45(Eurydice_slice context, Option_3f pre_hash_oid) {
+  libcrux_ml_dsa_pre_hash_PreHashResult uu____0;
+  if (Eurydice_slice_len(context, uint8_t) >
+      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
+    uu____0 = (CLITERAL(libcrux_ml_dsa_pre_hash_PreHashResult){
+        .tag = libcrux_ml_dsa_pre_hash_Err,
+        .val = {.case_Err = libcrux_ml_dsa_pre_hash_ContextTooLongError}});
+  } else {
+    uu____0 = (CLITERAL(libcrux_ml_dsa_pre_hash_PreHashResult){
+        .tag = libcrux_ml_dsa_pre_hash_Ok,
+        .val = {
+            .case_Ok = {.context = context, .pre_hash_oid = pre_hash_oid}}});
+  }
+  return uu____0;
+}
+
 static KRML_MUSTINLINE bool libcrux_ml_dsa_sample_inside_out_shuffle(
     Eurydice_slice randomness, size_t *out_index, uint64_t *signs,
     int32_t *result) {
@@ -6199,72 +6058,10 @@ libcrux_ml_dsa_simd_portable_vector_type_clone_ae(
   return self[0U];
 }
 
-/**
-This function found in impl {(core::fmt::Debug for
-libcrux_ml_dsa::types::SigningError)#7}
-*/
-static inline Result_a9 libcrux_ml_dsa_types_fmt_16(
-    libcrux_ml_dsa_types_SigningError *self, core_fmt_Formatter *f) {
-  core_fmt_Formatter *uu____0 = f;
-  Prims_string uu____1;
-  switch (self[0U]) {
-    case libcrux_ml_dsa_types_RejectionSamplingError: {
-      uu____1 = "RejectionSamplingError";
-      break;
-    }
-    case libcrux_ml_dsa_types_ContextTooLongError: {
-      uu____1 = "ContextTooLongError";
-      break;
-    }
-    default: {
-      KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
-                        __LINE__);
-      KRML_HOST_EXIT(253U);
-    }
-  }
-  return core_fmt__core__fmt__Formatter__a__9__write_str(uu____0, uu____1);
-}
-
-/**
-This function found in impl {(core::fmt::Debug for
-libcrux_ml_dsa::types::VerificationError)#6}
-*/
-static inline Result_a9 libcrux_ml_dsa_types_fmt_7e(
-    libcrux_ml_dsa_types_VerificationError *self, core_fmt_Formatter *f) {
-  core_fmt_Formatter *uu____0 = f;
-  Prims_string uu____1;
-  switch (self[0U]) {
-    case libcrux_ml_dsa_types_MalformedHintError: {
-      uu____1 = "MalformedHintError";
-      break;
-    }
-    case libcrux_ml_dsa_types_SignerResponseExceedsBoundError: {
-      uu____1 = "SignerResponseExceedsBoundError";
-      break;
-    }
-    case libcrux_ml_dsa_types_CommitmentHashesDontMatchError: {
-      uu____1 = "CommitmentHashesDontMatchError";
-      break;
-    }
-    case libcrux_ml_dsa_types_VerificationContextTooLongError: {
-      uu____1 = "VerificationContextTooLongError";
-      break;
-    }
-    default: {
-      KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
-                        __LINE__);
-      KRML_HOST_EXIT(253U);
-    }
-  }
-  return core_fmt__core__fmt__Formatter__a__9__write_str(uu____0, uu____1);
-}
-
 typedef int32_t libcrux_ml_dsa_simd_traits_FieldElementTimesMontgomeryR;
 
 typedef int32_t libcrux_ml_dsa_simd_portable_vector_type_FieldElement;
 
-typedef Result_a8 libcrux_ml_dsa_pre_hash_PreHashResult;
-
 typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s {
 } libcrux_ml_dsa_hash_functions_portable_Shake128;
 
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index 3c2909209..5b4eb7f14 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index ee42379c7..807e69f7c 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 5a0f22fa8387080e4c4e4ac018aaddcdf944e4be
+ * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
  */
 
 #ifndef __libcrux_sha3_portable_H
diff --git a/libcrux-ml-dsa/cg/tests/mldsa65.cc b/libcrux-ml-dsa/cg/tests/mldsa65.cc
new file mode 100644
index 000000000..e1e4bdb33
--- /dev/null
+++ b/libcrux-ml-dsa/cg/tests/mldsa65.cc
@@ -0,0 +1,53 @@
+/*
+ *    Copyright 2023 Cryspen Sarl
+ *
+ *    Licensed under the Apache License, Version 2.0 or MIT.
+ *    - http://www.apache.org/licenses/LICENSE-2.0
+ *    - http://opensource.org/licenses/MIT
+ */
+
+#include <gtest/gtest.h>
+
+#include "libcrux_mldsa65_portable.h"
+
+template <typename T>
+Eurydice_slice mk_slice(T *x, size_t len)
+{
+    Eurydice_slice s;
+    s.ptr = (void *)x;
+    s.len = len;
+    return s;
+}
+
+TEST(MlDsa65TestPortable, ConsistencyTest)
+{
+    // Generate key pair
+    uint8_t randomness[32];
+    for (int i = 0; i < 32; i++)
+    {
+        randomness[i] = 13;
+    }
+    auto key_pair = libcrux_ml_dsa_ml_dsa_65_portable_generate_key_pair(randomness);
+
+    // Sign
+    uint8_t msg[79] = {0};
+    for (int i = 0; i < 32; i++)
+    {
+        randomness[i] = 0x55;
+    }
+    uint8_t context[0];
+    auto ctxt = libcrux_ml_dsa_ml_dsa_65_portable_sign(
+        &key_pair.signing_key,
+        mk_slice(&msg, 79),
+        mk_slice(&context, 0),
+        randomness);
+
+    // // Verify
+    // uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE];
+    // libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2);
+
+    // EXPECT_EQ(0,
+    //           memcmp(ctxt.snd,
+    //                  sharedSecret2,
+    //                  LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE));
+}

From 6fe932415944b5482309c403c820975b15e6122d Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 6 Dec 2024 16:35:09 +0000
Subject: [PATCH 075/142] make verification

---
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 4 ++++
 libcrux-ml-kem/src/vector/avx2/serialize.rs                   | 1 +
 2 files changed, 5 insertions(+)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
index b0c197583..87cf7addd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst
@@ -12,6 +12,8 @@ let _ =
 
 [@@"opaque_to_smt"]
 
+#push-options "--ext context_pruning"
+
 let deserialize_1___deserialize_1_i16s (a b: i16) =
   let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b b b b b b b b a a a a a a a a
@@ -27,6 +29,8 @@ let deserialize_1___deserialize_1_i16s (a b: i16) =
   in
   Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb
 
+#pop-options
+
 [@@"opaque_to_smt"]
 
 let deserialize_1___deserialize_1_u8s (a b: u8) =
diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs
index 693bb1bf8..7c3f0b500 100644
--- a/libcrux-ml-kem/src/vector/avx2/serialize.rs
+++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs
@@ -109,6 +109,7 @@ pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 {
 "#
     ))]
     #[inline(always)]
+    #[hax_lib::fstar::options("--ext context_pruning")]
     #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)]
     pub(crate) fn deserialize_1_i16s(a: i16, b: i16) -> Vec256 {
         // We need to take each bit from the 2 bytes of input and put them

From adbf4827f77a826702dc823d7211aab169159565 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Fri, 6 Dec 2024 16:55:05 +0000
Subject: [PATCH 076/142] fix verification

---
 .../extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst    | 2 +-
 libcrux-ml-kem/src/vector/portable/arithmetic.rs                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
index 9f607fddd..46f0a37be 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst
@@ -28,7 +28,7 @@ let get_n_least_significant_bits (n: u8) (value: u32) =
 
 #pop-options
 
-#push-options "--z3rlimit 150"
+#push-options "--z3rlimit 150 --ext context_pruning"
 
 let barrett_reduce_element (value: i16) =
   let t:i32 =
diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
index 1eacc5285..64b92baed 100644
--- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
@@ -193,7 +193,7 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
 ///
 /// Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS
 ///
-#[hax_lib::fstar::options("--z3rlimit 150")]
+#[hax_lib::fstar::options("--z3rlimit 150 --ext context_pruning")]
 #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 28296 value")))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\
                 v result % 3329 == v value % 3329")))]

From 8723dfe44ec033d255ddf24b65572826b8ec547b Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 17:39:42 +0000
Subject: [PATCH 077/142] update serialize

---
 libcrux-ml-dsa/src/encoding/gamma1.rs         | 46 +++++--------------
 libcrux-ml-dsa/src/encoding/signature.rs      |  7 ++-
 libcrux-ml-dsa/src/simd/avx2.rs               |  4 +-
 .../src/simd/avx2/encoding/gamma1.rs          | 20 ++++----
 libcrux-ml-dsa/src/simd/portable.rs           |  4 +-
 .../src/simd/portable/encoding/gamma1.rs      | 29 ++++--------
 libcrux-ml-dsa/src/simd/traits.rs             |  2 +-
 7 files changed, 36 insertions(+), 76 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/gamma1.rs b/libcrux-ml-dsa/src/encoding/gamma1.rs
index cf68b1fef..08b56eabd 100644
--- a/libcrux-ml-dsa/src/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/encoding/gamma1.rs
@@ -1,41 +1,15 @@
 use crate::{polynomial::PolynomialRingElement, simd::traits::Operations};
 
 #[inline(always)]
-pub(crate) fn serialize<
-    SIMDUnit: Operations,
-    const GAMMA1_EXPONENT: usize,
-    const OUTPUT_BYTES: usize,
->(
+pub(crate) fn serialize<SIMDUnit: Operations, const GAMMA1_EXPONENT: usize>(
     re: PolynomialRingElement<SIMDUnit>,
-) -> [u8; OUTPUT_BYTES] {
-    let mut serialized = [0u8; OUTPUT_BYTES];
-
-    match GAMMA1_EXPONENT as u8 {
-        17 => {
-            const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 18;
-
-            for (i, simd_unit) in re.simd_units.iter().enumerate() {
-                serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-                    .copy_from_slice(&SIMDUnit::gamma1_serialize::<OUTPUT_BYTES_PER_SIMD_UNIT>(
-                        *simd_unit,
-                    ));
-            }
-
-            serialized
-        }
-        19 => {
-            const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 20;
-
-            for (i, simd_unit) in re.simd_units.iter().enumerate() {
-                serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-                    .copy_from_slice(&SIMDUnit::gamma1_serialize::<OUTPUT_BYTES_PER_SIMD_UNIT>(
-                        *simd_unit,
-                    ));
-            }
-
-            serialized
-        }
-        _ => unreachable!(),
+    serialized: &mut [u8], // OUTPUT_BYTES
+) {
+    for (i, simd_unit) in re.simd_units.iter().enumerate() {
+        SIMDUnit::gamma1_serialize::<GAMMA1_EXPONENT>(
+            *simd_unit,
+            &mut serialized[i * (GAMMA1_EXPONENT + 1)..(i + 1) * (GAMMA1_EXPONENT + 1)],
+        );
     }
 }
 
@@ -126,7 +100,9 @@ mod tests {
             117, 5, 185, 26, 141, 188, 106, 44, 164, 240, 119,
         ];
 
-        assert_eq!(serialize::<SIMDUnit, 19, 640>(re), expected_bytes);
+        let mut result = [0u8; 640];
+        serialize::<SIMDUnit, 19>(re, &mut result);
+        assert_eq!(result, expected_bytes);
     }
 
     fn test_deserialize_generic<SIMDUnit: Operations>() {
diff --git a/libcrux-ml-dsa/src/encoding/signature.rs b/libcrux-ml-dsa/src/encoding/signature.rs
index 6377f5e33..a25f693bf 100644
--- a/libcrux-ml-dsa/src/encoding/signature.rs
+++ b/libcrux-ml-dsa/src/encoding/signature.rs
@@ -41,10 +41,9 @@ impl<
         offset += COMMITMENT_HASH_SIZE;
 
         for i in 0..COLUMNS_IN_A {
-            signature[offset..offset + GAMMA1_RING_ELEMENT_SIZE].copy_from_slice(
-                &encoding::gamma1::serialize::<SIMDUnit, GAMMA1_EXPONENT, GAMMA1_RING_ELEMENT_SIZE>(
-                    self.signer_response[i],
-                ),
+            encoding::gamma1::serialize::<SIMDUnit, GAMMA1_EXPONENT>(
+                self.signer_response[i],
+                &mut signature[offset..offset + GAMMA1_RING_ELEMENT_SIZE],
             );
             offset += GAMMA1_RING_ELEMENT_SIZE;
         }
diff --git a/libcrux-ml-dsa/src/simd/avx2.rs b/libcrux-ml-dsa/src/simd/avx2.rs
index 0792ec002..dba465b2a 100644
--- a/libcrux-ml-dsa/src/simd/avx2.rs
+++ b/libcrux-ml-dsa/src/simd/avx2.rs
@@ -86,8 +86,8 @@ impl Operations for AVX2SIMDUnit {
     }
 
     #[inline(always)]
-    fn gamma1_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE] {
-        encoding::gamma1::serialize::<OUTPUT_SIZE>(simd_unit.coefficients)
+    fn gamma1_serialize<const GAMMA1_EXPONENT: usize>(simd_unit: Self, serialized: &mut [u8]) {
+        encoding::gamma1::serialize::<GAMMA1_EXPONENT>(simd_unit.coefficients, serialized)
     }
     #[inline(always)]
     fn gamma1_deserialize<const GAMMA1_EXPONENT: usize>(serialized: &[u8]) -> Self {
diff --git a/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs b/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs
index 80b666707..dae75a905 100644
--- a/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/simd/avx2/encoding/gamma1.rs
@@ -1,9 +1,7 @@
 use libcrux_intrinsics::avx2::*;
 
 #[inline(always)]
-fn serialize_when_gamma1_is_2_pow_17<const OUTPUT_SIZE: usize>(
-    simd_unit: Vec256,
-) -> [u8; OUTPUT_SIZE] {
+fn serialize_when_gamma1_is_2_pow_17(simd_unit: Vec256, out: &mut [u8]) {
     let mut serialized = [0u8; 32];
 
     const GAMMA1: i32 = 1 << 17;
@@ -27,13 +25,11 @@ fn serialize_when_gamma1_is_2_pow_17<const OUTPUT_SIZE: usize>(
     let upper_4 = mm256_extracti128_si256::<1>(adjacent_4_combined);
     mm_storeu_bytes_si128(&mut serialized[9..25], upper_4);
 
-    serialized[0..18].try_into().unwrap()
+    out.copy_from_slice(&serialized[0..18]);
 }
 
 #[inline(always)]
-fn serialize_when_gamma1_is_2_pow_19<const OUTPUT_SIZE: usize>(
-    simd_unit: Vec256,
-) -> [u8; OUTPUT_SIZE] {
+fn serialize_when_gamma1_is_2_pow_19(simd_unit: Vec256, out: &mut [u8]) {
     let mut serialized = [0u8; 32];
 
     const GAMMA1: i32 = 1 << 19;
@@ -61,14 +57,14 @@ fn serialize_when_gamma1_is_2_pow_19<const OUTPUT_SIZE: usize>(
     let upper_4 = mm256_extracti128_si256::<1>(adjacent_4_combined);
     mm_storeu_bytes_si128(&mut serialized[10..26], upper_4);
 
-    serialized[0..20].try_into().unwrap()
+    out.copy_from_slice(&serialized[0..20])
 }
 
 #[inline(always)]
-pub(crate) fn serialize<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] {
-    match OUTPUT_SIZE as u8 {
-        18 => serialize_when_gamma1_is_2_pow_17::<OUTPUT_SIZE>(simd_unit),
-        20 => serialize_when_gamma1_is_2_pow_19::<OUTPUT_SIZE>(simd_unit),
+pub(crate) fn serialize<const GAMMA1_EXPONENT: usize>(simd_unit: Vec256, serialized: &mut [u8]) {
+    match GAMMA1_EXPONENT as u8 {
+        17 => serialize_when_gamma1_is_2_pow_17(simd_unit, serialized),
+        19 => serialize_when_gamma1_is_2_pow_19(simd_unit, serialized),
         _ => unreachable!(),
     }
 }
diff --git a/libcrux-ml-dsa/src/simd/portable.rs b/libcrux-ml-dsa/src/simd/portable.rs
index f0c02d10e..1e96793c7 100644
--- a/libcrux-ml-dsa/src/simd/portable.rs
+++ b/libcrux-ml-dsa/src/simd/portable.rs
@@ -69,8 +69,8 @@ impl Operations for PortableSIMDUnit {
         sample::rejection_sample_less_than_eta_equals_4(randomness, out)
     }
 
-    fn gamma1_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE] {
-        encoding::gamma1::serialize(simd_unit)
+    fn gamma1_serialize<const GAMMA1_EXPONENT: usize>(simd_unit: Self, serialized: &mut [u8]) {
+        encoding::gamma1::serialize::<GAMMA1_EXPONENT>(simd_unit, serialized)
     }
     fn gamma1_deserialize<const GAMMA1_EXPONENT: usize>(serialized: &[u8]) -> Self {
         encoding::gamma1::deserialize::<GAMMA1_EXPONENT>(serialized)
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
index 3dbb5f20a..33a4e864a 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
@@ -1,13 +1,9 @@
 use super::super::vector_type::{PortableSIMDUnit, ZERO};
-// This function is marked public since it is called in the corresponding AVX2 code.
+
 #[inline(always)]
-pub fn serialize_when_gamma1_is_2_pow_17<const OUTPUT_SIZE: usize>(
-    simd_unit: PortableSIMDUnit,
-) -> [u8; OUTPUT_SIZE] {
+fn serialize_when_gamma1_is_2_pow_17(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const GAMMA1: i32 = 1 << 17;
 
-    let mut serialized = [0u8; OUTPUT_SIZE];
-
     for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
         let coefficient0 = GAMMA1 - coefficients[0];
         let coefficient1 = GAMMA1 - coefficients[1];
@@ -33,18 +29,12 @@ pub fn serialize_when_gamma1_is_2_pow_17<const OUTPUT_SIZE: usize>(
         serialized[9 * i + 7] = (coefficient3 >> 2) as u8;
         serialized[9 * i + 8] = (coefficient3 >> 10) as u8;
     }
-
-    serialized
 }
 
 #[inline(always)]
-fn serialize_when_gamma1_is_2_pow_19<const OUTPUT_SIZE: usize>(
-    simd_unit: PortableSIMDUnit,
-) -> [u8; OUTPUT_SIZE] {
+fn serialize_when_gamma1_is_2_pow_19(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const GAMMA1: i32 = 1 << 19;
 
-    let mut serialized = [0u8; OUTPUT_SIZE];
-
     for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
         let coefficient0 = GAMMA1 - coefficients[0];
         let coefficient1 = GAMMA1 - coefficients[1];
@@ -58,16 +48,15 @@ fn serialize_when_gamma1_is_2_pow_19<const OUTPUT_SIZE: usize>(
         serialized[5 * i + 3] = (coefficient1 >> 4) as u8;
         serialized[5 * i + 4] = (coefficient1 >> 12) as u8;
     }
-
-    serialized
 }
 #[inline(always)]
-pub(crate) fn serialize<const OUTPUT_SIZE: usize>(
+pub(crate) fn serialize<const GAMMA1_EXPONENT: usize>(
     simd_unit: PortableSIMDUnit,
-) -> [u8; OUTPUT_SIZE] {
-    match OUTPUT_SIZE as u8 {
-        18 => serialize_when_gamma1_is_2_pow_17::<OUTPUT_SIZE>(simd_unit),
-        20 => serialize_when_gamma1_is_2_pow_19::<OUTPUT_SIZE>(simd_unit),
+    serialized: &mut [u8],
+) {
+    match GAMMA1_EXPONENT as u8 {
+        17 => serialize_when_gamma1_is_2_pow_17(simd_unit, serialized),
+        19 => serialize_when_gamma1_is_2_pow_19(simd_unit, serialized),
         _ => unreachable!(),
     }
 }
diff --git a/libcrux-ml-dsa/src/simd/traits.rs b/libcrux-ml-dsa/src/simd/traits.rs
index d851dab1a..72a9eccb3 100644
--- a/libcrux-ml-dsa/src/simd/traits.rs
+++ b/libcrux-ml-dsa/src/simd/traits.rs
@@ -53,7 +53,7 @@ pub(crate) trait Operations: Copy + Clone {
     // Encoding operations
 
     // Gamma1
-    fn gamma1_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE];
+    fn gamma1_serialize<const GAMMA1_EXPONENT: usize>(simd_unit: Self, serialized: &mut [u8]);
     fn gamma1_deserialize<const GAMMA1_EXPONENT: usize>(serialized: &[u8]) -> Self;
 
     // Commitment

From b7df319108b5cea23f7f7c963c6574e8b266ee9a Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 17:54:31 +0000
Subject: [PATCH 078/142] more loop cleanups

---
 libcrux-ml-dsa/src/encoding/gamma1.rs      | 14 +++---
 libcrux-ml-dsa/src/encoding/signing_key.rs |  3 +-
 libcrux-ml-dsa/src/encoding/t0.rs          | 53 +++++++++++-----------
 3 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/gamma1.rs b/libcrux-ml-dsa/src/encoding/gamma1.rs
index 08b56eabd..20c7e6a5b 100644
--- a/libcrux-ml-dsa/src/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/encoding/gamma1.rs
@@ -1,15 +1,17 @@
-use crate::{polynomial::PolynomialRingElement, simd::traits::Operations};
+use crate::{helper::cloop, polynomial::PolynomialRingElement, simd::traits::Operations};
 
 #[inline(always)]
 pub(crate) fn serialize<SIMDUnit: Operations, const GAMMA1_EXPONENT: usize>(
     re: PolynomialRingElement<SIMDUnit>,
     serialized: &mut [u8], // OUTPUT_BYTES
 ) {
-    for (i, simd_unit) in re.simd_units.iter().enumerate() {
-        SIMDUnit::gamma1_serialize::<GAMMA1_EXPONENT>(
-            *simd_unit,
-            &mut serialized[i * (GAMMA1_EXPONENT + 1)..(i + 1) * (GAMMA1_EXPONENT + 1)],
-        );
+    cloop! {
+        for (i, simd_unit) in re.simd_units.iter().enumerate() {
+            SIMDUnit::gamma1_serialize::<GAMMA1_EXPONENT>(
+                *simd_unit,
+                &mut serialized[i * (GAMMA1_EXPONENT + 1)..(i + 1) * (GAMMA1_EXPONENT + 1)],
+            );
+        }
     }
 }
 
diff --git a/libcrux-ml-dsa/src/encoding/signing_key.rs b/libcrux-ml-dsa/src/encoding/signing_key.rs
index 6a33c4ecc..0bc31df00 100644
--- a/libcrux-ml-dsa/src/encoding/signing_key.rs
+++ b/libcrux-ml-dsa/src/encoding/signing_key.rs
@@ -67,8 +67,7 @@ pub(crate) fn generate_serialized<
 
     cloop! {
         for ring_element in t0.iter() {
-            signing_key_serialized[offset..offset + RING_ELEMENT_OF_T0S_SIZE]
-                .copy_from_slice(&encoding::t0::serialize::<SIMDUnit>(*ring_element));
+            encoding::t0::serialize::<SIMDUnit>(*ring_element, &mut signing_key_serialized[offset..offset + RING_ELEMENT_OF_T0S_SIZE]);
             offset += RING_ELEMENT_OF_T0S_SIZE;
         }
     }
diff --git a/libcrux-ml-dsa/src/encoding/t0.rs b/libcrux-ml-dsa/src/encoding/t0.rs
index 07943c2b3..aec3c11c0 100644
--- a/libcrux-ml-dsa/src/encoding/t0.rs
+++ b/libcrux-ml-dsa/src/encoding/t0.rs
@@ -3,37 +3,36 @@
 // ---------------------------------------------------------------------------
 
 use crate::{
-    constants::RING_ELEMENT_OF_T0S_SIZE, ntt::ntt, polynomial::PolynomialRingElement,
-    simd::traits::Operations,
+    constants::RING_ELEMENT_OF_T0S_SIZE, helper::cloop, ntt::ntt,
+    polynomial::PolynomialRingElement, simd::traits::Operations,
 };
 
+const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 13;
+
 #[inline(always)]
 pub(crate) fn serialize<SIMDUnit: Operations>(
     re: PolynomialRingElement<SIMDUnit>,
-) -> [u8; RING_ELEMENT_OF_T0S_SIZE] {
-    let mut serialized = [0u8; RING_ELEMENT_OF_T0S_SIZE];
-
-    const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 13;
-
-    for (i, simd_unit) in re.simd_units.iter().enumerate() {
-        serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-            .copy_from_slice(&SIMDUnit::t0_serialize(*simd_unit));
+    serialized: &mut [u8], // RING_ELEMENT_OF_T0S_SIZE
+) {
+    cloop! {
+        for (i, simd_unit) in re.simd_units.iter().enumerate() {
+            // XXX: make t0_deserialize take &mut serialized?
+            serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
+                .copy_from_slice(&SIMDUnit::t0_serialize(*simd_unit));
+        }
     }
-
-    serialized
 }
 
 #[inline(always)]
-fn deserialize<SIMDUnit: Operations>(serialized: &[u8]) -> PolynomialRingElement<SIMDUnit> {
-    let mut serialized_chunks = serialized.chunks(13);
-
-    let mut result = PolynomialRingElement::ZERO();
-
+fn deserialize<SIMDUnit: Operations>(
+    serialized: &[u8],
+    result: &mut PolynomialRingElement<SIMDUnit>,
+) {
     for i in 0..result.simd_units.len() {
-        result.simd_units[i] = SIMDUnit::t0_deserialize(&serialized_chunks.next().unwrap());
+        result.simd_units[i] = SIMDUnit::t0_deserialize(
+            &serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT],
+        );
     }
-
-    result
 }
 
 #[inline(always)]
@@ -43,7 +42,8 @@ pub(crate) fn deserialize_to_vector_then_ntt<SIMDUnit: Operations, const DIMENSI
     let mut ring_elements = [PolynomialRingElement::<SIMDUnit>::ZERO(); DIMENSION];
 
     for (i, bytes) in serialized.chunks(RING_ELEMENT_OF_T0S_SIZE).enumerate() {
-        ring_elements[i] = ntt(deserialize::<SIMDUnit>(bytes));
+        deserialize::<SIMDUnit>(bytes, &mut ring_elements[i]);
+        ring_elements[i] = ntt(ring_elements[i]);
     }
 
     ring_elements
@@ -104,7 +104,9 @@ mod tests {
             114, 203, 81, 128, 188, 172, 90, 39, 25, 122, 156, 12, 71, 57, 204, 234, 227,
         ];
 
-        assert_eq!(serialize::<SIMDUnit>(re), expected_bytes);
+        let mut result = [0u8; RING_ELEMENT_OF_T0S_SIZE];
+        serialize::<SIMDUnit>(re, &mut result);
+        assert_eq!(result, expected_bytes);
     }
     fn test_deserialize_generic<SIMDUnit: Operations>() {
         let serialized = [
@@ -154,10 +156,9 @@ mod tests {
             2487, -1527, 2834, -3089, 1724, 3858, -2130, 3301, -1565,
         ];
 
-        assert_eq!(
-            deserialize::<SIMDUnit>(&serialized).to_i32_array(),
-            expected_coefficients
-        );
+        let mut deserialized = PolynomialRingElement::<SIMDUnit>::ZERO();
+        deserialize::<SIMDUnit>(&serialized, &mut deserialized);
+        assert_eq!(deserialized.to_i32_array(), expected_coefficients);
     }
 
     #[cfg(not(feature = "simd256"))]

From ce52b8302c13a452f2fde8c8197158d5baea9377 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 18:22:25 +0000
Subject: [PATCH 079/142] more loop cleanups

---
 libcrux-ml-dsa/src/encoding/error.rs          | 74 ++++++-------------
 libcrux-ml-dsa/src/encoding/signing_key.rs    | 16 ++--
 libcrux-ml-dsa/src/simd/avx2.rs               |  4 +-
 .../src/simd/avx2/encoding/error.rs           | 19 +++--
 libcrux-ml-dsa/src/simd/portable.rs           |  4 +-
 .../src/simd/portable/encoding/error.rs       | 26 ++-----
 libcrux-ml-dsa/src/simd/traits.rs             |  2 +-
 7 files changed, 59 insertions(+), 86 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/error.rs b/libcrux-ml-dsa/src/encoding/error.rs
index 80080945c..9d62d4fec 100644
--- a/libcrux-ml-dsa/src/encoding/error.rs
+++ b/libcrux-ml-dsa/src/encoding/error.rs
@@ -1,60 +1,33 @@
 // Functions for serializing and deserializing an error ring element.
 
-use crate::{ntt::ntt, polynomial::PolynomialRingElement, simd::traits::Operations};
+use crate::{helper::cloop, ntt::ntt, polynomial::PolynomialRingElement, simd::traits::Operations};
 
 #[inline(always)]
 pub(crate) fn serialize<SIMDUnit: Operations, const ETA: usize, const OUTPUT_SIZE: usize>(
     re: PolynomialRingElement<SIMDUnit>,
-) -> [u8; OUTPUT_SIZE] {
-    let mut serialized = [0u8; OUTPUT_SIZE];
-
-    match ETA as u8 {
-        2 => {
-            const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 3;
-
-            for (i, simd_unit) in re.simd_units.iter().enumerate() {
-                serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-                    .copy_from_slice(&SIMDUnit::error_serialize::<OUTPUT_BYTES_PER_SIMD_UNIT>(
-                        *simd_unit,
-                    ));
-            }
-
-            serialized
+    serialized: &mut [u8], //OUTPUT_SIZE
+) {
+    let output_bytes_per_simd_unit = if ETA == 2 { 3 } else { 4 };
+    cloop! {
+        for (i, simd_unit) in re.simd_units.iter().enumerate() {
+            SIMDUnit::error_serialize::<ETA>(
+                    *simd_unit,&mut serialized[i * output_bytes_per_simd_unit..(i + 1) * output_bytes_per_simd_unit]
+                );
         }
-        4 => {
-            const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 4;
-
-            for (i, simd_unit) in re.simd_units.iter().enumerate() {
-                serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-                    .copy_from_slice(&SIMDUnit::error_serialize::<OUTPUT_BYTES_PER_SIMD_UNIT>(
-                        *simd_unit,
-                    ));
-            }
-
-            serialized
-        }
-        _ => unreachable!(),
     }
 }
 
 #[inline(always)]
 fn deserialize<SIMDUnit: Operations, const ETA: usize>(
     serialized: &[u8],
-) -> PolynomialRingElement<SIMDUnit> {
-    let mut serialized_chunks = match ETA as u8 {
-        2 => serialized.chunks(3),
-        4 => serialized.chunks(4),
-        _ => unreachable!(),
-    };
-
-    let mut result = PolynomialRingElement::ZERO();
+    result: &mut PolynomialRingElement<SIMDUnit>,
+) {
+    let chunk_size = if ETA == 2 { 3 } else { 4 };
 
     for i in 0..result.simd_units.len() {
         result.simd_units[i] =
-            SIMDUnit::error_deserialize::<ETA>(&serialized_chunks.next().unwrap());
+            SIMDUnit::error_deserialize::<ETA>(&serialized[i * chunk_size..(i + 1) * chunk_size]);
     }
-
-    result
 }
 
 #[inline(always)]
@@ -68,8 +41,11 @@ pub(crate) fn deserialize_to_vector_then_ntt<
 ) -> [PolynomialRingElement<SIMDUnit>; DIMENSION] {
     let mut ring_elements = [PolynomialRingElement::<SIMDUnit>::ZERO(); DIMENSION];
 
-    for (i, bytes) in serialized.chunks(RING_ELEMENT_SIZE).enumerate() {
-        ring_elements[i] = ntt(deserialize::<SIMDUnit, ETA>(bytes));
+    cloop! {
+        for (i, bytes) in serialized.chunks_exact(RING_ELEMENT_SIZE).enumerate() {
+            deserialize::<SIMDUnit, ETA>(bytes, &mut ring_elements[i]);
+            ring_elements[i] = ntt(ring_elements[i]);
+        }
     }
 
     ring_elements
@@ -104,10 +80,9 @@ mod tests {
             0, 2, -1,
         ];
 
-        assert_eq!(
-            deserialize::<SIMDUnit, 2>(&serialized).to_i32_array(),
-            expected_coefficients
-        );
+        let mut deserialized = PolynomialRingElement::<SIMDUnit>::ZERO();
+        deserialize::<SIMDUnit, 2>(&serialized, &mut deserialized);
+        assert_eq!(deserialized.to_i32_array(), expected_coefficients);
 
         let serialized = [
             22, 103, 55, 49, 34, 65, 50, 129, 52, 65, 21, 85, 82, 69, 3, 55, 52, 101, 80, 64, 114,
@@ -133,10 +108,9 @@ mod tests {
             1, 3,
         ];
 
-        assert_eq!(
-            deserialize::<SIMDUnit, 4>(&serialized).to_i32_array(),
-            expected_coefficients
-        );
+        let mut deserialized = PolynomialRingElement::<SIMDUnit>::ZERO();
+        deserialize::<SIMDUnit, 4>(&serialized, &mut deserialized);
+        assert_eq!(deserialized.to_i32_array(), expected_coefficients);
     }
 
     #[cfg(not(feature = "simd256"))]
diff --git a/libcrux-ml-dsa/src/encoding/signing_key.rs b/libcrux-ml-dsa/src/encoding/signing_key.rs
index 0bc31df00..fe7209e01 100644
--- a/libcrux-ml-dsa/src/encoding/signing_key.rs
+++ b/libcrux-ml-dsa/src/encoding/signing_key.rs
@@ -49,8 +49,9 @@ pub(crate) fn generate_serialized<
 
     cloop! {
         for ring_element in s1.iter() {
-            signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE].copy_from_slice(
-                &encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(*ring_element),
+            encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(
+                *ring_element,
+                &mut signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE],
             );
             offset += ERROR_RING_ELEMENT_SIZE;
         }
@@ -58,8 +59,9 @@ pub(crate) fn generate_serialized<
 
     cloop! {
         for ring_element in s2.iter() {
-            signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE].copy_from_slice(
-                &encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(*ring_element),
+            encoding::error::serialize::<SIMDUnit, ETA, ERROR_RING_ELEMENT_SIZE>(
+                *ring_element,
+                &mut signing_key_serialized[offset..offset + ERROR_RING_ELEMENT_SIZE],
             );
             offset += ERROR_RING_ELEMENT_SIZE;
         }
@@ -67,7 +69,10 @@ pub(crate) fn generate_serialized<
 
     cloop! {
         for ring_element in t0.iter() {
-            encoding::t0::serialize::<SIMDUnit>(*ring_element, &mut signing_key_serialized[offset..offset + RING_ELEMENT_OF_T0S_SIZE]);
+            encoding::t0::serialize::<SIMDUnit>(
+                *ring_element,
+                &mut signing_key_serialized[offset..offset + RING_ELEMENT_OF_T0S_SIZE],
+            );
             offset += RING_ELEMENT_OF_T0S_SIZE;
         }
     }
@@ -118,6 +123,7 @@ pub(crate) fn deserialize_then_ntt<
         ERROR_RING_ELEMENT_SIZE,
     >(s2_serialized);
 
+    // XXX: write *_as_ntt directly into the output above
     let t0_as_ntt =
         encoding::t0::deserialize_to_vector_then_ntt::<SIMDUnit, ROWS_IN_A>(t0_serialized);
 
diff --git a/libcrux-ml-dsa/src/simd/avx2.rs b/libcrux-ml-dsa/src/simd/avx2.rs
index dba465b2a..0142a7597 100644
--- a/libcrux-ml-dsa/src/simd/avx2.rs
+++ b/libcrux-ml-dsa/src/simd/avx2.rs
@@ -100,8 +100,8 @@ impl Operations for AVX2SIMDUnit {
     }
 
     #[inline(always)]
-    fn error_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE] {
-        encoding::error::serialize::<OUTPUT_SIZE>(simd_unit.coefficients)
+    fn error_serialize<const ETA: usize>(simd_unit: Self, serialized: &mut [u8]) {
+        encoding::error::serialize::<ETA>(simd_unit.coefficients, serialized)
     }
     #[inline(always)]
     fn error_deserialize<const ETA: usize>(serialized: &[u8]) -> Self {
diff --git a/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs b/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs
index 0d9095166..dcc82f753 100644
--- a/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs
+++ b/libcrux-ml-dsa/src/simd/avx2/encoding/error.rs
@@ -1,7 +1,7 @@
 use libcrux_intrinsics::avx2::*;
 
 #[inline(always)]
-fn serialize_when_eta_is_2<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] {
+fn serialize_when_eta_is_2(simd_unit: Vec256, out: &mut [u8]) {
     let mut serialized = [0u8; 16];
 
     const ETA: i32 = 2;
@@ -34,10 +34,11 @@ fn serialize_when_eta_is_2<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8;
 
     mm_storeu_bytes_si128(&mut serialized[0..16], adjacent_6_combined);
 
-    serialized[0..3].try_into().unwrap()
+    out.copy_from_slice(&serialized[0..3]);
 }
+
 #[inline(always)]
-fn serialize_when_eta_is_4<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] {
+fn serialize_when_eta_is_4(simd_unit: Vec256, out: &mut [u8]) {
     let mut serialized = [0u8; 16];
 
     const ETA: i32 = 4;
@@ -61,13 +62,14 @@ fn serialize_when_eta_is_4<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8;
 
     mm_storeu_bytes_si128(&mut serialized[0..16], adjacent_4_combined);
 
-    serialized[0..4].try_into().unwrap()
+    out.copy_from_slice(&serialized[0..4])
 }
+
 #[inline(always)]
-pub fn serialize<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] {
-    match OUTPUT_SIZE as u8 {
-        3 => serialize_when_eta_is_2::<OUTPUT_SIZE>(simd_unit),
-        4 => serialize_when_eta_is_4::<OUTPUT_SIZE>(simd_unit),
+pub fn serialize<const ETA: usize>(simd_unit: Vec256, serialized: &mut [u8]) {
+    match ETA as u8 {
+        2 => serialize_when_eta_is_2(simd_unit, serialized),
+        4 => serialize_when_eta_is_4(simd_unit, serialized),
         _ => unreachable!(),
     }
 }
@@ -94,6 +96,7 @@ fn deserialize_to_unsigned_when_eta_is_2(bytes: &[u8]) -> Vec256 {
 
     mm256_and_si256(coefficients, mm256_set1_epi32(COEFFICIENT_MASK))
 }
+
 #[inline(always)]
 fn deserialize_to_unsigned_when_eta_is_4(bytes: &[u8]) -> Vec256 {
     debug_assert!(bytes.len() == 4);
diff --git a/libcrux-ml-dsa/src/simd/portable.rs b/libcrux-ml-dsa/src/simd/portable.rs
index 1e96793c7..6478ac271 100644
--- a/libcrux-ml-dsa/src/simd/portable.rs
+++ b/libcrux-ml-dsa/src/simd/portable.rs
@@ -80,8 +80,8 @@ impl Operations for PortableSIMDUnit {
         encoding::commitment::serialize(simd_unit)
     }
 
-    fn error_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE] {
-        encoding::error::serialize(simd_unit)
+    fn error_serialize<const ETA: usize>(simd_unit: Self, serialized: &mut [u8]) {
+        encoding::error::serialize::<ETA>(simd_unit, serialized)
     }
     fn error_deserialize<const ETA: usize>(serialized: &[u8]) -> Self {
         encoding::error::deserialize::<ETA>(serialized)
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
index 5581cc2a4..bc27ff3a3 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
@@ -1,10 +1,7 @@
 use super::super::vector_type::{PortableSIMDUnit, ZERO};
 
 #[inline(always)]
-fn serialize_when_eta_is_2<const OUTPUT_SIZE: usize>(
-    simd_unit: PortableSIMDUnit,
-) -> [u8; OUTPUT_SIZE] {
-    let mut serialized = [0u8; OUTPUT_SIZE];
+fn serialize_when_eta_is_2(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const ETA: i32 = 2;
 
     let coefficient0 = (ETA - simd_unit.coefficients[0]) as u8;
@@ -20,14 +17,10 @@ fn serialize_when_eta_is_2<const OUTPUT_SIZE: usize>(
     serialized[1] =
         (coefficient5 << 7) | (coefficient4 << 4) | (coefficient3 << 1) | (coefficient2 >> 2);
     serialized[2] = (coefficient7 << 5) | (coefficient6 << 2) | (coefficient5 >> 1);
-
-    serialized
 }
+
 #[inline(always)]
-fn serialize_when_eta_is_4<const OUTPUT_SIZE: usize>(
-    simd_unit: PortableSIMDUnit,
-) -> [u8; OUTPUT_SIZE] {
-    let mut serialized = [0u8; OUTPUT_SIZE];
+fn serialize_when_eta_is_4(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const ETA: i32 = 4;
 
     for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
@@ -36,16 +29,13 @@ fn serialize_when_eta_is_4<const OUTPUT_SIZE: usize>(
 
         serialized[i] = (coefficient1 << 4) | coefficient0;
     }
-
-    serialized
 }
+
 #[inline(always)]
-pub(crate) fn serialize<const OUTPUT_SIZE: usize>(
-    simd_unit: PortableSIMDUnit,
-) -> [u8; OUTPUT_SIZE] {
-    match OUTPUT_SIZE as u8 {
-        3 => serialize_when_eta_is_2::<OUTPUT_SIZE>(simd_unit),
-        4 => serialize_when_eta_is_4::<OUTPUT_SIZE>(simd_unit),
+pub(crate) fn serialize<const ETA: usize>(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
+    match ETA as u8 {
+        2 => serialize_when_eta_is_2(simd_unit, serialized),
+        4 => serialize_when_eta_is_4(simd_unit, serialized),
         _ => unreachable!(),
     }
 }
diff --git a/libcrux-ml-dsa/src/simd/traits.rs b/libcrux-ml-dsa/src/simd/traits.rs
index 72a9eccb3..38b7bf3d4 100644
--- a/libcrux-ml-dsa/src/simd/traits.rs
+++ b/libcrux-ml-dsa/src/simd/traits.rs
@@ -60,7 +60,7 @@ pub(crate) trait Operations: Copy + Clone {
     fn commitment_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE];
 
     // Error
-    fn error_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE];
+    fn error_serialize<const ETA: usize>(simd_unit: Self, serialized: &mut [u8]);
     fn error_deserialize<const ETA: usize>(serialized: &[u8]) -> Self;
 
     // t0

From 05d9103534945cd1e884b1321589ecb43c1a0e05 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Fri, 6 Dec 2024 19:37:14 +0000
Subject: [PATCH 080/142] more loop cleanups

---
 libcrux-ml-dsa/src/arithmetic.rs              |  28 ++--
 libcrux-ml-dsa/src/encoding/commitment.rs     |  12 +-
 libcrux-ml-dsa/src/encoding/signature.rs      |  14 +-
 libcrux-ml-dsa/src/encoding/t1.rs             |  10 +-
 .../src/encoding/verification_key.rs          |  11 +-
 libcrux-ml-dsa/src/helper.rs                  |  22 ++-
 libcrux-ml-dsa/src/matrix.rs                  |  19 ++-
 libcrux-ml-dsa/src/ml_dsa_generic.rs          |  28 +++-
 libcrux-ml-dsa/src/pre_hash.rs                |  35 ++---
 .../src/simd/portable/arithmetic.rs           |  39 ++---
 .../src/simd/portable/encoding/error.rs       |  21 ++-
 .../src/simd/portable/encoding/gamma1.rs      | 134 ++++++++++--------
 .../src/simd/portable/encoding/t1.rs          |  46 +++---
 13 files changed, 251 insertions(+), 168 deletions(-)

diff --git a/libcrux-ml-dsa/src/arithmetic.rs b/libcrux-ml-dsa/src/arithmetic.rs
index ff91f65a7..f0fde7f73 100644
--- a/libcrux-ml-dsa/src/arithmetic.rs
+++ b/libcrux-ml-dsa/src/arithmetic.rs
@@ -1,5 +1,5 @@
 use crate::{
-    constants::COEFFICIENTS_IN_RING_ELEMENT, polynomial::PolynomialRingElement,
+    constants::COEFFICIENTS_IN_RING_ELEMENT, helper::cloop, polynomial::PolynomialRingElement,
     simd::traits::Operations,
 };
 
@@ -13,8 +13,10 @@ pub(crate) fn vector_infinity_norm_exceeds<SIMDUnit: Operations, const DIMENSION
     // TODO: We can break out of this loop early if need be, but the most
     // straightforward way to do so (returning false) will not go through hax;
     // revisit if performance is impacted.
-    for ring_element in vector.iter() {
-        exceeds = exceeds || ring_element.infinity_norm_exceeds(bound);
+    cloop! {
+        for ring_element in vector.iter() {
+            exceeds = exceeds || ring_element.infinity_norm_exceeds(bound);
+        }
     }
 
     exceeds
@@ -26,8 +28,10 @@ pub(crate) fn shift_left_then_reduce<SIMDUnit: Operations, const SHIFT_BY: i32>(
 ) -> PolynomialRingElement<SIMDUnit> {
     let mut out = PolynomialRingElement::ZERO();
 
-    for (i, simd_unit) in re.simd_units.iter().enumerate() {
-        out.simd_units[i] = SIMDUnit::shift_left_then_reduce::<SHIFT_BY>(*simd_unit);
+    cloop! {
+        for (i, simd_unit) in re.simd_units.iter().enumerate() {
+            out.simd_units[i] = SIMDUnit::shift_left_then_reduce::<SHIFT_BY>(*simd_unit);
+        }
     }
 
     out
@@ -43,12 +47,16 @@ pub(crate) fn power2round_vector<SIMDUnit: Operations, const DIMENSION: usize>(
     let mut t0 = [PolynomialRingElement::<SIMDUnit>::ZERO(); DIMENSION];
     let mut t1 = [PolynomialRingElement::<SIMDUnit>::ZERO(); DIMENSION];
 
-    for (i, ring_element) in t.iter().enumerate() {
-        for (j, simd_unit) in ring_element.simd_units.iter().enumerate() {
-            let (t0_unit, t1_unit) = SIMDUnit::power2round(*simd_unit);
+    cloop! {
+        for (i, ring_element) in t.iter().enumerate() {
+            cloop!{
+                for (j, simd_unit) in ring_element.simd_units.iter().enumerate() {
+                    let (t0_unit, t1_unit) = SIMDUnit::power2round(*simd_unit);
 
-            t0[i].simd_units[j] = t0_unit;
-            t1[i].simd_units[j] = t1_unit;
+                    t0[i].simd_units[j] = t0_unit;
+                    t1[i].simd_units[j] = t1_unit;
+                }
+            }
         }
     }
 
diff --git a/libcrux-ml-dsa/src/encoding/commitment.rs b/libcrux-ml-dsa/src/encoding/commitment.rs
index f5a12e789..ecb4d48ba 100644
--- a/libcrux-ml-dsa/src/encoding/commitment.rs
+++ b/libcrux-ml-dsa/src/encoding/commitment.rs
@@ -1,4 +1,4 @@
-use crate::{polynomial::PolynomialRingElement, simd::traits::Operations};
+use crate::{helper::cloop, polynomial::PolynomialRingElement, simd::traits::Operations};
 
 #[inline(always)]
 fn serialize<SIMDUnit: Operations, const OUTPUT_SIZE: usize>(
@@ -55,10 +55,12 @@ pub(crate) fn serialize_vector<
     let mut serialized = [0u8; OUTPUT_SIZE];
     let mut offset: usize = 0;
 
-    for ring_element in vector.iter() {
-        serialized[offset..offset + RING_ELEMENT_SIZE]
-            .copy_from_slice(&serialize::<SIMDUnit, RING_ELEMENT_SIZE>(*ring_element));
-        offset += RING_ELEMENT_SIZE;
+    cloop! {
+        for ring_element in vector.iter() {
+            serialized[offset..offset + RING_ELEMENT_SIZE]
+                .copy_from_slice(&serialize::<SIMDUnit, RING_ELEMENT_SIZE>(*ring_element));
+            offset += RING_ELEMENT_SIZE;
+        }
     }
 
     serialized
diff --git a/libcrux-ml-dsa/src/encoding/signature.rs b/libcrux-ml-dsa/src/encoding/signature.rs
index a25f693bf..6fc115d02 100644
--- a/libcrux-ml-dsa/src/encoding/signature.rs
+++ b/libcrux-ml-dsa/src/encoding/signature.rs
@@ -141,13 +141,13 @@ impl<
         }
 
         if malformed_hint {
-            Err(VerificationError::MalformedHintError)
-        } else {
-            Ok(Signature {
-                commitment_hash: commitment_hash.try_into().unwrap(),
-                signer_response,
-                hint,
-            })
+            return Err(VerificationError::MalformedHintError);
         }
+
+        Ok(Signature {
+            commitment_hash: commitment_hash.try_into().unwrap(),
+            signer_response,
+            hint,
+        })
     }
 }
diff --git a/libcrux-ml-dsa/src/encoding/t1.rs b/libcrux-ml-dsa/src/encoding/t1.rs
index 0bbe3ea4f..07d3c5b72 100644
--- a/libcrux-ml-dsa/src/encoding/t1.rs
+++ b/libcrux-ml-dsa/src/encoding/t1.rs
@@ -1,5 +1,5 @@
 use crate::{
-    constants::RING_ELEMENT_OF_T1S_SIZE, polynomial::PolynomialRingElement,
+    constants::RING_ELEMENT_OF_T1S_SIZE, helper::cloop, polynomial::PolynomialRingElement,
     simd::traits::Operations,
 };
 
@@ -13,9 +13,11 @@ pub(crate) fn serialize<SIMDUnit: Operations>(
 
     const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 10;
 
-    for (i, simd_unit) in re.simd_units.iter().enumerate() {
-        serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-            .copy_from_slice(&SIMDUnit::t1_serialize(*simd_unit));
+    cloop! {
+        for (i, simd_unit) in re.simd_units.iter().enumerate() {
+            serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
+                .copy_from_slice(&SIMDUnit::t1_serialize(*simd_unit));
+        }
     }
 
     serialized
diff --git a/libcrux-ml-dsa/src/encoding/verification_key.rs b/libcrux-ml-dsa/src/encoding/verification_key.rs
index c278c518b..85dd728d5 100644
--- a/libcrux-ml-dsa/src/encoding/verification_key.rs
+++ b/libcrux-ml-dsa/src/encoding/verification_key.rs
@@ -1,6 +1,7 @@
 use crate::{
     constants::{RING_ELEMENT_OF_T1S_SIZE, SEED_FOR_A_SIZE},
     encoding::t1,
+    helper::cloop,
     polynomial::PolynomialRingElement,
     simd::traits::Operations,
 };
@@ -18,10 +19,12 @@ pub(crate) fn generate_serialized<
     let mut verification_key_serialized = [0u8; VERIFICATION_KEY_SIZE];
     verification_key_serialized[0..SEED_FOR_A_SIZE].copy_from_slice(seed_for_A);
 
-    for (i, ring_element) in t1.iter().enumerate() {
-        let offset = SEED_FOR_A_SIZE + (i * RING_ELEMENT_OF_T1S_SIZE);
-        verification_key_serialized[offset..offset + RING_ELEMENT_OF_T1S_SIZE]
-            .copy_from_slice(&t1::serialize::<SIMDUnit>(*ring_element));
+    cloop! {
+        for (i, ring_element) in t1.iter().enumerate() {
+            let offset = SEED_FOR_A_SIZE + (i * RING_ELEMENT_OF_T1S_SIZE);
+            verification_key_serialized[offset..offset + RING_ELEMENT_OF_T1S_SIZE]
+                .copy_from_slice(&t1::serialize::<SIMDUnit>(*ring_element));
+        }
     }
 
     verification_key_serialized
diff --git a/libcrux-ml-dsa/src/helper.rs b/libcrux-ml-dsa/src/helper.rs
index daccf62b5..3ac46df57 100644
--- a/libcrux-ml-dsa/src/helper.rs
+++ b/libcrux-ml-dsa/src/helper.rs
@@ -28,8 +28,8 @@ macro_rules! cloop {
         }
     };
     (for $item:ident in $val:ident.iter() $body:block) => {
-        for _cloop_i in 0..$val.len() {
-            let $item = &$val[_cloop_i];
+        for _cloop_j in 0..$val.len() {
+            let $item = &$val[_cloop_j];
             $body
         }
     };
@@ -45,6 +45,18 @@ macro_rules! cloop {
             $body
         }
     };
+    (for ($i:ident, $item:ident) in $val:ident.$values:ident.into_iter().enumerate() $body:block) => {
+        for $i in 0..$val.$values.len() {
+            let $item = $val.$values[$i];
+            $body
+        }
+    };
+    (for $item:ident in $val:ident.$values:ident.into_iter() $body:block) => {
+        for _cloop_k in 0..$val.$values.len() {
+            let $item = $val.$values[_cloop_k];
+            $body
+        }
+    };
     (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
         for $i in $start..$end / $step {
             let $i = $i * $step;
@@ -76,6 +88,12 @@ macro_rules! cloop {
     (for ($i:ident, $item:ident) in $val:ident.into_iter().enumerate() $body:block) => {
         for ($i, $item) in $val.into_iter().enumerate() $body
     };
+    (for ($i:ident, $item:ident) in $val:ident.$values:ident.into_iter().enumerate() $body:block) => {
+        for ($i, $item) in $val.$values.into_iter().enumerate() $body
+    };
+    (for $item:ident in $val:ident.$values:ident.into_iter() $body:block) => {
+        for $item in $val.$values.into_iter() $body
+    };
     (for $i:ident in ($start:literal..$end:expr).step_by($step:literal) $body:block) => {
         for $i in ($start..$end).step_by($step) $body
     };
diff --git a/libcrux-ml-dsa/src/matrix.rs b/libcrux-ml-dsa/src/matrix.rs
index 47b9a5b26..a981c4860 100644
--- a/libcrux-ml-dsa/src/matrix.rs
+++ b/libcrux-ml-dsa/src/matrix.rs
@@ -1,6 +1,7 @@
 use crate::{
     arithmetic::shift_left_then_reduce,
     constants::BITS_IN_LOWER_PART_OF_T,
+    helper::cloop,
     ntt::{invert_ntt_montgomery, ntt, ntt_multiply_montgomery},
     polynomial::PolynomialRingElement,
     simd::traits::Operations,
@@ -21,14 +22,18 @@ pub(crate) fn compute_As1_plus_s2<
     let mut result = [PolynomialRingElement::<SIMDUnit>::ZERO(); ROWS_IN_A];
     let s1_ntt = s1.map(|s| ntt::<SIMDUnit>(s));
 
-    for (i, row) in A_as_ntt.iter().enumerate() {
-        for (j, ring_element) in row.iter().enumerate() {
-            let product = ntt_multiply_montgomery::<SIMDUnit>(ring_element, &s1_ntt[j]);
-            result[i] = PolynomialRingElement::add(&result[i], &product);
+    cloop! {
+        for (i, row) in A_as_ntt.iter().enumerate() {
+            cloop!{
+                for (j, ring_element) in row.iter().enumerate() {
+                    let product = ntt_multiply_montgomery::<SIMDUnit>(ring_element, &s1_ntt[j]);
+                    result[i] = PolynomialRingElement::add(&result[i], &product);
+                }
+            }
+
+            result[i] = invert_ntt_montgomery::<SIMDUnit>(result[i]);
+            result[i] = PolynomialRingElement::add(&result[i], &s2[i]);
         }
-
-        result[i] = invert_ntt_montgomery::<SIMDUnit>(result[i]);
-        result[i] = PolynomialRingElement::add(&result[i], &s2[i]);
     }
 
     result
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 3883b01e0..e76a816be 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -126,7 +126,10 @@ pub(crate) fn sign_pre_hashed<
         return Err(SigningError::ContextTooLongError);
     }
     let pre_hashed_message = PH::hash::<Shake128>(message);
-    let domain_separation_context = DomainSeparationContext::new(context, Some(&PH::OID))?;
+    let domain_separation_context = match DomainSeparationContext::new(context, Some(PH::oid())) {
+        Ok(dsc) => dsc,
+        Err(_) => return Err(SigningError::ContextTooLongError),
+    };
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -183,7 +186,10 @@ pub(crate) fn sign<
     context: &[u8],
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
-    let domain_separation_context = DomainSeparationContext::new(context, None)?;
+    let domain_separation_context = match DomainSeparationContext::new(context, None) {
+        Ok(dsc) => dsc,
+        Err(_) => return Err(SigningError::ContextTooLongError),
+    };
     sign_internal::<
         SIMDUnit,
         Shake128X4,
@@ -482,12 +488,16 @@ pub(crate) fn verify_internal<
         );
 
     let signature =
-        Signature::<SIMDUnit, COMMITMENT_HASH_SIZE, COLUMNS_IN_A, ROWS_IN_A>::deserialize::<
+        match Signature::<SIMDUnit, COMMITMENT_HASH_SIZE, COLUMNS_IN_A, ROWS_IN_A>::deserialize::<
             GAMMA1_EXPONENT,
             GAMMA1_RING_ELEMENT_SIZE,
             MAX_ONES_IN_HINT,
             SIGNATURE_SIZE,
-        >(signature_serialized)?;
+        >(signature_serialized)
+        {
+            Ok(s) => s,
+            Err(e) => return Err(e),
+        };
 
     // We use if-else branches because early returns will not go through hax.
     if !vector_infinity_norm_exceeds::<SIMDUnit, COLUMNS_IN_A>(
@@ -578,7 +588,10 @@ pub(crate) fn verify<
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
     // We manually do the matching here to make Eurydice happy.
-    let domain_separation_context = DomainSeparationContext::new(context, None)?;
+    let domain_separation_context = match DomainSeparationContext::new(context, None) {
+        Ok(dsc) => dsc,
+        Err(_) => return Err(VerificationError::VerificationContextTooLongError),
+    };
     verify_internal::<
         SIMDUnit,
         Shake128X4,
@@ -635,7 +648,10 @@ pub(crate) fn verify_pre_hashed<
     signature_serialized: &[u8; SIGNATURE_SIZE],
 ) -> Result<(), VerificationError> {
     let pre_hashed_message = PH::hash::<Shake128>(message);
-    let domain_separation_context = DomainSeparationContext::new(context, Some(&PH::OID))?;
+    let domain_separation_context = match DomainSeparationContext::new(context, Some(PH::oid())) {
+        Ok(dsc) => dsc,
+        Err(_) => return Err(VerificationError::VerificationContextTooLongError),
+    };
 
     verify_internal::<
         SIMDUnit,
diff --git a/libcrux-ml-dsa/src/pre_hash.rs b/libcrux-ml-dsa/src/pre_hash.rs
index 7c259c26c..1e678a770 100644
--- a/libcrux-ml-dsa/src/pre_hash.rs
+++ b/libcrux-ml-dsa/src/pre_hash.rs
@@ -12,7 +12,7 @@ pub(crate) type PreHashOID = [u8; PRE_HASH_OID_LEN];
 pub(crate) trait PreHash<const DIGEST_LEN: usize> {
     /// The object identifier (OID) of the hash function or XOF used
     /// to perform the pre-hashing of the message.
-    const OID: PreHashOID;
+    fn oid() -> PreHashOID;
 
     /// Used to derive the pre-hash PH of the message before signing.
     fn hash<Shake128: hash_functions::shake128::Xof>(message: &[u8]) -> [u8; DIGEST_LEN];
@@ -23,10 +23,14 @@ pub(crate) trait PreHash<const DIGEST_LEN: usize> {
 /// digest length 256 bytes.
 pub(crate) struct SHAKE128_PH();
 
+const SHAKE128_OID: PreHashOID = [
+    0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0b,
+];
+
 impl PreHash<256> for SHAKE128_PH {
-    const OID: PreHashOID = [
-        0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0b,
-    ];
+    fn oid() -> PreHashOID {
+        SHAKE128_OID
+    }
 
     #[inline(always)]
     fn hash<Shake128: hash_functions::shake128::Xof>(message: &[u8]) -> [u8; 256] {
@@ -41,7 +45,7 @@ impl PreHash<256> for SHAKE128_PH {
 /// the hash function or XOF used for pre-hashing.
 pub(crate) struct DomainSeparationContext<'a> {
     context: &'a [u8],
-    pre_hash_oid: Option<&'a PreHashOID>,
+    pre_hash_oid: Option<PreHashOID>,
 }
 
 pub(crate) enum DomainSeparationError {
@@ -52,18 +56,15 @@ pub(crate) type PreHashResult<'a> = Result<DomainSeparationContext<'a>, DomainSe
 
 impl<'a> DomainSeparationContext<'a> {
     /// `context` must be at most 255 bytes long.
-    pub(crate) fn new(
-        context: &'a [u8],
-        pre_hash_oid: Option<&'a PreHashOID>,
-    ) -> PreHashResult<'a> {
+    pub(crate) fn new(context: &'a [u8], pre_hash_oid: Option<PreHashOID>) -> PreHashResult<'a> {
         if context.len() > CONTEXT_MAX_LEN {
-            Err(DomainSeparationError::ContextTooLongError)
-        } else {
-            Ok(Self {
-                context,
-                pre_hash_oid,
-            })
+            return Err(DomainSeparationError::ContextTooLongError);
         }
+
+        Ok(Self {
+            context,
+            pre_hash_oid,
+        })
     }
 
     /// Returns the context, guaranteed to be at most 255 bytes long.
@@ -72,8 +73,8 @@ impl<'a> DomainSeparationContext<'a> {
     }
 
     /// Returns the pre-hash OID, if any.
-    pub fn pre_hash_oid(&self) -> Option<&PreHashOID> {
-        self.pre_hash_oid
+    pub fn pre_hash_oid(&self) -> &Option<PreHashOID> {
+        &self.pre_hash_oid
     }
 }
 
diff --git a/libcrux-ml-dsa/src/simd/portable/arithmetic.rs b/libcrux-ml-dsa/src/simd/portable/arithmetic.rs
index f4c269470..d803487a8 100644
--- a/libcrux-ml-dsa/src/simd/portable/arithmetic.rs
+++ b/libcrux-ml-dsa/src/simd/portable/arithmetic.rs
@@ -1,6 +1,7 @@
 use super::vector_type::{FieldElement, PortableSIMDUnit, ZERO};
 use crate::{
     constants::BITS_IN_LOWER_PART_OF_T,
+    helper::cloop,
     simd::traits::{
         FieldElementTimesMontgomeryR, FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R,
     },
@@ -115,11 +116,13 @@ pub fn power2round(simd_unit: PortableSIMDUnit) -> (PortableSIMDUnit, PortableSI
     let mut t0_simd_unit = ZERO();
     let mut t1_simd_unit = ZERO();
 
-    for (i, t) in simd_unit.coefficients.into_iter().enumerate() {
-        let (t0, t1) = power2round_element(t);
+    cloop! {
+        for (i, t) in simd_unit.coefficients.into_iter().enumerate() {
+            let (t0, t1) = power2round_element(t);
 
-        t0_simd_unit.coefficients[i] = t0;
-        t1_simd_unit.coefficients[i] = t1;
+            t0_simd_unit.coefficients[i] = t0;
+            t1_simd_unit.coefficients[i] = t1;
+        }
     }
 
     (t0_simd_unit, t1_simd_unit)
@@ -138,19 +141,21 @@ pub fn infinity_norm_exceeds(simd_unit: PortableSIMDUnit, bound: i32) -> bool {
     // TODO: We can break out of this loop early if need be, but the most
     // straightforward way to do so (returning false) will not go through hax;
     // revisit if performance is impacted.
-    for coefficient in simd_unit.coefficients.into_iter() {
-        debug_assert!(coefficient > -FIELD_MODULUS && coefficient < FIELD_MODULUS);
-        // This norm is calculated using the absolute value of the
-        // signed representative in the range:
-        //
-        // -FIELD_MODULUS / 2 < r <= FIELD_MODULUS / 2.
-        //
-        // So if the coefficient is negative, get its absolute value, but
-        // don't convert it into a different representation.
-        let sign = coefficient >> 31;
-        let normalized = coefficient - (sign & (2 * coefficient));
-
-        exceeds = exceeds || normalized >= bound;
+    cloop! {
+        for coefficient in simd_unit.coefficients.into_iter() {
+            debug_assert!(coefficient > -FIELD_MODULUS && coefficient < FIELD_MODULUS);
+            // This norm is calculated using the absolute value of the
+            // signed representative in the range:
+            //
+            // -FIELD_MODULUS / 2 < r <= FIELD_MODULUS / 2.
+            //
+            // So if the coefficient is negative, get its absolute value, but
+            // don't convert it into a different representation.
+            let sign = coefficient >> 31;
+            let normalized = coefficient - (sign & (2 * coefficient));
+
+            exceeds = exceeds || normalized >= bound;
+        }
     }
 
     exceeds
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
index bc27ff3a3..4013a5152 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
@@ -1,3 +1,5 @@
+use crate::helper::cloop;
+
 use super::super::vector_type::{PortableSIMDUnit, ZERO};
 
 #[inline(always)]
@@ -23,11 +25,13 @@ fn serialize_when_eta_is_2(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
 fn serialize_when_eta_is_4(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const ETA: i32 = 4;
 
-    for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
-        let coefficient0 = (ETA - coefficients[0]) as u8;
-        let coefficient1 = (ETA - coefficients[1]) as u8;
+    cloop! {
+        for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
+            let coefficient0 = (ETA - coefficients[0]) as u8;
+            let coefficient1 = (ETA - coefficients[1]) as u8;
 
-        serialized[i] = (coefficient1 << 4) | coefficient0;
+            serialized[i] = (coefficient1 << 4) | coefficient0;
+        }
     }
 }
 
@@ -62,6 +66,7 @@ fn deserialize_when_eta_is_2(serialized: &[u8]) -> PortableSIMDUnit {
 
     simd_unit
 }
+
 #[inline(always)]
 fn deserialize_when_eta_is_4(serialized: &[u8]) -> PortableSIMDUnit {
     debug_assert!(serialized.len() == 4);
@@ -69,9 +74,11 @@ fn deserialize_when_eta_is_4(serialized: &[u8]) -> PortableSIMDUnit {
     let mut simd_unit = ZERO();
     const ETA: i32 = 4;
 
-    for (i, byte) in serialized.iter().enumerate() {
-        simd_unit.coefficients[2 * i] = ETA - ((byte & 0xF) as i32);
-        simd_unit.coefficients[2 * i + 1] = ETA - ((byte >> 4) as i32);
+    cloop! {
+        for (i, byte) in serialized.iter().enumerate() {
+            simd_unit.coefficients[2 * i] = ETA - ((byte & 0xF) as i32);
+            simd_unit.coefficients[2 * i + 1] = ETA - ((byte >> 4) as i32);
+        }
     }
 
     simd_unit
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
index 33a4e864a..1976639f8 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
@@ -1,33 +1,37 @@
+use crate::helper::cloop;
+
 use super::super::vector_type::{PortableSIMDUnit, ZERO};
 
 #[inline(always)]
 fn serialize_when_gamma1_is_2_pow_17(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const GAMMA1: i32 = 1 << 17;
 
-    for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
-        let coefficient0 = GAMMA1 - coefficients[0];
-        let coefficient1 = GAMMA1 - coefficients[1];
-        let coefficient2 = GAMMA1 - coefficients[2];
-        let coefficient3 = GAMMA1 - coefficients[3];
+    cloop! {
+        for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
+            let coefficient0 = GAMMA1 - coefficients[0];
+            let coefficient1 = GAMMA1 - coefficients[1];
+            let coefficient2 = GAMMA1 - coefficients[2];
+            let coefficient3 = GAMMA1 - coefficients[3];
 
-        serialized[9 * i] = coefficient0 as u8;
-        serialized[9 * i + 1] = (coefficient0 >> 8) as u8;
+            serialized[9 * i] = coefficient0 as u8;
+            serialized[9 * i + 1] = (coefficient0 >> 8) as u8;
 
-        serialized[9 * i + 2] = (coefficient0 >> 16) as u8;
-        serialized[9 * i + 2] |= (coefficient1 << 2) as u8;
+            serialized[9 * i + 2] = (coefficient0 >> 16) as u8;
+            serialized[9 * i + 2] |= (coefficient1 << 2) as u8;
 
-        serialized[9 * i + 3] = (coefficient1 >> 6) as u8;
+            serialized[9 * i + 3] = (coefficient1 >> 6) as u8;
 
-        serialized[9 * i + 4] = (coefficient1 >> 14) as u8;
-        serialized[9 * i + 4] |= (coefficient2 << 4) as u8;
+            serialized[9 * i + 4] = (coefficient1 >> 14) as u8;
+            serialized[9 * i + 4] |= (coefficient2 << 4) as u8;
 
-        serialized[9 * i + 5] = (coefficient2 >> 4) as u8;
+            serialized[9 * i + 5] = (coefficient2 >> 4) as u8;
 
-        serialized[9 * i + 6] = (coefficient2 >> 12) as u8;
-        serialized[9 * i + 6] |= (coefficient3 << 6) as u8;
+            serialized[9 * i + 6] = (coefficient2 >> 12) as u8;
+            serialized[9 * i + 6] |= (coefficient3 << 6) as u8;
 
-        serialized[9 * i + 7] = (coefficient3 >> 2) as u8;
-        serialized[9 * i + 8] = (coefficient3 >> 10) as u8;
+            serialized[9 * i + 7] = (coefficient3 >> 2) as u8;
+            serialized[9 * i + 8] = (coefficient3 >> 10) as u8;
+        }
     }
 }
 
@@ -35,20 +39,23 @@ fn serialize_when_gamma1_is_2_pow_17(simd_unit: PortableSIMDUnit, serialized: &m
 fn serialize_when_gamma1_is_2_pow_19(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
     const GAMMA1: i32 = 1 << 19;
 
-    for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
-        let coefficient0 = GAMMA1 - coefficients[0];
-        let coefficient1 = GAMMA1 - coefficients[1];
+    cloop! {
+        for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
+            let coefficient0 = GAMMA1 - coefficients[0];
+            let coefficient1 = GAMMA1 - coefficients[1];
 
-        serialized[5 * i] = coefficient0 as u8;
-        serialized[5 * i + 1] = (coefficient0 >> 8) as u8;
+            serialized[5 * i] = coefficient0 as u8;
+            serialized[5 * i + 1] = (coefficient0 >> 8) as u8;
 
-        serialized[5 * i + 2] = (coefficient0 >> 16) as u8;
-        serialized[5 * i + 2] |= (coefficient1 << 4) as u8;
+            serialized[5 * i + 2] = (coefficient0 >> 16) as u8;
+            serialized[5 * i + 2] |= (coefficient1 << 4) as u8;
 
-        serialized[5 * i + 3] = (coefficient1 >> 4) as u8;
-        serialized[5 * i + 4] = (coefficient1 >> 12) as u8;
+            serialized[5 * i + 3] = (coefficient1 >> 4) as u8;
+            serialized[5 * i + 4] = (coefficient1 >> 12) as u8;
+        }
     }
 }
+
 #[inline(always)]
 pub(crate) fn serialize<const GAMMA1_EXPONENT: usize>(
     simd_unit: PortableSIMDUnit,
@@ -72,35 +79,38 @@ fn deserialize_when_gamma1_is_2_pow_17(serialized: &[u8]) -> PortableSIMDUnit {
 
     let mut simd_unit = ZERO();
 
-    for (i, bytes) in serialized.chunks_exact(9).enumerate() {
-        let mut coefficient0 = bytes[0] as i32;
-        coefficient0 |= (bytes[1] as i32) << 8;
-        coefficient0 |= (bytes[2] as i32) << 16;
-        coefficient0 &= GAMMA1_TIMES_2_BITMASK;
-
-        let mut coefficient1 = (bytes[2] as i32) >> 2;
-        coefficient1 |= (bytes[3] as i32) << 6;
-        coefficient1 |= (bytes[4] as i32) << 14;
-        coefficient1 &= GAMMA1_TIMES_2_BITMASK;
-
-        let mut coefficient2 = (bytes[4] as i32) >> 4;
-        coefficient2 |= (bytes[5] as i32) << 4;
-        coefficient2 |= (bytes[6] as i32) << 12;
-        coefficient2 &= GAMMA1_TIMES_2_BITMASK;
-
-        let mut coefficient3 = (bytes[6] as i32) >> 6;
-        coefficient3 |= (bytes[7] as i32) << 2;
-        coefficient3 |= (bytes[8] as i32) << 10;
-        coefficient3 &= GAMMA1_TIMES_2_BITMASK;
-
-        simd_unit.coefficients[4 * i] = GAMMA1 - coefficient0;
-        simd_unit.coefficients[4 * i + 1] = GAMMA1 - coefficient1;
-        simd_unit.coefficients[4 * i + 2] = GAMMA1 - coefficient2;
-        simd_unit.coefficients[4 * i + 3] = GAMMA1 - coefficient3;
+    cloop! {
+        for (i, bytes) in serialized.chunks_exact(9).enumerate() {
+            let mut coefficient0 = bytes[0] as i32;
+            coefficient0 |= (bytes[1] as i32) << 8;
+            coefficient0 |= (bytes[2] as i32) << 16;
+            coefficient0 &= GAMMA1_TIMES_2_BITMASK;
+
+            let mut coefficient1 = (bytes[2] as i32) >> 2;
+            coefficient1 |= (bytes[3] as i32) << 6;
+            coefficient1 |= (bytes[4] as i32) << 14;
+            coefficient1 &= GAMMA1_TIMES_2_BITMASK;
+
+            let mut coefficient2 = (bytes[4] as i32) >> 4;
+            coefficient2 |= (bytes[5] as i32) << 4;
+            coefficient2 |= (bytes[6] as i32) << 12;
+            coefficient2 &= GAMMA1_TIMES_2_BITMASK;
+
+            let mut coefficient3 = (bytes[6] as i32) >> 6;
+            coefficient3 |= (bytes[7] as i32) << 2;
+            coefficient3 |= (bytes[8] as i32) << 10;
+            coefficient3 &= GAMMA1_TIMES_2_BITMASK;
+
+            simd_unit.coefficients[4 * i] = GAMMA1 - coefficient0;
+            simd_unit.coefficients[4 * i + 1] = GAMMA1 - coefficient1;
+            simd_unit.coefficients[4 * i + 2] = GAMMA1 - coefficient2;
+            simd_unit.coefficients[4 * i + 3] = GAMMA1 - coefficient3;
+        }
     }
 
     simd_unit
 }
+
 #[inline(always)]
 fn deserialize_when_gamma1_is_2_pow_19(serialized: &[u8]) -> PortableSIMDUnit {
     // Each set of 5 bytes deserializes to 2 elements, and since each PortableSIMDUnit
@@ -112,18 +122,20 @@ fn deserialize_when_gamma1_is_2_pow_19(serialized: &[u8]) -> PortableSIMDUnit {
 
     let mut simd_unit = ZERO();
 
-    for (i, bytes) in serialized.chunks_exact(5).enumerate() {
-        let mut coefficient0 = bytes[0] as i32;
-        coefficient0 |= (bytes[1] as i32) << 8;
-        coefficient0 |= (bytes[2] as i32) << 16;
-        coefficient0 &= GAMMA1_TIMES_2_BITMASK;
+    cloop! {
+        for (i, bytes) in serialized.chunks_exact(5).enumerate() {
+            let mut coefficient0 = bytes[0] as i32;
+            coefficient0 |= (bytes[1] as i32) << 8;
+            coefficient0 |= (bytes[2] as i32) << 16;
+            coefficient0 &= GAMMA1_TIMES_2_BITMASK;
 
-        let mut coefficient1 = (bytes[2] as i32) >> 4;
-        coefficient1 |= (bytes[3] as i32) << 4;
-        coefficient1 |= (bytes[4] as i32) << 12;
+            let mut coefficient1 = (bytes[2] as i32) >> 4;
+            coefficient1 |= (bytes[3] as i32) << 4;
+            coefficient1 |= (bytes[4] as i32) << 12;
 
-        simd_unit.coefficients[2 * i] = GAMMA1 - coefficient0;
-        simd_unit.coefficients[2 * i + 1] = GAMMA1 - coefficient1;
+            simd_unit.coefficients[2 * i] = GAMMA1 - coefficient0;
+            simd_unit.coefficients[2 * i + 1] = GAMMA1 - coefficient1;
+        }
     }
 
     simd_unit
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/t1.rs b/libcrux-ml-dsa/src/simd/portable/encoding/t1.rs
index c0fc9de40..5e39a338c 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/t1.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/t1.rs
@@ -1,4 +1,4 @@
-use crate::constants::BITS_IN_UPPER_PART_OF_T;
+use crate::{constants::BITS_IN_UPPER_PART_OF_T, helper::cloop};
 
 use super::super::vector_type::{PortableSIMDUnit, ZERO};
 
@@ -6,15 +6,17 @@ use super::super::vector_type::{PortableSIMDUnit, ZERO};
 pub fn serialize(simd_unit: PortableSIMDUnit) -> [u8; 10] {
     let mut serialized = [0u8; 10];
 
-    for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
-        serialized[5 * i] = (coefficients[0] & 0xFF) as u8;
-        serialized[5 * i + 1] =
-            ((coefficients[1] & 0x3F) as u8) << 2 | ((coefficients[0] >> 8) & 0x03) as u8;
-        serialized[5 * i + 2] =
-            ((coefficients[2] & 0x0F) as u8) << 4 | ((coefficients[1] >> 6) & 0x0F) as u8;
-        serialized[5 * i + 3] =
-            ((coefficients[3] & 0x03) as u8) << 6 | ((coefficients[2] >> 4) & 0x3F) as u8;
-        serialized[5 * i + 4] = ((coefficients[3] >> 2) & 0xFF) as u8;
+    cloop! {
+        for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
+            serialized[5 * i] = (coefficients[0] & 0xFF) as u8;
+            serialized[5 * i + 1] =
+                ((coefficients[1] & 0x3F) as u8) << 2 | ((coefficients[0] >> 8) & 0x03) as u8;
+            serialized[5 * i + 2] =
+                ((coefficients[2] & 0x0F) as u8) << 4 | ((coefficients[1] >> 6) & 0x0F) as u8;
+            serialized[5 * i + 3] =
+                ((coefficients[3] & 0x03) as u8) << 6 | ((coefficients[2] >> 4) & 0x3F) as u8;
+            serialized[5 * i + 4] = ((coefficients[3] >> 2) & 0xFF) as u8;
+        }
     }
 
     serialized
@@ -27,17 +29,19 @@ pub fn deserialize(serialized: &[u8]) -> PortableSIMDUnit {
     let mut simd_unit = ZERO();
     let mask = (1 << BITS_IN_UPPER_PART_OF_T) - 1;
 
-    for (i, bytes) in serialized.chunks_exact(5).enumerate() {
-        let byte0 = bytes[0] as i32;
-        let byte1 = bytes[1] as i32;
-        let byte2 = bytes[2] as i32;
-        let byte3 = bytes[3] as i32;
-        let byte4 = bytes[4] as i32;
-
-        simd_unit.coefficients[4 * i] = (byte0 | (byte1 << 8)) & mask;
-        simd_unit.coefficients[4 * i + 1] = ((byte1 >> 2) | (byte2 << 6)) & mask;
-        simd_unit.coefficients[4 * i + 2] = ((byte2 >> 4) | (byte3 << 4)) & mask;
-        simd_unit.coefficients[4 * i + 3] = ((byte3 >> 6) | (byte4 << 2)) & mask;
+    cloop! {
+        for (i, bytes) in serialized.chunks_exact(5).enumerate() {
+            let byte0 = bytes[0] as i32;
+            let byte1 = bytes[1] as i32;
+            let byte2 = bytes[2] as i32;
+            let byte3 = bytes[3] as i32;
+            let byte4 = bytes[4] as i32;
+
+            simd_unit.coefficients[4 * i] = (byte0 | (byte1 << 8)) & mask;
+            simd_unit.coefficients[4 * i + 1] = ((byte1 >> 2) | (byte2 << 6)) & mask;
+            simd_unit.coefficients[4 * i + 2] = ((byte2 >> 4) | (byte3 << 4)) & mask;
+            simd_unit.coefficients[4 * i + 3] = ((byte3 >> 6) | (byte4 << 2)) & mask;
+        }
     }
 
     simd_unit

From 3485de7beb6c6fa80145fb882a9cf31239121714 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Sat, 7 Dec 2024 07:01:02 +0000
Subject: [PATCH 081/142] more loop cleanups

---
 libcrux-ml-dsa/src/encoding/commitment.rs     | 56 +++++--------------
 libcrux-ml-dsa/src/simd/avx2.rs               |  4 +-
 .../src/simd/avx2/encoding/commitment.rs      |  8 +--
 libcrux-ml-dsa/src/simd/portable.rs           |  4 +-
 .../src/simd/portable/encoding/commitment.rs  | 42 +++++++-------
 libcrux-ml-dsa/src/simd/traits.rs             |  2 +-
 6 files changed, 45 insertions(+), 71 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/commitment.rs b/libcrux-ml-dsa/src/encoding/commitment.rs
index ecb4d48ba..169c75654 100644
--- a/libcrux-ml-dsa/src/encoding/commitment.rs
+++ b/libcrux-ml-dsa/src/encoding/commitment.rs
@@ -1,45 +1,16 @@
 use crate::{helper::cloop, polynomial::PolynomialRingElement, simd::traits::Operations};
 
 #[inline(always)]
-fn serialize<SIMDUnit: Operations, const OUTPUT_SIZE: usize>(
-    re: PolynomialRingElement<SIMDUnit>,
-) -> [u8; OUTPUT_SIZE] {
-    let mut serialized = [0u8; OUTPUT_SIZE];
-
-    match OUTPUT_SIZE as u8 {
-        128 => {
-            // The commitment has coefficients in [0,15] => each coefficient occupies
-            // 4 bits. Each SIMD unit contains 8 elements, which means each
-            // SIMD unit will serialize to (8 * 4) / 8 = 4 bytes.
-            const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 4;
-
-            for (i, simd_unit) in re.simd_units.iter().enumerate() {
-                serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-                    .copy_from_slice(
-                        &SIMDUnit::commitment_serialize::<OUTPUT_BYTES_PER_SIMD_UNIT>(*simd_unit),
-                    );
-            }
-
-            serialized
-        }
-
-        192 => {
-            // The commitment has coefficients in [0,15] => each coefficient occupies
-            // 6 bits. Each SIMD unit contains 8 elements, which means each
-            // SIMD unit will serialize to (8 * 6) / 8 = 6 bytes.
-            const OUTPUT_BYTES_PER_SIMD_UNIT: usize = 6;
-
-            for (i, simd_unit) in re.simd_units.iter().enumerate() {
-                serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT]
-                    .copy_from_slice(
-                        &SIMDUnit::commitment_serialize::<OUTPUT_BYTES_PER_SIMD_UNIT>(*simd_unit),
-                    );
-            }
+fn serialize<SIMDUnit: Operations>(re: PolynomialRingElement<SIMDUnit>, serialized: &mut [u8]) {
+    let output_bytes_per_simd_unit = serialized.len() / (8 * 4);
 
-            serialized
+    cloop! {
+        for (i, simd_unit) in re.simd_units.iter().enumerate() {
+            SIMDUnit::commitment_serialize(
+                *simd_unit,
+                &mut serialized[i * output_bytes_per_simd_unit..(i + 1) * output_bytes_per_simd_unit],
+            );
         }
-
-        _ => unreachable!(),
     }
 }
 
@@ -57,8 +28,7 @@ pub(crate) fn serialize_vector<
 
     cloop! {
         for ring_element in vector.iter() {
-            serialized[offset..offset + RING_ELEMENT_SIZE]
-                .copy_from_slice(&serialize::<SIMDUnit, RING_ELEMENT_SIZE>(*ring_element));
+            serialize::<SIMDUnit>(*ring_element, &mut serialized[offset..offset + RING_ELEMENT_SIZE]);
             offset += RING_ELEMENT_SIZE;
         }
     }
@@ -107,7 +77,9 @@ mod tests {
             149,
         ];
 
-        assert_eq!(serialize::<SIMDUnit, 192>(re), serialized);
+        let mut result = [0u8; 192];
+        serialize::<SIMDUnit>(re, &mut result);
+        assert_eq!(result, serialized);
 
         // Test serialization when LOW_ORDER_ROUNDING_RANGE = 261,888
         let coefficients = [
@@ -134,7 +106,9 @@ mod tests {
             64, 117, 190, 98, 179, 38, 80, 88, 89, 9, 34, 243, 128, 219, 98, 11,
         ];
 
-        assert_eq!(serialize::<SIMDUnit, 128>(re), serialized);
+        let mut result = [0u8; 128];
+        serialize::<SIMDUnit>(re, &mut result);
+        assert_eq!(result, serialized);
     }
 
     #[cfg(not(feature = "simd256"))]
diff --git a/libcrux-ml-dsa/src/simd/avx2.rs b/libcrux-ml-dsa/src/simd/avx2.rs
index 0142a7597..d337bab1a 100644
--- a/libcrux-ml-dsa/src/simd/avx2.rs
+++ b/libcrux-ml-dsa/src/simd/avx2.rs
@@ -95,8 +95,8 @@ impl Operations for AVX2SIMDUnit {
     }
 
     #[inline(always)]
-    fn commitment_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE] {
-        encoding::commitment::serialize::<OUTPUT_SIZE>(simd_unit.coefficients)
+    fn commitment_serialize(simd_unit: Self, serialized: &mut [u8]) {
+        encoding::commitment::serialize(simd_unit.coefficients, serialized)
     }
 
     #[inline(always)]
diff --git a/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs b/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs
index c8a3e40a1..de6f45d6e 100644
--- a/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs
+++ b/libcrux-ml-dsa/src/simd/avx2/encoding/commitment.rs
@@ -1,10 +1,10 @@
 use libcrux_intrinsics::avx2::*;
 
 #[inline(always)]
-pub fn serialize<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZE] {
+pub(in crate::simd::avx2) fn serialize(simd_unit: Vec256, out: &mut [u8]) {
     let mut serialized = [0u8; 19];
 
-    match OUTPUT_SIZE as u8 {
+    match out.len() as u8 {
         4 => {
             let adjacent_2_combined =
                 mm256_sllv_epi32(simd_unit, mm256_set_epi32(0, 28, 0, 28, 0, 28, 0, 28));
@@ -25,7 +25,7 @@ pub fn serialize<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZ
 
             mm_storeu_bytes_si128(&mut serialized[0..16], adjacent_4_combined);
 
-            serialized[0..4].try_into().unwrap()
+            out.copy_from_slice(&serialized[0..4]);
         }
 
         6 => {
@@ -56,7 +56,7 @@ pub fn serialize<const OUTPUT_SIZE: usize>(simd_unit: Vec256) -> [u8; OUTPUT_SIZ
             let upper_3 = mm256_extracti128_si256::<1>(adjacent_3_combined);
             mm_storeu_bytes_si128(&mut serialized[3..19], upper_3);
 
-            serialized[0..6].try_into().unwrap()
+            out.copy_from_slice(&serialized[0..6]);
         }
 
         _ => unreachable!(),
diff --git a/libcrux-ml-dsa/src/simd/portable.rs b/libcrux-ml-dsa/src/simd/portable.rs
index 6478ac271..fff2c9b98 100644
--- a/libcrux-ml-dsa/src/simd/portable.rs
+++ b/libcrux-ml-dsa/src/simd/portable.rs
@@ -76,8 +76,8 @@ impl Operations for PortableSIMDUnit {
         encoding::gamma1::deserialize::<GAMMA1_EXPONENT>(serialized)
     }
 
-    fn commitment_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE] {
-        encoding::commitment::serialize(simd_unit)
+    fn commitment_serialize(simd_unit: Self, serialized: &mut [u8]) {
+        encoding::commitment::serialize(simd_unit, serialized)
     }
 
     fn error_serialize<const ETA: usize>(simd_unit: Self, serialized: &mut [u8]) {
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs b/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs
index 6ffafe423..7265d973f 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs
@@ -1,38 +1,38 @@
+use crate::helper::cloop;
+
 use super::super::vector_type::PortableSIMDUnit;
 
 #[inline(always)]
-pub fn serialize<const OUTPUT_SIZE: usize>(simd_unit: PortableSIMDUnit) -> [u8; OUTPUT_SIZE] {
-    let mut serialized = [0u8; OUTPUT_SIZE];
-
-    match OUTPUT_SIZE as u8 {
+pub fn serialize(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
+    match serialized.len() as u8 {
         4 => {
             // The commitment has coefficients in [0,15] => each coefficient occupies
             // 4 bits.
-            for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
-                let coefficient0 = coefficients[0] as u8;
-                let coefficient1 = coefficients[1] as u8;
+            cloop! {
+                for (i, coefficients) in simd_unit.coefficients.chunks_exact(2).enumerate() {
+                    let coefficient0 = coefficients[0] as u8;
+                    let coefficient1 = coefficients[1] as u8;
 
-                serialized[i] = (coefficient1 << 4) | coefficient0;
+                    serialized[i] = (coefficient1 << 4) | coefficient0;
+                }
             }
-
-            serialized
         }
 
         6 => {
             // The commitment has coefficients in [0,43] => each coefficient occupies
             // 6 bits.
-            for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
-                let coefficient0 = coefficients[0] as u8;
-                let coefficient1 = coefficients[1] as u8;
-                let coefficient2 = coefficients[2] as u8;
-                let coefficient3 = coefficients[3] as u8;
-
-                serialized[3 * i] = (coefficient1 << 6) | coefficient0;
-                serialized[3 * i + 1] = (coefficient2 << 4) | coefficient1 >> 2;
-                serialized[3 * i + 2] = (coefficient3 << 2) | coefficient2 >> 4;
+            cloop! {
+                for (i, coefficients) in simd_unit.coefficients.chunks_exact(4).enumerate() {
+                    let coefficient0 = coefficients[0] as u8;
+                    let coefficient1 = coefficients[1] as u8;
+                    let coefficient2 = coefficients[2] as u8;
+                    let coefficient3 = coefficients[3] as u8;
+
+                    serialized[3 * i] = (coefficient1 << 6) | coefficient0;
+                    serialized[3 * i + 1] = (coefficient2 << 4) | coefficient1 >> 2;
+                    serialized[3 * i + 2] = (coefficient3 << 2) | coefficient2 >> 4;
+                }
             }
-
-            serialized
         }
 
         _ => unreachable!(),
diff --git a/libcrux-ml-dsa/src/simd/traits.rs b/libcrux-ml-dsa/src/simd/traits.rs
index 38b7bf3d4..30505cedb 100644
--- a/libcrux-ml-dsa/src/simd/traits.rs
+++ b/libcrux-ml-dsa/src/simd/traits.rs
@@ -57,7 +57,7 @@ pub(crate) trait Operations: Copy + Clone {
     fn gamma1_deserialize<const GAMMA1_EXPONENT: usize>(serialized: &[u8]) -> Self;
 
     // Commitment
-    fn commitment_serialize<const OUTPUT_SIZE: usize>(simd_unit: Self) -> [u8; OUTPUT_SIZE];
+    fn commitment_serialize(simd_unit: Self, serialized: &mut [u8]);
 
     // Error
     fn error_serialize<const ETA: usize>(simd_unit: Self, serialized: &mut [u8]);

From 5686e51625fd092f7954b98668be4f9f3e3f0143 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Sat, 7 Dec 2024 10:32:10 +0000
Subject: [PATCH 082/142] more cleanup for hax/eurydice

---
 libcrux-ml-dsa/src/matrix.rs         | 30 ++++++-----
 libcrux-ml-dsa/src/ml_dsa_generic.rs | 80 ++++++++++++++--------------
 2 files changed, 58 insertions(+), 52 deletions(-)

diff --git a/libcrux-ml-dsa/src/matrix.rs b/libcrux-ml-dsa/src/matrix.rs
index a981c4860..e5ed49f05 100644
--- a/libcrux-ml-dsa/src/matrix.rs
+++ b/libcrux-ml-dsa/src/matrix.rs
@@ -125,21 +125,25 @@ pub(crate) fn compute_w_approx<
 ) -> [PolynomialRingElement<SIMDUnit>; ROWS_IN_A] {
     let mut result = [PolynomialRingElement::<SIMDUnit>::ZERO(); ROWS_IN_A];
 
-    for (i, row) in A_as_ntt.iter().enumerate() {
-        for (j, ring_element) in row.iter().enumerate() {
-            let product = ntt_multiply_montgomery(&ring_element, &ntt(signer_response[j]));
+    cloop! {
+        for (i, row) in A_as_ntt.iter().enumerate() {
+            cloop! {
+                for (j, ring_element) in row.iter().enumerate() {
+                    let product = ntt_multiply_montgomery(&ring_element, &ntt(signer_response[j]));
 
-            result[i] = PolynomialRingElement::<SIMDUnit>::add(&result[i], &product);
-        }
+                    result[i] = PolynomialRingElement::<SIMDUnit>::add(&result[i], &product);
+                }
+            }
 
-        let t1_shifted =
-            shift_left_then_reduce::<SIMDUnit, { BITS_IN_LOWER_PART_OF_T as i32 }>(t1[i]);
-        let challenge_times_t1_shifted =
-            ntt_multiply_montgomery(&verifier_challenge_as_ntt, &ntt(t1_shifted));
-        result[i] = invert_ntt_montgomery(PolynomialRingElement::<SIMDUnit>::subtract(
-            &result[i],
-            &challenge_times_t1_shifted,
-        ));
+            let t1_shifted =
+                shift_left_then_reduce::<SIMDUnit, { BITS_IN_LOWER_PART_OF_T as i32 }>(t1[i]);
+            let challenge_times_t1_shifted =
+                ntt_multiply_montgomery(&verifier_challenge_as_ntt, &ntt(t1_shifted));
+            result[i] = invert_ntt_montgomery(PolynomialRingElement::<SIMDUnit>::subtract(
+                &result[i],
+                &challenge_times_t1_shifted,
+            ));
+        }
     }
 
     result
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index e76a816be..9dad8ee1f 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -352,53 +352,55 @@ pub(crate) fn sign_internal<
             signer_response_candidate,
             (1 << GAMMA1_EXPONENT) - BETA,
         ) {
-        } else {
-            if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(
-                w0_minus_challenge_times_s2,
-                GAMMA2 - BETA,
-            ) {
-            } else {
-                let challenge_times_t0 = vector_times_ring_element::<SIMDUnit, ROWS_IN_A>(
-                    &t0_as_ntt,
-                    &verifier_challenge_as_ntt,
-                );
-                if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(challenge_times_t0, GAMMA2) {
-                } else {
-                    let w0_minus_c_times_s2_plus_c_times_t0 = add_vectors::<SIMDUnit, ROWS_IN_A>(
-                        &w0_minus_challenge_times_s2,
-                        &challenge_times_t0,
-                    );
-                    let (hint_candidate, ones_in_hint) = make_hint::<SIMDUnit, ROWS_IN_A, GAMMA2>(
-                        w0_minus_c_times_s2_plus_c_times_t0,
-                        commitment,
-                    );
-
-                    if ones_in_hint > MAX_ONES_IN_HINT {
-                    } else {
-                        attempt = REJECTION_SAMPLE_BOUND_SIGN; // exit loop now
-                        commitment_hash = Some(commitment_hash_candidate);
-                        signer_response = Some(signer_response_candidate);
-                        hint = Some(hint_candidate);
-                    }
-                }
-            }
+            continue;
+        }
+
+        if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(
+            w0_minus_challenge_times_s2,
+            GAMMA2 - BETA,
+        ) {
+            continue;
+        }
+
+        let challenge_times_t0 = vector_times_ring_element::<SIMDUnit, ROWS_IN_A>(
+            &t0_as_ntt,
+            &verifier_challenge_as_ntt,
+        );
+        if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(challenge_times_t0, GAMMA2) {
+            continue;
         }
+
+        let w0_minus_c_times_s2_plus_c_times_t0 =
+            add_vectors::<SIMDUnit, ROWS_IN_A>(&w0_minus_challenge_times_s2, &challenge_times_t0);
+        let (hint_candidate, ones_in_hint) = make_hint::<SIMDUnit, ROWS_IN_A, GAMMA2>(
+            w0_minus_c_times_s2_plus_c_times_t0,
+            commitment,
+        );
+
+        if ones_in_hint > MAX_ONES_IN_HINT {
+            continue;
+        }
+
+        attempt = REJECTION_SAMPLE_BOUND_SIGN; // exit loop now
+        commitment_hash = Some(commitment_hash_candidate);
+        signer_response = Some(signer_response_candidate);
+        hint = Some(hint_candidate);
     }
 
     let commitment_hash = match commitment_hash {
-        Some(commitment_hash) => Ok(commitment_hash),
-        None => Err(SigningError::RejectionSamplingError),
-    }?;
+        Some(commitment_hash) => commitment_hash,
+        None => return Err(SigningError::RejectionSamplingError),
+    };
 
     let signer_response = match signer_response {
-        Some(signer_response) => Ok(signer_response),
-        None => Err(SigningError::RejectionSamplingError),
-    }?;
+        Some(signer_response) => signer_response,
+        None => return Err(SigningError::RejectionSamplingError),
+    };
 
     let hint = match hint {
-        Some(hint) => Ok(hint),
-        None => Err(SigningError::RejectionSamplingError),
-    }?;
+        Some(hint) => hint,
+        None => return Err(SigningError::RejectionSamplingError),
+    };
 
     let signature = Signature::<SIMDUnit, COMMITMENT_HASH_SIZE, COLUMNS_IN_A, ROWS_IN_A> {
         commitment_hash,

From d0dff3082f14c43ac616a8b8ee220eecfb6a050f Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Sat, 7 Dec 2024 10:41:03 +0000
Subject: [PATCH 083/142] extracting portable without eurydice failures

---
 libcrux-ml-dsa/src/encoding/t0.rs |  8 +++++---
 libcrux-ml-dsa/src/matrix.rs      | 24 +++++++++++++++---------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/t0.rs b/libcrux-ml-dsa/src/encoding/t0.rs
index aec3c11c0..f59186d10 100644
--- a/libcrux-ml-dsa/src/encoding/t0.rs
+++ b/libcrux-ml-dsa/src/encoding/t0.rs
@@ -41,9 +41,11 @@ pub(crate) fn deserialize_to_vector_then_ntt<SIMDUnit: Operations, const DIMENSI
 ) -> [PolynomialRingElement<SIMDUnit>; DIMENSION] {
     let mut ring_elements = [PolynomialRingElement::<SIMDUnit>::ZERO(); DIMENSION];
 
-    for (i, bytes) in serialized.chunks(RING_ELEMENT_OF_T0S_SIZE).enumerate() {
-        deserialize::<SIMDUnit>(bytes, &mut ring_elements[i]);
-        ring_elements[i] = ntt(ring_elements[i]);
+    cloop! {
+        for (i, bytes) in serialized.chunks_exact(RING_ELEMENT_OF_T0S_SIZE).enumerate() {
+            deserialize::<SIMDUnit>(bytes, &mut ring_elements[i]);
+            ring_elements[i] = ntt(ring_elements[i]);
+        }
     }
 
     ring_elements
diff --git a/libcrux-ml-dsa/src/matrix.rs b/libcrux-ml-dsa/src/matrix.rs
index e5ed49f05..83c00fa0e 100644
--- a/libcrux-ml-dsa/src/matrix.rs
+++ b/libcrux-ml-dsa/src/matrix.rs
@@ -52,13 +52,17 @@ pub(crate) fn compute_A_times_mask<
 ) -> [PolynomialRingElement<SIMDUnit>; ROWS_IN_A] {
     let mut result = [PolynomialRingElement::<SIMDUnit>::ZERO(); ROWS_IN_A];
 
-    for (i, row) in A_as_ntt.iter().enumerate() {
-        for (j, ring_element) in row.iter().enumerate() {
-            let product = ntt_multiply_montgomery(&ring_element, &ntt(mask[j]));
-            result[i] = PolynomialRingElement::<SIMDUnit>::add(&result[i], &product);
-        }
+    cloop! {
+        for (i, row) in A_as_ntt.iter().enumerate() {
+            cloop! {
+                for (j, ring_element) in row.iter().enumerate() {
+                    let product = ntt_multiply_montgomery(&ring_element, &ntt(mask[j]));
+                    result[i] = PolynomialRingElement::<SIMDUnit>::add(&result[i], &product);
+                }
+            }
 
-        result[i] = invert_ntt_montgomery(result[i]);
+            result[i] = invert_ntt_montgomery(result[i]);
+        }
     }
 
     result
@@ -72,9 +76,11 @@ pub(crate) fn vector_times_ring_element<SIMDUnit: Operations, const DIMENSION: u
 ) -> [PolynomialRingElement<SIMDUnit>; DIMENSION] {
     let mut result = [PolynomialRingElement::<SIMDUnit>::ZERO(); DIMENSION];
 
-    for (i, vector_ring_element) in vector.iter().enumerate() {
-        result[i] =
-            invert_ntt_montgomery(ntt_multiply_montgomery(vector_ring_element, ring_element));
+    cloop! {
+        for (i, vector_ring_element) in vector.iter().enumerate() {
+            result[i] =
+                invert_ntt_montgomery(ntt_multiply_montgomery(vector_ring_element, ring_element));
+        }
     }
 
     result

From d4b51bcb3af12fb1358ed37830e33cbd72d31590 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Sat, 7 Dec 2024 12:51:15 +0000
Subject: [PATCH 084/142] fixes for hax

---
 libcrux-ml-dsa/src/encoding/commitment.rs     |  1 +
 libcrux-ml-dsa/src/encoding/error.rs          |  2 +
 libcrux-ml-dsa/src/encoding/gamma1.rs         |  2 +
 libcrux-ml-dsa/src/encoding/t0.rs             |  2 +
 libcrux-ml-dsa/src/ml_dsa_generic.rs          | 70 ++++++++++---------
 .../src/simd/portable/encoding/commitment.rs  |  2 +
 .../src/simd/portable/encoding/error.rs       |  1 +
 .../src/simd/portable/encoding/gamma1.rs      |  2 +
 8 files changed, 50 insertions(+), 32 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/commitment.rs b/libcrux-ml-dsa/src/encoding/commitment.rs
index 169c75654..c5c5580ea 100644
--- a/libcrux-ml-dsa/src/encoding/commitment.rs
+++ b/libcrux-ml-dsa/src/encoding/commitment.rs
@@ -12,6 +12,7 @@ fn serialize<SIMDUnit: Operations>(re: PolynomialRingElement<SIMDUnit>, serializ
             );
         }
     }
+    ()
 }
 
 #[inline(always)]
diff --git a/libcrux-ml-dsa/src/encoding/error.rs b/libcrux-ml-dsa/src/encoding/error.rs
index 9d62d4fec..93a6cd665 100644
--- a/libcrux-ml-dsa/src/encoding/error.rs
+++ b/libcrux-ml-dsa/src/encoding/error.rs
@@ -15,6 +15,7 @@ pub(crate) fn serialize<SIMDUnit: Operations, const ETA: usize, const OUTPUT_SIZ
                 );
         }
     }
+    ()
 }
 
 #[inline(always)]
@@ -28,6 +29,7 @@ fn deserialize<SIMDUnit: Operations, const ETA: usize>(
         result.simd_units[i] =
             SIMDUnit::error_deserialize::<ETA>(&serialized[i * chunk_size..(i + 1) * chunk_size]);
     }
+    ()
 }
 
 #[inline(always)]
diff --git a/libcrux-ml-dsa/src/encoding/gamma1.rs b/libcrux-ml-dsa/src/encoding/gamma1.rs
index 20c7e6a5b..1849b9ff7 100644
--- a/libcrux-ml-dsa/src/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/encoding/gamma1.rs
@@ -13,6 +13,7 @@ pub(crate) fn serialize<SIMDUnit: Operations, const GAMMA1_EXPONENT: usize>(
             );
         }
     }
+    ()
 }
 
 #[inline(always)]
@@ -25,6 +26,7 @@ pub(crate) fn deserialize<SIMDUnit: Operations, const GAMMA1_EXPONENT: usize>(
             &serialized[i * (GAMMA1_EXPONENT + 1)..(i + 1) * (GAMMA1_EXPONENT + 1)],
         );
     }
+    ()
 }
 
 #[cfg(test)]
diff --git a/libcrux-ml-dsa/src/encoding/t0.rs b/libcrux-ml-dsa/src/encoding/t0.rs
index f59186d10..a44cffe34 100644
--- a/libcrux-ml-dsa/src/encoding/t0.rs
+++ b/libcrux-ml-dsa/src/encoding/t0.rs
@@ -21,6 +21,7 @@ pub(crate) fn serialize<SIMDUnit: Operations>(
                 .copy_from_slice(&SIMDUnit::t0_serialize(*simd_unit));
         }
     }
+    ()
 }
 
 #[inline(always)]
@@ -33,6 +34,7 @@ fn deserialize<SIMDUnit: Operations>(
             &serialized[i * OUTPUT_BYTES_PER_SIMD_UNIT..(i + 1) * OUTPUT_BYTES_PER_SIMD_UNIT],
         );
     }
+    ()
 }
 
 #[inline(always)]
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 9dad8ee1f..c3020c87e 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -352,39 +352,45 @@ pub(crate) fn sign_internal<
             signer_response_candidate,
             (1 << GAMMA1_EXPONENT) - BETA,
         ) {
-            continue;
-        }
-
-        if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(
-            w0_minus_challenge_times_s2,
-            GAMMA2 - BETA,
-        ) {
-            continue;
-        }
-
-        let challenge_times_t0 = vector_times_ring_element::<SIMDUnit, ROWS_IN_A>(
-            &t0_as_ntt,
-            &verifier_challenge_as_ntt,
-        );
-        if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(challenge_times_t0, GAMMA2) {
-            continue;
-        }
-
-        let w0_minus_c_times_s2_plus_c_times_t0 =
-            add_vectors::<SIMDUnit, ROWS_IN_A>(&w0_minus_challenge_times_s2, &challenge_times_t0);
-        let (hint_candidate, ones_in_hint) = make_hint::<SIMDUnit, ROWS_IN_A, GAMMA2>(
-            w0_minus_c_times_s2_plus_c_times_t0,
-            commitment,
-        );
-
-        if ones_in_hint > MAX_ONES_IN_HINT {
-            continue;
+            // XXX: https://github.com/hacspec/hax/issues/1171
+            // continue;
+        } else {
+            if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(
+                w0_minus_challenge_times_s2,
+                GAMMA2 - BETA,
+            ) {
+                // XXX: https://github.com/hacspec/hax/issues/1171
+                // continue;
+            } else {
+                let challenge_times_t0 = vector_times_ring_element::<SIMDUnit, ROWS_IN_A>(
+                    &t0_as_ntt,
+                    &verifier_challenge_as_ntt,
+                );
+                if vector_infinity_norm_exceeds::<SIMDUnit, ROWS_IN_A>(challenge_times_t0, GAMMA2) {
+                    // XXX: https://github.com/hacspec/hax/issues/1171
+                    // continue;
+                } else {
+                    let w0_minus_c_times_s2_plus_c_times_t0 = add_vectors::<SIMDUnit, ROWS_IN_A>(
+                        &w0_minus_challenge_times_s2,
+                        &challenge_times_t0,
+                    );
+                    let (hint_candidate, ones_in_hint) = make_hint::<SIMDUnit, ROWS_IN_A, GAMMA2>(
+                        w0_minus_c_times_s2_plus_c_times_t0,
+                        commitment,
+                    );
+
+                    if ones_in_hint > MAX_ONES_IN_HINT {
+                        // XXX: https://github.com/hacspec/hax/issues/1171
+                        // continue;
+                    } else {
+                        attempt = REJECTION_SAMPLE_BOUND_SIGN; // exit loop now
+                        commitment_hash = Some(commitment_hash_candidate);
+                        signer_response = Some(signer_response_candidate);
+                        hint = Some(hint_candidate);
+                    }
+                }
+            }
         }
-
-        attempt = REJECTION_SAMPLE_BOUND_SIGN; // exit loop now
-        commitment_hash = Some(commitment_hash_candidate);
-        signer_response = Some(signer_response_candidate);
-        hint = Some(hint_candidate);
     }
 
     let commitment_hash = match commitment_hash {
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs b/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs
index 7265d973f..cfc65ef45 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/commitment.rs
@@ -16,6 +16,7 @@ pub fn serialize(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
                     serialized[i] = (coefficient1 << 4) | coefficient0;
                 }
             }
+            ()
         }
 
         6 => {
@@ -33,6 +34,7 @@ pub fn serialize(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
                     serialized[3 * i + 2] = (coefficient3 << 2) | coefficient2 >> 4;
                 }
             }
+            ()
         }
 
         _ => unreachable!(),
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
index 4013a5152..5e84a571a 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/error.rs
@@ -33,6 +33,7 @@ fn serialize_when_eta_is_4(simd_unit: PortableSIMDUnit, serialized: &mut [u8]) {
             serialized[i] = (coefficient1 << 4) | coefficient0;
         }
     }
+    ()
 }
 
 #[inline(always)]
diff --git a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
index 1976639f8..5cb53f344 100644
--- a/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
+++ b/libcrux-ml-dsa/src/simd/portable/encoding/gamma1.rs
@@ -33,6 +33,7 @@ fn serialize_when_gamma1_is_2_pow_17(simd_unit: PortableSIMDUnit, serialized: &m
             serialized[9 * i + 8] = (coefficient3 >> 10) as u8;
         }
     }
+    ()
 }
 
 #[inline(always)]
@@ -54,6 +55,7 @@ fn serialize_when_gamma1_is_2_pow_19(simd_unit: PortableSIMDUnit, serialized: &m
             serialized[5 * i + 4] = (coefficient1 >> 12) as u8;
         }
     }
+    ()
 }
 
 #[inline(always)]

From 523b6312be01e2df3f20b3e8472c86b46dec211c Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Sat, 7 Dec 2024 19:05:58 +0000
Subject: [PATCH 085/142] C and F* extraction

---
 libcrux-ml-dsa/src/encoding/t1.rs             | 19 ++--
 .../src/encoding/verification_key.rs          |  3 +-
 libcrux-ml-dsa/src/matrix.rs                  | 15 ++-
 libcrux-ml-dsa/src/ml_dsa_generic.rs          | 95 +++++++++----------
 libcrux-ml-dsa/src/sample.rs                  | 24 ++---
 libcrux-ml-dsa/src/simd/portable/sample.rs    | 74 ++++++++-------
 6 files changed, 120 insertions(+), 110 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/t1.rs b/libcrux-ml-dsa/src/encoding/t1.rs
index 07d3c5b72..4f72fe98b 100644
--- a/libcrux-ml-dsa/src/encoding/t1.rs
+++ b/libcrux-ml-dsa/src/encoding/t1.rs
@@ -25,16 +25,12 @@ pub(crate) fn serialize<SIMDUnit: Operations>(
 
 pub(crate) fn deserialize<SIMDUnit: Operations>(
     serialized: &[u8],
-) -> PolynomialRingElement<SIMDUnit> {
-    let mut serialized_chunks = serialized.chunks(10);
-
-    let mut result = PolynomialRingElement::ZERO();
-
+    result: &mut PolynomialRingElement<SIMDUnit>,
+) {
     for i in 0..result.simd_units.len() {
-        result.simd_units[i] = SIMDUnit::t1_deserialize(&serialized_chunks.next().unwrap());
+        result.simd_units[i] = SIMDUnit::t1_deserialize(&serialized[i * 10..(i + 1) * 10]);
     }
-
-    result
+    ()
 }
 
 #[cfg(test)]
@@ -126,10 +122,9 @@ mod tests {
             226, 479, 381, 932, 464, 451, 915, 206, 410, 402, 900,
         ];
 
-        assert_eq!(
-            deserialize::<SIMDUnit>(&serialized).to_i32_array(),
-            expected_coefficients
-        );
+        let mut deserialized = PolynomialRingElement::<SIMDUnit>::ZERO();
+        deserialize::<SIMDUnit>(&serialized, &mut deserialized);
+        assert_eq!(deserialized.to_i32_array(), expected_coefficients);
     }
 
     #[cfg(not(feature = "simd256"))]
diff --git a/libcrux-ml-dsa/src/encoding/verification_key.rs b/libcrux-ml-dsa/src/encoding/verification_key.rs
index 85dd728d5..82fe68a53 100644
--- a/libcrux-ml-dsa/src/encoding/verification_key.rs
+++ b/libcrux-ml-dsa/src/encoding/verification_key.rs
@@ -46,8 +46,9 @@ pub(crate) fn deserialize<
     let (seed_for_A, serialized_remaining) = serialized.split_at(SEED_FOR_A_SIZE);
 
     for i in 0..ROWS_IN_A {
-        t1[i] = t1::deserialize::<SIMDUnit>(
+        t1::deserialize::<SIMDUnit>(
             &serialized_remaining[i * RING_ELEMENT_OF_T1S_SIZE..(i + 1) * RING_ELEMENT_OF_T1S_SIZE],
+            &mut t1[i],
         );
     }
 
diff --git a/libcrux-ml-dsa/src/matrix.rs b/libcrux-ml-dsa/src/matrix.rs
index 83c00fa0e..fdab00401 100644
--- a/libcrux-ml-dsa/src/matrix.rs
+++ b/libcrux-ml-dsa/src/matrix.rs
@@ -51,12 +51,13 @@ pub(crate) fn compute_A_times_mask<
     mask: &[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A],
 ) -> [PolynomialRingElement<SIMDUnit>; ROWS_IN_A] {
     let mut result = [PolynomialRingElement::<SIMDUnit>::ZERO(); ROWS_IN_A];
+    let mask_ntt = mask.map(|s| ntt::<SIMDUnit>(s));
 
     cloop! {
         for (i, row) in A_as_ntt.iter().enumerate() {
             cloop! {
                 for (j, ring_element) in row.iter().enumerate() {
-                    let product = ntt_multiply_montgomery(&ring_element, &ntt(mask[j]));
+                    let product = ntt_multiply_montgomery(&ring_element, &mask_ntt[j]);
                     result[i] = PolynomialRingElement::<SIMDUnit>::add(&result[i], &product);
                 }
             }
@@ -125,17 +126,22 @@ pub(crate) fn compute_w_approx<
     const COLUMNS_IN_A: usize,
 >(
     A_as_ntt: &[[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
-    signer_response: [PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A],
+    mut signer_response: [PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A],
     verifier_challenge_as_ntt: PolynomialRingElement<SIMDUnit>,
     t1: [PolynomialRingElement<SIMDUnit>; ROWS_IN_A],
 ) -> [PolynomialRingElement<SIMDUnit>; ROWS_IN_A] {
     let mut result = [PolynomialRingElement::<SIMDUnit>::ZERO(); ROWS_IN_A];
 
+    // Move signer response into NTT
+    for i in 0..signer_response.len() {
+        signer_response[i] = ntt(signer_response[i]);
+    }
+
     cloop! {
         for (i, row) in A_as_ntt.iter().enumerate() {
             cloop! {
                 for (j, ring_element) in row.iter().enumerate() {
-                    let product = ntt_multiply_montgomery(&ring_element, &ntt(signer_response[j]));
+                    let product = ntt_multiply_montgomery(&ring_element, &signer_response[j]);
 
                     result[i] = PolynomialRingElement::<SIMDUnit>::add(&result[i], &product);
                 }
@@ -143,8 +149,9 @@ pub(crate) fn compute_w_approx<
 
             let t1_shifted =
                 shift_left_then_reduce::<SIMDUnit, { BITS_IN_LOWER_PART_OF_T as i32 }>(t1[i]);
+            let t1_shifted = ntt(t1_shifted);
             let challenge_times_t1_shifted =
-                ntt_multiply_montgomery(&verifier_challenge_as_ntt, &ntt(t1_shifted));
+                ntt_multiply_montgomery(&verifier_challenge_as_ntt, &t1_shifted);
             result[i] = invert_ntt_montgomery(PolynomialRingElement::<SIMDUnit>::subtract(
                 &result[i],
                 &challenge_times_t1_shifted,
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index c3020c87e..717861772 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -508,65 +508,64 @@ pub(crate) fn verify_internal<
         };
 
     // We use if-else branches because early returns will not go through hax.
-    if !vector_infinity_norm_exceeds::<SIMDUnit, COLUMNS_IN_A>(
+    if vector_infinity_norm_exceeds::<SIMDUnit, COLUMNS_IN_A>(
         signature.signer_response,
         (2 << GAMMA1_EXPONENT) - BETA,
     ) {
-        let A_as_ntt =
-            samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
+        return Err(VerificationError::SignerResponseExceedsBoundError);
+    }
+    let A_as_ntt =
+        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
 
-        let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH];
-        Shake256::shake256::<BYTES_FOR_VERIFICATION_KEY_HASH>(
-            verification_key_serialized,
-            &mut verification_key_hash,
-        );
-        let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
-        derive_message_representative::<Shake256Xof>(
-            verification_key_hash,
-            domain_separation_context,
-            message,
-            &mut message_representative,
-        );
+    let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH];
+    Shake256::shake256::<BYTES_FOR_VERIFICATION_KEY_HASH>(
+        verification_key_serialized,
+        &mut verification_key_hash,
+    );
+    let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
+    derive_message_representative::<Shake256Xof>(
+        verification_key_hash,
+        domain_separation_context,
+        message,
+        &mut message_representative,
+    );
 
-        let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::<
-            SIMDUnit,
-            Shake256,
-            ONES_IN_VERIFIER_CHALLENGE,
-            COMMITMENT_HASH_SIZE,
-        >(signature.commitment_hash));
+    let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::<
+        SIMDUnit,
+        Shake256,
+        ONES_IN_VERIFIER_CHALLENGE,
+        COMMITMENT_HASH_SIZE,
+    >(signature.commitment_hash));
 
-        let w_approx = compute_w_approx::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-            &A_as_ntt,
-            signature.signer_response,
-            verifier_challenge_as_ntt,
-            t1,
-        );
+    let w_approx = compute_w_approx::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
+        &A_as_ntt,
+        signature.signer_response,
+        verifier_challenge_as_ntt,
+        t1,
+    );
 
-        let mut commitment_hash = [0; COMMITMENT_HASH_SIZE];
-        {
-            let commitment = use_hint::<SIMDUnit, ROWS_IN_A, GAMMA2>(signature.hint, w_approx);
-            let commitment_serialized = encoding::commitment::serialize_vector::<
-                SIMDUnit,
-                ROWS_IN_A,
-                COMMITMENT_RING_ELEMENT_SIZE,
-                COMMITMENT_VECTOR_SIZE,
-            >(commitment);
+    let mut commitment_hash = [0; COMMITMENT_HASH_SIZE];
+    {
+        let commitment = use_hint::<SIMDUnit, ROWS_IN_A, GAMMA2>(signature.hint, w_approx);
+        let commitment_serialized = encoding::commitment::serialize_vector::<
+            SIMDUnit,
+            ROWS_IN_A,
+            COMMITMENT_RING_ELEMENT_SIZE,
+            COMMITMENT_VECTOR_SIZE,
+        >(commitment);
 
-            let mut shake = Shake256Xof::init();
-            shake.absorb(&message_representative);
-            shake.absorb_final(&commitment_serialized);
+        let mut shake = Shake256Xof::init();
+        shake.absorb(&message_representative);
+        shake.absorb_final(&commitment_serialized);
 
-            shake.squeeze(&mut commitment_hash);
-        }
+        shake.squeeze(&mut commitment_hash);
+    }
 
-        if signature.commitment_hash != commitment_hash {
-            Err(VerificationError::CommitmentHashesDontMatchError)
-        } else {
-            Ok(())
-        }
-    } else {
-        Err(VerificationError::SignerResponseExceedsBoundError)
+    if signature.commitment_hash == commitment_hash {
+        return Ok(());
     }
+
+    return Err(VerificationError::CommitmentHashesDontMatchError);
 }
 
 #[allow(non_snake_case)]
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index ed61cbe7e..96ab1655f 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -441,18 +441,20 @@ fn inside_out_shuffle(
 ) -> bool {
     let mut done = false;
 
-    for byte in randomness {
-        if !done {
-            let sample_at = *byte as usize;
-            if sample_at <= *out_index {
-                result[*out_index] = result[sample_at];
-                *out_index += 1;
-
-                result[sample_at] = 1 - 2 * ((*signs & 1) as i32);
-                *signs >>= 1;
-            }
+    cloop! {
+        for byte in randomness.iter() {
+            if !done {
+                let sample_at = *byte as usize;
+                if sample_at <= *out_index {
+                    result[*out_index] = result[sample_at];
+                    *out_index += 1;
 
-            done = *out_index == result.len();
+                    result[sample_at] = 1 - 2 * ((*signs & 1) as i32);
+                    *signs >>= 1;
+                }
+
+                done = *out_index == result.len();
+            }
         }
     }
 
diff --git a/libcrux-ml-dsa/src/simd/portable/sample.rs b/libcrux-ml-dsa/src/simd/portable/sample.rs
index 3f06380c5..8025024a5 100644
--- a/libcrux-ml-dsa/src/simd/portable/sample.rs
+++ b/libcrux-ml-dsa/src/simd/portable/sample.rs
@@ -1,19 +1,21 @@
-use crate::constants::FIELD_MODULUS;
+use crate::{constants::FIELD_MODULUS, helper::cloop};
 
 #[inline(always)]
 pub fn rejection_sample_less_than_field_modulus(randomness: &[u8], out: &mut [i32]) -> usize {
     let mut sampled = 0;
 
-    for bytes in randomness.chunks(3) {
-        let b0 = bytes[0] as i32;
-        let b1 = bytes[1] as i32;
-        let b2 = bytes[2] as i32;
+    cloop! {
+        for bytes in randomness.chunks_exact(3) {
+            let b0 = bytes[0] as i32;
+            let b1 = bytes[1] as i32;
+            let b2 = bytes[2] as i32;
 
-        let coefficient = ((b2 << 16) | (b1 << 8) | b0) & 0x00_7F_FF_FF;
+            let coefficient = ((b2 << 16) | (b1 << 8) | b0) & 0x00_7F_FF_FF;
 
-        if coefficient < FIELD_MODULUS {
-            out[sampled] = coefficient;
-            sampled += 1;
+            if coefficient < FIELD_MODULUS {
+                out[sampled] = coefficient;
+                sampled += 1;
+            }
         }
     }
 
@@ -24,28 +26,30 @@ pub fn rejection_sample_less_than_field_modulus(randomness: &[u8], out: &mut [i3
 pub fn rejection_sample_less_than_eta_equals_2(randomness: &[u8], out: &mut [i32]) -> usize {
     let mut sampled = 0;
 
-    for byte in randomness {
-        let try_0 = byte & 0xF;
-        let try_1 = byte >> 4;
+    cloop! {
+        for byte in randomness.iter() {
+            let try_0 = byte & 0xF;
+            let try_1 = byte >> 4;
 
-        if try_0 < 15 {
-            let try_0 = try_0 as i32;
+            if try_0 < 15 {
+                let try_0 = try_0 as i32;
 
-            // (try_0 * 26) >> 7 computes ⌊try_0 / 5⌋
-            let try_0_mod_5 = try_0 - ((try_0 * 26) >> 7) * 5;
+                // (try_0 * 26) >> 7 computes ⌊try_0 / 5⌋
+                let try_0_mod_5 = try_0 - ((try_0 * 26) >> 7) * 5;
 
-            out[sampled] = 2 - try_0_mod_5;
+                out[sampled] = 2 - try_0_mod_5;
 
-            sampled += 1;
-        }
+                sampled += 1;
+            }
 
-        if try_1 < 15 {
-            let try_1 = try_1 as i32;
-            let try_1_mod_5 = try_1 - ((try_1 * 26) >> 7) * 5;
+            if try_1 < 15 {
+                let try_1 = try_1 as i32;
+                let try_1_mod_5 = try_1 - ((try_1 * 26) >> 7) * 5;
 
-            out[sampled] = 2 - try_1_mod_5;
+                out[sampled] = 2 - try_1_mod_5;
 
-            sampled += 1;
+                sampled += 1;
+            }
         }
     }
 
@@ -56,18 +60,20 @@ pub fn rejection_sample_less_than_eta_equals_2(randomness: &[u8], out: &mut [i32
 pub fn rejection_sample_less_than_eta_equals_4(randomness: &[u8], out: &mut [i32]) -> usize {
     let mut sampled = 0;
 
-    for byte in randomness {
-        let try_0 = byte & 0xF;
-        let try_1 = byte >> 4;
+    cloop! {
+        for byte in randomness.iter() {
+            let try_0 = byte & 0xF;
+            let try_1 = byte >> 4;
 
-        if try_0 < 9 {
-            out[sampled] = 4 - (try_0 as i32);
-            sampled += 1;
-        }
+            if try_0 < 9 {
+                out[sampled] = 4 - (try_0 as i32);
+                sampled += 1;
+            }
 
-        if try_1 < 9 {
-            out[sampled] = 4 - (try_1 as i32);
-            sampled += 1;
+            if try_1 < 9 {
+                out[sampled] = 4 - (try_1 as i32);
+                sampled += 1;
+            }
         }
     }
 

From 776fe1b5882f65bb375a064e963e03e1e57f0a2a Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Sat, 7 Dec 2024 19:06:41 +0000
Subject: [PATCH 086/142] C extraction; not working

---
 libcrux-ml-dsa/cg/CMakeLists.txt             |    2 +-
 libcrux-ml-dsa/cg/code_gen.txt               |    2 +-
 libcrux-ml-dsa/cg/eurydice_glue.h            |   17 +
 libcrux-ml-dsa/cg/header.txt                 |    2 +-
 libcrux-ml-dsa/cg/libcrux_core.h             |  189 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 3354 ++++++++++++-
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 4697 +++++++++++++++---
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |    2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |    2 +-
 libcrux-ml-dsa/cg/tests/mldsa65.cc           |   28 +-
 10 files changed, 7418 insertions(+), 877 deletions(-)

diff --git a/libcrux-ml-dsa/cg/CMakeLists.txt b/libcrux-ml-dsa/cg/CMakeLists.txt
index b16bf8883..ad60c81f9 100644
--- a/libcrux-ml-dsa/cg/CMakeLists.txt
+++ b/libcrux-ml-dsa/cg/CMakeLists.txt
@@ -29,7 +29,7 @@ if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND
     CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR
     (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND
     CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6"))
-    add_compile_options(-Werror -Wframe-larger-than=25344)
+    # add_compile_options(-Werror -Wframe-larger-than=25344)
 endif()
 
 set(CMAKE_COLOR_DIAGNOSTICS "ON")
diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 6262f3ad3..ff59781b4 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
diff --git a/libcrux-ml-dsa/cg/eurydice_glue.h b/libcrux-ml-dsa/cg/eurydice_glue.h
index 3f9b35cc2..77124b063 100644
--- a/libcrux-ml-dsa/cg/eurydice_glue.h
+++ b/libcrux-ml-dsa/cg/eurydice_glue.h
@@ -157,6 +157,23 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
   return x - y;
 }
 
+#define core_option__core__option__Option_T__TraitClause_0___is_some(o, _t,  \
+                                                                     _ret_t) \
+  (o)->tag
+
+
+static inline uint8_t
+Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v)
+{
+    return (*p) & v;
+}
+
+static inline uint8_t
+Eurydice_shr_pv_u8(uint8_t *p, int32_t v)
+{
+    return (*p) >> v;
+}
+
 // ITERATORS
 
 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 89d611dc6..17dad08f7 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+ * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
  */
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index c7b7b6116..4cf1b281a 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+ * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
  */
 
 #ifndef __libcrux_core_H
@@ -34,10 +34,15 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y);
 
 static inline uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y);
 
+#define Ok 0
+#define Err 1
+
+typedef uint8_t Result_a9_tags;
+
 #define None 0
 #define Some 1
 
-typedef uint8_t Option_08_tags;
+typedef uint8_t Option_d8_tags;
 
 /**
 A monomorphic instance of core.option.Option
@@ -45,15 +50,10 @@ with types size_t
 
 */
 typedef struct Option_08_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   size_t f0;
 } Option_08;
 
-#define Ok 0
-#define Err 1
-
-typedef uint8_t Result_a9_tags;
-
 static inline uint32_t core_num__i32_2__count_ones(int32_t x0);
 
 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
@@ -165,6 +165,40 @@ typedef struct Result_41_s {
   libcrux_ml_dsa_types_VerificationError f0;
 } Result_41;
 
+/**
+A monomorphic instance of core.result.Result
+with types uint8_t[48size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_ae_s {
+  Result_a9_tags tag;
+  union {
+    uint8_t case_Ok[48U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_ae;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types uint8_t[48size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_28(Result_ae self, uint8_t ret[48U]) {
+  if (self.tag == Ok) {
+    uint8_t f0[48U];
+    memcpy(f0, self.val.case_Ok, (size_t)48U * sizeof(uint8_t));
+    memcpy(ret, f0, (size_t)48U * sizeof(uint8_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.types.MLDSAVerificationKey
 with const generics
@@ -191,6 +225,26 @@ static inline uint8_t *libcrux_ml_dsa_types_as_raw_66_97(
   return self->value;
 }
 
+/**
+A monomorphic instance of core.option.Option
+with types int32_t[256size_t][6size_t]
+
+*/
+typedef struct Option_f0_s {
+  Option_d8_tags tag;
+  int32_t f0[6U][256U];
+} Option_f0;
+
+/**
+A monomorphic instance of core.option.Option
+with types uint8_t[48size_t]
+
+*/
+typedef struct Option_67_s {
+  Option_d8_tags tag;
+  uint8_t f0[48U];
+} Option_67;
+
 #define libcrux_ml_dsa_types_RejectionSamplingError 0
 #define libcrux_ml_dsa_types_ContextTooLongError 1
 
@@ -210,6 +264,95 @@ typedef struct Result_2e_s {
   } val;
 } Result_2e;
 
+/**
+ Build
+*/
+/**
+This function found in impl {libcrux_ml_dsa::types::MLDSASignature<SIZE>#4}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.types.new_8f
+with const generics
+- SIZE= 3309
+*/
+static inline libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature
+libcrux_ml_dsa_types_new_8f_fa(uint8_t value[3309U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_value[3309U];
+  memcpy(copy_of_value, value, (size_t)3309U * sizeof(uint8_t));
+  libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature lit;
+  memcpy(lit.value, copy_of_value, (size_t)3309U * sizeof(uint8_t));
+  return lit;
+}
+
+/**
+A monomorphic instance of core.result.Result
+with types uint8_t[64size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_f2_s {
+  Result_a9_tags tag;
+  union {
+    uint8_t case_Ok[64U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_f2;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types uint8_t[64size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_4b(Result_f2 self, uint8_t ret[64U]) {
+  if (self.tag == Ok) {
+    uint8_t f0[64U];
+    memcpy(f0, self.val.case_Ok, (size_t)64U * sizeof(uint8_t));
+    memcpy(ret, f0, (size_t)64U * sizeof(uint8_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
+/**
+A monomorphic instance of core.result.Result
+with types uint8_t[32size_t], core_array_TryFromSliceError
+
+*/
+typedef struct Result_fb_s {
+  Result_a9_tags tag;
+  union {
+    uint8_t case_Ok[32U];
+    TryFromSliceError case_Err;
+  } val;
+} Result_fb;
+
+/**
+This function found in impl {core::result::Result<T, E>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of core.result.unwrap_26
+with types uint8_t[32size_t], core_array_TryFromSliceError
+
+*/
+static inline void unwrap_26_b3(Result_fb self, uint8_t ret[32U]) {
+  if (self.tag == Ok) {
+    uint8_t f0[32U];
+    memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));
+    memcpy(ret, f0, (size_t)32U * sizeof(uint8_t));
+  } else {
+    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                      "unwrap not Ok");
+    KRML_HOST_EXIT(255U);
+  }
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.types.MLDSASigningKey
 with const generics
@@ -316,26 +459,6 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_utils_into_padded_array_b6(
   memcpy(ret, out, (size_t)34U * sizeof(uint8_t));
 }
 
-/**
-A monomorphic instance of core.option.Option
-with types  uint8_t*
-
-*/
-typedef struct Option_3f_s {
-  Option_08_tags tag;
-  uint8_t *f0;
-} Option_3f;
-
-/**
-A monomorphic instance of core.option.Option
-with types Eurydice_slice uint8_t
-
-*/
-typedef struct Option_1b_s {
-  Option_08_tags tag;
-  Eurydice_slice f0;
-} Option_1b;
-
 /**
 A monomorphic instance of core.result.Result
 with types int32_t[8size_t], core_array_TryFromSliceError
@@ -370,6 +493,16 @@ static inline void unwrap_26_55(Result_6c self, int32_t ret[8U]) {
   }
 }
 
+/**
+A monomorphic instance of core.option.Option
+with types uint8_t[11size_t]
+
+*/
+typedef struct Option_30_s {
+  Option_d8_tags tag;
+  uint8_t f0[11U];
+} Option_30;
+
 typedef struct libcrux_ml_dsa_ml_dsa_65_MLDSA65KeyPair_s {
   libcrux_ml_dsa_types_MLDSASigningKey_22 signing_key;
   libcrux_ml_dsa_types_MLDSAVerificationKey_ea verification_key;
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 9bc355151..7c5698cb0 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+ * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -912,9 +912,94 @@ libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta_equals_4_a2(
 #define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
   ((int32_t)1 << 17U)
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_gamma1_serialize_when_gamma1_is_2_pow_17(
+    __m256i simd_unit, Eurydice_slice out) {
+  uint8_t serialized[32U] = {0U};
+  __m256i simd_unit_shifted = libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1),
+      simd_unit);
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      simd_unit_shifted, libcrux_intrinsics_avx2_mm256_set_epi32(
+                             (int32_t)0, (int32_t)14, (int32_t)0, (int32_t)14,
+                             (int32_t)0, (int32_t)14, (int32_t)0, (int32_t)14));
+  __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)14, adjacent_2_combined, __m256i);
+  __m256i every_second_element = libcrux_intrinsics_avx2_mm256_bsrli_epi128(
+      (int32_t)8, adjacent_2_combined0, __m256i);
+  __m256i every_second_element_shifted =
+      libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36,
+                                               every_second_element, __m256i);
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_add_epi64(
+      adjacent_2_combined0, every_second_element_shifted);
+  __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srlv_epi64(
+      adjacent_4_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi64x((int64_t)28, (int64_t)0,
+                                               (int64_t)28, (int64_t)0));
+  __m128i lower_4 =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_4_combined0);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
+      lower_4);
+  __m128i upper_4 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+      (int32_t)1, adjacent_4_combined0, __m128i);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)9U, (size_t)25U, uint8_t),
+      upper_4);
+  Eurydice_slice uu____0 = out;
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)18U, uint8_t),
+      uint8_t);
+}
+
 #define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
   ((int32_t)1 << 19U)
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_gamma1_serialize_when_gamma1_is_2_pow_19(
+    __m256i simd_unit, Eurydice_slice out) {
+  uint8_t serialized[32U] = {0U};
+  __m256i simd_unit_shifted = libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1),
+      simd_unit);
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      simd_unit_shifted, libcrux_intrinsics_avx2_mm256_set_epi32(
+                             (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12,
+                             (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12));
+  __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)12, adjacent_2_combined, __m256i);
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      adjacent_2_combined0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8,
+          (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4,
+          (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0));
+  __m128i lower_4 =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_4_combined);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
+      lower_4);
+  __m128i upper_4 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+      (int32_t)1, adjacent_4_combined, __m128i);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U,
+                                  uint8_t),
+      upper_4);
+  Eurydice_slice uu____0 = out;
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t),
+      uint8_t);
+}
+
 #define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
   ((int32_t)1 << 17U)
 
@@ -997,12 +1082,208 @@ libcrux_ml_dsa_simd_avx2_encoding_gamma1_deserialize_when_gamma1_is_2_pow_19(
       coefficients1);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_commitment_serialize(__m256i simd_unit,
+                                                       Eurydice_slice out) {
+  uint8_t serialized[19U] = {0U};
+  switch ((uint8_t)Eurydice_slice_len(out, uint8_t)) {
+    case 4U: {
+      __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+          simd_unit, libcrux_intrinsics_avx2_mm256_set_epi32(
+                         (int32_t)0, (int32_t)28, (int32_t)0, (int32_t)28,
+                         (int32_t)0, (int32_t)28, (int32_t)0, (int32_t)28));
+      __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+          (int32_t)28, adjacent_2_combined, __m256i);
+      __m256i adjacent_4_combined =
+          libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+              adjacent_2_combined0,
+              libcrux_intrinsics_avx2_mm256_set_epi32(
+                  (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)6,
+                  (int32_t)2, (int32_t)4, (int32_t)0));
+      __m128i adjacent_4_combined0 =
+          libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_4_combined);
+      __m128i adjacent_4_combined1 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+          adjacent_4_combined0,
+          libcrux_intrinsics_avx2_mm_set_epi8(240U, 240U, 240U, 240U, 240U,
+                                              240U, 240U, 240U, 240U, 240U,
+                                              240U, 240U, 12U, 4U, 8U, 0U));
+      libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+          Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U,
+                                      uint8_t),
+          adjacent_4_combined1);
+      Eurydice_slice uu____0 = out;
+      Eurydice_slice_copy(uu____0,
+                          Eurydice_array_to_subslice2(serialized, (size_t)0U,
+                                                      (size_t)4U, uint8_t),
+                          uint8_t);
+      break;
+    }
+    case 6U: {
+      __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+          simd_unit, libcrux_intrinsics_avx2_mm256_set_epi32(
+                         (int32_t)0, (int32_t)26, (int32_t)0, (int32_t)26,
+                         (int32_t)0, (int32_t)26, (int32_t)0, (int32_t)26));
+      __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+          (int32_t)26, adjacent_2_combined, __m256i);
+      __m256i adjacent_3_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+          adjacent_2_combined0,
+          libcrux_intrinsics_avx2_mm256_set_epi8(
+              (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+              (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+              (int8_t)-1, (int8_t)-1, (int8_t)9, (int8_t)8, (int8_t)1,
+              (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+              (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+              (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)9, (int8_t)8,
+              (int8_t)1, (int8_t)0));
+      __m256i adjacent_3_combined0 = libcrux_intrinsics_avx2_mm256_mullo_epi16(
+          adjacent_3_combined,
+          libcrux_intrinsics_avx2_mm256_set_epi16(
+              (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1,
+              (int16_t)1, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1,
+              (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1,
+              (int16_t)1 << 4U));
+      __m256i adjacent_3_combined1 = libcrux_intrinsics_avx2_mm256_srlv_epi32(
+          adjacent_3_combined0,
+          libcrux_intrinsics_avx2_mm256_set_epi32(
+              (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0,
+              (int32_t)0, (int32_t)0, (int32_t)4));
+      __m128i lower_3 =
+          libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_3_combined1);
+      libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+          Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U,
+                                      uint8_t),
+          lower_3);
+      __m128i upper_3 = libcrux_intrinsics_avx2_mm256_extracti128_si256(
+          (int32_t)1, adjacent_3_combined1, __m128i);
+      libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+          Eurydice_array_to_subslice2(serialized, (size_t)3U, (size_t)19U,
+                                      uint8_t),
+          upper_3);
+      Eurydice_slice uu____1 = out;
+      Eurydice_slice_copy(uu____1,
+                          Eurydice_array_to_subslice2(serialized, (size_t)0U,
+                                                      (size_t)6U, uint8_t),
+                          uint8_t);
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                        "panic!");
+      KRML_HOST_EXIT(255U);
+    }
+  }
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_commitment_serialize_a2(
+    __m256i simd_unit, Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_avx2_encoding_commitment_serialize(simd_unit, serialized);
+}
+
 #define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA \
   ((int32_t)2)
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_error_serialize_when_eta_is_2(
+    __m256i simd_unit, Eurydice_slice out) {
+  uint8_t serialized[16U] = {0U};
+  __m256i simd_unit_shifted = libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA),
+      simd_unit);
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      simd_unit_shifted, libcrux_intrinsics_avx2_mm256_set_epi32(
+                             (int32_t)0, (int32_t)29, (int32_t)0, (int32_t)29,
+                             (int32_t)0, (int32_t)29, (int32_t)0, (int32_t)29));
+  __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)29, adjacent_2_combined, __m256i);
+  __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8(
+      adjacent_2_combined0,
+      libcrux_intrinsics_avx2_mm256_set_epi8(
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)8, (int8_t)-1, (int8_t)0,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1,
+          (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)8, (int8_t)-1,
+          (int8_t)0));
+  __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_madd_epi16(
+      adjacent_4_combined,
+      libcrux_intrinsics_avx2_mm256_set_epi16(
+          (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0,
+          (int16_t)0, (int16_t)1 << 6U, (int16_t)1, (int16_t)0, (int16_t)0,
+          (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)1 << 6U,
+          (int16_t)1));
+  __m256i adjacent_6_combined =
+      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+          adjacent_4_combined0,
+          libcrux_intrinsics_avx2_mm256_set_epi32(
+              (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0,
+              (int32_t)0, (int32_t)4, (int32_t)0));
+  __m128i adjacent_6_combined0 =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_6_combined);
+  __m128i adjacent_6_combined1 = libcrux_intrinsics_avx2_mm_sllv_epi32(
+      adjacent_6_combined0,
+      libcrux_intrinsics_avx2_mm_set_epi32((int32_t)0, (int32_t)0, (int32_t)0,
+                                           (int32_t)20));
+  __m128i adjacent_6_combined2 = libcrux_intrinsics_avx2_mm_srli_epi64(
+      (int32_t)20, adjacent_6_combined1, __m128i);
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
+      adjacent_6_combined2);
+  Eurydice_slice uu____0 = out;
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)3U, uint8_t),
+      uint8_t);
+}
+
 #define LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA \
   ((int32_t)4)
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_error_serialize_when_eta_is_4(
+    __m256i simd_unit, Eurydice_slice out) {
+  uint8_t serialized[16U] = {0U};
+  __m256i simd_unit_shifted = libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32(
+          LIBCRUX_ML_DSA_SIMD_AVX2_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA),
+      simd_unit);
+  __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32(
+      simd_unit_shifted, libcrux_intrinsics_avx2_mm256_set_epi32(
+                             (int32_t)0, (int32_t)28, (int32_t)0, (int32_t)28,
+                             (int32_t)0, (int32_t)28, (int32_t)0, (int32_t)28));
+  __m256i adjacent_2_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64(
+      (int32_t)28, adjacent_2_combined, __m256i);
+  __m256i adjacent_4_combined =
+      libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(
+          adjacent_2_combined0,
+          libcrux_intrinsics_avx2_mm256_set_epi32(
+              (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)6,
+              (int32_t)2, (int32_t)4, (int32_t)0));
+  __m128i adjacent_4_combined0 =
+      libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_4_combined);
+  __m128i adjacent_4_combined1 = libcrux_intrinsics_avx2_mm_shuffle_epi8(
+      adjacent_4_combined0, libcrux_intrinsics_avx2_mm_set_epi8(
+                                240U, 240U, 240U, 240U, 240U, 240U, 240U, 240U,
+                                240U, 240U, 240U, 240U, 12U, 4U, 8U, 0U));
+  libcrux_intrinsics_avx2_mm_storeu_bytes_si128(
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t),
+      adjacent_4_combined1);
+  Eurydice_slice uu____0 = out;
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)4U, uint8_t),
+      uint8_t);
+}
+
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_dsa_simd_avx2_encoding_t0_change_interval(__m256i simd_unit) {
@@ -4482,6 +4763,113 @@ libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(uint8_t seed[66U]) {
   KRML_HOST_EXIT(255U);
 }
 
+/**
+A monomorphic instance of libcrux_ml_dsa.ntt.ntt
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_ntt_ntt_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re) {
+  __m256i uu____0[32U];
+  memcpy(uu____0, re.simd_units, (size_t)32U * sizeof(__m256i));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 lit;
+  __m256i ret[32U];
+  libcrux_ml_dsa_simd_avx2_ntt_a2(uu____0, ret);
+  memcpy(lit.simd_units, ret, (size_t)32U * sizeof(__m256i));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_As1_plus_s2.closure
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_matrix_compute_As1_plus_s2_closure_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s) {
+  return libcrux_ml_dsa_ntt_ntt_ea(s);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ntt.ntt_multiply_montgomery
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *rhs) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 out =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, out.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    out.simd_units[i0] = libcrux_ml_dsa_simd_avx2_montgomery_multiply_a2(
+        lhs->simd_units[i0], rhs->simd_units[i0]);
+  }
+  return out;
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.add_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_polynomial_add_ff_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *self,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *rhs) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 sum =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, sum.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    sum.simd_units[i0] = libcrux_ml_dsa_simd_avx2_add_a2(&self->simd_units[i0],
+                                                         &rhs->simd_units[i0]);
+  }
+  return sum;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ntt.invert_ntt_montgomery
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_ntt_invert_ntt_montgomery_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re) {
+  __m256i uu____0[32U];
+  memcpy(uu____0, re.simd_units, (size_t)32U * sizeof(__m256i));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 lit;
+  __m256i ret[32U];
+  libcrux_ml_dsa_simd_avx2_invert_ntt_montgomery_a2(uu____0, ret);
+  memcpy(lit.simd_units, ret, (size_t)32U * sizeof(__m256i));
+  return lit;
+}
+
 /**
  Compute InvertNTT(Â ◦ ŝ₁) + s₂
 */
@@ -4498,17 +4886,54 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_As1_plus_s2_fe(
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *s1,
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *s2,
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "@Array<libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>["
-      "TraitClause@0, TraitClause@1], "
-      "C@1>>[core::marker::Sized<@Array<libcrux_ml_dsa::polynomial::"
-      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1], C@1>>] "
-      "enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1_ntt[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1_ntt[i] =
+        libcrux_ml_dsa_matrix_compute_As1_plus_s2_closure_fe(copy_of_s1[i]);
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, A_as_ntt,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *row = A_as_ntt[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)5U, row,
+                     libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+                 libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+          &row[j];
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 product =
+          libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(ring_element,
+                                                        &s1_ntt[j]);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+          libcrux_ml_dsa_polynomial_add_ff_ea(&result[i1], &product);
+      result[i1] = uu____1;
+    }
+    result[i1] = libcrux_ml_dsa_ntt_invert_ntt_montgomery_ea(result[i1]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____3 =
+        libcrux_ml_dsa_polynomial_add_ff_ea(&result[i1], &s2[i1]);
+    result[i1] = uu____3;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
 }
 
 typedef struct
@@ -4528,16 +4953,89 @@ static KRML_MUSTINLINE
     libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
     libcrux_ml_dsa_arithmetic_power2round_vector_a3(
         libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t[6U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
-      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
-      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
-      "enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t0[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    t0[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    t1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, t,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element = &t[i1];
+    for (size_t i = (size_t)0U;
+         i <
+         Eurydice_slice_len(Eurydice_array_to_slice(
+                                (size_t)32U, ring_element->simd_units, __m256i),
+                            __m256i);
+         i++) {
+      size_t j = i;
+      __m256i *simd_unit = &ring_element->simd_units[j];
+      libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2 uu____0 =
+          libcrux_ml_dsa_simd_avx2_power2round_a2(simd_unit[0U]);
+      __m256i t0_unit = uu____0.fst;
+      __m256i t1_unit = uu____0.snd;
+      t0[i1].simd_units[j] = t0_unit;
+      t1[i1].simd_units[j] = t1_unit;
+    }
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t0[6U];
+  memcpy(
+      copy_of_t0, t0,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t1[6U];
+  memcpy(
+      copy_of_t1, t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
+      lit;
+  memcpy(
+      lit.fst, copy_of_t0,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.snd, copy_of_t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t1.serialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t1_serialize_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re, uint8_t ret[320U]) {
+  uint8_t serialized[320U] = {0U};
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, re.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &re.simd_units[i0];
+    Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+        serialized,
+        i0 * LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT,
+        (i0 + (size_t)1U) *
+            LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT,
+        uint8_t);
+    uint8_t ret0[10U];
+    libcrux_ml_dsa_simd_avx2_t1_serialize_a2(simd_unit[0U], ret0);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)10U, ret0, uint8_t), uint8_t);
+  }
+  memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
 }
 
 /**
@@ -4553,16 +5051,31 @@ libcrux_ml_dsa_encoding_verification_key_generate_serialized_fe(
     Eurydice_slice seed_for_A,
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U],
     uint8_t ret[1952U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
-      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
-      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
-      "enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t verification_key_serialized[1952U] = {0U};
+  Eurydice_slice_copy(Eurydice_array_to_subslice2(
+                          verification_key_serialized, (size_t)0U,
+                          LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t),
+                      seed_for_A, uint8_t);
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, t1,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element = &t1[i0];
+    size_t offset = LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE +
+                    i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE;
+    Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+        verification_key_serialized, offset,
+        offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE, uint8_t);
+    uint8_t ret0[320U];
+    libcrux_ml_dsa_encoding_t1_serialize_ea(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)320U, ret0, uint8_t), uint8_t);
+  }
+  memcpy(ret, verification_key_serialized, (size_t)1952U * sizeof(uint8_t));
 }
 
 /**
@@ -4593,6 +5106,34 @@ libcrux_ml_dsa_hash_functions_simd256_shake256_d9_24(Eurydice_slice input,
   libcrux_ml_dsa_hash_functions_simd256_shake256_24(input, out);
 }
 
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.encoding.error.serialize
+with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_error_serialize_ac(
+    __m256i simd_unit, Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_avx2_encoding_error_serialize_when_eta_is_4(simd_unit,
+                                                                  serialized);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.error_serialize_a2
+with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_error_serialize_a2_ac(
+    __m256i simd_unit, Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_avx2_encoding_error_serialize_ac(simd_unit, serialized);
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.encoding.error.serialize
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
@@ -4602,14 +5143,23 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_error_serialize_a8(
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re, uint8_t ret[128U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "T@0>[TraitClause@0] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re,
+    Eurydice_slice serialized) {
+  size_t output_bytes_per_simd_unit;
+  output_bytes_per_simd_unit = (size_t)4U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, re.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &re.simd_units[i0];
+    libcrux_ml_dsa_simd_avx2_error_serialize_a2_ac(
+        simd_unit[0U],
+        Eurydice_slice_subslice2(serialized, i0 * output_bytes_per_simd_unit,
+                                 (i0 + (size_t)1U) * output_bytes_per_simd_unit,
+                                 uint8_t));
+  }
 }
 
 /**
@@ -4620,14 +5170,25 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t0_serialize_ea(
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re, uint8_t ret[416U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "T@0>[TraitClause@0] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, re.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &re.simd_units[i0];
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        serialized, i0 * LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+        (i0 + (size_t)1U) *
+            LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+        uint8_t);
+    uint8_t ret[13U];
+    libcrux_ml_dsa_simd_avx2_t0_serialize_a2(simd_unit[0U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)13U, ret, uint8_t), uint8_t);
+  }
 }
 
 /**
@@ -4683,15 +5244,14 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9(
                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
                libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
        i++) {
-    size_t _cloop_i = i;
+    size_t _cloop_j = i;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
-        &s1[_cloop_i];
-    Eurydice_slice uu____1 = Eurydice_array_to_subslice2(
-        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
-    uint8_t ret0[128U];
-    libcrux_ml_dsa_encoding_error_serialize_a8(ring_element[0U], ret0);
-    Eurydice_slice_copy(
-        uu____1, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+        &s1[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_error_serialize_a8(
+        uu____1, Eurydice_array_to_subslice2(signing_key_serialized, offset,
+                                             offset + (size_t)128U, uint8_t));
     offset = offset + (size_t)128U;
   }
   for (size_t i = (size_t)0U;
@@ -4701,15 +5261,14 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9(
                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
                libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
        i++) {
-    size_t _cloop_i = i;
+    size_t _cloop_j = i;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
-        &s2[_cloop_i];
-    Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
-        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
-    uint8_t ret0[128U];
-    libcrux_ml_dsa_encoding_error_serialize_a8(ring_element[0U], ret0);
-    Eurydice_slice_copy(
-        uu____2, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+        &s2[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_error_serialize_a8(
+        uu____2, Eurydice_array_to_subslice2(signing_key_serialized, offset,
+                                             offset + (size_t)128U, uint8_t));
     offset = offset + (size_t)128U;
   }
   for (size_t i = (size_t)0U;
@@ -4719,16 +5278,16 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9(
                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
                libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
        i++) {
-    size_t _cloop_i = i;
+    size_t _cloop_j = i;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
-        &t0[_cloop_i];
-    Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
-        signing_key_serialized, offset,
-        offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE, uint8_t);
-    uint8_t ret0[416U];
-    libcrux_ml_dsa_encoding_t0_serialize_ea(ring_element[0U], ret0);
-    Eurydice_slice_copy(
-        uu____3, Eurydice_array_to_slice((size_t)416U, ret0, uint8_t), uint8_t);
+        &t0[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____3 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_t0_serialize_ea(
+        uu____3, Eurydice_array_to_subslice2(
+                     signing_key_serialized, offset,
+                     offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE,
+                     uint8_t));
     offset = offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE;
   }
   memcpy(ret, signing_key_serialized, (size_t)4032U * sizeof(uint8_t));
@@ -4937,38 +5496,1841 @@ libcrux_ml_dsa_ml_dsa_65_avx2_generate_key_pair(uint8_t randomness[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
-libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
-libcrux_ml_dsa_hash_functions_simd256_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
-libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+A monomorphic instance of K.
+with types size_t, core_core_arch_x86___m256i
+
+*/
+typedef struct tuple_bb_s {
+  size_t fst;
+  __m256i snd;
+} tuple_bb;
+
+/**
+A monomorphic instance of K.
+with types uint8_t[32size_t], uint8_t[32size_t], uint8_t[64size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[6size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[6size_t]
+
+*/
+typedef struct tuple_f00_s {
+  uint8_t fst[32U];
+  uint8_t snd[32U];
+  uint8_t thd[64U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f3[5U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f4[6U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f5[6U];
+} tuple_f00;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.encoding.error.deserialize
+with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_ac(
+    Eurydice_slice serialized) {
+  __m256i unsigned =
+      libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_to_unsigned_ac(
+          serialized);
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(
+      libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)(size_t)4U), unsigned);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.error_deserialize_a2
+with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_error_deserialize_a2_ac(Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_avx2_encoding_error_deserialize_ac(serialized);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.error.deserialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ETA= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_error_deserialize_4d(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *result) {
+  size_t chunk_size;
+  chunk_size = (size_t)4U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)32U, result->simd_units, __m256i),
+                              __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i uu____0 = libcrux_ml_dsa_simd_avx2_error_deserialize_a2_ac(
+        Eurydice_slice_subslice2(serialized, i0 * chunk_size,
+                                 (i0 + (size_t)1U) * chunk_size, uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.error.deserialize_to_vector_then_ntt with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+- DIMENSION= 5
+- ETA= 4
+- RING_ELEMENT_SIZE= 128
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_5b(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ring_elements[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    ring_elements[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)128U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes =
+        Eurydice_slice_subslice2(serialized, i0 * (size_t)128U,
+                                 i0 * (size_t)128U + (size_t)128U, uint8_t);
+    libcrux_ml_dsa_encoding_error_deserialize_4d(bytes, &ring_elements[i0]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ea(ring_elements[i0]);
+    ring_elements[i0] = uu____0;
+  }
+  memcpy(
+      ret, ring_elements,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.error.deserialize_to_vector_then_ntt with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+- DIMENSION= 6
+- ETA= 4
+- RING_ELEMENT_SIZE= 128
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_ef(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ring_elements[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    ring_elements[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)128U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes =
+        Eurydice_slice_subslice2(serialized, i0 * (size_t)128U,
+                                 i0 * (size_t)128U + (size_t)128U, uint8_t);
+    libcrux_ml_dsa_encoding_error_deserialize_4d(bytes, &ring_elements[i0]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ea(ring_elements[i0]);
+    ring_elements[i0] = uu____0;
+  }
+  memcpy(
+      ret, ring_elements,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t0.deserialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t0_deserialize_ea(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *result) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)32U, result->simd_units, __m256i),
+                              __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i uu____0 =
+        libcrux_ml_dsa_simd_avx2_t0_deserialize_a2(Eurydice_slice_subslice2(
+            serialized,
+            i0 * LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+            uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.t0.deserialize_to_vector_then_ntt with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+- DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_t0_deserialize_to_vector_then_ntt_a3(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ring_elements[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    ring_elements[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) /
+               LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE;
+       i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes = Eurydice_slice_subslice2(
+        serialized, i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE,
+        i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE +
+            LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE,
+        uint8_t);
+    libcrux_ml_dsa_encoding_t0_deserialize_ea(bytes, &ring_elements[i0]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ea(ring_elements[i0]);
+    ring_elements[i0] = uu____0;
+  }
+  memcpy(
+      ret, ring_elements,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.signing_key.deserialize_then_ntt with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 - ETA= 4
 - ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
 - SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
-    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
-    uint8_t randomness[32U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"TODO: TraitTypes "
-      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
-      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
-      "TraitClause@1]::Residual\")\n");
-  KRML_HOST_EXIT(255U);
+static KRML_MUSTINLINE tuple_f00
+libcrux_ml_dsa_encoding_signing_key_deserialize_then_ntt_b6(
+    uint8_t *serialized) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)4032U, serialized, uint8_t),
+      LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_A = uu____0.fst;
+  Eurydice_slice remaining_serialized0 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      remaining_serialized0, LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE,
+      uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_signing = uu____1.fst;
+  Eurydice_slice remaining_serialized1 = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
+      remaining_serialized1,
+      LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice verification_key_hash = uu____2.fst;
+  Eurydice_slice remaining_serialized2 = uu____2.snd;
+  Eurydice_slice_uint8_t_x2 uu____3 =
+      Eurydice_slice_split_at(remaining_serialized2, (size_t)128U * (size_t)5U,
+                              uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice s1_serialized = uu____3.fst;
+  Eurydice_slice remaining_serialized = uu____3.snd;
+  Eurydice_slice_uint8_t_x2 uu____4 =
+      Eurydice_slice_split_at(remaining_serialized, (size_t)128U * (size_t)6U,
+                              uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice s2_serialized = uu____4.fst;
+  Eurydice_slice t0_serialized = uu____4.snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1_as_ntt[5U];
+  libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_5b(s1_serialized,
+                                                                  s1_as_ntt);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2_as_ntt[6U];
+  libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_ef(s2_serialized,
+                                                                  s2_as_ntt);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t0_as_ntt[6U];
+  libcrux_ml_dsa_encoding_t0_deserialize_to_vector_then_ntt_a3(t0_serialized,
+                                                               t0_as_ntt);
+  uint8_t uu____5[32U];
+  Result_fb dst0;
+  Eurydice_slice_to_array2(&dst0, seed_for_A, Eurydice_slice, uint8_t[32U]);
+  unwrap_26_b3(dst0, uu____5);
+  uint8_t uu____6[32U];
+  Result_fb dst1;
+  Eurydice_slice_to_array2(&dst1, seed_for_signing, Eurydice_slice,
+                           uint8_t[32U]);
+  unwrap_26_b3(dst1, uu____6);
+  uint8_t uu____7[64U];
+  Result_f2 dst;
+  Eurydice_slice_to_array2(&dst, verification_key_hash, Eurydice_slice,
+                           uint8_t[64U]);
+  unwrap_26_4b(dst, uu____7);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1_as_ntt[5U];
+  memcpy(
+      copy_of_s1_as_ntt, s1_as_ntt,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2_as_ntt[6U];
+  memcpy(
+      copy_of_s2_as_ntt, s2_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t0_as_ntt[6U];
+  memcpy(
+      copy_of_t0_as_ntt, t0_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  tuple_f00 lit;
+  memcpy(lit.fst, uu____5, (size_t)32U * sizeof(uint8_t));
+  memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t));
+  memcpy(lit.thd, uu____7, (size_t)64U * sizeof(uint8_t));
+  memcpy(
+      lit.f3, copy_of_s1_as_ntt,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.f4, copy_of_s2_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.f5, copy_of_t0_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of core.option.Option
+with types libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t]
+
+*/
+typedef struct Option_a4_s {
+  Option_d8_tags tag;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f0[5U];
+} Option_a4;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_x4
+with const generics
+- OUT_LEN= 576
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_x4_1b(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, uint8_t *out0, uint8_t *out1, uint8_t *out2,
+    uint8_t *out3) {
+  libcrux_sha3_avx2_x4_shake256(
+      input0, input1, input2, input3,
+      Eurydice_array_to_slice((size_t)576U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)576U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)576U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)576U, out3, uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake256x4)#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_x4_fb
+with const generics
+- OUT_LEN= 576
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_x4_fb_1b(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, uint8_t *out0, uint8_t *out1, uint8_t *out2,
+    uint8_t *out3) {
+  libcrux_ml_dsa_hash_functions_simd256_shake256_x4_1b(
+      input0, input1, input2, input3, out0, out1, out2, out3);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.encoding.gamma1.deserialize
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_encoding_gamma1_deserialize_36(
+    Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_avx2_encoding_gamma1_deserialize_when_gamma1_is_2_pow_19(
+      serialized);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.gamma1_deserialize_a2
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_gamma1_deserialize_a2_36(Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_avx2_encoding_gamma1_deserialize_36(serialized);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.gamma1.deserialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *result) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)32U, result->simd_units, __m256i),
+                              __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i uu____0 = libcrux_ml_dsa_simd_avx2_gamma1_deserialize_a2_36(
+        Eurydice_slice_subslice2(serialized, i0 * ((size_t)19U + (size_t)1U),
+                                 (i0 + (size_t)1U) * ((size_t)19U + (size_t)1U),
+                                 uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_x4
+with const generics
+- OUT_LEN= 640
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_x4_c8(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, uint8_t *out0, uint8_t *out1, uint8_t *out2,
+    uint8_t *out3) {
+  libcrux_sha3_avx2_x4_shake256(
+      input0, input1, input2, input3,
+      Eurydice_array_to_slice((size_t)640U, out0, uint8_t),
+      Eurydice_array_to_slice((size_t)640U, out1, uint8_t),
+      Eurydice_array_to_slice((size_t)640U, out2, uint8_t),
+      Eurydice_array_to_slice((size_t)640U, out3, uint8_t));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::simd256::Shake256x4)#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_x4_fb
+with const generics
+- OUT_LEN= 640
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_x4_fb_c8(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, uint8_t *out0, uint8_t *out1, uint8_t *out2,
+    uint8_t *out3) {
+  libcrux_ml_dsa_hash_functions_simd256_shake256_x4_c8(
+      input0, input1, input2, input3, out0, out1, out2, out3);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256
+with const generics
+- OUTPUT_LENGTH= 576
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_simd256_shake256_1b(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake256(
+      Eurydice_array_to_slice((size_t)576U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::simd256::Shake256)#1}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_d9
+with const generics
+- OUTPUT_LENGTH= 576
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_d9_1b(Eurydice_slice input,
+                                                     uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_simd256_shake256_1b(input, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256
+with const generics
+- OUTPUT_LENGTH= 640
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_simd256_shake256_c8(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake256(
+      Eurydice_array_to_slice((size_t)640U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::simd256::Shake256)#1}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.simd256.shake256_d9
+with const generics
+- OUTPUT_LENGTH= 640
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_simd256_shake256_d9_c8(Eurydice_slice input,
+                                                     uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_simd256_shake256_c8(input, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_mask_ring_element
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256 with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_mask_ring_element_d9(
+    uint8_t seed[66U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *result) {
+  uint8_t out[640U] = {0U};
+  libcrux_ml_dsa_hash_functions_simd256_shake256_d9_c8(
+      Eurydice_array_to_slice((size_t)66U, seed, uint8_t), out);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+      Eurydice_array_to_slice((size_t)640U, out, uint8_t), result);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_mask_vector
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- DIMENSION= 5
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_mask_vector_51(
+    uint8_t seed[66U], uint16_t *domain_separator,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 mask[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    mask[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[66U];
+  memcpy(copy_of_seed0, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed0[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed0, domain_separator, seed0);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[66U];
+  memcpy(copy_of_seed1, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed1[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed1, domain_separator, seed1);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[66U];
+  memcpy(copy_of_seed2, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed2[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed2, domain_separator, seed2);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[66U];
+  memcpy(copy_of_seed3, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed3[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed3, domain_separator, seed3);
+  uint8_t out0[640U] = {0U};
+  uint8_t out1[640U] = {0U};
+  uint8_t out2[640U] = {0U};
+  uint8_t out3[640U] = {0U};
+  libcrux_ml_dsa_hash_functions_simd256_shake256_x4_fb_c8(
+      Eurydice_array_to_slice((size_t)66U, seed0, uint8_t),
+      Eurydice_array_to_slice((size_t)66U, seed1, uint8_t),
+      Eurydice_array_to_slice((size_t)66U, seed2, uint8_t),
+      Eurydice_array_to_slice((size_t)66U, seed3, uint8_t), out0, out1, out2,
+      out3);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+      Eurydice_array_to_slice((size_t)640U, out0, uint8_t), mask);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+      Eurydice_array_to_slice((size_t)640U, out1, uint8_t), &mask[1U]);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+      Eurydice_array_to_slice((size_t)640U, out2, uint8_t), &mask[2U]);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+      Eurydice_array_to_slice((size_t)640U, out3, uint8_t), &mask[3U]);
+  for (size_t i = (size_t)4U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    seed[64U] = (uint8_t)domain_separator[0U];
+    seed[65U] = (uint8_t)((uint32_t)domain_separator[0U] >> 8U);
+    domain_separator[0U] = (uint32_t)domain_separator[0U] + 1U;
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_seed[66U];
+    memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+    libcrux_ml_dsa_sample_sample_mask_ring_element_d9(copy_of_seed, &mask[i0]);
+  }
+  memcpy(
+      ret, mask,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_A_times_mask.closure
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_matrix_compute_A_times_mask_closure_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s) {
+  return libcrux_ml_dsa_ntt_ntt_ea(s);
+}
+
+/**
+ Compute InvertNTT(Â ◦ ŷ)
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_A_times_mask
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_A_times_mask_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*A_as_ntt)[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *mask,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_mask[5U];
+  memcpy(
+      copy_of_mask, mask,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 mask_ntt[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    mask_ntt[i] =
+        libcrux_ml_dsa_matrix_compute_A_times_mask_closure_fe(copy_of_mask[i]);
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, A_as_ntt,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *row = A_as_ntt[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)5U, row,
+                     libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+                 libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+          &row[j];
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 product =
+          libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(ring_element,
+                                                        &mask_ntt[j]);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+          libcrux_ml_dsa_polynomial_add_ff_ea(&result[i1], &product);
+      result[i1] = uu____1;
+    }
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ea(result[i1]);
+    result[i1] = uu____2;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.arithmetic.decompose
+with const generics
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE core_core_arch_x86___m256i_x2
+libcrux_ml_dsa_simd_avx2_arithmetic_decompose_80(__m256i r) {
+  __m256i r2 =
+      libcrux_ml_dsa_simd_avx2_arithmetic_to_unsigned_representatives(r);
+  __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
+      (LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2);
+  int32_t ALPHA = (int32_t)261888 * (int32_t)2;
+  __m256i ceil_of_r_by_128 = libcrux_intrinsics_avx2_mm256_add_epi32(
+      r2, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)127));
+  __m256i ceil_of_r_by_1280 = libcrux_intrinsics_avx2_mm256_srai_epi32(
+      (int32_t)7, ceil_of_r_by_128, __m256i);
+  __m256i r1;
+  switch (ALPHA) {
+    case 190464: {
+      __m256i result = libcrux_intrinsics_avx2_mm256_mullo_epi32(
+          ceil_of_r_by_1280,
+          libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)11275));
+      __m256i result0 = libcrux_intrinsics_avx2_mm256_add_epi32(
+          result, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << 23U));
+      __m256i result1 = libcrux_intrinsics_avx2_mm256_srai_epi32(
+          (int32_t)24, result0, __m256i);
+      __m256i mask = libcrux_intrinsics_avx2_mm256_sub_epi32(
+          libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)43), result1);
+      __m256i mask0 =
+          libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)31, mask, __m256i);
+      __m256i not_result =
+          libcrux_intrinsics_avx2_mm256_xor_si256(result1, mask0);
+      r1 = libcrux_intrinsics_avx2_mm256_and_si256(result1, not_result);
+      break;
+    }
+    case 523776: {
+      __m256i result = libcrux_intrinsics_avx2_mm256_mullo_epi32(
+          ceil_of_r_by_1280,
+          libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1025));
+      __m256i result0 = libcrux_intrinsics_avx2_mm256_add_epi32(
+          result, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << 21U));
+      __m256i result1 = libcrux_intrinsics_avx2_mm256_srai_epi32(
+          (int32_t)22, result0, __m256i);
+      r1 = libcrux_intrinsics_avx2_mm256_and_si256(
+          result1, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)15));
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                        "panic!");
+      KRML_HOST_EXIT(255U);
+    }
+  }
+  __m256i r0 = libcrux_intrinsics_avx2_mm256_mullo_epi32(
+      r1, libcrux_intrinsics_avx2_mm256_set1_epi32(ALPHA));
+  __m256i r00 = libcrux_intrinsics_avx2_mm256_sub_epi32(r2, r0);
+  __m256i mask =
+      libcrux_intrinsics_avx2_mm256_sub_epi32(field_modulus_halved, r00);
+  __m256i mask0 =
+      libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)31, mask, __m256i);
+  __m256i field_modulus_and_mask = libcrux_intrinsics_avx2_mm256_and_si256(
+      mask0, libcrux_intrinsics_avx2_mm256_set1_epi32(
+                 LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS));
+  __m256i r01 =
+      libcrux_intrinsics_avx2_mm256_sub_epi32(r00, field_modulus_and_mask);
+  return (CLITERAL(core_core_arch_x86___m256i_x2){.fst = r01, .snd = r1});
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.decompose_a2
+with const generics
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2
+libcrux_ml_dsa_simd_avx2_decompose_a2_80(__m256i simd_unit) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_arithmetic_decompose_80(simd_unit);
+  __m256i lower = uu____0.fst;
+  __m256i upper = uu____0.snd;
+  return (CLITERAL(libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2){
+      .fst = lower, .snd = upper});
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.decompose_vector
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
+    libcrux_ml_dsa_arithmetic_decompose_vector_fe(
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 vector_low[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    vector_low[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 vector_high[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    vector_high[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    for (size_t i = (size_t)0U;
+         i <
+         Eurydice_slice_len(Eurydice_array_to_slice(
+                                (size_t)32U, vector_low->simd_units, __m256i),
+                            __m256i);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x2 uu____0 =
+          libcrux_ml_dsa_simd_avx2_decompose_a2_80(t[i1].simd_units[j]);
+      __m256i low = uu____0.fst;
+      __m256i high = uu____0.snd;
+      vector_low[i1].simd_units[j] = low;
+      vector_high[i1].simd_units[j] = high;
+    }
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_vector_low[6U];
+  memcpy(
+      copy_of_vector_low, vector_low,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_vector_high[6U];
+  memcpy(
+      copy_of_vector_high, vector_high,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
+      lit;
+  memcpy(
+      lit.fst, copy_of_vector_low,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  memcpy(
+      lit.snd, copy_of_vector_high,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.commitment.serialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_commitment_serialize_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re,
+    Eurydice_slice serialized) {
+  size_t output_bytes_per_simd_unit =
+      Eurydice_slice_len(serialized, uint8_t) / ((size_t)8U * (size_t)4U);
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, re.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &re.simd_units[i0];
+    libcrux_ml_dsa_simd_avx2_commitment_serialize_a2(
+        simd_unit[0U],
+        Eurydice_slice_subslice2(serialized, i0 * output_bytes_per_simd_unit,
+                                 (i0 + (size_t)1U) * output_bytes_per_simd_unit,
+                                 uint8_t));
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.commitment.serialize_vector
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+- RING_ELEMENT_SIZE= 128
+- OUTPUT_SIZE= 768
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_commitment_serialize_vector_ef(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 vector[6U],
+    uint8_t ret[768U]) {
+  uint8_t serialized[768U] = {0U};
+  size_t offset = (size_t)0U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t _cloop_j = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+        &vector[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_commitment_serialize_ea(
+        uu____0, Eurydice_array_to_subslice2(serialized, offset,
+                                             offset + (size_t)128U, uint8_t));
+    offset = offset + (size_t)128U;
+  }
+  memcpy(ret, serialized, (size_t)768U * sizeof(uint8_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_challenge_ring_element
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake256 with const generics
+- NUMBER_OF_ONES= 49
+- SEED_SIZE= 48
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_sample_sample_challenge_ring_element_8a(uint8_t seed[48U]) {
+  libcrux_sha3_portable_KeccakState state =
+      libcrux_ml_dsa_hash_functions_simd256_init_absorb_final_d9(
+          Eurydice_array_to_slice((size_t)48U, seed, uint8_t));
+  uint8_t randomness0[136U];
+  libcrux_ml_dsa_hash_functions_simd256_squeeze_first_block_d9(&state,
+                                                               randomness0);
+  uint8_t ret[8U];
+  Result_15 dst;
+  Eurydice_slice_to_array2(
+      &dst,
+      Eurydice_array_to_subslice2(randomness0, (size_t)0U, (size_t)8U, uint8_t),
+      Eurydice_slice, uint8_t[8U]);
+  unwrap_26_68(dst, ret);
+  uint64_t signs = core_num__u64_9__from_le_bytes(ret);
+  int32_t result[256U] = {0U};
+  size_t out_index =
+      Eurydice_slice_len(Eurydice_array_to_slice((size_t)256U, result, int32_t),
+                         int32_t) -
+      (size_t)49U;
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
+      (size_t)136U, randomness0, (size_t)8U, uint8_t, size_t);
+  bool done = libcrux_ml_dsa_sample_inside_out_shuffle(uu____0, &out_index,
+                                                       &signs, result);
+  while (true) {
+    if (done) {
+      break;
+    } else {
+      uint8_t randomness[136U];
+      libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_d9(&state,
+                                                                  randomness);
+      done = libcrux_ml_dsa_sample_inside_out_shuffle(
+          Eurydice_array_to_slice((size_t)136U, randomness, uint8_t),
+          &out_index, &signs, result);
+    }
+  }
+  return libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+      Eurydice_array_to_slice((size_t)256U, result, int32_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.vector_times_ring_element
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_vector_times_ring_element_1f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *vector,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *vector_ring_element =
+        &vector[i0];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ea(
+            libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(vector_ring_element,
+                                                          ring_element));
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.vector_times_ring_element
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_vector_times_ring_element_a3(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *vector,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *vector_ring_element =
+        &vector[i0];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ea(
+            libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(vector_ring_element,
+                                                          ring_element));
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.add_vectors
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_add_vectors_1f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *rhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_polynomial_add_ff_ea(&lhs[i0], &rhs[i0]);
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.subtract_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_polynomial_subtract_ff_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *self,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *rhs) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 difference =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)32U, difference.simd_units, __m256i),
+                              __m256i);
+       i++) {
+    size_t i0 = i;
+    difference.simd_units[i0] = libcrux_ml_dsa_simd_avx2_subtract_a2(
+        &self->simd_units[i0], &rhs->simd_units[i0]);
+  }
+  return difference;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.subtract_vectors
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_subtract_vectors_a3(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *rhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_polynomial_subtract_ff_ea(&lhs[i0], &rhs[i0]);
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.infinity_norm_exceeds_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline bool libcrux_ml_dsa_polynomial_infinity_norm_exceeds_ff_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *self, int32_t bound) {
+  bool exceeds = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, self->simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    bool uu____0;
+    if (exceeds) {
+      uu____0 = true;
+    } else {
+      uu____0 = libcrux_ml_dsa_simd_avx2_infinity_norm_exceeds_a2(
+          self->simd_units[i0], bound);
+    }
+    exceeds = uu____0;
+  }
+  return exceeds;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.vector_infinity_norm_exceeds
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_1f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 vector[5U],
+    int32_t bound) {
+  bool exceeds = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t _cloop_j = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+        &vector[_cloop_j];
+    bool uu____0;
+    if (exceeds) {
+      uu____0 = true;
+    } else {
+      uu____0 = libcrux_ml_dsa_polynomial_infinity_norm_exceeds_ff_ea(
+          ring_element, bound);
+    }
+    exceeds = uu____0;
+  }
+  return exceeds;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.vector_infinity_norm_exceeds
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_a3(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 vector[6U],
+    int32_t bound) {
+  bool exceeds = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t _cloop_j = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+        &vector[_cloop_j];
+    bool uu____0;
+    if (exceeds) {
+      uu____0 = true;
+    } else {
+      uu____0 = libcrux_ml_dsa_polynomial_infinity_norm_exceeds_ff_ea(
+          ring_element, bound);
+    }
+    exceeds = uu____0;
+  }
+  return exceeds;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.add_vectors
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_add_vectors_a3(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *rhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_polynomial_add_ff_ea(&lhs[i0], &rhs[i0]);
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of K.
+with types size_t, libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+
+*/
+typedef struct tuple_25_s {
+  size_t fst;
+  __m256i snd;
+} tuple_25;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.arithmetic.compute_hint
+with const generics
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_bb
+libcrux_ml_dsa_simd_avx2_arithmetic_compute_hint_80(__m256i low, __m256i high) {
+  __m256i gamma2 = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)261888);
+  __m256i minus_gamma2 =
+      libcrux_intrinsics_avx2_mm256_set1_epi32(-(int32_t)261888);
+  __m256i low_within_bound = libcrux_intrinsics_avx2_mm256_cmpgt_epi32(
+      libcrux_intrinsics_avx2_mm256_abs_epi32(low), gamma2);
+  __m256i low_equals_minus_gamma2 =
+      libcrux_intrinsics_avx2_mm256_cmpeq_epi32(low, minus_gamma2);
+  __m256i low_equals_minus_gamma2_and_high_is_nonzero =
+      libcrux_intrinsics_avx2_mm256_sign_epi32(low_equals_minus_gamma2, high);
+  __m256i hints = libcrux_intrinsics_avx2_mm256_or_si256(
+      low_within_bound, low_equals_minus_gamma2_and_high_is_nonzero);
+  int32_t hints_mask = libcrux_intrinsics_avx2_mm256_movemask_ps(
+      libcrux_intrinsics_avx2_mm256_castsi256_ps(hints));
+  uint32_t uu____0 = core_num__i32_2__count_ones(hints_mask);
+  return (CLITERAL(tuple_bb){
+      .fst = (size_t)uu____0,
+      .snd = libcrux_intrinsics_avx2_mm256_and_si256(
+          hints, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1))});
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.compute_hint_a2
+with const generics
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_25
+libcrux_ml_dsa_simd_avx2_compute_hint_a2_80(__m256i low, __m256i high) {
+  tuple_bb uu____0 =
+      libcrux_ml_dsa_simd_avx2_arithmetic_compute_hint_80(low, high);
+  size_t count = uu____0.fst;
+  __m256i hint = uu____0.snd;
+  return (CLITERAL(tuple_25){.fst = count, .snd = hint});
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.to_i32_array_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_polynomial_to_i32_array_ff_ea(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *self,
+    int32_t ret[256U]) {
+  int32_t result[256U] = {0U};
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, self->simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &self->simd_units[i0];
+    Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+        result, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+        (i0 + (size_t)1U) *
+            LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+        int32_t);
+    int32_t ret0[8U];
+    libcrux_ml_dsa_simd_avx2_to_coefficient_array_a2(simd_unit, ret0);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret0, int32_t), int32_t);
+  }
+  memcpy(ret, result, (size_t)256U * sizeof(int32_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.make_hint
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_e6 libcrux_ml_dsa_arithmetic_make_hint_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 low[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 high[6U]) {
+  int32_t hint[6U][256U] = {{0U}};
+  size_t true_hints = (size_t)0U;
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 hint_simd =
+        libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                    (size_t)32U, hint_simd.simd_units, __m256i),
+                                __m256i);
+         i++) {
+      size_t j = i;
+      tuple_25 uu____0 = libcrux_ml_dsa_simd_avx2_compute_hint_a2_80(
+          low[i1].simd_units[j], high[i1].simd_units[j]);
+      size_t one_hints_count = uu____0.fst;
+      __m256i current_hint = uu____0.snd;
+      hint_simd.simd_units[j] = current_hint;
+      true_hints = true_hints + one_hints_count;
+    }
+    int32_t uu____1[256U];
+    libcrux_ml_dsa_polynomial_to_i32_array_ff_ea(&hint_simd, uu____1);
+    memcpy(hint[i1], uu____1, (size_t)256U * sizeof(int32_t));
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  int32_t copy_of_hint[6U][256U];
+  memcpy(copy_of_hint, hint, (size_t)6U * sizeof(int32_t[256U]));
+  tuple_e6 lit;
+  memcpy(lit.fst, copy_of_hint, (size_t)6U * sizeof(int32_t[256U]));
+  lit.snd = true_hints;
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.signature.Signature
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- $48size_t
+- $5size_t
+- $6size_t
+*/
+typedef struct libcrux_ml_dsa_encoding_signature_Signature_ca_s {
+  uint8_t commitment_hash[48U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 signer_response[5U];
+  int32_t hint[6U][256U];
+} libcrux_ml_dsa_encoding_signature_Signature_ca;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.encoding.gamma1.serialize
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_avx2_encoding_gamma1_serialize_36(
+    __m256i simd_unit, Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_avx2_encoding_gamma1_serialize_when_gamma1_is_2_pow_19(
+      simd_unit, serialized);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.gamma1_serialize_a2
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_gamma1_serialize_a2_36(
+    __m256i simd_unit, Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_avx2_encoding_gamma1_serialize_36(simd_unit, serialized);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.gamma1.serialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_gamma1_serialize_05(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, re.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &re.simd_units[i0];
+    libcrux_ml_dsa_simd_avx2_gamma1_serialize_a2_36(
+        simd_unit[0U],
+        Eurydice_slice_subslice2(serialized, i0 * ((size_t)19U + (size_t)1U),
+                                 (i0 + (size_t)1U) * ((size_t)19U + (size_t)1U),
+                                 uint8_t));
+  }
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::encoding::signature::Signature<SIMDUnit, COMMITMENT_HASH_SIZE,
+COLUMNS_IN_A, ROWS_IN_A>[TraitClause@0, TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.signature.serialize_92
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- COMMITMENT_HASH_SIZE= 48
+- COLUMNS_IN_A= 5
+- ROWS_IN_A= 6
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- MAX_ONES_IN_HINT= 55
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_signature_serialize_92_cc(
+    libcrux_ml_dsa_encoding_signature_Signature_ca *self, uint8_t ret[3309U]) {
+  uint8_t signature[3309U] = {0U};
+  size_t offset = (size_t)0U;
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+      signature, offset, offset + (size_t)48U, uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_slice((size_t)48U, self->commitment_hash, uint8_t),
+      uint8_t);
+  offset = offset + (size_t)48U;
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+        self->signer_response[i0];
+    libcrux_ml_dsa_encoding_gamma1_serialize_05(
+        uu____1, Eurydice_array_to_subslice2(signature, offset,
+                                             offset + (size_t)640U, uint8_t));
+    offset = offset + (size_t)640U;
+  }
+  size_t true_hints_seen = (size_t)0U;
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice((size_t)256U, self->hint[i1], int32_t),
+                 int32_t);
+         i++) {
+      size_t j = i;
+      if (self->hint[i1][j] == (int32_t)1) {
+        signature[offset + true_hints_seen] = (uint8_t)j;
+        true_hints_seen++;
+      }
+    }
+    signature[offset + (size_t)55U + i1] = (uint8_t)true_hints_seen;
+  }
+  memcpy(ret, signature, (size_t)3309U * sizeof(uint8_t));
+}
+
+/**
+ The internal signing API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+    uint8_t *signing_key, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t randomness[32U]) {
+  tuple_f00 uu____0 =
+      libcrux_ml_dsa_encoding_signing_key_deserialize_then_ntt_b6(signing_key);
+  uint8_t seed_for_A[32U];
+  memcpy(seed_for_A, uu____0.fst, (size_t)32U * sizeof(uint8_t));
+  uint8_t seed_for_signing[32U];
+  memcpy(seed_for_signing, uu____0.snd, (size_t)32U * sizeof(uint8_t));
+  uint8_t verification_key_hash[64U];
+  memcpy(verification_key_hash, uu____0.thd, (size_t)64U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1_as_ntt[5U];
+  memcpy(
+      s1_as_ntt, uu____0.f3,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2_as_ntt[6U];
+  memcpy(
+      s2_as_ntt, uu____0.f4,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t0_as_ntt[6U];
+  memcpy(
+      t0_as_ntt, uu____0.f5,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A_as_ntt[6U][5U];
+  uint8_t ret[34U];
+  libcrux_ml_dsa_utils_into_padded_array_b6(
+      Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
+  libcrux_ml_dsa_samplex4_matrix_A_fe(ret, A_as_ntt);
+  uint8_t message_representative[64U] = {0U};
+  uint8_t uu____1[64U];
+  memcpy(uu____1, verification_key_hash, (size_t)64U * sizeof(uint8_t));
+  libcrux_ml_dsa_ml_dsa_generic_derive_message_representative_7b(
+      uu____1, domain_separation_context, message, message_representative);
+  uint8_t mask_seed[64U] = {0U};
+  libcrux_sha3_portable_incremental_Shake256Xof shake0 =
+      libcrux_ml_dsa_hash_functions_portable_init_83();
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake0, Eurydice_array_to_slice((size_t)32U, seed_for_signing, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake0, Eurydice_array_to_slice((size_t)32U, randomness, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+      &shake0,
+      Eurydice_array_to_slice((size_t)64U, message_representative, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+      &shake0, Eurydice_array_to_slice((size_t)64U, mask_seed, uint8_t));
+  uint16_t domain_separator_for_mask = 0U;
+  int32_t BETA = (int32_t)((size_t)49U * (size_t)4U);
+  size_t attempt = (size_t)0U;
+  Option_67 commitment_hash0 = {.tag = None};
+  Option_a4 signer_response0 = {.tag = None};
+  Option_f0 hint0 = {.tag = None};
+  while (true) {
+    if (attempt < LIBCRUX_ML_DSA_CONSTANTS_REJECTION_SAMPLE_BOUND_SIGN) {
+      attempt++;
+      uint8_t uu____2[66U];
+      libcrux_ml_dsa_utils_into_padded_array_20(
+          Eurydice_array_to_slice((size_t)64U, mask_seed, uint8_t), uu____2);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 mask[5U];
+      libcrux_ml_dsa_sample_sample_mask_vector_51(
+          uu____2, &domain_separator_for_mask, mask);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A_times_mask[6U];
+      libcrux_ml_dsa_matrix_compute_A_times_mask_fe(A_as_ntt, mask,
+                                                    A_times_mask);
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          copy_of_A_times_mask[6U];
+      memcpy(copy_of_A_times_mask, A_times_mask,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_6size_t__x2
+          uu____4 = libcrux_ml_dsa_arithmetic_decompose_vector_fe(
+              copy_of_A_times_mask);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 w0[6U];
+      memcpy(w0, uu____4.fst,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 commitment[6U];
+      memcpy(commitment, uu____4.snd,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      uint8_t commitment_hash_candidate[48U] = {0U};
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          copy_of_commitment0[6U];
+      memcpy(copy_of_commitment0, commitment,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      uint8_t commitment_serialized[768U];
+      libcrux_ml_dsa_encoding_commitment_serialize_vector_ef(
+          copy_of_commitment0, commitment_serialized);
+      libcrux_sha3_portable_incremental_Shake256Xof shake =
+          libcrux_ml_dsa_hash_functions_portable_init_83();
+      libcrux_ml_dsa_hash_functions_portable_absorb_83(
+          &shake, Eurydice_array_to_slice((size_t)64U, message_representative,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+          &shake, Eurydice_array_to_slice((size_t)768U, commitment_serialized,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+          &shake, Eurydice_array_to_slice((size_t)48U,
+                                          commitment_hash_candidate, uint8_t));
+      /* Passing arrays by value in Rust generates a copy in C */
+      uint8_t copy_of_commitment_hash_candidate[48U];
+      memcpy(copy_of_commitment_hash_candidate, commitment_hash_candidate,
+             (size_t)48U * sizeof(uint8_t));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          verifier_challenge_as_ntt = libcrux_ml_dsa_ntt_ntt_ea(
+              libcrux_ml_dsa_sample_sample_challenge_ring_element_8a(
+                  copy_of_commitment_hash_candidate));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 challenge_times_s1[5U];
+      libcrux_ml_dsa_matrix_vector_times_ring_element_1f(
+          s1_as_ntt, &verifier_challenge_as_ntt, challenge_times_s1);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 challenge_times_s2[6U];
+      libcrux_ml_dsa_matrix_vector_times_ring_element_a3(
+          s2_as_ntt, &verifier_challenge_as_ntt, challenge_times_s2);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          signer_response_candidate[5U];
+      libcrux_ml_dsa_matrix_add_vectors_1f(mask, challenge_times_s1,
+                                           signer_response_candidate);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          w0_minus_challenge_times_s2[6U];
+      libcrux_ml_dsa_matrix_subtract_vectors_a3(w0, challenge_times_s2,
+                                                w0_minus_challenge_times_s2);
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          copy_of_signer_response_candidate[5U];
+      memcpy(copy_of_signer_response_candidate, signer_response_candidate,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      if (!libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_1f(
+              copy_of_signer_response_candidate,
+              ((int32_t)1 << (uint32_t)(size_t)19U) - BETA)) {
+        /* Passing arrays by value in Rust generates a copy in C */
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+            copy_of_w0_minus_challenge_times_s2[6U];
+        memcpy(copy_of_w0_minus_challenge_times_s2, w0_minus_challenge_times_s2,
+               (size_t)6U *
+                   sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+        if (!libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_a3(
+                copy_of_w0_minus_challenge_times_s2, (int32_t)261888 - BETA)) {
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+              challenge_times_t0[6U];
+          libcrux_ml_dsa_matrix_vector_times_ring_element_a3(
+              t0_as_ntt, &verifier_challenge_as_ntt, challenge_times_t0);
+          /* Passing arrays by value in Rust generates a copy in C */
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+              copy_of_challenge_times_t0[6U];
+          memcpy(
+              copy_of_challenge_times_t0, challenge_times_t0,
+              (size_t)6U *
+                  sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+          if (!libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_a3(
+                  copy_of_challenge_times_t0, (int32_t)261888)) {
+            libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+                w0_minus_c_times_s2_plus_c_times_t0[6U];
+            libcrux_ml_dsa_matrix_add_vectors_a3(
+                w0_minus_challenge_times_s2, challenge_times_t0,
+                w0_minus_c_times_s2_plus_c_times_t0);
+            /* Passing arrays by value in Rust generates a copy in C */
+            libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+                copy_of_w0_minus_c_times_s2_plus_c_times_t0[6U];
+            memcpy(
+                copy_of_w0_minus_c_times_s2_plus_c_times_t0,
+                w0_minus_c_times_s2_plus_c_times_t0,
+                (size_t)6U *
+                    sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+            /* Passing arrays by value in Rust generates a copy in C */
+            libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+                copy_of_commitment[6U];
+            memcpy(
+                copy_of_commitment, commitment,
+                (size_t)6U *
+                    sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+            tuple_e6 uu____12 = libcrux_ml_dsa_arithmetic_make_hint_fe(
+                copy_of_w0_minus_c_times_s2_plus_c_times_t0,
+                copy_of_commitment);
+            int32_t hint_candidate[6U][256U];
+            memcpy(hint_candidate, uu____12.fst,
+                   (size_t)6U * sizeof(int32_t[256U]));
+            size_t ones_in_hint = uu____12.snd;
+            if (!(ones_in_hint > (size_t)55U)) {
+              attempt = LIBCRUX_ML_DSA_CONSTANTS_REJECTION_SAMPLE_BOUND_SIGN;
+              /* Passing arrays by value in Rust generates a copy in C */
+              uint8_t copy_of_commitment_hash_candidate0[48U];
+              memcpy(copy_of_commitment_hash_candidate0,
+                     commitment_hash_candidate, (size_t)48U * sizeof(uint8_t));
+              Option_67 lit0;
+              lit0.tag = Some;
+              memcpy(lit0.f0, copy_of_commitment_hash_candidate0,
+                     (size_t)48U * sizeof(uint8_t));
+              commitment_hash0 = lit0;
+              /* Passing arrays by value in Rust generates a copy in C */
+              libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+                  copy_of_signer_response_candidate0[5U];
+              memcpy(
+                  copy_of_signer_response_candidate0, signer_response_candidate,
+                  (size_t)5U *
+                      sizeof(
+                          libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+              Option_a4 lit1;
+              lit1.tag = Some;
+              memcpy(
+                  lit1.f0, copy_of_signer_response_candidate0,
+                  (size_t)5U *
+                      sizeof(
+                          libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+              signer_response0 = lit1;
+              /* Passing arrays by value in Rust generates a copy in C */
+              int32_t copy_of_hint_candidate[6U][256U];
+              memcpy(copy_of_hint_candidate, hint_candidate,
+                     (size_t)6U * sizeof(int32_t[256U]));
+              Option_f0 lit;
+              lit.tag = Some;
+              memcpy(lit.f0, copy_of_hint_candidate,
+                     (size_t)6U * sizeof(int32_t[256U]));
+              hint0 = lit;
+            }
+          }
+        }
+      }
+    } else {
+      break;
+    }
+  }
+  Result_2e uu____16;
+  if (commitment_hash0.tag == None) {
+    uu____16 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_RejectionSamplingError}});
+  } else {
+    uint8_t commitment_hash1[48U];
+    memcpy(commitment_hash1, commitment_hash0.f0,
+           (size_t)48U * sizeof(uint8_t));
+    uint8_t commitment_hash[48U];
+    memcpy(commitment_hash, commitment_hash1, (size_t)48U * sizeof(uint8_t));
+    if (signer_response0.tag == None) {
+      uu____16 = (CLITERAL(Result_2e){
+          .tag = Err,
+          .val = {.case_Err = libcrux_ml_dsa_types_RejectionSamplingError}});
+    } else {
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 signer_response1[5U];
+      memcpy(signer_response1, signer_response0.f0,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 signer_response[5U];
+      memcpy(signer_response, signer_response1,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      if (hint0.tag == None) {
+        uu____16 = (CLITERAL(Result_2e){
+            .tag = Err,
+            .val = {.case_Err = libcrux_ml_dsa_types_RejectionSamplingError}});
+      } else {
+        int32_t hint1[6U][256U];
+        memcpy(hint1, hint0.f0, (size_t)6U * sizeof(int32_t[256U]));
+        int32_t hint[6U][256U];
+        memcpy(hint, hint1, (size_t)6U * sizeof(int32_t[256U]));
+        /* Passing arrays by value in Rust generates a copy in C */
+        uint8_t copy_of_commitment_hash[48U];
+        memcpy(copy_of_commitment_hash, commitment_hash,
+               (size_t)48U * sizeof(uint8_t));
+        /* Passing arrays by value in Rust generates a copy in C */
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+            copy_of_signer_response[5U];
+        memcpy(copy_of_signer_response, signer_response,
+               (size_t)5U *
+                   sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+        /* Passing arrays by value in Rust generates a copy in C */
+        int32_t copy_of_hint[6U][256U];
+        memcpy(copy_of_hint, hint, (size_t)6U * sizeof(int32_t[256U]));
+        uint8_t signature[3309U];
+        libcrux_ml_dsa_encoding_signature_Signature_ca lit0;
+        memcpy(lit0.commitment_hash, copy_of_commitment_hash,
+               (size_t)48U * sizeof(uint8_t));
+        memcpy(lit0.signer_response, copy_of_signer_response,
+               (size_t)5U *
+                   sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+        memcpy(lit0.hint, copy_of_hint, (size_t)6U * sizeof(int32_t[256U]));
+        libcrux_ml_dsa_encoding_signature_serialize_92_cc(&lit0, signature);
+        /* Passing arrays by value in Rust generates a copy in C */
+        uint8_t copy_of_signature[3309U];
+        memcpy(copy_of_signature, signature, (size_t)3309U * sizeof(uint8_t));
+        Result_2e lit;
+        lit.tag = Ok;
+        lit.val.case_Ok = libcrux_ml_dsa_types_new_8f_fa(copy_of_signature);
+        uu____16 = lit;
+        return uu____16;
+      }
+    }
+  }
+  return uu____16;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_30){.tag = None}));
+  Result_2e uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        dsc;
+    uint8_t *uu____2 = signing_key;
+    Eurydice_slice uu____3 = message;
+    Option_84 uu____4 = {.tag = Some, .f0 = domain_separation_context};
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_randomness[32U];
+    memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+        uu____2, uu____3, uu____4, copy_of_randomness);
+  } else {
+    uu____1 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+  }
+  return uu____1;
 }
 
 /**
@@ -5096,10 +7458,42 @@ libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(uint8_t *signing_key,
                                                  Eurydice_slice message,
                                                  Eurydice_slice context,
                                                  uint8_t randomness[32U]) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Failure(\"expression_of_operand Constant: "
-                    "TraitClause@13OID\")\n");
-  KRML_HOST_EXIT(255U);
+  Result_2e uu____0;
+  if (Eurydice_slice_len(context, uint8_t) >
+      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
+    uu____0 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+  } else {
+    uint8_t pre_hashed_message[256U];
+    libcrux_ml_dsa_pre_hash_hash_bd_54(message, pre_hashed_message);
+    Eurydice_slice uu____1 = context;
+    Option_30 lit;
+    lit.tag = Some;
+    uint8_t ret[11U];
+    libcrux_ml_dsa_pre_hash_oid_bd(ret);
+    memcpy(lit.f0, ret, (size_t)11U * sizeof(uint8_t));
+    Result_a8 uu____2 = libcrux_ml_dsa_pre_hash_new_45(uu____1, lit);
+    if (uu____2.tag == Ok) {
+      libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____2.val.case_Ok;
+      libcrux_ml_dsa_pre_hash_DomainSeparationContext
+          domain_separation_context = dsc;
+      uint8_t *uu____3 = signing_key;
+      Eurydice_slice uu____4 =
+          Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t);
+      Option_84 uu____5 = {.tag = Some, .f0 = domain_separation_context};
+      /* Passing arrays by value in Rust generates a copy in C */
+      uint8_t copy_of_randomness[32U];
+      memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+      uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+          uu____3, uu____4, uu____5, copy_of_randomness);
+    } else {
+      uu____0 = (CLITERAL(Result_2e){
+          .tag = Err,
+          .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+    }
+  }
+  return uu____0;
 }
 
 /**
@@ -5197,6 +7591,709 @@ static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign_pre_hashed_shake128(
       uu____0, uu____1, uu____2, copy_of_randomness);
 }
 
+/**
+A monomorphic instance of K.
+with types uint8_t[32size_t], libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[6size_t]
+
+*/
+typedef struct tuple_930_s {
+  uint8_t fst[32U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd[6U];
+} tuple_930;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t1.deserialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_encoding_t1_deserialize_ea(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *result) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)32U, result->simd_units, __m256i),
+                              __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i uu____0 = libcrux_ml_dsa_simd_avx2_t1_deserialize_a2(
+        Eurydice_slice_subslice2(serialized, i0 * (size_t)10U,
+                                 (i0 + (size_t)1U) * (size_t)10U, uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.verification_key.deserialize
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- VERIFICATION_KEY_SIZE= 1952
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE tuple_930
+libcrux_ml_dsa_encoding_verification_key_deserialize_fe(uint8_t *serialized) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    t1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)1952U, serialized, uint8_t),
+      LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_A = uu____0.fst;
+  Eurydice_slice serialized_remaining = uu____0.snd;
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_encoding_t1_deserialize_ea(
+        Eurydice_slice_subslice2(
+            serialized_remaining,
+            i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE,
+            uint8_t),
+        &t1[i0]);
+  }
+  uint8_t uu____1[32U];
+  Result_fb dst;
+  Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
+  unwrap_26_b3(dst, uu____1);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t1[6U];
+  memcpy(
+      copy_of_t1, t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  tuple_930 lit;
+  memcpy(lit.fst, uu____1, (size_t)32U * sizeof(uint8_t));
+  memcpy(
+      lit.snd, copy_of_t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  return lit;
+}
+
+/**
+A monomorphic instance of core.result.Result
+with types libcrux_ml_dsa_encoding_signature_Signature
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[[$6size_t]][[$5size_t]][[$48size_t]],
+libcrux_ml_dsa_types_VerificationError
+
+*/
+typedef struct Result_ef0_s {
+  Result_a9_tags tag;
+  union {
+    libcrux_ml_dsa_encoding_signature_Signature_ca case_Ok;
+    libcrux_ml_dsa_types_VerificationError case_Err;
+  } val;
+} Result_ef0;
+
+/**
+This function found in impl
+{libcrux_ml_dsa::encoding::signature::Signature<SIMDUnit, COMMITMENT_HASH_SIZE,
+COLUMNS_IN_A, ROWS_IN_A>[TraitClause@0, TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.signature.deserialize_92
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- COMMITMENT_HASH_SIZE= 48
+- COLUMNS_IN_A= 5
+- ROWS_IN_A= 6
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- MAX_ONES_IN_HINT= 55
+- SIGNATURE_SIZE= 3309
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_ef0
+libcrux_ml_dsa_encoding_signature_deserialize_92_cc(uint8_t *serialized) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)3309U, serialized, uint8_t), (size_t)48U,
+      uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice commitment_hash = uu____0.fst;
+  Eurydice_slice rest_of_serialized = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 =
+      Eurydice_slice_split_at(rest_of_serialized, (size_t)640U * (size_t)5U,
+                              uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice signer_response_serialized = uu____1.fst;
+  Eurydice_slice hint_serialized = uu____1.snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 signer_response[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    signer_response[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_encoding_gamma1_deserialize_05(
+        Eurydice_slice_subslice2(signer_response_serialized, i0 * (size_t)640U,
+                                 (i0 + (size_t)1U) * (size_t)640U, uint8_t),
+        &signer_response[i0]);
+  }
+  int32_t hint[6U][256U] = {{0U}};
+  size_t previous_true_hints_seen = (size_t)0U;
+  size_t i = (size_t)0U;
+  bool malformed_hint = false;
+  while (true) {
+    if (i < (size_t)6U) {
+      if (malformed_hint) {
+        break;
+      } else {
+        size_t current_true_hints_seen = (size_t)Eurydice_slice_index(
+            hint_serialized, (size_t)55U + i, uint8_t, uint8_t *);
+        size_t j;
+        bool uu____2;
+        bool uu____3;
+        size_t uu____4;
+        size_t uu____5;
+        bool uu____6;
+        size_t uu____7;
+        size_t uu____8;
+        bool uu____9;
+        uint8_t uu____10;
+        size_t uu____11;
+        uint8_t uu____12;
+        size_t uu____13;
+        size_t uu____14;
+        bool uu____15;
+        size_t uu____16;
+        size_t uu____17;
+        uint8_t uu____18;
+        size_t uu____19;
+        bool uu____20;
+        size_t uu____21;
+        if (!(current_true_hints_seen < previous_true_hints_seen)) {
+          if (!(previous_true_hints_seen > (size_t)55U)) {
+            j = previous_true_hints_seen;
+            while (true) {
+              uu____2 = malformed_hint;
+              if (uu____2) {
+                break;
+              } else {
+                uu____4 = j;
+                uu____5 = current_true_hints_seen;
+                uu____3 = uu____4 < uu____5;
+                if (uu____3) {
+                  uu____7 = j;
+                  uu____8 = previous_true_hints_seen;
+                  uu____6 = uu____7 > uu____8;
+                  if (uu____6) {
+                    uu____11 = j;
+                    uu____10 = Eurydice_slice_index(hint_serialized, uu____11,
+                                                    uint8_t, uint8_t *);
+                    uu____14 = j;
+                    uu____13 = uu____14 - (size_t)1U;
+                    uu____12 = Eurydice_slice_index(hint_serialized, uu____13,
+                                                    uint8_t, uint8_t *);
+                    uu____9 = uu____10 <= uu____12;
+                    if (uu____9) {
+                      malformed_hint = true;
+                      uu____15 = malformed_hint;
+                      if (!uu____15) {
+                        uu____16 = i;
+                        uu____19 = j;
+                        uu____18 = Eurydice_slice_index(
+                            hint_serialized, uu____19, uint8_t, uint8_t *);
+                        uu____17 = (size_t)uu____18;
+                        hint[uu____16][uu____17] = (int32_t)1;
+                        j++;
+                      }
+                      continue;
+                    }
+                  }
+                  uu____15 = malformed_hint;
+                  if (!uu____15) {
+                    uu____16 = i;
+                    uu____19 = j;
+                    uu____18 = Eurydice_slice_index(hint_serialized, uu____19,
+                                                    uint8_t, uint8_t *);
+                    uu____17 = (size_t)uu____18;
+                    hint[uu____16][uu____17] = (int32_t)1;
+                    j++;
+                  }
+                } else {
+                  break;
+                }
+              }
+            }
+            uu____20 = malformed_hint;
+            if (!uu____20) {
+              uu____21 = current_true_hints_seen;
+              previous_true_hints_seen = uu____21;
+              i++;
+            }
+            continue;
+          }
+        }
+        malformed_hint = true;
+        j = previous_true_hints_seen;
+        while (true) {
+          uu____2 = malformed_hint;
+          if (uu____2) {
+            break;
+          } else {
+            uu____4 = j;
+            uu____5 = current_true_hints_seen;
+            uu____3 = uu____4 < uu____5;
+            if (uu____3) {
+              uu____7 = j;
+              uu____8 = previous_true_hints_seen;
+              uu____6 = uu____7 > uu____8;
+              if (uu____6) {
+                uu____11 = j;
+                uu____10 = Eurydice_slice_index(hint_serialized, uu____11,
+                                                uint8_t, uint8_t *);
+                uu____14 = j;
+                uu____13 = uu____14 - (size_t)1U;
+                uu____12 = Eurydice_slice_index(hint_serialized, uu____13,
+                                                uint8_t, uint8_t *);
+                uu____9 = uu____10 <= uu____12;
+                if (uu____9) {
+                  malformed_hint = true;
+                  uu____15 = malformed_hint;
+                  if (!uu____15) {
+                    uu____16 = i;
+                    uu____19 = j;
+                    uu____18 = Eurydice_slice_index(hint_serialized, uu____19,
+                                                    uint8_t, uint8_t *);
+                    uu____17 = (size_t)uu____18;
+                    hint[uu____16][uu____17] = (int32_t)1;
+                    j++;
+                  }
+                  continue;
+                }
+              }
+              uu____15 = malformed_hint;
+              if (!uu____15) {
+                uu____16 = i;
+                uu____19 = j;
+                uu____18 = Eurydice_slice_index(hint_serialized, uu____19,
+                                                uint8_t, uint8_t *);
+                uu____17 = (size_t)uu____18;
+                hint[uu____16][uu____17] = (int32_t)1;
+                j++;
+              }
+            } else {
+              break;
+            }
+          }
+        }
+        uu____20 = malformed_hint;
+        if (!uu____20) {
+          uu____21 = current_true_hints_seen;
+          previous_true_hints_seen = uu____21;
+          i++;
+        }
+      }
+    } else {
+      break;
+    }
+  }
+  i = previous_true_hints_seen;
+  while (true) {
+    if (i < (size_t)55U) {
+      if (malformed_hint) {
+        break;
+      } else {
+        if (Eurydice_slice_index(hint_serialized, i, uint8_t, uint8_t *) !=
+            0U) {
+          malformed_hint = true;
+        }
+        i++;
+      }
+    } else {
+      break;
+    }
+  }
+  Result_ef0 uu____22;
+  if (malformed_hint) {
+    uu____22 = (CLITERAL(Result_ef0){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_MalformedHintError}});
+  } else {
+    uint8_t uu____23[48U];
+    Result_ae dst;
+    Eurydice_slice_to_array2(&dst, commitment_hash, Eurydice_slice,
+                             uint8_t[48U]);
+    unwrap_26_28(dst, uu____23);
+    /* Passing arrays by value in Rust generates a copy in C */
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+        copy_of_signer_response[5U];
+    memcpy(copy_of_signer_response, signer_response,
+           (size_t)5U *
+               sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+    /* Passing arrays by value in Rust generates a copy in C */
+    int32_t copy_of_hint[6U][256U];
+    memcpy(copy_of_hint, hint, (size_t)6U * sizeof(int32_t[256U]));
+    Result_ef0 lit;
+    lit.tag = Ok;
+    memcpy(lit.val.case_Ok.commitment_hash, uu____23,
+           (size_t)48U * sizeof(uint8_t));
+    memcpy(lit.val.case_Ok.signer_response, copy_of_signer_response,
+           (size_t)5U *
+               sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+    memcpy(lit.val.case_Ok.hint, copy_of_hint,
+           (size_t)6U * sizeof(int32_t[256U]));
+    uu____22 = lit;
+  }
+  return uu____22;
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.avx2.arithmetic.shift_left_then_reduce with const generics
+- SHIFT_BY= 13
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_shift_left_then_reduce_84(
+    __m256i simd_unit) {
+  __m256i shifted =
+      libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)13, simd_unit, __m256i);
+  __m256i quotient = libcrux_intrinsics_avx2_mm256_add_epi32(
+      shifted, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 << 22U));
+  __m256i quotient0 =
+      libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)23, quotient, __m256i);
+  __m256i quotient_times_field_modulus =
+      libcrux_intrinsics_avx2_mm256_mullo_epi32(
+          quotient0, libcrux_intrinsics_avx2_mm256_set1_epi32(
+                         LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS));
+  return libcrux_intrinsics_avx2_mm256_sub_epi32(shifted,
+                                                 quotient_times_field_modulus);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.shift_left_then_reduce_a2
+with const generics
+- SHIFT_BY= 13
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_shift_left_then_reduce_a2_84(__m256i simd_unit) {
+  return libcrux_ml_dsa_simd_avx2_arithmetic_shift_left_then_reduce_84(
+      simd_unit);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.shift_left_then_reduce
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- SHIFT_BY= 13
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_arithmetic_shift_left_then_reduce_68(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 out =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)32U, re.simd_units, __m256i),
+               __m256i);
+       i++) {
+    size_t i0 = i;
+    __m256i *simd_unit = &re.simd_units[i0];
+    out.simd_units[i0] =
+        libcrux_ml_dsa_simd_avx2_shift_left_then_reduce_a2_84(simd_unit[0U]);
+  }
+  return out;
+}
+
+/**
+ Compute InvertNTT(Â ◦ ẑ - ĉ ◦ NTT(t₁2ᵈ))
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_w_approx
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_w_approx_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*A_as_ntt)[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 signer_response[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+        verifier_challenge_as_ntt,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, signer_response,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ea(signer_response[i0]);
+    signer_response[i0] = uu____0;
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, A_as_ntt,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *row = A_as_ntt[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)5U, row,
+                     libcrux_ml_dsa_polynomial_PolynomialRingElement_24),
+                 libcrux_ml_dsa_polynomial_PolynomialRingElement_24);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 *ring_element =
+          &row[j];
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 product =
+          libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(ring_element,
+                                                        &signer_response[j]);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+          libcrux_ml_dsa_polynomial_add_ff_ea(&result[i1], &product);
+      result[i1] = uu____1;
+    }
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1_shifted =
+        libcrux_ml_dsa_arithmetic_shift_left_then_reduce_68(t1[i1]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1_shifted0 =
+        libcrux_ml_dsa_ntt_ntt_ea(t1_shifted);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+        challenge_times_t1_shifted =
+            libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ea(
+                &verifier_challenge_as_ntt, &t1_shifted0);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ea(
+            libcrux_ml_dsa_polynomial_subtract_ff_ea(
+                &result[i1], &challenge_times_t1_shifted));
+    result[i1] = uu____2;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.arithmetic.use_hint
+with const generics
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_arithmetic_use_hint_80(__m256i r, __m256i hint) {
+  core_core_arch_x86___m256i_x2 uu____0 =
+      libcrux_ml_dsa_simd_avx2_arithmetic_decompose_80(r);
+  __m256i r0 = uu____0.fst;
+  __m256i r1 = uu____0.snd;
+  __m256i all_zeros = libcrux_intrinsics_avx2_mm256_setzero_si256();
+  __m256i negate_hints =
+      libcrux_intrinsics_avx2_vec256_blendv_epi32(all_zeros, hint, r0);
+  __m256i negate_hints0 = libcrux_intrinsics_avx2_mm256_slli_epi32(
+      (int32_t)1, negate_hints, __m256i);
+  __m256i hints = libcrux_intrinsics_avx2_mm256_sub_epi32(hint, negate_hints0);
+  __m256i r1_plus_hints = libcrux_intrinsics_avx2_mm256_add_epi32(r1, hints);
+  return libcrux_intrinsics_avx2_mm256_and_si256(
+      r1_plus_hints, libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)15));
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::avx2::vector_type::AVX2SIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.avx2.use_hint_a2
+with const generics
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_dsa_simd_avx2_use_hint_a2_80(__m256i simd_unit, __m256i hint) {
+  return libcrux_ml_dsa_simd_avx2_arithmetic_use_hint_80(simd_unit, hint);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.use_hint
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- DIMENSION= 6
+- GAMMA2= 261888
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_arithmetic_use_hint_fe(
+    int32_t hint[6U][256U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 re_vector[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  }
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 hint_simd =
+        libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
+            Eurydice_array_to_slice((size_t)256U, hint[i1], int32_t));
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                    (size_t)32U, result->simd_units, __m256i),
+                                __m256i);
+         i++) {
+      size_t j = i;
+      __m256i uu____0 = libcrux_ml_dsa_simd_avx2_use_hint_a2_80(
+          re_vector[i1].simd_units[j], hint_simd.simd_units[j]);
+      result[i1].simd_units[j] = uu____0;
+    }
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+}
+
+/**
+ The internal verification API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
+libcrux_ml_dsa_hash_functions_simd256_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE Result_41
+libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t *signature_serialized) {
+  tuple_930 uu____0 = libcrux_ml_dsa_encoding_verification_key_deserialize_fe(
+      verification_key_serialized);
+  uint8_t seed_for_A[32U];
+  memcpy(seed_for_A, uu____0.fst, (size_t)32U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 t1[6U];
+  memcpy(
+      t1, uu____0.snd,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+  Result_ef0 uu____1 =
+      libcrux_ml_dsa_encoding_signature_deserialize_92_cc(signature_serialized);
+  Result_41 uu____2;
+  if (uu____1.tag == Ok) {
+    libcrux_ml_dsa_encoding_signature_Signature_ca s = uu____1.val.case_Ok;
+    libcrux_ml_dsa_encoding_signature_Signature_ca signature = s;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____3[5U];
+    memcpy(uu____3, signature.signer_response,
+           (size_t)5U *
+               sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+    if (libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_1f(
+            uu____3, ((int32_t)2 << (uint32_t)(size_t)19U) - (int32_t)196)) {
+      uu____2 = (CLITERAL(Result_41){
+          .tag = Err,
+          .f0 = libcrux_ml_dsa_types_SignerResponseExceedsBoundError});
+    } else {
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A_as_ntt[6U][5U];
+      uint8_t ret[34U];
+      libcrux_ml_dsa_utils_into_padded_array_b6(
+          Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
+      libcrux_ml_dsa_samplex4_matrix_A_fe(ret, A_as_ntt);
+      uint8_t verification_key_hash[64U] = {0U};
+      libcrux_ml_dsa_hash_functions_simd256_shake256_d9_24(
+          Eurydice_array_to_slice((size_t)1952U, verification_key_serialized,
+                                  uint8_t),
+          verification_key_hash);
+      uint8_t message_representative[64U] = {0U};
+      uint8_t uu____4[64U];
+      memcpy(uu____4, verification_key_hash, (size_t)64U * sizeof(uint8_t));
+      libcrux_ml_dsa_ml_dsa_generic_derive_message_representative_7b(
+          uu____4, domain_separation_context, message, message_representative);
+      uint8_t uu____5[48U];
+      memcpy(uu____5, signature.commitment_hash, (size_t)48U * sizeof(uint8_t));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+          verifier_challenge_as_ntt = libcrux_ml_dsa_ntt_ntt_ea(
+              libcrux_ml_dsa_sample_sample_challenge_ring_element_8a(uu____5));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24(*uu____6)[5U] =
+          A_as_ntt;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____7[5U];
+      memcpy(uu____7, signature.signer_response,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____8 =
+          verifier_challenge_as_ntt;
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_t1[6U];
+      memcpy(copy_of_t1, t1,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 w_approx[6U];
+      libcrux_ml_dsa_matrix_compute_w_approx_fe(uu____6, uu____7, uu____8,
+                                                copy_of_t1, w_approx);
+      uint8_t commitment_hash[48U] = {0U};
+      int32_t uu____10[6U][256U];
+      memcpy(uu____10, signature.hint, (size_t)6U * sizeof(int32_t[256U]));
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_w_approx[6U];
+      memcpy(copy_of_w_approx, w_approx,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 commitment[6U];
+      libcrux_ml_dsa_arithmetic_use_hint_fe(uu____10, copy_of_w_approx,
+                                            commitment);
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_commitment[6U];
+      memcpy(copy_of_commitment, commitment,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
+      uint8_t commitment_serialized[768U];
+      libcrux_ml_dsa_encoding_commitment_serialize_vector_ef(
+          copy_of_commitment, commitment_serialized);
+      libcrux_sha3_portable_incremental_Shake256Xof shake =
+          libcrux_ml_dsa_hash_functions_portable_init_83();
+      libcrux_ml_dsa_hash_functions_portable_absorb_83(
+          &shake, Eurydice_array_to_slice((size_t)64U, message_representative,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+          &shake, Eurydice_array_to_slice((size_t)768U, commitment_serialized,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+          &shake,
+          Eurydice_array_to_slice((size_t)48U, commitment_hash, uint8_t));
+      if (core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq(
+              (size_t)48U, signature.commitment_hash, commitment_hash, uint8_t,
+              uint8_t, bool)) {
+        uu____2 = (CLITERAL(Result_41){.tag = Ok});
+      } else {
+        uu____2 = (CLITERAL(Result_41){
+            .tag = Err,
+            .f0 = libcrux_ml_dsa_types_CommitmentHashesDontMatchError});
+      }
+    }
+  } else {
+    libcrux_ml_dsa_types_VerificationError e = uu____1.val.case_Err;
+    uu____2 = (CLITERAL(Result_41){.tag = Err, .f0 = e});
+  }
+  return uu____2;
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
@@ -5221,13 +8318,23 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"TODO: TraitTypes "
-      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
-      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
-      "TraitClause@1]::Residual\")\n");
-  KRML_HOST_EXIT(255U);
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_30){.tag = None}));
+  Result_41 uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        dsc;
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+        verification_key_serialized, message,
+        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
+        signature_serialized);
+  } else {
+    uu____1 = (CLITERAL(Result_41){
+        .tag = Err,
+        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
+  }
+  return uu____1;
 }
 
 /**
@@ -5334,10 +8441,31 @@ static KRML_MUSTINLINE Result_41
 libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Failure(\"expression_of_operand Constant: "
-                    "TraitClause@11OID\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t pre_hashed_message[256U];
+  libcrux_ml_dsa_pre_hash_hash_bd_54(message, pre_hashed_message);
+  Eurydice_slice uu____0 = context;
+  Option_30 lit;
+  lit.tag = Some;
+  uint8_t ret[11U];
+  libcrux_ml_dsa_pre_hash_oid_bd(ret);
+  memcpy(lit.f0, ret, (size_t)11U * sizeof(uint8_t));
+  Result_a8 uu____1 = libcrux_ml_dsa_pre_hash_new_45(uu____0, lit);
+  Result_41 uu____2;
+  if (uu____1.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____1.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        dsc;
+    uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+        verification_key_serialized,
+        Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t),
+        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
+        signature_serialized);
+  } else {
+    uu____2 = (CLITERAL(Result_41){
+        .tag = Err,
+        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
+  }
+  return uu____2;
 }
 
 /**
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index 0df065b82..a1c766bfb 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+ * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -69,17 +69,7 @@ extern "C" {
 
 #define LIBCRUX_ML_DSA_CONSTANTS_SIGNING_RANDOMNESS_SIZE ((size_t)32U)
 
-#define LIBCRUX_ML_DSA_ENCODING_COMMITMENT_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
-  ((size_t)6U)
-
-#define LIBCRUX_ML_DSA_ENCODING_ERROR_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
-  ((size_t)4U)
-
-#define LIBCRUX_ML_DSA_ENCODING_GAMMA1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
-  ((size_t)20U)
-
-#define LIBCRUX_ML_DSA_ENCODING_T0_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
-  ((size_t)13U)
+#define LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT ((size_t)13U)
 
 #define LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
   ((size_t)10U)
@@ -406,6 +396,7 @@ libcrux_ml_dsa::hash_functions::portable::Shake256Xof)#4}
 */
 static inline void libcrux_ml_dsa_hash_functions_portable_squeeze_83(
     libcrux_sha3_portable_incremental_Shake256Xof *self, Eurydice_slice out) {
+  printf("squeeze out len: %lu\n", out.len);
   libcrux_sha3_portable_incremental_squeeze_68(self, out);
 }
 
@@ -532,8 +523,131 @@ libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t row, uint8_t column) {
 #define LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
   (58728449ULL)
 
-typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s {
-} libcrux_ml_dsa_pre_hash_SHAKE128_PH;
+typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s {
+  Eurydice_slice context;
+  Option_30 pre_hash_oid;
+} libcrux_ml_dsa_pre_hash_DomainSeparationContext;
+
+#define libcrux_ml_dsa_pre_hash_ContextTooLongError 0
+
+typedef uint8_t libcrux_ml_dsa_pre_hash_DomainSeparationError;
+
+/**
+A monomorphic instance of core.result.Result
+with types libcrux_ml_dsa_pre_hash_DomainSeparationContext,
+libcrux_ml_dsa_pre_hash_DomainSeparationError
+
+*/
+typedef struct Result_a8_s {
+  Result_a9_tags tag;
+  union {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationError case_Err;
+  } val;
+} Result_a8;
+
+/**
+ `context` must be at most 255 bytes long.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline Result_a8 libcrux_ml_dsa_pre_hash_new_45(Eurydice_slice context,
+                                                       Option_30 pre_hash_oid) {
+  Result_a8 uu____0;
+  if (Eurydice_slice_len(context, uint8_t) >
+      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
+    uu____0 = (CLITERAL(Result_a8){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_pre_hash_ContextTooLongError}});
+  } else {
+    uu____0 = (CLITERAL(Result_a8){
+        .tag = Ok,
+        .val = {
+            .case_Ok = {.context = context, .pre_hash_oid = pre_hash_oid}}});
+  }
+  return uu____0;
+}
+
+/**
+ Returns the pre-hash OID, if any.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline Option_30 *libcrux_ml_dsa_pre_hash_pre_hash_oid_45(
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext *self) {
+  return &self->pre_hash_oid;
+}
+
+/**
+ Returns the context, guaranteed to be at most 255 bytes long.
+*/
+/**
+This function found in impl
+{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
+*/
+static inline Eurydice_slice libcrux_ml_dsa_pre_hash_context_45(
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext *self) {
+  return self->context;
+}
+
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_update_seed(
+    uint8_t seed[66U], uint16_t *domain_separator, uint8_t ret[66U]) {
+  seed[64U] = (uint8_t)domain_separator[0U];
+  seed[65U] = (uint8_t)((uint32_t)domain_separator[0U] >> 8U);
+  domain_separator[0U] = (uint32_t)domain_separator[0U] + 1U;
+  memcpy(ret, seed, (size_t)66U * sizeof(uint8_t));
+}
+
+static KRML_MUSTINLINE bool libcrux_ml_dsa_sample_inside_out_shuffle(
+    Eurydice_slice randomness, size_t *out_index, uint64_t *signs,
+    int32_t *result) {
+  bool done = false;
+  for (size_t i = (size_t)0U; i < Eurydice_slice_len(randomness, uint8_t);
+       i++) {
+    size_t _cloop_j = i;
+    uint8_t *byte =
+        &Eurydice_slice_index(randomness, _cloop_j, uint8_t, uint8_t *);
+    if (!done) {
+      size_t sample_at = (size_t)byte[0U];
+      if (sample_at <= out_index[0U]) {
+        result[out_index[0U]] = result[sample_at];
+        out_index[0U] = out_index[0U] + (size_t)1U;
+        result[sample_at] =
+            (int32_t)1 - (int32_t)2 * (int32_t)(signs[0U] & 1ULL);
+        signs[0U] = signs[0U] >> 1U;
+        size_t uu____0 = out_index[0U];
+        done = uu____0 == Eurydice_slice_len(Eurydice_array_to_slice(
+                                                 (size_t)256U, result, int32_t),
+                                             int32_t);
+      } else {
+        size_t uu____1 = out_index[0U];
+        done = uu____1 == Eurydice_slice_len(Eurydice_array_to_slice(
+                                                 (size_t)256U, result, int32_t),
+                                             int32_t);
+      }
+    }
+  }
+  return done;
+}
+
+static const uint8_t libcrux_ml_dsa_pre_hash_SHAKE128_OID[11U] = {
+    6U, 9U, 96U, 134U, 72U, 1U, 101U, 3U, 4U, 2U, 11U};
+
+/**
+This function found in impl {(libcrux_ml_dsa::pre_hash::PreHash<256: usize> for
+libcrux_ml_dsa::pre_hash::SHAKE128_PH)}
+*/
+static inline void libcrux_ml_dsa_pre_hash_oid_bd(uint8_t ret[11U]) {
+  memcpy(ret, libcrux_ml_dsa_pre_hash_SHAKE128_OID,
+         (size_t)11U * sizeof(uint8_t));
+}
+
+// typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s {
+// } libcrux_ml_dsa_pre_hash_SHAKE128_PH;
 
 typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_s {
   int32_t coefficients[8U];
@@ -662,12 +776,35 @@ static KRML_MUSTINLINE bool
 libcrux_ml_dsa_simd_portable_arithmetic_infinity_norm_exceeds(
     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
     int32_t bound) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Failure(\"TODO: TraitTypes "
-                    "core::array::iter::{core::iter::traits::iterator::"
-                    "Iterator for core::array::iter::IntoIter<T, "
-                    "N>[TraitClause@0]}#2<T@0, C@0>[TraitClause@0]::Item\")\n");
-  KRML_HOST_EXIT(255U);
+  bool exceeds = false;
+  core_ops_range_Range_08 lit;
+  lit.start = (size_t)0U;
+  lit.end = Eurydice_slice_len(
+      Eurydice_array_to_slice((size_t)8U, simd_unit.coefficients, int32_t),
+      int32_t);
+  core_ops_range_Range_08 iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          lit, core_ops_range_Range_08, core_ops_range_Range_08);
+  while (true) {
+    Option_08 uu____0 =
+        core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+            &iter, size_t, Option_08);
+    if (uu____0.tag == None) {
+      return exceeds;
+    } else {
+      size_t _cloop_k = uu____0.f0;
+      int32_t coefficient = simd_unit.coefficients[_cloop_k];
+      int32_t sign = coefficient >> 31U;
+      int32_t normalized = coefficient - (sign & (int32_t)2 * coefficient);
+      bool uu____1;
+      if (exceeds) {
+        uu____1 = true;
+      } else {
+        uu____1 = normalized >= bound;
+      }
+      exceeds = uu____1;
+    }
+  }
 }
 
 /**
@@ -750,6 +887,25 @@ libcrux_ml_dsa_simd_portable_arithmetic_reduce_element(int32_t fe) {
   return fe - quotient * LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS;
 }
 
+typedef struct int32_t_x2_s {
+  int32_t fst;
+  int32_t snd;
+} int32_t_x2;
+
+static KRML_MUSTINLINE int32_t_x2
+libcrux_ml_dsa_simd_portable_arithmetic_power2round_element(int32_t t) {
+  int32_t t2 = t + (t >> 31U & LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  int32_t t1 =
+      (t2 - (int32_t)1 +
+       ((int32_t)1
+        << (uint32_t)(LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T -
+                      (size_t)1U))) >>
+      (uint32_t)LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T;
+  int32_t t0 =
+      t2 - (t1 << (uint32_t)LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T);
+  return (CLITERAL(int32_t_x2){.fst = t0, .snd = t1});
+}
+
 typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2_s {
   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit fst;
   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit snd;
@@ -758,13 +914,27 @@ typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2_s {
 static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2
 libcrux_ml_dsa_simd_portable_arithmetic_power2round(
     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::array::iter::{core::iter::traits::iterator::Iterator for "
-      "core::array::iter::IntoIter<T, N>[TraitClause@0]}#2<i32, 8: "
-      "usize>[core::marker::Sized<i32>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t0_simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t1_simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t);
+       i++) {
+    size_t i0 = i;
+    int32_t t = simd_unit.coefficients[i0];
+    int32_t_x2 uu____0 =
+        libcrux_ml_dsa_simd_portable_arithmetic_power2round_element(t);
+    int32_t t0 = uu____0.fst;
+    int32_t t1 = uu____0.snd;
+    t0_simd_unit.coefficients[i0] = t0;
+    t1_simd_unit.coefficients[i0] = t1;
+  }
+  return (
+      CLITERAL(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2){
+          .fst = t0_simd_unit, .snd = t1_simd_unit});
 }
 
 /**
@@ -781,30 +951,22 @@ static KRML_MUSTINLINE size_t
 libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_field_modulus(
     Eurydice_slice randomness, Eurydice_slice out) {
   size_t sampled = (size_t)0U;
-  core_slice_iter_Chunks iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          core_slice___Slice_T___chunks(randomness, (size_t)3U, uint8_t,
-                                        core_slice_iter_Chunks),
-          core_slice_iter_Chunks, core_slice_iter_Chunks);
-  while (true) {
-    Option_1b uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T__TraitClause_0___71__next(
-            &iter, uint8_t, Option_1b);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      Eurydice_slice bytes = uu____0.f0;
-      int32_t b0 =
-          (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
-      int32_t b1 =
-          (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *);
-      int32_t b2 =
-          (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *);
-      int32_t coefficient = ((b2 << 16U | b1 << 8U) | b0) & (int32_t)8388607;
-      if (coefficient < LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS) {
-        Eurydice_slice_index(out, sampled, int32_t, int32_t *) = coefficient;
-        sampled++;
-      }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)3U,
+                                 _cloop_i * (size_t)3U + (size_t)3U, uint8_t);
+    int32_t b0 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
+    int32_t b1 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *);
+    int32_t b2 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *);
+    int32_t coefficient = ((b2 << 16U | b1 << 8U) | b0) & (int32_t)8388607;
+    if (coefficient < LIBCRUX_ML_DSA_CONSTANTS_FIELD_MODULUS) {
+      Eurydice_slice_index(out, sampled, int32_t, int32_t *) = coefficient;
+      sampled++;
     }
   }
   return sampled;
@@ -825,35 +987,26 @@ static KRML_MUSTINLINE size_t
 libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_eta_equals_2(
     Eurydice_slice randomness, Eurydice_slice out) {
   size_t sampled = (size_t)0U;
-  core_slice_iter_Iter iter =
-      core_slice_iter___core__iter__traits__collect__IntoIterator_for___a___Slice_T____1__into_iter(
-          randomness, uint8_t, core_slice_iter_Iter);
-  while (true) {
-    Option_3f uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Iter__a__T__TraitClause_0___182__next(
-            &iter, uint8_t, Option_3f);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      uint8_t *byte = uu____0.f0;
-      uint8_t try_0 = Eurydice_bitand_pv_u8(byte, 15U);
-      uint8_t try_1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
-      if (try_0 < 15U) {
-        int32_t try_00 = (int32_t)try_0;
-        int32_t try_0_mod_5 =
-            try_00 - (try_00 * (int32_t)26 >> 7U) * (int32_t)5;
-        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
-            (int32_t)2 - try_0_mod_5;
-        sampled++;
-      }
-      if (try_1 < 15U) {
-        int32_t try_10 = (int32_t)try_1;
-        int32_t try_1_mod_5 =
-            try_10 - (try_10 * (int32_t)26 >> 7U) * (int32_t)5;
-        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
-            (int32_t)2 - try_1_mod_5;
-        sampled++;
-      }
+  for (size_t i = (size_t)0U; i < Eurydice_slice_len(randomness, uint8_t);
+       i++) {
+    size_t _cloop_j = i;
+    uint8_t *byte =
+        &Eurydice_slice_index(randomness, _cloop_j, uint8_t, uint8_t *);
+    uint8_t try_0 = Eurydice_bitand_pv_u8(byte, 15U);
+    uint8_t try_1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
+    if (try_0 < 15U) {
+      int32_t try_00 = (int32_t)try_0;
+      int32_t try_0_mod_5 = try_00 - (try_00 * (int32_t)26 >> 7U) * (int32_t)5;
+      Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+          (int32_t)2 - try_0_mod_5;
+      sampled++;
+    }
+    if (try_1 < 15U) {
+      int32_t try_10 = (int32_t)try_1;
+      int32_t try_1_mod_5 = try_10 - (try_10 * (int32_t)26 >> 7U) * (int32_t)5;
+      Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+          (int32_t)2 - try_1_mod_5;
+      sampled++;
     }
   }
   return sampled;
@@ -874,29 +1027,22 @@ static KRML_MUSTINLINE size_t
 libcrux_ml_dsa_simd_portable_sample_rejection_sample_less_than_eta_equals_4(
     Eurydice_slice randomness, Eurydice_slice out) {
   size_t sampled = (size_t)0U;
-  core_slice_iter_Iter iter =
-      core_slice_iter___core__iter__traits__collect__IntoIterator_for___a___Slice_T____1__into_iter(
-          randomness, uint8_t, core_slice_iter_Iter);
-  while (true) {
-    Option_3f uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Iter__a__T__TraitClause_0___182__next(
-            &iter, uint8_t, Option_3f);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      uint8_t *byte = uu____0.f0;
-      uint8_t try_0 = Eurydice_bitand_pv_u8(byte, 15U);
-      uint8_t try_1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
-      if (try_0 < 9U) {
-        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
-            (int32_t)4 - (int32_t)try_0;
-        sampled++;
-      }
-      if (try_1 < 9U) {
-        Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
-            (int32_t)4 - (int32_t)try_1;
-        sampled++;
-      }
+  for (size_t i = (size_t)0U; i < Eurydice_slice_len(randomness, uint8_t);
+       i++) {
+    size_t _cloop_j = i;
+    uint8_t *byte =
+        &Eurydice_slice_index(randomness, _cloop_j, uint8_t, uint8_t *);
+    uint8_t try_0 = Eurydice_bitand_pv_u8(byte, 15U);
+    uint8_t try_1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
+    if (try_0 < 9U) {
+      Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+          (int32_t)4 - (int32_t)try_0;
+      sampled++;
+    }
+    if (try_1 < 9U) {
+      Eurydice_slice_index(out, sampled, int32_t, int32_t *) =
+          (int32_t)4 - (int32_t)try_1;
+      sampled++;
     }
   }
   return sampled;
@@ -913,33 +1059,402 @@ libcrux_ml_dsa_simd_portable_rejection_sample_less_than_eta_equals_4_36(
       randomness, out);
 }
 
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
+  ((int32_t)1 << 17U)
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_gamma1_serialize_when_gamma1_is_2_pow_17(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t) /
+               (size_t)4U;
+       i++) {
+    size_t i0 = i;
+    Eurydice_slice coefficients =
+        Eurydice_array_to_subslice2(simd_unit.coefficients, i0 * (size_t)4U,
+                                    i0 * (size_t)4U + (size_t)4U, int32_t);
+    int32_t coefficient0 =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        Eurydice_slice_index(coefficients, (size_t)0U, int32_t, int32_t *);
+    int32_t coefficient1 =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        Eurydice_slice_index(coefficients, (size_t)1U, int32_t, int32_t *);
+    int32_t coefficient2 =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        Eurydice_slice_index(coefficients, (size_t)2U, int32_t, int32_t *);
+    int32_t coefficient3 =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        Eurydice_slice_index(coefficients, (size_t)3U, int32_t, int32_t *);
+    Eurydice_slice_index(serialized, (size_t)9U * i0, uint8_t, uint8_t *) =
+        (uint8_t)coefficient0;
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)1U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient0 >> 8U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)2U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient0 >> 16U);
+    size_t uu____0 = (size_t)9U * i0 + (size_t)2U;
+    Eurydice_slice_index(serialized, uu____0, uint8_t, uint8_t *) =
+        (uint32_t)Eurydice_slice_index(serialized, uu____0, uint8_t,
+                                       uint8_t *) |
+        (uint32_t)(uint8_t)(coefficient1 << 2U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)3U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient1 >> 6U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)4U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient1 >> 14U);
+    size_t uu____1 = (size_t)9U * i0 + (size_t)4U;
+    Eurydice_slice_index(serialized, uu____1, uint8_t, uint8_t *) =
+        (uint32_t)Eurydice_slice_index(serialized, uu____1, uint8_t,
+                                       uint8_t *) |
+        (uint32_t)(uint8_t)(coefficient2 << 4U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)5U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient2 >> 4U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)6U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient2 >> 12U);
+    size_t uu____2 = (size_t)9U * i0 + (size_t)6U;
+    Eurydice_slice_index(serialized, uu____2, uint8_t, uint8_t *) =
+        (uint32_t)Eurydice_slice_index(serialized, uu____2, uint8_t,
+                                       uint8_t *) |
+        (uint32_t)(uint8_t)(coefficient3 << 6U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)7U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient3 >> 2U);
+    Eurydice_slice_index(serialized, (size_t)9U * i0 + (size_t)8U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient3 >> 10U);
+  }
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
+  ((int32_t)1 << 19U)
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_gamma1_serialize_when_gamma1_is_2_pow_19(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t) /
+               (size_t)2U;
+       i++) {
+    size_t i0 = i;
+    Eurydice_slice coefficients =
+        Eurydice_array_to_subslice2(simd_unit.coefficients, i0 * (size_t)2U,
+                                    i0 * (size_t)2U + (size_t)2U, int32_t);
+    int32_t coefficient0 =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 -
+        Eurydice_slice_index(coefficients, (size_t)0U, int32_t, int32_t *);
+    int32_t coefficient1 =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 -
+        Eurydice_slice_index(coefficients, (size_t)1U, int32_t, int32_t *);
+    Eurydice_slice_index(serialized, (size_t)5U * i0, uint8_t, uint8_t *) =
+        (uint8_t)coefficient0;
+    Eurydice_slice_index(serialized, (size_t)5U * i0 + (size_t)1U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient0 >> 8U);
+    Eurydice_slice_index(serialized, (size_t)5U * i0 + (size_t)2U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient0 >> 16U);
+    size_t uu____0 = (size_t)5U * i0 + (size_t)2U;
+    Eurydice_slice_index(serialized, uu____0, uint8_t, uint8_t *) =
+        (uint32_t)Eurydice_slice_index(serialized, uu____0, uint8_t,
+                                       uint8_t *) |
+        (uint32_t)(uint8_t)(coefficient1 << 4U);
+    Eurydice_slice_index(serialized, (size_t)5U * i0 + (size_t)3U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient1 >> 4U);
+    Eurydice_slice_index(serialized, (size_t)5U * i0 + (size_t)4U, uint8_t,
+                         uint8_t *) = (uint8_t)(coefficient1 >> 12U);
+  }
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
+  ((int32_t)1 << 17U)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK \
+  ((LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1                     \
+    << 1U) -                                                                                                    \
+   (int32_t)1)
+
 static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
 libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_when_gamma1_is_2_pow_17(
     Eurydice_slice serialized) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
-      "u8>[core::marker::Sized<u8>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)9U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes = Eurydice_slice_subslice2(
+        serialized, i0 * (size_t)9U, i0 * (size_t)9U + (size_t)9U, uint8_t);
+    int32_t coefficient0 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
+    coefficient0 =
+        coefficient0 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)
+            << 8U;
+    coefficient0 =
+        coefficient0 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)
+            << 16U;
+    coefficient0 =
+        coefficient0 &
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK;
+    int32_t coefficient1 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
+        2U;
+    coefficient1 =
+        coefficient1 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)
+            << 6U;
+    coefficient1 =
+        coefficient1 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)
+            << 14U;
+    coefficient1 =
+        coefficient1 &
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK;
+    int32_t coefficient2 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >>
+        4U;
+    coefficient2 =
+        coefficient2 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *)
+            << 4U;
+    coefficient2 =
+        coefficient2 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)
+            << 12U;
+    coefficient2 =
+        coefficient2 &
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK;
+    int32_t coefficient3 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >>
+        6U;
+    coefficient3 =
+        coefficient3 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)
+            << 2U;
+    coefficient3 =
+        coefficient3 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)
+            << 10U;
+    coefficient3 =
+        coefficient3 &
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK;
+    simd_unit.coefficients[(size_t)4U * i0] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        coefficient0;
+    simd_unit.coefficients[(size_t)4U * i0 + (size_t)1U] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        coefficient1;
+    simd_unit.coefficients[(size_t)4U * i0 + (size_t)2U] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        coefficient2;
+    simd_unit.coefficients[(size_t)4U * i0 + (size_t)3U] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 -
+        coefficient3;
+  }
+  return simd_unit;
 }
 
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
+  ((int32_t)1 << 19U)
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1_TIMES_2_BITMASK \
+  ((LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1                     \
+    << 1U) -                                                                                                    \
+   (int32_t)1)
+
 static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
 libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_when_gamma1_is_2_pow_19(
     Eurydice_slice serialized) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
-      "u8>[core::marker::Sized<u8>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)5U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes = Eurydice_slice_subslice2(
+        serialized, i0 * (size_t)5U, i0 * (size_t)5U + (size_t)5U, uint8_t);
+    int32_t coefficient0 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
+    coefficient0 =
+        coefficient0 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)
+            << 8U;
+    coefficient0 =
+        coefficient0 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)
+            << 16U;
+    coefficient0 =
+        coefficient0 &
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1_TIMES_2_BITMASK;
+    int32_t coefficient1 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
+        4U;
+    coefficient1 =
+        coefficient1 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)
+            << 4U;
+    coefficient1 =
+        coefficient1 |
+        (int32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)
+            << 12U;
+    simd_unit.coefficients[(size_t)2U * i0] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 -
+        coefficient0;
+    simd_unit.coefficients[(size_t)2U * i0 + (size_t)1U] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 -
+        coefficient1;
+  }
+  return simd_unit;
+}
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_commitment_serialize(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  switch ((uint8_t)Eurydice_slice_len(serialized, uint8_t)) {
+    case 4U: {
+      for (size_t i = (size_t)0U;
+           i <
+           Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t) /
+               (size_t)2U;
+           i++) {
+        size_t i0 = i;
+        Eurydice_slice coefficients =
+            Eurydice_array_to_subslice2(simd_unit.coefficients, i0 * (size_t)2U,
+                                        i0 * (size_t)2U + (size_t)2U, int32_t);
+        uint8_t coefficient0 = (uint8_t)Eurydice_slice_index(
+            coefficients, (size_t)0U, int32_t, int32_t *);
+        uint8_t coefficient1 = (uint8_t)Eurydice_slice_index(
+            coefficients, (size_t)1U, int32_t, int32_t *);
+        Eurydice_slice_index(serialized, i0, uint8_t, uint8_t *) =
+            (uint32_t)coefficient1 << 4U | (uint32_t)coefficient0;
+      }
+      break;
+    }
+    case 6U: {
+      for (size_t i = (size_t)0U;
+           i <
+           Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t) /
+               (size_t)4U;
+           i++) {
+        size_t i0 = i;
+        Eurydice_slice coefficients =
+            Eurydice_array_to_subslice2(simd_unit.coefficients, i0 * (size_t)4U,
+                                        i0 * (size_t)4U + (size_t)4U, int32_t);
+        uint8_t coefficient0 = (uint8_t)Eurydice_slice_index(
+            coefficients, (size_t)0U, int32_t, int32_t *);
+        uint8_t coefficient1 = (uint8_t)Eurydice_slice_index(
+            coefficients, (size_t)1U, int32_t, int32_t *);
+        uint8_t coefficient2 = (uint8_t)Eurydice_slice_index(
+            coefficients, (size_t)2U, int32_t, int32_t *);
+        uint8_t coefficient3 = (uint8_t)Eurydice_slice_index(
+            coefficients, (size_t)3U, int32_t, int32_t *);
+        Eurydice_slice_index(serialized, (size_t)3U * i0, uint8_t, uint8_t *) =
+            (uint32_t)coefficient1 << 6U | (uint32_t)coefficient0;
+        Eurydice_slice_index(serialized, (size_t)3U * i0 + (size_t)1U, uint8_t,
+                             uint8_t *) =
+            (uint32_t)coefficient2 << 4U | (uint32_t)coefficient1 >> 2U;
+        Eurydice_slice_index(serialized, (size_t)3U * i0 + (size_t)2U, uint8_t,
+                             uint8_t *) =
+            (uint32_t)coefficient3 << 2U | (uint32_t)coefficient2 >> 4U;
+      }
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                        "panic!");
+      KRML_HOST_EXIT(255U);
+    }
+  }
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+static inline void libcrux_ml_dsa_simd_portable_commitment_serialize_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_portable_encoding_commitment_serialize(simd_unit,
+                                                             serialized);
 }
 
 #define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA \
   ((int32_t)2)
 
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_error_serialize_when_eta_is_2(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  uint8_t coefficient0 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[0U]);
+  uint8_t coefficient1 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[1U]);
+  uint8_t coefficient2 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[2U]);
+  uint8_t coefficient3 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[3U]);
+  uint8_t coefficient4 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[4U]);
+  uint8_t coefficient5 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[5U]);
+  uint8_t coefficient6 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[6U]);
+  uint8_t coefficient7 =
+      (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_2_ETA -
+                simd_unit.coefficients[7U]);
+  Eurydice_slice_index(serialized, (size_t)0U, uint8_t, uint8_t *) =
+      ((uint32_t)coefficient2 << 6U | (uint32_t)coefficient1 << 3U) |
+      (uint32_t)coefficient0;
+  Eurydice_slice_index(serialized, (size_t)1U, uint8_t, uint8_t *) =
+      (((uint32_t)coefficient5 << 7U | (uint32_t)coefficient4 << 4U) |
+       (uint32_t)coefficient3 << 1U) |
+      (uint32_t)coefficient2 >> 2U;
+  Eurydice_slice_index(serialized, (size_t)2U, uint8_t, uint8_t *) =
+      ((uint32_t)coefficient7 << 5U | (uint32_t)coefficient6 << 2U) |
+      (uint32_t)coefficient5 >> 1U;
+}
+
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA \
+  ((int32_t)4)
+
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_error_serialize_when_eta_is_4(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t) /
+               (size_t)2U;
+       i++) {
+    size_t i0 = i;
+    Eurydice_slice coefficients =
+        Eurydice_array_to_subslice2(simd_unit.coefficients, i0 * (size_t)2U,
+                                    i0 * (size_t)2U + (size_t)2U, int32_t);
+    uint8_t coefficient0 =
+        (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA -
+                  Eurydice_slice_index(coefficients, (size_t)0U, int32_t,
+                                       int32_t *));
+    uint8_t coefficient1 =
+        (uint8_t)(LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA -
+                  Eurydice_slice_index(coefficients, (size_t)1U, int32_t,
+                                       int32_t *));
+    Eurydice_slice_index(serialized, i0, uint8_t, uint8_t *) =
+        (uint32_t)coefficient1 << 4U | (uint32_t)coefficient0;
+  }
+}
+
 #define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_2_ETA \
   ((int32_t)2)
 
@@ -981,18 +1496,30 @@ libcrux_ml_dsa_simd_portable_encoding_error_deserialize_when_eta_is_2(
   return simd_unit;
 }
 
+#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_4_ETA \
+  ((int32_t)4)
+
 static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
 libcrux_ml_dsa_simd_portable_encoding_error_deserialize_when_eta_is_4(
     Eurydice_slice serialized) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "u8>[core::marker::Sized<u8>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
-}
-
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t);
+       i++) {
+    size_t i0 = i;
+    uint8_t *byte = &Eurydice_slice_index(serialized, i0, uint8_t, uint8_t *);
+    uint8_t uu____0 = Eurydice_bitand_pv_u8(byte, 15U);
+    simd_unit.coefficients[(size_t)2U * i0] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_4_ETA -
+        (int32_t)uu____0;
+    uint8_t uu____1 = Eurydice_shr_pv_u8(byte, (int32_t)4);
+    simd_unit.coefficients[(size_t)2U * i0 + (size_t)1U] =
+        LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_4_ETA -
+        (int32_t)uu____1;
+  }
+  return simd_unit;
+}
+
 static KRML_MUSTINLINE int32_t
 libcrux_ml_dsa_simd_portable_encoding_t0_change_t0_interval(int32_t t0) {
   return ((int32_t)1
@@ -1187,13 +1714,55 @@ libcrux_ml_dsa_simd_portable_t0_deserialize_36(Eurydice_slice serialized) {
 static KRML_MUSTINLINE void libcrux_ml_dsa_simd_portable_encoding_t1_serialize(
     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
     uint8_t ret[10U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
-      "i32>[core::marker::Sized<i32>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t serialized[10U] = {0U};
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t) /
+               (size_t)4U;
+       i++) {
+    size_t i0 = i;
+    Eurydice_slice coefficients =
+        Eurydice_array_to_subslice2(simd_unit.coefficients, i0 * (size_t)4U,
+                                    i0 * (size_t)4U + (size_t)4U, int32_t);
+    serialized[(size_t)5U * i0] =
+        (uint8_t)(Eurydice_slice_index(coefficients, (size_t)0U, int32_t,
+                                       int32_t *) &
+                  (int32_t)255);
+    serialized[(size_t)5U * i0 + (size_t)1U] =
+        (uint32_t)(uint8_t)(Eurydice_slice_index(coefficients, (size_t)1U,
+                                                 int32_t, int32_t *) &
+                            (int32_t)63)
+            << 2U |
+        (uint32_t)(uint8_t)(Eurydice_slice_index(coefficients, (size_t)0U,
+                                                 int32_t, int32_t *) >>
+                                8U &
+                            (int32_t)3);
+    serialized[(size_t)5U * i0 + (size_t)2U] =
+        (uint32_t)(uint8_t)(Eurydice_slice_index(coefficients, (size_t)2U,
+                                                 int32_t, int32_t *) &
+                            (int32_t)15)
+            << 4U |
+        (uint32_t)(uint8_t)(Eurydice_slice_index(coefficients, (size_t)1U,
+                                                 int32_t, int32_t *) >>
+                                6U &
+                            (int32_t)15);
+    serialized[(size_t)5U * i0 + (size_t)3U] =
+        (uint32_t)(uint8_t)(Eurydice_slice_index(coefficients, (size_t)3U,
+                                                 int32_t, int32_t *) &
+                            (int32_t)3)
+            << 6U |
+        (uint32_t)(uint8_t)(Eurydice_slice_index(coefficients, (size_t)2U,
+                                                 int32_t, int32_t *) >>
+                                4U &
+                            (int32_t)63);
+    serialized[(size_t)5U * i0 + (size_t)4U] =
+        (uint8_t)(Eurydice_slice_index(coefficients, (size_t)3U, int32_t,
+                                       int32_t *) >>
+                      2U &
+                  (int32_t)255);
+  }
+  memcpy(ret, serialized, (size_t)10U * sizeof(uint8_t));
 }
 
 /**
@@ -1209,13 +1778,35 @@ static inline void libcrux_ml_dsa_simd_portable_t1_serialize_36(
 static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
 libcrux_ml_dsa_simd_portable_encoding_t1_deserialize(
     Eurydice_slice serialized) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::ChunksExact<\'a, T>[TraitClause@0]}#90<\'_, "
-      "u8>[core::marker::Sized<u8>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  int32_t mask = ((int32_t)1 << (uint32_t)
+                      LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_UPPER_PART_OF_T) -
+                 (int32_t)1;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)5U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes = Eurydice_slice_subslice2(
+        serialized, i0 * (size_t)5U, i0 * (size_t)5U + (size_t)5U, uint8_t);
+    int32_t byte0 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
+    int32_t byte1 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *);
+    int32_t byte2 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *);
+    int32_t byte3 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *);
+    int32_t byte4 =
+        (int32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *);
+    simd_unit.coefficients[(size_t)4U * i0] = (byte0 | byte1 << 8U) & mask;
+    simd_unit.coefficients[(size_t)4U * i0 + (size_t)1U] =
+        (byte1 >> 2U | byte2 << 6U) & mask;
+    simd_unit.coefficients[(size_t)4U * i0 + (size_t)2U] =
+        (byte2 >> 4U | byte3 << 4U) & mask;
+    simd_unit.coefficients[(size_t)4U * i0 + (size_t)3U] =
+        (byte3 >> 6U | byte4 << 2U) & mask;
+  }
+  return simd_unit;
 }
 
 /**
@@ -4834,64 +5425,6 @@ static KRML_MUSTINLINE
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_4_by_4
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
-libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
-- ETA= 4
-- S1_DIMENSION= 5
-- S2_DIMENSION= 6
-*/
-static KRML_MUSTINLINE tuple_ce
-libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_fe(uint8_t seed_base[66U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U];
-  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
-    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  }
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base[66U];
-  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
-          copy_of_seed_base, 0U, 1U, 2U, 3U);
-  s1[0U] = four.fst;
-  s1[1U] = four.snd;
-  s1[2U] = four.thd;
-  s1[3U] = four.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base0[66U];
-  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
-          copy_of_seed_base0, 4U, 5U, 6U, 7U);
-  s2[0U] = four0.fst;
-  s2[1U] = four0.snd;
-  s2[2U] = four0.thd;
-  s2[3U] = four0.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
-  memcpy(
-      copy_of_s1, s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2[6U];
-  memcpy(
-      copy_of_s2, s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  tuple_ce lit;
-  memcpy(
-      lit.fst, copy_of_s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  memcpy(
-      lit.snd, copy_of_s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  return lit;
-}
-
 /**
 A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_5_by_6
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
@@ -4959,83 +5492,6 @@ libcrux_ml_dsa_samplex4_sample_s1_and_s2_5_by_6_fe(uint8_t seed_base[66U]) {
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_7_by_8
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
-libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
-- ETA= 4
-- S1_DIMENSION= 5
-- S2_DIMENSION= 6
-*/
-static KRML_MUSTINLINE tuple_ce
-libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_fe(uint8_t seed_base[66U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1[5U];
-  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
-    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  }
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2[6U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base[66U];
-  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
-          copy_of_seed_base, 0U, 1U, 2U, 3U);
-  s1[0U] = four.fst;
-  s1[1U] = four.snd;
-  s1[2U] = four.thd;
-  s1[3U] = four.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base0[66U];
-  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
-          copy_of_seed_base0, 4U, 5U, 6U, 7U);
-  s1[4U] = four0.fst;
-  s1[5U] = four0.snd;
-  s1[6U] = four0.thd;
-  s2[0U] = four0.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base1[66U];
-  memcpy(copy_of_seed_base1, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four1 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
-          copy_of_seed_base1, 8U, 9U, 10U, 11U);
-  s2[1U] = four1.fst;
-  s2[2U] = four1.snd;
-  s2[3U] = four1.thd;
-  s2[4U] = four1.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base2[66U];
-  memcpy(copy_of_seed_base2, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four2 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_92(
-          copy_of_seed_base2, 12U, 13U, 14U, 15U);
-  s2[5U] = four2.fst;
-  s2[6U] = four2.snd;
-  s2[7U] = four2.thd;
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
-  memcpy(
-      copy_of_s1, s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2[6U];
-  memcpy(
-      copy_of_s2, s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  tuple_ce lit;
-  memcpy(
-      lit.fst, copy_of_s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  memcpy(
-      lit.snd, copy_of_s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
-  return lit;
-}
-
 /**
 A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
@@ -5048,20 +5504,6 @@ static KRML_MUSTINLINE tuple_ce
 libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(uint8_t seed[66U]) {
   uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)5U, .snd = (uint8_t)(size_t)6U};
   switch (uu____0.fst) {
-    case 4U: {
-      switch (uu____0.snd) {
-        case 4U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[66U];
-          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
-          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_fe(
-              copy_of_seed);
-        }
-        default: {
-        }
-      }
-      break;
-    }
     case 5U: {
       switch (uu____0.snd) {
         case 6U: {
@@ -5076,20 +5518,6 @@ libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(uint8_t seed[66U]) {
       }
       break;
     }
-    case 7U: {
-      switch (uu____0.snd) {
-        case 8U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[66U];
-          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
-          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_fe(
-              copy_of_seed);
-        }
-        default: {
-        }
-      }
-      break;
-    }
     default: {
     }
   }
@@ -5098,6 +5526,124 @@ libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(uint8_t seed[66U]) {
   KRML_HOST_EXIT(255U);
 }
 
+/**
+A monomorphic instance of libcrux_ml_dsa.ntt.ntt
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_ntt_ntt_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0[32U];
+  memcpy(uu____0, re.simd_units,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b lit;
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret[32U];
+  libcrux_ml_dsa_simd_portable_ntt_36(uu____0, ret);
+  memcpy(lit.simd_units, ret,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_As1_plus_s2.closure
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_matrix_compute_As1_plus_s2_closure_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s) {
+  return libcrux_ml_dsa_ntt_ntt_ba(s);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ntt.ntt_multiply_montgomery
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *rhs) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b out =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, out.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_montgomery_multiply_36(
+            lhs->simd_units[i0], rhs->simd_units[i0]);
+    out.simd_units[i0] = uu____0;
+  }
+  return out;
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.add_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_polynomial_add_ff_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *self,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *rhs) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b sum =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, sum.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_add_36(&self->simd_units[i0],
+                                            &rhs->simd_units[i0]);
+    sum.simd_units[i0] = uu____0;
+  }
+  return sum;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ntt.invert_ntt_montgomery
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_ntt_invert_ntt_montgomery_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0[32U];
+  memcpy(uu____0, re.simd_units,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b lit;
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit ret[32U];
+  libcrux_ml_dsa_simd_portable_invert_ntt_montgomery_36(uu____0, ret);
+  memcpy(lit.simd_units, ret,
+         (size_t)32U *
+             sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
+  return lit;
+}
+
 /**
  Compute InvertNTT(Â ◦ ŝ₁) + s₂
 */
@@ -5113,17 +5659,54 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_As1_plus_s2_2f(
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *s1,
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *s2,
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "@Array<libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>["
-      "TraitClause@0, TraitClause@1], "
-      "C@1>>[core::marker::Sized<@Array<libcrux_ml_dsa::polynomial::"
-      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1], C@1>>] "
-      "enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1[5U];
+  memcpy(
+      copy_of_s1, s1,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1_ntt[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    s1_ntt[i] =
+        libcrux_ml_dsa_matrix_compute_As1_plus_s2_closure_2f(copy_of_s1[i]);
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, A_as_ntt,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *row = A_as_ntt[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)5U, row,
+                     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+                 libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+          &row[j];
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b product =
+          libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(ring_element,
+                                                        &s1_ntt[j]);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+          libcrux_ml_dsa_polynomial_add_ff_ba(&result[i1], &product);
+      result[i1] = uu____1;
+    }
+    result[i1] = libcrux_ml_dsa_ntt_invert_ntt_montgomery_ba(result[i1]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____3 =
+        libcrux_ml_dsa_polynomial_add_ff_ba(&result[i1], &s2[i1]);
+    result[i1] = uu____3;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
 }
 
 typedef struct
@@ -5142,23 +5725,102 @@ static KRML_MUSTINLINE
     libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
     libcrux_ml_dsa_arithmetic_power2round_vector_07(
         libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t[6U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
-      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
-      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
-      "enumerate\")\n");
-  KRML_HOST_EXIT(255U);
-}
-
-/**
-A monomorphic instance of
-libcrux_ml_dsa.encoding.verification_key.generate_serialized with types
-libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
-- ROWS_IN_A= 6
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t0[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    t0[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    t1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, t,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element = &t[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)32U, ring_element->simd_units,
+                     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+                 libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+          &ring_element->simd_units[j];
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2 uu____0 =
+          libcrux_ml_dsa_simd_portable_power2round_36(simd_unit[0U]);
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t0_unit =
+          uu____0.fst;
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit t1_unit =
+          uu____0.snd;
+      t0[i1].simd_units[j] = t0_unit;
+      t1[i1].simd_units[j] = t1_unit;
+    }
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t0[6U];
+  memcpy(
+      copy_of_t0, t0,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t1[6U];
+  memcpy(
+      copy_of_t1, t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
+      lit;
+  memcpy(
+      lit.fst, copy_of_t0,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.snd, copy_of_t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t1.serialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t1_serialize_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re, uint8_t ret[320U]) {
+  uint8_t serialized[320U] = {0U};
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &re.simd_units[i0];
+    Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+        serialized,
+        i0 * LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT,
+        (i0 + (size_t)1U) *
+            LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT,
+        uint8_t);
+    uint8_t ret0[10U];
+    libcrux_ml_dsa_simd_portable_t1_serialize_36(simd_unit[0U], ret0);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)10U, ret0, uint8_t), uint8_t);
+  }
+  memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.verification_key.generate_serialized with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+- ROWS_IN_A= 6
 - VERIFICATION_KEY_SIZE= 1952
 */
 static KRML_MUSTINLINE void
@@ -5166,16 +5828,31 @@ libcrux_ml_dsa_encoding_verification_key_generate_serialized_2f(
     Eurydice_slice seed_for_A,
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U],
     uint8_t ret[1952U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "libcrux_ml_dsa::polynomial::PolynomialRingElement<T@0>[TraitClause@0, "
-      "TraitClause@1]>[core::marker::Sized<libcrux_ml_dsa::polynomial::"
-      "PolynomialRingElement<T@0>[TraitClause@0, TraitClause@1]>] "
-      "enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t verification_key_serialized[1952U] = {0U};
+  Eurydice_slice_copy(Eurydice_array_to_subslice2(
+                          verification_key_serialized, (size_t)0U,
+                          LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t),
+                      seed_for_A, uint8_t);
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, t1,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element = &t1[i0];
+    size_t offset = LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE +
+                    i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE;
+    Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+        verification_key_serialized, offset,
+        offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE, uint8_t);
+    uint8_t ret0[320U];
+    libcrux_ml_dsa_encoding_t1_serialize_ba(ring_element[0U], ret0);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)320U, ret0, uint8_t), uint8_t);
+  }
+  memcpy(ret, verification_key_serialized, (size_t)1952U * sizeof(uint8_t));
 }
 
 /**
@@ -5204,6 +5881,35 @@ libcrux_ml_dsa_hash_functions_portable_shake256_5c_24(Eurydice_slice input,
   libcrux_ml_dsa_hash_functions_portable_shake256_24(input, out);
 }
 
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.encoding.error.serialize
+with const generics
+- ETA= 4
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_error_serialize_ac(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_portable_encoding_error_serialize_when_eta_is_4(
+      simd_unit, serialized);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.error_serialize_36
+with const generics
+- ETA= 4
+*/
+static inline void libcrux_ml_dsa_simd_portable_error_serialize_36_ac(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_portable_encoding_error_serialize_ac(simd_unit,
+                                                           serialized);
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.encoding.error.serialize
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
@@ -5212,14 +5918,26 @@ with const generics
 - OUTPUT_SIZE= 128
 */
 static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_error_serialize_ea(
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re, uint8_t ret[128U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "T@0>[TraitClause@0] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re,
+    Eurydice_slice serialized) {
+  size_t output_bytes_per_simd_unit;
+  output_bytes_per_simd_unit = (size_t)4U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &re.simd_units[i0];
+    libcrux_ml_dsa_simd_portable_error_serialize_36_ac(
+        simd_unit[0U],
+        Eurydice_slice_subslice2(serialized, i0 * output_bytes_per_simd_unit,
+                                 (i0 + (size_t)1U) * output_bytes_per_simd_unit,
+                                 uint8_t));
+  }
 }
 
 /**
@@ -5229,14 +5947,28 @@ with const generics
 
 */
 static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t0_serialize_ba(
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re, uint8_t ret[416U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, "
-      "T@0>[TraitClause@0] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &re.simd_units[i0];
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        serialized, i0 * LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+        (i0 + (size_t)1U) *
+            LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+        uint8_t);
+    uint8_t ret[13U];
+    libcrux_ml_dsa_simd_portable_t0_serialize_36(simd_unit[0U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)13U, ret, uint8_t), uint8_t);
+  }
 }
 
 /**
@@ -5291,15 +6023,14 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2(
                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
        i++) {
-    size_t _cloop_i = i;
+    size_t _cloop_j = i;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
-        &s1[_cloop_i];
-    Eurydice_slice uu____1 = Eurydice_array_to_subslice2(
-        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
-    uint8_t ret0[128U];
-    libcrux_ml_dsa_encoding_error_serialize_ea(ring_element[0U], ret0);
-    Eurydice_slice_copy(
-        uu____1, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+        &s1[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_error_serialize_ea(
+        uu____1, Eurydice_array_to_subslice2(signing_key_serialized, offset,
+                                             offset + (size_t)128U, uint8_t));
     offset = offset + (size_t)128U;
   }
   for (size_t i = (size_t)0U;
@@ -5309,15 +6040,14 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2(
                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
        i++) {
-    size_t _cloop_i = i;
+    size_t _cloop_j = i;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
-        &s2[_cloop_i];
-    Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
-        signing_key_serialized, offset, offset + (size_t)128U, uint8_t);
-    uint8_t ret0[128U];
-    libcrux_ml_dsa_encoding_error_serialize_ea(ring_element[0U], ret0);
-    Eurydice_slice_copy(
-        uu____2, Eurydice_array_to_slice((size_t)128U, ret0, uint8_t), uint8_t);
+        &s2[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_error_serialize_ea(
+        uu____2, Eurydice_array_to_subslice2(signing_key_serialized, offset,
+                                             offset + (size_t)128U, uint8_t));
     offset = offset + (size_t)128U;
   }
   for (size_t i = (size_t)0U;
@@ -5327,16 +6057,16 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2(
                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
        i++) {
-    size_t _cloop_i = i;
+    size_t _cloop_j = i;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
-        &t0[_cloop_i];
-    Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
-        signing_key_serialized, offset,
-        offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE, uint8_t);
-    uint8_t ret0[416U];
-    libcrux_ml_dsa_encoding_t0_serialize_ba(ring_element[0U], ret0);
-    Eurydice_slice_copy(
-        uu____3, Eurydice_array_to_slice((size_t)416U, ret0, uint8_t), uint8_t);
+        &t0[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____3 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_t0_serialize_ba(
+        uu____3, Eurydice_array_to_subslice2(
+                     signing_key_serialized, offset,
+                     offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE,
+                     uint8_t));
     offset = offset + LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE;
   }
   memcpy(ret, signing_key_serialized, (size_t)4032U * sizeof(uint8_t));
@@ -5517,185 +6247,2851 @@ libcrux_ml_dsa_ml_dsa_65_portable_generate_key_pair(uint8_t randomness[32U]) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
-libcrux_ml_dsa_hash_functions_portable_Shake128X4,
-libcrux_ml_dsa_hash_functions_portable_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
-libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-- ETA= 4
-- ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
-*/
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
-    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
-    uint8_t randomness[32U]) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"TODO: TraitTypes "
-      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
-      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
-      "TraitClause@1]::Residual\")\n");
-  KRML_HOST_EXIT(255U);
-}
+A monomorphic instance of K.
+with types int32_t[256size_t][6size_t], size_t
 
-/**
- Sign.
 */
+typedef struct tuple_e6_s {
+  int32_t fst[6U][256U];
+  size_t snd;
+} tuple_e6;
+
 /**
-A monomorphic instance of
-libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.sign with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-- ETA= 4
-- ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
+A monomorphic instance of core.option.Option
+with types libcrux_ml_dsa_pre_hash_DomainSeparationContext
+
 */
-static inline Result_2e
-libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
-    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
-    uint8_t randomness[32U]) {
-  uint8_t *uu____0 = signing_key;
-  Eurydice_slice uu____1 = message;
-  Eurydice_slice uu____2 = context;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_sign_05(uu____0, uu____1, uu____2,
-                                               copy_of_randomness);
-}
+typedef struct Option_84_s {
+  Option_d8_tags tag;
+  libcrux_ml_dsa_pre_hash_DomainSeparationContext f0;
+} Option_84;
 
 /**
- Generate an ML-DSA-65 Signature
+A monomorphic instance of K.
+with types uint8_t[32size_t], uint8_t[32size_t], uint8_t[64size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[6size_t],
+libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[6size_t]
 
- The parameter `context` is used for domain separation
- and is a byte string of length at most 255 bytes. It
- may also be empty.
 */
-static inline Result_2e libcrux_ml_dsa_ml_dsa_65_portable_sign(
-    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
-    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
-  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
-  Eurydice_slice uu____1 = message;
-  Eurydice_slice uu____2 = context;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
-      uu____0, uu____1, uu____2, copy_of_randomness);
-}
+typedef struct tuple_f0_s {
+  uint8_t fst[32U];
+  uint8_t snd[32U];
+  uint8_t thd[64U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f3[5U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f4[6U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f5[6U];
+} tuple_f0;
 
 /**
-A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
-libcrux_ml_dsa_hash_functions_portable_Shake128,
-libcrux_ml_dsa_hash_functions_portable_Shake128X4,
-libcrux_ml_dsa_hash_functions_portable_Shake256,
-libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
-libcrux_ml_dsa_hash_functions_portable_Shake256X4,
-libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
-- PH_DIGEST_LEN= 256
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
+A monomorphic instance of
+libcrux_ml_dsa.simd.portable.encoding.error.deserialize with const generics
 - ETA= 4
-- ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
 */
-static KRML_MUSTINLINE Result_2e
-libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key,
-                                                 Eurydice_slice message,
-                                                 Eurydice_slice context,
-                                                 uint8_t randomness[32U]) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Failure(\"expression_of_operand Constant: "
-                    "TraitClause@13OID\")\n");
-  KRML_HOST_EXIT(255U);
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_error_deserialize_ac(
+    Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_portable_encoding_error_deserialize_when_eta_is_4(
+      serialized);
 }
 
 /**
- Sign (pre-hashed).
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
 */
 /**
-A monomorphic instance of
-libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.sign_pre_hashed_shake128
+A monomorphic instance of libcrux_ml_dsa.simd.portable.error_deserialize_36
 with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
 - ETA= 4
-- ERROR_RING_ELEMENT_SIZE= 128
-- GAMMA1_EXPONENT= 19
-- GAMMA2= 261888
-- COMMITMENT_RING_ELEMENT_SIZE= 128
-- COMMITMENT_VECTOR_SIZE= 768
-- COMMITMENT_HASH_SIZE= 48
-- ONES_IN_VERIFIER_CHALLENGE= 49
-- MAX_ONES_IN_HINT= 55
-- GAMMA1_RING_ELEMENT_SIZE= 640
-- SIGNING_KEY_SIZE= 4032
-- SIGNATURE_SIZE= 3309
 */
-static inline Result_2e
-libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f3(
-    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
-    uint8_t randomness[32U]) {
-  uint8_t *uu____0 = signing_key;
-  Eurydice_slice uu____1 = message;
-  Eurydice_slice uu____2 = context;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(
-      uu____0, uu____1, uu____2, copy_of_randomness);
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_error_deserialize_36_ac(
+    Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_portable_encoding_error_deserialize_ac(serialized);
 }
 
 /**
- Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing
-
- The parameter `context` is used for domain separation
- and is a byte string of length at most 255 bytes. It
+A monomorphic instance of libcrux_ml_dsa.encoding.error.deserialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ETA= 4
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_error_deserialize_73(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *result) {
+  size_t chunk_size;
+  chunk_size = (size_t)4U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, result->simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_error_deserialize_36_ac(
+            Eurydice_slice_subslice2(serialized, i0 * chunk_size,
+                                     (i0 + (size_t)1U) * chunk_size, uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.error.deserialize_to_vector_then_ntt with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+- DIMENSION= 5
+- ETA= 4
+- RING_ELEMENT_SIZE= 128
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_76(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ring_elements[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    ring_elements[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)128U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes =
+        Eurydice_slice_subslice2(serialized, i0 * (size_t)128U,
+                                 i0 * (size_t)128U + (size_t)128U, uint8_t);
+    libcrux_ml_dsa_encoding_error_deserialize_73(bytes, &ring_elements[i0]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ba(ring_elements[i0]);
+    ring_elements[i0] = uu____0;
+  }
+  memcpy(
+      ret, ring_elements,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.error.deserialize_to_vector_then_ntt with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+- DIMENSION= 6
+- ETA= 4
+- RING_ELEMENT_SIZE= 128
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_5d(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ring_elements[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    ring_elements[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) / (size_t)128U; i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes =
+        Eurydice_slice_subslice2(serialized, i0 * (size_t)128U,
+                                 i0 * (size_t)128U + (size_t)128U, uint8_t);
+    libcrux_ml_dsa_encoding_error_deserialize_73(bytes, &ring_elements[i0]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ba(ring_elements[i0]);
+    ring_elements[i0] = uu____0;
+  }
+  memcpy(
+      ret, ring_elements,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t0.deserialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_t0_deserialize_ba(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *result) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, result->simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_t0_deserialize_36(Eurydice_slice_subslice2(
+            serialized,
+            i0 * LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT,
+            uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.t0.deserialize_to_vector_then_ntt with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+- DIMENSION= 6
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_t0_deserialize_to_vector_then_ntt_07(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ring_elements[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    ring_elements[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(serialized, uint8_t) /
+               LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE;
+       i++) {
+    size_t i0 = i;
+    Eurydice_slice bytes = Eurydice_slice_subslice2(
+        serialized, i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE,
+        i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE +
+            LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T0S_SIZE,
+        uint8_t);
+    libcrux_ml_dsa_encoding_t0_deserialize_ba(bytes, &ring_elements[i0]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ba(ring_elements[i0]);
+    ring_elements[i0] = uu____0;
+  }
+  memcpy(
+      ret, ring_elements,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.encoding.signing_key.deserialize_then_ntt with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- SIGNING_KEY_SIZE= 4032
+*/
+static KRML_MUSTINLINE tuple_f0
+libcrux_ml_dsa_encoding_signing_key_deserialize_then_ntt_c6(
+    uint8_t *serialized) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)4032U, serialized, uint8_t),
+      LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_A = uu____0.fst;
+  Eurydice_slice remaining_serialized0 = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
+      remaining_serialized0, LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_SIGNING_SIZE,
+      uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_signing = uu____1.fst;
+  Eurydice_slice remaining_serialized1 = uu____1.snd;
+  Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
+      remaining_serialized1,
+      LIBCRUX_ML_DSA_CONSTANTS_BYTES_FOR_VERIFICATION_KEY_HASH, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice verification_key_hash = uu____2.fst;
+  Eurydice_slice remaining_serialized2 = uu____2.snd;
+  Eurydice_slice_uint8_t_x2 uu____3 =
+      Eurydice_slice_split_at(remaining_serialized2, (size_t)128U * (size_t)5U,
+                              uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice s1_serialized = uu____3.fst;
+  Eurydice_slice remaining_serialized = uu____3.snd;
+  Eurydice_slice_uint8_t_x2 uu____4 =
+      Eurydice_slice_split_at(remaining_serialized, (size_t)128U * (size_t)6U,
+                              uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice s2_serialized = uu____4.fst;
+  Eurydice_slice t0_serialized = uu____4.snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1_as_ntt[5U];
+  libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_76(s1_serialized,
+                                                                  s1_as_ntt);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2_as_ntt[6U];
+  libcrux_ml_dsa_encoding_error_deserialize_to_vector_then_ntt_5d(s2_serialized,
+                                                                  s2_as_ntt);
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t0_as_ntt[6U];
+  libcrux_ml_dsa_encoding_t0_deserialize_to_vector_then_ntt_07(t0_serialized,
+                                                               t0_as_ntt);
+  uint8_t uu____5[32U];
+  Result_fb dst0;
+  Eurydice_slice_to_array2(&dst0, seed_for_A, Eurydice_slice, uint8_t[32U]);
+  unwrap_26_b3(dst0, uu____5);
+  uint8_t uu____6[32U];
+  Result_fb dst1;
+  Eurydice_slice_to_array2(&dst1, seed_for_signing, Eurydice_slice,
+                           uint8_t[32U]);
+  unwrap_26_b3(dst1, uu____6);
+  uint8_t uu____7[64U];
+  Result_f2 dst;
+  Eurydice_slice_to_array2(&dst, verification_key_hash, Eurydice_slice,
+                           uint8_t[64U]);
+  unwrap_26_4b(dst, uu____7);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s1_as_ntt[5U];
+  memcpy(
+      copy_of_s1_as_ntt, s1_as_ntt,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_s2_as_ntt[6U];
+  memcpy(
+      copy_of_s2_as_ntt, s2_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t0_as_ntt[6U];
+  memcpy(
+      copy_of_t0_as_ntt, t0_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  tuple_f0 lit;
+  memcpy(lit.fst, uu____5, (size_t)32U * sizeof(uint8_t));
+  memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t));
+  memcpy(lit.thd, uu____7, (size_t)64U * sizeof(uint8_t));
+  memcpy(
+      lit.f3, copy_of_s1_as_ntt,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.f4, copy_of_s2_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.f5, copy_of_t0_as_ntt,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+ This corresponds to line 6 in algorithm 7 in FIPS 204 (line 7 in algorithm
+ 8, resp.).
+
+ If `domain_separation_context` is supplied, applies domain
+ separation and length encoding to the context string,
+ before appending the message (in the regular variant) or the
+ pre-hash OID as well as the pre-hashed message digest. Otherwise,
+ it is assumed that `message` already contains domain separation
+ information.
+
+ In FIPS 204 M' is the concatenation of the domain separated context, any
+ potential pre-hash OID and the message (or the message pre-hash). We do not
+ explicitely construct the concatenation in memory since it is of statically
+ unknown length, but feed its components directly into the incremental XOF.
+
+ Refer to line 10 of Algorithm 2 (and line 5 of Algorithm 3, resp.) in [FIPS
+ 204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#section.5)
+ for details on the domain separation for regular ML-DSA. Line
+ 23 of Algorithm 4 (and line 18 of Algorithm 5,resp.) describe domain separation
+ for the HashMl-DSA variant.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.derive_message_representative with types
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_ml_dsa_generic_derive_message_representative_7b(
+    uint8_t verification_key_hash[64U], Option_84 domain_separation_context,
+    Eurydice_slice message, uint8_t *message_representative) {
+  libcrux_sha3_portable_incremental_Shake256Xof shake =
+      libcrux_ml_dsa_hash_functions_portable_init_83();
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake,
+      Eurydice_array_to_slice((size_t)64U, verification_key_hash, uint8_t));
+  if (domain_separation_context.tag == Some) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context0 =
+        domain_separation_context.f0;
+    libcrux_sha3_portable_incremental_Shake256Xof *uu____0 = &shake;
+    uint8_t buf0[1U] = {
+        (uint8_t)core_option__core__option__Option_T__TraitClause_0___is_some(
+            libcrux_ml_dsa_pre_hash_pre_hash_oid_45(
+                &domain_separation_context0),
+            uint8_t[11U], bool)};
+    libcrux_ml_dsa_hash_functions_portable_absorb_83(
+        uu____0, Eurydice_array_to_slice((size_t)1U, buf0, uint8_t));
+    libcrux_sha3_portable_incremental_Shake256Xof *uu____1 = &shake;
+    uint8_t buf[1U] = {(uint8_t)Eurydice_slice_len(
+        libcrux_ml_dsa_pre_hash_context_45(&domain_separation_context0),
+        uint8_t)};
+    libcrux_ml_dsa_hash_functions_portable_absorb_83(
+        uu____1, Eurydice_array_to_slice((size_t)1U, buf, uint8_t));
+    libcrux_ml_dsa_hash_functions_portable_absorb_83(
+        &shake,
+        libcrux_ml_dsa_pre_hash_context_45(&domain_separation_context0));
+    Option_30 *uu____2 =
+        libcrux_ml_dsa_pre_hash_pre_hash_oid_45(&domain_separation_context0);
+    if (uu____2->tag == Some) {
+      uint8_t *pre_hash_oid = uu____2->f0;
+      libcrux_ml_dsa_hash_functions_portable_absorb_83(
+          &shake, Eurydice_array_to_slice((size_t)11U, pre_hash_oid, uint8_t));
+    }
+  }
+  libcrux_ml_dsa_hash_functions_portable_absorb_final_83(&shake, message);
+  libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+      &shake,
+      Eurydice_array_to_slice((size_t)64U, message_representative, uint8_t));
+}
+
+/**
+A monomorphic instance of core.option.Option
+with types libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t]
+
+*/
+typedef struct Option_f3_s {
+  Option_d8_tags tag;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f0[5U];
+} Option_f3;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256
+with const generics
+- OUTPUT_LENGTH= 576
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_portable_shake256_1b(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake256(
+      Eurydice_array_to_slice((size_t)576U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake256X4)#3}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256_x4_50
+with const generics
+- OUT_LEN= 576
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_shake256_x4_50_1b(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, uint8_t *out0, uint8_t *out1, uint8_t *out2,
+    uint8_t *out3) {
+  libcrux_ml_dsa_hash_functions_portable_shake256_1b(input0, out0);
+  libcrux_ml_dsa_hash_functions_portable_shake256_1b(input1, out1);
+  libcrux_ml_dsa_hash_functions_portable_shake256_1b(input2, out2);
+  libcrux_ml_dsa_hash_functions_portable_shake256_1b(input3, out3);
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.portable.encoding.gamma1.deserialize with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_36(
+    Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_when_gamma1_is_2_pow_19(
+      serialized);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.gamma1_deserialize_36
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_gamma1_deserialize_36_36(
+    Eurydice_slice serialized) {
+  return libcrux_ml_dsa_simd_portable_encoding_gamma1_deserialize_36(
+      serialized);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.gamma1.deserialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *result) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, result->simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_gamma1_deserialize_36_36(
+            Eurydice_slice_subslice2(
+                serialized, i0 * ((size_t)19U + (size_t)1U),
+                (i0 + (size_t)1U) * ((size_t)19U + (size_t)1U), uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256
+with const generics
+- OUTPUT_LENGTH= 640
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_portable_shake256_c8(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake256(
+      Eurydice_array_to_slice((size_t)640U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::XofX4
+for libcrux_ml_dsa::hash_functions::portable::Shake256X4)#3}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256_x4_50
+with const generics
+- OUT_LEN= 640
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_shake256_x4_50_c8(
+    Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2,
+    Eurydice_slice input3, uint8_t *out0, uint8_t *out1, uint8_t *out2,
+    uint8_t *out3) {
+  libcrux_ml_dsa_hash_functions_portable_shake256_c8(input0, out0);
+  libcrux_ml_dsa_hash_functions_portable_shake256_c8(input1, out1);
+  libcrux_ml_dsa_hash_functions_portable_shake256_c8(input2, out2);
+  libcrux_ml_dsa_hash_functions_portable_shake256_c8(input3, out3);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::portable::Shake256)#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256_5c
+with const generics
+- OUTPUT_LENGTH= 576
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_shake256_5c_1b(Eurydice_slice input,
+                                                      uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_portable_shake256_1b(input, out);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake256::DsaXof
+for libcrux_ml_dsa::hash_functions::portable::Shake256)#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake256_5c
+with const generics
+- OUTPUT_LENGTH= 640
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_shake256_5c_c8(Eurydice_slice input,
+                                                      uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_portable_shake256_c8(input, out);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_mask_ring_element
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256 with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_mask_ring_element_20(
+    uint8_t seed[66U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *result) {
+  uint8_t out[640U] = {0U};
+  libcrux_ml_dsa_hash_functions_portable_shake256_5c_c8(
+      Eurydice_array_to_slice((size_t)66U, seed, uint8_t), out);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+      Eurydice_array_to_slice((size_t)640U, out, uint8_t), result);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_mask_vector
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- DIMENSION= 5
+- GAMMA1_EXPONENT= 19
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_mask_vector_0e(
+    uint8_t seed[66U], uint16_t *domain_separator,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b mask[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    mask[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[66U];
+  memcpy(copy_of_seed0, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed0[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed0, domain_separator, seed0);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[66U];
+  memcpy(copy_of_seed1, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed1[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed1, domain_separator, seed1);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[66U];
+  memcpy(copy_of_seed2, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed2[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed2, domain_separator, seed2);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[66U];
+  memcpy(copy_of_seed3, seed, (size_t)66U * sizeof(uint8_t));
+  uint8_t seed3[66U];
+  libcrux_ml_dsa_sample_update_seed(copy_of_seed3, domain_separator, seed3);
+  uint8_t out0[640U] = {0U};
+  uint8_t out1[640U] = {0U};
+  uint8_t out2[640U] = {0U};
+  uint8_t out3[640U] = {0U};
+  libcrux_ml_dsa_hash_functions_portable_shake256_x4_50_c8(
+      Eurydice_array_to_slice((size_t)66U, seed0, uint8_t),
+      Eurydice_array_to_slice((size_t)66U, seed1, uint8_t),
+      Eurydice_array_to_slice((size_t)66U, seed2, uint8_t),
+      Eurydice_array_to_slice((size_t)66U, seed3, uint8_t), out0, out1, out2,
+      out3);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+      Eurydice_array_to_slice((size_t)640U, out0, uint8_t), mask);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+      Eurydice_array_to_slice((size_t)640U, out1, uint8_t), &mask[1U]);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+      Eurydice_array_to_slice((size_t)640U, out2, uint8_t), &mask[2U]);
+  libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+      Eurydice_array_to_slice((size_t)640U, out3, uint8_t), &mask[3U]);
+  for (size_t i = (size_t)4U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    seed[64U] = (uint8_t)domain_separator[0U];
+    seed[65U] = (uint8_t)((uint32_t)domain_separator[0U] >> 8U);
+    domain_separator[0U] = (uint32_t)domain_separator[0U] + 1U;
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_seed[66U];
+    memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
+    libcrux_ml_dsa_sample_sample_mask_ring_element_20(copy_of_seed, &mask[i0]);
+  }
+  memcpy(
+      ret, mask,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_A_times_mask.closure
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_matrix_compute_A_times_mask_closure_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s) {
+  return libcrux_ml_dsa_ntt_ntt_ba(s);
+}
+
+/**
+ Compute InvertNTT(Â ◦ ŷ)
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_A_times_mask
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_A_times_mask_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*A_as_ntt)[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *mask,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_mask[5U];
+  memcpy(
+      copy_of_mask, mask,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b mask_ntt[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    mask_ntt[i] =
+        libcrux_ml_dsa_matrix_compute_A_times_mask_closure_2f(copy_of_mask[i]);
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, A_as_ntt,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *row = A_as_ntt[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)5U, row,
+                     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+                 libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+          &row[j];
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b product =
+          libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(ring_element,
+                                                        &mask_ntt[j]);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+          libcrux_ml_dsa_polynomial_add_ff_ba(&result[i1], &product);
+      result[i1] = uu____1;
+    }
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ba(result[i1]);
+    result[i1] = uu____2;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.portable.arithmetic.decompose_element with const generics
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE int32_t_x2
+libcrux_ml_dsa_simd_portable_arithmetic_decompose_element_80(int32_t r) {
+  int32_t r2 = r + (r >> 31U & LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  int32_t ALPHA = (int32_t)261888 * (int32_t)2;
+  int32_t ceil_of_r_by_128 = (r2 + (int32_t)127) >> 7U;
+  int32_t r1;
+  switch (ALPHA) {
+    case 190464: {
+      int32_t result =
+          (ceil_of_r_by_128 * (int32_t)11275 + ((int32_t)1 << 23U)) >> 24U;
+      r1 = (result ^ ((int32_t)43 - result) >> 31U) & result;
+      break;
+    }
+    case 523776: {
+      int32_t result =
+          (ceil_of_r_by_128 * (int32_t)1025 + ((int32_t)1 << 21U)) >> 22U;
+      r1 = result & (int32_t)15;
+      break;
+    }
+    default: {
+      KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+                        "panic!");
+      KRML_HOST_EXIT(255U);
+    }
+  }
+  int32_t r0 = r2 - r1 * ALPHA;
+  r0 = r0 -
+       (((LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2 -
+         r0) >>
+            31U &
+        LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
+  return (CLITERAL(int32_t_x2){.fst = r0, .snd = r1});
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.arithmetic.decompose
+with const generics
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2
+    libcrux_ml_dsa_simd_portable_arithmetic_decompose_80(
+        libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit low =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit high =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)8U, low.coefficients, int32_t),
+               int32_t);
+       i++) {
+    size_t i0 = i;
+    int32_t_x2 uu____0 =
+        libcrux_ml_dsa_simd_portable_arithmetic_decompose_element_80(
+            simd_unit.coefficients[i0]);
+    int32_t low_part = uu____0.fst;
+    int32_t high_part = uu____0.snd;
+    low.coefficients[i0] = low_part;
+    high.coefficients[i0] = high_part;
+  }
+  return (
+      CLITERAL(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2){
+          .fst = low, .snd = high});
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.decompose_36
+with const generics
+- GAMMA2= 261888
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2
+libcrux_ml_dsa_simd_portable_decompose_36_80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_decompose_80(simd_unit);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.decompose_vector
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
+    libcrux_ml_dsa_arithmetic_decompose_vector_2f(
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b vector_low[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    vector_low[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b vector_high[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    vector_high[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)32U, vector_low->simd_units,
+                     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+                 libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x2 uu____0 =
+          libcrux_ml_dsa_simd_portable_decompose_36_80(t[i1].simd_units[j]);
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit low =
+          uu____0.fst;
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit high =
+          uu____0.snd;
+      vector_low[i1].simd_units[j] = low;
+      vector_high[i1].simd_units[j] = high;
+    }
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_vector_low[6U];
+  memcpy(
+      copy_of_vector_low, vector_low,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_vector_high[6U];
+  memcpy(
+      copy_of_vector_high, vector_high,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
+      lit;
+  memcpy(
+      lit.fst, copy_of_vector_low,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  memcpy(
+      lit.snd, copy_of_vector_high,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.commitment.serialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_commitment_serialize_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re,
+    Eurydice_slice serialized) {
+  size_t output_bytes_per_simd_unit =
+      Eurydice_slice_len(serialized, uint8_t) / ((size_t)8U * (size_t)4U);
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &re.simd_units[i0];
+    libcrux_ml_dsa_simd_portable_commitment_serialize_36(
+        simd_unit[0U],
+        Eurydice_slice_subslice2(serialized, i0 * output_bytes_per_simd_unit,
+                                 (i0 + (size_t)1U) * output_bytes_per_simd_unit,
+                                 uint8_t));
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.commitment.serialize_vector
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+- RING_ELEMENT_SIZE= 128
+- OUTPUT_SIZE= 768
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_encoding_commitment_serialize_vector_5d(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b vector[6U],
+    uint8_t ret[768U]) {
+  uint8_t serialized[768U] = {0U};
+  size_t offset = (size_t)0U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t _cloop_j = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+        &vector[_cloop_j];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        ring_element[0U];
+    libcrux_ml_dsa_encoding_commitment_serialize_ba(
+        uu____0, Eurydice_array_to_subslice2(serialized, offset,
+                                             offset + (size_t)128U, uint8_t));
+    offset = offset + (size_t)128U;
+  }
+  memcpy(ret, serialized, (size_t)768U * sizeof(uint8_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_challenge_ring_element
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake256 with const generics
+- NUMBER_OF_ONES= 49
+- SEED_SIZE= 48
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_sample_sample_challenge_ring_element_83(uint8_t seed[48U]) {
+  libcrux_sha3_portable_KeccakState state =
+      libcrux_ml_dsa_hash_functions_portable_init_absorb_final_5c(
+          Eurydice_array_to_slice((size_t)48U, seed, uint8_t));
+  uint8_t randomness0[136U];
+  libcrux_ml_dsa_hash_functions_portable_squeeze_first_block_5c(&state,
+                                                                randomness0);
+  uint8_t ret[8U];
+  Result_15 dst;
+  Eurydice_slice_to_array2(
+      &dst,
+      Eurydice_array_to_subslice2(randomness0, (size_t)0U, (size_t)8U, uint8_t),
+      Eurydice_slice, uint8_t[8U]);
+  unwrap_26_68(dst, ret);
+  uint64_t signs = core_num__u64_9__from_le_bytes(ret);
+  int32_t result[256U] = {0U};
+  size_t out_index =
+      Eurydice_slice_len(Eurydice_array_to_slice((size_t)256U, result, int32_t),
+                         int32_t) -
+      (size_t)49U;
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
+      (size_t)136U, randomness0, (size_t)8U, uint8_t, size_t);
+  bool done = libcrux_ml_dsa_sample_inside_out_shuffle(uu____0, &out_index,
+                                                       &signs, result);
+  while (true) {
+    if (done) {
+      break;
+    } else {
+      uint8_t randomness[136U];
+      libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_5c(&state,
+                                                                   randomness);
+      done = libcrux_ml_dsa_sample_inside_out_shuffle(
+          Eurydice_array_to_slice((size_t)136U, randomness, uint8_t),
+          &out_index, &signs, result);
+    }
+  }
+  return libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+      Eurydice_array_to_slice((size_t)256U, result, int32_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.vector_times_ring_element
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_vector_times_ring_element_4f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *vector,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *vector_ring_element =
+        &vector[i0];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ba(
+            libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(vector_ring_element,
+                                                          ring_element));
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.vector_times_ring_element
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_vector_times_ring_element_07(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *vector,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *vector_ring_element =
+        &vector[i0];
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ba(
+            libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(vector_ring_element,
+                                                          ring_element));
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.add_vectors
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_add_vectors_4f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *rhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[5U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_polynomial_add_ff_ba(&lhs[i0], &rhs[i0]);
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.subtract_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_polynomial_subtract_ff_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *self,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *rhs) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b difference =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, difference.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_subtract_36(&self->simd_units[i0],
+                                                 &rhs->simd_units[i0]);
+    difference.simd_units[i0] = uu____0;
+  }
+  return difference;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.subtract_vectors
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_subtract_vectors_07(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *rhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_polynomial_subtract_ff_ba(&lhs[i0], &rhs[i0]);
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.infinity_norm_exceeds_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline bool libcrux_ml_dsa_polynomial_infinity_norm_exceeds_ff_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *self, int32_t bound) {
+  bool exceeds = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, self->simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    bool uu____0;
+    if (exceeds) {
+      uu____0 = true;
+    } else {
+      uu____0 = libcrux_ml_dsa_simd_portable_infinity_norm_exceeds_36(
+          self->simd_units[i0], bound);
+    }
+    exceeds = uu____0;
+  }
+  return exceeds;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.vector_infinity_norm_exceeds
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 5
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_4f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b vector[5U],
+    int32_t bound) {
+  bool exceeds = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t _cloop_j = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+        &vector[_cloop_j];
+    bool uu____0;
+    if (exceeds) {
+      uu____0 = true;
+    } else {
+      uu____0 = libcrux_ml_dsa_polynomial_infinity_norm_exceeds_ff_ba(
+          ring_element, bound);
+    }
+    exceeds = uu____0;
+  }
+  return exceeds;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.vector_infinity_norm_exceeds
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_07(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b vector[6U],
+    int32_t bound) {
+  bool exceeds = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)6U, vector,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t _cloop_j = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+        &vector[_cloop_j];
+    bool uu____0;
+    if (exceeds) {
+      uu____0 = true;
+    } else {
+      uu____0 = libcrux_ml_dsa_polynomial_infinity_norm_exceeds_ff_ba(
+          ring_element, bound);
+    }
+    exceeds = uu____0;
+  }
+  return exceeds;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.add_vectors
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_add_vectors_07(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *lhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *rhs,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_polynomial_add_ff_ba(&lhs[i0], &rhs[i0]);
+    result[i0] = uu____0;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of K.
+with types size_t, libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+
+*/
+typedef struct tuple_ca_s {
+  size_t fst;
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit snd;
+} tuple_ca;
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.portable.arithmetic.compute_one_hint with const generics
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE int32_t
+libcrux_ml_dsa_simd_portable_arithmetic_compute_one_hint_80(int32_t low,
+                                                            int32_t high) {
+  int32_t uu____0;
+  if (!(low > (int32_t)261888)) {
+    if (!(low < -(int32_t)261888)) {
+      if (low == -(int32_t)261888) {
+        if (!(high != (int32_t)0)) {
+          uu____0 = (int32_t)0;
+          return uu____0;
+        }
+      } else {
+        uu____0 = (int32_t)0;
+        return uu____0;
+      }
+    }
+  }
+  uu____0 = (int32_t)1;
+  return uu____0;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.arithmetic.compute_hint
+with const generics
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE tuple_ca
+libcrux_ml_dsa_simd_portable_arithmetic_compute_hint_80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit low,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit high) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit hint =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  size_t one_hints_count = (size_t)0U;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice((size_t)8U, hint.coefficients, int32_t),
+               int32_t);
+       i++) {
+    size_t i0 = i;
+    hint.coefficients[i0] =
+        libcrux_ml_dsa_simd_portable_arithmetic_compute_one_hint_80(
+            low.coefficients[i0], high.coefficients[i0]);
+    one_hints_count = one_hints_count + (size_t)hint.coefficients[i0];
+  }
+  return (CLITERAL(tuple_ca){.fst = one_hints_count, .snd = hint});
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.compute_hint_36
+with const generics
+- GAMMA2= 261888
+*/
+static inline tuple_ca libcrux_ml_dsa_simd_portable_compute_hint_36_80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit low,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit high) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_compute_hint_80(low, high);
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.to_i32_array_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline void libcrux_ml_dsa_polynomial_to_i32_array_ff_ba(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *self,
+    int32_t ret[256U]) {
+  int32_t result[256U] = {0U};
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, self->simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &self->simd_units[i0];
+    Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+        result, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+        (i0 + (size_t)1U) *
+            LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+        int32_t);
+    int32_t ret0[8U];
+    libcrux_ml_dsa_simd_portable_to_coefficient_array_36(simd_unit, ret0);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret0, int32_t), int32_t);
+  }
+  memcpy(ret, result, (size_t)256U * sizeof(int32_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.make_hint
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE tuple_e6 libcrux_ml_dsa_arithmetic_make_hint_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b low[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b high[6U]) {
+  int32_t hint[6U][256U] = {{0U}};
+  size_t true_hints = (size_t)0U;
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b hint_simd =
+        libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)32U, hint_simd.simd_units,
+                     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+                 libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+         i++) {
+      size_t j = i;
+      tuple_ca uu____0 = libcrux_ml_dsa_simd_portable_compute_hint_36_80(
+          low[i1].simd_units[j], high[i1].simd_units[j]);
+      size_t one_hints_count = uu____0.fst;
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit current_hint =
+          uu____0.snd;
+      hint_simd.simd_units[j] = current_hint;
+      true_hints = true_hints + one_hints_count;
+    }
+    int32_t uu____1[256U];
+    libcrux_ml_dsa_polynomial_to_i32_array_ff_ba(&hint_simd, uu____1);
+    memcpy(hint[i1], uu____1, (size_t)256U * sizeof(int32_t));
+  }
+  /* Passing arrays by value in Rust generates a copy in C */
+  int32_t copy_of_hint[6U][256U];
+  memcpy(copy_of_hint, hint, (size_t)6U * sizeof(int32_t[256U]));
+  tuple_e6 lit;
+  memcpy(lit.fst, copy_of_hint, (size_t)6U * sizeof(int32_t[256U]));
+  lit.snd = true_hints;
+  return lit;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.signature.Signature
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- $48size_t
+- $5size_t
+- $6size_t
+*/
+typedef struct libcrux_ml_dsa_encoding_signature_Signature_44_s {
+  uint8_t commitment_hash[48U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b signer_response[5U];
+  int32_t hint[6U][256U];
+} libcrux_ml_dsa_encoding_signature_Signature_44;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.encoding.gamma1.serialize
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_simd_portable_encoding_gamma1_serialize_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_portable_encoding_gamma1_serialize_when_gamma1_is_2_pow_19(
+      simd_unit, serialized);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.gamma1_serialize_36
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static inline void libcrux_ml_dsa_simd_portable_gamma1_serialize_36_36(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    Eurydice_slice serialized) {
+  libcrux_ml_dsa_simd_portable_encoding_gamma1_serialize_36(simd_unit,
+                                                            serialized);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.gamma1.serialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- GAMMA1_EXPONENT= 19
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_gamma1_serialize_61(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re,
+    Eurydice_slice serialized) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &re.simd_units[i0];
+    libcrux_ml_dsa_simd_portable_gamma1_serialize_36_36(
+        simd_unit[0U],
+        Eurydice_slice_subslice2(serialized, i0 * ((size_t)19U + (size_t)1U),
+                                 (i0 + (size_t)1U) * ((size_t)19U + (size_t)1U),
+                                 uint8_t));
+  }
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::encoding::signature::Signature<SIMDUnit, COMMITMENT_HASH_SIZE,
+COLUMNS_IN_A, ROWS_IN_A>[TraitClause@0, TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.signature.serialize_92
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- COMMITMENT_HASH_SIZE= 48
+- COLUMNS_IN_A= 5
+- ROWS_IN_A= 6
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- MAX_ONES_IN_HINT= 55
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_signature_serialize_92_76(
+    libcrux_ml_dsa_encoding_signature_Signature_44 *self, uint8_t ret[3309U]) {
+  uint8_t signature[3309U] = {0U};
+  size_t offset = (size_t)0U;
+  Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
+      signature, offset, offset + (size_t)48U, uint8_t);
+  Eurydice_slice_copy(
+      uu____0,
+      Eurydice_array_to_slice((size_t)48U, self->commitment_hash, uint8_t),
+      uint8_t);
+  offset = offset + (size_t)48U;
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+        self->signer_response[i0];
+    libcrux_ml_dsa_encoding_gamma1_serialize_61(
+        uu____1, Eurydice_array_to_subslice2(signature, offset,
+                                             offset + (size_t)640U, uint8_t));
+    offset = offset + (size_t)640U;
+  }
+  size_t true_hints_seen = (size_t)0U;
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice((size_t)256U, self->hint[i1], int32_t),
+                 int32_t);
+         i++) {
+      size_t j = i;
+      if (self->hint[i1][j] == (int32_t)1) {
+        signature[offset + true_hints_seen] = (uint8_t)j;
+        true_hints_seen++;
+      }
+    }
+    signature[offset + (size_t)55U + i1] = (uint8_t)true_hints_seen;
+  }
+  memcpy(ret, signature, (size_t)3309U * sizeof(uint8_t));
+}
+
+/**
+ The internal signing API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+    uint8_t *signing_key, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t randomness[32U]) {
+  tuple_f0 uu____0 =
+      libcrux_ml_dsa_encoding_signing_key_deserialize_then_ntt_c6(signing_key);
+  uint8_t seed_for_A[32U];
+  memcpy(seed_for_A, uu____0.fst, (size_t)32U * sizeof(uint8_t));
+  uint8_t seed_for_signing[32U];
+  memcpy(seed_for_signing, uu____0.snd, (size_t)32U * sizeof(uint8_t));
+  uint8_t verification_key_hash[64U];
+  memcpy(verification_key_hash, uu____0.thd, (size_t)64U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s1_as_ntt[5U];
+  memcpy(
+      s1_as_ntt, uu____0.f3,
+      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b s2_as_ntt[6U];
+  memcpy(
+      s2_as_ntt, uu____0.f4,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t0_as_ntt[6U];
+  memcpy(
+      t0_as_ntt, uu____0.f5,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A_as_ntt[6U][5U];
+  uint8_t ret[34U];
+  libcrux_ml_dsa_utils_into_padded_array_b6(
+      Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
+  libcrux_ml_dsa_samplex4_matrix_A_2f(ret, A_as_ntt);
+  uint8_t message_representative[64U] = {0U};
+  uint8_t uu____1[64U];
+  memcpy(uu____1, verification_key_hash, (size_t)64U * sizeof(uint8_t));
+  libcrux_ml_dsa_ml_dsa_generic_derive_message_representative_7b(
+      uu____1, domain_separation_context, message, message_representative);
+  uint8_t mask_seed[64U] = {0U};
+  libcrux_sha3_portable_incremental_Shake256Xof shake0 =
+      libcrux_ml_dsa_hash_functions_portable_init_83();
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake0, Eurydice_array_to_slice((size_t)32U, seed_for_signing, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_absorb_83(
+      &shake0, Eurydice_array_to_slice((size_t)32U, randomness, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+      &shake0,
+      Eurydice_array_to_slice((size_t)64U, message_representative, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+      &shake0, Eurydice_array_to_slice((size_t)64U, mask_seed, uint8_t));
+  uint16_t domain_separator_for_mask = 0U;
+  int32_t BETA = (int32_t)((size_t)49U * (size_t)4U);
+  size_t attempt = (size_t)0U;
+  Option_67 commitment_hash0 = {.tag = None};
+  Option_f3 signer_response0 = {.tag = None};
+  Option_f0 hint0 = {.tag = None};
+  while (true) {
+    if (attempt < LIBCRUX_ML_DSA_CONSTANTS_REJECTION_SAMPLE_BOUND_SIGN) {
+      attempt++;
+      uint8_t uu____2[66U];
+      libcrux_ml_dsa_utils_into_padded_array_20(
+          Eurydice_array_to_slice((size_t)64U, mask_seed, uint8_t), uu____2);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b mask[5U];
+      libcrux_ml_dsa_sample_sample_mask_vector_0e(
+          uu____2, &domain_separator_for_mask, mask);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A_times_mask[6U];
+      libcrux_ml_dsa_matrix_compute_A_times_mask_2f(A_as_ntt, mask,
+                                                    A_times_mask);
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          copy_of_A_times_mask[6U];
+      memcpy(copy_of_A_times_mask, A_times_mask,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_6size_t__x2
+          uu____4 = libcrux_ml_dsa_arithmetic_decompose_vector_2f(
+              copy_of_A_times_mask);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b w0[6U];
+      memcpy(w0, uu____4.fst,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b commitment[6U];
+      memcpy(commitment, uu____4.snd,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      uint8_t commitment_hash_candidate[48U] = {0U};
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          copy_of_commitment0[6U];
+      memcpy(copy_of_commitment0, commitment,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      uint8_t commitment_serialized[768U];
+      libcrux_ml_dsa_encoding_commitment_serialize_vector_5d(
+          copy_of_commitment0, commitment_serialized);
+      libcrux_sha3_portable_incremental_Shake256Xof shake =
+          libcrux_ml_dsa_hash_functions_portable_init_83();
+      libcrux_ml_dsa_hash_functions_portable_absorb_83(
+          &shake, Eurydice_array_to_slice((size_t)64U, message_representative,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+          &shake, Eurydice_array_to_slice((size_t)768U, commitment_serialized,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+          &shake, Eurydice_array_to_slice((size_t)48U,
+                                          commitment_hash_candidate, uint8_t));
+      /* Passing arrays by value in Rust generates a copy in C */
+      uint8_t copy_of_commitment_hash_candidate[48U];
+      memcpy(copy_of_commitment_hash_candidate, commitment_hash_candidate,
+             (size_t)48U * sizeof(uint8_t));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          verifier_challenge_as_ntt = libcrux_ml_dsa_ntt_ntt_ba(
+              libcrux_ml_dsa_sample_sample_challenge_ring_element_83(
+                  copy_of_commitment_hash_candidate));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b challenge_times_s1[5U];
+      libcrux_ml_dsa_matrix_vector_times_ring_element_4f(
+          s1_as_ntt, &verifier_challenge_as_ntt, challenge_times_s1);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b challenge_times_s2[6U];
+      libcrux_ml_dsa_matrix_vector_times_ring_element_07(
+          s2_as_ntt, &verifier_challenge_as_ntt, challenge_times_s2);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          signer_response_candidate[5U];
+      libcrux_ml_dsa_matrix_add_vectors_4f(mask, challenge_times_s1,
+                                           signer_response_candidate);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          w0_minus_challenge_times_s2[6U];
+      libcrux_ml_dsa_matrix_subtract_vectors_07(w0, challenge_times_s2,
+                                                w0_minus_challenge_times_s2);
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          copy_of_signer_response_candidate[5U];
+      memcpy(copy_of_signer_response_candidate, signer_response_candidate,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      if (!libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_4f(
+              copy_of_signer_response_candidate,
+              ((int32_t)1 << (uint32_t)(size_t)19U) - BETA)) {
+        /* Passing arrays by value in Rust generates a copy in C */
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+            copy_of_w0_minus_challenge_times_s2[6U];
+        memcpy(copy_of_w0_minus_challenge_times_s2, w0_minus_challenge_times_s2,
+               (size_t)6U *
+                   sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+        if (!libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_07(
+                copy_of_w0_minus_challenge_times_s2, (int32_t)261888 - BETA)) {
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+              challenge_times_t0[6U];
+          libcrux_ml_dsa_matrix_vector_times_ring_element_07(
+              t0_as_ntt, &verifier_challenge_as_ntt, challenge_times_t0);
+          /* Passing arrays by value in Rust generates a copy in C */
+          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+              copy_of_challenge_times_t0[6U];
+          memcpy(
+              copy_of_challenge_times_t0, challenge_times_t0,
+              (size_t)6U *
+                  sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+          if (!libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_07(
+                  copy_of_challenge_times_t0, (int32_t)261888)) {
+            libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+                w0_minus_c_times_s2_plus_c_times_t0[6U];
+            libcrux_ml_dsa_matrix_add_vectors_07(
+                w0_minus_challenge_times_s2, challenge_times_t0,
+                w0_minus_c_times_s2_plus_c_times_t0);
+            /* Passing arrays by value in Rust generates a copy in C */
+            libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+                copy_of_w0_minus_c_times_s2_plus_c_times_t0[6U];
+            memcpy(
+                copy_of_w0_minus_c_times_s2_plus_c_times_t0,
+                w0_minus_c_times_s2_plus_c_times_t0,
+                (size_t)6U *
+                    sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+            /* Passing arrays by value in Rust generates a copy in C */
+            libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+                copy_of_commitment[6U];
+            memcpy(
+                copy_of_commitment, commitment,
+                (size_t)6U *
+                    sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+            tuple_e6 uu____12 = libcrux_ml_dsa_arithmetic_make_hint_2f(
+                copy_of_w0_minus_c_times_s2_plus_c_times_t0,
+                copy_of_commitment);
+            int32_t hint_candidate[6U][256U];
+            memcpy(hint_candidate, uu____12.fst,
+                   (size_t)6U * sizeof(int32_t[256U]));
+            size_t ones_in_hint = uu____12.snd;
+            if (!(ones_in_hint > (size_t)55U)) {
+              attempt = LIBCRUX_ML_DSA_CONSTANTS_REJECTION_SAMPLE_BOUND_SIGN;
+              /* Passing arrays by value in Rust generates a copy in C */
+              uint8_t copy_of_commitment_hash_candidate0[48U];
+              memcpy(copy_of_commitment_hash_candidate0,
+                     commitment_hash_candidate, (size_t)48U * sizeof(uint8_t));
+              Option_67 lit0;
+              lit0.tag = Some;
+              memcpy(lit0.f0, copy_of_commitment_hash_candidate0,
+                     (size_t)48U * sizeof(uint8_t));
+              commitment_hash0 = lit0;
+              /* Passing arrays by value in Rust generates a copy in C */
+              libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+                  copy_of_signer_response_candidate0[5U];
+              memcpy(
+                  copy_of_signer_response_candidate0, signer_response_candidate,
+                  (size_t)5U *
+                      sizeof(
+                          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+              Option_f3 lit1;
+              lit1.tag = Some;
+              memcpy(
+                  lit1.f0, copy_of_signer_response_candidate0,
+                  (size_t)5U *
+                      sizeof(
+                          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+              signer_response0 = lit1;
+              /* Passing arrays by value in Rust generates a copy in C */
+              int32_t copy_of_hint_candidate[6U][256U];
+              memcpy(copy_of_hint_candidate, hint_candidate,
+                     (size_t)6U * sizeof(int32_t[256U]));
+              Option_f0 lit;
+              lit.tag = Some;
+              memcpy(lit.f0, copy_of_hint_candidate,
+                     (size_t)6U * sizeof(int32_t[256U]));
+              hint0 = lit;
+            }
+          }
+        }
+      }
+    } else {
+      break;
+    }
+  }
+  Result_2e uu____16;
+  if (commitment_hash0.tag == None) {
+    uu____16 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_RejectionSamplingError}});
+  } else {
+    uint8_t commitment_hash1[48U];
+    memcpy(commitment_hash1, commitment_hash0.f0,
+           (size_t)48U * sizeof(uint8_t));
+    uint8_t commitment_hash[48U];
+    memcpy(commitment_hash, commitment_hash1, (size_t)48U * sizeof(uint8_t));
+    if (signer_response0.tag == None) {
+      uu____16 = (CLITERAL(Result_2e){
+          .tag = Err,
+          .val = {.case_Err = libcrux_ml_dsa_types_RejectionSamplingError}});
+    } else {
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b signer_response1[5U];
+      memcpy(signer_response1, signer_response0.f0,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b signer_response[5U];
+      memcpy(signer_response, signer_response1,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      if (hint0.tag == None) {
+        uu____16 = (CLITERAL(Result_2e){
+            .tag = Err,
+            .val = {.case_Err = libcrux_ml_dsa_types_RejectionSamplingError}});
+      } else {
+        int32_t hint1[6U][256U];
+        memcpy(hint1, hint0.f0, (size_t)6U * sizeof(int32_t[256U]));
+        int32_t hint[6U][256U];
+        memcpy(hint, hint1, (size_t)6U * sizeof(int32_t[256U]));
+        /* Passing arrays by value in Rust generates a copy in C */
+        uint8_t copy_of_commitment_hash[48U];
+        memcpy(copy_of_commitment_hash, commitment_hash,
+               (size_t)48U * sizeof(uint8_t));
+        /* Passing arrays by value in Rust generates a copy in C */
+        libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+            copy_of_signer_response[5U];
+        memcpy(copy_of_signer_response, signer_response,
+               (size_t)5U *
+                   sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+        /* Passing arrays by value in Rust generates a copy in C */
+        int32_t copy_of_hint[6U][256U];
+        memcpy(copy_of_hint, hint, (size_t)6U * sizeof(int32_t[256U]));
+        uint8_t signature[3309U];
+        libcrux_ml_dsa_encoding_signature_Signature_44 lit0;
+        memcpy(lit0.commitment_hash, copy_of_commitment_hash,
+               (size_t)48U * sizeof(uint8_t));
+        memcpy(lit0.signer_response, copy_of_signer_response,
+               (size_t)5U *
+                   sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+        memcpy(lit0.hint, copy_of_hint, (size_t)6U * sizeof(int32_t[256U]));
+        libcrux_ml_dsa_encoding_signature_serialize_92_76(&lit0, signature);
+        /* Passing arrays by value in Rust generates a copy in C */
+        uint8_t copy_of_signature[3309U];
+        memcpy(copy_of_signature, signature, (size_t)3309U * sizeof(uint8_t));
+        Result_2e lit;
+        lit.tag = Ok;
+        lit.val.case_Ok = libcrux_ml_dsa_types_new_8f_fa(copy_of_signature);
+        uu____16 = lit;
+        return uu____16;
+      }
+    }
+  }
+  return uu____16;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_30){.tag = None}));
+  Result_2e uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        dsc;
+    uint8_t *uu____2 = signing_key;
+    Eurydice_slice uu____3 = message;
+    Option_84 uu____4 = {.tag = Some, .f0 = domain_separation_context};
+    /* Passing arrays by value in Rust generates a copy in C */
+    uint8_t copy_of_randomness[32U];
+    memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+        uu____2, uu____3, uu____4, copy_of_randomness);
+  } else {
+    uu____1 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+  }
+  return uu____1;
+}
+
+/**
+ Sign.
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.sign with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_sign_05(uu____0, uu____1, uu____2,
+                                               copy_of_randomness);
+}
+
+/**
+ Generate an ML-DSA-65 Signature
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
+ may also be empty.
+*/
+static inline Result_2e libcrux_ml_dsa_ml_dsa_65_portable_sign(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
+    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake128
+with const generics
+- OUTPUT_LENGTH= 256
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_hash_functions_portable_shake128_6b(
+    Eurydice_slice input, uint8_t *out) {
+  libcrux_sha3_portable_shake128(
+      Eurydice_array_to_slice((size_t)256U, out, uint8_t), input);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::hash_functions::shake128::Xof for
+libcrux_ml_dsa::hash_functions::portable::Shake128)#1}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.hash_functions.portable.shake128_a0
+with const generics
+- OUTPUT_LENGTH= 256
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_hash_functions_portable_shake128_a0_6b(Eurydice_slice input,
+                                                      uint8_t *out) {
+  libcrux_ml_dsa_hash_functions_portable_shake128_6b(input, out);
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::pre_hash::PreHash<256: usize> for
+libcrux_ml_dsa::pre_hash::SHAKE128_PH)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.pre_hash.hash_bd
+with types libcrux_ml_dsa_hash_functions_portable_Shake128
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_pre_hash_hash_bd_54(
+    Eurydice_slice message, uint8_t ret[256U]) {
+  uint8_t output[256U] = {0U};
+  libcrux_ml_dsa_hash_functions_portable_shake128_a0_6b(message, output);
+  memcpy(ret, output, (size_t)256U * sizeof(uint8_t));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
+libcrux_ml_dsa_hash_functions_portable_Shake256X4,
+libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
+- PH_DIGEST_LEN= 256
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_2e
+libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key,
+                                                 Eurydice_slice message,
+                                                 Eurydice_slice context,
+                                                 uint8_t randomness[32U]) {
+  Result_2e uu____0;
+  if (Eurydice_slice_len(context, uint8_t) >
+      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
+    uu____0 = (CLITERAL(Result_2e){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+  } else {
+    uint8_t pre_hashed_message[256U];
+    libcrux_ml_dsa_pre_hash_hash_bd_54(message, pre_hashed_message);
+    Eurydice_slice uu____1 = context;
+    Option_30 lit;
+    lit.tag = Some;
+    uint8_t ret[11U];
+    libcrux_ml_dsa_pre_hash_oid_bd(ret);
+    memcpy(lit.f0, ret, (size_t)11U * sizeof(uint8_t));
+    Result_a8 uu____2 = libcrux_ml_dsa_pre_hash_new_45(uu____1, lit);
+    if (uu____2.tag == Ok) {
+      libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____2.val.case_Ok;
+      libcrux_ml_dsa_pre_hash_DomainSeparationContext
+          domain_separation_context = dsc;
+      uint8_t *uu____3 = signing_key;
+      Eurydice_slice uu____4 =
+          Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t);
+      Option_84 uu____5 = {.tag = Some, .f0 = domain_separation_context};
+      /* Passing arrays by value in Rust generates a copy in C */
+      uint8_t copy_of_randomness[32U];
+      memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+      uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+          uu____3, uu____4, uu____5, copy_of_randomness);
+    } else {
+      uu____0 = (CLITERAL(Result_2e){
+          .tag = Err,
+          .val = {.case_Err = libcrux_ml_dsa_types_ContextTooLongError}});
+    }
+  }
+  return uu____0;
+}
+
+/**
+ Sign (pre-hashed).
+*/
+/**
+A monomorphic instance of
+libcrux_ml_dsa.ml_dsa_generic.instantiations.portable.sign_pre_hashed_shake128
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- ETA= 4
+- ERROR_RING_ELEMENT_SIZE= 128
+- GAMMA1_EXPONENT= 19
+- GAMMA2= 261888
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- SIGNING_KEY_SIZE= 4032
+- SIGNATURE_SIZE= 3309
+*/
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f3(
+    uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
+    uint8_t randomness[32U]) {
+  uint8_t *uu____0 = signing_key;
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+ Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing
+
+ The parameter `context` is used for domain separation
+ and is a byte string of length at most 255 bytes. It
  may also be empty.
 */
-static inline Result_2e
-libcrux_ml_dsa_ml_dsa_65_portable_sign_pre_hashed_shake128(
-    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
-    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
-  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
-  Eurydice_slice uu____1 = message;
-  Eurydice_slice uu____2 = context;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_randomness[32U];
-  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f3(
-      uu____0, uu____1, uu____2, copy_of_randomness);
+static inline Result_2e
+libcrux_ml_dsa_ml_dsa_65_portable_sign_pre_hashed_shake128(
+    libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
+    Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  Eurydice_slice uu____1 = message;
+  Eurydice_slice uu____2 = context;
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_randomness[32U];
+  memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
+  return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f3(
+      uu____0, uu____1, uu____2, copy_of_randomness);
+}
+
+/**
+A monomorphic instance of K.
+with types uint8_t[32size_t], libcrux_ml_dsa_polynomial_PolynomialRingElement
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[6size_t]
+
+*/
+typedef struct tuple_93_s {
+  uint8_t fst[32U];
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd[6U];
+} tuple_93;
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.t1.deserialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline void libcrux_ml_dsa_encoding_t1_deserialize_ba(
+    Eurydice_slice serialized,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *result) {
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, result->simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_t1_deserialize_36(
+            Eurydice_slice_subslice2(serialized, i0 * (size_t)10U,
+                                     (i0 + (size_t)1U) * (size_t)10U, uint8_t));
+    result->simd_units[i0] = uu____0;
+  }
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.verification_key.deserialize
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- VERIFICATION_KEY_SIZE= 1952
+*/
+static KRML_MUSTINLINE tuple_93
+libcrux_ml_dsa_encoding_verification_key_deserialize_2f(uint8_t *serialized) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    t1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)1952U, serialized, uint8_t),
+      LIBCRUX_ML_DSA_CONSTANTS_SEED_FOR_A_SIZE, uint8_t,
+      Eurydice_slice_uint8_t_x2);
+  Eurydice_slice seed_for_A = uu____0.fst;
+  Eurydice_slice serialized_remaining = uu____0.snd;
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_encoding_t1_deserialize_ba(
+        Eurydice_slice_subslice2(
+            serialized_remaining,
+            i0 * LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_CONSTANTS_RING_ELEMENT_OF_T1S_SIZE,
+            uint8_t),
+        &t1[i0]);
+  }
+  uint8_t uu____1[32U];
+  Result_fb dst;
+  Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]);
+  unwrap_26_b3(dst, uu____1);
+  /* Passing arrays by value in Rust generates a copy in C */
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t1[6U];
+  memcpy(
+      copy_of_t1, t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  tuple_93 lit;
+  memcpy(lit.fst, uu____1, (size_t)32U * sizeof(uint8_t));
+  memcpy(
+      lit.snd, copy_of_t1,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  return lit;
+}
+
+/**
+A monomorphic instance of core.result.Result
+with types libcrux_ml_dsa_encoding_signature_Signature
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[[$6size_t]][[$5size_t]][[$48size_t]],
+libcrux_ml_dsa_types_VerificationError
+
+*/
+typedef struct Result_ef_s {
+  Result_a9_tags tag;
+  union {
+    libcrux_ml_dsa_encoding_signature_Signature_44 case_Ok;
+    libcrux_ml_dsa_types_VerificationError case_Err;
+  } val;
+} Result_ef;
+
+/**
+This function found in impl
+{libcrux_ml_dsa::encoding::signature::Signature<SIMDUnit, COMMITMENT_HASH_SIZE,
+COLUMNS_IN_A, ROWS_IN_A>[TraitClause@0, TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.encoding.signature.deserialize_92
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- COMMITMENT_HASH_SIZE= 48
+- COLUMNS_IN_A= 5
+- ROWS_IN_A= 6
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- MAX_ONES_IN_HINT= 55
+- SIGNATURE_SIZE= 3309
+*/
+static KRML_MUSTINLINE Result_ef
+libcrux_ml_dsa_encoding_signature_deserialize_92_76(uint8_t *serialized) {
+  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
+      Eurydice_array_to_slice((size_t)3309U, serialized, uint8_t), (size_t)48U,
+      uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice commitment_hash = uu____0.fst;
+  Eurydice_slice rest_of_serialized = uu____0.snd;
+  Eurydice_slice_uint8_t_x2 uu____1 =
+      Eurydice_slice_split_at(rest_of_serialized, (size_t)640U * (size_t)5U,
+                              uint8_t, Eurydice_slice_uint8_t_x2);
+  Eurydice_slice signer_response_serialized = uu____1.fst;
+  Eurydice_slice hint_serialized = uu____1.snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b signer_response[5U];
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    signer_response[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_encoding_gamma1_deserialize_61(
+        Eurydice_slice_subslice2(signer_response_serialized, i0 * (size_t)640U,
+                                 (i0 + (size_t)1U) * (size_t)640U, uint8_t),
+        &signer_response[i0]);
+  }
+  int32_t hint[6U][256U] = {{0U}};
+  size_t previous_true_hints_seen = (size_t)0U;
+  size_t i = (size_t)0U;
+  bool malformed_hint = false;
+  while (true) {
+    if (i < (size_t)6U) {
+      if (malformed_hint) {
+        break;
+      } else {
+        size_t current_true_hints_seen = (size_t)Eurydice_slice_index(
+            hint_serialized, (size_t)55U + i, uint8_t, uint8_t *);
+        size_t j;
+        bool uu____2;
+        bool uu____3;
+        size_t uu____4;
+        size_t uu____5;
+        bool uu____6;
+        size_t uu____7;
+        size_t uu____8;
+        bool uu____9;
+        uint8_t uu____10;
+        size_t uu____11;
+        uint8_t uu____12;
+        size_t uu____13;
+        size_t uu____14;
+        bool uu____15;
+        size_t uu____16;
+        size_t uu____17;
+        uint8_t uu____18;
+        size_t uu____19;
+        bool uu____20;
+        size_t uu____21;
+        if (!(current_true_hints_seen < previous_true_hints_seen)) {
+          if (!(previous_true_hints_seen > (size_t)55U)) {
+            j = previous_true_hints_seen;
+            while (true) {
+              uu____2 = malformed_hint;
+              if (uu____2) {
+                break;
+              } else {
+                uu____4 = j;
+                uu____5 = current_true_hints_seen;
+                uu____3 = uu____4 < uu____5;
+                if (uu____3) {
+                  uu____7 = j;
+                  uu____8 = previous_true_hints_seen;
+                  uu____6 = uu____7 > uu____8;
+                  if (uu____6) {
+                    uu____11 = j;
+                    uu____10 = Eurydice_slice_index(hint_serialized, uu____11,
+                                                    uint8_t, uint8_t *);
+                    uu____14 = j;
+                    uu____13 = uu____14 - (size_t)1U;
+                    uu____12 = Eurydice_slice_index(hint_serialized, uu____13,
+                                                    uint8_t, uint8_t *);
+                    uu____9 = uu____10 <= uu____12;
+                    if (uu____9) {
+                      malformed_hint = true;
+                      uu____15 = malformed_hint;
+                      if (!uu____15) {
+                        uu____16 = i;
+                        uu____19 = j;
+                        uu____18 = Eurydice_slice_index(
+                            hint_serialized, uu____19, uint8_t, uint8_t *);
+                        uu____17 = (size_t)uu____18;
+                        hint[uu____16][uu____17] = (int32_t)1;
+                        j++;
+                      }
+                      continue;
+                    }
+                  }
+                  uu____15 = malformed_hint;
+                  if (!uu____15) {
+                    uu____16 = i;
+                    uu____19 = j;
+                    uu____18 = Eurydice_slice_index(hint_serialized, uu____19,
+                                                    uint8_t, uint8_t *);
+                    uu____17 = (size_t)uu____18;
+                    hint[uu____16][uu____17] = (int32_t)1;
+                    j++;
+                  }
+                } else {
+                  break;
+                }
+              }
+            }
+            uu____20 = malformed_hint;
+            if (!uu____20) {
+              uu____21 = current_true_hints_seen;
+              previous_true_hints_seen = uu____21;
+              i++;
+            }
+            continue;
+          }
+        }
+        malformed_hint = true;
+        j = previous_true_hints_seen;
+        while (true) {
+          uu____2 = malformed_hint;
+          if (uu____2) {
+            break;
+          } else {
+            uu____4 = j;
+            uu____5 = current_true_hints_seen;
+            uu____3 = uu____4 < uu____5;
+            if (uu____3) {
+              uu____7 = j;
+              uu____8 = previous_true_hints_seen;
+              uu____6 = uu____7 > uu____8;
+              if (uu____6) {
+                uu____11 = j;
+                uu____10 = Eurydice_slice_index(hint_serialized, uu____11,
+                                                uint8_t, uint8_t *);
+                uu____14 = j;
+                uu____13 = uu____14 - (size_t)1U;
+                uu____12 = Eurydice_slice_index(hint_serialized, uu____13,
+                                                uint8_t, uint8_t *);
+                uu____9 = uu____10 <= uu____12;
+                if (uu____9) {
+                  malformed_hint = true;
+                  uu____15 = malformed_hint;
+                  if (!uu____15) {
+                    uu____16 = i;
+                    uu____19 = j;
+                    uu____18 = Eurydice_slice_index(hint_serialized, uu____19,
+                                                    uint8_t, uint8_t *);
+                    uu____17 = (size_t)uu____18;
+                    hint[uu____16][uu____17] = (int32_t)1;
+                    j++;
+                  }
+                  continue;
+                }
+              }
+              uu____15 = malformed_hint;
+              if (!uu____15) {
+                uu____16 = i;
+                uu____19 = j;
+                uu____18 = Eurydice_slice_index(hint_serialized, uu____19,
+                                                uint8_t, uint8_t *);
+                uu____17 = (size_t)uu____18;
+                hint[uu____16][uu____17] = (int32_t)1;
+                j++;
+              }
+            } else {
+              break;
+            }
+          }
+        }
+        uu____20 = malformed_hint;
+        if (!uu____20) {
+          uu____21 = current_true_hints_seen;
+          previous_true_hints_seen = uu____21;
+          i++;
+        }
+      }
+    } else {
+      break;
+    }
+  }
+  i = previous_true_hints_seen;
+  while (true) {
+    if (i < (size_t)55U) {
+      if (malformed_hint) {
+        break;
+      } else {
+        if (Eurydice_slice_index(hint_serialized, i, uint8_t, uint8_t *) !=
+            0U) {
+          malformed_hint = true;
+        }
+        i++;
+      }
+    } else {
+      break;
+    }
+  }
+  Result_ef uu____22;
+  if (malformed_hint) {
+    uu____22 = (CLITERAL(Result_ef){
+        .tag = Err,
+        .val = {.case_Err = libcrux_ml_dsa_types_MalformedHintError}});
+  } else {
+    uint8_t uu____23[48U];
+    Result_ae dst;
+    Eurydice_slice_to_array2(&dst, commitment_hash, Eurydice_slice,
+                             uint8_t[48U]);
+    unwrap_26_28(dst, uu____23);
+    /* Passing arrays by value in Rust generates a copy in C */
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+        copy_of_signer_response[5U];
+    memcpy(copy_of_signer_response, signer_response,
+           (size_t)5U *
+               sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+    /* Passing arrays by value in Rust generates a copy in C */
+    int32_t copy_of_hint[6U][256U];
+    memcpy(copy_of_hint, hint, (size_t)6U * sizeof(int32_t[256U]));
+    Result_ef lit;
+    lit.tag = Ok;
+    memcpy(lit.val.case_Ok.commitment_hash, uu____23,
+           (size_t)48U * sizeof(uint8_t));
+    memcpy(lit.val.case_Ok.signer_response, copy_of_signer_response,
+           (size_t)5U *
+               sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+    memcpy(lit.val.case_Ok.hint, copy_of_hint,
+           (size_t)6U * sizeof(int32_t[256U]));
+    uu____22 = lit;
+  }
+  return uu____22;
+}
+
+/**
+A monomorphic instance of
+libcrux_ml_dsa.simd.portable.arithmetic.shift_left_then_reduce with const
+generics
+- SHIFT_BY= 13
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_arithmetic_shift_left_then_reduce_84(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit out =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, simd_unit.coefficients, int32_t),
+                              int32_t);
+       i++) {
+    size_t i0 = i;
+    out.coefficients[i0] =
+        libcrux_ml_dsa_simd_portable_arithmetic_reduce_element(
+            simd_unit.coefficients[i0] << (uint32_t)(int32_t)13);
+  }
+  return out;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.shift_left_then_reduce_36
+with const generics
+- SHIFT_BY= 13
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_shift_left_then_reduce_36_84(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_shift_left_then_reduce_84(
+      simd_unit);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.shift_left_then_reduce
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- SHIFT_BY= 13
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_arithmetic_shift_left_then_reduce_b9(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b out =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)32U, re.simd_units,
+                   libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+               libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit *simd_unit =
+        &re.simd_units[i0];
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_shift_left_then_reduce_36_84(
+            simd_unit[0U]);
+    out.simd_units[i0] = uu____0;
+  }
+  return out;
+}
+
+/**
+ Compute InvertNTT(Â ◦ ẑ - ĉ ◦ NTT(t₁2ᵈ))
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.matrix.compute_w_approx
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_matrix_compute_w_approx_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*A_as_ntt)[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b signer_response[5U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+        verifier_challenge_as_ntt,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(
+               Eurydice_array_to_slice(
+                   (size_t)5U, signer_response,
+                   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+               libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+       i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
+        libcrux_ml_dsa_ntt_ntt_ba(signer_response[i0]);
+    signer_response[i0] = uu____0;
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(
+                Eurydice_array_to_slice(
+                    (size_t)6U, A_as_ntt,
+                    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]),
+                libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]);
+       i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *row = A_as_ntt[i1];
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)5U, row,
+                     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b),
+                 libcrux_ml_dsa_polynomial_PolynomialRingElement_9b);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b *ring_element =
+          &row[j];
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b product =
+          libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(ring_element,
+                                                        &signer_response[j]);
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+          libcrux_ml_dsa_polynomial_add_ff_ba(&result[i1], &product);
+      result[i1] = uu____1;
+    }
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1_shifted =
+        libcrux_ml_dsa_arithmetic_shift_left_then_reduce_b9(t1[i1]);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1_shifted0 =
+        libcrux_ml_dsa_ntt_ntt_ba(t1_shifted);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+        challenge_times_t1_shifted =
+            libcrux_ml_dsa_ntt_ntt_multiply_montgomery_ba(
+                &verifier_challenge_as_ntt, &t1_shifted0);
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 =
+        libcrux_ml_dsa_ntt_invert_ntt_montgomery_ba(
+            libcrux_ml_dsa_polynomial_subtract_ff_ba(
+                &result[i1], &challenge_times_t1_shifted));
+    result[i1] = uu____2;
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.arithmetic.use_one_hint
+with const generics
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE int32_t
+libcrux_ml_dsa_simd_portable_arithmetic_use_one_hint_80(int32_t r,
+                                                        int32_t hint) {
+  int32_t_x2 uu____0 =
+      libcrux_ml_dsa_simd_portable_arithmetic_decompose_element_80(r);
+  int32_t r0 = uu____0.fst;
+  int32_t r1 = uu____0.snd;
+  int32_t uu____1;
+  if (hint == (int32_t)0) {
+    uu____1 = r1;
+  } else if (r0 > (int32_t)0) {
+    uu____1 = (r1 + hint) & (int32_t)15;
+  } else {
+    uu____1 = (r1 - hint) & (int32_t)15;
+  }
+  return uu____1;
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.arithmetic.use_hint
+with const generics
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_arithmetic_use_hint_80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit hint) {
+  libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit result =
+      libcrux_ml_dsa_simd_portable_vector_type_ZERO();
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(Eurydice_array_to_slice(
+                                  (size_t)8U, result.coefficients, int32_t),
+                              int32_t);
+       i++) {
+    size_t i0 = i;
+    int32_t uu____0 = libcrux_ml_dsa_simd_portable_arithmetic_use_one_hint_80(
+        simd_unit.coefficients[i0], hint.coefficients[i0]);
+    result.coefficients[i0] = uu____0;
+  }
+  return result;
+}
+
+/**
+This function found in impl {(libcrux_ml_dsa::simd::traits::Operations for
+libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.simd.portable.use_hint_36
+with const generics
+- GAMMA2= 261888
+*/
+static inline libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+libcrux_ml_dsa_simd_portable_use_hint_36_80(
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit simd_unit,
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit hint) {
+  return libcrux_ml_dsa_simd_portable_arithmetic_use_hint_80(simd_unit, hint);
+}
+
+/**
+A monomorphic instance of libcrux_ml_dsa.arithmetic.use_hint
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- DIMENSION= 6
+- GAMMA2= 261888
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_arithmetic_use_hint_2f(
+    int32_t hint[6U][256U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b re_vector[6U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U]) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result[6U];
+  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
+    result[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  }
+  for (size_t i0 = (size_t)0U; i0 < (size_t)6U; i0++) {
+    size_t i1 = i0;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b hint_simd =
+        libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
+            Eurydice_array_to_slice((size_t)256U, hint[i1], int32_t));
+    for (size_t i = (size_t)0U;
+         i < Eurydice_slice_len(
+                 Eurydice_array_to_slice(
+                     (size_t)32U, result->simd_units,
+                     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit),
+                 libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit);
+         i++) {
+      size_t j = i;
+      libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+          libcrux_ml_dsa_simd_portable_use_hint_36_80(
+              re_vector[i1].simd_units[j], hint_simd.simd_units[j]);
+      result[i1].simd_units[j] = uu____0;
+    }
+  }
+  memcpy(
+      ret, result,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+}
+
+/**
+ The internal verification API.
+
+ If no `domain_separation_context` is supplied, it is assumed that
+ `message` already contains the domain separation.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4,
+libcrux_ml_dsa_hash_functions_portable_Shake256,
+libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+- SIGNATURE_SIZE= 3309
+- VERIFICATION_KEY_SIZE= 1952
+- GAMMA1_EXPONENT= 19
+- GAMMA1_RING_ELEMENT_SIZE= 640
+- GAMMA2= 261888
+- BETA= 196
+- COMMITMENT_RING_ELEMENT_SIZE= 128
+- COMMITMENT_VECTOR_SIZE= 768
+- COMMITMENT_HASH_SIZE= 48
+- ONES_IN_VERIFIER_CHALLENGE= 49
+- MAX_ONES_IN_HINT= 55
+*/
+static KRML_MUSTINLINE Result_41
+libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+    uint8_t *verification_key_serialized, Eurydice_slice message,
+    Option_84 domain_separation_context, uint8_t *signature_serialized) {
+  tuple_93 uu____0 = libcrux_ml_dsa_encoding_verification_key_deserialize_2f(
+      verification_key_serialized);
+  uint8_t seed_for_A[32U];
+  memcpy(seed_for_A, uu____0.fst, (size_t)32U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b t1[6U];
+  memcpy(
+      t1, uu____0.snd,
+      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+  Result_ef uu____1 =
+      libcrux_ml_dsa_encoding_signature_deserialize_92_76(signature_serialized);
+  Result_41 uu____2;
+  if (uu____1.tag == Ok) {
+    libcrux_ml_dsa_encoding_signature_Signature_44 s = uu____1.val.case_Ok;
+    libcrux_ml_dsa_encoding_signature_Signature_44 signature = s;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____3[5U];
+    memcpy(uu____3, signature.signer_response,
+           (size_t)5U *
+               sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+    if (libcrux_ml_dsa_arithmetic_vector_infinity_norm_exceeds_4f(
+            uu____3, ((int32_t)2 << (uint32_t)(size_t)19U) - (int32_t)196)) {
+      uu____2 = (CLITERAL(Result_41){
+          .tag = Err,
+          .f0 = libcrux_ml_dsa_types_SignerResponseExceedsBoundError});
+    } else {
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A_as_ntt[6U][5U];
+      uint8_t ret[34U];
+      libcrux_ml_dsa_utils_into_padded_array_b6(
+          Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
+      libcrux_ml_dsa_samplex4_matrix_A_2f(ret, A_as_ntt);
+      uint8_t verification_key_hash[64U] = {0U};
+      libcrux_ml_dsa_hash_functions_portable_shake256_5c_24(
+          Eurydice_array_to_slice((size_t)1952U, verification_key_serialized,
+                                  uint8_t),
+          verification_key_hash);
+      uint8_t message_representative[64U] = {0U};
+      uint8_t uu____4[64U];
+      memcpy(uu____4, verification_key_hash, (size_t)64U * sizeof(uint8_t));
+      libcrux_ml_dsa_ml_dsa_generic_derive_message_representative_7b(
+          uu____4, domain_separation_context, message, message_representative);
+      uint8_t uu____5[48U];
+      memcpy(uu____5, signature.commitment_hash, (size_t)48U * sizeof(uint8_t));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+          verifier_challenge_as_ntt = libcrux_ml_dsa_ntt_ntt_ba(
+              libcrux_ml_dsa_sample_sample_challenge_ring_element_83(uu____5));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b(*uu____6)[5U] =
+          A_as_ntt;
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____7[5U];
+      memcpy(uu____7, signature.signer_response,
+             (size_t)5U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____8 =
+          verifier_challenge_as_ntt;
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_t1[6U];
+      memcpy(copy_of_t1, t1,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b w_approx[6U];
+      libcrux_ml_dsa_matrix_compute_w_approx_2f(uu____6, uu____7, uu____8,
+                                                copy_of_t1, w_approx);
+      uint8_t commitment_hash[48U] = {0U};
+      int32_t uu____10[6U][256U];
+      memcpy(uu____10, signature.hint, (size_t)6U * sizeof(int32_t[256U]));
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_w_approx[6U];
+      memcpy(copy_of_w_approx, w_approx,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b commitment[6U];
+      libcrux_ml_dsa_arithmetic_use_hint_2f(uu____10, copy_of_w_approx,
+                                            commitment);
+      /* Passing arrays by value in Rust generates a copy in C */
+      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b copy_of_commitment[6U];
+      memcpy(copy_of_commitment, commitment,
+             (size_t)6U *
+                 sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b));
+      uint8_t commitment_serialized[768U];
+      libcrux_ml_dsa_encoding_commitment_serialize_vector_5d(
+          copy_of_commitment, commitment_serialized);
+      libcrux_sha3_portable_incremental_Shake256Xof shake =
+          libcrux_ml_dsa_hash_functions_portable_init_83();
+      libcrux_ml_dsa_hash_functions_portable_absorb_83(
+          &shake, Eurydice_array_to_slice((size_t)64U, message_representative,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_absorb_final_83(
+          &shake, Eurydice_array_to_slice((size_t)768U, commitment_serialized,
+                                          uint8_t));
+      libcrux_ml_dsa_hash_functions_portable_squeeze_83(
+          &shake,
+          Eurydice_array_to_slice((size_t)48U, commitment_hash, uint8_t));
+      if (core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq(
+              (size_t)48U, signature.commitment_hash, commitment_hash, uint8_t,
+              uint8_t, bool)) {
+        uu____2 = (CLITERAL(Result_41){.tag = Ok});
+      } else {
+        uu____2 = (CLITERAL(Result_41){
+            .tag = Err,
+            .f0 = libcrux_ml_dsa_types_CommitmentHashesDontMatchError});
+      }
+    }
+  } else {
+    libcrux_ml_dsa_types_VerificationError e = uu____1.val.case_Err;
+    uu____2 = (CLITERAL(Result_41){.tag = Err, .f0 = e});
+  }
+  return uu____2;
 }
 
 /**
@@ -5721,13 +9117,23 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"TODO: TraitTypes "
-      "core::result::{core::ops::try_trait::Try for core::result::Result<T, "
-      "E>[TraitClause@0, TraitClause@1]}#26<T@0, T@1>[TraitClause@0, "
-      "TraitClause@1]::Residual\")\n");
-  KRML_HOST_EXIT(255U);
+  Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
+      context, (CLITERAL(Option_30){.tag = None}));
+  Result_41 uu____1;
+  if (uu____0.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        dsc;
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+        verification_key_serialized, message,
+        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
+        signature_serialized);
+  } else {
+    uu____1 = (CLITERAL(Result_41){
+        .tag = Err,
+        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
+  }
+  return uu____1;
 }
 
 /**
@@ -5801,10 +9207,31 @@ static KRML_MUSTINLINE Result_41
 libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Failure(\"expression_of_operand Constant: "
-                    "TraitClause@11OID\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t pre_hashed_message[256U];
+  libcrux_ml_dsa_pre_hash_hash_bd_54(message, pre_hashed_message);
+  Eurydice_slice uu____0 = context;
+  Option_30 lit;
+  lit.tag = Some;
+  uint8_t ret[11U];
+  libcrux_ml_dsa_pre_hash_oid_bd(ret);
+  memcpy(lit.f0, ret, (size_t)11U * sizeof(uint8_t));
+  Result_a8 uu____1 = libcrux_ml_dsa_pre_hash_new_45(uu____0, lit);
+  Result_41 uu____2;
+  if (uu____1.tag == Ok) {
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____1.val.case_Ok;
+    libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
+        dsc;
+    uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+        verification_key_serialized,
+        Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t),
+        (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
+        signature_serialized);
+  } else {
+    uu____2 = (CLITERAL(Result_41){
+        .tag = Err,
+        .f0 = libcrux_ml_dsa_types_VerificationContextTooLongError});
+  }
+  return uu____2;
 }
 
 /**
@@ -5853,39 +9280,6 @@ libcrux_ml_dsa_ml_dsa_65_portable_verify_pre_hashed_shake128(
       libcrux_ml_dsa_types_as_raw_8f_fa(signature));
 }
 
-typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s {
-  Eurydice_slice context;
-  Option_3f pre_hash_oid;
-} libcrux_ml_dsa_pre_hash_DomainSeparationContext;
-
-/**
- Returns the pre-hash OID, if any.
-*/
-/**
-This function found in impl
-{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
-*/
-static inline Option_3f libcrux_ml_dsa_pre_hash_pre_hash_oid_45(
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext *self) {
-  return self->pre_hash_oid;
-}
-
-/**
- Returns the context, guaranteed to be at most 255 bytes long.
-*/
-/**
-This function found in impl
-{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
-*/
-static inline Eurydice_slice libcrux_ml_dsa_pre_hash_context_45(
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext *self) {
-  return self->context;
-}
-
-#define libcrux_ml_dsa_pre_hash_ContextTooLongError 0
-
-typedef uint8_t libcrux_ml_dsa_pre_hash_DomainSeparationError;
-
 #define LIBCRUX_ML_DSA_PRE_HASH_PRE_HASH_OID_LEN ((size_t)11U)
 
 typedef uint8_t libcrux_ml_dsa_pre_hash_PreHashOID[11U];
@@ -5911,143 +9305,6 @@ libcrux_ml_dsa_pre_hash_from_b6(
   return libcrux_ml_dsa_types_VerificationContextTooLongError;
 }
 
-static const uint8_t
-    libcrux_ml_dsa_pre_hash___libcrux_ml_dsa__pre_hash__PreHash_256__usize__for_libcrux_ml_dsa__pre_hash__SHAKE128_PH___OID
-        [11U] = {6U, 9U, 96U, 134U, 72U, 1U, 101U, 3U, 4U, 2U, 11U};
-
-#define libcrux_ml_dsa_pre_hash_Ok 0
-#define libcrux_ml_dsa_pre_hash_Err 1
-
-typedef uint8_t libcrux_ml_dsa_pre_hash_PreHashResult_tags;
-
-typedef struct libcrux_ml_dsa_pre_hash_PreHashResult_s {
-  libcrux_ml_dsa_pre_hash_PreHashResult_tags tag;
-  union {
-    libcrux_ml_dsa_pre_hash_DomainSeparationContext case_Ok;
-    libcrux_ml_dsa_pre_hash_DomainSeparationError case_Err;
-  } val;
-} libcrux_ml_dsa_pre_hash_PreHashResult;
-
-/**
- `context` must be at most 255 bytes long.
-*/
-/**
-This function found in impl
-{libcrux_ml_dsa::pre_hash::DomainSeparationContext<'a>#1}
-*/
-static inline libcrux_ml_dsa_pre_hash_PreHashResult
-libcrux_ml_dsa_pre_hash_new_45(Eurydice_slice context, Option_3f pre_hash_oid) {
-  libcrux_ml_dsa_pre_hash_PreHashResult uu____0;
-  if (Eurydice_slice_len(context, uint8_t) >
-      LIBCRUX_ML_DSA_CONSTANTS_CONTEXT_MAX_LEN) {
-    uu____0 = (CLITERAL(libcrux_ml_dsa_pre_hash_PreHashResult){
-        .tag = libcrux_ml_dsa_pre_hash_Err,
-        .val = {.case_Err = libcrux_ml_dsa_pre_hash_ContextTooLongError}});
-  } else {
-    uu____0 = (CLITERAL(libcrux_ml_dsa_pre_hash_PreHashResult){
-        .tag = libcrux_ml_dsa_pre_hash_Ok,
-        .val = {
-            .case_Ok = {.context = context, .pre_hash_oid = pre_hash_oid}}});
-  }
-  return uu____0;
-}
-
-static KRML_MUSTINLINE bool libcrux_ml_dsa_sample_inside_out_shuffle(
-    Eurydice_slice randomness, size_t *out_index, uint64_t *signs,
-    int32_t *result) {
-  bool done = false;
-  core_slice_iter_Iter iter =
-      core_slice_iter___core__iter__traits__collect__IntoIterator_for___a___Slice_T____1__into_iter(
-          randomness, uint8_t, core_slice_iter_Iter);
-  while (true) {
-    Option_3f uu____0 =
-        core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Iter__a__T__TraitClause_0___182__next(
-            &iter, uint8_t, Option_3f);
-    if (uu____0.tag == None) {
-      break;
-    } else {
-      uint8_t *byte = uu____0.f0;
-      if (!done) {
-        size_t sample_at = (size_t)byte[0U];
-        if (sample_at <= out_index[0U]) {
-          result[out_index[0U]] = result[sample_at];
-          out_index[0U] = out_index[0U] + (size_t)1U;
-          result[sample_at] =
-              (int32_t)1 - (int32_t)2 * (int32_t)(signs[0U] & 1ULL);
-          signs[0U] = signs[0U] >> 1U;
-          size_t uu____1 = out_index[0U];
-          done = uu____1 ==
-                 Eurydice_slice_len(
-                     Eurydice_array_to_slice((size_t)256U, result, int32_t),
-                     int32_t);
-        } else {
-          size_t uu____2 = out_index[0U];
-          done = uu____2 ==
-                 Eurydice_slice_len(
-                     Eurydice_array_to_slice((size_t)256U, result, int32_t),
-                     int32_t);
-        }
-      }
-    }
-  }
-  return done;
-}
-
-static KRML_MUSTINLINE void libcrux_ml_dsa_sample_update_seed(
-    uint8_t seed[66U], uint16_t *domain_separator, uint8_t ret[66U]) {
-  seed[64U] = (uint8_t)domain_separator[0U];
-  seed[65U] = (uint8_t)((uint32_t)domain_separator[0U] >> 8U);
-  domain_separator[0U] = (uint32_t)domain_separator[0U] + 1U;
-  memcpy(ret, seed, (size_t)66U * sizeof(uint8_t));
-}
-
-typedef struct int32_t_x2_s {
-  int32_t fst;
-  int32_t snd;
-} int32_t_x2;
-
-static KRML_MUSTINLINE int32_t_x2
-libcrux_ml_dsa_simd_portable_arithmetic_power2round_element(int32_t t) {
-  int32_t t2 = t + (t >> 31U & LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS);
-  int32_t t1 =
-      (t2 - (int32_t)1 +
-       ((int32_t)1
-        << (uint32_t)(LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T -
-                      (size_t)1U))) >>
-      (uint32_t)LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T;
-  int32_t t0 =
-      t2 - (t1 << (uint32_t)LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T);
-  return (CLITERAL(int32_t_x2){.fst = t0, .snd = t1});
-}
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_DESERIALIZE_WHEN_ETA_IS_4_ETA \
-  ((int32_t)4)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_ERROR_SERIALIZE_WHEN_ETA_IS_4_ETA \
-  ((int32_t)4)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
-  ((int32_t)1 << 17U)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1_TIMES_2_BITMASK \
-  ((LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1                     \
-    << 1U) -                                                                                                    \
-   (int32_t)1)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
-  ((int32_t)1 << 19U)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1_TIMES_2_BITMASK \
-  ((LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_DESERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1                     \
-    << 1U) -                                                                                                    \
-   (int32_t)1)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_17_GAMMA1 \
-  ((int32_t)1 << 17U)
-
-#define LIBCRUX_ML_DSA_SIMD_PORTABLE_ENCODING_GAMMA1_SERIALIZE_WHEN_GAMMA1_IS_2_POW_19_GAMMA1 \
-  ((int32_t)1 << 19U)
-
 /**
 This function found in impl {(core::clone::Clone for
 libcrux_ml_dsa::simd::portable::vector_type::PortableSIMDUnit)}
@@ -6062,8 +9319,10 @@ typedef int32_t libcrux_ml_dsa_simd_traits_FieldElementTimesMontgomeryR;
 
 typedef int32_t libcrux_ml_dsa_simd_portable_vector_type_FieldElement;
 
-typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s {
-} libcrux_ml_dsa_hash_functions_portable_Shake128;
+typedef Result_a8 libcrux_ml_dsa_pre_hash_PreHashResult;
+
+// typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s {
+// } libcrux_ml_dsa_hash_functions_portable_Shake128;
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index 5b4eb7f14..78bfb4cff 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+ * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index 807e69f7c..e2a3dcc30 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 11a2dcf9b3f0c4803b93a53caa737ed8eac8bfd1
+ * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
  */
 
 #ifndef __libcrux_sha3_portable_H
diff --git a/libcrux-ml-dsa/cg/tests/mldsa65.cc b/libcrux-ml-dsa/cg/tests/mldsa65.cc
index e1e4bdb33..ea77a81b2 100644
--- a/libcrux-ml-dsa/cg/tests/mldsa65.cc
+++ b/libcrux-ml-dsa/cg/tests/mldsa65.cc
@@ -35,19 +35,23 @@ TEST(MlDsa65TestPortable, ConsistencyTest)
     {
         randomness[i] = 0x55;
     }
-    uint8_t context[0];
-    auto ctxt = libcrux_ml_dsa_ml_dsa_65_portable_sign(
-        &key_pair.signing_key,
-        mk_slice(&msg, 79),
-        mk_slice(&context, 0),
+    uint8_t context[3];
+
+    auto msg_slice = mk_slice(&msg, 79);
+    auto context_slice = mk_slice(&context, 3);
+    auto signature_result = libcrux_ml_dsa_ml_dsa_65_portable_sign(
+        &key_pair.signing_key, msg_slice,
+        context_slice,
         randomness);
+    EXPECT_EQ(signature_result.tag, Ok);
+    auto signature = signature_result.val.case_Ok;
 
-    // // Verify
-    // uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE];
-    // libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2);
+    // Verify
+    auto result = libcrux_ml_dsa_ml_dsa_65_portable_verify(
+        &key_pair.verification_key,
+        msg_slice,
+        context_slice,
+        &signature);
 
-    // EXPECT_EQ(0,
-    //           memcmp(ctxt.snd,
-    //                  sharedSecret2,
-    //                  LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE));
+    EXPECT_EQ(result.tag, Ok);
 }

From d1a299af9c8ccea396dad45a9890f69ad5e0d2ec Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 9 Dec 2024 09:33:18 +0100
Subject: [PATCH 087/142] verif status

---
 libcrux-ml-kem/proofs/verification_status.md | 35 ++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 libcrux-ml-kem/proofs/verification_status.md

diff --git a/libcrux-ml-kem/proofs/verification_status.md b/libcrux-ml-kem/proofs/verification_status.md
new file mode 100644
index 000000000..5ce7aa0a8
--- /dev/null
+++ b/libcrux-ml-kem/proofs/verification_status.md
@@ -0,0 +1,35 @@
+# ML-KEM Verification Status
+
+This file keeps track of the current verification status of the modules in the ML-KEM implementation.
+
+## Generic modules
+* constant_time_ops: Verified
+* hash_functions: Verified
+* ind_cca: Verified 
+* ind_cpa: Verified
+* ind_cca/instaniations: Verified
+* ind_cca/instaniations/avx2: Verified
+* ind_cca/multiplexing: Verified
+
+* invert_ntt: Panic Free, Not linked to spec
+* ntt: Panic Free, Not linked to spec
+* mlkem*: Panic Free, Not linked to spec
+
+* matrix: Needs proofs
+* sampling: Needs proofs
+* polynomial: Needs proofs
+* serialize: Needs proofs
+
+## Portable modules
+* arithmetic: Verified
+* compress: Verified
+* ntt: Verified
+* serialize: Verified
+* sampling: Needs proofs
+
+## AVX2 modules
+* arithmetic: Verified
+* serialize: Verified
+* compress: Panic Free
+* ntt: Needs proofs
+* sampling: Needs proofs

From 87497297c8d9a6be6127d9daae13a942b5439e74 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 9 Dec 2024 10:03:56 +0000
Subject: [PATCH 088/142] fix eurydice iterators

---
 libcrux-ml-dsa/cg/eurydice_glue.h | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/libcrux-ml-dsa/cg/eurydice_glue.h b/libcrux-ml-dsa/cg/eurydice_glue.h
index 77124b063..9bfd9f546 100644
--- a/libcrux-ml-dsa/cg/eurydice_glue.h
+++ b/libcrux-ml-dsa/cg/eurydice_glue.h
@@ -161,23 +161,18 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
                                                                      _ret_t) \
   (o)->tag
 
-
-static inline uint8_t
-Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v)
-{
-    return (*p) & v;
+static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) {
+  return (*p) & v;
 }
 
-static inline uint8_t
-Eurydice_shr_pv_u8(uint8_t *p, int32_t v)
-{
-    return (*p) >> v;
+static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) {
+  return (*p) >> v;
 }
 
 // ITERATORS
 
 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
-  (((iter_ptr)->start == (iter_ptr)->end)            \
+  (((iter_ptr)->start >= (iter_ptr)->end)            \
        ? (CLITERAL(ret_t){.tag = None, .f0 = 0})     \
        : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
 

From 02f1009a28a9252c0291a645b2979ad0fc71e3b5 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 9 Dec 2024 10:13:52 +0000
Subject: [PATCH 089/142] mldsa: feature guard sampling

---
 libcrux-ml-dsa/src/samplex4.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 1ac7e7530..edf06d13c 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -391,6 +391,7 @@ pub(crate) fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUM
     }
 }
 
+#[cfg(feature = "mldsa44")]
 #[inline(always)]
 fn sample_s1_and_s2_4_by_4<
     SIMDUnit: Operations,
@@ -421,6 +422,8 @@ fn sample_s1_and_s2_4_by_4<
 
     (s1, s2)
 }
+
+#[cfg(feature = "mldsa65")]
 #[inline(always)]
 fn sample_s1_and_s2_5_by_6<
     SIMDUnit: Operations,
@@ -457,6 +460,8 @@ fn sample_s1_and_s2_5_by_6<
 
     (s1, s2)
 }
+
+#[cfg(feature = "mldsa87")]
 #[inline(always)]
 fn sample_s1_and_s2_7_by_8<
     SIMDUnit: Operations,
@@ -500,6 +505,7 @@ fn sample_s1_and_s2_7_by_8<
 
     (s1, s2)
 }
+
 #[inline(always)]
 pub(crate) fn sample_s1_and_s2<
     SIMDUnit: Operations,
@@ -514,12 +520,15 @@ pub(crate) fn sample_s1_and_s2<
     [PolynomialRingElement<SIMDUnit>; S2_DIMENSION],
 ) {
     match (S1_DIMENSION as u8, S2_DIMENSION as u8) {
+        #[cfg(feature = "mldsa44")]
         (4, 4) => {
             sample_s1_and_s2_4_by_4::<SIMDUnit, Shake256X4, ETA, S1_DIMENSION, S2_DIMENSION>(seed)
         }
+        #[cfg(feature = "mldsa65")]
         (5, 6) => {
             sample_s1_and_s2_5_by_6::<SIMDUnit, Shake256X4, ETA, S1_DIMENSION, S2_DIMENSION>(seed)
         }
+        #[cfg(feature = "mldsa87")]
         (7, 8) => {
             sample_s1_and_s2_7_by_8::<SIMDUnit, Shake256X4, ETA, S1_DIMENSION, S2_DIMENSION>(seed)
         }

From a93d7ea6889af3fa134fef06b87fe62b8a42f58b Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 9 Dec 2024 10:17:19 +0000
Subject: [PATCH 090/142] mldsa C code (portable working)

---
 libcrux-ml-dsa/cg/libcrux_core.h             |   2 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 167 +------------------
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h |   8 +-
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |   2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |   2 +-
 5 files changed, 5 insertions(+), 176 deletions(-)

diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index 4cf1b281a..ed839622f 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+ * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 7c5698cb0..4cd046ed1 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+ * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -4495,65 +4495,6 @@ static KRML_MUSTINLINE
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_4_by_4
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
-libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
-- ETA= 4
-- S1_DIMENSION= 5
-- S2_DIMENSION= 6
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE tuple_ce0
-libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_4d(uint8_t seed_base[66U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U];
-  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
-    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  }
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base[66U];
-  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
-          copy_of_seed_base, 0U, 1U, 2U, 3U);
-  s1[0U] = four.fst;
-  s1[1U] = four.snd;
-  s1[2U] = four.thd;
-  s1[3U] = four.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base0[66U];
-  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
-          copy_of_seed_base0, 4U, 5U, 6U, 7U);
-  s2[0U] = four0.fst;
-  s2[1U] = four0.snd;
-  s2[2U] = four0.thd;
-  s2[3U] = four0.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
-  memcpy(
-      copy_of_s1, s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2[6U];
-  memcpy(
-      copy_of_s2, s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  tuple_ce0 lit;
-  memcpy(
-      lit.fst, copy_of_s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  memcpy(
-      lit.snd, copy_of_s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  return lit;
-}
-
 /**
 A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_5_by_6
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
@@ -4622,84 +4563,6 @@ libcrux_ml_dsa_samplex4_sample_s1_and_s2_5_by_6_4d(uint8_t seed_base[66U]) {
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2_7_by_8
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
-libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
-- ETA= 4
-- S1_DIMENSION= 5
-- S2_DIMENSION= 6
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE tuple_ce0
-libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_4d(uint8_t seed_base[66U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s1[5U];
-  for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
-    s1[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  }
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 s2[6U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    s2[i] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base[66U];
-  memcpy(copy_of_seed_base, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
-          copy_of_seed_base, 0U, 1U, 2U, 3U);
-  s1[0U] = four.fst;
-  s1[1U] = four.snd;
-  s1[2U] = four.thd;
-  s1[3U] = four.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base0[66U];
-  memcpy(copy_of_seed_base0, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four0 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
-          copy_of_seed_base0, 4U, 5U, 6U, 7U);
-  s1[4U] = four0.fst;
-  s1[5U] = four0.snd;
-  s1[6U] = four0.thd;
-  s2[0U] = four0.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base1[66U];
-  memcpy(copy_of_seed_base1, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four1 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
-          copy_of_seed_base1, 8U, 9U, 10U, 11U);
-  s2[1U] = four1.fst;
-  s2[2U] = four1.snd;
-  s2[3U] = four1.thd;
-  s2[4U] = four1.f3;
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed_base2[66U];
-  memcpy(copy_of_seed_base2, seed_base, (size_t)66U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four2 = libcrux_ml_dsa_sample_sample_four_error_ring_elements_cb(
-          copy_of_seed_base2, 12U, 13U, 14U, 15U);
-  s2[5U] = four2.fst;
-  s2[6U] = four2.snd;
-  s2[7U] = four2.thd;
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s1[5U];
-  memcpy(
-      copy_of_s1, s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  /* Passing arrays by value in Rust generates a copy in C */
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 copy_of_s2[6U];
-  memcpy(
-      copy_of_s2, s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  tuple_ce0 lit;
-  memcpy(
-      lit.fst, copy_of_s1,
-      (size_t)5U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  memcpy(
-      lit.snd, copy_of_s2,
-      (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24));
-  return lit;
-}
-
 /**
 A monomorphic instance of libcrux_ml_dsa.samplex4.sample_s1_and_s2
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
@@ -4713,20 +4576,6 @@ static KRML_MUSTINLINE tuple_ce0
 libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(uint8_t seed[66U]) {
   uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)5U, .snd = (uint8_t)(size_t)6U};
   switch (uu____0.fst) {
-    case 4U: {
-      switch (uu____0.snd) {
-        case 4U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[66U];
-          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
-          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_4_by_4_4d(
-              copy_of_seed);
-        }
-        default: {
-        }
-      }
-      break;
-    }
     case 5U: {
       switch (uu____0.snd) {
         case 6U: {
@@ -4741,20 +4590,6 @@ libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(uint8_t seed[66U]) {
       }
       break;
     }
-    case 7U: {
-      switch (uu____0.snd) {
-        case 8U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[66U];
-          memcpy(copy_of_seed, seed, (size_t)66U * sizeof(uint8_t));
-          return libcrux_ml_dsa_samplex4_sample_s1_and_s2_7_by_8_4d(
-              copy_of_seed);
-        }
-        default: {
-        }
-      }
-      break;
-    }
     default: {
     }
   }
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index a1c766bfb..7c1e075a3 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+ * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -396,7 +396,6 @@ libcrux_ml_dsa::hash_functions::portable::Shake256Xof)#4}
 */
 static inline void libcrux_ml_dsa_hash_functions_portable_squeeze_83(
     libcrux_sha3_portable_incremental_Shake256Xof *self, Eurydice_slice out) {
-  printf("squeeze out len: %lu\n", out.len);
   libcrux_sha3_portable_incremental_squeeze_68(self, out);
 }
 
@@ -646,8 +645,6 @@ static inline void libcrux_ml_dsa_pre_hash_oid_bd(uint8_t ret[11U]) {
          (size_t)11U * sizeof(uint8_t));
 }
 
-// typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s {
-// } libcrux_ml_dsa_pre_hash_SHAKE128_PH;
 
 typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_s {
   int32_t coefficients[8U];
@@ -9321,9 +9318,6 @@ typedef int32_t libcrux_ml_dsa_simd_portable_vector_type_FieldElement;
 
 typedef Result_a8 libcrux_ml_dsa_pre_hash_PreHashResult;
 
-// typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s {
-// } libcrux_ml_dsa_hash_functions_portable_Shake128;
-
 #if defined(__cplusplus)
 }
 #endif
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index 78bfb4cff..ed58cea67 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+ * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index e2a3dcc30..dabbeb171 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+ * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
  */
 
 #ifndef __libcrux_sha3_portable_H

From 60ac469a75e40c42c98ad96617fe8015ca6dda93 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 9 Dec 2024 10:19:31 +0000
Subject: [PATCH 091/142] mldsa: updated F* code

---
 .../Libcrux_ml_dsa.Encoding.Commitment.fst    | 143 +++------
 .../Libcrux_ml_dsa.Encoding.Commitment.fsti   |   8 +-
 .../Libcrux_ml_dsa.Encoding.Error.fst         | 278 +++++++-----------
 .../Libcrux_ml_dsa.Encoding.Error.fsti        |   8 +-
 .../Libcrux_ml_dsa.Encoding.Gamma1.fst        | 226 +++++---------
 .../Libcrux_ml_dsa.Encoding.Gamma1.fsti       |  10 +-
 .../Libcrux_ml_dsa.Encoding.Signature.fst     |  17 +-
 .../Libcrux_ml_dsa.Encoding.Signing_key.fst   |  26 +-
 .../extraction/Libcrux_ml_dsa.Encoding.T0.fst | 155 +++++-----
 .../Libcrux_ml_dsa.Encoding.T0.fsti           |   6 +-
 .../extraction/Libcrux_ml_dsa.Encoding.T1.fst |  75 ++---
 .../Libcrux_ml_dsa.Encoding.T1.fsti           |   1 +
 ...bcrux_ml_dsa.Encoding.Verification_key.fst |   1 +
 .../extraction/Libcrux_ml_dsa.Matrix.fst      |  62 +++-
 ...neric.Instantiations.Avx2.Avx2_feature.fst |   2 +
 ...dsa.Ml_dsa_generic.Instantiations.Neon.fst |   2 +
 ...Ml_dsa_generic.Instantiations.Portable.fst |   2 +
 .../Libcrux_ml_dsa.Ml_dsa_generic.fst         | 225 +++++++-------
 .../Libcrux_ml_dsa.Ml_dsa_generic.fsti        |  28 +-
 .../extraction/Libcrux_ml_dsa.Polynomial.fst  |  70 +++--
 .../extraction/Libcrux_ml_dsa.Pre_hash.fst    |  65 ++--
 .../extraction/Libcrux_ml_dsa.Pre_hash.fsti   |  40 ++-
 .../extraction/Libcrux_ml_dsa.Sample.fst      | 107 ++++---
 .../extraction/Libcrux_ml_dsa.Sample.fsti     |   1 +
 ...x_ml_dsa.Simd.Avx2.Encoding.Commitment.fst | 248 ++++++++--------
 ..._ml_dsa.Simd.Avx2.Encoding.Commitment.fsti |   4 +-
 ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst |  69 +++--
 ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti |  12 +-
 ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst |  71 +++--
 ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti |  12 +-
 .../extraction/Libcrux_ml_dsa.Simd.Avx2.fst   |  81 +++--
 ..._dsa.Simd.Portable.Encoding.Commitment.fst | 131 +++++----
 ...dsa.Simd.Portable.Encoding.Commitment.fsti |   4 +-
 ...ux_ml_dsa.Simd.Portable.Encoding.Error.fst |  44 +--
 ...x_ml_dsa.Simd.Portable.Encoding.Error.fsti |  13 +-
 ...x_ml_dsa.Simd.Portable.Encoding.Gamma1.fst |  81 ++---
 ..._ml_dsa.Simd.Portable.Encoding.Gamma1.fsti |  13 +-
 .../Libcrux_ml_dsa.Simd.Portable.Sample.fst   |  16 +-
 .../Libcrux_ml_dsa.Simd.Portable.fst          |  54 +++-
 .../Libcrux_ml_dsa.Simd.Traits.fsti           |  36 +--
 .../fstar/extraction/Libcrux_ml_dsa.Types.fst |   2 +-
 .../extraction/Libcrux_ml_dsa.Types.fsti      |   2 +-
 42 files changed, 1212 insertions(+), 1239 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst
index 8634dfbe9..bfbcf309d 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst
@@ -11,111 +11,54 @@ let _ =
 
 let serialize
       (#v_SIMDUnit: Type0)
-      (v_OUTPUT_SIZE: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 128uy ->
-    let serialized:t_Array u8 v_OUTPUT_SIZE =
-      Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
-          <:
-          t_Slice v_SIMDUnit)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_dsa.Simd.Traits.f_commitment_serialize #v_SIMDUnit
-                      #FStar.Tactics.Typeclasses.solve
-                      (sz 4)
-                      simd_unit
+  let output_bytes_per_simd_unit:usize =
+    (Core.Slice.impl__len #u8 serialized <: usize) /! (sz 8 *! sz 4 <: usize)
+  in
+  let serialized:t_Slice u8 =
+    Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
+        <:
+        t_Slice v_SIMDUnit)
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
+          let _:usize = temp_1_ in
+          true)
+      serialized
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
+          let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
+          Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+            ({
+                Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize;
+                Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize)
+            (Libcrux_ml_dsa.Simd.Traits.f_commitment_serialize #v_SIMDUnit
+                #FStar.Tactics.Typeclasses.solve
+                simd_unit
+                (serialized.[ {
+                      Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize;
+                      Core.Ops.Range.f_end
+                      =
+                      (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize
+                    }
                     <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-            <:
-            t_Array u8 v_OUTPUT_SIZE)
-    in
-    serialized
-  | 192uy ->
-    let serialized:t_Array u8 v_OUTPUT_SIZE =
-      Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
+                    Core.Ops.Range.t_Range usize ]
+                  <:
+                  t_Slice u8)
+              <:
+              t_Slice u8)
           <:
-          t_Slice v_SIMDUnit)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start
-                        =
-                        i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_dsa.Simd.Traits.f_commitment_serialize #v_SIMDUnit
-                      #FStar.Tactics.Typeclasses.solve
-                      (sz 6)
-                      simd_unit
-                    <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-            <:
-            t_Array u8 v_OUTPUT_SIZE)
-    in
-    serialized
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
-
-        <:
-        Rust_primitives.Hax.t_Never)
+          t_Slice u8)
+  in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
+  serialized
 
 let serialize_vector
       (#v_SIMDUnit: Type0)
@@ -151,7 +94,8 @@ let serialize_vector
                 }
                 <:
                 Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
+              (serialize #v_SIMDUnit
+                  ring_element
                   (serialized.[ {
                         Core.Ops.Range.f_start = offset;
                         Core.Ops.Range.f_end = offset +! v_RING_ELEMENT_SIZE <: usize
@@ -160,7 +104,6 @@ let serialize_vector
                       Core.Ops.Range.t_Range usize ]
                     <:
                     t_Slice u8)
-                  (serialize #v_SIMDUnit v_RING_ELEMENT_SIZE ring_element <: t_Slice u8)
                 <:
                 t_Slice u8)
           in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti
index 0becaf037..53816fd08 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti
@@ -9,16 +9,12 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 4
-
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = sz 6
-
 val serialize
       (#v_SIMDUnit: Type0)
-      (v_OUTPUT_SIZE: usize)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
 val serialize_vector
       (#v_SIMDUnit: Type0)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst
index 84a413aa5..e95ba0a90 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst
@@ -16,73 +16,50 @@ let deserialize
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
      =
-  let serialized_chunks:Core.Slice.Iter.t_Chunks u8 =
-    match cast (v_ETA <: usize) <: u8 with
-    | 2uy -> Core.Slice.impl__chunks #u8 serialized (sz 3)
-    | 4uy -> Core.Slice.impl__chunks #u8 serialized (sz 4)
-    | _ ->
-      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
-
-          <:
-          Rust_primitives.Hax.t_Never)
-  in
+  let chunk_size:usize = if v_ETA =. sz 2 then sz 3 else sz 4 in
   let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit ()
-  in
-  let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Core.Slice.Iter.t_Chunks u8) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       (Core.Slice.impl__len #v_SIMDUnit
           (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit)
         <:
         usize)
-      (fun temp_0_ temp_1_ ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      (fun result temp_1_ ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let _:usize = temp_1_ in
           true)
-      (result, serialized_chunks
-        <:
-        (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8)
-      )
-      (fun temp_0_ i ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      result
+      (fun result i ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let i:usize = i in
-          let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) =
-            Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks u8)
-              #FStar.Tactics.Typeclasses.solve
-              serialized_chunks
-          in
-          let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in
-          ({
-              result with
-              Libcrux_ml_dsa.Polynomial.f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
-                  .Libcrux_ml_dsa.Polynomial.f_simd_units
-                i
-                (Libcrux_ml_dsa.Simd.Traits.f_error_deserialize #v_SIMDUnit
-                    #FStar.Tactics.Typeclasses.solve
-                    v_ETA
-                    (Core.Option.impl__unwrap #(t_Slice u8) out <: t_Slice u8)
-                  <:
-                  v_SIMDUnit)
-            }
+          {
+            result with
+            Libcrux_ml_dsa.Polynomial.f_simd_units
+            =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+                .Libcrux_ml_dsa.Polynomial.f_simd_units
+              i
+              (Libcrux_ml_dsa.Simd.Traits.f_error_deserialize #v_SIMDUnit
+                  #FStar.Tactics.Typeclasses.solve
+                  v_ETA
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = i *! chunk_size <: usize;
+                        Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! chunk_size <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                <:
+                v_SIMDUnit)
             <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit),
-          serialized_chunks
+            t_Array v_SIMDUnit (sz 32)
+          }
           <:
-          (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8))
+          Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   result
 
 let deserialize_to_vector_then_ntt
@@ -102,18 +79,15 @@ let deserialize_to_vector_then_ntt
   in
   let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     v_DIMENSION =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate
-            (Core.Slice.Iter.t_Chunks u8))
-          #FStar.Tactics.Typeclasses.solve
-          (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Chunks u8)
-              #FStar.Tactics.Typeclasses.solve
-              (Core.Slice.impl__chunks #u8 serialized v_RING_ELEMENT_SIZE
-                <:
-                Core.Slice.Iter.t_Chunks u8)
-            <:
-            Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8))
-        <:
-        Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8))
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice v_RING_ELEMENT_SIZE
+      serialized
+      (fun ring_elements temp_1_ ->
+          let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_DIMENSION =
+            ring_elements
+          in
+          let _:usize = temp_1_ in
+          true)
       ring_elements
       (fun ring_elements temp_1_ ->
           let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
@@ -121,16 +95,31 @@ let deserialize_to_vector_then_ntt
             ring_elements
           in
           let i, bytes:(usize & t_Slice u8) = temp_1_ in
-          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ring_elements
-            i
-            (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
-                (deserialize #v_SIMDUnit v_ETA bytes
-                  <:
-                  Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-              <:
-              Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-          <:
-          t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION)
+          let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_DIMENSION =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ring_elements
+              i
+              (deserialize #v_SIMDUnit
+                  v_ETA
+                  bytes
+                  (ring_elements.[ i ]
+                    <:
+                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                <:
+                Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          in
+          let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_DIMENSION =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ring_elements
+              i
+              (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
+                  (ring_elements.[ i ]
+                    <:
+                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                <:
+                Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          in
+          ring_elements)
   in
   ring_elements
 
@@ -141,103 +130,46 @@ let serialize
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
-  match cast (v_ETA <: usize) <: u8 with
-  | 2uy ->
-    let serialized:t_Array u8 v_OUTPUT_SIZE =
-      Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
-          <:
-          t_Slice v_SIMDUnit)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit
-                      #FStar.Tactics.Typeclasses.solve
-                      (sz 3)
-                      simd_unit
+  let output_bytes_per_simd_unit:usize = if v_ETA =. sz 2 then sz 3 else sz 4 in
+  let serialized:t_Slice u8 =
+    Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
+        <:
+        t_Slice v_SIMDUnit)
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
+          let _:usize = temp_1_ in
+          true)
+      serialized
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
+          let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
+          Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+            ({
+                Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize;
+                Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize)
+            (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit
+                #FStar.Tactics.Typeclasses.solve
+                v_ETA
+                simd_unit
+                (serialized.[ {
+                      Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize;
+                      Core.Ops.Range.f_end
+                      =
+                      (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize
+                    }
                     <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-            <:
-            t_Array u8 v_OUTPUT_SIZE)
-    in
-    serialized
-  | 4uy ->
-    let serialized:t_Array u8 v_OUTPUT_SIZE =
-      Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
+                    Core.Ops.Range.t_Range usize ]
+                  <:
+                  t_Slice u8)
+              <:
+              t_Slice u8)
           <:
-          t_Slice v_SIMDUnit)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start
-                        =
-                        i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit
-                      #FStar.Tactics.Typeclasses.solve
-                      (sz 4)
-                      simd_unit
-                    <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-            <:
-            t_Array u8 v_OUTPUT_SIZE)
-    in
-    serialized
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
-
-        <:
-        Rust_primitives.Hax.t_Never)
+          t_Slice u8)
+  in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti
index 199d62d48..2136a90ef 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti
@@ -9,15 +9,12 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 3
-
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = sz 4
-
 val deserialize
       (#v_SIMDUnit: Type0)
       (v_ETA: usize)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
       (fun _ -> Prims.l_True)
@@ -37,4 +34,5 @@ val serialize
       (v_ETA v_OUTPUT_SIZE: usize)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst
index 470cf8ab6..a55f19fe7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst
@@ -16,179 +16,101 @@ let deserialize
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
      =
-  let serialized_chunks:Core.Slice.Iter.t_Chunks u8 =
-    match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
-    | 17uy -> Core.Slice.impl__chunks #u8 serialized (sz 18)
-    | 19uy -> Core.Slice.impl__chunks #u8 serialized (sz 20)
-    | _ ->
-      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
-
-          <:
-          Rust_primitives.Hax.t_Never)
-  in
   let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit ()
-  in
-  let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Core.Slice.Iter.t_Chunks u8) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       (Core.Slice.impl__len #v_SIMDUnit
           (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit)
         <:
         usize)
-      (fun temp_0_ temp_1_ ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      (fun result temp_1_ ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let _:usize = temp_1_ in
           true)
-      (result, serialized_chunks
-        <:
-        (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8)
-      )
-      (fun temp_0_ i ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      result
+      (fun result i ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let i:usize = i in
-          let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) =
-            Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks u8)
-              #FStar.Tactics.Typeclasses.solve
-              serialized_chunks
-          in
-          let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in
-          ({
-              result with
-              Libcrux_ml_dsa.Polynomial.f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
-                  .Libcrux_ml_dsa.Polynomial.f_simd_units
-                i
-                (Libcrux_ml_dsa.Simd.Traits.f_gamma1_deserialize #v_SIMDUnit
-                    #FStar.Tactics.Typeclasses.solve
-                    v_GAMMA1_EXPONENT
-                    (Core.Option.impl__unwrap #(t_Slice u8) out <: t_Slice u8)
-                  <:
-                  v_SIMDUnit)
-            }
+          {
+            result with
+            Libcrux_ml_dsa.Polynomial.f_simd_units
+            =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+                .Libcrux_ml_dsa.Polynomial.f_simd_units
+              i
+              (Libcrux_ml_dsa.Simd.Traits.f_gamma1_deserialize #v_SIMDUnit
+                  #FStar.Tactics.Typeclasses.solve
+                  v_GAMMA1_EXPONENT
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = i *! (v_GAMMA1_EXPONENT +! sz 1 <: usize) <: usize;
+                        Core.Ops.Range.f_end
+                        =
+                        (i +! sz 1 <: usize) *! (v_GAMMA1_EXPONENT +! sz 1 <: usize) <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                <:
+                v_SIMDUnit)
             <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit),
-          serialized_chunks
+            t_Array v_SIMDUnit (sz 32)
+          }
           <:
-          (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8))
+          Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   result
 
 let serialize
       (#v_SIMDUnit: Type0)
-      (v_GAMMA1_EXPONENT v_OUTPUT_BYTES: usize)
+      (v_GAMMA1_EXPONENT: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_BYTES = Rust_primitives.Hax.repeat 0uy v_OUTPUT_BYTES in
-  match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
-  | 17uy ->
-    let serialized:t_Array u8 v_OUTPUT_BYTES =
-      Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
-          <:
-          t_Slice v_SIMDUnit)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_BYTES = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_BYTES = serialized in
-            let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_dsa.Simd.Traits.f_gamma1_serialize #v_SIMDUnit
-                      #FStar.Tactics.Typeclasses.solve
-                      (sz 18)
-                      simd_unit
+  let serialized:t_Slice u8 =
+    Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
+        <:
+        t_Slice v_SIMDUnit)
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
+          let _:usize = temp_1_ in
+          true)
+      serialized
+      (fun serialized temp_1_ ->
+          let serialized:t_Slice u8 = serialized in
+          let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
+          Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+            ({
+                Core.Ops.Range.f_start = i *! (v_GAMMA1_EXPONENT +! sz 1 <: usize) <: usize;
+                Core.Ops.Range.f_end
+                =
+                (i +! sz 1 <: usize) *! (v_GAMMA1_EXPONENT +! sz 1 <: usize) <: usize
+              }
+              <:
+              Core.Ops.Range.t_Range usize)
+            (Libcrux_ml_dsa.Simd.Traits.f_gamma1_serialize #v_SIMDUnit
+                #FStar.Tactics.Typeclasses.solve
+                v_GAMMA1_EXPONENT
+                simd_unit
+                (serialized.[ {
+                      Core.Ops.Range.f_start = i *! (v_GAMMA1_EXPONENT +! sz 1 <: usize) <: usize;
+                      Core.Ops.Range.f_end
+                      =
+                      (i +! sz 1 <: usize) *! (v_GAMMA1_EXPONENT +! sz 1 <: usize) <: usize
+                    }
                     <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-            <:
-            t_Array u8 v_OUTPUT_BYTES)
-    in
-    serialized
-  | 19uy ->
-    let serialized:t_Array u8 v_OUTPUT_BYTES =
-      Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
+                    Core.Ops.Range.t_Range usize ]
+                  <:
+                  t_Slice u8)
+              <:
+              t_Slice u8)
           <:
-          t_Slice v_SIMDUnit)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_BYTES = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_BYTES = serialized in
-            let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-              ({
-                  Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize;
-                  Core.Ops.Range.f_end
-                  =
-                  (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize
-                }
-                <:
-                Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
-                  (serialized.[ {
-                        Core.Ops.Range.f_start
-                        =
-                        i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize;
-                        Core.Ops.Range.f_end
-                        =
-                        (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize
-                      }
-                      <:
-                      Core.Ops.Range.t_Range usize ]
-                    <:
-                    t_Slice u8)
-                  (Libcrux_ml_dsa.Simd.Traits.f_gamma1_serialize #v_SIMDUnit
-                      #FStar.Tactics.Typeclasses.solve
-                      (sz 20)
-                      simd_unit
-                    <:
-                    t_Slice u8)
-                <:
-                t_Slice u8)
-            <:
-            t_Array u8 v_OUTPUT_BYTES)
-    in
-    serialized
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
-
-        <:
-        Rust_primitives.Hax.t_Never)
+          t_Slice u8)
+  in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti
index c6b16420b..9c35efc9f 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti
@@ -9,22 +9,20 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 18
-
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = sz 20
-
 val deserialize
       (#v_SIMDUnit: Type0)
       (v_GAMMA1_EXPONENT: usize)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
       (fun _ -> Prims.l_True)
 
 val serialize
       (#v_SIMDUnit: Type0)
-      (v_GAMMA1_EXPONENT v_OUTPUT_BYTES: usize)
+      (v_GAMMA1_EXPONENT: usize)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_BYTES) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst
index 3c0ff240a..096a14a68 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst
@@ -65,6 +65,9 @@ let impl__deserialize
                     Core.Ops.Range.t_Range usize ]
                   <:
                   t_Slice u8)
+                (signer_response.[ i ]
+                  <:
+                  Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
               <:
               Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
           <:
@@ -274,7 +277,11 @@ let impl__serialize
                 }
                 <:
                 Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
+              (Libcrux_ml_dsa.Encoding.Gamma1.serialize #v_SIMDUnit
+                  v_GAMMA1_EXPONENT
+                  (self.f_signer_response.[ i ]
+                    <:
+                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
                   (signature.[ {
                         Core.Ops.Range.f_start = offset;
                         Core.Ops.Range.f_end = offset +! v_GAMMA1_RING_ELEMENT_SIZE <: usize
@@ -283,14 +290,6 @@ let impl__serialize
                       Core.Ops.Range.t_Range usize ]
                     <:
                     t_Slice u8)
-                  (Libcrux_ml_dsa.Encoding.Gamma1.serialize #v_SIMDUnit
-                      v_GAMMA1_EXPONENT
-                      v_GAMMA1_RING_ELEMENT_SIZE
-                      (self.f_signer_response.[ i ]
-                        <:
-                        Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-                    <:
-                    t_Slice u8)
                 <:
                 t_Slice u8)
           in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst
index 7088fe927..36b4a612d 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst
@@ -215,7 +215,10 @@ let generate_serialized
                 }
                 <:
                 Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
+              (Libcrux_ml_dsa.Encoding.Error.serialize #v_SIMDUnit
+                  v_ETA
+                  v_ERROR_RING_ELEMENT_SIZE
+                  ring_element
                   (signing_key_serialized.[ {
                         Core.Ops.Range.f_start = offset;
                         Core.Ops.Range.f_end = offset +! v_ERROR_RING_ELEMENT_SIZE <: usize
@@ -224,12 +227,6 @@ let generate_serialized
                       Core.Ops.Range.t_Range usize ]
                     <:
                     t_Slice u8)
-                  (Libcrux_ml_dsa.Encoding.Error.serialize #v_SIMDUnit
-                      v_ETA
-                      v_ERROR_RING_ELEMENT_SIZE
-                      ring_element
-                    <:
-                    t_Slice u8)
                 <:
                 t_Slice u8)
           in
@@ -260,7 +257,10 @@ let generate_serialized
                 }
                 <:
                 Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
+              (Libcrux_ml_dsa.Encoding.Error.serialize #v_SIMDUnit
+                  v_ETA
+                  v_ERROR_RING_ELEMENT_SIZE
+                  ring_element
                   (signing_key_serialized.[ {
                         Core.Ops.Range.f_start = offset;
                         Core.Ops.Range.f_end = offset +! v_ERROR_RING_ELEMENT_SIZE <: usize
@@ -269,12 +269,6 @@ let generate_serialized
                       Core.Ops.Range.t_Range usize ]
                     <:
                     t_Slice u8)
-                  (Libcrux_ml_dsa.Encoding.Error.serialize #v_SIMDUnit
-                      v_ETA
-                      v_ERROR_RING_ELEMENT_SIZE
-                      ring_element
-                    <:
-                    t_Slice u8)
                 <:
                 t_Slice u8)
           in
@@ -307,7 +301,8 @@ let generate_serialized
                 }
                 <:
                 Core.Ops.Range.t_Range usize)
-              (Core.Slice.impl__copy_from_slice #u8
+              (Libcrux_ml_dsa.Encoding.T0.serialize #v_SIMDUnit
+                  ring_element
                   (signing_key_serialized.[ {
                         Core.Ops.Range.f_start = offset;
                         Core.Ops.Range.f_end
@@ -318,7 +313,6 @@ let generate_serialized
                       Core.Ops.Range.t_Range usize ]
                     <:
                     t_Slice u8)
-                  (Libcrux_ml_dsa.Encoding.T0.serialize #v_SIMDUnit ring_element <: t_Slice u8)
                 <:
                 t_Slice u8)
           in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst
index b1193d6cd..2fda1d74c 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst
@@ -15,65 +15,50 @@ let deserialize
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
      =
-  let serialized_chunks:Core.Slice.Iter.t_Chunks u8 =
-    Core.Slice.impl__chunks #u8 serialized (sz 13)
-  in
   let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit ()
-  in
-  let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Core.Slice.Iter.t_Chunks u8) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       (Core.Slice.impl__len #v_SIMDUnit
           (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit)
         <:
         usize)
-      (fun temp_0_ temp_1_ ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      (fun result temp_1_ ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let _:usize = temp_1_ in
           true)
-      (result, serialized_chunks
-        <:
-        (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8)
-      )
-      (fun temp_0_ i ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      result
+      (fun result i ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let i:usize = i in
-          let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) =
-            Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks u8)
-              #FStar.Tactics.Typeclasses.solve
-              serialized_chunks
-          in
-          let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in
-          ({
-              result with
-              Libcrux_ml_dsa.Polynomial.f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
-                  .Libcrux_ml_dsa.Polynomial.f_simd_units
-                i
-                (Libcrux_ml_dsa.Simd.Traits.f_t0_deserialize #v_SIMDUnit
-                    #FStar.Tactics.Typeclasses.solve
-                    (Core.Option.impl__unwrap #(t_Slice u8) out <: t_Slice u8)
-                  <:
-                  v_SIMDUnit)
-            }
+          {
+            result with
+            Libcrux_ml_dsa.Polynomial.f_simd_units
+            =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+                .Libcrux_ml_dsa.Polynomial.f_simd_units
+              i
+              (Libcrux_ml_dsa.Simd.Traits.f_t0_deserialize #v_SIMDUnit
+                  #FStar.Tactics.Typeclasses.solve
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
+                        Core.Ops.Range.f_end
+                        =
+                        (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                <:
+                v_SIMDUnit)
             <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit),
-          serialized_chunks
+            t_Array v_SIMDUnit (sz 32)
+          }
           <:
-          (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8))
+          Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   result
 
 let deserialize_to_vector_then_ntt
@@ -93,20 +78,15 @@ let deserialize_to_vector_then_ntt
   in
   let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     v_DIMENSION =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate
-            (Core.Slice.Iter.t_Chunks u8))
-          #FStar.Tactics.Typeclasses.solve
-          (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Chunks u8)
-              #FStar.Tactics.Typeclasses.solve
-              (Core.Slice.impl__chunks #u8
-                  serialized
-                  Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T0S_SIZE
-                <:
-                Core.Slice.Iter.t_Chunks u8)
-            <:
-            Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8))
-        <:
-        Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8))
+    Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T0S_SIZE
+      serialized
+      (fun ring_elements temp_1_ ->
+          let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_DIMENSION =
+            ring_elements
+          in
+          let _:usize = temp_1_ in
+          true)
       ring_elements
       (fun ring_elements temp_1_ ->
           let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
@@ -114,16 +94,30 @@ let deserialize_to_vector_then_ntt
             ring_elements
           in
           let i, bytes:(usize & t_Slice u8) = temp_1_ in
-          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ring_elements
-            i
-            (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
-                (deserialize #v_SIMDUnit bytes
-                  <:
-                  Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-              <:
-              Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-          <:
-          t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION)
+          let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_DIMENSION =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ring_elements
+              i
+              (deserialize #v_SIMDUnit
+                  bytes
+                  (ring_elements.[ i ]
+                    <:
+                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                <:
+                Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          in
+          let ring_elements:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_DIMENSION =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ring_elements
+              i
+              (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
+                  (ring_elements.[ i ]
+                    <:
+                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                <:
+                Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          in
+          ring_elements)
   in
   ring_elements
 
@@ -133,35 +127,33 @@ let serialize
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 (sz 416) = Rust_primitives.Hax.repeat 0uy (sz 416) in
-  let serialized:t_Array u8 (sz 416) =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units
         <:
         t_Slice v_SIMDUnit)
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 (sz 416) = serialized in
+          let serialized:t_Slice u8 = serialized in
           let _:usize = temp_1_ in
           true)
       serialized
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 (sz 416) = serialized in
+          let serialized:t_Slice u8 = serialized in
           let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in
           Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
             ({
-                Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
-                Core.Ops.Range.f_end
-                =
-                (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
+                Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
+                Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize
               }
               <:
               Core.Ops.Range.t_Range usize)
             (Core.Slice.impl__copy_from_slice #u8
                 (serialized.[ {
-                      Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
+                      Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize;
                       Core.Ops.Range.f_end
                       =
-                      (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize
+                      (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize
                     }
                     <:
                     Core.Ops.Range.t_Range usize ]
@@ -175,6 +167,7 @@ let serialize
               <:
               t_Slice u8)
           <:
-          t_Array u8 (sz 416))
+          t_Slice u8)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti
index 3969d9d7c..94ac260a2 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti
@@ -9,12 +9,13 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 13
+let v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 13
 
 val deserialize
       (#v_SIMDUnit: Type0)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
       (fun _ -> Prims.l_True)
@@ -33,4 +34,5 @@ val serialize
       (#v_SIMDUnit: Type0)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure (t_Array u8 (sz 416)) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst
index 6a59315c3..2348e0868 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst
@@ -15,65 +15,48 @@ let deserialize
           i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
      =
-  let serialized_chunks:Core.Slice.Iter.t_Chunks u8 =
-    Core.Slice.impl__chunks #u8 serialized (sz 10)
-  in
   let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-    Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit ()
-  in
-  let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Core.Slice.Iter.t_Chunks u8) =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       (Core.Slice.impl__len #v_SIMDUnit
           (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit)
         <:
         usize)
-      (fun temp_0_ temp_1_ ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      (fun result temp_1_ ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let _:usize = temp_1_ in
           true)
-      (result, serialized_chunks
-        <:
-        (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8)
-      )
-      (fun temp_0_ i ->
-          let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
-            v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8) =
-            temp_0_
-          in
+      result
+      (fun result i ->
+          let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = result in
           let i:usize = i in
-          let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) =
-            Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks u8)
-              #FStar.Tactics.Typeclasses.solve
-              serialized_chunks
-          in
-          let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in
-          ({
-              result with
-              Libcrux_ml_dsa.Polynomial.f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
-                  .Libcrux_ml_dsa.Polynomial.f_simd_units
-                i
-                (Libcrux_ml_dsa.Simd.Traits.f_t1_deserialize #v_SIMDUnit
-                    #FStar.Tactics.Typeclasses.solve
-                    (Core.Option.impl__unwrap #(t_Slice u8) out <: t_Slice u8)
-                  <:
-                  v_SIMDUnit)
-            }
+          {
+            result with
+            Libcrux_ml_dsa.Polynomial.f_simd_units
+            =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+                .Libcrux_ml_dsa.Polynomial.f_simd_units
+              i
+              (Libcrux_ml_dsa.Simd.Traits.f_t1_deserialize #v_SIMDUnit
+                  #FStar.Tactics.Typeclasses.solve
+                  (serialized.[ {
+                        Core.Ops.Range.f_start = i *! sz 10 <: usize;
+                        Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! sz 10 <: usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice u8)
+                <:
+                v_SIMDUnit)
             <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit),
-          serialized_chunks
+            t_Array v_SIMDUnit (sz 32)
+          }
           <:
-          (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-            Core.Slice.Iter.t_Chunks u8))
+          Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   result
 
 let serialize
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti
index f05c66a13..6ac2183bb 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti
@@ -15,6 +15,7 @@ val deserialize
       (#v_SIMDUnit: Type0)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (serialized: t_Slice u8)
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
       (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst
index 94a614a45..f36227839 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst
@@ -62,6 +62,7 @@ let deserialize
                     Core.Ops.Range.t_Range usize ]
                   <:
                   t_Slice u8)
+                (t1.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
               <:
               Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
           <:
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst
index 2ba6033e2..a5339e177 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst
@@ -121,6 +121,18 @@ let compute_A_times_mask
         Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       v_ROWS_IN_A
   in
+  let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A
+  =
+    Core.Array.impl_23__map #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      v_COLUMNS_IN_A
+      #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      mask
+      (fun s ->
+          let s:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = s in
+          Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit s
+          <:
+          Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+  in
   let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A =
     Rust_primitives.Hax.Folds.fold_enumerated_slice (v_A_as_ntt
         <:
@@ -168,10 +180,7 @@ let compute_A_times_mask
                   let product:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
                     Libcrux_ml_dsa.Ntt.ntt_multiply_montgomery #v_SIMDUnit
                       ring_element
-                      (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
-                          (mask.[ j ]
-                            <:
-                            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                      (mask_ntt.[ j ]
                         <:
                         Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
                   in
@@ -339,6 +348,39 @@ let compute_w_approx
         Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       v_ROWS_IN_A
   in
+  let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+    v_COLUMNS_IN_A =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          )
+        <:
+        usize)
+      (fun signer_response temp_1_ ->
+          let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_COLUMNS_IN_A =
+            signer_response
+          in
+          let _:usize = temp_1_ in
+          true)
+      signer_response
+      (fun signer_response i ->
+          let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+            v_COLUMNS_IN_A =
+            signer_response
+          in
+          let i:usize = i in
+          Rust_primitives.Hax.Monomorphized_update_at.update_at_usize signer_response
+            i
+            (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
+                (signer_response.[ i ]
+                  <:
+                  Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+              <:
+              Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          <:
+          t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+  in
   let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A =
     Rust_primitives.Hax.Folds.fold_enumerated_slice (v_A_as_ntt
         <:
@@ -386,10 +428,7 @@ let compute_w_approx
                   let product:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
                     Libcrux_ml_dsa.Ntt.ntt_multiply_montgomery #v_SIMDUnit
                       ring_element
-                      (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
-                          (signer_response.[ j ]
-                            <:
-                            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                      (signer_response.[ j ]
                         <:
                         Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
                   in
@@ -412,13 +451,14 @@ let compute_w_approx
               13l
               (t1.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
           in
+          let t1_shifted:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
+            Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit t1_shifted
+          in
           let challenge_times_t1_shifted:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement
           v_SIMDUnit =
             Libcrux_ml_dsa.Ntt.ntt_multiply_montgomery #v_SIMDUnit
               verifier_challenge_as_ntt
-              (Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit t1_shifted
-                <:
-                Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+              t1_shifted
           in
           let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             v_ROWS_IN_A =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
index ccfe9b578..3ae7a4680 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
@@ -56,6 +56,7 @@ let sign_pre_hashed_shake128
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -94,6 +95,7 @@ let verify_pre_hashed_shake128
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
index d8354ab2f..bc44352c6 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
@@ -56,6 +56,7 @@ let sign_pre_hashed_shake128
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -94,6 +95,7 @@ let verify_pre_hashed_shake128
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
index 8672a8e98..581a147b8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
@@ -55,6 +55,7 @@ let sign_pre_hashed_shake128
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -93,6 +94,7 @@ let verify_pre_hashed_shake128
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
index 21226d0c1..0bf89311c 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
@@ -456,57 +456,18 @@ let sign_internal
                     (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
                         v_COLUMNS_IN_A)))
   in
-  match
-    match commitment_hash with
-    | Core.Option.Option_Some commitment_hash ->
-      Core.Result.Result_Ok commitment_hash
-      <:
-      Core.Result.t_Result (t_Array u8 v_COMMITMENT_HASH_SIZE) Libcrux_ml_dsa.Types.t_SigningError
-    | Core.Option.Option_None  ->
-      Core.Result.Result_Err
-      (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
-        <:
-        Libcrux_ml_dsa.Types.t_SigningError)
-      <:
-      Core.Result.t_Result (t_Array u8 v_COMMITMENT_HASH_SIZE) Libcrux_ml_dsa.Types.t_SigningError
-  with
-  | Core.Result.Result_Ok commitment_hash ->
-    (match
-        match signer_response with
-        | Core.Option.Option_Some signer_response ->
-          Core.Result.Result_Ok signer_response
-          <:
-          Core.Result.t_Result
-            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-            Libcrux_ml_dsa.Types.t_SigningError
-        | Core.Option.Option_None  ->
-          Core.Result.Result_Err
-          (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
-            <:
-            Libcrux_ml_dsa.Types.t_SigningError)
-          <:
-          Core.Result.t_Result
-            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-            Libcrux_ml_dsa.Types.t_SigningError
-      with
-      | Core.Result.Result_Ok signer_response ->
-        (match
-            match hint with
-            | Core.Option.Option_Some hint ->
-              Core.Result.Result_Ok hint
-              <:
-              Core.Result.t_Result (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A)
-                Libcrux_ml_dsa.Types.t_SigningError
-            | Core.Option.Option_None  ->
-              Core.Result.Result_Err
-              (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
-                <:
-                Libcrux_ml_dsa.Types.t_SigningError)
-              <:
-              Core.Result.t_Result (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A)
-                Libcrux_ml_dsa.Types.t_SigningError
-          with
-          | Core.Result.Result_Ok hint ->
+  match commitment_hash with
+  | Core.Option.Option_Some commitment_hash ->
+    let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = commitment_hash in
+    (match signer_response with
+      | Core.Option.Option_Some signer_response ->
+        let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+          v_COLUMNS_IN_A =
+          signer_response
+        in
+        (match hint with
+          | Core.Option.Option_Some hint ->
+            let hint:t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A = hint in
             let signature:t_Array u8 v_SIGNATURE_SIZE =
               Libcrux_ml_dsa.Encoding.Signature.impl__serialize #v_SIMDUnit
                 v_COMMITMENT_HASH_SIZE
@@ -531,18 +492,26 @@ let sign_internal
             <:
             Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
               Libcrux_ml_dsa.Types.t_SigningError
-          | Core.Result.Result_Err err ->
-            Core.Result.Result_Err err
+          | Core.Option.Option_None  ->
+            Core.Result.Result_Err
+            (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
+              <:
+              Libcrux_ml_dsa.Types.t_SigningError)
             <:
             Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
               Libcrux_ml_dsa.Types.t_SigningError)
-      | Core.Result.Result_Err err ->
-        Core.Result.Result_Err err
+      | Core.Option.Option_None  ->
+        Core.Result.Result_Err
+        (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
+          <:
+          Libcrux_ml_dsa.Types.t_SigningError)
         <:
         Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
           Libcrux_ml_dsa.Types.t_SigningError)
-  | Core.Result.Result_Err err ->
-    Core.Result.Result_Err err
+  | Core.Option.Option_None  ->
+    Core.Result.Result_Err
+    (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError <: Libcrux_ml_dsa.Types.t_SigningError
+    )
     <:
     Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
       Libcrux_ml_dsa.Types.t_SigningError
@@ -576,49 +545,50 @@ let sign
     Libcrux_ml_dsa.Pre_hash.impl_1__new context
       (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11)))
   with
-  | Core.Result.Result_Ok hoist36 ->
+  | Core.Result.Result_Ok dsc ->
+    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
     sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A
       v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
       v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
       v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE
       v_SIGNATURE_SIZE signing_key message
-      (Core.Option.Option_Some hoist36
+      (Core.Option.Option_Some domain_separation_context
         <:
         Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
-  | Core.Result.Result_Err err ->
+  | Core.Result.Result_Err _ ->
     Core.Result.Result_Err
-    (Core.Convert.f_from #Libcrux_ml_dsa.Types.t_SigningError
-        #Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError
-        #FStar.Tactics.Typeclasses.solve
-        err)
+    (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
     <:
     Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
       Libcrux_ml_dsa.Types.t_SigningError
 
 let sign_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
           usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
+          i7:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
+          i10:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
+          i11:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i10:
+          i12:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i11:
+          i13:
           Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
@@ -633,7 +603,11 @@ let sign_pre_hashed
       Libcrux_ml_dsa.Types.t_SigningError
   else
     let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN =
-      Libcrux_ml_dsa.Pre_hash.f_hash #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve message
+      Libcrux_ml_dsa.Pre_hash.f_hash #v_PH
+        #v_PH_DIGEST_LEN
+        #FStar.Tactics.Typeclasses.solve
+        #v_Shake128
+        message
     in
     match
       Libcrux_ml_dsa.Pre_hash.impl_1__new context
@@ -644,21 +618,19 @@ let sign_pre_hashed
           <:
           Core.Option.t_Option (t_Array u8 (sz 11)))
     with
-    | Core.Result.Result_Ok hoist39 ->
+    | Core.Result.Result_Ok dsc ->
+      let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
       sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A
         v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
         v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
         v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE
         v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key (pre_hashed_message <: t_Slice u8)
-        (Core.Option.Option_Some hoist39
+        (Core.Option.Option_Some domain_separation_context
           <:
           Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
-    | Core.Result.Result_Err err ->
+    | Core.Result.Result_Err _ ->
       Core.Result.Result_Err
-      (Core.Convert.f_from #Libcrux_ml_dsa.Types.t_SigningError
-          #Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError
-          #FStar.Tactics.Typeclasses.solve
-          err)
+      (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
       <:
       Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
         Libcrux_ml_dsa.Types.t_SigningError
@@ -706,15 +678,26 @@ let verify_internal
       v_SIGNATURE_SIZE
       signature_serialized
   with
-  | Core.Result.Result_Ok signature ->
+  | Core.Result.Result_Ok s ->
+    let signature:Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit
+      v_COMMITMENT_HASH_SIZE
+      v_COLUMNS_IN_A
+      v_ROWS_IN_A =
+      s
+    in
     if
-      ~.(Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit
-          v_COLUMNS_IN_A
-          signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response
-          ((2l <<! v_GAMMA1_EXPONENT <: i32) -! v_BETA <: i32)
-        <:
-        bool)
+      Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit
+        v_COLUMNS_IN_A
+        signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response
+        ((2l <<! v_GAMMA1_EXPONENT <: i32) -! v_BETA <: i32)
     then
+      Core.Result.Result_Err
+      (Libcrux_ml_dsa.Types.VerificationError_SignerResponseExceedsBoundError
+        <:
+        Libcrux_ml_dsa.Types.t_VerificationError)
+      <:
+      Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+    else
       let v_A_as_ntt:t_Array
         (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
         v_ROWS_IN_A =
@@ -806,27 +789,20 @@ let verify_internal
       let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = tmp1 in
       let _:Prims.unit = () in
       let _:Prims.unit = () in
-      if signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash <>. commitment_hash
+      if signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash =. commitment_hash
       then
+        Core.Result.Result_Ok (() <: Prims.unit)
+        <:
+        Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+      else
         Core.Result.Result_Err
         (Libcrux_ml_dsa.Types.VerificationError_CommitmentHashesDontMatchError
           <:
           Libcrux_ml_dsa.Types.t_VerificationError)
         <:
         Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
-      else
-        Core.Result.Result_Ok (() <: Prims.unit)
-        <:
-        Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
-    else
-      Core.Result.Result_Err
-      (Libcrux_ml_dsa.Types.VerificationError_SignerResponseExceedsBoundError
-        <:
-        Libcrux_ml_dsa.Types.t_VerificationError)
-      <:
-      Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
-  | Core.Result.Result_Err err ->
-    Core.Result.Result_Err err
+  | Core.Result.Result_Err e ->
+    Core.Result.Result_Err e
     <:
     Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
 
@@ -857,51 +833,58 @@ let verify
     Libcrux_ml_dsa.Pre_hash.impl_1__new context
       (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11)))
   with
-  | Core.Result.Result_Ok hoist41 ->
+  | Core.Result.Result_Ok dsc ->
+    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
     verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
       v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
       v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
       v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized message
-      (Core.Option.Option_Some hoist41
+      (Core.Option.Option_Some domain_separation_context
         <:
         Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized
-  | Core.Result.Result_Err err ->
+  | Core.Result.Result_Err _ ->
     Core.Result.Result_Err
-    (Core.Convert.f_from #Libcrux_ml_dsa.Types.t_VerificationError
-        #Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError
-        #FStar.Tactics.Typeclasses.solve
-        err)
+    (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
+      <:
+      Libcrux_ml_dsa.Types.t_VerificationError)
     <:
     Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
 
 let verify_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
+          i6:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
+          i7:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
+          i10:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
+          i11:
           Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
      =
   let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN =
-    Libcrux_ml_dsa.Pre_hash.f_hash #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve message
+    Libcrux_ml_dsa.Pre_hash.f_hash #v_PH
+      #v_PH_DIGEST_LEN
+      #FStar.Tactics.Typeclasses.solve
+      #v_Shake128
+      message
   in
   match
     Libcrux_ml_dsa.Pre_hash.impl_1__new context
@@ -912,21 +895,21 @@ let verify_pre_hashed
         <:
         Core.Option.t_Option (t_Array u8 (sz 11)))
   with
-  | Core.Result.Result_Ok hoist43 ->
+  | Core.Result.Result_Ok dsc ->
+    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
     verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
       v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
       v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
       v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized
       (pre_hashed_message <: t_Slice u8)
-      (Core.Option.Option_Some hoist43
+      (Core.Option.Option_Some domain_separation_context
         <:
         Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized
-  | Core.Result.Result_Err err ->
+  | Core.Result.Result_Err _ ->
     Core.Result.Result_Err
-    (Core.Convert.f_from #Libcrux_ml_dsa.Types.t_VerificationError
-        #Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError
-        #FStar.Tactics.Typeclasses.solve
-        err)
+    (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
+      <:
+      Libcrux_ml_dsa.Types.t_VerificationError)
     <:
     Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
index 574ce29b4..b333cdc66 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
@@ -81,18 +81,19 @@ val sign
           Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
 
 val sign_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
           usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
-      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
-      {| i11: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
+      {| i7: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
       (randomness: t_Array u8 (sz 32))
@@ -142,17 +143,18 @@ val verify
       (fun _ -> Prims.l_True)
 
 val verify_pre_hashed
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
+      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i9: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
+      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i11: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst
index 92db55cce..1cfb3ccb5 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst
@@ -44,50 +44,48 @@ let impl__from_i32_array
       in
       ()
   in
-  let array_chunks:Core.Slice.Iter.t_Chunks i32 =
-    Core.Slice.impl__chunks #i32 array Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT
-  in
   let result:t_PolynomialRingElement v_SIMDUnit = impl__ZERO #v_SIMDUnit () in
-  let array_chunks, result:(Core.Slice.Iter.t_Chunks i32 & t_PolynomialRingElement v_SIMDUnit) =
+  let result:t_PolynomialRingElement v_SIMDUnit =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       Libcrux_ml_dsa.Simd.Traits.v_SIMD_UNITS_IN_RING_ELEMENT
-      (fun temp_0_ temp_1_ ->
-          let array_chunks, result:(Core.Slice.Iter.t_Chunks i32 &
-            t_PolynomialRingElement v_SIMDUnit) =
-            temp_0_
-          in
+      (fun result temp_1_ ->
+          let result:t_PolynomialRingElement v_SIMDUnit = result in
           let _:usize = temp_1_ in
           true)
-      (array_chunks, result <: (Core.Slice.Iter.t_Chunks i32 & t_PolynomialRingElement v_SIMDUnit))
-      (fun temp_0_ i ->
-          let array_chunks, result:(Core.Slice.Iter.t_Chunks i32 &
-            t_PolynomialRingElement v_SIMDUnit) =
-            temp_0_
-          in
+      result
+      (fun result i ->
+          let result:t_PolynomialRingElement v_SIMDUnit = result in
           let i:usize = i in
-          let tmp0, out:(Core.Slice.Iter.t_Chunks i32 & Core.Option.t_Option (t_Slice i32)) =
-            Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks i32)
-              #FStar.Tactics.Typeclasses.solve
-              array_chunks
-          in
-          let array_chunks:Core.Slice.Iter.t_Chunks i32 = tmp0 in
-          array_chunks,
-          ({
-              result with
-              f_simd_units
-              =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_simd_units
-                i
-                (Libcrux_ml_dsa.Simd.Traits.f_from_coefficient_array #v_SIMDUnit
-                    #FStar.Tactics.Typeclasses.solve
-                    (Core.Option.impl__unwrap #(t_Slice i32) out <: t_Slice i32)
-                  <:
-                  v_SIMDUnit)
-            }
+          {
+            result with
+            f_simd_units
+            =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_simd_units
+              i
+              (Libcrux_ml_dsa.Simd.Traits.f_from_coefficient_array #v_SIMDUnit
+                  #FStar.Tactics.Typeclasses.solve
+                  (array.[ {
+                        Core.Ops.Range.f_start
+                        =
+                        i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize;
+                        Core.Ops.Range.f_end
+                        =
+                        (i +! sz 1 <: usize) *!
+                        Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT
+                        <:
+                        usize
+                      }
+                      <:
+                      Core.Ops.Range.t_Range usize ]
+                    <:
+                    t_Slice i32)
+                <:
+                v_SIMDUnit)
             <:
-            t_PolynomialRingElement v_SIMDUnit)
+            t_Array v_SIMDUnit (sz 32)
+          }
           <:
-          (Core.Slice.Iter.t_Chunks i32 & t_PolynomialRingElement v_SIMDUnit))
+          t_PolynomialRingElement v_SIMDUnit)
   in
   result
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst
index 839ac9c79..a9b6eddc8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst
@@ -6,7 +6,6 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
-  let open Libcrux_ml_dsa.Hash_functions.Portable in
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   ()
 
@@ -14,18 +13,6 @@ let impl_1__context (self: t_DomainSeparationContext) = self.f_context
 
 let impl_1__pre_hash_oid (self: t_DomainSeparationContext) = self.f_pre_hash_oid
 
-let impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) =
-  if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN
-  then
-    Core.Result.Result_Err (DomainSeparationError_ContextTooLongError <: t_DomainSeparationError)
-    <:
-    Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError
-  else
-    Core.Result.Result_Ok
-    ({ f_context = context; f_pre_hash_oid = pre_hash_oid } <: t_DomainSeparationContext)
-    <:
-    Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError
-
 let t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) =
   match x with | DomainSeparationError_ContextTooLongError  -> isz 0
 
@@ -56,30 +43,62 @@ let impl_3: Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_Domai
     fun (e: t_DomainSeparationError) ->
       match e with
       | DomainSeparationError_ContextTooLongError  ->
-        Libcrux_ml_dsa.Types.VerificationError_ContextTooLongError
+        Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
         <:
         Libcrux_ml_dsa.Types.t_VerificationError
   }
 
+let impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) =
+  if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN
+  then
+    Core.Result.Result_Err (DomainSeparationError_ContextTooLongError <: t_DomainSeparationError)
+    <:
+    Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError
+  else
+    Core.Result.Result_Ok
+    ({ f_context = context; f_pre_hash_oid = pre_hash_oid } <: t_DomainSeparationContext)
+    <:
+    Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl: t_PreHash t_SHAKE128_PH (sz 256) =
   {
     f_oid_pre = (fun (_: Prims.unit) -> true);
     f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (sz 11)) -> true);
-    f_oid
+    f_oid = (fun (_: Prims.unit) -> v_SHAKE128_OID);
+    f_hash_pre
+    =
+    (fun
+        (#v_Shake128: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
+        (message: t_Slice u8)
+        ->
+        true);
+    f_hash_post
     =
-    (fun (_: Prims.unit) ->
-        let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in
-        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11);
-        Rust_primitives.Hax.array_of_list 11 list);
-    f_hash_pre = (fun (message: t_Slice u8) -> true);
-    f_hash_post = (fun (message: t_Slice u8) (out: t_Array u8 (sz 256)) -> true);
+    (fun
+        (#v_Shake128: Type0)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
+        (message: t_Slice u8)
+        (out: t_Array u8 (sz 256))
+        ->
+        true);
     f_hash
     =
-    fun (message: t_Slice u8) ->
+    fun
+      (#v_Shake128: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+        i1:
+        Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
+      (message: t_Slice u8)
+      ->
       let output:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in
       let output:t_Array u8 (sz 256) =
-        Libcrux_ml_dsa.Hash_functions.Shake128.f_shake128 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
+        Libcrux_ml_dsa.Hash_functions.Shake128.f_shake128 #v_Shake128
           #FStar.Tactics.Typeclasses.solve
           (sz 256)
           message
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti
index 2dc40559b..c23391618 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti
@@ -6,7 +6,6 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
-  let open Libcrux_ml_dsa.Hash_functions.Portable in
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   ()
 
@@ -27,12 +26,6 @@ val impl_1__pre_hash_oid (self: t_DomainSeparationContext)
 
 type t_DomainSeparationError = | DomainSeparationError_ContextTooLongError : t_DomainSeparationError
 
-/// `context` must be at most 255 bytes long.
-val impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11)))
-    : Prims.Pure (Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
 val t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError)
     : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True)
 
@@ -41,10 +34,24 @@ class t_PreHash (v_Self: Type0) (v_DIGEST_LEN: usize) = {
   f_oid_post:Prims.unit -> t_Array u8 (sz 11) -> Type0;
   f_oid:x0: Prims.unit
     -> Prims.Pure (t_Array u8 (sz 11)) (f_oid_pre x0) (fun result -> f_oid_post x0 result);
-  f_hash_pre:t_Slice u8 -> Type0;
-  f_hash_post:t_Slice u8 -> t_Array u8 v_DIGEST_LEN -> Type0;
-  f_hash:x0: t_Slice u8
-    -> Prims.Pure (t_Array u8 v_DIGEST_LEN) (f_hash_pre x0) (fun result -> f_hash_post x0 result)
+  f_hash_pre:
+      #v_Shake128: Type0 ->
+      {| i1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} ->
+      t_Slice u8
+    -> Type0;
+  f_hash_post:
+      #v_Shake128: Type0 ->
+      {| i1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} ->
+      t_Slice u8 ->
+      t_Array u8 v_DIGEST_LEN
+    -> Type0;
+  f_hash:
+      #v_Shake128: Type0 ->
+      {| i1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} ->
+      x0: t_Slice u8
+    -> Prims.Pure (t_Array u8 v_DIGEST_LEN)
+        (f_hash_pre #v_Shake128 #i1 x0)
+        (fun result -> f_hash_post #v_Shake128 #i1 x0 result)
 }
 
 /// An implementation of the pre-hash trait for the SHAKE-128 XOF with
@@ -53,11 +60,22 @@ type t_SHAKE128_PH = | SHAKE128_PH : t_SHAKE128_PH
 
 let v_PRE_HASH_OID_LEN: usize = sz 11
 
+let v_SHAKE128_OID: t_Array u8 (sz 11) =
+  let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in
+  FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11);
+  Rust_primitives.Hax.array_of_list 11 list
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_2:Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_3:Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_DomainSeparationError
 
+/// `context` must be at most 255 bytes long.
+val impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11)))
+    : Prims.Pure (Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl:t_PreHash t_SHAKE128_PH (sz 256)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
index 2a6b43436..288d73ebd 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
@@ -38,12 +38,12 @@ let rejection_sample_less_than_eta_equals_2_
      =
   let done:bool = false in
   let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact
             u8)
           #FStar.Tactics.Typeclasses.solve
-          (Core.Slice.impl__chunks #u8 randomness (sz 4) <: Core.Slice.Iter.t_Chunks u8)
+          (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8)
         <:
-        Core.Slice.Iter.t_Chunks u8)
+        Core.Slice.Iter.t_ChunksExact u8)
       (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize))
       (fun temp_0_ random_bytes ->
           let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in
@@ -90,12 +90,12 @@ let rejection_sample_less_than_eta_equals_4_
      =
   let done:bool = false in
   let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact
             u8)
           #FStar.Tactics.Typeclasses.solve
-          (Core.Slice.impl__chunks #u8 randomness (sz 4) <: Core.Slice.Iter.t_Chunks u8)
+          (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8)
         <:
-        Core.Slice.Iter.t_Chunks u8)
+        Core.Slice.Iter.t_ChunksExact u8)
       (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize))
       (fun temp_0_ random_bytes ->
           let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in
@@ -183,12 +183,12 @@ let rejection_sample_less_than_field_modulus
      =
   let done:bool = false in
   let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact
             u8)
           #FStar.Tactics.Typeclasses.solve
-          (Core.Slice.impl__chunks #u8 randomness (sz 24) <: Core.Slice.Iter.t_Chunks u8)
+          (Core.Slice.impl__chunks_exact #u8 randomness (sz 24) <: Core.Slice.Iter.t_ChunksExact u8)
         <:
-        Core.Slice.Iter.t_Chunks u8)
+        Core.Slice.Iter.t_ChunksExact u8)
       (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize))
       (fun temp_0_ random_bytes ->
           let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in
@@ -232,9 +232,10 @@ let inside_out_shuffle
      =
   let done:bool = false in
   let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Slice u8)
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter
+            u8)
           #FStar.Tactics.Typeclasses.solve
-          randomness
+          (Core.Slice.impl__iter #u8 randomness <: Core.Slice.Iter.t_Iter u8)
         <:
         Core.Slice.Iter.t_Iter u8)
       (done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64))
@@ -1049,33 +1050,53 @@ let sample_mask_ring_element
           i3:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (seed: t_Array u8 (sz 66))
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
      =
-  match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
-  | 17uy ->
-    let out:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in
-    let out:t_Array u8 (sz 576) =
-      Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256
-        #FStar.Tactics.Typeclasses.solve
-        (sz 576)
-        (seed <: t_Slice u8)
-        out
-    in
-    Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out <: t_Slice u8)
-  | 19uy ->
-    let out:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in
-    let out:t_Array u8 (sz 640) =
-      Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256
-        #FStar.Tactics.Typeclasses.solve
-        (sz 640)
-        (seed <: t_Slice u8)
-        out
-    in
-    Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out <: t_Slice u8)
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let result, hax_temp_output:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
+    Prims.unit) =
+    match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
+    | 17uy ->
+      let out:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in
+      let out:t_Array u8 (sz 576) =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256
+          #FStar.Tactics.Typeclasses.solve
+          (sz 576)
+          (seed <: t_Slice u8)
+          out
+      in
+      let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
+        Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
+          v_GAMMA1_EXPONENT
+          (out <: t_Slice u8)
+          result
+      in
+      result, () <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Prims.unit)
+    | 19uy ->
+      let out:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in
+      let out:t_Array u8 (sz 640) =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256
+          #FStar.Tactics.Typeclasses.solve
+          (sz 640)
+          (seed <: t_Slice u8)
+          out
+      in
+      let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
+        Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
+          v_GAMMA1_EXPONENT
+          (out <: t_Slice u8)
+          result
+      in
+      result, () <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Prims.unit)
+    | _ ->
+      result,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Prims.unit)
+  in
+  result
 
 let sample_mask_vector
       (#v_SIMDUnit #v_Shake256 #v_Shake256X4: Type0)
@@ -1143,6 +1164,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out0 <: t_Slice u8)
+              (mask.[ sz 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1152,6 +1174,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out1 <: t_Slice u8)
+              (mask.[ sz 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1161,6 +1184,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out2 <: t_Slice u8)
+              (mask.[ sz 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1170,6 +1194,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out3 <: t_Slice u8)
+              (mask.[ sz 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1196,6 +1221,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out0 <: t_Slice u8)
+              (mask.[ sz 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1205,6 +1231,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out1 <: t_Slice u8)
+              (mask.[ sz 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1214,6 +1241,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out2 <: t_Slice u8)
+              (mask.[ sz 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1223,6 +1251,7 @@ let sample_mask_vector
           (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit
               v_GAMMA1_EXPONENT
               (out3 <: t_Slice u8)
+              (mask.[ sz 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
             <:
             Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       in
@@ -1268,7 +1297,11 @@ let sample_mask_vector
             v_DIMENSION =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask
               i
-              (sample_mask_ring_element #v_SIMDUnit #v_Shake256 v_GAMMA1_EXPONENT seed
+              (sample_mask_ring_element #v_SIMDUnit
+                  #v_Shake256
+                  v_GAMMA1_EXPONENT
+                  seed
+                  (mask.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
                 <:
                 Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
           in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
index 02905d2e7..9cab11744 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
@@ -99,6 +99,7 @@ val sample_mask_ring_element
       {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
       (seed: t_Array u8 (sz 66))
+      (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
       Prims.l_True
       (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst
index fba456933..424d9ceae 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst
@@ -3,139 +3,145 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment
 open Core
 open FStar.Mul
 
-let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize (simd_unit: u8) (out: t_Slice u8) =
   let serialized:t_Array u8 (sz 19) = Rust_primitives.Hax.repeat 0uy (sz 19) in
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 4uy ->
-    let adjacent_2_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l <: u8)
-    in
-    let adjacent_2_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined
-    in
-    let adjacent_4_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l <: u8)
-    in
-    let adjacent_4_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
-    in
-    let adjacent_4_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined
-        (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy 240uy
-            240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy
-          <:
-          u8)
-    in
-    let serialized:t_Array u8 (sz 19) =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-        ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
-          <:
-          Core.Ops.Range.t_Range usize)
-        (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ {
-                  Core.Ops.Range.f_start = sz 0;
-                  Core.Ops.Range.f_end = sz 16
-                }
+  let (out, serialized), hax_temp_output:((t_Slice u8 & t_Array u8 (sz 19)) & Prims.unit) =
+    match cast (Core.Slice.impl__len #u8 out <: usize) <: u8 with
+    | 4uy ->
+      let adjacent_2_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
+          (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l <: u8)
+      in
+      let adjacent_2_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined
+      in
+      let adjacent_4_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined
+          (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l <: u8)
+      in
+      let adjacent_4_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined
+      in
+      let adjacent_4_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined
+          (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy
+              240uy 240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy
+            <:
+            u8)
+      in
+      let serialized:t_Array u8 (sz 19) =
+        Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+          ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
+            <:
+            Core.Ops.Range.t_Range usize)
+          (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ {
+                    Core.Ops.Range.f_start = sz 0;
+                    Core.Ops.Range.f_end = sz 16
+                  }
+                  <:
+                  Core.Ops.Range.t_Range usize ]
                 <:
-                Core.Ops.Range.t_Range usize ]
-              <:
-              t_Slice u8)
-            adjacent_4_combined
-          <:
-          t_Slice u8)
-    in
-    Core.Result.impl__unwrap #(t_Array u8 v_OUTPUT_SIZE)
-      #Core.Array.t_TryFromSliceError
-      (Core.Convert.f_try_into #(t_Slice u8)
-          #(t_Array u8 v_OUTPUT_SIZE)
-          #FStar.Tactics.Typeclasses.solve
+                t_Slice u8)
+              adjacent_4_combined
+            <:
+            t_Slice u8)
+      in
+      let out:t_Slice u8 =
+        Core.Slice.impl__copy_from_slice #u8
+          out
           (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 }
               <:
               Core.Ops.Range.t_Range usize ]
             <:
             t_Slice u8)
-        <:
-        Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
-  | 6uy ->
-    let adjacent_2_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l <: u8)
-    in
-    let adjacent_2_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 26l adjacent_2_combined
-    in
-    let adjacent_3_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
-            (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
-            (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y
-          <:
-          u8)
-    in
-    let adjacent_3_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 adjacent_3_combined
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 1s 1s 1s 1s 1s 1s 1s (1s <<! 4l <: i16) 1s
-            1s 1s 1s 1s 1s 1s (1s <<! 4l <: i16)
-          <:
-          u8)
-    in
-    let adjacent_3_combined:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 adjacent_3_combined
-        (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 4l 0l 0l 0l 4l <: u8)
-    in
-    let lower_3_:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_3_combined in
-    let serialized:t_Array u8 (sz 19) =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-        ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
-          <:
-          Core.Ops.Range.t_Range usize)
-        (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ {
-                  Core.Ops.Range.f_start = sz 0;
-                  Core.Ops.Range.f_end = sz 16
-                }
+      in
+      (out, serialized <: (t_Slice u8 & t_Array u8 (sz 19))), ()
+      <:
+      ((t_Slice u8 & t_Array u8 (sz 19)) & Prims.unit)
+    | 6uy ->
+      let adjacent_2_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit
+          (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l <: u8)
+      in
+      let adjacent_2_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 26l adjacent_2_combined
+      in
+      let adjacent_3_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined
+          (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
+              (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y)
+              (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y
+            <:
+            u8)
+      in
+      let adjacent_3_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 adjacent_3_combined
+          (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 1s 1s 1s 1s 1s 1s 1s (1s <<! 4l <: i16)
+              1s 1s 1s 1s 1s 1s 1s (1s <<! 4l <: i16)
+            <:
+            u8)
+      in
+      let adjacent_3_combined:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 adjacent_3_combined
+          (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 4l 0l 0l 0l 4l <: u8)
+      in
+      let lower_3_:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_3_combined in
+      let serialized:t_Array u8 (sz 19) =
+        Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+          ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 }
+            <:
+            Core.Ops.Range.t_Range usize)
+          (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ {
+                    Core.Ops.Range.f_start = sz 0;
+                    Core.Ops.Range.f_end = sz 16
+                  }
+                  <:
+                  Core.Ops.Range.t_Range usize ]
                 <:
-                Core.Ops.Range.t_Range usize ]
-              <:
-              t_Slice u8)
-            lower_3_
-          <:
-          t_Slice u8)
-    in
-    let upper_3_:u8 =
-      Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_3_combined
-    in
-    let serialized:t_Array u8 (sz 19) =
-      Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
-        ({ Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 19 }
-          <:
-          Core.Ops.Range.t_Range usize)
-        (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ {
-                  Core.Ops.Range.f_start = sz 3;
-                  Core.Ops.Range.f_end = sz 19
-                }
+                t_Slice u8)
+              lower_3_
+            <:
+            t_Slice u8)
+      in
+      let upper_3_:u8 =
+        Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_3_combined
+      in
+      let serialized:t_Array u8 (sz 19) =
+        Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized
+          ({ Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 19 }
+            <:
+            Core.Ops.Range.t_Range usize)
+          (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ {
+                    Core.Ops.Range.f_start = sz 3;
+                    Core.Ops.Range.f_end = sz 19
+                  }
+                  <:
+                  Core.Ops.Range.t_Range usize ]
                 <:
-                Core.Ops.Range.t_Range usize ]
-              <:
-              t_Slice u8)
-            upper_3_
-          <:
-          t_Slice u8)
-    in
-    Core.Result.impl__unwrap #(t_Array u8 v_OUTPUT_SIZE)
-      #Core.Array.t_TryFromSliceError
-      (Core.Convert.f_try_into #(t_Slice u8)
-          #(t_Array u8 v_OUTPUT_SIZE)
-          #FStar.Tactics.Typeclasses.solve
+                t_Slice u8)
+              upper_3_
+            <:
+            t_Slice u8)
+      in
+      let out:t_Slice u8 =
+        Core.Slice.impl__copy_from_slice #u8
+          out
           (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 6 }
               <:
               Core.Ops.Range.t_Range usize ]
             <:
             t_Slice u8)
-        <:
-        Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+      in
+      (out, serialized <: (t_Slice u8 & t_Array u8 (sz 19))), ()
+      <:
+      ((t_Slice u8 & t_Array u8 (sz 19)) & Prims.unit)
+    | _ ->
+      (out, serialized <: (t_Slice u8 & t_Array u8 (sz 19))),
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      ((t_Slice u8 & t_Array u8 (sz 19)) & Prims.unit)
+  in
+  out
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti
index 74c8d9c15..b329f5957 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fsti
@@ -3,5 +3,5 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment
 open Core
 open FStar.Mul
 
-val serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize (simd_unit: u8) (out: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst
index be78d6aba..7f757bb1b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst
@@ -83,7 +83,7 @@ let deserialize (v_ETA: usize) (serialized: t_Slice u8) =
       u8)
     unsigned
 
-let serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_eta_is_2_ (simd_unit: u8) (out: t_Slice u8) =
   let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in
   let simd_unit_shifted:u8 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
@@ -145,20 +145,18 @@ let serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  Core.Result.impl__unwrap #(t_Array u8 v_OUTPUT_SIZE)
-    #Core.Array.t_TryFromSliceError
-    (Core.Convert.f_try_into #(t_Slice u8)
-        #(t_Array u8 v_OUTPUT_SIZE)
-        #FStar.Tactics.Typeclasses.solve
-        (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 }
-            <:
-            Core.Ops.Range.t_Range usize ]
+  let out:t_Slice u8 =
+    Core.Slice.impl__copy_from_slice #u8
+      out
+      (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 }
           <:
-          t_Slice u8)
-      <:
-      Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
+          Core.Ops.Range.t_Range usize ]
+        <:
+        t_Slice u8)
+  in
+  out
 
-let serialize_when_eta_is_4_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_eta_is_4_ (simd_unit: u8) (out: t_Slice u8) =
   let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in
   let simd_unit_shifted:u8 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
@@ -205,25 +203,32 @@ let serialize_when_eta_is_4_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  Core.Result.impl__unwrap #(t_Array u8 v_OUTPUT_SIZE)
-    #Core.Array.t_TryFromSliceError
-    (Core.Convert.f_try_into #(t_Slice u8)
-        #(t_Array u8 v_OUTPUT_SIZE)
-        #FStar.Tactics.Typeclasses.solve
-        (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 }
-            <:
-            Core.Ops.Range.t_Range usize ]
+  let hax_temp_output, out:(Prims.unit & t_Slice u8) =
+    (),
+    Core.Slice.impl__copy_from_slice #u8
+      out
+      (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 }
           <:
-          t_Slice u8)
-      <:
-      Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
+          Core.Ops.Range.t_Range usize ]
+        <:
+        t_Slice u8)
+    <:
+    (Prims.unit & t_Slice u8)
+  in
+  out
 
-let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 3uy -> serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit
-  | 4uy -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+let serialize (v_ETA: usize) (simd_unit: u8) (serialized: t_Slice u8) =
+  let serialized, hax_temp_output:(t_Slice u8 & Prims.unit) =
+    match cast (v_ETA <: usize) <: u8 with
+    | 2uy -> serialize_when_eta_is_2_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | 4uy -> serialize_when_eta_is_4_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | _ ->
+      serialized,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (t_Slice u8 & Prims.unit)
+  in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti
index 45782f6dc..ccad2e3cf 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti
@@ -23,11 +23,11 @@ val deserialize_to_unsigned (v_ETA: usize) (serialized: t_Slice u8)
 val deserialize (v_ETA: usize) (serialized: t_Slice u8)
     : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize_when_eta_is_2_ (simd_unit: u8) (out: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_eta_is_4_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize_when_eta_is_4_ (simd_unit: u8) (out: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize (v_ETA: usize) (simd_unit: u8) (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst
index 929fa141e..cb2d34680 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst
@@ -125,7 +125,7 @@ let deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) =
         <:
         Rust_primitives.Hax.t_Never)
 
-let serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_gamma1_is_2_pow_17_ (simd_unit: u8) (out: t_Slice u8) =
   let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
   let simd_unit_shifted:u8 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
@@ -192,20 +192,18 @@ let serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  Core.Result.impl__unwrap #(t_Array u8 v_OUTPUT_SIZE)
-    #Core.Array.t_TryFromSliceError
-    (Core.Convert.f_try_into #(t_Slice u8)
-        #(t_Array u8 v_OUTPUT_SIZE)
-        #FStar.Tactics.Typeclasses.solve
-        (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 18 }
-            <:
-            Core.Ops.Range.t_Range usize ]
+  let out:t_Slice u8 =
+    Core.Slice.impl__copy_from_slice #u8
+      out
+      (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 18 }
           <:
-          t_Slice u8)
-      <:
-      Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
+          Core.Ops.Range.t_Range usize ]
+        <:
+        t_Slice u8)
+  in
+  out
 
-let serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
+let serialize_when_gamma1_is_2_pow_19_ (simd_unit: u8) (out: t_Slice u8) =
   let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
   let simd_unit_shifted:u8 =
     Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32
@@ -267,25 +265,34 @@ let serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
         <:
         t_Slice u8)
   in
-  Core.Result.impl__unwrap #(t_Array u8 v_OUTPUT_SIZE)
-    #Core.Array.t_TryFromSliceError
-    (Core.Convert.f_try_into #(t_Slice u8)
-        #(t_Array u8 v_OUTPUT_SIZE)
-        #FStar.Tactics.Typeclasses.solve
-        (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 20 }
-            <:
-            Core.Ops.Range.t_Range usize ]
+  let hax_temp_output, out:(Prims.unit & t_Slice u8) =
+    (),
+    Core.Slice.impl__copy_from_slice #u8
+      out
+      (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 20 }
           <:
-          t_Slice u8)
-      <:
-      Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError)
+          Core.Ops.Range.t_Range usize ]
+        <:
+        t_Slice u8)
+    <:
+    (Prims.unit & t_Slice u8)
+  in
+  out
 
-let serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8) =
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 18uy -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit
-  | 20uy -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+let serialize (v_GAMMA1_EXPONENT: usize) (simd_unit: u8) (serialized: t_Slice u8) =
+  let serialized, hax_temp_output:(t_Slice u8 & Prims.unit) =
+    match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
+    | 17uy ->
+      serialize_when_gamma1_is_2_pow_17_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | 19uy ->
+      serialize_when_gamma1_is_2_pow_19_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | _ ->
+      serialized,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (t_Slice u8 & Prims.unit)
+  in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti
index 655c1c899..35fffc4e1 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti
@@ -26,11 +26,11 @@ val deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8)
 val deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8)
     : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize_when_gamma1_is_2_pow_17_ (simd_unit: u8) (out: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize_when_gamma1_is_2_pow_19_ (simd_unit: u8) (out: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
-val serialize (v_OUTPUT_SIZE: usize) (simd_unit: u8)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+val serialize (v_GAMMA1_EXPONENT: usize) (simd_unit: u8) (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst
index 3c5867826..2ccf9ed86 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst
@@ -344,21 +344,37 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
         out, hax_temp_output <: (t_Slice i32 & usize));
     f_gamma1_serialize_pre
     =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+    (fun
+        (v_GAMMA1_EXPONENT: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (serialized: t_Slice u8)
+        ->
         true);
     f_gamma1_serialize_post
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_GAMMA1_EXPONENT: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
+        (serialized: t_Slice u8)
+        (out: t_Slice u8)
         ->
         true);
     f_gamma1_serialize
     =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.serialize v_OUTPUT_SIZE
-          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    (fun
+        (v_GAMMA1_EXPONENT: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (serialized: t_Slice u8)
+        ->
+        let hax_temp_output, serialized:(Prims.unit & t_Slice u8) =
+          (),
+          Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.serialize v_GAMMA1_EXPONENT
+            simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            serialized
+          <:
+          (Prims.unit & t_Slice u8)
+        in
+        serialized);
     f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true);
     f_gamma1_deserialize_post
     =
@@ -377,38 +393,67 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit =
           (Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized <: u8));
     f_commitment_serialize_pre
     =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (serialized: t_Slice u8)
+        ->
         true);
     f_commitment_serialize_post
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
+        (serialized: t_Slice u8)
+        (out: t_Slice u8)
         ->
         true);
     f_commitment_serialize
     =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.serialize v_OUTPUT_SIZE
-          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    (fun
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (serialized: t_Slice u8)
+        ->
+        let hax_temp_output, serialized:(Prims.unit & t_Slice u8) =
+          (),
+          Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.serialize simd_unit
+              .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            serialized
+          <:
+          (Prims.unit & t_Slice u8)
+        in
+        serialized);
     f_error_serialize_pre
     =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
+    (fun
+        (v_ETA: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (serialized: t_Slice u8)
+        ->
         true);
     f_error_serialize_post
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_ETA: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
+        (serialized: t_Slice u8)
+        (out: t_Slice u8)
         ->
         true);
     f_error_serialize
     =
-    (fun (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) ->
-        Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.serialize v_OUTPUT_SIZE
-          simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients);
+    (fun
+        (v_ETA: usize)
+        (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit)
+        (serialized: t_Slice u8)
+        ->
+        let hax_temp_output, serialized:(Prims.unit & t_Slice u8) =
+          (),
+          Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.serialize v_ETA
+            simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients
+            serialized
+          <:
+          (Prims.unit & t_Slice u8)
+        in
+        serialized);
     f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true);
     f_error_deserialize_post
     =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst
index ff1788cd5..3fb3f1467 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst
@@ -4,69 +4,74 @@ open Core
 open FStar.Mul
 
 let serialize
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 4uy ->
-    let serialized:t_Array u8 v_OUTPUT_SIZE =
-      Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2)
-        (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let i, coefficients:(usize & t_Slice i32) = temp_1_ in
-            let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in
-            let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in
-            let serialized:t_Array u8 v_OUTPUT_SIZE =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
-                i
-                ((coefficient1 <<! 4l <: u8) |. coefficient0 <: u8)
-            in
-            serialized)
-    in
-    serialized
-  | 6uy ->
-    let serialized:t_Array u8 v_OUTPUT_SIZE =
-      Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4)
-        (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let _:usize = temp_1_ in
-            true)
-        serialized
-        (fun serialized temp_1_ ->
-            let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
-            let i, coefficients:(usize & t_Slice i32) = temp_1_ in
-            let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in
-            let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in
-            let coefficient2:u8 = cast (coefficients.[ sz 2 ] <: i32) <: u8 in
-            let coefficient3:u8 = cast (coefficients.[ sz 3 ] <: i32) <: u8 in
-            let serialized:t_Array u8 v_OUTPUT_SIZE =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
-                (sz 3 *! i <: usize)
-                ((coefficient1 <<! 6l <: u8) |. coefficient0 <: u8)
-            in
-            let serialized:t_Array u8 v_OUTPUT_SIZE =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
-                ((sz 3 *! i <: usize) +! sz 1 <: usize)
-                ((coefficient2 <<! 4l <: u8) |. (coefficient1 >>! 2l <: u8) <: u8)
-            in
-            let serialized:t_Array u8 v_OUTPUT_SIZE =
-              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
-                ((sz 3 *! i <: usize) +! sz 2 <: usize)
-                ((coefficient3 <<! 2l <: u8) |. (coefficient2 >>! 4l <: u8) <: u8)
-            in
-            serialized)
-    in
-    serialized
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let serialized, hax_temp_output:(t_Slice u8 & Prims.unit) =
+    match cast (Core.Slice.impl__len #u8 serialized <: usize) <: u8 with
+    | 4uy ->
+      let serialized:t_Slice u8 =
+        Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2)
+          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
+          (fun serialized temp_1_ ->
+              let serialized:t_Slice u8 = serialized in
+              let _:usize = temp_1_ in
+              true)
+          serialized
+          (fun serialized temp_1_ ->
+              let serialized:t_Slice u8 = serialized in
+              let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+              let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in
+              let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in
+              let serialized:t_Slice u8 =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+                  i
+                  ((coefficient1 <<! 4l <: u8) |. coefficient0 <: u8)
+              in
+              serialized)
+      in
+      serialized, (() <: Prims.unit) <: (t_Slice u8 & Prims.unit)
+    | 6uy ->
+      let serialized:t_Slice u8 =
+        Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4)
+          (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
+          (fun serialized temp_1_ ->
+              let serialized:t_Slice u8 = serialized in
+              let _:usize = temp_1_ in
+              true)
+          serialized
+          (fun serialized temp_1_ ->
+              let serialized:t_Slice u8 = serialized in
+              let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+              let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in
+              let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in
+              let coefficient2:u8 = cast (coefficients.[ sz 2 ] <: i32) <: u8 in
+              let coefficient3:u8 = cast (coefficients.[ sz 3 ] <: i32) <: u8 in
+              let serialized:t_Slice u8 =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+                  (sz 3 *! i <: usize)
+                  ((coefficient1 <<! 6l <: u8) |. coefficient0 <: u8)
+              in
+              let serialized:t_Slice u8 =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+                  ((sz 3 *! i <: usize) +! sz 1 <: usize)
+                  ((coefficient2 <<! 4l <: u8) |. (coefficient1 >>! 2l <: u8) <: u8)
+              in
+              let serialized:t_Slice u8 =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+                  ((sz 3 *! i <: usize) +! sz 2 <: usize)
+                  ((coefficient3 <<! 2l <: u8) |. (coefficient2 >>! 4l <: u8) <: u8)
+              in
+              serialized)
+      in
+      serialized, (() <: Prims.unit) <: (t_Slice u8 & Prims.unit)
+    | _ ->
+      serialized,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (t_Slice u8 & Prims.unit)
+  in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fsti
index cc50ef52c..a06e23904 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fsti
@@ -4,6 +4,6 @@ open Core
 open FStar.Mul
 
 val serialize
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst
index a91008218..2b13f6a43 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst
@@ -4,10 +4,9 @@ open Core
 open FStar.Mul
 
 let serialize_when_eta_is_2_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
   let coefficient0:u8 =
     cast (serialize_when_eta_is_2___ETA -!
         (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32)
@@ -72,12 +71,12 @@ let serialize_when_eta_is_2_
     <:
     u8
   in
-  let serialized:t_Array u8 v_OUTPUT_SIZE =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
       (sz 0)
       (((coefficient2 <<! 6l <: u8) |. (coefficient1 <<! 3l <: u8) <: u8) |. coefficient0 <: u8)
   in
-  let serialized:t_Array u8 v_OUTPUT_SIZE =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
       (sz 1)
       ((((coefficient5 <<! 7l <: u8) |. (coefficient4 <<! 4l <: u8) <: u8) |.
@@ -88,7 +87,7 @@ let serialize_when_eta_is_2_
         <:
         u8)
   in
-  let serialized:t_Array u8 v_OUTPUT_SIZE =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
       (sz 2)
       (((coefficient7 <<! 5l <: u8) |. (coefficient6 <<! 2l <: u8) <: u8) |.
@@ -288,20 +287,19 @@ let deserialize (v_ETA: usize) (serialized: t_Slice u8) =
         Rust_primitives.Hax.t_Never)
 
 let serialize_when_eta_is_4_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
-  let serialized:t_Array u8 v_OUTPUT_SIZE =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2)
       (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
+          let serialized:t_Slice u8 = serialized in
           let _:usize = temp_1_ in
           true)
       serialized
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
+          let serialized:t_Slice u8 = serialized in
           let i, coefficients:(usize & t_Slice i32) = temp_1_ in
           let coefficient0:u8 =
             cast (serialize_when_eta_is_4___ETA -! (coefficients.[ sz 0 ] <: i32) <: i32) <: u8
@@ -309,24 +307,32 @@ let serialize_when_eta_is_4_
           let coefficient1:u8 =
             cast (serialize_when_eta_is_4___ETA -! (coefficients.[ sz 1 ] <: i32) <: i32) <: u8
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               i
               ((coefficient1 <<! 4l <: u8) |. coefficient0 <: u8)
           in
           serialized)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   serialized
 
 let serialize
-      (v_OUTPUT_SIZE: usize)
+      (v_ETA: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 3uy -> serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit
-  | 4uy -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let serialized, hax_temp_output:(t_Slice u8 & Prims.unit) =
+    match cast (v_ETA <: usize) <: u8 with
+    | 2uy -> serialize_when_eta_is_2_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | 4uy -> serialize_when_eta_is_4_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | _ ->
+      serialized,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (t_Slice u8 & Prims.unit)
+  in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti
index e973dc734..3d5414485 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti
@@ -12,9 +12,9 @@ let serialize_when_eta_is_2___ETA: i32 = 2l
 let serialize_when_eta_is_4___ETA: i32 = 4l
 
 val serialize_when_eta_is_2_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
 val deserialize_when_eta_is_2_ (serialized: t_Slice u8)
     : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
@@ -32,11 +32,12 @@ val deserialize (v_ETA: usize) (serialized: t_Slice u8)
       (fun _ -> Prims.l_True)
 
 val serialize_when_eta_is_4_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
 val serialize
-      (v_OUTPUT_SIZE: usize)
+      (v_ETA: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst
index ca1f48e87..2f3e006e4 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst
@@ -203,20 +203,19 @@ let deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) =
         Rust_primitives.Hax.t_Never)
 
 let serialize_when_gamma1_is_2_pow_17_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
-  let serialized:t_Array u8 v_OUTPUT_SIZE =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4)
       (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
+          let serialized:t_Slice u8 = serialized in
           let _:usize = temp_1_ in
           true)
       serialized
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
+          let serialized:t_Slice u8 = serialized in
           let i, coefficients:(usize & t_Slice i32) = temp_1_ in
           let coefficient0:i32 =
             serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 0 ] <: i32)
@@ -230,22 +229,22 @@ let serialize_when_gamma1_is_2_pow_17_
           let coefficient3:i32 =
             serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 3 ] <: i32)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               (sz 9 *! i <: usize)
               (cast (coefficient0 <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 1 <: usize)
               (cast (coefficient0 >>! 8l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 2 <: usize)
               (cast (coefficient0 >>! 16l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 2 <: usize)
               ((serialized.[ (sz 9 *! i <: usize) +! sz 2 <: usize ] <: u8) |.
@@ -253,17 +252,17 @@ let serialize_when_gamma1_is_2_pow_17_
                 <:
                 u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 3 <: usize)
               (cast (coefficient1 >>! 6l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 4 <: usize)
               (cast (coefficient1 >>! 14l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 4 <: usize)
               ((serialized.[ (sz 9 *! i <: usize) +! sz 4 <: usize ] <: u8) |.
@@ -271,17 +270,17 @@ let serialize_when_gamma1_is_2_pow_17_
                 <:
                 u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 5 <: usize)
               (cast (coefficient2 >>! 4l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 6 <: usize)
               (cast (coefficient2 >>! 12l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 6 <: usize)
               ((serialized.[ (sz 9 *! i <: usize) +! sz 6 <: usize ] <: u8) |.
@@ -289,35 +288,35 @@ let serialize_when_gamma1_is_2_pow_17_
                 <:
                 u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 7 <: usize)
               (cast (coefficient3 >>! 2l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 9 *! i <: usize) +! sz 8 <: usize)
               (cast (coefficient3 >>! 10l <: i32) <: u8)
           in
           serialized)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   serialized
 
 let serialize_when_gamma1_is_2_pow_19_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in
-  let serialized:t_Array u8 v_OUTPUT_SIZE =
+  let serialized:t_Slice u8 =
     Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2)
       (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32)
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
+          let serialized:t_Slice u8 = serialized in
           let _:usize = temp_1_ in
           true)
       serialized
       (fun serialized temp_1_ ->
-          let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in
+          let serialized:t_Slice u8 = serialized in
           let i, coefficients:(usize & t_Slice i32) = temp_1_ in
           let coefficient0:i32 =
             serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ sz 0 ] <: i32)
@@ -325,22 +324,22 @@ let serialize_when_gamma1_is_2_pow_19_
           let coefficient1:i32 =
             serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ sz 1 ] <: i32)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               (sz 5 *! i <: usize)
               (cast (coefficient0 <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 5 *! i <: usize) +! sz 1 <: usize)
               (cast (coefficient0 >>! 8l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 5 *! i <: usize) +! sz 2 <: usize)
               (cast (coefficient0 >>! 16l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 5 *! i <: usize) +! sz 2 <: usize)
               ((serialized.[ (sz 5 *! i <: usize) +! sz 2 <: usize ] <: u8) |.
@@ -348,29 +347,39 @@ let serialize_when_gamma1_is_2_pow_19_
                 <:
                 u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 5 *! i <: usize) +! sz 3 <: usize)
               (cast (coefficient1 >>! 4l <: i32) <: u8)
           in
-          let serialized:t_Array u8 v_OUTPUT_SIZE =
+          let serialized:t_Slice u8 =
             Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
               ((sz 5 *! i <: usize) +! sz 4 <: usize)
               (cast (coefficient1 >>! 12l <: i32) <: u8)
           in
           serialized)
   in
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
   serialized
 
 let serialize
-      (v_OUTPUT_SIZE: usize)
+      (v_GAMMA1_EXPONENT: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+      (serialized: t_Slice u8)
      =
-  match cast (v_OUTPUT_SIZE <: usize) <: u8 with
-  | 18uy -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit
-  | 20uy -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit
-  | _ ->
-    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+  let serialized, hax_temp_output:(t_Slice u8 & Prims.unit) =
+    match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with
+    | 17uy ->
+      serialize_when_gamma1_is_2_pow_17_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | 19uy ->
+      serialize_when_gamma1_is_2_pow_19_ simd_unit serialized, () <: (t_Slice u8 & Prims.unit)
+    | _ ->
+      serialized,
+      Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
-        <:
-        Rust_primitives.Hax.t_Never)
+          <:
+          Rust_primitives.Hax.t_Never)
+      <:
+      (t_Slice u8 & Prims.unit)
+  in
+  serialized
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti
index a22f485c1..635329f6a 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti
@@ -33,16 +33,17 @@ val deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8)
       (fun _ -> Prims.l_True)
 
 val serialize_when_gamma1_is_2_pow_17_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
 val serialize_when_gamma1_is_2_pow_19_
-      (v_OUTPUT_SIZE: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
 val serialize
-      (v_OUTPUT_SIZE: usize)
+      (v_GAMMA1_EXPONENT: usize)
       (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-    : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+      (serialized: t_Slice u8)
+    : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst
index 25f533de9..b381e5f1b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst
@@ -6,9 +6,10 @@ open FStar.Mul
 let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Slice i32) =
   let sampled:usize = sz 0 in
   let out, sampled:(t_Slice i32 & usize) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Slice u8)
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter
+            u8)
           #FStar.Tactics.Typeclasses.solve
-          randomness
+          (Core.Slice.impl__iter #u8 randomness <: Core.Slice.Iter.t_Iter u8)
         <:
         Core.Slice.Iter.t_Iter u8)
       (out, sampled <: (t_Slice i32 & usize))
@@ -54,9 +55,10 @@ let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Sl
 let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Slice i32) =
   let sampled:usize = sz 0 in
   let out, sampled:(t_Slice i32 & usize) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Slice u8)
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter
+            u8)
           #FStar.Tactics.Typeclasses.solve
-          randomness
+          (Core.Slice.impl__iter #u8 randomness <: Core.Slice.Iter.t_Iter u8)
         <:
         Core.Slice.Iter.t_Iter u8)
       (out, sampled <: (t_Slice i32 & usize))
@@ -94,12 +96,12 @@ let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Sl
 let rejection_sample_less_than_field_modulus (randomness: t_Slice u8) (out: t_Slice i32) =
   let sampled:usize = sz 0 in
   let out, sampled:(t_Slice i32 & usize) =
-    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks
+    Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact
             u8)
           #FStar.Tactics.Typeclasses.solve
-          (Core.Slice.impl__chunks #u8 randomness (sz 3) <: Core.Slice.Iter.t_Chunks u8)
+          (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8)
         <:
-        Core.Slice.Iter.t_Chunks u8)
+        Core.Slice.Iter.t_ChunksExact u8)
       (out, sampled <: (t_Slice i32 & usize))
       (fun temp_0_ bytes ->
           let out, sampled:(t_Slice i32 & usize) = temp_0_ in
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst
index b5c72724c..a997fecc8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst
@@ -282,25 +282,36 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
     f_gamma1_serialize_pre
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_GAMMA1_EXPONENT: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (serialized: t_Slice u8)
         ->
         true);
     f_gamma1_serialize_post
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_GAMMA1_EXPONENT: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
+        (serialized: t_Slice u8)
+        (out: t_Slice u8)
         ->
         true);
     f_gamma1_serialize
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_GAMMA1_EXPONENT: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (serialized: t_Slice u8)
         ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.serialize v_OUTPUT_SIZE simd_unit);
+        let hax_temp_output, serialized:(Prims.unit & t_Slice u8) =
+          (),
+          Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.serialize v_GAMMA1_EXPONENT
+            simd_unit
+            serialized
+          <:
+          (Prims.unit & t_Slice u8)
+        in
+        serialized);
     f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true);
     f_gamma1_deserialize_post
     =
@@ -317,47 +328,60 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit =
     f_commitment_serialize_pre
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (serialized: t_Slice u8)
         ->
         true);
     f_commitment_serialize_post
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
+        (serialized: t_Slice u8)
+        (out: t_Slice u8)
         ->
         true);
     f_commitment_serialize
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (serialized: t_Slice u8)
         ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.serialize v_OUTPUT_SIZE simd_unit);
+        let hax_temp_output, serialized:(Prims.unit & t_Slice u8) =
+          (), Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.serialize simd_unit serialized
+          <:
+          (Prims.unit & t_Slice u8)
+        in
+        serialized);
     f_error_serialize_pre
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_ETA: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (serialized: t_Slice u8)
         ->
         true);
     f_error_serialize_post
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_ETA: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
-        (out: t_Array u8 v_OUTPUT_SIZE)
+        (serialized: t_Slice u8)
+        (out: t_Slice u8)
         ->
         true);
     f_error_serialize
     =
     (fun
-        (v_OUTPUT_SIZE: usize)
+        (v_ETA: usize)
         (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)
+        (serialized: t_Slice u8)
         ->
-        Libcrux_ml_dsa.Simd.Portable.Encoding.Error.serialize v_OUTPUT_SIZE simd_unit);
+        let hax_temp_output, serialized:(Prims.unit & t_Slice u8) =
+          (), Libcrux_ml_dsa.Simd.Portable.Encoding.Error.serialize v_ETA simd_unit serialized
+          <:
+          (Prims.unit & t_Slice u8)
+        in
+        serialized);
     f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true);
     f_error_deserialize_post
     =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti
index 280e421e6..9b879cee0 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti
@@ -92,30 +92,30 @@ class t_Operations (v_Self: Type0) = {
     -> Prims.Pure (t_Slice i32 & usize)
         (f_rejection_sample_less_than_eta_equals_4_pre x0 x1)
         (fun result -> f_rejection_sample_less_than_eta_equals_4_post x0 x1 result);
-  f_gamma1_serialize_pre:v_OUTPUT_SIZE: usize -> v_Self -> Type0;
-  f_gamma1_serialize_post:v_OUTPUT_SIZE: usize -> v_Self -> t_Array u8 v_OUTPUT_SIZE -> Type0;
-  f_gamma1_serialize:v_OUTPUT_SIZE: usize -> x0: v_Self
-    -> Prims.Pure (t_Array u8 v_OUTPUT_SIZE)
-        (f_gamma1_serialize_pre v_OUTPUT_SIZE x0)
-        (fun result -> f_gamma1_serialize_post v_OUTPUT_SIZE x0 result);
+  f_gamma1_serialize_pre:v_GAMMA1_EXPONENT: usize -> v_Self -> t_Slice u8 -> Type0;
+  f_gamma1_serialize_post:v_GAMMA1_EXPONENT: usize -> v_Self -> t_Slice u8 -> t_Slice u8 -> Type0;
+  f_gamma1_serialize:v_GAMMA1_EXPONENT: usize -> x0: v_Self -> x1: t_Slice u8
+    -> Prims.Pure (t_Slice u8)
+        (f_gamma1_serialize_pre v_GAMMA1_EXPONENT x0 x1)
+        (fun result -> f_gamma1_serialize_post v_GAMMA1_EXPONENT x0 x1 result);
   f_gamma1_deserialize_pre:v_GAMMA1_EXPONENT: usize -> t_Slice u8 -> Type0;
   f_gamma1_deserialize_post:v_GAMMA1_EXPONENT: usize -> t_Slice u8 -> v_Self -> Type0;
   f_gamma1_deserialize:v_GAMMA1_EXPONENT: usize -> x0: t_Slice u8
     -> Prims.Pure v_Self
         (f_gamma1_deserialize_pre v_GAMMA1_EXPONENT x0)
         (fun result -> f_gamma1_deserialize_post v_GAMMA1_EXPONENT x0 result);
-  f_commitment_serialize_pre:v_OUTPUT_SIZE: usize -> v_Self -> Type0;
-  f_commitment_serialize_post:v_OUTPUT_SIZE: usize -> v_Self -> t_Array u8 v_OUTPUT_SIZE -> Type0;
-  f_commitment_serialize:v_OUTPUT_SIZE: usize -> x0: v_Self
-    -> Prims.Pure (t_Array u8 v_OUTPUT_SIZE)
-        (f_commitment_serialize_pre v_OUTPUT_SIZE x0)
-        (fun result -> f_commitment_serialize_post v_OUTPUT_SIZE x0 result);
-  f_error_serialize_pre:v_OUTPUT_SIZE: usize -> v_Self -> Type0;
-  f_error_serialize_post:v_OUTPUT_SIZE: usize -> v_Self -> t_Array u8 v_OUTPUT_SIZE -> Type0;
-  f_error_serialize:v_OUTPUT_SIZE: usize -> x0: v_Self
-    -> Prims.Pure (t_Array u8 v_OUTPUT_SIZE)
-        (f_error_serialize_pre v_OUTPUT_SIZE x0)
-        (fun result -> f_error_serialize_post v_OUTPUT_SIZE x0 result);
+  f_commitment_serialize_pre:v_Self -> t_Slice u8 -> Type0;
+  f_commitment_serialize_post:v_Self -> t_Slice u8 -> t_Slice u8 -> Type0;
+  f_commitment_serialize:x0: v_Self -> x1: t_Slice u8
+    -> Prims.Pure (t_Slice u8)
+        (f_commitment_serialize_pre x0 x1)
+        (fun result -> f_commitment_serialize_post x0 x1 result);
+  f_error_serialize_pre:v_ETA: usize -> v_Self -> t_Slice u8 -> Type0;
+  f_error_serialize_post:v_ETA: usize -> v_Self -> t_Slice u8 -> t_Slice u8 -> Type0;
+  f_error_serialize:v_ETA: usize -> x0: v_Self -> x1: t_Slice u8
+    -> Prims.Pure (t_Slice u8)
+        (f_error_serialize_pre v_ETA x0 x1)
+        (fun result -> f_error_serialize_post v_ETA x0 x1 result);
   f_error_deserialize_pre:v_ETA: usize -> t_Slice u8 -> Type0;
   f_error_deserialize_post:v_ETA: usize -> t_Slice u8 -> v_Self -> Type0;
   f_error_deserialize:v_ETA: usize -> x0: t_Slice u8
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
index 1707b9546..0a457fc6e 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
@@ -34,7 +34,7 @@ let t_VerificationError_cast_to_repr (x: t_VerificationError) =
   | VerificationError_MalformedHintError  -> isz 0
   | VerificationError_SignerResponseExceedsBoundError  -> isz 1
   | VerificationError_CommitmentHashesDontMatchError  -> isz 3
-  | VerificationError_ContextTooLongError  -> isz 6
+  | VerificationError_VerificationContextTooLongError  -> isz 6
 
 let impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value <: t_Slice u8
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
index e01708ed2..0a03514df 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
@@ -64,7 +64,7 @@ type t_VerificationError =
   | VerificationError_MalformedHintError : t_VerificationError
   | VerificationError_SignerResponseExceedsBoundError : t_VerificationError
   | VerificationError_CommitmentHashesDontMatchError : t_VerificationError
-  | VerificationError_ContextTooLongError : t_VerificationError
+  | VerificationError_VerificationContextTooLongError : t_VerificationError
 
 val t_VerificationError_cast_to_repr (x: t_VerificationError)
     : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True)

From 4019b3a2469042e6315b432d25d3467181b3cd81 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 9 Dec 2024 19:54:58 +0000
Subject: [PATCH 092/142] sampling avx2

---
 libcrux-ml-dsa/src/ml_dsa_generic.rs |  18 +-
 libcrux-ml-dsa/src/sample.rs         | 121 ++++++++-----
 libcrux-ml-dsa/src/samplex4.rs       | 257 +++++++++++++--------------
 3 files changed, 218 insertions(+), 178 deletions(-)

diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 717861772..bf6950aa8 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -26,6 +26,7 @@ pub(crate) mod multiplexing;
 
 /// Generate a key pair.
 #[inline(always)]
+#[allow(unsafe_code)]
 pub(crate) fn generate_key_pair<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
@@ -54,8 +55,9 @@ pub(crate) fn generate_key_pair<
     let (seed_for_error_vectors, seed_for_signing) =
         seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE);
 
-    let a_as_ntt =
-        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(seed_for_a));
+    let a_as_ntt = unsafe {
+        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(seed_for_a))
+    };
 
     let (s1, s2) = samplex4::sample_s1_and_s2::<SIMDUnit, Shake256X4, ETA, COLUMNS_IN_A, ROWS_IN_A>(
         into_padded_array(seed_for_error_vectors),
@@ -224,6 +226,7 @@ pub(crate) fn sign<
 /// `message` already contains the domain separation.
 #[allow(non_snake_case)]
 #[inline(always)]
+#[allow(unsafe_code)]
 pub(crate) fn sign_internal<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
@@ -260,8 +263,9 @@ pub(crate) fn sign_internal<
             SIGNING_KEY_SIZE,
         >(signing_key);
 
-    let A_as_ntt =
-        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
+    let A_as_ntt = unsafe {
+        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A))
+    };
 
     let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
     derive_message_representative::<Shake256Xof>(
@@ -466,6 +470,7 @@ fn derive_message_representative<Shake256Xof: shake256::Xof>(
 /// `message` already contains the domain separation.
 #[allow(non_snake_case)]
 #[inline(always)]
+#[allow(unsafe_code)]
 pub(crate) fn verify_internal<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
@@ -514,8 +519,9 @@ pub(crate) fn verify_internal<
     ) {
         return Err(VerificationError::SignerResponseExceedsBoundError);
     }
-    let A_as_ntt =
-        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
+    let A_as_ntt = unsafe {
+        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A))
+    };
 
     let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH];
     Shake256::shake256::<BYTES_FOR_VERIFICATION_KEY_HASH>(
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 96ab1655f..b0d011258 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -34,17 +34,58 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
     done
 }
 
-pub(crate) fn sample_four_ring_elements<SIMDUnit: Operations>(
+pub(super) struct SampleArgs<
+    'a,
+    SIMDUnit: Operations,
+    const ROWS_IN_A: usize,
+    const COLUMNS_IN_A: usize,
+> {
+    pub(super) rand_stack: &'a mut (
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+    ),
+    pub(super) tmp_stack: &'a mut [[i32; 263]],
+    pub(super) out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
+    pub(super) indices: &'a [(usize, usize)],
+}
+
+impl<'a, SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>
+    SampleArgs<'a, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>
+{
+    pub(super) fn new(
+        rand_stack: &'a mut (
+            [u8; shake128::FIVE_BLOCKS_SIZE],
+            [u8; shake128::FIVE_BLOCKS_SIZE],
+            [u8; shake128::FIVE_BLOCKS_SIZE],
+            [u8; shake128::FIVE_BLOCKS_SIZE],
+        ),
+        tmp_stack: &'a mut [[i32; 263]],
+        out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
+        indices: &'a [(usize, usize)],
+    ) -> Self {
+        Self {
+            rand_stack,
+            tmp_stack,
+            out,
+            indices,
+        }
+    }
+}
+
+#[inline(always)]
+pub(crate) fn sample_four_ring_elements<
+    SIMDUnit: Operations,
+    const ROWS_IN_A: usize,
+    const COLUMNS_IN_A: usize,
+>(
     mut seed0: [u8; 34],
     domain_separator0: u16,
     domain_separator1: u16,
     domain_seperator2: u16,
     domain_separator3: u16,
-) -> (
-    PolynomialRingElement<SIMDUnit>,
-    PolynomialRingElement<SIMDUnit>,
-    PolynomialRingElement<SIMDUnit>,
-    PolynomialRingElement<SIMDUnit>,
+    memory: &mut SampleArgs<'_, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>,
 ) {
     use crate::hash_functions::shake128::XofX4;
 
@@ -69,17 +110,13 @@ pub(crate) fn sample_four_ring_elements<SIMDUnit: Operations>(
     // version, which actually results in faster code (except for key
     // generation), even in the AVX2 instantiation of ML-DSA.
     let mut state =
-        crate::hash_functions::portable::Shake128X4::init_absorb(&seed0, &seed1, &seed2, &seed3);
+        crate::hash_functions::simd256::Shake128x4::init_absorb(&seed0, &seed1, &seed2, &seed3);
 
-    let mut randomness0 = [0u8; shake128::FIVE_BLOCKS_SIZE];
-    let mut randomness1 = [0u8; shake128::FIVE_BLOCKS_SIZE];
-    let mut randomness2 = [0u8; shake128::FIVE_BLOCKS_SIZE];
-    let mut randomness3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     state.squeeze_first_five_blocks(
-        &mut randomness0,
-        &mut randomness1,
-        &mut randomness2,
-        &mut randomness3,
+        &mut memory.rand_stack.0,
+        &mut memory.rand_stack.1,
+        &mut memory.rand_stack.2,
+        &mut memory.rand_stack.3,
     );
 
     // Every call to |rejection_sample_less_than_field_modulus|
@@ -90,35 +127,30 @@ pub(crate) fn sample_four_ring_elements<SIMDUnit: Operations>(
     //
     // To ensure we don't overflow the buffer in this case, we allocate 255 + 8
     // = 263 elements.
-    let mut coefficients0 = [0i32; 263];
-    let mut coefficients1 = [0i32; 263];
-    let mut coefficients2 = [0i32; 263];
-    let mut coefficients3 = [0i32; 263];
-
     let mut sampled0 = 0;
     let mut sampled1 = 0;
     let mut sampled2 = 0;
     let mut sampled3 = 0;
 
     let mut done0 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &randomness0,
+        &mut memory.rand_stack.0,
         &mut sampled0,
-        &mut coefficients0,
+        &mut memory.tmp_stack[0],
     );
     let mut done1 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &randomness1,
+        &mut memory.rand_stack.1,
         &mut sampled1,
-        &mut coefficients1,
+        &mut memory.tmp_stack[1],
     );
     let mut done2 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &randomness2,
+        &mut memory.rand_stack.2,
         &mut sampled2,
-        &mut coefficients2,
+        &mut memory.tmp_stack[2],
     );
     let mut done3 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &randomness3,
+        &mut memory.rand_stack.3,
         &mut sampled3,
-        &mut coefficients3,
+        &mut memory.tmp_stack[3],
     );
 
     while !done0 || !done1 || !done2 || !done3 {
@@ -127,38 +159,36 @@ pub(crate) fn sample_four_ring_elements<SIMDUnit: Operations>(
             done0 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.0,
                 &mut sampled0,
-                &mut coefficients0,
+                &mut memory.tmp_stack[0],
             );
         }
         if !done1 {
             done1 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.1,
                 &mut sampled1,
-                &mut coefficients1,
+                &mut memory.tmp_stack[1],
             );
         }
         if !done2 {
             done2 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.2,
                 &mut sampled2,
-                &mut coefficients2,
+                &mut memory.tmp_stack[2],
             );
         }
         if !done3 {
             done3 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.3,
                 &mut sampled3,
-                &mut coefficients3,
+                &mut memory.tmp_stack[3],
             );
         }
     }
 
-    (
-        PolynomialRingElement::<SIMDUnit>::from_i32_array(&coefficients0),
-        PolynomialRingElement::<SIMDUnit>::from_i32_array(&coefficients1),
-        PolynomialRingElement::<SIMDUnit>::from_i32_array(&coefficients2),
-        PolynomialRingElement::<SIMDUnit>::from_i32_array(&coefficients3),
-    )
+    for (k, (i, j)) in memory.indices.iter().enumerate() {
+        memory.out[*i][*j] =
+            PolynomialRingElement::<SIMDUnit>::from_i32_array(&memory.tmp_stack[k]);
+    }
 }
 
 #[inline(always)]
@@ -502,15 +532,26 @@ mod tests {
     fn sample_ring_element_uniform<SIMDUnit: Operations>(
         seed: [u8; 34],
     ) -> PolynomialRingElement<SIMDUnit> {
-        let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+        let mut rand_stack = (
+            [0u8; shake128::FIVE_BLOCKS_SIZE],
+            [0u8; shake128::FIVE_BLOCKS_SIZE],
+            [0u8; shake128::FIVE_BLOCKS_SIZE],
+            [0u8; shake128::FIVE_BLOCKS_SIZE],
+        );
+        let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
+        let mut out = [[PolynomialRingElement::<SIMDUnit>::ZERO(); 4]; 1];
+        let indices = [(0, 0), (0, 1), (0, 2), (0, 3)];
+        let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut out, &indices);
+        sample_four_ring_elements::<SIMDUnit, 1, 4>(
             seed,
             ((seed[33] as u16) << 8) | (seed[32] as u16),
             0,
             0,
             0,
+            &mut memory,
         );
 
-        four_ring_elements.0
+        out[0][0]
     }
 
     // This is just a wrapper around sample_four_ring_elements, for testing
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index edf06d13c..77cb1b7f8 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -1,7 +1,7 @@
 use crate::{
-    hash_functions::shake256,
+    hash_functions::{shake128, shake256},
     polynomial::PolynomialRingElement,
-    sample::{sample_four_error_ring_elements, sample_four_ring_elements},
+    sample::{sample_four_error_ring_elements, sample_four_ring_elements, SampleArgs},
     simd::traits::Operations,
 };
 
@@ -38,53 +38,57 @@ pub(crate) fn matrix_A_4_by_4<
     let mut A: Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A> =
         [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    let mut rand_stack = (
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+    );
+    let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
+    let mut memory = SampleArgs::new(
+        &mut rand_stack,
+        &mut tmp_stack,
+        &mut A,
+        &[(0, 0), (0, 1), (0, 2), (0, 3)],
+    );
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(0, 0),
         generate_domain_separator(0, 1),
         generate_domain_separator(0, 2),
         generate_domain_separator(0, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 0, 0, four_ring_elements.0);
-    update_matrix(&mut A, 0, 1, four_ring_elements.1);
-    update_matrix(&mut A, 0, 2, four_ring_elements.2);
-    update_matrix(&mut A, 0, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(1, 0), (1, 1), (1, 2), (1, 3)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(1, 0),
         generate_domain_separator(1, 1),
         generate_domain_separator(1, 2),
         generate_domain_separator(1, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 1, 0, four_ring_elements.0);
-    update_matrix(&mut A, 1, 1, four_ring_elements.1);
-    update_matrix(&mut A, 1, 2, four_ring_elements.2);
-    update_matrix(&mut A, 1, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(2, 0), (2, 1), (2, 2), (2, 3)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(2, 0),
         generate_domain_separator(2, 1),
         generate_domain_separator(2, 2),
         generate_domain_separator(2, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 2, 0, four_ring_elements.0);
-    update_matrix(&mut A, 2, 1, four_ring_elements.1);
-    update_matrix(&mut A, 2, 2, four_ring_elements.2);
-    update_matrix(&mut A, 2, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(3, 0), (3, 1), (3, 2), (3, 3)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(3, 0),
         generate_domain_separator(3, 1),
         generate_domain_separator(3, 2),
         generate_domain_separator(3, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 3, 0, four_ring_elements.0);
-    update_matrix(&mut A, 3, 1, four_ring_elements.1);
-    update_matrix(&mut A, 3, 2, four_ring_elements.2);
-    update_matrix(&mut A, 3, 3, four_ring_elements.3);
 
     A
 }
@@ -100,103 +104,102 @@ pub(crate) fn matrix_A_6_by_5<
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     let mut A = [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    let mut rand_stack = (
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+    );
+    let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
+    let mut memory = SampleArgs::new(
+        &mut rand_stack,
+        &mut tmp_stack,
+        &mut A,
+        &[(0, 0), (0, 1), (0, 2), (0, 3)],
+    );
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(0, 0),
         generate_domain_separator(0, 1),
         generate_domain_separator(0, 2),
         generate_domain_separator(0, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 0, 0, four_ring_elements.0);
-    update_matrix(&mut A, 0, 1, four_ring_elements.1);
-    update_matrix(&mut A, 0, 2, four_ring_elements.2);
-    update_matrix(&mut A, 0, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(0, 4), (1, 0), (1, 1), (1, 2)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(0, 4),
         generate_domain_separator(1, 0),
         generate_domain_separator(1, 1),
         generate_domain_separator(1, 2),
+        &mut memory,
     );
-    update_matrix(&mut A, 0, 4, four_ring_elements.0);
-    update_matrix(&mut A, 1, 0, four_ring_elements.1);
-    update_matrix(&mut A, 1, 1, four_ring_elements.2);
-    update_matrix(&mut A, 1, 2, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(1, 3), (1, 4), (2, 0), (2, 1)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(1, 3),
         generate_domain_separator(1, 4),
         generate_domain_separator(2, 0),
         generate_domain_separator(2, 1),
+        &mut memory,
     );
-    update_matrix(&mut A, 1, 3, four_ring_elements.0);
-    update_matrix(&mut A, 1, 4, four_ring_elements.1);
-    update_matrix(&mut A, 2, 0, four_ring_elements.2);
-    update_matrix(&mut A, 2, 1, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(2, 2), (2, 3), (2, 4), (3, 0)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(2, 2),
         generate_domain_separator(2, 3),
         generate_domain_separator(2, 4),
         generate_domain_separator(3, 0),
+        &mut memory,
     );
-    update_matrix(&mut A, 2, 2, four_ring_elements.0);
-    update_matrix(&mut A, 2, 3, four_ring_elements.1);
-    update_matrix(&mut A, 2, 4, four_ring_elements.2);
-    update_matrix(&mut A, 3, 0, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(3, 1), (3, 2), (3, 3), (3, 4)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(3, 1),
         generate_domain_separator(3, 2),
         generate_domain_separator(3, 3),
         generate_domain_separator(3, 4),
+        &mut memory,
     );
-    update_matrix(&mut A, 3, 1, four_ring_elements.0);
-    update_matrix(&mut A, 3, 2, four_ring_elements.1);
-    update_matrix(&mut A, 3, 3, four_ring_elements.2);
-    update_matrix(&mut A, 3, 4, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(4, 0),
         generate_domain_separator(4, 1),
         generate_domain_separator(4, 2),
         generate_domain_separator(4, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 4, 0, four_ring_elements.0);
-    update_matrix(&mut A, 4, 1, four_ring_elements.1);
-    update_matrix(&mut A, 4, 2, four_ring_elements.2);
-    update_matrix(&mut A, 4, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(4, 4), (5, 0), (5, 1), (5, 2)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(4, 4),
         generate_domain_separator(5, 0),
         generate_domain_separator(5, 1),
         generate_domain_separator(5, 2),
+        &mut memory,
     );
-    update_matrix(&mut A, 4, 4, four_ring_elements.0);
-    update_matrix(&mut A, 5, 0, four_ring_elements.1);
-    update_matrix(&mut A, 5, 1, four_ring_elements.2);
-    update_matrix(&mut A, 5, 2, four_ring_elements.3);
 
     // The the last 2 sampled ring elements are discarded here.
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(5, 3), (5, 4)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(5, 3),
         generate_domain_separator(5, 4),
         generate_domain_separator(5, 5),
         generate_domain_separator(5, 6),
+        &mut memory,
     );
-    update_matrix(&mut A, 5, 3, four_ring_elements.0);
-    update_matrix(&mut A, 5, 4, four_ring_elements.1);
 
     A
 }
+
 #[allow(non_snake_case)]
 #[inline(always)]
 pub(crate) fn matrix_A_8_by_7<
@@ -208,179 +211,169 @@ pub(crate) fn matrix_A_8_by_7<
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     let mut A = [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    let mut rand_stack = (
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+        [0u8; shake128::FIVE_BLOCKS_SIZE],
+    );
+    let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
+    let mut memory = SampleArgs::new(
+        &mut rand_stack,
+        &mut tmp_stack,
+        &mut A,
+        &[(0, 0), (0, 1), (0, 2), (0, 3)],
+    );
+
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(0, 0),
         generate_domain_separator(0, 1),
         generate_domain_separator(0, 2),
         generate_domain_separator(0, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 0, 0, four_ring_elements.0);
-    update_matrix(&mut A, 0, 1, four_ring_elements.1);
-    update_matrix(&mut A, 0, 2, four_ring_elements.2);
-    update_matrix(&mut A, 0, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(0, 4), (0, 5), (0, 6), (1, 0)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(0, 4),
         generate_domain_separator(0, 5),
         generate_domain_separator(0, 6),
         generate_domain_separator(1, 0),
+        &mut memory,
     );
-    update_matrix(&mut A, 0, 4, four_ring_elements.0);
-    update_matrix(&mut A, 0, 5, four_ring_elements.1);
-    update_matrix(&mut A, 0, 6, four_ring_elements.2);
-    update_matrix(&mut A, 1, 0, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(1, 1), (1, 2), (1, 3), (1, 4)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(1, 1),
         generate_domain_separator(1, 2),
         generate_domain_separator(1, 3),
         generate_domain_separator(1, 4),
+        &mut memory,
     );
-    update_matrix(&mut A, 1, 1, four_ring_elements.0);
-    update_matrix(&mut A, 1, 2, four_ring_elements.1);
-    update_matrix(&mut A, 1, 3, four_ring_elements.2);
-    update_matrix(&mut A, 1, 4, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(1, 5), (1, 6), (2, 0), (2, 1)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(1, 5),
         generate_domain_separator(1, 6),
         generate_domain_separator(2, 0),
         generate_domain_separator(2, 1),
+        &mut memory,
     );
-    update_matrix(&mut A, 1, 5, four_ring_elements.0);
-    update_matrix(&mut A, 1, 6, four_ring_elements.1);
-    update_matrix(&mut A, 2, 0, four_ring_elements.2);
-    update_matrix(&mut A, 2, 1, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(2, 2), (2, 3), (2, 4), (2, 5)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(2, 2),
         generate_domain_separator(2, 3),
         generate_domain_separator(2, 4),
         generate_domain_separator(2, 5),
+        &mut memory,
     );
-    update_matrix(&mut A, 2, 2, four_ring_elements.0);
-    update_matrix(&mut A, 2, 3, four_ring_elements.1);
-    update_matrix(&mut A, 2, 4, four_ring_elements.2);
-    update_matrix(&mut A, 2, 5, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(2, 6), (3, 0), (3, 1), (3, 2)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(2, 6),
         generate_domain_separator(3, 0),
         generate_domain_separator(3, 1),
         generate_domain_separator(3, 2),
+        &mut memory,
     );
-    update_matrix(&mut A, 2, 6, four_ring_elements.0);
-    update_matrix(&mut A, 3, 0, four_ring_elements.1);
-    update_matrix(&mut A, 3, 1, four_ring_elements.2);
-    update_matrix(&mut A, 3, 2, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(3, 3), (3, 4), (3, 5), (3, 6)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(3, 3),
         generate_domain_separator(3, 4),
         generate_domain_separator(3, 5),
         generate_domain_separator(3, 6),
+        &mut memory,
     );
-    update_matrix(&mut A, 3, 3, four_ring_elements.0);
-    update_matrix(&mut A, 3, 4, four_ring_elements.1);
-    update_matrix(&mut A, 3, 5, four_ring_elements.2);
-    update_matrix(&mut A, 3, 6, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(4, 0),
         generate_domain_separator(4, 1),
         generate_domain_separator(4, 2),
         generate_domain_separator(4, 3),
+        &mut memory,
     );
-    update_matrix(&mut A, 4, 0, four_ring_elements.0);
-    update_matrix(&mut A, 4, 1, four_ring_elements.1);
-    update_matrix(&mut A, 4, 2, four_ring_elements.2);
-    update_matrix(&mut A, 4, 3, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(4, 4), (4, 5), (4, 6), (5, 0)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(4, 4),
         generate_domain_separator(4, 5),
         generate_domain_separator(4, 6),
         generate_domain_separator(5, 0),
+        &mut memory,
     );
-    update_matrix(&mut A, 4, 4, four_ring_elements.0);
-    update_matrix(&mut A, 4, 5, four_ring_elements.1);
-    update_matrix(&mut A, 4, 6, four_ring_elements.2);
-    update_matrix(&mut A, 5, 0, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(5, 1), (5, 2), (5, 3), (5, 4)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(5, 1),
         generate_domain_separator(5, 2),
         generate_domain_separator(5, 3),
         generate_domain_separator(5, 4),
+        &mut memory,
     );
-    update_matrix(&mut A, 5, 1, four_ring_elements.0);
-    update_matrix(&mut A, 5, 2, four_ring_elements.1);
-    update_matrix(&mut A, 5, 3, four_ring_elements.2);
-    update_matrix(&mut A, 5, 4, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(5, 5), (5, 6), (6, 0), (6, 1)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(5, 5),
         generate_domain_separator(5, 6),
         generate_domain_separator(6, 0),
         generate_domain_separator(6, 1),
+        &mut memory,
     );
-    update_matrix(&mut A, 5, 5, four_ring_elements.0);
-    update_matrix(&mut A, 5, 6, four_ring_elements.1);
-    update_matrix(&mut A, 6, 0, four_ring_elements.2);
-    update_matrix(&mut A, 6, 1, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(6, 2), (6, 3), (6, 4), (6, 5)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(6, 2),
         generate_domain_separator(6, 3),
         generate_domain_separator(6, 4),
         generate_domain_separator(6, 5),
+        &mut memory,
     );
-    update_matrix(&mut A, 6, 2, four_ring_elements.0);
-    update_matrix(&mut A, 6, 3, four_ring_elements.1);
-    update_matrix(&mut A, 6, 4, four_ring_elements.2);
-    update_matrix(&mut A, 6, 5, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(6, 6), (7, 0), (7, 1), (7, 2)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(6, 6),
         generate_domain_separator(7, 0),
         generate_domain_separator(7, 1),
         generate_domain_separator(7, 2),
+        &mut memory,
     );
-    update_matrix(&mut A, 6, 6, four_ring_elements.0);
-    update_matrix(&mut A, 7, 0, four_ring_elements.1);
-    update_matrix(&mut A, 7, 1, four_ring_elements.2);
-    update_matrix(&mut A, 7, 2, four_ring_elements.3);
 
-    let four_ring_elements = sample_four_ring_elements::<SIMDUnit>(
+    memory.indices = &[(7, 3), (7, 4), (7, 5), (7, 6)];
+    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         generate_domain_separator(7, 3),
         generate_domain_separator(7, 4),
         generate_domain_separator(7, 5),
         generate_domain_separator(7, 6),
+        &mut memory,
     );
-    update_matrix(&mut A, 7, 3, four_ring_elements.0);
-    update_matrix(&mut A, 7, 4, four_ring_elements.1);
-    update_matrix(&mut A, 7, 5, four_ring_elements.2);
-    update_matrix(&mut A, 7, 6, four_ring_elements.3);
 
     A
 }
+
+// XXX: of course we can't do this unconditionally, but with the manual monomorphization
+//      macro, we could inject this. This gives us +50% faster key generation and +70% signing.
+#[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+#[allow(unsafe_code)]
 #[allow(non_snake_case)]
-#[inline(always)]
-pub(crate) fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+// #[inline(always)]
+pub(crate) unsafe fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
     seed: [u8; 34],
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) {

From 4d93aa650826db49d66a848c5973002444c747c0 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 10 Dec 2024 11:12:55 +0000
Subject: [PATCH 093/142] Update Makefile

---
 libcrux-ml-kem/proofs/fstar/extraction/Makefile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index 1aa982aae..6ea6fa381 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,9 +1,7 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
-ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fsti \
-              Libcrux_ml_kem.Vector.Avx2.fst \
+ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fst \
               Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
-              Libcrux_ml_kem.Vector.Avx2.Sampling.fst \
               Libcrux_ml_kem.Vector.Rej_sample_table.fsti \
               Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \
               Libcrux_ml_kem.Vector.Neon.Compress.fst \

From c70eb875ca047b22973a1a0a620c57e54386b8de Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 10 Dec 2024 11:31:29 +0000
Subject: [PATCH 094/142] Remove AVX2 modules from ADMIT_MODULES

---
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst   | 4 ++++
 .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst       | 8 ++++++++
 libcrux-ml-kem/proofs/fstar/extraction/Makefile           | 4 +---
 libcrux-ml-kem/src/vector/avx2.rs                         | 8 ++++++++
 libcrux-ml-kem/src/vector/avx2/ntt.rs                     | 1 +
 5 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst
index 504a87112..6d1f1794f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst
@@ -155,6 +155,8 @@ let ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i
   in
   Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 1l combined upper_coefficients
 
+#push-options "--admit_smt_queries true"
+
 let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) =
   let shuffle_with:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
     Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y
@@ -245,3 +247,5 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta
     Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l products_right
   in
   Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 170l products_left products_right
+
+#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
index 29d63bae8..81f5dc7a5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
@@ -458,6 +458,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_serialize_1_
     =
     (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
         Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements);
     f_deserialize_1_pre
     =
@@ -469,6 +470,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_deserialize_1_
     =
     (fun (bytes: t_Slice u8) ->
+        let _:Prims.unit = admit () in
         { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes }
         <:
         t_SIMD256Vector);
@@ -483,6 +485,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_serialize_4_
     =
     (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
         Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements);
     f_deserialize_4_pre
     =
@@ -494,6 +497,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_deserialize_4_
     =
     (fun (bytes: t_Slice u8) ->
+        let _:Prims.unit = admit () in
         { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes }
         <:
         t_SIMD256Vector);
@@ -526,6 +530,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_serialize_10_
     =
     (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
         Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements);
     f_deserialize_10_pre
     =
@@ -537,6 +542,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_deserialize_10_
     =
     (fun (bytes: t_Slice u8) ->
+        let _:Prims.unit = admit () in
         { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes }
         <:
         t_SIMD256Vector);
@@ -567,6 +573,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_serialize_12_
     =
     (fun (vector: t_SIMD256Vector) ->
+        let _:Prims.unit = admit () in
         Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements);
     f_deserialize_12_pre
     =
@@ -578,6 +585,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_deserialize_12_
     =
     (fun (bytes: t_Slice u8) ->
+        let _:Prims.unit = admit () in
         { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes }
         <:
         t_SIMD256Vector);
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index 6ea6fa381..4b9b03c26 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,8 +1,6 @@
 SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
 
-ADMIT_MODULES = Libcrux_ml_kem.Vector.Avx2.fst \
-              Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
-              Libcrux_ml_kem.Vector.Rej_sample_table.fsti \
+ADMIT_MODULES = Libcrux_ml_kem.Vector.Rej_sample_table.fsti \
               Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \
               Libcrux_ml_kem.Vector.Neon.Compress.fst \
               Libcrux_ml_kem.Vector.Neon.fsti \
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 61c7ae159..eb15300b6 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -288,6 +288,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_1(vector: Self) -> [u8; 2] {
+        hax_lib::fstar!("admit ()");
         serialize::serialize_1(vector.elements)
     }
 
@@ -295,6 +296,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_1(bytes: &[u8]) -> Self {
+        hax_lib::fstar!("admit ()");
         Self {
             elements: serialize::deserialize_1(bytes),
         }
@@ -304,6 +306,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_4(vector: Self) -> [u8; 8] {
+        hax_lib::fstar!("admit ()");
         serialize::serialize_4(vector.elements)
     }
 
@@ -311,6 +314,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_4(bytes: &[u8]) -> Self {
+        hax_lib::fstar!("admit ()");
         Self {
             elements: serialize::deserialize_4(bytes),
         }
@@ -335,6 +339,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_10(vector: Self) -> [u8; 20] {
+        hax_lib::fstar!("admit ()");
         serialize::serialize_10(vector.elements)
     }
 
@@ -342,6 +347,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_10(bytes: &[u8]) -> Self {
+        hax_lib::fstar!("admit ()");
         Self {
             elements: serialize::deserialize_10(bytes),
         }
@@ -364,6 +370,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_12(vector: Self) -> [u8; 24] {
+        hax_lib::fstar!("admit ()");
         serialize::serialize_12(vector.elements)
     }
 
@@ -371,6 +378,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_12(bytes: &[u8]) -> Self {
+        hax_lib::fstar!("admit ()");
         Self {
             elements: serialize::deserialize_12(bytes),
         }
diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs
index 437c6a473..eedc0a1fd 100644
--- a/libcrux-ml-kem/src/vector/avx2/ntt.rs
+++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs
@@ -127,6 +127,7 @@ pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
 }
 
 #[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))]
 pub(crate) fn ntt_multiply(
     lhs: Vec256,

From 2f140ae799e0509b12d6ed8b1f454f1d828bab75 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Tue, 10 Dec 2024 19:55:34 +0000
Subject: [PATCH 095/142] Remove admits from vector/avx2.rs

---
 .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 327 ++++++++++--------
 .../Libcrux_ml_kem.Vector.Avx2.fsti           | 171 +++++++++
 libcrux-ml-kem/src/vector/avx2.rs             | 290 ++++++++++++----
 3 files changed, 582 insertions(+), 206 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
index 81f5dc7a5..a352090e8 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
@@ -9,6 +9,27 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+#push-options "--admit_smt_queries true"
+
+let deserialize_1_ (bytes: t_Slice u8) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let deserialize_4_ (bytes: t_Slice u8) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let serialize_1_ (vector: t_SIMD256Vector) =
+  Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements
+
+#pop-options
+
 let vec_from_i16_array (array: t_Slice i16) =
   let result:t_SIMD256Vector =
     { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 array } <: t_SIMD256Vector
@@ -23,6 +44,141 @@ let vec_zero (_: Prims.unit) =
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
+#push-options "--admit_smt_queries true"
+
+let compress (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) =
+  {
+    f_elements
+    =
+    Libcrux_ml_kem.Vector.Avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS
+      vector.f_elements
+  }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let compress_1_ (vector: t_SIMD256Vector) =
+  {
+    f_elements = Libcrux_ml_kem.Vector.Avx2.Compress.compress_message_coefficient vector.f_elements
+  }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let cond_subtract_3329_ (vector: t_SIMD256Vector) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let inv_ntt_layer_1_step (vector: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16) =
+  {
+    f_elements
+    =
+    Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3
+  }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let inv_ntt_layer_2_step (vector: t_SIMD256Vector) (zeta0 zeta1: i16) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let inv_ntt_layer_3_step (vector: t_SIMD256Vector) (zeta: i16) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let ntt_layer_1_step (vector: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16) =
+  {
+    f_elements
+    =
+    Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3
+  }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let ntt_layer_2_step (vector: t_SIMD256Vector) (zeta0 zeta1: i16) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let ntt_layer_3_step (vector: t_SIMD256Vector) (zeta: i16) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let ntt_multiply (lhs rhs: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16) =
+  {
+    f_elements
+    =
+    Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_multiply lhs.f_elements
+      rhs.f_elements
+      zeta0
+      zeta1
+      zeta2
+      zeta3
+  }
+  <:
+  t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let serialize_10_ (vector: t_SIMD256Vector) =
+  Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let serialize_12_ (vector: t_SIMD256Vector) =
+  Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let serialize_4_ (vector: t_SIMD256Vector) =
+  Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements
+
+#pop-options
+
 let vec_to_i16_array (v: t_SIMD256Vector) =
   let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in
   let output:t_Array i16 (sz 16) =
@@ -42,6 +198,20 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector =
     f_repr = fun (x: t_SIMD256Vector) -> vec_to_i16_array x
   }
 
+#push-options "--admit_smt_queries true"
+
+let deserialize_10_ (bytes: t_Slice u8) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector
+
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
+let deserialize_12_ (bytes: t_Slice u8) =
+  { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector
+
+#pop-options
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
   {
@@ -163,13 +333,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
         impl.f_repr out ==
         Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector));
-    f_cond_subtract_3329_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements }
-        <:
-        t_SIMD256Vector);
+    f_cond_subtract_3329_ = (fun (vector: t_SIMD256Vector) -> cond_subtract_3329_ vector);
     f_barrett_reduce_pre
     =
     (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array 28296 (impl.f_repr vector));
@@ -207,17 +371,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     =
     (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) ->
         forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1);
-    f_compress_1_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Compress.compress_message_coefficient vector.f_elements
-        }
-        <:
-        t_SIMD256Vector);
+    f_compress_1_ = (fun (vector: t_SIMD256Vector) -> compress_1_ vector);
     f_compress_pre
     =
     (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
@@ -236,16 +390,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     );
     f_compress
     =
-    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS
-            vector.f_elements
-        }
-        <:
-        t_SIMD256Vector);
+    (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> compress v_COEFFICIENT_BITS vector);
     f_decompress_ciphertext_coefficient_pre
     =
     (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) ->
@@ -289,14 +434,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_ntt_layer_1_step
     =
     (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3
-        }
-        <:
-        t_SIMD256Vector);
+        ntt_layer_1_step vector zeta0 zeta1 zeta2 zeta3);
     f_ntt_layer_2_step_pre
     =
     (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
@@ -308,13 +446,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
         Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out));
     f_ntt_layer_2_step
     =
-    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1
-        }
-        <:
-        t_SIMD256Vector);
+    (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> ntt_layer_2_step vector zeta0 zeta1);
     f_ntt_layer_3_step_pre
     =
     (fun (vector: t_SIMD256Vector) (zeta: i16) ->
@@ -324,13 +456,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     =
     (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) ->
         Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out));
-    f_ntt_layer_3_step
-    =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta }
-        <:
-        t_SIMD256Vector);
+    f_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> ntt_layer_3_step vector zeta);
     f_inv_ntt_layer_1_step_pre
     =
     (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
@@ -351,18 +477,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_inv_ntt_layer_1_step
     =
     (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_1_step vector.f_elements
-            zeta0
-            zeta1
-            zeta2
-            zeta3
-        }
-        <:
-        t_SIMD256Vector);
+        inv_ntt_layer_1_step vector zeta0 zeta1 zeta2 zeta3);
     f_inv_ntt_layer_2_step_pre
     =
     (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
@@ -375,14 +490,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_inv_ntt_layer_2_step
     =
     (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1
-        }
-        <:
-        t_SIMD256Vector);
+        inv_ntt_layer_2_step vector zeta0 zeta1);
     f_inv_ntt_layer_3_step_pre
     =
     (fun (vector: t_SIMD256Vector) (zeta: i16) ->
@@ -393,11 +501,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
         Spec.Utils.is_i16b_array 3328 (impl.f_repr out));
     f_inv_ntt_layer_3_step
     =
-    (fun (vector: t_SIMD256Vector) (zeta: i16) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta }
-        <:
-        t_SIMD256Vector);
+    (fun (vector: t_SIMD256Vector) (zeta: i16) -> inv_ntt_layer_3_step vector zeta);
     f_ntt_multiply_pre
     =
     (fun
@@ -434,19 +538,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
         (zeta2: i16)
         (zeta3: i16)
         ->
-        let _:Prims.unit = admit () in
-        {
-          f_elements
-          =
-          Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_multiply lhs.f_elements
-            rhs.f_elements
-            zeta0
-            zeta1
-            zeta2
-            zeta3
-        }
-        <:
-        t_SIMD256Vector);
+        ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3);
     f_serialize_1_pre
     =
     (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector));
@@ -455,11 +547,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) ->
         Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==>
         Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out);
-    f_serialize_1_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements);
+    f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> serialize_1_ vector);
     f_deserialize_1_pre
     =
     (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2);
@@ -467,13 +555,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     =
     (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
         sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out));
-    f_deserialize_1_
-    =
-    (fun (bytes: t_Slice u8) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes }
-        <:
-        t_SIMD256Vector);
+    f_deserialize_1_ = (fun (bytes: t_Slice u8) -> deserialize_1_ bytes);
     f_serialize_4_pre
     =
     (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector));
@@ -482,11 +564,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) ->
         Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==>
         Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out);
-    f_serialize_4_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements);
+    f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> serialize_4_ vector);
     f_deserialize_4_pre
     =
     (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8);
@@ -494,19 +572,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     =
     (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
         sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out));
-    f_deserialize_4_
-    =
-    (fun (bytes: t_Slice u8) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes }
-        <:
-        t_SIMD256Vector);
+    f_deserialize_4_ = (fun (bytes: t_Slice u8) -> deserialize_4_ bytes);
     f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true);
     f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true);
     f_serialize_5_
     =
     (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
         Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements);
     f_deserialize_5_pre
     =
@@ -515,7 +586,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     f_deserialize_5_
     =
     (fun (bytes: t_Slice u8) ->
-        let _:Prims.unit = admit () in
+        let _:Prims.unit = assert (v (Core.Slice.impl__len bytes) == Seq.length bytes) in
         { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes }
         <:
         t_SIMD256Vector);
@@ -527,11 +598,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) ->
         Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==>
         Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out);
-    f_serialize_10_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements);
+    f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> serialize_10_ vector);
     f_deserialize_10_pre
     =
     (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20);
@@ -539,13 +606,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     =
     (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
         sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out));
-    f_deserialize_10_
-    =
-    (fun (bytes: t_Slice u8) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes }
-        <:
-        t_SIMD256Vector);
+    f_deserialize_10_ = (fun (bytes: t_Slice u8) -> deserialize_10_ bytes);
     f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true);
     f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true);
     f_serialize_11_
@@ -570,11 +631,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) ->
         Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==>
         Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out);
-    f_serialize_12_
-    =
-    (fun (vector: t_SIMD256Vector) ->
-        let _:Prims.unit = admit () in
-        Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements);
+    f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> serialize_12_ vector);
     f_deserialize_12_pre
     =
     (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24);
@@ -582,13 +639,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
     =
     (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) ->
         sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out));
-    f_deserialize_12_
-    =
-    (fun (bytes: t_Slice u8) ->
-        let _:Prims.unit = admit () in
-        { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes }
-        <:
-        t_SIMD256Vector);
+    f_deserialize_12_ = (fun (bytes: t_Slice u8) -> deserialize_12_ bytes);
     f_rej_sample_pre
     =
     (fun (input: t_Slice u8) (output: t_Slice i16) ->
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
index 5d955b9ab..952ee56eb 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
@@ -15,6 +15,31 @@ type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 }
 
 let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements
 
+val deserialize_1_ (bytes: t_Slice u8)
+    : Prims.Pure t_SIMD256Vector
+      (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2)
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (repr out))
+
+val deserialize_4_ (bytes: t_Slice u8)
+    : Prims.Pure t_SIMD256Vector
+      (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8)
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (repr out))
+
+val serialize_1_ (vector: t_SIMD256Vector)
+    : Prims.Pure (t_Array u8 (sz 2))
+      (requires Spec.MLKEM.serialize_pre 1 (repr vector))
+      (ensures
+        fun out ->
+          let out:t_Array u8 (sz 2) = out in
+          Spec.MLKEM.serialize_pre 1 (repr vector) ==> Spec.MLKEM.serialize_post 1 (repr vector) out
+      )
+
 val vec_from_i16_array (array: t_Slice i16)
     : Prims.Pure t_SIMD256Vector
       Prims.l_True
@@ -31,6 +56,136 @@ val vec_zero: Prims.unit
           let result:t_SIMD256Vector = result in
           repr result == Seq.create 16 0s)
 
+val compress (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+          v v_COEFFICIENT_BITS == 11) /\
+        (forall (i: nat).
+            i < 16 ==> v (Seq.index (repr vector) i) >= 0 /\ v (Seq.index (repr vector) i) < 3329))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/
+            v v_COEFFICIENT_BITS == 11) ==>
+          (forall (i: nat). i < 16 ==> bounded (Seq.index (repr out) i) (v v_COEFFICIENT_BITS)))
+
+val compress_1_ (vector: t_SIMD256Vector)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        forall (i: nat).
+          i < 16 ==> v (Seq.index (repr vector) i) >= 0 /\ v (Seq.index (repr vector) i) < 3329)
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          forall (i: nat). i < 16 ==> bounded (Seq.index (repr out) i) 1)
+
+val cond_subtract_3329_ (vector: t_SIMD256Vector)
+    : Prims.Pure t_SIMD256Vector
+      (requires Spec.Utils.is_i16b_array (pow2 12 - 1) (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          repr out ==
+          Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (repr vector))
+
+val inv_ntt_layer_1_step (vector: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array (4 * 3328) (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array 3328 (repr out))
+
+val inv_ntt_layer_2_step (vector: t_SIMD256Vector) (zeta0 zeta1: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b_array 3328 (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array 3328 (repr out))
+
+val inv_ntt_layer_3_step (vector: t_SIMD256Vector) (zeta: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array 3328 (repr out))
+
+val ntt_layer_1_step (vector: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array (11207 + 5 * 3328) (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array (11207 + 6 * 3328) (repr out))
+
+val ntt_layer_2_step (vector: t_SIMD256Vector) (zeta0 zeta1: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b_array (11207 + 4 * 3328) (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array (11207 + 5 * 3328) (repr out))
+
+val ntt_layer_3_step (vector: t_SIMD256Vector) (zeta: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (repr vector))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array (11207 + 4 * 3328) (repr out))
+
+val ntt_multiply (lhs rhs: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16)
+    : Prims.Pure t_SIMD256Vector
+      (requires
+        Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+        Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+        Spec.Utils.is_i16b_array 3328 (repr lhs) /\ Spec.Utils.is_i16b_array 3328 (repr rhs))
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          Spec.Utils.is_i16b_array 3328 (repr out))
+
+val serialize_10_ (vector: t_SIMD256Vector)
+    : Prims.Pure (t_Array u8 (sz 20))
+      (requires Spec.MLKEM.serialize_pre 10 (repr vector))
+      (ensures
+        fun out ->
+          let out:t_Array u8 (sz 20) = out in
+          Spec.MLKEM.serialize_pre 10 (repr vector) ==>
+          Spec.MLKEM.serialize_post 10 (repr vector) out)
+
+val serialize_12_ (vector: t_SIMD256Vector)
+    : Prims.Pure (t_Array u8 (sz 24))
+      (requires Spec.MLKEM.serialize_pre 12 (repr vector))
+      (ensures
+        fun out ->
+          let out:t_Array u8 (sz 24) = out in
+          Spec.MLKEM.serialize_pre 12 (repr vector) ==>
+          Spec.MLKEM.serialize_post 12 (repr vector) out)
+
+val serialize_4_ (vector: t_SIMD256Vector)
+    : Prims.Pure (t_Array u8 (sz 8))
+      (requires Spec.MLKEM.serialize_pre 4 (repr vector))
+      (ensures
+        fun out ->
+          let out:t_Array u8 (sz 8) = out in
+          Spec.MLKEM.serialize_pre 4 (repr vector) ==> Spec.MLKEM.serialize_post 4 (repr vector) out
+      )
+
 val vec_to_i16_array (v: t_SIMD256Vector)
     : Prims.Pure (t_Array i16 (sz 16))
       Prims.l_True
@@ -42,5 +197,21 @@ val vec_to_i16_array (v: t_SIMD256Vector)
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl:Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector
 
+val deserialize_10_ (bytes: t_Slice u8)
+    : Prims.Pure t_SIMD256Vector
+      (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20)
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (repr out))
+
+val deserialize_12_ (bytes: t_Slice u8)
+    : Prims.Pure t_SIMD256Vector
+      (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24)
+      (ensures
+        fun out ->
+          let out:t_SIMD256Vector = out in
+          sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (repr out))
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl_3:Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index eb15300b6..045d2a4e7 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -42,6 +42,208 @@ fn vec_from_i16_array(array: &[i16]) -> SIMD256Vector {
     }
 }
 
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (repr $vector)"))]
+#[hax_lib::ensures(|out| fstar!("repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (repr $vector)"))]
+fn cond_subtract_3329(vector: SIMD256Vector) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: arithmetic::cond_subtract_3329(vector.elements),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
+    v (Seq.index (repr $vector) i) < 3329"))]
+#[hax_lib::ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) 1"))]
+fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: compress::compress_message_coefficient(vector.elements),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    v $COEFFICIENT_BITS == 5 \\/
+    v $COEFFICIENT_BITS == 10 \\/
+    v $COEFFICIENT_BITS == 11) /\\
+    (forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
+    v (Seq.index (repr $vector) i) < 3329)"))]
+#[hax_lib::ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    v $COEFFICIENT_BITS == 5 \\/
+    v $COEFFICIENT_BITS == 10 \\/
+    v $COEFFICIENT_BITS == 11) ==>
+        (forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) (v $COEFFICIENT_BITS))"))]
+fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: compress::compress_ciphertext_coefficient::<COEFFICIENT_BITS>(
+            vector.elements,
+        ),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+                    Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+                    Spec.Utils.is_i16b_array (11207+5*3328) (repr ${vector})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (repr $out)"))]
+fn ntt_layer_1_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                    Spec.Utils.is_i16b_array (11207+4*3328) (repr ${vector})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (repr $out)"))]
+fn ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
+                    Spec.Utils.is_i16b_array (11207+3*3328) (repr ${vector})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (repr $out)"))]
+fn ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::ntt_layer_3_step(vector.elements, zeta),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+                    Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
+                    Spec.Utils.is_i16b_array (4*3328) (repr ${vector})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+fn inv_ntt_layer_1_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                    Spec.Utils.is_i16b_array 3328 (repr ${vector})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+fn inv_ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
+                    Spec.Utils.is_i16b_array 3328 (repr ${vector})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+fn inv_ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                    Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+                    Spec.Utils.is_i16b_array 3328 (repr ${lhs}) /\\
+                    Spec.Utils.is_i16b_array 3328 (repr ${rhs})"))]
+#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+fn ntt_multiply(
+    lhs: &SIMD256Vector,
+    rhs: &SIMD256Vector,
+    zeta0: i16,
+    zeta1: i16,
+    zeta2: i16,
+    zeta3: i16,
+) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: ntt::ntt_multiply(lhs.elements, rhs.elements, zeta0, zeta1, zeta2, zeta3),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 1 (repr $vector)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (repr $vector) ==> Spec.MLKEM.serialize_post 1 (repr $vector) $out"))]
+fn serialize_1(vector: SIMD256Vector) -> [u8; 2] {
+    serialize::serialize_1(vector.elements)
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(bytes.len() == 2)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (repr $out)"))]
+fn deserialize_1(bytes: &[u8]) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: serialize::deserialize_1(bytes),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 4 (repr $vector)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (repr $vector) ==> Spec.MLKEM.serialize_post 4 (repr $vector) $out"))]
+fn serialize_4(vector: SIMD256Vector) -> [u8; 8] {
+    serialize::serialize_4(vector.elements)
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(bytes.len() == 8)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (repr $out)"))]
+fn deserialize_4(bytes: &[u8]) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: serialize::deserialize_4(bytes),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 10 (repr $vector)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (repr $vector) ==> Spec.MLKEM.serialize_post 10 (repr $vector) $out"))]
+fn serialize_10(vector: SIMD256Vector) -> [u8; 20] {
+    serialize::serialize_10(vector.elements)
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(bytes.len() == 20)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (repr $out)"))]
+fn deserialize_10(bytes: &[u8]) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: serialize::deserialize_10(bytes),
+    }
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 12 (repr $vector)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (repr $vector) ==> Spec.MLKEM.serialize_post 12 (repr $vector) $out"))]
+fn serialize_12(vector: SIMD256Vector) -> [u8; 24] {
+    serialize::serialize_12(vector.elements)
+}
+
+#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(bytes.len() == 24)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (repr $out)"))]
+fn deserialize_12(bytes: &[u8]) -> SIMD256Vector {
+    SIMD256Vector {
+        elements: serialize::deserialize_12(bytes),
+    }
+}
+
 #[cfg(hax)]
 impl crate::vector::traits::Repr for SIMD256Vector {
     fn repr(x: Self) -> [i16; 16] {
@@ -127,10 +329,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))]
     #[inline(always)]
     fn cond_subtract_3329(vector: Self) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: arithmetic::cond_subtract_3329(vector.elements),
-        }
+        cond_subtract_3329(vector)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (impl.f_repr ${vector})"))]
@@ -154,10 +353,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))]
     #[inline(always)]
     fn compress_1(vector: Self) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: compress::compress_message_coefficient(vector.elements),
-        }
+        compress_1(vector)
     }
 
     #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
@@ -173,12 +369,7 @@ impl Operations for SIMD256Vector {
                 (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"))]
     #[inline(always)]
     fn compress<const COEFFICIENT_BITS: i32>(vector: Self) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: compress::compress_ciphertext_coefficient::<COEFFICIENT_BITS>(
-                vector.elements,
-            ),
-        }
+        compress::<COEFFICIENT_BITS>(vector)
     }
 
     #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
@@ -202,10 +393,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))]
     #[inline(always)]
     fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3),
-        }
+        ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
@@ -213,10 +401,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))]
     #[inline(always)]
     fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1),
-        }
+        ntt_layer_2_step(vector, zeta0, zeta1)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
@@ -224,10 +409,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))]
     #[inline(always)]
     fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::ntt_layer_3_step(vector.elements, zeta),
-        }
+        ntt_layer_3_step(vector, zeta)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
@@ -236,10 +418,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
     #[inline(always)]
     fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3),
-        }
+        inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
@@ -247,10 +426,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
     #[inline(always)]
     fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1),
-        }
+        inv_ntt_layer_2_step(vector, zeta0, zeta1)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
@@ -258,10 +434,7 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
     #[inline(always)]
     fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta),
-        }
+        inv_ntt_layer_3_step(vector, zeta)
     }
 
     #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
@@ -278,58 +451,47 @@ impl Operations for SIMD256Vector {
         zeta2: i16,
         zeta3: i16,
     ) -> Self {
-        hax_lib::fstar!("admit()");
-        Self {
-            elements: ntt::ntt_multiply(lhs.elements, rhs.elements, zeta0, zeta1, zeta2, zeta3),
-        }
+        ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3)
     }
 
     #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector)"))]
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_1(vector: Self) -> [u8; 2] {
-        hax_lib::fstar!("admit ()");
-        serialize::serialize_1(vector.elements)
+        serialize_1(vector)
     }
 
     #[requires(bytes.len() == 2)]
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_1(bytes: &[u8]) -> Self {
-        hax_lib::fstar!("admit ()");
-        Self {
-            elements: serialize::deserialize_1(bytes),
-        }
+        deserialize_1(bytes)
     }
 
     #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector)"))]
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_4(vector: Self) -> [u8; 8] {
-        hax_lib::fstar!("admit ()");
-        serialize::serialize_4(vector.elements)
+        serialize_4(vector)
     }
 
     #[requires(bytes.len() == 8)]
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_4(bytes: &[u8]) -> Self {
-        hax_lib::fstar!("admit ()");
-        Self {
-            elements: serialize::deserialize_4(bytes),
-        }
+        deserialize_4(bytes)
     }
 
     #[inline(always)]
     fn serialize_5(vector: Self) -> [u8; 10] {
-        hax_lib::fstar!("admit()");
         serialize::serialize_5(vector.elements)
     }
 
     #[requires(bytes.len() == 10)]
     #[inline(always)]
     fn deserialize_5(bytes: &[u8]) -> Self {
-        hax_lib::fstar!("admit()");
+        hax_lib::fstar!(
+            "assert (v (Core.Slice.impl__len $bytes) == Seq.length $bytes)");
         Self {
             elements: serialize::deserialize_5(bytes),
         }
@@ -339,18 +501,14 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_10(vector: Self) -> [u8; 20] {
-        hax_lib::fstar!("admit ()");
-        serialize::serialize_10(vector.elements)
+        serialize_10(vector)
     }
 
     #[requires(bytes.len() == 20)]
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_10(bytes: &[u8]) -> Self {
-        hax_lib::fstar!("admit ()");
-        Self {
-            elements: serialize::deserialize_10(bytes),
-        }
+        deserialize_10(bytes)
     }
 
     #[inline(always)]
@@ -370,18 +528,14 @@ impl Operations for SIMD256Vector {
     #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))]
     #[inline(always)]
     fn serialize_12(vector: Self) -> [u8; 24] {
-        hax_lib::fstar!("admit ()");
-        serialize::serialize_12(vector.elements)
+        serialize_12(vector)
     }
 
     #[requires(bytes.len() == 24)]
     #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))]
     #[inline(always)]
     fn deserialize_12(bytes: &[u8]) -> Self {
-        hax_lib::fstar!("admit ()");
-        Self {
-            elements: serialize::deserialize_12(bytes),
-        }
+        deserialize_12(bytes)
     }
 
     #[requires(input.len() == 24 && output.len() == 16)]

From ce63901837146a16be532034bc8cf7e7aa1edcd3 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 07:39:56 +0100
Subject: [PATCH 096/142] updated verification status

---
 libcrux-ml-kem/proofs/verification_status.md | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/libcrux-ml-kem/proofs/verification_status.md b/libcrux-ml-kem/proofs/verification_status.md
index 5ce7aa0a8..9fe4f928b 100644
--- a/libcrux-ml-kem/proofs/verification_status.md
+++ b/libcrux-ml-kem/proofs/verification_status.md
@@ -11,9 +11,9 @@ This file keeps track of the current verification status of the modules in the M
 * ind_cca/instaniations/avx2: Verified
 * ind_cca/multiplexing: Verified
 
-* invert_ntt: Panic Free, Not linked to spec
-* ntt: Panic Free, Not linked to spec
-* mlkem*: Panic Free, Not linked to spec
+* invert_ntt: Panic Free
+* ntt: Panic Free
+* mlkem*: Panic Free
 
 * matrix: Needs proofs
 * sampling: Needs proofs
@@ -33,3 +33,10 @@ This file keeps track of the current verification status of the modules in the M
 * compress: Panic Free
 * ntt: Needs proofs
 * sampling: Needs proofs
+
+## Neon modules
+* arithmetic: Not verified
+* serialize: Not verified
+* compress: Not verified
+* ntt: Needs Not verified
+* sampling: Not verified

From a197c4d7286246d59e3044d437b3da9119cd5de8 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 06:54:20 +0000
Subject: [PATCH 097/142] fmt

---
 libcrux-ml-kem/src/ind_cpa.rs     |  9 ++++--
 libcrux-ml-kem/src/polynomial.rs  | 52 ++++++++++++++++++++-----------
 libcrux-ml-kem/src/vector/avx2.rs | 23 +++++++++-----
 3 files changed, 57 insertions(+), 27 deletions(-)

diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 144e79e48..e05db7edf 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -178,7 +178,10 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
 #[hax_lib::fstar::options(
     "--max_fuel 15 --z3rlimit 1500 --ext context_pruning --z3refresh --split_queries always"
 )]
-#[cfg_attr(hax, hax_lib::fstar::before("let sample_ring_element_cbd_helper_2
+#[cfg_attr(
+    hax,
+    hax_lib::fstar::before(
+        "let sample_ring_element_cbd_helper_2
       (v_K v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -202,7 +205,9 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
     =
     Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
     (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1) 
-    (Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))"))]
+    (Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))"
+    )
+)]
 #[cfg_attr(
     hax,
     hax_lib::fstar::before(
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index f4e8ca204..0df5e0f6f 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -65,7 +65,6 @@ pub(crate) struct PolynomialRingElement<Vector: Operations> {
     pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT],
 }
 
-
 #[allow(non_snake_case)]
 fn ZERO<Vector: Operations>() -> PolynomialRingElement<Vector> {
     PolynomialRingElement {
@@ -88,7 +87,10 @@ fn from_i16_array<Vector: Operations>(a: &[i16]) -> PolynomialRingElement<Vector
 /// sum of their constituent coefficients.
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-fn add_to_ring_element<Vector: Operations, const K: usize>(myself: &mut PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) {
+fn add_to_ring_element<Vector: Operations, const K: usize>(
+    myself: &mut PolynomialRingElement<Vector>,
+    rhs: &PolynomialRingElement<Vector>,
+) {
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for i in 0..myself.coefficients.len() {
@@ -111,20 +113,29 @@ fn poly_barrett_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Ve
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-fn subtract_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, mut b: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+fn subtract_reduce<Vector: Operations>(
+    myself: &PolynomialRingElement<Vector>,
+    mut b: PolynomialRingElement<Vector>,
+) -> PolynomialRingElement<Vector> {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
     for i in 0..VECTORS_IN_RING_ELEMENT {
         let coefficient_normal_form =
             Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441);
-        b.coefficients[i] =
-            Vector::barrett_reduce(Vector::sub(myself.coefficients[i], &coefficient_normal_form));
+        b.coefficients[i] = Vector::barrett_reduce(Vector::sub(
+            myself.coefficients[i],
+            &coefficient_normal_form,
+        ));
     }
     b
 }
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-fn add_message_error_reduce<Vector: Operations>(myself: &PolynomialRingElement<Vector>, message: &PolynomialRingElement<Vector>, mut result: PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+fn add_message_error_reduce<Vector: Operations>(
+    myself: &PolynomialRingElement<Vector>,
+    message: &PolynomialRingElement<Vector>,
+    mut result: PolynomialRingElement<Vector>,
+) -> PolynomialRingElement<Vector> {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
     for i in 0..VECTORS_IN_RING_ELEMENT {
         let coefficient_normal_form =
@@ -155,7 +166,10 @@ fn add_message_error_reduce<Vector: Operations>(myself: &PolynomialRingElement<V
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-fn add_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
+fn add_error_reduce<Vector: Operations>(
+    myself: &mut PolynomialRingElement<Vector>,
+    error: &PolynomialRingElement<Vector>,
+) {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
@@ -163,17 +177,18 @@ fn add_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vecto
         let coefficient_normal_form =
             Vector::montgomery_multiply_by_constant(myself.coefficients[j], 1441);
 
-        myself.coefficients[j] = Vector::barrett_reduce(Vector::add(
-            coefficient_normal_form,
-            &error.coefficients[j],
-        ));
+        myself.coefficients[j] =
+            Vector::barrett_reduce(Vector::add(coefficient_normal_form, &error.coefficients[j]));
     }
     ()
 }
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-fn add_standard_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElement<Vector>, error: &PolynomialRingElement<Vector>) {
+fn add_standard_error_reduce<Vector: Operations>(
+    myself: &mut PolynomialRingElement<Vector>,
+    error: &PolynomialRingElement<Vector>,
+) {
     // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
@@ -182,10 +197,8 @@ fn add_standard_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElem
         // calling to_montgomery_domain() on them should return a mod q.
         let coefficient_normal_form = to_standard_domain::<Vector>(myself.coefficients[j]);
 
-        myself.coefficients[j] = Vector::barrett_reduce(Vector::add(
-            coefficient_normal_form,
-            &error.coefficients[j],
-        ));
+        myself.coefficients[j] =
+            Vector::barrett_reduce(Vector::add(coefficient_normal_form, &error.coefficients[j]));
     }
     ()
 }
@@ -230,7 +243,10 @@ fn add_standard_error_reduce<Vector: Operations>(myself: &mut PolynomialRingElem
 // ))))]
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-fn ntt_multiply<Vector: Operations>(myself: &PolynomialRingElement<Vector>, rhs: &PolynomialRingElement<Vector>) -> PolynomialRingElement<Vector> {
+fn ntt_multiply<Vector: Operations>(
+    myself: &PolynomialRingElement<Vector>,
+    rhs: &PolynomialRingElement<Vector>,
+) -> PolynomialRingElement<Vector> {
     let mut out = ZERO();
 
     for i in 0..VECTORS_IN_RING_ELEMENT {
@@ -266,7 +282,7 @@ impl<Vector: Operations> PolynomialRingElement<Vector> {
     /// sum of their constituent coefficients.
     #[inline(always)]
     pub(crate) fn add_to_ring_element<const K: usize>(&mut self, rhs: &Self) {
-        add_to_ring_element::<Vector,K>(self, rhs);
+        add_to_ring_element::<Vector, K>(self, rhs);
     }
 
     #[inline(always)]
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 045d2a4e7..31ff6debe 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -78,9 +78,7 @@ fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
         (forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) (v $COEFFICIENT_BITS))"))]
 fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector {
     SIMD256Vector {
-        elements: compress::compress_ciphertext_coefficient::<COEFFICIENT_BITS>(
-            vector.elements,
-        ),
+        elements: compress::compress_ciphertext_coefficient::<COEFFICIENT_BITS>(vector.elements),
     }
 }
 
@@ -90,7 +88,13 @@ fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector
                     Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
                     Spec.Utils.is_i16b_array (11207+5*3328) (repr ${vector})"))]
 #[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (repr $out)"))]
-fn ntt_layer_1_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> SIMD256Vector {
+fn ntt_layer_1_step(
+    vector: SIMD256Vector,
+    zeta0: i16,
+    zeta1: i16,
+    zeta2: i16,
+    zeta3: i16,
+) -> SIMD256Vector {
     SIMD256Vector {
         elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3),
     }
@@ -124,7 +128,13 @@ fn ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
                     Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
                     Spec.Utils.is_i16b_array (4*3328) (repr ${vector})"))]
 #[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
-fn inv_ntt_layer_1_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> SIMD256Vector {
+fn inv_ntt_layer_1_step(
+    vector: SIMD256Vector,
+    zeta0: i16,
+    zeta1: i16,
+    zeta2: i16,
+    zeta3: i16,
+) -> SIMD256Vector {
     SIMD256Vector {
         elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3),
     }
@@ -490,8 +500,7 @@ impl Operations for SIMD256Vector {
     #[requires(bytes.len() == 10)]
     #[inline(always)]
     fn deserialize_5(bytes: &[u8]) -> Self {
-        hax_lib::fstar!(
-            "assert (v (Core.Slice.impl__len $bytes) == Seq.length $bytes)");
+        hax_lib::fstar!("assert (v (Core.Slice.impl__len $bytes) == Seq.length $bytes)");
         Self {
             elements: serialize::deserialize_5(bytes),
         }

From d3bc8684ad2c457f2e7f80d06059b75b32bc4620 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 07:01:24 +0000
Subject: [PATCH 098/142] c code refresh

---
 libcrux-ml-kem/c/code_gen.txt                 |   4 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   4 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   4 +-
 .../c/internal/libcrux_mlkem_portable.h       |   4 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   4 +-
 .../c/internal/libcrux_sha3_internal.h        |   4 +-
 libcrux-ml-kem/c/libcrux_core.c               |   4 +-
 libcrux-ml-kem/c/libcrux_core.h               |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   4 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 530 ++++++++++++++----
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |  48 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 359 +++++++++---
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   4 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   4 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   4 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   4 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   4 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   4 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   4 +-
 libcrux-ml-kem/cg/code_gen.txt                |   4 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   4 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   4 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 516 +++++++++++++----
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 299 +++++++---
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   4 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |   4 +-
 40 files changed, 1457 insertions(+), 435 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 54242b657..58904651b 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -2,5 +2,5 @@ This code was generated with the following revisions:
 Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
-F*: 5643e656b989aca7629723653a2570c7df6252b9
-Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index fe89acd19..3121e91fc 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 466ef3ba0..ba22d8dbc 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index f108fb1a3..6df01c224 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 67b2d4675..03ab5a18f 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 342c481f4..4117b2667 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index e69d41843..860a9abb3 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 9097eceda..86e741589 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 041b2ec09..d05dee7ab 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 5fec937b0..d8e105da4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 96971f755..4c44dfb75 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index c63594eaa..841680613 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index f951149be..7f0a1cb23 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 0e850ae5d..9c8ae2dab 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 7971b5c4f..18034cf3a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 3c4030f73..e387bdb26 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index b8f6fd756..ca40f04a5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 7766250f2..0873a8a54 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index f2c7db21a..a392c09ab 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index d30955e8a..3382a2d48 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index ea29365da..d478855a0 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 1cdebda61..25cad4008 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 6c512c865..bc4256238 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 7cd2d548f..f96a0f3ca 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -149,13 +149,18 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
   return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus);
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_cond_subtract_3329(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector);
+  return libcrux_ml_kem_vector_avx2_cond_subtract_3329(vector);
 }
 
 /**
@@ -227,14 +232,18 @@ libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
   return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i);
 }
 
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_1(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
+      vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
-      vector);
+  return libcrux_ml_kem_vector_avx2_compress_1(vector);
 }
 
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(
@@ -277,6 +286,13 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(
   return mm256_add_epi16(lhs, rhs0);
 }
 
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
+    int16_t zeta3) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1,
+                                                         zeta2, zeta3);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -284,8 +300,8 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1,
-                                                         zeta2, zeta3);
+  return libcrux_ml_kem_vector_avx2_ntt_layer_1_step(vector, zeta0, zeta1,
+                                                     zeta2, zeta3);
 }
 
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(
@@ -301,13 +317,18 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(
   return mm256_add_epi16(lhs, rhs0);
 }
 
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
     __m256i vector, int16_t zeta0, int16_t zeta1) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1);
+  return libcrux_ml_kem_vector_avx2_ntt_layer_2_step(vector, zeta0, zeta1);
 }
 
 KRML_MUSTINLINE __m128i
@@ -339,13 +360,18 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) {
                                 __m256i);
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_ntt_layer_3_step(__m256i vector, int16_t zeta) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, int16_t zeta) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta);
+  return libcrux_ml_kem_vector_avx2_ntt_layer_3_step(vector, zeta);
 }
 
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
@@ -369,6 +395,13 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
   return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i);
 }
 
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
+    int16_t zeta3) {
+  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
+      vector, zeta0, zeta1, zeta2, zeta3);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -376,8 +409,8 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
-      vector, zeta0, zeta1, zeta2, zeta3);
+  return libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(vector, zeta0, zeta1,
+                                                         zeta2, zeta3);
 }
 
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(
@@ -399,14 +432,19 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(
   return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i);
 }
 
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1) {
+  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0,
+                                                             zeta1);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(
     __m256i vector, int16_t zeta0, int16_t zeta1) {
-  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0,
-                                                             zeta1);
+  return libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(vector, zeta0, zeta1);
 }
 
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(
@@ -423,13 +461,18 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(
                                 __m256i);
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(__m256i vector, int16_t zeta) {
+  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(
     __m256i vector, int16_t zeta) {
-  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta);
+  return libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(vector, zeta);
 }
 
 KRML_MUSTINLINE __m256i
@@ -504,6 +547,13 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
                            __m256i);
 }
 
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply(
+    __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
+    int16_t zeta3) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0,
+                                                     zeta1, zeta2, zeta3);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -511,8 +561,8 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
     __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0,
-                                                     zeta1, zeta2, zeta3);
+  return libcrux_ml_kem_vector_avx2_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2,
+                                                 zeta3);
 }
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
@@ -526,13 +576,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
 
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1(__m256i vector,
+                                                            uint8_t ret[2U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1_09(
     __m256i vector, uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_1(vector, ret);
 }
 
 KRML_MUSTINLINE __m256i
@@ -565,13 +620,18 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_1(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_1(bytes);
 }
 
 /**
@@ -621,13 +681,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
   memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t));
 }
 
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4(__m256i vector,
+                                                            uint8_t ret[8U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4_09(
     __m256i vector, uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_4(vector, ret);
 }
 
 KRML_MUSTINLINE __m256i
@@ -672,13 +737,18 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
       Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *));
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_4(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_4(bytes);
 }
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
@@ -850,13 +920,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
   memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t));
 }
 
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10(__m256i vector,
+                                                             uint8_t ret[20U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10_09(
     __m256i vector, uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_10(vector, ret);
 }
 
 KRML_MUSTINLINE __m256i
@@ -894,13 +969,18 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
       mm_loadu_si128(lower_coefficients), mm_loadu_si128(upper_coefficients));
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_10(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_10(bytes);
 }
 
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11(
@@ -995,13 +1075,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12(
   memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t));
 }
 
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12(__m256i vector,
+                                                             uint8_t ret[24U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12_09(
     __m256i vector, uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_12(vector, ret);
 }
 
 KRML_MUSTINLINE __m256i
@@ -1039,13 +1124,18 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) {
       lower_coefficients, upper_coefficients);
 }
 
+KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_12(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 */
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_12(bytes);
 }
 
 KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
@@ -1856,19 +1946,41 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed0(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+A monomorphic instance of libcrux_ml_kem.polynomial.ZERO
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
 */
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_61(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
+  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  return lit;
+}
+
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-from_i16_array_ef_61(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+from_i16_array_61(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -1879,6 +1991,22 @@ from_i16_array_ef_61(Eurydice_slice a) {
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+from_i16_array_ef_61(Eurydice_slice a) {
+  return from_i16_array_61(a);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -2311,6 +2439,22 @@ static KRML_MUSTINLINE void ntt_at_layer_1_61(
       zeta_i[0U] = zeta_i[0U] + (size_t)3U;);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE void poly_barrett_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself) {
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    myself->coefficients[i0] =
+        libcrux_ml_kem_vector_avx2_barrett_reduce_09(myself->coefficients[i0]);
+  }
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -2324,12 +2468,7 @@ with const generics
 */
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    self->coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
-  }
+  poly_barrett_reduce_61(self);
 }
 
 /**
@@ -2428,25 +2567,47 @@ static KRML_MUSTINLINE tuple_23 sample_vector_cbd_then_ntt_out_b41(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+ Given two `KyberPolynomialRingElement`s in their NTT representations,
+ compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
+ the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
+
+ ```plaintext
+ ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
+ - ζ^(2·BitRev₇(i) + 1))
+ ```
+
+ This function almost implements <strong>Algorithm 10</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
+ Output: An array ĥ ∈ ℤq.
+
+ for(i ← 0; i < 128; i++)
+     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
+ ζ^(2·BitRev₇(i) + 1)) end for return ĥ
+ ```
+ We say "almost" because the coefficients of the ring element output by
+ this function are in the Montgomery domain.
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_ef_61();
+ntt_multiply_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
+                libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09(
-        &self->coefficients[i0], &rhs->coefficients[i0],
+        &myself->coefficients[i0], &rhs->coefficients[i0],
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
                                        (size_t)1U),
@@ -2464,25 +2625,58 @@ This function found in impl
 TraitClause@1]#2}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  return ntt_multiply_61(self, rhs);
+}
+
+/**
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_ab(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+static KRML_MUSTINLINE void add_to_ring_element_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
+                                  (size_t)16U, myself->coefficients, __m256i),
                               __m256i);
        i++) {
     size_t i0 = i;
-    self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients[i0], &rhs->coefficients[i0]);
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+        myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE void add_to_ring_element_ef_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  add_to_ring_element_ab(self, rhs);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -2494,6 +2688,26 @@ static KRML_MUSTINLINE __m256i to_standard_domain_61(__m256i v) {
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE void add_standard_error_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+    size_t j = i;
+    __m256i coefficient_normal_form =
+        to_standard_domain_61(myself->coefficients[j]);
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
+        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
+                                          &error->coefficients[j]));
+  }
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -2508,15 +2722,7 @@ with const generics
 static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
-    size_t j = i;
-    __m256i coefficient_normal_form =
-        to_standard_domain_61(self->coefficients[j]);
-    self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
-                                          &error->coefficients[j]));
-  }
+  add_standard_error_reduce_61(self, error);
 }
 
 /**
@@ -3088,31 +3294,43 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_ab(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+static KRML_MUSTINLINE void add_error_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
-            self->coefficients[j], (int16_t)1441);
-    self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
+            myself->coefficients[j], (int16_t)1441);
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE void add_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
+  add_error_reduce_61(self, error);
+}
+
 /**
  Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
 */
@@ -3194,19 +3412,14 @@ deserialize_then_decompress_message_61(uint8_t serialized[32U]) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-add_message_error_reduce_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+add_message_error_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
   for (size_t i = (size_t)0U;
@@ -3215,7 +3428,7 @@ add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(myself->coefficients[i0],
                                                     &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
@@ -3225,6 +3438,25 @@ add_message_error_reduce_ef_61(
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+add_message_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
+  return add_message_error_reduce_61(self, message, result);
+}
+
 /**
  Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
 */
@@ -3295,6 +3527,15 @@ compress_ciphertext_coefficient_ef(__m256i vector) {
   return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 10
+*/
+static KRML_MUSTINLINE __m256i compress_ef(__m256i vector) {
+  return compress_ciphertext_coefficient_ef(vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -3305,7 +3546,7 @@ with const generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i compress_09_ef(__m256i vector) {
-  return compress_ciphertext_coefficient_ef(vector);
+  return compress_ef(vector);
 }
 
 /**
@@ -3377,6 +3618,15 @@ compress_ciphertext_coefficient_c4(__m256i vector) {
   return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 11
+*/
+static KRML_MUSTINLINE __m256i compress_c4(__m256i vector) {
+  return compress_ciphertext_coefficient_c4(vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -3387,7 +3637,7 @@ with const generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i compress_09_c4(__m256i vector) {
-  return compress_ciphertext_coefficient_c4(vector);
+  return compress_c4(vector);
 }
 
 /**
@@ -3483,6 +3733,15 @@ compress_ciphertext_coefficient_d1(__m256i vector) {
   return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 4
+*/
+static KRML_MUSTINLINE __m256i compress_d1(__m256i vector) {
+  return compress_ciphertext_coefficient_d1(vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -3493,7 +3752,7 @@ with const generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i compress_09_d1(__m256i vector) {
-  return compress_ciphertext_coefficient_d1(vector);
+  return compress_d1(vector);
 }
 
 /**
@@ -3564,6 +3823,15 @@ compress_ciphertext_coefficient_f4(__m256i vector) {
   return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 5
+*/
+static KRML_MUSTINLINE __m256i compress_f4(__m256i vector) {
+  return compress_ciphertext_coefficient_f4(vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -3574,7 +3842,7 @@ with const generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i compress_09_f4(__m256i vector) {
-  return compress_ciphertext_coefficient_f4(vector);
+  return compress_f4(vector);
 }
 
 /**
@@ -4298,19 +4566,14 @@ deserialize_then_decompress_ring_element_v_ed(Eurydice_slice serialized) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
+subtract_reduce_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -4318,12 +4581,29 @@ subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             b.coefficients[i0], (int16_t)1441);
     b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0],
+        libcrux_ml_kem_vector_avx2_sub_09(myself->coefficients[i0],
                                           &coefficient_normal_form));
   }
   return b;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
+  return subtract_reduce_61(self, b);
+}
+
 /**
  The following functions compute various expressions involving
  vectors and matrices. The computation of these expressions has been
@@ -5432,30 +5712,46 @@ static KRML_MUSTINLINE tuple_dd sample_vector_cbd_then_ntt_out_b4(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_42(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+static KRML_MUSTINLINE void add_to_ring_element_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
+                                  (size_t)16U, myself->coefficients, __m256i),
                               __m256i);
        i++) {
     size_t i0 = i;
-    self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients[i0], &rhs->coefficients[i0]);
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+        myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 4
+*/
+static KRML_MUSTINLINE void add_to_ring_element_ef_42(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  add_to_ring_element_42(self, rhs);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
@@ -7471,30 +7767,46 @@ static KRML_MUSTINLINE tuple_40 sample_vector_cbd_then_ntt_out_b40(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_89(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+static KRML_MUSTINLINE void add_to_ring_element_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
+                                  (size_t)16U, myself->coefficients, __m256i),
                               __m256i);
        i++) {
     size_t i0 = i;
-    self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients[i0], &rhs->coefficients[i0]);
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+        myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 2
+*/
+static KRML_MUSTINLINE void add_to_ring_element_ef_89(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  add_to_ring_element_89(self, rhs);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 95dad8cf8..4c3f089a8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem_avx2_H
@@ -93,6 +93,8 @@ __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(
     __m256i vector);
 
+__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329(__m256i vector);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -127,6 +129,8 @@ __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
 __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
     __m256i vector);
 
+__m256i libcrux_ml_kem_vector_avx2_compress_1(__m256i vector);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -142,6 +146,9 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants(
 __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
 
+__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -153,6 +160,10 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector,
                                                         int16_t zeta0,
                                                         int16_t zeta1);
 
+__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step(__m256i vector,
+                                                    int16_t zeta0,
+                                                    int16_t zeta1);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -168,6 +179,9 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants(
 __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector,
                                                         int16_t zeta);
 
+__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step(__m256i vector,
+                                                    int16_t zeta);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -178,6 +192,9 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector,
 __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
 
+__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -189,6 +206,10 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector,
                                                             int16_t zeta0,
                                                             int16_t zeta1);
 
+__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(__m256i vector,
+                                                        int16_t zeta0,
+                                                        int16_t zeta1);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -200,6 +221,9 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector,
 __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector,
                                                             int16_t zeta);
 
+__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(__m256i vector,
+                                                        int16_t zeta);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -216,6 +240,10 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs,
                                                     int16_t zeta2,
                                                     int16_t zeta3);
 
+__m256i libcrux_ml_kem_vector_avx2_ntt_multiply(__m256i *lhs, __m256i *rhs,
+                                                int16_t zeta0, int16_t zeta1,
+                                                int16_t zeta2, int16_t zeta3);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -228,6 +256,8 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs,
 void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector,
                                                       uint8_t ret[2U]);
 
+void libcrux_ml_kem_vector_avx2_serialize_1(__m256i vector, uint8_t ret[2U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -243,6 +273,8 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s(
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(
     Eurydice_slice bytes);
 
+__m256i libcrux_ml_kem_vector_avx2_deserialize_1(Eurydice_slice bytes);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -261,6 +293,8 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n,
 void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector,
                                                       uint8_t ret[8U]);
 
+void libcrux_ml_kem_vector_avx2_serialize_4(__m256i vector, uint8_t ret[8U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -278,6 +312,8 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s(
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(
     Eurydice_slice bytes);
 
+__m256i libcrux_ml_kem_vector_avx2_deserialize_4(Eurydice_slice bytes);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -327,6 +363,8 @@ libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec(
 void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector,
                                                        uint8_t ret[20U]);
 
+void libcrux_ml_kem_vector_avx2_serialize_10(__m256i vector, uint8_t ret[20U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -340,6 +378,8 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(
     Eurydice_slice bytes);
 
+__m256i libcrux_ml_kem_vector_avx2_deserialize_10(Eurydice_slice bytes);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -372,6 +412,8 @@ libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec(
 void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector,
                                                        uint8_t ret[24U]);
 
+void libcrux_ml_kem_vector_avx2_serialize_12(__m256i vector, uint8_t ret[24U]);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -385,6 +427,8 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec(
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(
     Eurydice_slice bytes);
 
+__m256i libcrux_ml_kem_vector_avx2_deserialize_12(Eurydice_slice bytes);
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 1d3a317a8..f2a82731e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -3143,19 +3143,41 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff0(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+A monomorphic instance of libcrux_ml_kem.polynomial.ZERO
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
 */
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_8c(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
+  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  return lit;
+}
+
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-from_i16_array_ef_8c(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+from_i16_array_8c(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -3168,6 +3190,22 @@ from_i16_array_ef_8c(Eurydice_slice a) {
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+from_i16_array_ef_8c(Eurydice_slice a) {
+  return from_i16_array_8c(a);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -3601,6 +3639,24 @@ static KRML_MUSTINLINE void ntt_at_layer_1_8c(
       zeta_i[0U] = zeta_i[0U] + (size_t)3U;);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE void poly_barrett_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) {
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
+        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+            myself->coefficients[i0]);
+    myself->coefficients[i0] = uu____0;
+  }
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -3614,14 +3670,7 @@ with const generics
 */
 static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            self->coefficients[i0]);
-    self->coefficients[i0] = uu____0;
-  }
+  poly_barrett_reduce_8c(self);
 }
 
 /**
@@ -3722,26 +3771,48 @@ static KRML_MUSTINLINE tuple_dd0 sample_vector_cbd_then_ntt_out_3b(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+ Given two `KyberPolynomialRingElement`s in their NTT representations,
+ compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
+ the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
+
+ ```plaintext
+ ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
+ - ζ^(2·BitRev₇(i) + 1))
+ ```
+
+ This function almost implements <strong>Algorithm 10</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
+ Output: An array ĥ ∈ ℤq.
+
+ for(i ← 0; i < 128; i++)
+     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
+ ζ^(2·BitRev₇(i) + 1)) end for return ĥ
+ ```
+ We say "almost" because the coefficients of the ring element output by
+ this function are in the Montgomery domain.
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
-                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_ef_8c();
+ntt_multiply_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
+                libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_ntt_multiply_0d(
-            &self->coefficients[i0], &rhs->coefficients[i0],
+            &myself->coefficients[i0], &rhs->coefficients[i0],
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
                                            (size_t)1U),
@@ -3760,29 +3831,62 @@ This function found in impl
 TraitClause@1]#2}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  return ntt_multiply_8c(self, rhs);
+}
+
+/**
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 4
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_d0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+static KRML_MUSTINLINE void add_to_ring_element_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U, myself->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
-    self->coefficients[i0] = uu____0;
+    myself->coefficients[i0] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 4
+*/
+static KRML_MUSTINLINE void add_to_ring_element_ef_d0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  add_to_ring_element_d0(self, rhs);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -3797,32 +3901,45 @@ to_standard_domain_8c(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+static KRML_MUSTINLINE void add_standard_error_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
-        coefficient_normal_form = to_standard_domain_8c(self->coefficients[j]);
+        coefficient_normal_form =
+            to_standard_domain_8c(myself->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
                                                   &error->coefficients[j]));
-    self->coefficients[j] = uu____0;
+    myself->coefficients[j] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
+  add_standard_error_reduce_8c(self, error);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
@@ -4403,18 +4520,13 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_d0(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+static KRML_MUSTINLINE void add_error_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -4422,15 +4534,32 @@ static KRML_MUSTINLINE void add_error_reduce_ef_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
-                self->coefficients[j], (int16_t)1441);
+                myself->coefficients[j], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
                                                   &error->coefficients[j]));
-    self->coefficients[j] = uu____0;
+    myself->coefficients[j] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE void add_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
+  add_error_reduce_8c(self, error);
+}
+
 /**
  Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
 */
@@ -4520,19 +4649,14 @@ deserialize_then_decompress_message_8c(uint8_t serialized[32U]) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-add_message_error_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+add_message_error_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
   for (size_t i = (size_t)0U;
@@ -4543,7 +4667,7 @@ add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
                                               &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
@@ -4554,6 +4678,25 @@ add_message_error_reduce_ef_8c(
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+add_message_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
+  return add_message_error_reduce_8c(self, message, result);
+}
+
 /**
  Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
 */
@@ -5464,19 +5607,14 @@ deserialize_then_decompress_ring_element_v_ff(Eurydice_slice serialized) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
-                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
+subtract_reduce_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
+                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -5486,13 +5624,30 @@ subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
                 b.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_sub_0d(self->coefficients[i0],
+            libcrux_ml_kem_vector_portable_sub_0d(myself->coefficients[i0],
                                                   &coefficient_normal_form));
     b.coefficients[i0] = uu____0;
   }
   return b;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+                      libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
+  return subtract_reduce_8c(self, b);
+}
+
 /**
  The following functions compute various expressions involving
  vectors and matrices. The computation of these expressions has been
@@ -6570,34 +6725,50 @@ static KRML_MUSTINLINE tuple_400 sample_vector_cbd_then_ntt_out_3b0(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 2
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+static KRML_MUSTINLINE void add_to_ring_element_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U, myself->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
-    self->coefficients[i0] = uu____0;
+    myself->coefficients[i0] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 2
+*/
+static KRML_MUSTINLINE void add_to_ring_element_ef_a0(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  add_to_ring_element_a0(self, rhs);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
@@ -8634,34 +8805,50 @@ static KRML_MUSTINLINE tuple_230 sample_vector_cbd_then_ntt_out_3b1(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 - K= 3
 */
-static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+static KRML_MUSTINLINE void add_to_ring_element_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U, myself->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
-    self->coefficients[i0] = uu____0;
+    myself->coefficients[i0] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE void add_to_ring_element_ef_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  add_to_ring_element_1b(self, rhs);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index ccb5a6654..97e8167f3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 393be1f15..82d68203f 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 3274dc64a..280ba2a2a 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index eaa8d8c25..8af351595 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index c68ee5802..d6f138fc7 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 8c9edc379..6631b288a 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index c51c09cc5..4eab9beb0 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 54242b657..58904651b 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -2,5 +2,5 @@ This code was generated with the following revisions:
 Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
-F*: 5643e656b989aca7629723653a2570c7df6252b9
-Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index b8e2354f8..5f5c8417b 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index cf4a616ac..f21831f4f 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index f6933bc18..f6e41fd2a 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -180,6 +180,12 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) {
                                                  conditional_add_field_modulus);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_cond_subtract_3329(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -187,7 +193,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector);
+  return libcrux_ml_kem_vector_avx2_cond_subtract_3329(vector);
 }
 
 #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \
@@ -279,6 +285,13 @@ libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
       (int32_t)15, shifted_to_positive_in_range, __m256i);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_compress_1(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
+      vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -286,8 +299,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
-      vector);
+  return libcrux_ml_kem_vector_avx2_compress_1(vector);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -339,6 +351,14 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(
   return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
+    int16_t zeta3) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1,
+                                                         zeta2, zeta3);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -347,8 +367,8 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1,
-                                                         zeta2, zeta3);
+  return libcrux_ml_kem_vector_avx2_ntt_layer_1_step(vector, zeta0, zeta1,
+                                                     zeta2, zeta3);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -367,6 +387,12 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(
   return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -374,7 +400,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
     __m256i vector, int16_t zeta0, int16_t zeta1) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1);
+  return libcrux_ml_kem_vector_avx2_ntt_layer_2_step(vector, zeta0, zeta1);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -411,6 +437,12 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) {
       (int32_t)1, combined, upper_coefficients, __m256i);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_ntt_layer_3_step(__m256i vector, int16_t zeta) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -418,7 +450,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, int16_t zeta) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta);
+  return libcrux_ml_kem_vector_avx2_ntt_layer_3_step(vector, zeta);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -450,6 +482,14 @@ libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(__m256i vector,
                                                    sum_times_zetas, __m256i);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
+    int16_t zeta3) {
+  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
+      vector, zeta0, zeta1, zeta2, zeta3);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -460,8 +500,8 @@ libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(__m256i vector,
                                                    int16_t zeta0, int16_t zeta1,
                                                    int16_t zeta2,
                                                    int16_t zeta3) {
-  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
-      vector, zeta0, zeta1, zeta2, zeta3);
+  return libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(vector, zeta0, zeta1,
+                                                         zeta2, zeta3);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -490,6 +530,13 @@ libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector,
                                                    sum_times_zetas, __m256i);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(
+    __m256i vector, int16_t zeta0, int16_t zeta1) {
+  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0,
+                                                             zeta1);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -499,8 +546,7 @@ static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector,
                                                    int16_t zeta0,
                                                    int16_t zeta1) {
-  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0,
-                                                             zeta1);
+  return libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(vector, zeta0, zeta1);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -521,6 +567,12 @@ libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector,
       (int32_t)1, combined, upper_coefficients0, __m256i);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(__m256i vector, int16_t zeta) {
+  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -529,7 +581,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector,
                                                    int16_t zeta) {
-  return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta);
+  return libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(vector, zeta);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -619,6 +671,14 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(
                                                    products_right1, __m256i);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply(
+    __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
+    int16_t zeta3) {
+  return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0,
+                                                     zeta1, zeta2, zeta3);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -627,8 +687,8 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
     __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
-  return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0,
-                                                     zeta1, zeta2, zeta3);
+  return libcrux_ml_kem_vector_avx2_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2,
+                                                 zeta3);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -645,6 +705,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1(
   memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1(
+    __m256i vector, uint8_t ret[2U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -652,7 +718,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1_09(
     __m256i vector, uint8_t ret[2U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_1(vector, ret);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -689,6 +755,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) {
       Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_1(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -696,7 +768,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_1(bytes);
 }
 
 /**
@@ -748,6 +820,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4(
   memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4(
+    __m256i vector, uint8_t ret[8U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -755,7 +833,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4_09(
     __m256i vector, uint8_t ret[8U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_4(vector, ret);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -804,6 +882,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) {
       Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_4(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -811,7 +895,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_4(bytes);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -1003,6 +1087,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10(
   memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10(
+    __m256i vector, uint8_t ret[20U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -1010,7 +1100,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10_09(
     __m256i vector, uint8_t ret[20U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_10(vector, ret);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -1055,6 +1145,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) {
       libcrux_intrinsics_avx2_mm_loadu_si128(upper_coefficients));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_10(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -1062,7 +1158,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_10(bytes);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -1165,6 +1261,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12(
   memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t));
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12(
+    __m256i vector, uint8_t ret[24U]) {
+  libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -1172,7 +1274,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12_09(
     __m256i vector, uint8_t ret[24U]) {
-  libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret);
+  libcrux_ml_kem_vector_avx2_serialize_12(vector, ret);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -1216,6 +1318,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) {
       lower_coefficients, upper_coefficients);
 }
 
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_deserialize_12(Eurydice_slice bytes) {
+  return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -1223,7 +1331,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) {
-  return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes);
+  return libcrux_ml_kem_vector_avx2_deserialize_12(bytes);
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
@@ -1745,6 +1853,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_61(
   }
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself) {
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    myself->coefficients[i0] =
+        libcrux_ml_kem_vector_avx2_barrett_reduce_09(myself->coefficients[i0]);
+  }
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -1759,12 +1884,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    self->coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]);
-  }
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_61(self);
 }
 
 /**
@@ -2039,28 +2159,79 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+A monomorphic instance of libcrux_ml_kem.polynomial.ZERO
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
 */
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_ZERO_61(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
+  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  return lit;
+}
+
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
+ Given two `KyberPolynomialRingElement`s in their NTT representations,
+ compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
+ the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
+
+ ```plaintext
+ ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
+ - ζ^(2·BitRev₇(i) + 1))
+ ```
+
+ This function almost implements <strong>Algorithm 10</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
+ Output: An array ĥ ∈ ℤq.
+
+ for(i ← 0; i < 128; i++)
+     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
+ ζ^(2·BitRev₇(i) + 1)) end for return ĥ
+ ```
+ We say "almost" because the coefficients of the ring element output by
+ this function are in the Montgomery domain.
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+libcrux_ml_kem_polynomial_ntt_multiply_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09(
-        &self->coefficients[i0], &rhs->coefficients[i0],
+        &myself->coefficients[i0], &rhs->coefficients[i0],
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
                                        (size_t)1U),
@@ -2078,26 +2249,62 @@ This function found in impl
 TraitClause@1]#2}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
-- K= 3
+
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  return libcrux_ml_kem_polynomial_ntt_multiply_61(self, rhs);
+}
+
+/**
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(Eurydice_array_to_slice(
-                                  (size_t)16U, self->coefficients, __m256i),
+                                  (size_t)16U, myself->coefficients, __m256i),
                               __m256i);
        i++) {
     size_t i0 = i;
-    self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
-        self->coefficients[i0], &rhs->coefficients[i0]);
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+        myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+- K= 3
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
+  libcrux_ml_kem_polynomial_add_to_ring_element_ab(self, rhs);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
@@ -2241,20 +2448,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+libcrux_ml_kem_polynomial_subtract_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2263,12 +2465,31 @@ libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             b.coefficients[i0], (int16_t)1441);
     b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0],
+        libcrux_ml_kem_vector_avx2_sub_09(myself->coefficients[i0],
                                           &coefficient_normal_form));
   }
   return b;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
+  return libcrux_ml_kem_polynomial_subtract_reduce_61(self, b);
+}
+
 /**
  The following functions compute various expressions involving
  vectors and matrices. The computation of these expressions has been
@@ -2932,21 +3153,16 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed0(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_from_i16_array_ef_61(Eurydice_slice a) {
+libcrux_ml_kem_polynomial_from_i16_array_61(Eurydice_slice a) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_61();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -2957,6 +3173,23 @@ libcrux_ml_kem_polynomial_from_i16_array_ef_61(Eurydice_slice a) {
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_from_i16_array_ef_61(Eurydice_slice a) {
+  return libcrux_ml_kem_polynomial_from_i16_array_61(a);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector,
@@ -3576,32 +3809,45 @@ libcrux_ml_kem_matrix_compute_vector_u_closure_ab(size_t _i) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
-            self->coefficients[j], (int16_t)1441);
-    self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
+            myself->coefficients[j], (int16_t)1441);
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
+  libcrux_ml_kem_polynomial_add_error_reduce_61(self, error);
+}
+
 /**
  Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
 */
@@ -3692,20 +3938,15 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+libcrux_ml_kem_polynomial_add_message_error_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
   for (size_t i = (size_t)0U;
@@ -3714,7 +3955,7 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0],
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(myself->coefficients[i0],
                                                     &message->coefficients[i0]);
     __m256i tmp0 =
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
@@ -3724,6 +3965,27 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
+  return libcrux_ml_kem_polynomial_add_message_error_reduce_61(self, message,
+                                                               result);
+}
+
 /**
  Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
 */
@@ -3808,6 +4070,18 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
                                                          compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 10
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_compress_ef(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
+      vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -3820,8 +4094,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_compress_09_ef(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef(
-      vector);
+  return libcrux_ml_kem_vector_avx2_compress_ef(vector);
 }
 
 /**
@@ -3904,6 +4177,18 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
                                                          compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 11
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_compress_c4(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
+      vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -3916,8 +4201,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_compress_09_c4(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4(
-      vector);
+  return libcrux_ml_kem_vector_avx2_compress_c4(vector);
 }
 
 /**
@@ -4052,6 +4336,18 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
                                                          compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 4
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_compress_d1(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
+      vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -4064,8 +4360,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_compress_09_d1(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1(
-      vector);
+  return libcrux_ml_kem_vector_avx2_compress_d1(vector);
 }
 
 /**
@@ -4147,6 +4442,18 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
                                                          compressed, __m256i);
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress
+with const generics
+- COEFFICIENT_BITS= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE __m256i
+libcrux_ml_kem_vector_avx2_compress_f4(__m256i vector) {
+  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
+      vector);
+}
+
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
@@ -4159,8 +4466,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_compress_09_f4(__m256i vector) {
-  return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4(
-      vector);
+  return libcrux_ml_kem_vector_avx2_compress_f4(vector);
 }
 
 /**
@@ -4791,33 +5097,47 @@ libcrux_ml_kem_vector_traits_to_standard_domain_61(__m256i v) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce
 with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+libcrux_ml_kem_polynomial_add_standard_error_reduce_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
         libcrux_ml_kem_vector_traits_to_standard_domain_61(
-            self->coefficients[j]);
-    self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
+            myself->coefficients[j]);
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
         libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef
+with types libcrux_ml_kem_vector_avx2_SIMD256Vector
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
+  libcrux_ml_kem_polynomial_add_standard_error_reduce_61(self, error);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 8f0de6a3e..b0546b2ea 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -2960,6 +2960,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_8c(
   }
 }
 
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) {
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
+        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+            myself->coefficients[i0]);
+    myself->coefficients[i0] = uu____0;
+  }
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -2973,14 +2991,7 @@ with const generics
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            self->coefficients[i0]);
-    self->coefficients[i0] = uu____0;
-  }
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_8c(self);
 }
 
 /**
@@ -3198,28 +3209,78 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
+A monomorphic instance of libcrux_ml_kem.polynomial.ZERO
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
 */
+static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_ZERO_8c(void) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
+  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  return lit;
+}
+
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
+ Given two `KyberPolynomialRingElement`s in their NTT representations,
+ compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
+ the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
+
+ ```plaintext
+ ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
+ - ζ^(2·BitRev₇(i) + 1))
+ ```
+
+ This function almost implements <strong>Algorithm 10</strong> of the
+ NIST FIPS 203 standard, which is reproduced below:
+
+ ```plaintext
+ Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
+ Output: An array ĥ ∈ ℤq.
+
+ for(i ← 0; i < 128; i++)
+     (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
+ ζ^(2·BitRev₇(i) + 1)) end for return ĥ
+ ```
+ We say "almost" because the coefficients of the ring element output by
+ this function are in the Montgomery domain.
+
+ The NIST FIPS 203 standard can be found at
+ <https://csrc.nist.gov/pubs/fips/203/ipd>.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+libcrux_ml_kem_polynomial_ntt_multiply_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d out =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_ntt_multiply_0d(
-            &self->coefficients[i0], &rhs->coefficients[i0],
+            &myself->coefficients[i0], &rhs->coefficients[i0],
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
                                            (size_t)1U),
@@ -3238,29 +3299,63 @@ This function found in impl
 TraitClause@1]#2}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
-- K= 3
+
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  return libcrux_ml_kem_polynomial_ntt_multiply_8c(self, rhs);
+}
+
+/**
+ Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
+ sum of their constituent coefficients.
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice(
-                   (size_t)16U, self->coefficients,
+                   (size_t)16U, myself->coefficients,
                    libcrux_ml_kem_vector_portable_vector_type_PortableVector),
                libcrux_ml_kem_vector_portable_vector_type_PortableVector);
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
-    self->coefficients[i0] = uu____0;
+    myself->coefficients[i0] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
+  libcrux_ml_kem_polynomial_add_to_ring_element_1b(self, rhs);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -3403,19 +3498,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+libcrux_ml_kem_polynomial_subtract_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -3426,13 +3516,31 @@ libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
                 b.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_sub_0d(self->coefficients[i0],
+            libcrux_ml_kem_vector_portable_sub_0d(myself->coefficients[i0],
                                                   &coefficient_normal_form));
     b.coefficients[i0] = uu____0;
   }
   return b;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
+  return libcrux_ml_kem_polynomial_subtract_reduce_8c(self, b);
+}
+
 /**
  The following functions compute various expressions involving
  vectors and matrices. The computation of these expressions has been
@@ -4087,20 +4195,15 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_from_i16_array_ef_8c(Eurydice_slice a) {
+libcrux_ml_kem_polynomial_from_i16_array_8c(Eurydice_slice a) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_8c();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
@@ -4113,6 +4216,22 @@ libcrux_ml_kem_polynomial_from_i16_array_ef_8c(Eurydice_slice a) {
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_from_i16_array_ef_8c(Eurydice_slice a) {
+  return libcrux_ml_kem_polynomial_from_i16_array_8c(a);
+}
+
 /**
 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
@@ -4708,18 +4827,13 @@ libcrux_ml_kem_matrix_compute_vector_u_closure_1b(size_t _i) {
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -4727,15 +4841,32 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
-                self->coefficients[j], (int16_t)1441);
+                myself->coefficients[j], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
                                                   &error->coefficients[j]));
-    self->coefficients[j] = uu____0;
+    myself->coefficients[j] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
+  libcrux_ml_kem_polynomial_add_error_reduce_8c(self, error);
+}
+
 /**
  Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
 */
@@ -4831,19 +4962,14 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+libcrux_ml_kem_polynomial_add_message_error_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
   for (size_t i = (size_t)0U;
@@ -4854,7 +4980,7 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
             libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
                                               &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
         libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
@@ -4865,6 +4991,26 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
   return result;
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
+  return libcrux_ml_kem_polynomial_add_message_error_reduce_8c(self, message,
+                                                               result);
+}
+
 /**
  Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
 */
@@ -5722,19 +5868,14 @@ libcrux_ml_kem_vector_traits_to_standard_domain_8c(
 }
 
 /**
-This function found in impl
-{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
-TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce
 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+libcrux_ml_kem_polynomial_add_standard_error_reduce_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -5742,15 +5883,33 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
             libcrux_ml_kem_vector_traits_to_standard_domain_8c(
-                self->coefficients[j]);
+                myself->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
         libcrux_ml_kem_vector_portable_barrett_reduce_0d(
             libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
                                                   &error->coefficients[j]));
-    self->coefficients[j] = uu____0;
+    myself->coefficients[j] = uu____0;
   }
 }
 
+/**
+This function found in impl
+{libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
+TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef
+with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
+with const generics
+
+*/
+static KRML_MUSTINLINE void
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
+  libcrux_ml_kem_polynomial_add_standard_error_reduce_8c(self, error);
+}
+
 /**
  Compute  ◦ ŝ + ê
 */
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 7a519bf7c..3b4e28d82 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index a606f5f71..115e3a6be 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -7,8 +7,8 @@
  * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
- * F*: 5643e656b989aca7629723653a2570c7df6252b9
- * Libcrux: fbef3649fa222b800fc7dcc349855bcd7de48e36
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: a197c4d7286246d59e3044d437b3da9119cd5de8
  */
 
 #ifndef __libcrux_sha3_portable_H

From b0ff2c5564db3c3edfbd9db2015c7e0e17649da5 Mon Sep 17 00:00:00 2001
From: mamonet <maamoun.tk@gmail.com>
Date: Wed, 11 Dec 2024 07:54:56 +0000
Subject: [PATCH 099/142] Put Vector.Rej_sample_table in SLOW_MODULES

---
 libcrux-ml-kem/proofs/fstar/extraction/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index 4b9b03c26..7865c6d43 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,7 +1,7 @@
-SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
+SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst \
+                Libcrux_ml_kem.Vector.Rej_sample_table.fsti
 
-ADMIT_MODULES = Libcrux_ml_kem.Vector.Rej_sample_table.fsti \
-              Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \
+ADMIT_MODULES = Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \
               Libcrux_ml_kem.Vector.Neon.Compress.fst \
               Libcrux_ml_kem.Vector.Neon.fsti \
               Libcrux_ml_kem.Vector.Neon.fst \

From 9f923062eac13378f38581b2713046191d4ae7ad Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 11 Dec 2024 10:00:19 +0000
Subject: [PATCH 100/142] address review comments

---
 libcrux-ml-dsa/src/encoding/t1.rs             |  3 +-
 .../src/ml_dsa_generic/instantiations/avx2.rs | 36 ++++++++++++++-----
 libcrux-sha3/src/lib.rs                       |  6 ++--
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/libcrux-ml-dsa/src/encoding/t1.rs b/libcrux-ml-dsa/src/encoding/t1.rs
index 4f72fe98b..037e3e794 100644
--- a/libcrux-ml-dsa/src/encoding/t1.rs
+++ b/libcrux-ml-dsa/src/encoding/t1.rs
@@ -27,8 +27,9 @@ pub(crate) fn deserialize<SIMDUnit: Operations>(
     serialized: &[u8],
     result: &mut PolynomialRingElement<SIMDUnit>,
 ) {
+    const WINDOW: usize = 10;
     for i in 0..result.simd_units.len() {
-        result.simd_units[i] = SIMDUnit::t1_deserialize(&serialized[i * 10..(i + 1) * 10]);
+        result.simd_units[i] = SIMDUnit::t1_deserialize(&serialized[i * WINDOW..(i + 1) * WINDOW]);
     }
     ()
 }
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
index 92d06ad8d..a6d3c85b5 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
@@ -25,7 +25,9 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             crate::hash_functions::simd256::Shake256x4,
             ROWS_IN_A,
             COLUMNS_IN_A,
@@ -64,7 +66,9 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             crate::hash_functions::simd256::Shake256x4,
             ROWS_IN_A,
             COLUMNS_IN_A,
@@ -111,7 +115,9 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             crate::hash_functions::simd256::Shake256x4,
             ROWS_IN_A,
             COLUMNS_IN_A,
@@ -156,10 +162,14 @@ mod avx2_feature {
     ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
         crate::ml_dsa_generic::sign_pre_hashed::<
             crate::simd::avx2::AVX2SIMDUnit,
-            crate::hash_functions::portable::Shake128, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake128,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             crate::hash_functions::simd256::Shake256x4,
             SHAKE128_PH,
             256,
@@ -207,7 +217,9 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             ROWS_IN_A,
             COLUMNS_IN_A,
             SIGNATURE_SIZE,
@@ -251,7 +263,9 @@ mod avx2_feature {
             crate::simd::avx2::AVX2SIMDUnit,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             ROWS_IN_A,
             COLUMNS_IN_A,
             SIGNATURE_SIZE,
@@ -293,10 +307,14 @@ mod avx2_feature {
     ) -> Result<(), VerificationError> {
         crate::ml_dsa_generic::verify_pre_hashed::<
             crate::simd::avx2::AVX2SIMDUnit,
-            crate::hash_functions::portable::Shake128, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake128,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
-            crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
+            // We use the portable version here.
+            // It doesn' make sense to do these in parallel.
+            crate::hash_functions::portable::Shake256Xof,
             SHAKE128_PH,
             256,
             ROWS_IN_A,
diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs
index 0d5d02d8c..45033ab98 100644
--- a/libcrux-sha3/src/lib.rs
+++ b/libcrux-sha3/src/lib.rs
@@ -270,17 +270,17 @@ pub mod portable {
         }
         use super::*;
 
-        /// SHAKE128 in absorb state
+        /// SHAKE128 Xof state
         pub struct Shake128Xof {
             state: KeccakXofState<1, 168, u64>,
         }
 
-        /// SHAKE256 in absorb state
+        /// SHAKE256 Xof state
         pub struct Shake256Xof {
             state: KeccakXofState<1, 136, u64>,
         }
 
-        /// An XOF in absorb state
+        /// An XOF
         pub trait Xof<const RATE: usize>: private::Sealed {
             /// Create new absorb state
             fn new() -> Self;

From d1cba6527e846ccd3ae64a53045fad388d29dd15 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 14:49:30 +0000
Subject: [PATCH 101/142] table for verification status

---
 libcrux-ml-kem/proofs/verification_status.md | 76 +++++++++++---------
 1 file changed, 42 insertions(+), 34 deletions(-)

diff --git a/libcrux-ml-kem/proofs/verification_status.md b/libcrux-ml-kem/proofs/verification_status.md
index 9fe4f928b..90c045d85 100644
--- a/libcrux-ml-kem/proofs/verification_status.md
+++ b/libcrux-ml-kem/proofs/verification_status.md
@@ -2,41 +2,49 @@
 
 This file keeps track of the current verification status of the modules in the ML-KEM implementation.
 
-## Generic modules
-* constant_time_ops: Verified
-* hash_functions: Verified
-* ind_cca: Verified 
-* ind_cpa: Verified
-* ind_cca/instaniations: Verified
-* ind_cca/instaniations/avx2: Verified
-* ind_cca/multiplexing: Verified
+Lax Checking means that the module translates to typed code in F* which passes the F* lax checker.
+Runtime Safety means that the module has been proved to be free of panics, that it obeys all the preconditions
+set by the Rust standard library (e.g. arrays are accessed in bounds, arithmetic operations do not overflow, etc)
+as well as the pre-conditions set by all the modules this module depends on (e.g. range preconditions on inputs).
+Correctness means that the module has been formally verified for correctness against a high-level mathematical
+specifiction of its input-output behavior.
 
-* invert_ntt: Panic Free
-* ntt: Panic Free
-* mlkem*: Panic Free
+We write "yes" when the module is fully proven to satisfy one of these conditions, and "needs proofs" when some
+functions in the modules still need some proofs in that category.
 
-* matrix: Needs proofs
-* sampling: Needs proofs
-* polynomial: Needs proofs
-* serialize: Needs proofs
 
-## Portable modules
-* arithmetic: Verified
-* compress: Verified
-* ntt: Verified
-* serialize: Verified
-* sampling: Needs proofs
+| Category | File              | Lax Checking | Runtime Safety | Correctness  |
+| -------- | ----------------- | ------------ | -------------- | ------------ |
+| Generic  | constant_time_ops | yes          | yes            | yes          |    
+|          | hash_functions    | yes          | yes            | yes          |    
+|          | ind_cpa           | yes          | yes            | yes          |    
+|          | ind_cca           | yes          | yes            | yes          |    
+|          | instantiations    | yes          | yes            | yes          |    
+|          | multiplexing      | yes          | yes            | yes          |    
+|          | mlkem*            | yes          | yes            | needs proofs |    
+|          | invert_ntt        | yes          | yes            | needs proofs |    
+|          | ntt               | yes          | yes            | needs proofs |    
+|          | matrix            | yes          | needs proofs   | needs proofs |    
+|          | sampling          | yes          | needs proofs   | needs proofs |    
+|          | polynomial        | yes          | needs proofs   | needs proofs |    
+|          | serialize         | yes          | needs proofs   | needs proofs |    
+| -------- | ----------------- | ------------ | -------------- | ------------ |
+| Portable | arithmetic        | yes          | yes            | yes          |
+|          | ntt               | yes          | yes            | yes          |
+|          | compress          | yes          | yes            | yes          |
+|          | serialize         | yes          | yes            | yes          |
+|          | sampling          | yes          | needs proofs   | needs proofs |
+| -------- | ----------------- | ------------ | -------------- | ------------ |
+| avx2     | arithmetic        | yes          | yes            | yes          |
+|          | ntt               | yes          | yes            | yes          |
+|          | compress          | yes          | yes            | needs proofs |
+|          | serialize         | yes          | needs proofs   | needs proofs |
+|          | sampling          | yes          | needs proofs   | needs proofs |
+| -------- | ----------------- | ------------ | -------------- | ------------ |
+| neon     | arithmetic        | yes          | needs proofs   | needs proofs |
+|          | ntt               | yes          | needs proofs   | needs proofs |
+|          | compress          | yes          | needs proofs   | needs proofs |
+|          | serialize         | yes          | needs proofs   | needs proofs |
+|          | sampling          | yes          | needs proofs   | needs proofs |
+| -------- | ----------------- | ------------ | -------------- | ------------ |
 
-## AVX2 modules
-* arithmetic: Verified
-* serialize: Verified
-* compress: Panic Free
-* ntt: Needs proofs
-* sampling: Needs proofs
-
-## Neon modules
-* arithmetic: Not verified
-* serialize: Not verified
-* compress: Not verified
-* ntt: Needs Not verified
-* sampling: Not verified

From d8a1a29469a043a6d05124e6eb9419b393fd3e92 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 14:55:45 +0000
Subject: [PATCH 102/142] linked issue

---
 libcrux-ml-kem/src/polynomial.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index 0df5e0f6f..541322227 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -68,6 +68,7 @@ pub(crate) struct PolynomialRingElement<Vector: Operations> {
 #[allow(non_snake_case)]
 fn ZERO<Vector: Operations>() -> PolynomialRingElement<Vector> {
     PolynomialRingElement {
+        // https://github.com/hacspec/hax/issues/27
         // FIXME:  The THIR body of item DefId(0:415 ~ libcrux_ml_kem[9000]::polynomial::{impl#0}::ZERO::{constant#0}) was stolen.
         coefficients: [Vector::ZERO(); 16],
     }

From 38cc1db9bab68ae1fdb52277f2d1b020de1a1ed7 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 17:24:41 +0100
Subject: [PATCH 103/142] verif status

---
 libcrux-ml-kem/proofs/verification_status.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/libcrux-ml-kem/proofs/verification_status.md b/libcrux-ml-kem/proofs/verification_status.md
index 90c045d85..71f373679 100644
--- a/libcrux-ml-kem/proofs/verification_status.md
+++ b/libcrux-ml-kem/proofs/verification_status.md
@@ -15,7 +15,7 @@ functions in the modules still need some proofs in that category.
 
 | Category | File              | Lax Checking | Runtime Safety | Correctness  |
 | -------- | ----------------- | ------------ | -------------- | ------------ |
-| Generic  | constant_time_ops | yes          | yes            | yes          |    
+| _Generic_  | constant_time_ops | yes          | yes            | yes          |    
 |          | hash_functions    | yes          | yes            | yes          |    
 |          | ind_cpa           | yes          | yes            | yes          |    
 |          | ind_cca           | yes          | yes            | yes          |    
@@ -28,23 +28,22 @@ functions in the modules still need some proofs in that category.
 |          | sampling          | yes          | needs proofs   | needs proofs |    
 |          | polynomial        | yes          | needs proofs   | needs proofs |    
 |          | serialize         | yes          | needs proofs   | needs proofs |    
-| -------- | ----------------- | ------------ | -------------- | ------------ |
-| Portable | arithmetic        | yes          | yes            | yes          |
+| 	   |                   |              |                |              |
+| _Portable_ | arithmetic        | yes          | yes            | yes          |
 |          | ntt               | yes          | yes            | yes          |
 |          | compress          | yes          | yes            | yes          |
 |          | serialize         | yes          | yes            | yes          |
 |          | sampling          | yes          | needs proofs   | needs proofs |
-| -------- | ----------------- | ------------ | -------------- | ------------ |
-| avx2     | arithmetic        | yes          | yes            | yes          |
+|          |                   |              |                |              |
+| _Avx2_     | arithmetic        | yes          | yes            | yes          |
 |          | ntt               | yes          | yes            | yes          |
 |          | compress          | yes          | yes            | needs proofs |
 |          | serialize         | yes          | needs proofs   | needs proofs |
 |          | sampling          | yes          | needs proofs   | needs proofs |
-| -------- | ----------------- | ------------ | -------------- | ------------ |
-| neon     | arithmetic        | yes          | needs proofs   | needs proofs |
+|          |                   |              |                |              |
+| _Neon_     | arithmetic        | yes          | needs proofs   | needs proofs |
 |          | ntt               | yes          | needs proofs   | needs proofs |
 |          | compress          | yes          | needs proofs   | needs proofs |
 |          | serialize         | yes          | needs proofs   | needs proofs |
 |          | sampling          | yes          | needs proofs   | needs proofs |
-| -------- | ----------------- | ------------ | -------------- | ------------ |
 

From c51c2dddfdda4a78d6671743e9d24fb5d0c1512d Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 11 Dec 2024 16:25:41 +0000
Subject: [PATCH 104/142] update C extraction

---
 libcrux-ml-kem/c/code_gen.txt                 |   2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   2 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   2 +-
 .../c/internal/libcrux_mlkem_portable.h       |   2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   2 +-
 .../c/internal/libcrux_sha3_internal.h        | 310 +++++++++---------
 libcrux-ml-kem/c/libcrux_core.c               |   2 +-
 libcrux-ml-kem/c/libcrux_core.h               |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     |   2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |   2 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   2 +-
 libcrux-ml-kem/cg/code_gen.txt                |   2 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   2 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     |   2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |   2 +-
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     | 310 +++++++++---------
 38 files changed, 328 insertions(+), 364 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 96556d5be..fa60f6271 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index c5f48a4ce..322d182d6 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 01108cafb..c94c2e592 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index aca6e52eb..4e73d33cd 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index fb158f1b4..27e184647 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index ca072118b..8cce8bc81 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
@@ -245,7 +245,7 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_e2_s {
 } libcrux_sha3_generic_keccak_KeccakXofState_e2;
 
 typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
-    libcrux_sha3_portable_incremental_Shake256Absorb;
+    libcrux_sha3_portable_incremental_Shake256Xof;
 
 /**
  Consume the internal buffer and the required amount of the input to pad to
@@ -401,19 +401,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
  Shake256 absorb
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Absorb)#2}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
 */
-static inline void libcrux_sha3_portable_incremental_absorb_7d(
+static inline void libcrux_sha3_portable_incremental_absorb_68(
     libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
   libcrux_sha3_generic_keccak_absorb_8b_c6(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
-    libcrux_sha3_portable_incremental_Shake256Squeeze;
-
 /**
  Absorb a final block.
 
@@ -479,16 +475,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e(
  Shake256 absorb final
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Absorb)#2}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
-libcrux_sha3_portable_incremental_absorb_final_7d(
-    libcrux_sha3_generic_keccak_KeccakXofState_e2 self, Eurydice_slice input) {
+static inline void libcrux_sha3_portable_incremental_absorb_final_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_9e(&self, buf);
-  return self;
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e(self, buf);
 }
 
 /**
@@ -675,15 +668,132 @@ libcrux_sha3_generic_keccak_new_8b_c6(void) {
  Shake256 new state
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Absorb)#2}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
 */
 static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
-libcrux_sha3_portable_incremental_new_7d(void) {
+libcrux_sha3_portable_incremental_new_68(void) {
   return libcrux_sha3_generic_keccak_new_8b_c6();
 }
 
+/**
+ `out` has the exact size we want here. It must be less than or equal to `RATE`.
+*/
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
+    uint64_t (*state)[5U], Eurydice_slice out[1U]) {
+  size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
+  size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
+  for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+  if (last_block_len != (size_t)0U) {
+    Eurydice_slice uu____1 = Eurydice_slice_subslice2(
+        out[0U], num_full_blocks * (size_t)8U,
+        num_full_blocks * (size_t)8U + last_block_len, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(
+        state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____1,
+        Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
+        uint8_t);
+  }
+}
+
+/**
+ Squeeze `N` x `LEN` bytes.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice out[1U]) {
+  if (self->sponge) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+  }
+  size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = out_len / (size_t)136U;
+  size_t last = out_len - out_len % (size_t)136U;
+  size_t mid;
+  if ((size_t)136U >= out_len) {
+    mid = out_len;
+  } else {
+    mid = (size_t)136U;
+  }
+  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
+  Eurydice_slice out00[1U];
+  memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice out_rest[1U];
+  memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
+          core_ops_range_Range_08, core_ops_range_Range_08);
+  while (true) {
+    if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+            &iter, size_t, core_option_Option_08)
+            .tag == core_option_None) {
+      break;
+    } else {
+      Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+                                                         (size_t)136U);
+      Eurydice_slice out0[1U];
+      memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
+      Eurydice_slice tmp[1U];
+      memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
+      memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
+    }
+  }
+  if (last < out_len) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
+  }
+  self->sponge = true;
+}
+
+/**
+ Shake256 squeeze
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
+*/
+static inline void libcrux_sha3_portable_incremental_squeeze_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
+  Eurydice_slice buf[1U] = {out};
+  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
+}
+
 /**
 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
 with types uint64_t
@@ -699,7 +809,7 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_97_s {
 } libcrux_sha3_generic_keccak_KeccakXofState_97;
 
 typedef libcrux_sha3_generic_keccak_KeccakXofState_97
-    libcrux_sha3_portable_incremental_Shake128Absorb;
+    libcrux_sha3_portable_incremental_Shake128Xof;
 
 /**
  Consume the internal buffer and the required amount of the input to pad to
@@ -852,19 +962,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
 }
 
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Absorb)}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
-static inline void libcrux_sha3_portable_incremental_absorb_1c(
+static inline void libcrux_sha3_portable_incremental_absorb_2f(
     libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
   libcrux_sha3_generic_keccak_absorb_8b_c60(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_97
-    libcrux_sha3_portable_incremental_Shake128Squeeze;
-
 /**
  Absorb a final block.
 
@@ -927,16 +1033,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e0(
 }
 
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Absorb)}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_97
-libcrux_sha3_portable_incremental_absorb_final_1c(
-    libcrux_sha3_generic_keccak_KeccakXofState_97 self, Eurydice_slice input) {
+static inline void libcrux_sha3_portable_incremental_absorb_final_2f(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(&self, buf);
-  return self;
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(self, buf);
 }
 
 /**
@@ -1152,134 +1255,14 @@ libcrux_sha3_generic_keccak_new_8b_c60(void) {
 }
 
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Absorb)}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
 static inline libcrux_sha3_generic_keccak_KeccakXofState_97
-libcrux_sha3_portable_incremental_new_1c(void) {
+libcrux_sha3_portable_incremental_new_2f(void) {
   return libcrux_sha3_generic_keccak_new_8b_c60();
 }
 
-/**
- `out` has the exact size we want here. It must be less than or equal to `RATE`.
-*/
-/**
-This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
-usize> for u64)}
-*/
-/**
-A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
-with const generics
-- RATE= 136
-*/
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
-    uint64_t (*state)[5U], Eurydice_slice out[1U]) {
-  size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
-  size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
-  for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
-    size_t i0 = i;
-    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
-        out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
-    uint8_t ret[8U];
-    core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
-    Eurydice_slice_copy(
-        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
-  }
-  if (last_block_len != (size_t)0U) {
-    Eurydice_slice uu____1 = Eurydice_slice_subslice2(
-        out[0U], num_full_blocks * (size_t)8U,
-        num_full_blocks * (size_t)8U + last_block_len, uint8_t);
-    uint8_t ret[8U];
-    core_num__u64_9__to_le_bytes(
-        state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
-    Eurydice_slice_copy(
-        uu____1,
-        Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
-        uint8_t);
-  }
-}
-
-/**
- Squeeze `N` x `LEN` bytes.
-*/
-/**
-This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
-PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b
-with types uint64_t
-with const generics
-- PARALLEL_LANES= 1
-- RATE= 136
-*/
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
-    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
-    Eurydice_slice out[1U]) {
-  if (self->sponge) {
-    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
-  }
-  size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
-  size_t blocks = out_len / (size_t)136U;
-  size_t last = out_len - out_len % (size_t)136U;
-  size_t mid;
-  if ((size_t)136U >= out_len) {
-    mid = out_len;
-  } else {
-    mid = (size_t)136U;
-  }
-  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
-      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
-  Eurydice_slice out00[1U];
-  memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
-  Eurydice_slice out_rest[1U];
-  memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
-  core_ops_range_Range_08 iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
-                                             .end = blocks}),
-          core_ops_range_Range_08, core_ops_range_Range_08);
-  while (true) {
-    if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-            &iter, size_t, core_option_Option_08)
-            .tag == core_option_None) {
-      break;
-    } else {
-      Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
-                                                         (size_t)136U);
-      Eurydice_slice out0[1U];
-      memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
-      Eurydice_slice tmp[1U];
-      memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
-      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
-      memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
-    }
-  }
-  if (last < out_len) {
-    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
-    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
-  }
-  self->sponge = true;
-}
-
-/**
- Shake256 squeeze
-*/
-/**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Squeeze)#3}
-*/
-static inline void libcrux_sha3_portable_incremental_squeeze_8a(
-    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
-  Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
-}
-
 /**
  `out` has the exact size we want here. It must be less than or equal to `RATE`.
 */
@@ -1389,11 +1372,10 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
  Shake128 squeeze
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Squeeze)#1}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
-static inline void libcrux_sha3_portable_incremental_squeeze_10(
+static inline void libcrux_sha3_portable_incremental_squeeze_2f(
     libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
   libcrux_sha3_generic_keccak_squeeze_8b_c60(self, buf);
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 76677a85b..61b0a6556 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index a94f355d9..0e1e56827 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index b173ad526..10a342939 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index c43ee8f13..b9329bb6c 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index afd941054..c11238c83 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 57e04e060..27f7af3bb 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index b1942de40..3c8d10766 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index ab5380f35..d36c4edc6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index e23ec575f..f01ff24d4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 6e4bc764c..8a37e6ad1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 0f919e950..a36ff5b74 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 4cdcf8d07..8b857f3f7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index adf020ae6..11ba89a99 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index b8fc9a3c4..eb76ca161 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index e5c7f82c3..2ed095a8c 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index a767de37e..8b0e1a1c3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index d3c6f6abc..f9e85d74e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 8b8affa45..76e9f79ec 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index cbc9c0c6c..2bb5b6243 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 3272dbcf8..02c85a990 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "internal/libcrux_mlkem_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 594c2bd30..81d96fa11 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index a930941d7..f4d77b827 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index a9b3b3f77..8bd336749 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 7b0eb2132..f40fab695 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 1e69eabe2..25ede7742 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 3bbff9516..fa60f6271 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
-Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 797299a5e..33e8d0a6b 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index d29deded9..d5d436aa6 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 09c5ec2f6..50f3b0065 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 0ef93f4c2..8dcdb1834 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 412ce26b2..b55d65d99 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 6bed02ce3..a95250aad 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty
- * Libcrux: dc479b888127f61fdc6af2d8524c06a6a6fb1e9c
+ * Libcrux: 9f923062eac13378f38581b2713046191d4ae7ad
  */
 
 #ifndef __libcrux_sha3_portable_H
@@ -3705,7 +3705,7 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_e2_s {
 } libcrux_sha3_generic_keccak_KeccakXofState_e2;
 
 typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
-    libcrux_sha3_portable_incremental_Shake256Absorb;
+    libcrux_sha3_portable_incremental_Shake256Xof;
 
 /**
  Consume the internal buffer and the required amount of the input to pad to
@@ -3861,19 +3861,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6(
  Shake256 absorb
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Absorb)#2}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
 */
-static inline void libcrux_sha3_portable_incremental_absorb_7d(
+static inline void libcrux_sha3_portable_incremental_absorb_68(
     libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
   libcrux_sha3_generic_keccak_absorb_8b_c6(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_e2
-    libcrux_sha3_portable_incremental_Shake256Squeeze;
-
 /**
  Absorb a final block.
 
@@ -3939,16 +3935,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e(
  Shake256 absorb final
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Absorb)#2}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
-libcrux_sha3_portable_incremental_absorb_final_7d(
-    libcrux_sha3_generic_keccak_KeccakXofState_e2 self, Eurydice_slice input) {
+static inline void libcrux_sha3_portable_incremental_absorb_final_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_9e(&self, buf);
-  return self;
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e(self, buf);
 }
 
 /**
@@ -4135,15 +4128,132 @@ libcrux_sha3_generic_keccak_new_8b_c6(void) {
  Shake256 new state
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Absorb)#2}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
 */
 static inline libcrux_sha3_generic_keccak_KeccakXofState_e2
-libcrux_sha3_portable_incremental_new_7d(void) {
+libcrux_sha3_portable_incremental_new_68(void) {
   return libcrux_sha3_generic_keccak_new_8b_c6();
 }
 
+/**
+ `out` has the exact size we want here. It must be less than or equal to `RATE`.
+*/
+/**
+This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
+usize> for u64)}
+*/
+/**
+A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
+with const generics
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
+    uint64_t (*state)[5U], Eurydice_slice out[1U]) {
+  size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
+  size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
+  for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
+    size_t i0 = i;
+    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
+        out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
+  }
+  if (last_block_len != (size_t)0U) {
+    Eurydice_slice uu____1 = Eurydice_slice_subslice2(
+        out[0U], num_full_blocks * (size_t)8U,
+        num_full_blocks * (size_t)8U + last_block_len, uint8_t);
+    uint8_t ret[8U];
+    core_num__u64_9__to_le_bytes(
+        state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
+    Eurydice_slice_copy(
+        uu____1,
+        Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
+        uint8_t);
+  }
+}
+
+/**
+ Squeeze `N` x `LEN` bytes.
+*/
+/**
+This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
+PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
+*/
+/**
+A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b
+with types uint64_t
+with const generics
+- PARALLEL_LANES= 1
+- RATE= 136
+*/
+static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
+    Eurydice_slice out[1U]) {
+  if (self->sponge) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+  }
+  size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
+  size_t blocks = out_len / (size_t)136U;
+  size_t last = out_len - out_len % (size_t)136U;
+  size_t mid;
+  if ((size_t)136U >= out_len) {
+    mid = out_len;
+  } else {
+    mid = (size_t)136U;
+  }
+  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
+      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
+  Eurydice_slice out00[1U];
+  memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
+  Eurydice_slice out_rest[1U];
+  memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
+  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
+  core_ops_range_Range_08 iter =
+      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
+          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
+                                             .end = blocks}),
+          core_ops_range_Range_08, core_ops_range_Range_08);
+  while (true) {
+    if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
+            &iter, size_t, Option_08)
+            .tag == None) {
+      break;
+    } else {
+      Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
+          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
+                                                         (size_t)136U);
+      Eurydice_slice out0[1U];
+      memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
+      Eurydice_slice tmp[1U];
+      memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
+      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
+      memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
+    }
+  }
+  if (last < out_len) {
+    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
+    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
+  }
+  self->sponge = true;
+}
+
+/**
+ Shake256 squeeze
+*/
+/**
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<136:
+usize> for libcrux_sha3::portable::incremental::Shake256Xof)#1}
+*/
+static inline void libcrux_sha3_portable_incremental_squeeze_68(
+    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
+  Eurydice_slice buf[1U] = {out};
+  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
+}
+
 /**
 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
 with types uint64_t
@@ -4159,7 +4269,7 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_97_s {
 } libcrux_sha3_generic_keccak_KeccakXofState_97;
 
 typedef libcrux_sha3_generic_keccak_KeccakXofState_97
-    libcrux_sha3_portable_incremental_Shake128Absorb;
+    libcrux_sha3_portable_incremental_Shake128Xof;
 
 /**
  Consume the internal buffer and the required amount of the input to pad to
@@ -4312,19 +4422,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60(
 }
 
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Absorb)}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
-static inline void libcrux_sha3_portable_incremental_absorb_1c(
+static inline void libcrux_sha3_portable_incremental_absorb_2f(
     libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
   libcrux_sha3_generic_keccak_absorb_8b_c60(self, buf);
 }
 
-typedef libcrux_sha3_generic_keccak_KeccakXofState_97
-    libcrux_sha3_portable_incremental_Shake128Squeeze;
-
 /**
  Absorb a final block.
 
@@ -4387,16 +4493,13 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e0(
 }
 
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Absorb)}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
-static inline libcrux_sha3_generic_keccak_KeccakXofState_97
-libcrux_sha3_portable_incremental_absorb_final_1c(
-    libcrux_sha3_generic_keccak_KeccakXofState_97 self, Eurydice_slice input) {
+static inline void libcrux_sha3_portable_incremental_absorb_final_2f(
+    libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) {
   Eurydice_slice buf[1U] = {input};
-  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(&self, buf);
-  return self;
+  libcrux_sha3_generic_keccak_absorb_final_8b_9e0(self, buf);
 }
 
 /**
@@ -4612,134 +4715,14 @@ libcrux_sha3_generic_keccak_new_8b_c60(void) {
 }
 
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Absorb)}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
 static inline libcrux_sha3_generic_keccak_KeccakXofState_97
-libcrux_sha3_portable_incremental_new_1c(void) {
+libcrux_sha3_portable_incremental_new_2f(void) {
   return libcrux_sha3_generic_keccak_new_8b_c60();
 }
 
-/**
- `out` has the exact size we want here. It must be less than or equal to `RATE`.
-*/
-/**
-This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
-usize> for u64)}
-*/
-/**
-A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
-with const generics
-- RATE= 136
-*/
-static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b(
-    uint64_t (*state)[5U], Eurydice_slice out[1U]) {
-  size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
-  size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
-  for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
-    size_t i0 = i;
-    Eurydice_slice uu____0 = Eurydice_slice_subslice2(
-        out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
-    uint8_t ret[8U];
-    core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
-    Eurydice_slice_copy(
-        uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
-  }
-  if (last_block_len != (size_t)0U) {
-    Eurydice_slice uu____1 = Eurydice_slice_subslice2(
-        out[0U], num_full_blocks * (size_t)8U,
-        num_full_blocks * (size_t)8U + last_block_len, uint8_t);
-    uint8_t ret[8U];
-    core_num__u64_9__to_le_bytes(
-        state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
-    Eurydice_slice_copy(
-        uu____1,
-        Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
-        uint8_t);
-  }
-}
-
-/**
- Squeeze `N` x `LEN` bytes.
-*/
-/**
-This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
-PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2}
-*/
-/**
-A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b
-with types uint64_t
-with const generics
-- PARALLEL_LANES= 1
-- RATE= 136
-*/
-static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6(
-    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self,
-    Eurydice_slice out[1U]) {
-  if (self->sponge) {
-    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
-  }
-  size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
-  size_t blocks = out_len / (size_t)136U;
-  size_t last = out_len - out_len % (size_t)136U;
-  size_t mid;
-  if ((size_t)136U >= out_len) {
-    mid = out_len;
-  } else {
-    mid = (size_t)136U;
-  }
-  Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
-      libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
-  Eurydice_slice out00[1U];
-  memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
-  Eurydice_slice out_rest[1U];
-  memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
-  libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00);
-  core_ops_range_Range_08 iter =
-      core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
-          (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U,
-                                             .end = blocks}),
-          core_ops_range_Range_08, core_ops_range_Range_08);
-  while (true) {
-    if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next(
-            &iter, size_t, Option_08)
-            .tag == None) {
-      break;
-    } else {
-      Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
-          libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
-                                                         (size_t)136U);
-      Eurydice_slice out0[1U];
-      memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
-      Eurydice_slice tmp[1U];
-      memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
-      libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
-      libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0);
-      memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
-    }
-  }
-  if (last < out_len) {
-    libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner);
-    libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest);
-  }
-  self->sponge = true;
-}
-
-/**
- Shake256 squeeze
-*/
-/**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for
-libcrux_sha3::portable::incremental::Shake256Squeeze)#3}
-*/
-static inline void libcrux_sha3_portable_incremental_squeeze_8a(
-    libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) {
-  Eurydice_slice buf[1U] = {out};
-  libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf);
-}
-
 /**
  `out` has the exact size we want here. It must be less than or equal to `RATE`.
 */
@@ -4849,11 +4832,10 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60(
  Shake128 squeeze
 */
 /**
-This function found in impl
-{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for
-libcrux_sha3::portable::incremental::Shake128Squeeze)#1}
+This function found in impl {(libcrux_sha3::portable::incremental::Xof<168:
+usize> for libcrux_sha3::portable::incremental::Shake128Xof)}
 */
-static inline void libcrux_sha3_portable_incremental_squeeze_10(
+static inline void libcrux_sha3_portable_incremental_squeeze_2f(
     libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out) {
   Eurydice_slice buf[1U] = {out};
   libcrux_sha3_generic_keccak_squeeze_8b_c60(self, buf);

From 578d7f6dbe55b38980626130478d44e5203b3976 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 18:08:59 +0100
Subject: [PATCH 105/142] raw strings

---
 libcrux-ml-kem/src/constant_time_ops.rs       |  60 +--
 libcrux-ml-kem/src/hash_functions.rs          |  92 ++---
 libcrux-ml-kem/src/ind_cca.rs                 | 194 +++++----
 libcrux-ml-kem/src/ind_cca/instantiations.rs  |  44 +-
 .../src/ind_cca/instantiations/avx2.rs        | 308 +++++++-------
 libcrux-ml-kem/src/ind_cca/multiplexing.rs    |  20 +-
 libcrux-ml-kem/src/ind_cpa.rs                 | 382 +++++++++---------
 libcrux-ml-kem/src/invert_ntt.rs              | 100 ++---
 libcrux-ml-kem/src/matrix.rs                  |  30 +-
 libcrux-ml-kem/src/mlkem1024.rs               |  24 +-
 libcrux-ml-kem/src/mlkem512.rs                |  24 +-
 libcrux-ml-kem/src/mlkem768.rs                |  24 +-
 libcrux-ml-kem/src/ntt.rs                     | 148 +++----
 libcrux-ml-kem/src/polynomial.rs              |   4 +-
 libcrux-ml-kem/src/sampling.rs                |  20 +-
 libcrux-ml-kem/src/serialize.rs               | 130 +++---
 libcrux-ml-kem/src/types.rs                   |  16 +-
 libcrux-ml-kem/src/utils.rs                   |  24 +-
 libcrux-ml-kem/src/variant.rs                 |  16 +-
 libcrux-ml-kem/src/vector/avx2.rs             | 220 +++++-----
 libcrux-ml-kem/src/vector/avx2/arithmetic.rs  | 226 ++++++-----
 libcrux-ml-kem/src/vector/avx2/compress.rs    |   6 +-
 libcrux-ml-kem/src/vector/avx2/ntt.rs         |  14 +-
 libcrux-ml-kem/src/vector/avx2/serialize.rs   |  18 +-
 libcrux-ml-kem/src/vector/neon.rs             |   6 +-
 libcrux-ml-kem/src/vector/portable.rs         | 186 ++++-----
 .../src/vector/portable/arithmetic.rs         | 176 ++++----
 .../src/vector/portable/compress.rs           |  76 ++--
 libcrux-ml-kem/src/vector/portable/ntt.rs     | 206 +++++-----
 .../src/vector/portable/sampling.rs           |   2 +-
 .../src/vector/portable/vector_type.rs        |   6 +-
 libcrux-ml-kem/src/vector/traits.rs           | 156 +++----
 32 files changed, 1554 insertions(+), 1404 deletions(-)

diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs
index 7c2a9323e..33c7c858f 100644
--- a/libcrux-ml-kem/src/constant_time_ops.rs
+++ b/libcrux-ml-kem/src/constant_time_ops.rs
@@ -11,14 +11,15 @@ use crate::constants::SHARED_SECRET_SIZE;
 // XXX: We have to disable this for C extraction for now. See eurydice/issues#37
 
 /// Return 1 if `value` is not zero and 0 otherwise.
-#[hax_lib::ensures(|result| fstar!("($value == 0uy ==> $result == 0uy) /\\
-    ($value =!= 0uy ==> $result == 1uy)"))]
+#[hax_lib::ensures(|result| fstar!(r#"($value == 0uy ==> $result == 0uy) /\
+    ($value =!= 0uy ==> $result == 1uy)"#))]
 fn inz(value: u8) -> u8 {
     let _orig_value = value;
     let value = value as u16;
     let result = ((!value).wrapping_add(1) >> 8) as u8;
     let res = result & 1;
-    hax_lib::fstar!("if v $_orig_value = 0 then  (
+    hax_lib::fstar!(
+        r#"if v $_orig_value = 0 then  (
         assert($value == zero);
         lognot_lemma $value;
         assert((~.$value +. 1us) == zero);
@@ -42,13 +43,14 @@ fn inz(value: u8) -> u8 {
         assert (v ((Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1);
         assert ($result = ones);
         logand_lemma 1uy $result;
-        assert ($res = 1uy))");
+        assert ($res = 1uy))"#
+    );
     res
 }
 
 #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out.
-#[hax_lib::ensures(|result| fstar!("($value == 0uy ==> $result == 0uy) /\\
-    ($value =!= 0uy ==> $result == 1uy)"))]
+#[hax_lib::ensures(|result| fstar!(r#"($value == 0uy ==> $result == 0uy) /\
+    ($value =!= 0uy ==> $result == 1uy)"#))]
 fn is_non_zero(value: u8) -> u8 {
     #[cfg(eurydice)]
     return inz(value);
@@ -60,21 +62,22 @@ fn is_non_zero(value: u8) -> u8 {
 /// Return 1 if the bytes of `lhs` and `rhs` do not exactly
 /// match and 0 otherwise.
 #[hax_lib::requires(lhs.len() == rhs.len())]
-#[hax_lib::ensures(|result| fstar!("($lhs == $rhs ==> $result == 0uy) /\\
-    ($lhs =!= $rhs ==> $result == 1uy)"))]
+#[hax_lib::ensures(|result| fstar!(r#"($lhs == $rhs ==> $result == 0uy) /\
+    ($lhs =!= $rhs ==> $result == 1uy)"#))]
 fn compare(lhs: &[u8], rhs: &[u8]) -> u8 {
     let mut r: u8 = 0;
     for i in 0..lhs.len() {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "v $i <= Seq.length $lhs /\\
+                "v $i <= Seq.length $lhs /\
             (if (Seq.slice $lhs 0 (v $i) = Seq.slice $rhs 0 (v $i)) then
                 $r == 0uy
                 else ~ ($r == 0uy))"
             )
         });
         let nr = r | (lhs[i] ^ rhs[i]);
-        hax_lib::fstar!("if $r =. 0uy then (
+        hax_lib::fstar!(
+            r#"if $r =. 0uy then (
             if (Seq.index $lhs (v $i) = Seq.index $rhs (v $i)) then (
                logxor_lemma (Seq.index $lhs (v $i)) (Seq.index $rhs (v $i));
                assert (((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8) = zero);
@@ -101,7 +104,8 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 {
               (assert (forall j. j < (v $i) + 1 ==> Seq.index (Seq.slice $lhs 0 ((v $i)+1)) j == Seq.index (Seq.slice $rhs 0 ((v $i)+1)) j);
                eq_intro (Seq.slice $lhs 0 (v $i)) (Seq.slice $rhs 0 (v $i));
                assert(False))
-          )");
+          )"#
+        );
         r = nr;
     }
 
@@ -114,8 +118,8 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 {
     lhs.len() == rhs.len() &&
     lhs.len() == SHARED_SECRET_SIZE
 )]
-#[hax_lib::ensures(|result| fstar!("($selector == 0uy ==> $result == $lhs) /\\
-        ($selector =!= 0uy ==> $result == $rhs)"))]
+#[hax_lib::ensures(|result| fstar!(r#"($selector == 0uy ==> $result == $lhs) /\
+        ($selector =!= 0uy ==> $result == $rhs)"#))]
 #[hax_lib::fstar::options("--ifuel 0 --z3rlimit 50")]
 fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] {
     let mask = is_non_zero(selector).wrapping_sub(1);
@@ -128,13 +132,16 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] {
 
     for i in 0..SHARED_SECRET_SIZE {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("v $i <= v $SHARED_SECRET_SIZE /\\
-            (forall j. j < v $i ==> (if ($selector =. 0uy) then Seq.index $out j == Seq.index $lhs j else Seq.index $out j == Seq.index $rhs j)) /\\
-            (forall j. j >= v $i ==> Seq.index $out j == 0uy)")
+            fstar!(
+                r#"v $i <= v $SHARED_SECRET_SIZE /\
+            (forall j. j < v $i ==> (if ($selector =. 0uy) then Seq.index $out j == Seq.index $lhs j else Seq.index $out j == Seq.index $rhs j)) /\
+            (forall j. j >= v $i ==> Seq.index $out j == 0uy)"#
+            )
         });
-        hax_lib::fstar!("assert ((${out}.[ $i ] <: u8) = 0uy)");
+        hax_lib::fstar!(r#"assert ((${out}.[ $i ] <: u8) = 0uy)"#);
         let outi = (lhs[i] & mask) | (rhs[i] & !mask);
-        hax_lib::fstar!("if ($selector = 0uy) then (
+        hax_lib::fstar!(
+            r#"if ($selector = 0uy) then (
             logand_lemma (${lhs}.[ $i ] <: u8) $mask;
             assert (((${lhs}.[ $i ] <: u8) &. $mask <: u8) == (${lhs}.[ $i ] <: u8));
             logand_lemma (${rhs}.[ $i ] <: u8) (~.$mask);
@@ -156,7 +163,8 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] {
             logor_lemma (${out}.[ $i ] <: u8) (${rhs}.[ $i ] <: u8);
             assert (((${out}.[ $i ] <: u8) |. (((${lhs}.[ $i ] <: u8) &. $mask <: u8) |. ((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8) <: u8) <: u8) == (${rhs}.[ $i ] <: u8));
             assert ($outi = (${rhs}.[ $i ] <: u8))
-          )");
+          )"#
+        );
         out[i] = outi;
     }
 
@@ -173,8 +181,8 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] {
 
 #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out.
 #[hax_lib::requires(lhs.len() == rhs.len())]
-#[hax_lib::ensures(|result| fstar!("($lhs == $rhs ==> $result == 0uy) /\\
-    ($lhs =!= $rhs ==> $result == 1uy)"))]
+#[hax_lib::ensures(|result| fstar!(r#"($lhs == $rhs ==> $result == 0uy) /\
+    ($lhs =!= $rhs ==> $result == 1uy)"#))]
 pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 {
     #[cfg(eurydice)]
     return compare(lhs, rhs);
@@ -188,8 +196,8 @@ pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8
     lhs.len() == rhs.len() &&
     lhs.len() == SHARED_SECRET_SIZE
 )]
-#[hax_lib::ensures(|result| fstar!("($selector == 0uy ==> $result == $lhs) /\\
-       ($selector =!= 0uy ==> $result == $rhs)"))]
+#[hax_lib::ensures(|result| fstar!(r#"($selector == 0uy ==> $result == $lhs) /\
+       ($selector =!= 0uy ==> $result == $rhs)"#))]
 pub(crate) fn select_shared_secret_in_constant_time(
     lhs: &[u8],
     rhs: &[u8],
@@ -207,9 +215,9 @@ pub(crate) fn select_shared_secret_in_constant_time(
     lhs_s.len() == rhs_s.len() &&
     lhs_s.len() == SHARED_SECRET_SIZE
 )]
-#[hax_lib::ensures(|result| fstar!("let selector = if $lhs_c =. $rhs_c then 0uy else 1uy in
-    ((selector == 0uy ==> $result == $lhs_s) /\\
-     (selector =!= 0uy ==> $result == $rhs_s))"))]
+#[hax_lib::ensures(|result| fstar!(r#"let selector = if $lhs_c =. $rhs_c then 0uy else 1uy in
+    ((selector == 0uy ==> $result == $lhs_s) /\
+     (selector =!= 0uy ==> $result == $rhs_s))"#))]
 pub(crate) fn compare_ciphertexts_select_shared_secret_in_constant_time(
     lhs_c: &[u8],
     rhs_c: &[u8],
diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs
index 17d34fdc2..f76ad4c8f 100644
--- a/libcrux-ml-kem/src/hash_functions.rs
+++ b/libcrux-ml-kem/src/hash_functions.rs
@@ -28,31 +28,31 @@ pub(crate) trait Hash<const K: usize> {
     /// G aka SHA3 512
     #[requires(true)]
     #[ensures(|result|
-        fstar!("$result == Spec.Utils.v_G $input"))
+        fstar!(r#"$result == Spec.Utils.v_G $input"#))
     ]
     fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE];
 
     /// H aka SHA3 256
     #[requires(true)]
     #[ensures(|result|
-        fstar!("$result == Spec.Utils.v_H $input"))
+        fstar!(r#"$result == Spec.Utils.v_H $input"#))
     ]
     fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE];
 
     /// PRF aka SHAKE256
-    #[requires(fstar!("v $LEN < pow2 32"))]
+    #[requires(fstar!(r#"v $LEN < pow2 32"#))]
     #[ensures(|result|
         // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-        fstar!("v $LEN < pow2 32 ==> $result == Spec.Utils.v_PRF $LEN $input"))
+        fstar!(r#"v $LEN < pow2 32 ==> $result == Spec.Utils.v_PRF $LEN $input"#))
     ]
     fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN];
 
     /// PRFxN aka N SHAKE256
-    #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
     #[ensures(|result|
         // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-        fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
-            $result == Spec.Utils.v_PRFxN $K $LEN $input"))
+        fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+            $result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
     fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K];
 
@@ -84,7 +84,7 @@ pub(crate) mod portable {
     }
 
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_G $input"))
+        fstar!(r#"$result == Spec.Utils.v_G $input"#))
     ]
     #[inline(always)]
     fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
@@ -94,7 +94,7 @@ pub(crate) mod portable {
     }
 
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_H $input"))
+        fstar!(r#"$result == Spec.Utils.v_H $input"#))
     ]
     #[inline(always)]
     fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
@@ -103,9 +103,9 @@ pub(crate) mod portable {
         digest
     }
 
-    #[hax_lib::requires(fstar!("v $LEN < pow2 32"))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_PRF $LEN $input"))
+        fstar!(r#"$result == Spec.Utils.v_PRF $LEN $input"#))
     ]
     #[inline(always)]
     fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
@@ -114,9 +114,9 @@ pub(crate) mod portable {
         digest
     }
 
-    #[hax_lib::requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_PRFxN $K $LEN $input"))
+        fstar!(r#"$result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
     #[inline(always)]
     fn PRFxN<const K: usize, const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
@@ -172,7 +172,7 @@ pub(crate) mod portable {
     #[hax_lib::attributes]
     impl<const K: usize> Hash<K> for PortableHash<K> {
         #[ensures(|out|
-            fstar!("$out == Spec.Utils.v_G $input"))
+            fstar!(r#"$out == Spec.Utils.v_G $input"#))
         ]
         #[inline(always)]
         fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
@@ -180,27 +180,27 @@ pub(crate) mod portable {
         }
 
         #[ensures(|out|
-            fstar!("$out == Spec.Utils.v_H $input"))
+            fstar!(r#"$out == Spec.Utils.v_H $input"#))
         ]
         #[inline(always)]
         fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
             H(input)
         }
 
-        #[requires(fstar!("v $LEN < pow2 32"))]
+        #[requires(fstar!(r#"v $LEN < pow2 32"#))]
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-            fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"))
+            fstar!(r#"v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"#))
         ]
         #[inline(always)]
         fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
             PRF::<LEN>(input)
         }
 
-        #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+        #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
         #[ensures(|out|
-            fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
-                $out == Spec.Utils.v_PRFxN $K $LEN $input"))
+            fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+                $out == Spec.Utils.v_PRFxN $K $LEN $input"#))
         ]
         #[inline(always)]
         fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
@@ -243,7 +243,7 @@ pub(crate) mod avx2 {
     }
 
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_G $input"))
+        fstar!(r#"$result == Spec.Utils.v_G $input"#))
     ]
     #[inline(always)]
     fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
@@ -253,7 +253,7 @@ pub(crate) mod avx2 {
     }
 
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_H $input"))
+        fstar!(r#"$result == Spec.Utils.v_H $input"#))
     ]
     #[inline(always)]
     fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
@@ -262,9 +262,9 @@ pub(crate) mod avx2 {
         digest
     }
 
-    #[hax_lib::requires(fstar!("v $LEN < pow2 32"))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_PRF $LEN $input"))
+        fstar!(r#"$result == Spec.Utils.v_PRF $LEN $input"#))
     ]
     #[inline(always)]
     fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
@@ -273,9 +273,9 @@ pub(crate) mod avx2 {
         digest
     }
 
-    #[hax_lib::requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_PRFxN $K $LEN $input"))
+        fstar!(r#"$result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
     #[inline(always)]
     fn PRFxN<const K: usize, const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
@@ -425,7 +425,7 @@ pub(crate) mod avx2 {
     #[hax_lib::attributes]
     impl<const K: usize> Hash<K> for Simd256Hash {
         #[ensures(|out|
-            fstar!("$out == Spec.Utils.v_G $input"))
+            fstar!(r#"$out == Spec.Utils.v_G $input"#))
         ]
         #[inline(always)]
         fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
@@ -433,27 +433,27 @@ pub(crate) mod avx2 {
         }
 
         #[ensures(|out|
-            fstar!("$out == Spec.Utils.v_H $input"))
+            fstar!(r#"$out == Spec.Utils.v_H $input"#))
         ]
         #[inline(always)]
         fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
             H(input)
         }
 
-        #[requires(fstar!("v $LEN < pow2 32"))]
+        #[requires(fstar!(r#"v $LEN < pow2 32"#))]
         #[hax_lib::ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-            fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"))
+            fstar!(r#"v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"#))
         ]
         #[inline(always)]
         fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
             PRF::<LEN>(input)
         }
 
-        #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+        #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
         #[ensures(|out|
-            fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
-                $out == Spec.Utils.v_PRFxN $K $LEN $input"))
+            fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+                $out == Spec.Utils.v_PRFxN $K $LEN $input"#))
         ]
         #[inline(always)]
         fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
@@ -493,7 +493,7 @@ pub(crate) mod neon {
     }
 
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_G $input"))
+        fstar!(r#"$result == Spec.Utils.v_G $input"#))
     ]
     #[inline(always)]
     fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
@@ -503,7 +503,7 @@ pub(crate) mod neon {
     }
 
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_H $input"))
+        fstar!(r#"$result == Spec.Utils.v_H $input"#))
     ]
     #[inline(always)]
     fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
@@ -512,9 +512,9 @@ pub(crate) mod neon {
         digest
     }
 
-    #[hax_lib::requires(fstar!("v $LEN < pow2 32"))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_PRF $LEN $input"))
+        fstar!(r#"$result == Spec.Utils.v_PRF $LEN $input"#))
     ]
     #[inline(always)]
     fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
@@ -524,9 +524,9 @@ pub(crate) mod neon {
         digest
     }
 
-    #[hax_lib::requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result == Spec.Utils.v_PRFxN $K $LEN $input"))
+        fstar!(r#"$result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
     #[inline(always)]
     fn PRFxN<const K: usize, const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
@@ -703,7 +703,7 @@ pub(crate) mod neon {
     #[hax_lib::attributes]
     impl<const K: usize> Hash<K> for Simd128Hash {
         #[ensures(|out|
-            fstar!("$out == Spec.Utils.v_G $input"))
+            fstar!(r#"$out == Spec.Utils.v_G $input"#))
         ]
         #[inline(always)]
         fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] {
@@ -711,28 +711,28 @@ pub(crate) mod neon {
         }
 
         #[ensures(|out|
-            fstar!("$out == Spec.Utils.v_H $input"))
+            fstar!(r#"$out == Spec.Utils.v_H $input"#))
         ]
         #[inline(always)]
         fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] {
             H(input)
         }
 
-        #[requires(fstar!("v $LEN < pow2 32"))]
+        #[requires(fstar!(r#"v $LEN < pow2 32"#))]
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-            fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"))
+            fstar!(r#"v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input"#))
         ]
         #[inline(always)]
         fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN] {
             PRF::<LEN>(input)
         }
 
-        #[requires(fstar!("v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"))]
+        #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-            fstar!("(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
-                $out == Spec.Utils.v_PRFxN $K $LEN $input"))
+            fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+                $out == Spec.Utils.v_PRFxN $K $LEN $input"#))
         ]
         #[inline(always)]
         fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] {
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index bc7c45428..843d347f2 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -37,15 +37,15 @@ pub(crate) mod instantiations;
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
-#[hax_lib::ensures(|result| fstar!("${serialized}_future == Seq.append $private_key (
+    ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"#))]
+#[hax_lib::ensures(|result| fstar!(r#"${serialized}_future == Seq.append $private_key (
                                               Seq.append $public_key (
                                               Seq.append (Spec.Utils.v_H $public_key) 
-                                                  $implicit_rejection_value))"))]
+                                                  $implicit_rejection_value))"#))]
 fn serialize_kem_secret_key_mut<
     const K: usize,
     const SERIALIZED_KEY_LEN: usize,
@@ -66,7 +66,8 @@ fn serialize_kem_secret_key_mut<
     serialized[pointer..pointer + implicit_rejection_value.len()]
         .copy_from_slice(implicit_rejection_value);
 
-    hax_lib::fstar!("let open Spec.Utils in
+    hax_lib::fstar!(
+        r#"let open Spec.Utils in
     assert (Seq.slice serialized 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K)) `Seq.equal` $private_key);
     assert (Seq.slice serialized (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K))
                             (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K)) `Seq.equal` $public_key);
@@ -84,20 +85,21 @@ fn serialize_kem_secret_key_mut<
                                             Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +!
                                             Spec.MLKEM.v_SHARED_SECRET_SIZE))
             == $implicit_rejection_value);
-    lemma_slice_append_4 serialized $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value");
+    lemma_slice_append_4 serialized $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value"#
+    );
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
-#[hax_lib::ensures(|result| fstar!("$result == Seq.append $private_key (
+    ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"#))]
+#[hax_lib::ensures(|result| fstar!(r#"$result == Seq.append $private_key (
                                               Seq.append $public_key (
                                               Seq.append (Spec.Utils.v_H $public_key) 
-                                                  $implicit_rejection_value))"))]
+                                                  $implicit_rejection_value))"#))]
 fn serialize_kem_secret_key<const K: usize, const SERIALIZED_KEY_LEN: usize, Hasher: Hash<K>>(
     private_key: &[u8],
     public_key: &[u8],
@@ -120,9 +122,9 @@ fn serialize_kem_secret_key<const K: usize, const SERIALIZED_KEY_LEN: usize, Has
 /// Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
 /// `public_key` type.
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
 fn validate_public_key<
     const K: usize,
     const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -150,9 +152,9 @@ fn validate_public_key<
 /// and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
 fn validate_private_key<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -170,8 +172,8 @@ fn validate_private_key<
 /// This implements the Hash check in 7.3 3.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"#))]
 fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hasher: Hash<K>>(
     private_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
 ) -> bool {
@@ -190,15 +192,15 @@ fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hashe
 /// Depending on the `Vector` and `Hasher` used, this requires different hardware
 /// features
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
     $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
-#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_generate_keypair $K $randomness in
-                                    valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"))]
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
+#[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cca_generate_keypair $K $randomness in
+                                    valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"#))]
 #[inline(always)]
 fn generate_keypair<
     const K: usize,
@@ -241,7 +243,7 @@ fn generate_keypair<
 }
 
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
     $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
@@ -253,9 +255,9 @@ fn generate_keypair<
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
-#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness in
-                                    valid ==> (${result}._1.f_value, ${result}._2) == expected"))]
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
+#[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness in
+                                    valid ==> (${result}._1.f_value, ${result}._2) == expected"#))]
 #[inline(always)]
 fn encapsulate<
     const K: usize,
@@ -280,7 +282,7 @@ fn encapsulate<
 ) -> (MlKemCiphertext<CIPHERTEXT_SIZE>, MlKemSharedSecret) {
     let randomness = Scheme::entropy_preprocess::<K, Hasher>(&randomness);
     let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness);
-    hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $randomness");
+    hax_lib::fstar!(r#"eq_intro (Seq.slice $to_hash 0 32) $randomness"#);
     to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice()));
     hax_lib::fstar!(
         "assert (Seq.slice to_hash 0 (v $H_DIGEST_SIZE) == $randomness);
@@ -314,7 +316,7 @@ fn encapsulate<
 
 /// This code verifies on some machines, runs out of memory on others
 #[hax_lib::fstar::options("--z3rlimit 500")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -329,9 +331,9 @@ fn encapsulate<
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
-#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value in
-                                    valid ==> $result == expected"))]
+    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
+#[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value in
+                                    valid ==> $result == expected"#))]
 #[inline(always)]
 pub(crate) fn decapsulate<
     const K: usize,
@@ -357,16 +359,20 @@ pub(crate) fn decapsulate<
     private_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
     ciphertext: &MlKemCiphertext<CIPHERTEXT_SIZE>,
 ) -> MlKemSharedSecret {
-    hax_lib::fstar!("assert (v $CIPHERTEXT_SIZE == v $IMPLICIT_REJECTION_HASH_INPUT_SIZE - v $SHARED_SECRET_SIZE)");
+    hax_lib::fstar!(
+        r#"assert (v $CIPHERTEXT_SIZE == v $IMPLICIT_REJECTION_HASH_INPUT_SIZE - v $SHARED_SECRET_SIZE)"#
+    );
     let (ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value) =
         unpack_private_key::<CPA_SECRET_KEY_SIZE, PUBLIC_KEY_SIZE>(&private_key.value);
 
-    hax_lib::fstar!("assert ($ind_cpa_secret_key == slice ${private_key}.f_value (sz 0) $CPA_SECRET_KEY_SIZE);
+    hax_lib::fstar!(
+        r#"assert ($ind_cpa_secret_key == slice ${private_key}.f_value (sz 0) $CPA_SECRET_KEY_SIZE);
         assert ($ind_cpa_public_key == slice ${private_key}.f_value $CPA_SECRET_KEY_SIZE ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE));
         assert ($ind_cpa_public_key_hash == slice ${private_key}.f_value ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE)
             ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE));
         assert ($implicit_rejection_value == slice ${private_key}.f_value ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE)
-            (length ${private_key}.f_value))");
+            (length ${private_key}.f_value))"#
+    );
     let decrypted = crate::ind_cpa::decrypt::<
         K,
         CIPHERTEXT_SIZE,
@@ -377,22 +383,26 @@ pub(crate) fn decapsulate<
     >(ind_cpa_secret_key, &ciphertext.value);
 
     let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted);
-    hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $decrypted");
+    hax_lib::fstar!(r#"eq_intro (Seq.slice $to_hash 0 32) $decrypted"#);
     to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ind_cpa_public_key_hash);
 
-    hax_lib::fstar!("lemma_slice_append to_hash $decrypted $ind_cpa_public_key_hash;
+    hax_lib::fstar!(
+        r#"lemma_slice_append to_hash $decrypted $ind_cpa_public_key_hash;
         assert ($decrypted == Spec.MLKEM.ind_cpa_decrypt $K $ind_cpa_secret_key ${ciphertext}.f_value);
-        assert ($to_hash == concat $decrypted $ind_cpa_public_key_hash)");
+        assert ($to_hash == concat $decrypted $ind_cpa_public_key_hash)"#
+    );
     let hashed = Hasher::G(&to_hash);
     let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
 
-    hax_lib::fstar!("assert (($shared_secret , $pseudorandomness) == split $hashed $SHARED_SECRET_SIZE);
+    hax_lib::fstar!(
+        r#"assert (($shared_secret , $pseudorandomness) == split $hashed $SHARED_SECRET_SIZE);
         assert (length $implicit_rejection_value = $SECRET_KEY_SIZE -! $CPA_SECRET_KEY_SIZE -! $PUBLIC_KEY_SIZE -! $H_DIGEST_SIZE);
         assert (length $implicit_rejection_value = Spec.MLKEM.v_SHARED_SECRET_SIZE);
-        assert (Spec.MLKEM.v_SHARED_SECRET_SIZE <=. Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K)");
+        assert (Spec.MLKEM.v_SHARED_SECRET_SIZE <=. Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K)"#
+    );
     let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] =
         into_padded_array(implicit_rejection_value);
-    hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $implicit_rejection_value");
+    hax_lib::fstar!(r#"eq_intro (Seq.slice $to_hash 0 32) $implicit_rejection_value"#);
     to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref());
     hax_lib::fstar!(
         "assert_norm (pow2 32 == 0x100000000);
@@ -473,17 +483,17 @@ pub(crate) mod unpacked {
 
     /// Generate an unpacked key from a serialized key.
     #[hax_lib::requires(
-        fstar!("Spec.MLKEM.is_rank $K /\\
+        fstar!(r#"Spec.MLKEM.is_rank $K /\\
         $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#)
     )]
     #[hax_lib::ensures(|result|
-        fstar!("let (public_key_hash, (seed, (deserialized_pk, (matrix_A, valid)))) =
+        fstar!(r#"let (public_key_hash, (seed, (deserialized_pk, (matrix_A, valid)))) =
             Spec.MLKEM.ind_cca_unpack_public_key $K ${public_key}.f_value in (valid ==>
             Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_A == matrix_A) /\\
         Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_t_as_ntt == deserialized_pk /\\
         ${unpacked_public_key}_future.f_ind_cpa_public_key.f_seed_for_A == seed /\\
-        ${unpacked_public_key}_future.f_public_key_hash == public_key_hash"))
+        ${unpacked_public_key}_future.f_public_key_hash == public_key_hash"#))
     ]
     #[inline(always)]
     pub(crate) fn unpack_public_key<
@@ -501,10 +511,12 @@ pub(crate) mod unpacked {
             &public_key.value[..T_AS_NTT_ENCODED_SIZE],
             &mut unpacked_public_key.ind_cpa_public_key.t_as_ntt,
         );
-        hax_lib::fstar!("let (_, seed) = split ${public_key}.f_value (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K) in
+        hax_lib::fstar!(
+            r#"let (_, seed) = split ${public_key}.f_value (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K) in
             Lib.Sequence.eq_intro #u8 #32 (Libcrux_ml_kem.Utils.into_padded_array (sz 32) seed) seed;
             Lib.Sequence.eq_intro #u8 #32
-                (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32) seed");
+                (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed) 0 32) seed"#
+        );
         unpacked_public_key.ind_cpa_public_key.seed_for_A =
             into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]);
         sample_matrix_A::<K, Vector, Hasher>(
@@ -519,18 +531,18 @@ pub(crate) mod unpacked {
     impl<const K: usize, Vector: Operations> MlKemPublicKeyUnpacked<K, Vector> {
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                    self.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+                    self.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
         #[ensures(|_|
-            fstar!("${serialized}_future.f_value == 
+            fstar!(r#"${serialized}_future.f_value == 
                 Seq.append (Spec.MLKEM.vector_encode_12 #$K
                     (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
                         self.f_ind_cpa_public_key.f_t_as_ntt))
-                self.f_ind_cpa_public_key.f_seed_for_A)")
+                self.f_ind_cpa_public_key.f_seed_for_A)"#)
         )]
         pub fn serialized_mut<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -548,17 +560,17 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index
-                    self.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+                    self.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
         #[ensures(|res|
-            fstar!("${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K
+            fstar!(r#"${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K
                             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
                                 self.f_ind_cpa_public_key.f_t_as_ntt))
-                        self.f_ind_cpa_public_key.f_seed_for_A)")
+                        self.f_ind_cpa_public_key.f_seed_for_A)"#)
         )]
         pub fn serialized<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -590,12 +602,12 @@ pub(crate) mod unpacked {
 
     /// Take a serialized private key and generate an unpacked key pair from it.
     #[inline(always)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
            v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
            v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
            v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
            v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
-           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"))]
+           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"#))]
     pub fn keys_from_private_key<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -654,12 +666,12 @@ pub(crate) mod unpacked {
 
         /// Take a serialized private key and generate an unpacked key pair from it.
         #[inline(always)]
-        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
            v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
            v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
            v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
            v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
-           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"))]
+           v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"#))]
         pub fn from_private_key<
             const SECRET_KEY_SIZE: usize,
             const CPA_SECRET_KEY_SIZE: usize,
@@ -684,18 +696,18 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
         #[ensures(|_|
-            fstar!("${serialized}_future.f_value == 
+            fstar!(r#"${serialized}_future.f_value == 
                 Seq.append (Spec.MLKEM.vector_encode_12 #$K
                     (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
                         self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt))
-                self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)")
+                self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)"#)
         )]
         pub fn serialized_public_key_mut<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -710,17 +722,17 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index
-                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+                    self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
         #[ensures(|res|
-            fstar!("${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K
+            fstar!(r#"${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K
                             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector
                                 self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt))
-                        self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)")
+                        self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)"#)
         )]
         pub fn serialized_public_key<
             const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -746,11 +758,11 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         #[inline(always)]
-        #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
             $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
             $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"))]
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"#))]
         pub fn serialized_private_key_mut<
             const CPA_PRIVATE_KEY_SIZE: usize,
             const PRIVATE_KEY_SIZE: usize,
@@ -781,11 +793,11 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         #[inline(always)]
-        #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+        #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
             $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
             $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
             $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"))]
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"#))]
         pub fn serialized_private_key<
             const CPA_PRIVATE_KEY_SIZE: usize,
             const PRIVATE_KEY_SIZE: usize,
@@ -815,10 +827,10 @@ pub(crate) mod unpacked {
 
     #[hax_lib::fstar::options("--z3rlimit 200")]
     #[hax_lib::ensures(|result|
-        fstar!("forall (i: nat). i < v $K ==>
+        fstar!(r#"forall (i: nat). i < v $K ==>
             (forall (j: nat). j < v $K ==>
                 Seq.index (Seq.index $result i) j ==
-                    Seq.index (Seq.index $ind_cpa_a j) i)"))
+                    Seq.index (Seq.index $ind_cpa_a j) i)"#))
     ]
     fn transpose_a<const K: usize, Vector: Operations>(
         ind_cpa_a: [[PolynomialRingElement<Vector>; K]; K],
@@ -862,18 +874,18 @@ pub(crate) mod unpacked {
     /// Generate Unpacked Keys
     #[inline(always)]
     #[hax_lib::fstar::options("--z3rlimit 1500 --ext context_pruning --z3refresh")]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
         $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))]
     #[hax_lib::ensures(|result|
-        fstar!("let ((m_A, public_key_hash), implicit_rejection_value), valid =
+        fstar!(r#"let ((m_A, public_key_hash), implicit_rejection_value), valid =
             Spec.MLKEM.ind_cca_unpack_generate_keypair $K $randomness in
         valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector
             ${out}_future.f_public_key.f_ind_cpa_public_key.f_A == m_A /\\
         ${out}_future.f_public_key.f_public_key_hash == public_key_hash /\\
-        ${out}_future.f_private_key.f_implicit_rejection_value == implicit_rejection_value"))
+        ${out}_future.f_private_key.f_implicit_rejection_value == implicit_rejection_value"#))
     ]
     pub(crate) fn generate_keypair<
         const K: usize,
@@ -901,7 +913,8 @@ pub(crate) mod unpacked {
 
         #[allow(non_snake_case)]
         let A = transpose_a::<K, Vector>(out.public_key.ind_cpa_public_key.A);
-        hax_lib::fstar!("let (ind_cpa_keypair_randomness, _) = split $randomness Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE in
+        hax_lib::fstar!(
+            r#"let (ind_cpa_keypair_randomness, _) = split $randomness Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE in
         let ((((_, _), matrix_A_as_ntt), _), sufficient_randomness) =
             Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K ind_cpa_keypair_randomness in
         let m_v_A = Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector $A in
@@ -919,7 +932,8 @@ pub(crate) mod unpacked {
         in
         Classical.forall_intro lemma_aux;
         if sufficient_randomness then
-            Lib.Sequence.eq_intro #(Spec.MLKEM.vector $K) #(v $K) m_A m_v_A");
+            Lib.Sequence.eq_intro #(Spec.MLKEM.vector $K) #(v $K) m_A m_v_A"#
+        );
         out.public_key.ind_cpa_public_key.A = A;
 
         let pk_serialized =
@@ -933,7 +947,7 @@ pub(crate) mod unpacked {
 
     // Encapsulate with Unpacked Public Key
     #[inline(always)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
         $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
@@ -943,15 +957,15 @@ pub(crate) mod unpacked {
         $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
         $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
         $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
     #[hax_lib::ensures(|(ciphertext_result, shared_secret_array)|
-        fstar!("let (ciphertext, shared_secret) =
+        fstar!(r#"let (ciphertext, shared_secret) =
             Spec.MLKEM.ind_cca_unpack_encapsulate $K ${public_key}.f_public_key_hash
             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_t_as_ntt)
             (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_A)
             $randomness in
         ${ciphertext_result}.f_value == ciphertext /\\
-        $shared_secret_array == shared_secret"))
+        $shared_secret_array == shared_secret"#))
     ]
     pub(crate) fn encapsulate<
         const K: usize,
@@ -1011,7 +1025,7 @@ pub(crate) mod unpacked {
     // Decapsulate with Unpacked Private Key
     #[inline(always)]
     #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
         $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
         $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
         $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
@@ -1022,15 +1036,15 @@ pub(crate) mod unpacked {
         $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
         $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
         $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
     #[hax_lib::ensures(|result|
-        fstar!("$result ==
+        fstar!(r#"$result ==
             Spec.MLKEM.ind_cca_unpack_decapsulate $K ${key_pair}.f_public_key.f_public_key_hash
             ${key_pair}.f_private_key.f_implicit_rejection_value
             ${ciphertext}.f_value
             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair}.f_private_key.f_ind_cpa_private_key.f_secret_as_ntt)
             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)
-            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_A)"))
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_A)"#))
     ]
     pub(crate) fn decapsulate<
         const K: usize,
@@ -1055,11 +1069,13 @@ pub(crate) mod unpacked {
         key_pair: &MlKemKeyPairUnpacked<K, Vector>,
         ciphertext: &MlKemCiphertext<CIPHERTEXT_SIZE>,
     ) -> MlKemSharedSecret {
-        hax_lib::fstar!("assert (v $IMPLICIT_REJECTION_HASH_INPUT_SIZE == 32 + v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K));
+        hax_lib::fstar!(
+            r#"assert (v $IMPLICIT_REJECTION_HASH_INPUT_SIZE == 32 + v (Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K));
         assert (v (Spec.MLKEM.v_C1_SIZE $K +! Spec.MLKEM.v_C2_SIZE $K) == v (Spec.MLKEM.v_C1_SIZE $K) + v (Spec.MLKEM.v_C2_SIZE $K));
         assert (v (Spec.MLKEM.v_C1_SIZE $K) == v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) * v $K);
         assert (v (Spec.MLKEM.v_C1_BLOCK_SIZE $K)  == 32 * v (Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K));
-        assert (v (Spec.MLKEM.v_C2_SIZE $K) == 32 * v (Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K))");
+        assert (v (Spec.MLKEM.v_C2_SIZE $K) == 32 * v (Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K))"#
+        );
         let decrypted = ind_cpa::decrypt_unpacked::<
             K,
             CIPHERTEXT_SIZE,
@@ -1070,9 +1086,11 @@ pub(crate) mod unpacked {
         >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value);
 
         let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted);
-        hax_lib::fstar!("Lib.Sequence.eq_intro #u8 #32 (Seq.slice $to_hash 0 32) $decrypted");
+        hax_lib::fstar!(r#"Lib.Sequence.eq_intro #u8 #32 (Seq.slice $to_hash 0 32) $decrypted"#);
         to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash);
-        hax_lib::fstar!("Lib.Sequence.lemma_concat2 32 $decrypted 32 ${key_pair}.f_public_key.f_public_key_hash $to_hash");
+        hax_lib::fstar!(
+            r#"Lib.Sequence.lemma_concat2 32 $decrypted 32 ${key_pair}.f_public_key.f_public_key_hash $to_hash"#
+        );
 
         let hashed = Hasher::G(&to_hash);
         let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE);
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs
index 3126b25db..b9c6f7ff6 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs
@@ -7,13 +7,13 @@ macro_rules! instantiate {
             };
 
             /// Portable generate key pair.
-            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                 $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
                 $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
                 $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
                 $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
                 $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-                $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
+                $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
             pub(crate) fn generate_keypair<
                 const K: usize,
                 const CPA_PRIVATE_KEY_SIZE: usize,
@@ -67,9 +67,9 @@ macro_rules! instantiate {
 
             /// Public key validation
             #[inline(always)]
-            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                 $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
+                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
             pub(crate) fn validate_public_key<
                 const K: usize,
                 const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -87,9 +87,9 @@ macro_rules! instantiate {
 
             /// Private key validation
             #[inline(always)]
-            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                 $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
             pub(crate) fn validate_private_key<
                 const K: usize,
                 const SECRET_KEY_SIZE: usize,
@@ -106,8 +106,8 @@ macro_rules! instantiate {
 
             /// Private key validation
             #[inline(always)]
-            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
+                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"#))]
             pub(crate) fn validate_private_key_only<
                 const K: usize,
                 const SECRET_KEY_SIZE: usize,
@@ -157,7 +157,7 @@ macro_rules! instantiate {
                 >(public_key, randomness)
             }
 
-            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                 $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
                 $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
                 $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
@@ -169,7 +169,7 @@ macro_rules! instantiate {
                 $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
                 $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
                 $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-                $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
+                $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
             pub(crate) fn encapsulate<
                 const K: usize,
                 const CIPHERTEXT_SIZE: usize,
@@ -255,7 +255,7 @@ macro_rules! instantiate {
             }
 
             /// Portable decapsulate
-            #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                 $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
                 $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
                 $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -270,7 +270,7 @@ macro_rules! instantiate {
                 $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
                 $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
                 $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-                $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+                $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
             pub fn decapsulate<
                 const K: usize,
                 const SECRET_KEY_SIZE: usize,
@@ -326,9 +326,9 @@ macro_rules! instantiate {
 
                 /// Get the unpacked public key.
                 #[hax_lib::requires(
-                    fstar!("Spec.MLKEM.is_rank $K /\\
+                    fstar!(r#"Spec.MLKEM.is_rank $K /\\
                     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#)
                 )]
                 #[inline(always)]
                 pub(crate) fn unpack_public_key<
@@ -353,12 +353,12 @@ macro_rules! instantiate {
                 /// Take a serialized private key and generate an unpacked key pair from it.
                 #[inline(always)]
                 #[hax_lib::requires(
-                    fstar!("Spec.MLKEM.is_rank $K /\\
+                    fstar!(r#"Spec.MLKEM.is_rank $K /\\
                             v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
                             v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
                             v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
                             v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
-                            v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"))]
+                            v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"#))]
                 pub(crate) fn keypair_from_private_key<
                     const K: usize,
                     const SECRET_KEY_SIZE: usize,
@@ -382,13 +382,13 @@ macro_rules! instantiate {
                 }
 
                 /// Generate a key pair
-                #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                     $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
                     $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
                     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
                     $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
                     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
+                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
                 #[inline(always)]
                 pub(crate) fn generate_keypair<
                     const K: usize,
@@ -417,7 +417,7 @@ macro_rules! instantiate {
                 }
 
                 /// Unpacked encapsulate
-                #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
                     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
                     $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
@@ -429,7 +429,7 @@ macro_rules! instantiate {
                     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
                     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
                     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-                    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
+                    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
                 #[inline(always)]
                 pub(crate) fn encapsulate<
                     const K: usize,
@@ -469,7 +469,7 @@ macro_rules! instantiate {
                 }
 
                 /// Unpacked decapsulate
-                #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
                     $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
                     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -484,7 +484,7 @@ macro_rules! instantiate {
                     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
                     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
                     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-                    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+                    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
                 #[inline(always)]
                 pub(crate) fn decapsulate<
                     const K: usize,
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
index b13ce52e4..94e59d1a6 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs
@@ -6,13 +6,13 @@ use crate::{
 #[allow(unsafe_code)]
 /// Portable generate key pair.
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
 unsafe fn generate_keypair_avx2<
     const K: usize,
     const CPA_PRIVATE_KEY_SIZE: usize,
@@ -39,13 +39,13 @@ unsafe fn generate_keypair_avx2<
 }
 
 #[allow(unsafe_code)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
 pub(crate) fn generate_keypair<
     const K: usize,
     const CPA_PRIVATE_KEY_SIZE: usize,
@@ -126,9 +126,9 @@ pub(crate) fn kyber_generate_keypair<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
 unsafe fn validate_public_key_avx2<
     const K: usize,
     const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -145,9 +145,9 @@ unsafe fn validate_public_key_avx2<
 }
 
 #[allow(unsafe_code)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
 pub(crate) fn validate_public_key<
     const K: usize,
     const RANKED_BYTES_PER_RING_ELEMENT: usize,
@@ -162,9 +162,9 @@ pub(crate) fn validate_public_key<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
 unsafe fn validate_private_key_avx2<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -182,9 +182,9 @@ unsafe fn validate_private_key_avx2<
 }
 
 #[allow(unsafe_code)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
 pub(crate) fn validate_private_key<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -200,8 +200,8 @@ pub(crate) fn validate_private_key<
 
 /// Private key validation
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"#))]
 pub(crate) fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize>(
     private_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
 ) -> bool {
@@ -294,19 +294,19 @@ pub(crate) fn kyber_encapsulate<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
 unsafe fn encapsulate_avx2<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -346,19 +346,19 @@ unsafe fn encapsulate_avx2<
 }
 
 #[allow(unsafe_code)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
 pub(crate) fn encapsulate<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -490,22 +490,22 @@ pub fn kyber_decapsulate<
 
 #[allow(unsafe_code)]
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
 unsafe fn decapsulate_avx2<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -551,22 +551,22 @@ unsafe fn decapsulate_avx2<
 }
 
 #[allow(unsafe_code)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
 pub fn decapsulate<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -623,9 +623,9 @@ pub(crate) mod unpacked {
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
     #[allow(unsafe_code)]
     #[hax_lib::requires(
-        fstar!("Spec.MLKEM.is_rank $K /\\
-        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+        fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#)
     )]
     unsafe fn unpack_public_key_avx2<
         const K: usize,
@@ -649,9 +649,9 @@ pub(crate) mod unpacked {
     /// Get the unpacked public key.
     #[allow(unsafe_code)]
     #[hax_lib::requires(
-        fstar!("Spec.MLKEM.is_rank $K /\\
-        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K")
+        fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+        $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#)
     )]
     pub(crate) fn unpack_public_key<
         const K: usize,
@@ -675,12 +675,12 @@ pub(crate) mod unpacked {
     /// Take a serialized private key and generate an unpacked key pair from it.
     #[inline(always)]
     #[hax_lib::requires(
-        fstar!("Spec.MLKEM.is_rank $K /\\
-                v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
-                v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
-                v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
-                v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
-                v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"))]
+        fstar!(r#"Spec.MLKEM.is_rank $K /\
+                v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+                v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+                v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+                v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
+                v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"#))]
     pub(crate) fn keypair_from_private_key<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -705,11 +705,11 @@ pub(crate) mod unpacked {
 
     #[allow(unsafe_code)]
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))]
     unsafe fn generate_keypair_avx2<
         const K: usize,
         const CPA_PRIVATE_KEY_SIZE: usize,
@@ -738,11 +738,11 @@ pub(crate) mod unpacked {
 
     /// Generate a key pair
     #[allow(unsafe_code)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))]
     pub(crate) fn generate_keypair<
         const K: usize,
         const CPA_PRIVATE_KEY_SIZE: usize,
@@ -770,17 +770,17 @@ pub(crate) mod unpacked {
 
     #[allow(unsafe_code)]
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
     unsafe fn encapsulate_avx2<
         const K: usize,
         const CIPHERTEXT_SIZE: usize,
@@ -820,17 +820,17 @@ pub(crate) mod unpacked {
 
     /// Unpacked encapsulate
     #[allow(unsafe_code)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
     pub(crate) fn encapsulate<
         const K: usize,
         const CIPHERTEXT_SIZE: usize,
@@ -870,18 +870,18 @@ pub(crate) mod unpacked {
 
     #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
     #[allow(unsafe_code)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
     unsafe fn decapsulate_avx2<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
@@ -927,18 +927,18 @@ pub(crate) mod unpacked {
 
     /// Unpacked decapsulate
     #[allow(unsafe_code)]
-    #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+        $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
     pub(crate) fn decapsulate<
         const K: usize,
         const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs
index 4a78a567b..d0ae1d7a9 100644
--- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs
+++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs
@@ -52,9 +52,9 @@ use instantiations::portable::{
     kyber_generate_keypair as kyber_generate_keypair_neon,
 };
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))]
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
 #[inline(always)]
 pub(crate) fn validate_public_key<
     const K: usize,
@@ -69,9 +69,9 @@ pub(crate) fn validate_public_key<
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
                 $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"))]
+                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
 pub(crate) fn validate_private_key<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
@@ -132,13 +132,13 @@ pub(crate) fn kyber_generate_keypair<
     }
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
     $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))]
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
 pub(crate) fn generate_keypair<
     const K: usize,
     const CPA_PRIVATE_KEY_SIZE: usize,
@@ -254,7 +254,7 @@ pub(crate) fn kyber_encapsulate<
     }
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
     $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
@@ -266,7 +266,7 @@ pub(crate) fn kyber_encapsulate<
     $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))]
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
 pub(crate) fn encapsulate<
     const K: usize,
     const CIPHERTEXT_SIZE: usize,
@@ -418,7 +418,7 @@ pub(crate) fn kyber_decapsulate<
     }
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
     $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
@@ -433,7 +433,7 @@ pub(crate) fn kyber_decapsulate<
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
     $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))]
+    $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
 pub(crate) fn decapsulate<
     const K: usize,
     const SECRET_KEY_SIZE: usize,
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index e05db7edf..5dc48d300 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -60,16 +60,16 @@ use unpacked::*;
 
 /// Concatenate `t` and `ρ` into the public key.
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    length $seed_for_a == sz 32 /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    length $seed_for_a == sz 32 /\
     (forall (i:nat). i < v $K ==>
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))]
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"#))]
 #[hax_lib::ensures(|res|
-    fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K
+    fstar!(r#"$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K
                             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt))
-                        $seed_for_a)")
+                        $seed_for_a)"#)
 )]
 pub(crate) fn serialize_public_key<
     const K: usize,
@@ -91,17 +91,17 @@ pub(crate) fn serialize_public_key<
 
 /// Concatenate `t` and `ρ` into the public key.
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    length $seed_for_a == sz 32 /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    length $seed_for_a == sz 32 /\
     (forall (i:nat). i < v $K ==>
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))]
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"#))]
 #[hax_lib::ensures(|res|
-    fstar!("${serialized}_future == 
+    fstar!(r#"${serialized}_future == 
                         Seq.append (Spec.MLKEM.vector_encode_12 #$K
                             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt))
-                        $seed_for_a)")
+                        $seed_for_a)"#)
 )]
 pub(crate) fn serialize_public_key_mut<
     const K: usize,
@@ -129,47 +129,49 @@ pub(crate) fn serialize_public_key_mut<
 /// Call [`serialize_uncompressed_ring_element`] for each ring element.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 1000 --ext context_pruning --z3refresh")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
     (forall (i:nat). i < v $K ==>
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key i))"))]
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key i))"#))]
 #[hax_lib::ensures(|res|
-    fstar!("$res == Spec.MLKEM.vector_encode_12 #$K
-                    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)")
+    fstar!(r#"$res == Spec.MLKEM.vector_encode_12 #$K
+                    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)"#)
 )]
 pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector: Operations>(
     key: &[PolynomialRingElement<Vector>; K],
 ) -> [u8; OUT_LEN] {
-    hax_lib::fstar!("assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial)");
+    hax_lib::fstar!(r#"assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial)"#);
     let mut out = [0u8; OUT_LEN];
 
     cloop! {
         for (i, re) in key.into_iter().enumerate() {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < v $K ==>
-                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))) /\\
+            hax_lib::loop_invariant!(|i: usize| { fstar!(r#"(v $i < v $K ==>
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))) /\
                 (forall (j: nat). j < v $i ==>
-                (j + 1) * v $BYTES_PER_RING_ELEMENT <= Seq.length $out /\\
+                (j + 1) * v $BYTES_PER_RING_ELEMENT <= Seq.length $out /\
                 (Seq.slice $out (j * v $BYTES_PER_RING_ELEMENT) ((j + 1) * v $BYTES_PER_RING_ELEMENT) ==
-                    Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j))))") });
+                    Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j))))"#) });
             out[i * BYTES_PER_RING_ELEMENT..(i + 1) * BYTES_PER_RING_ELEMENT]
             .copy_from_slice(&serialize_uncompressed_ring_element(&re));
-            hax_lib::fstar!("let lemma_aux (j: nat{ j < v $i }) : Lemma
+            hax_lib::fstar!(r#"let lemma_aux (j: nat{ j < v $i }) : Lemma
                 (Seq.slice out (j * v $BYTES_PER_RING_ELEMENT) ((j + 1) * v $BYTES_PER_RING_ELEMENT) ==
                     Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j))) =
                 Lib.Sequence.eq_intro #u8 #(v $BYTES_PER_RING_ELEMENT)
                 (Seq.slice out (j * v $BYTES_PER_RING_ELEMENT) ((j + 1) * v $BYTES_PER_RING_ELEMENT))
                 (Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $key j)))
             in
-            Classical.forall_intro lemma_aux");
+            Classical.forall_intro lemma_aux"#);
         }
     }
 
-    hax_lib::fstar!("assert (Spec.MLKEM.coerce_vector_12 (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key) ==
+    hax_lib::fstar!(
+        r#"assert (Spec.MLKEM.coerce_vector_12 (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key) ==
         Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key);
     reveal_opaque (`%Spec.MLKEM.vector_encode_12) (Spec.MLKEM.vector_encode_12 #$K);
     Lib.Sequence.eq_intro #u8 #(v $OUT_LEN) $out
         (Spec.MLKEM.vector_encode_12 #$K
-            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key))");
+            (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key))"#
+    );
     out
 }
 
@@ -181,7 +183,7 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
 #[cfg_attr(
     hax,
     hax_lib::fstar::before(
-        "let sample_ring_element_cbd_helper_2
+        r#"let sample_ring_element_cbd_helper_2
       (v_K v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -190,9 +192,9 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
       (error_1: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
       (prf_input: t_Array u8 (sz 33))
       (domain_separator: u8) : Lemma
-        (requires Spec.MLKEM.is_rank v_K /\\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\\
-          v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\\
-          v domain_separator < 2 * v v_K /\\ 
+        (requires Spec.MLKEM.is_rank v_K /\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
+          v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
+          v domain_separator < 2 * v v_K /\ 
           (let prf_outputs = Spec.MLKEM.v_PRFxN v_K v_ETA2_RANDOMNESS_SIZE
             (createi v_K (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
               (Seq.slice prf_input 0 32) (sz (v domain_separator)))) in 
@@ -205,20 +207,20 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
     =
     Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
     (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector error_1) 
-    (Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))"
+    (Spec.MLKEM.sample_vector_cbd2 #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator)))"#
     )
 )]
 #[cfg_attr(
     hax,
     hax_lib::fstar::before(
-        "let sample_ring_element_cbd_helper_1
+        r#"let sample_ring_element_cbd_helper_1
       (v_K: usize)
       (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
       (prf_input: t_Array u8 (sz 33))
       (domain_separator: u8) : Lemma 
-        (requires Spec.MLKEM.is_rank v_K /\\ v domain_separator < 2 * v v_K /\\
+        (requires Spec.MLKEM.is_rank v_K /\ v domain_separator < 2 * v v_K /\
           (forall (i: nat). i < v v_K ==>
-            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\\
+            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\
             Seq.slice (Seq.index prf_inputs i) 0 32 == Seq.slice prf_input 0 32))
         (ensures prf_inputs == createi v_K
           (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
@@ -234,18 +236,18 @@ pub(crate) fn serialize_secret_key<const K: usize, const OUT_LEN: usize, Vector:
     Classical.forall_intro lemma_aux;
     Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
       (createi v_K (Spec.MLKEM.sample_vector_cbd2_prf_input #v_K
-        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"#
     )
 )]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    v $domain_separator < 2 * v $K /\\
-    range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    v $domain_separator < 2 * v $K /\
+    range (v $domain_separator + v $K) u8_inttype"#))]
 #[hax_lib::ensures(|(err1,ds)|
-    fstar!("v $ds == v $domain_separator + v $K /\\
+    fstar!(r#"v $ds == v $domain_separator + v $K /\
                 Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $err1 ==
-                Spec.MLKEM.sample_vector_cbd2 #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))")
+                Spec.MLKEM.sample_vector_cbd2 #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))"#)
 )]
 fn sample_ring_element_cbd<
     const K: usize,
@@ -289,7 +291,7 @@ fn sample_ring_element_cbd<
 #[hax_lib::fstar::options(
     "--max_fuel 25 --z3rlimit 2500 --ext context_pruning --z3refresh --split_queries always"
 )]
-#[cfg_attr(hax, hax_lib::fstar::before("let sample_vector_cbd_then_ntt_helper_2
+#[cfg_attr(hax, hax_lib::fstar::before(r#"let sample_vector_cbd_then_ntt_helper_2
       (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -298,9 +300,9 @@ fn sample_ring_element_cbd<
       (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
       (prf_input: t_Array u8 (sz 33))
       (domain_separator: u8) : Lemma
-        (requires Spec.MLKEM.is_rank v_K /\\ v_ETA == Spec.MLKEM.v_ETA1 v_K /\\
-          v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\\
-          v domain_separator < 2 * v v_K /\\ 
+        (requires Spec.MLKEM.is_rank v_K /\ v_ETA == Spec.MLKEM.v_ETA1 v_K /\
+          v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
+          v domain_separator < 2 * v v_K /\ 
           (let prf_outputs = Spec.MLKEM.v_PRFxN v_K v_ETA_RANDOMNESS_SIZE
             (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
               (Seq.slice prf_input 0 32) (sz (v domain_separator)))) in 
@@ -315,18 +317,18 @@ fn sample_ring_element_cbd<
     Lib.Sequence.eq_intro #(Spec.MLKEM.polynomial) #(v v_K)
       (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt)
       (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K
-        (Seq.slice prf_input 0 32) (sz (v domain_separator)))"))]
+        (Seq.slice prf_input 0 32) (sz (v domain_separator)))"#))]
 #[cfg_attr(
     hax,
     hax_lib::fstar::before(
-        "let sample_vector_cbd_then_ntt_helper_1
+        r#"let sample_vector_cbd_then_ntt_helper_1
       (v_K: usize)
       (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K)
       (prf_input: t_Array u8 (sz 33))
       (domain_separator: u8) : Lemma 
-        (requires Spec.MLKEM.is_rank v_K /\\ v domain_separator < 2 * v v_K /\\
+        (requires Spec.MLKEM.is_rank v_K /\ v domain_separator < 2 * v v_K /\
           (forall (i: nat). i < v v_K ==>
-            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\\
+            v (Seq.index (Seq.index prf_inputs i) 32) == v domain_separator + i /\
             Seq.slice (Seq.index prf_inputs i) 0 32 == Seq.slice prf_input 0 32))
         (ensures prf_inputs == createi v_K
           (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
@@ -342,20 +344,20 @@ fn sample_ring_element_cbd<
     Classical.forall_intro lemma_aux;
     Lib.Sequence.eq_intro #(t_Array u8 (sz 33)) #(v v_K) prf_inputs
       (createi v_K (Spec.MLKEM.sample_vector_cbd1_prf_input #v_K
-        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"
+        (Seq.slice prf_input 0 32) (sz (v domain_separator))))"#
     )
 )]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA == Spec.MLKEM.v_ETA1 $K /\\
-    v $domain_separator < 2 * v $K /\\
-    range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA == Spec.MLKEM.v_ETA1 $K /\
+    v $domain_separator < 2 * v $K /\
+    range (v $domain_separator + v $K) u8_inttype"#))]
 #[hax_lib::ensures(|ds|
-    fstar!("v $ds == v $domain_separator + v $K /\\
+    fstar!(r#"v $ds == v $domain_separator + v $K /\
             Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${re_as_ntt}_future ==
-            Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator)) /\\
+            Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator)) /\
             (forall (i: nat). i < v $K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector (Seq.index ${re_as_ntt}_future i))")
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector (Seq.index ${re_as_ntt}_future i))"#)
 )]
 fn sample_vector_cbd_then_ntt<
     const K: usize,
@@ -380,7 +382,7 @@ fn sample_vector_cbd_then_ntt<
             fstar!(
                 "forall (j:nat). j < v $i ==>
             Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector re_as_ntt.[ sz j ] ==
-              Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ]) /\\
+              Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ]) /\
             Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector re_as_ntt.[ sz j ]"
             )
         });
@@ -395,15 +397,15 @@ fn sample_vector_cbd_then_ntt<
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA == Spec.MLKEM.v_ETA1 $K /\\
-    v $domain_separator < 2 * v $K /\\
-    range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA == Spec.MLKEM.v_ETA1 $K /\
+    v $domain_separator < 2 * v $K /\
+    range (v $domain_separator + v $K) u8_inttype"#))]
 #[hax_lib::ensures(|(re,ds)|
-    fstar!("v $ds == v $domain_separator + v $K /\\
+    fstar!(r#"v $ds == v $domain_separator + v $K /\
                 Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${re} ==
-                Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))")
+                Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))"#)
 )]
 fn sample_vector_cbd_then_ntt_out<
     const K: usize,
@@ -464,20 +466,20 @@ fn sample_vector_cbd_then_ntt_out<
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[allow(non_snake_case)]
 #[hax_lib::fstar::options("--z3rlimit 500 --ext context_pruning --z3refresh")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))]
-#[hax_lib::ensures(|_| fstar!("let ((((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in 
-    (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}_future.f_t_as_ntt == t_as_ntt) /\\
-        (${public_key}_future.f_seed_for_A == seed_for_A) /\\
-        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}_future.f_A == matrix_A_as_ntt) /\\
-        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key}_future.f_secret_as_ntt == secret_as_ntt)) /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"#))]
+#[hax_lib::ensures(|_| fstar!(r#"let ((((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in 
+    (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}_future.f_t_as_ntt == t_as_ntt) /\
+        (${public_key}_future.f_seed_for_A == seed_for_A) /\
+        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}_future.f_A == matrix_A_as_ntt) /\
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key}_future.f_secret_as_ntt == secret_as_ntt)) /\
     (forall (i:nat). i < v $K ==>
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\\
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\
     (forall (i:nat). i < v $K ==>
         Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key}_future.f_t_as_ntt i))
-"))]
+"#))]
 #[inline(always)]
 pub(crate) fn generate_keypair_unpacked<
     const K: usize,
@@ -501,8 +503,10 @@ pub(crate) fn generate_keypair_unpacked<
     );
     sample_matrix_A::<K, Vector, Hasher>(&mut public_key.A, into_padded_array(seed_for_A), true);
 
-    hax_lib::fstar!("let (matrix_A_as_ntt, valid) = Spec.MLKEM.sample_matrix_A_ntt #$K $seed_for_A in
-        assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A)");
+    hax_lib::fstar!(
+        r#"let (matrix_A_as_ntt, valid) = Spec.MLKEM.sample_matrix_A_ntt #$K $seed_for_A in
+        assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A)"#
+    );
     let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error);
     hax_lib::fstar!(
         "Lib.Sequence.eq_intro #u8 #32 $seed_for_secret_and_error (Seq.slice $prf_input 0 32)"
@@ -529,18 +533,20 @@ pub(crate) fn generate_keypair_unpacked<
 
     public_key.seed_for_A = seed_for_A.try_into().unwrap();
 
-    hax_lib::fstar!("let (((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid =
+    hax_lib::fstar!(
+        r#"let (((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid =
         Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in
         assert (valid ==>
             ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector public_key.f_t_as_ntt) ==
-              t_as_ntt) /\\ (public_key.f_seed_for_A == seed_for_A) /\\
-            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector public_key.f_A == matrix_A_as_ntt) /\\
+              t_as_ntt) /\ (public_key.f_seed_for_A == seed_for_A) /\
+            (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector public_key.f_A == matrix_A_as_ntt) /\
             ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector private_key.f_secret_as_ntt) ==
               secret_as_ntt));
         assert ((forall (i: nat). i < v $K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key.f_secret_as_ntt i)) /\\
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key.f_secret_as_ntt i)) /\
           (forall (i: nat). i < v $K ==>
-              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key.f_t_as_ntt i)))");
+              Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key.f_t_as_ntt i)))"#
+    );
 
     // For encapsulation, we need to store A not Aˆ, and so we untranspose A
     // However, we pass A_transpose here and let the IND-CCA layer do the untranspose.
@@ -548,15 +554,15 @@ pub(crate) fn generate_keypair_unpacked<
 }
 
 #[allow(non_snake_case)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))]
-#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed in 
-                                    valid ==> $result == expected"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"#))]
+#[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed in 
+                                    valid ==> $result == expected"#))]
 #[inline(always)]
 pub(crate) fn generate_keypair<
     const K: usize,
@@ -616,16 +622,16 @@ pub(crate) fn serialize_unpacked_secret_key<
 
 /// Call [`compress_then_serialize_ring_element_u`] on each ring element.
 #[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning --z3refresh")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\
-    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-    $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    ${out.len()} == $OUT_LEN /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\
+    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+    $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    ${out.len()} == $OUT_LEN /\
     (forall (i:nat). i < v $K ==>
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input i))"))]
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input i))"#))]
 #[hax_lib::ensures(|_|
-    fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K
-               (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)")
+    fstar!(r#"$out_future == Spec.MLKEM.compress_then_encode_u #$K
+               (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)"#)
 )]
 #[inline(always)]
 fn compress_then_serialize_u<
@@ -647,22 +653,22 @@ fn compress_then_serialize_u<
     // for the following bug https://github.com/hacspec/hax/issues/720
     cloop! {
         for (i, re) in input.into_iter().enumerate() {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < v $K ==> Seq.length out == v $OUT_LEN /\\
-                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input (v $i))) /\\
+            hax_lib::loop_invariant!(|i: usize| { fstar!(r#"(v $i < v $K ==> Seq.length out == v $OUT_LEN /\
+                Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input (v $i))) /\
             (forall (j: nat). j < v $i ==>
-                Seq.length out == v $OUT_LEN /\\
-                (j + 1) * (v $OUT_LEN / v $K) <= Seq.length out /\\
+                Seq.length out == v $OUT_LEN /\
+                (j + 1) * (v $OUT_LEN / v $K) <= Seq.length out /\
                 (Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)) == 
                     Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
-                        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j))))") });
-            hax_lib::fstar!("assert (forall (j: nat). j < v $i ==>
+                        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j))))"#) });
+            hax_lib::fstar!(r#"assert (forall (j: nat). j < v $i ==>
                 ((Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)) == 
                 Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
-                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j)))))");
+                    (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j)))))"#);
             out[i * (OUT_LEN / K)..(i + 1) * (OUT_LEN / K)].copy_from_slice(
                 &compress_then_serialize_ring_element_u::<COMPRESSION_FACTOR, BLOCK_LEN, Vector>(&re),
             );
-            hax_lib::fstar!("let lemma_aux (j: nat{ j < v $i }) : Lemma
+            hax_lib::fstar!(r#"let lemma_aux (j: nat{ j < v $i }) : Lemma
                 (Seq.slice out (j * (v $OUT_LEN / v $K)) (((j + 1)) * (v $OUT_LEN / v $K)) ==
                 Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
                     (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector (Seq.index $input j))) =
@@ -671,7 +677,7 @@ fn compress_then_serialize_u<
                 (Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
                     (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $input j)))
             in
-            Classical.forall_intro lemma_aux");
+            Classical.forall_intro lemma_aux"#);
         }
     };
     hax_lib::fstar!(
@@ -723,22 +729,22 @@ fn compress_then_serialize_u<
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[allow(non_snake_case)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-      $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-      $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-      $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-      $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-      $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\
-      $C2_LEN == Spec.MLKEM.v_C2_SIZE $K /\\
-      $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-      $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-      $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-      $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-      length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+      $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+      $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+      $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+      $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+      $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\
+      $C2_LEN == Spec.MLKEM.v_C2_SIZE $K /\
+      $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+      $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+      $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+      $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+      length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"#))]
 #[hax_lib::ensures(|result|
-    fstar!("$result == Spec.MLKEM.ind_cpa_encrypt_unpacked $K $message $randomness
+    fstar!(r#"$result == Spec.MLKEM.ind_cpa_encrypt_unpacked $K $message $randomness
         (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_t_as_ntt)
-        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_A)")
+        (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_A)"#)
 )]
 #[inline(always)]
 pub(crate) fn encrypt_unpacked<
@@ -836,23 +842,23 @@ pub(crate) fn encrypt_unpacked<
 
 #[allow(non_snake_case)]
 #[hax_lib::fstar::options("--z3rlimit 500 --ext context_pruning")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $ETA1 = Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 = Spec.MLKEM.v_ETA2 $K /\\
-    $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA2_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-    $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $ETA1 = Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 = Spec.MLKEM.v_ETA2 $K /\
+    $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA2_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+    $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"#))]
 #[hax_lib::ensures(|result|
-    fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness in
-            valid ==> $result == expected")
+    fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness in
+            valid ==> $result == expected"#)
 )]
 #[inline(always)]
 pub(crate) fn encrypt<
@@ -875,7 +881,7 @@ pub(crate) fn encrypt<
     message: [u8; SHARED_SECRET_SIZE],
     randomness: &[u8],
 ) -> [u8; CIPHERTEXT_SIZE] {
-    hax_lib::fstar!("reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt");
+    hax_lib::fstar!(r#"reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt"#);
     let unpacked_public_key =
         build_unpacked_public_key::<K, T_AS_NTT_ENCODED_SIZE, Vector, Hasher>(public_key);
 
@@ -899,15 +905,15 @@ pub(crate) fn encrypt<
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
-#[hax_lib::ensures(|result| fstar!("
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))]
+#[hax_lib::ensures(|result| fstar!(r#"
     let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in
     let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in 
     let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
-    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${result}.f_t_as_ntt == t_as_ntt /\\
-     valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result}.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"))]
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${result}.f_t_as_ntt == t_as_ntt /\
+     valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result}.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"#))]
 fn build_unpacked_public_key<
     const K: usize,
     const T_AS_NTT_ENCODED_SIZE: usize,
@@ -925,15 +931,15 @@ fn build_unpacked_public_key<
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"))]
-#[hax_lib::ensures(|_| fstar!("
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))]
+#[hax_lib::ensures(|_| fstar!(r#"
     let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in
     let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in 
     let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in
-    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_t_as_ntt == t_as_ntt /\\
-    valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"))]
+    (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_t_as_ntt == t_as_ntt /\
+    valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"#))]
 pub(crate) fn build_unpacked_public_key_mut<
     const K: usize,
     const T_AS_NTT_ENCODED_SIZE: usize,
@@ -971,12 +977,12 @@ pub(crate) fn build_unpacked_public_key_mut<
 /// in the `ciphertext`.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res ==
-        Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res ==
+        Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))"#)
 )]
 fn deserialize_then_decompress_u<
     const K: usize,
@@ -996,12 +1002,12 @@ fn deserialize_then_decompress_u<
             .chunks_exact((COEFFICIENTS_IN_RING_ELEMENT * U_COMPRESSION_FACTOR) / 8)
             .enumerate()
         {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j: nat). j < v $i ==>
-              j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) <= v $CIPHERTEXT_SIZE /\\
+            hax_lib::loop_invariant!(|i: usize| { fstar!(r#"forall (j: nat). j < v $i ==>
+              j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) <= v $CIPHERTEXT_SIZE /\
               Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $u_as_ntt j) ==
                 Spec.MLKEM.poly_ntt (Spec.MLKEM.byte_decode_then_decompress (v $U_COMPRESSION_FACTOR)
                   (Seq.slice $ciphertext (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))
-                    (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))))") });
+                    (j * v (Spec.MLKEM.v_C1_BLOCK_SIZE $K) + v (Spec.MLKEM.v_C1_BLOCK_SIZE $K))))"#) });
             u_as_ntt[i]  = deserialize_then_decompress_ring_element_u::<U_COMPRESSION_FACTOR, Vector>(u_bytes);
             ntt_vector_u::<U_COMPRESSION_FACTOR, Vector>(&mut u_as_ntt[i]);
         }
@@ -1018,27 +1024,27 @@ fn deserialize_then_decompress_u<
 /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 800 --ext context_pruning")]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    v (${secret_key.len()}) / v $BYTES_PER_RING_ELEMENT <= v $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    v (${secret_key.len()}) / v $BYTES_PER_RING_ELEMENT <= v $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res ==
-         Spec.MLKEM.vector_decode_12 #$K $secret_key")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res ==
+         Spec.MLKEM.vector_decode_12 #$K $secret_key"#)
 )]
 pub(crate) fn deserialize_secret_key<const K: usize, Vector: Operations>(
     secret_key: &[u8],
 ) -> [PolynomialRingElement<Vector>; K] {
-    hax_lib::fstar!("assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial)");
+    hax_lib::fstar!(r#"assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial)"#);
     let mut secret_as_ntt = from_fn(|_| PolynomialRingElement::<Vector>::ZERO());
     cloop! {
         for (i, secret_bytes) in secret_key.chunks_exact(BYTES_PER_RING_ELEMENT).enumerate() {
-            hax_lib::loop_invariant!(|i: usize| { fstar!("forall (j: nat). j < v $i ==>
+            hax_lib::loop_invariant!(|i: usize| { fstar!(r#"forall (j: nat). j < v $i ==>
                 j * v $BYTES_PER_RING_ELEMENT + v $BYTES_PER_RING_ELEMENT <=
-                    v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K) /\\
+                    v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K) /\
                 Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector (Seq.index $secret_as_ntt j) ==
                     Spec.MLKEM.byte_decode 12 (Seq.slice $secret_key
                         (j * v $BYTES_PER_RING_ELEMENT)
-                        (j * v $BYTES_PER_RING_ELEMENT + v $BYTES_PER_RING_ELEMENT))") });
+                        (j * v $BYTES_PER_RING_ELEMENT + v $BYTES_PER_RING_ELEMENT))"#) });
             secret_as_ntt[i] = deserialize_to_uncompressed_ring_element(secret_bytes);
         }
     }
@@ -1073,14 +1079,14 @@ pub(crate) fn deserialize_secret_key<const K: usize, Vector: Operations>(
 /// The NIST FIPS 203 standard can be found at
 /// <https://csrc.nist.gov/pubs/fips/203/ipd>.
 #[allow(non_snake_case)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-    $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-    $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+    $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+    $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K"#))]
 #[hax_lib::ensures(|result|
-    fstar!("$result == Spec.MLKEM.ind_cpa_decrypt_unpacked $K $ciphertext
-        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${secret_key}.f_secret_as_ntt)")
+    fstar!(r#"$result == Spec.MLKEM.ind_cpa_decrypt_unpacked $K $ciphertext
+        (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${secret_key}.f_secret_as_ntt)"#)
 )]
 #[inline(always)]
 pub(crate) fn decrypt_unpacked<
@@ -1110,14 +1116,14 @@ pub(crate) fn decrypt_unpacked<
 }
 
 #[allow(non_snake_case)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
-    length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ 
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-    $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\ 
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+    $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K"#))]
 #[hax_lib::ensures(|result|
-    fstar!("$result == Spec.MLKEM.ind_cpa_decrypt $K $secret_key $ciphertext")
+    fstar!(r#"$result == Spec.MLKEM.ind_cpa_decrypt $K $secret_key $ciphertext"#)
 )]
 #[inline(always)]
 pub(crate) fn decrypt<
@@ -1131,7 +1137,7 @@ pub(crate) fn decrypt<
     secret_key: &[u8],
     ciphertext: &[u8; CIPHERTEXT_SIZE],
 ) -> [u8; SHARED_SECRET_SIZE] {
-    hax_lib::fstar!("reveal_opaque (`%Spec.MLKEM.ind_cpa_decrypt) Spec.MLKEM.ind_cpa_decrypt");
+    hax_lib::fstar!(r#"reveal_opaque (`%Spec.MLKEM.ind_cpa_decrypt) Spec.MLKEM.ind_cpa_decrypt"#);
     // sˆ := Decode_12(sk)
     let secret_as_ntt = deserialize_secret_key::<K, Vector>(secret_key);
     let secret_key_unpacked = IndCpaPrivateKeyUnpacked { secret_as_ntt };
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 87bc90fed..81d9db04f 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -24,35 +24,37 @@ use crate::{
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328)
             (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
 )]
-#[hax_lib::requires(fstar!("v ${*zeta_i} == 128 /\\
-    invert_ntt_re_range_1 $re"))]
-#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
-    v ${*zeta_i}_future == 64"))]
+#[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 128 /\
+    invert_ntt_re_range_1 $re"#))]
+#[hax_lib::ensures(|result| fstar!(r#"invert_ntt_re_range_2 ${re}_future /\
+    v ${*zeta_i}_future == 64"#))]
 pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     _layer: usize,
 ) {
-    hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #$:Vector)");
-    hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #$:Vector)"#);
+    hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
         hax_lib::loop_invariant!(|round: usize| {
             fstar!(
-                "v zeta_i == v $_zeta_i_init - v $round * 4 /\\
-          (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+                r#"v zeta_i == v $_zeta_i_init - v $round * 4 /\
+          (v round < 16 ==> (forall (i:nat). (i >= v round /\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (4 * 3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"#
             )
         });
         *zeta_i -= 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (4*3328) 
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         re.coefficients[round] = Vector::inv_ntt_layer_1_step(
             re.coefficients[round],
             zeta(*zeta_i),
@@ -61,9 +63,11 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
             zeta(*zeta_i - 3),
         );
         *zeta_i -= 3;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         hax_lib::fstar!(
             "assert (Spec.Utils.is_i16b_array_opaque 3328
             (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
@@ -73,41 +77,45 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
 }
 
 #[inline(always)]
-#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
-#[hax_lib::requires(fstar!("v ${*zeta_i} == 64 /\\
-    invert_ntt_re_range_2 $re "))]
-#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
-    v ${*zeta_i}_future == 32"))]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning"#)]
+#[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 64 /\
+    invert_ntt_re_range_2 $re "#))]
+#[hax_lib::ensures(|result| fstar!(r#"invert_ntt_re_range_2 ${re}_future /\
+    v ${*zeta_i}_future == 32"#))]
 pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     _layer: usize,
 ) {
-    hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
         hax_lib::loop_invariant!(|round: usize| {
             fstar!(
-                "v zeta_i == v $_zeta_i_init - v $round * 2 /\\
-          (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+                r#"v zeta_i == v $_zeta_i_init - v $round * 2 /\
+          (v round < 16 ==> (forall (i:nat). (i >= v round /\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"#
             )
         });
         *zeta_i -= 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         re.coefficients[round] =
             Vector::inv_ntt_layer_2_step(re.coefficients[round], zeta(*zeta_i), zeta(*zeta_i - 1));
         *zeta_i -= 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         hax_lib::fstar!(
             "assert (Spec.Utils.is_i16b_array_opaque 3328
             (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
@@ -118,34 +126,36 @@ pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
-#[hax_lib::requires(fstar!("v ${*zeta_i} == 32 /\\
-    invert_ntt_re_range_2 $re"))]
-#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
-    v ${*zeta_i}_future == 16"))]
+#[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 32 /\
+    invert_ntt_re_range_2 $re"#))]
+#[hax_lib::ensures(|result| fstar!(r#"invert_ntt_re_range_2 ${re}_future /\
+    v ${*zeta_i}_future == 16"#))]
 pub(crate) fn invert_ntt_at_layer_3<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     _layer: usize,
 ) {
-    hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
         hax_lib::loop_invariant!(|round: usize| {
             fstar!(
-                "v zeta_i == v $_zeta_i_init - v $round /\\
-          (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+                r#"v zeta_i == v $_zeta_i_init - v $round /\
+          (v round < 16 ==> (forall (i:nat). (i >= v round /\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"#
             )
         });
         *zeta_i -= 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque 3328 
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         re.coefficients[round] =
             Vector::inv_ntt_layer_3_step(re.coefficients[round], zeta(*zeta_i));
         hax_lib::fstar!(
@@ -162,17 +172,17 @@ pub(crate) fn invert_ntt_at_layer_3<Vector: Operations>(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 $zeta_r /\
     (forall i. i < 16 ==>
         Spec.Utils.is_intb (pow2 15 - 1)
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i) -
-        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i))) /\\
+        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i))) /\
     (forall i. i < 16 ==>
         Spec.Utils.is_intb (pow2 15 - 1)
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) +
-        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i))) /\\
+        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i))) /\
     Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array
-        (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"))]
+        (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"#))]
 pub(crate) fn inv_ntt_layer_int_vec_step_reduce<Vector: Operations>(
     mut a: Vector,
     mut b: Vector,
@@ -186,7 +196,7 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7"))]
+#[hax_lib::requires(fstar!(r#"v $layer >= 4 /\ v $layer <= 7"#))]
 pub(crate) fn invert_ntt_at_layer_4_plus<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
@@ -217,7 +227,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus<Vector: Operations>(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("invert_ntt_re_range_1 $re"))]
+#[hax_lib::requires(fstar!(r#"invert_ntt_re_range_1 $re"#))]
 pub(crate) fn invert_ntt_montgomery<const K: usize, Vector: Operations>(
     re: &mut PolynomialRingElement<Vector>,
 ) {
diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs
index 29a90874c..3f008cd32 100644
--- a/libcrux-ml-kem/src/matrix.rs
+++ b/libcrux-ml-kem/src/matrix.rs
@@ -6,12 +6,12 @@ use crate::{
 #[inline(always)]
 #[allow(non_snake_case)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("let (matrix_A, valid) = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in
+    fstar!(r#"let (matrix_A, valid) = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in
         valid ==> (
         if $transpose then Libcrux_ml_kem.Polynomial.to_spec_matrix_t ${A_transpose}_future == matrix_A
-        else Libcrux_ml_kem.Polynomial.to_spec_matrix_t ${A_transpose}_future == Spec.MLKEM.matrix_transpose matrix_A)")
+        else Libcrux_ml_kem.Polynomial.to_spec_matrix_t ${A_transpose}_future == Spec.MLKEM.matrix_transpose matrix_A)"#)
 )]
 pub(crate) fn sample_matrix_A<const K: usize, Vector: Operations, Hasher: Hash<K>>(
     A_transpose: &mut [[PolynomialRingElement<Vector>; K]; K],
@@ -46,15 +46,15 @@ pub(crate) fn sample_matrix_A<const K: usize, Vector: Operations, Hasher: Hash<K
 /// Compute v − InverseNTT(sᵀ ◦ NTT(u))
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("let open Libcrux_ml_kem.Polynomial in
+    fstar!(r#"let open Libcrux_ml_kem.Polynomial in
         let secret_spec = to_spec_vector_t $secret_as_ntt in
         let u_spec = to_spec_vector_t $u_as_ntt in
         let v_spec = to_spec_poly_t $v in
         to_spec_poly_t $res ==
             Spec.MLKEM.(poly_sub v_spec (poly_inv_ntt (vector_dot_product_ntt #$K secret_spec u_spec))) /\\
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res")
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res"#)
 )]
 pub(crate) fn compute_message<const K: usize, Vector: Operations>(
     v: &PolynomialRingElement<Vector>,
@@ -77,16 +77,16 @@ pub(crate) fn compute_message<const K: usize, Vector: Operations>(
 /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("let open Libcrux_ml_kem.Polynomial in
+    fstar!(r#"let open Libcrux_ml_kem.Polynomial in
         let tt_spec = to_spec_vector_t $t_as_ntt in
         let r_spec = to_spec_vector_t $r_as_ntt in
         let e2_spec = to_spec_poly_t $error_2 in
         let m_spec = to_spec_poly_t $message in
         let res_spec = to_spec_poly_t $res in
         res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec) /\\
-        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res")
+        Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res"#)
 )]
 pub(crate) fn compute_ring_element_v<const K: usize, Vector: Operations>(
     t_as_ntt: &[PolynomialRingElement<Vector>; K],
@@ -110,16 +110,16 @@ pub(crate) fn compute_ring_element_v<const K: usize, Vector: Operations>(
 /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("let open Libcrux_ml_kem.Polynomial in
+    fstar!(r#"let open Libcrux_ml_kem.Polynomial in
         let a_spec = to_spec_matrix_t $a_as_ntt in
         let r_spec = to_spec_vector_t $r_as_ntt in
         let e_spec = to_spec_vector_t $error_1 in
         let res_spec = to_spec_vector_t $res in
         res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\\
         (forall (i:nat). i < v $K ==>
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $res i))")
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $res i))"#)
 )]
 pub(crate) fn compute_vector_u<const K: usize, Vector: Operations>(
     a_as_ntt: &[[PolynomialRingElement<Vector>; K]; K],
@@ -149,16 +149,16 @@ pub(crate) fn compute_vector_u<const K: usize, Vector: Operations>(
 #[inline(always)]
 #[allow(non_snake_case)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K"#))]
 #[hax_lib::ensures(|res|
-    fstar!("let open Libcrux_ml_kem.Polynomial in
+    fstar!(r#"let open Libcrux_ml_kem.Polynomial in
         to_spec_vector_t ${t_as_ntt}_future =
              Spec.MLKEM.compute_As_plus_e_ntt
                (to_spec_matrix_t $matrix_A) 
                (to_spec_vector_t $s_as_ntt) 
                (to_spec_vector_t $error_as_ntt) /\\
         (forall (i: nat). i < v $K ==>
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${t_as_ntt}_future i))")
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${t_as_ntt}_future i))"#)
 )]
 pub(crate) fn compute_As_plus_e<const K: usize, Vector: Operations>(
     t_as_ntt: &mut [PolynomialRingElement<Vector>; K],
diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs
index 175ee8d2e..7e90491ea 100644
--- a/libcrux-ml-kem/src/mlkem1024.rs
+++ b/libcrux-ml-kem/src/mlkem1024.rs
@@ -263,9 +263,9 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 4 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 4 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn serialized_public_key(
                     public_key: &MlKem1024PublicKeyUnpacked,
                     serialized: &mut MlKem1024PublicKey,
@@ -287,17 +287,17 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 4 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 4 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem1024KeyPairUnpacked, serialized: &mut MlKem1024PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024>(serialized);
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 4 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 4 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn key_pair_serialized_public_key(key_pair: &MlKem1024KeyPairUnpacked) ->MlKem1024PublicKey {
                     key_pair.serialized_public_key::<RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024>()
                 }
@@ -467,8 +467,8 @@ pub fn validate_private_key(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem1024_generate_keypair $randomness in
-        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)")
+    fstar!(r#"let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem1024_generate_keypair $randomness in
+        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)"#)
 )]
 pub fn generate_key_pair(
     randomness: [u8; KEY_GENERATION_SEED_SIZE],
@@ -492,9 +492,9 @@ pub fn generate_key_pair(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem1024_encapsulate ${public_key}.f_value $randomness in
+    fstar!(r#"let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem1024_encapsulate ${public_key}.f_value $randomness in
         let (res_ciphertext, res_shared_secret) = $res in
-        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)")
+        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)"#)
 )]
 pub fn encapsulate(
     public_key: &MlKem1024PublicKey,
@@ -524,8 +524,8 @@ pub fn encapsulate(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem1024_decapsulate ${private_key}.f_value ${ciphertext}.f_value in
-        valid ==> $res == shared_secret")
+    fstar!(r#"let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem1024_decapsulate ${private_key}.f_value ${ciphertext}.f_value in
+        valid ==> $res == shared_secret"#)
 )]
 pub fn decapsulate(
     private_key: &MlKem1024PrivateKey,
diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs
index b9b33596d..6b5498d51 100644
--- a/libcrux-ml-kem/src/mlkem512.rs
+++ b/libcrux-ml-kem/src/mlkem512.rs
@@ -253,9 +253,9 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 2 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 2 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn serialized_public_key(
                     public_key: &MlKem512PublicKeyUnpacked,
                     serialized: &mut MlKem512PublicKey,
@@ -277,17 +277,17 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 2 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 2 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem512KeyPairUnpacked, serialized: &mut MlKem512PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512>(serialized);
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 2 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 2 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn key_pair_serialized_public_key(key_pair: &MlKem512KeyPairUnpacked) ->MlKem512PublicKey {
                     key_pair.serialized_public_key::<RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512>()
                 }
@@ -455,8 +455,8 @@ pub fn validate_private_key(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem512_generate_keypair $randomness in
-        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)")
+    fstar!(r#"let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem512_generate_keypair $randomness in
+        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)"#)
 )]
 pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512KeyPair {
     multiplexing::generate_keypair::<
@@ -478,9 +478,9 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem512_encapsulate ${public_key}.f_value $randomness in
+    fstar!(r#"let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem512_encapsulate ${public_key}.f_value $randomness in
         let (res_ciphertext, res_shared_secret) = $res in
-        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)")
+        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)"#)
 )]
 pub fn encapsulate(
     public_key: &MlKem512PublicKey,
@@ -510,8 +510,8 @@ pub fn encapsulate(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem512_decapsulate ${private_key}.f_value ${ciphertext}.f_value in
-        valid ==> $res == shared_secret")
+    fstar!(r#"let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem512_decapsulate ${private_key}.f_value ${ciphertext}.f_value in
+        valid ==> $res == shared_secret"#)
 )]
 pub fn decapsulate(
     private_key: &MlKem512PrivateKey,
diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs
index 7a684b2a4..9deb50115 100644
--- a/libcrux-ml-kem/src/mlkem768.rs
+++ b/libcrux-ml-kem/src/mlkem768.rs
@@ -254,9 +254,9 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 3 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 3 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked, serialized : &mut MlKem768PublicKey) {
                     public_key.serialized_mut::<RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768>(serialized);
                 }
@@ -272,17 +272,17 @@ macro_rules! instantiate {
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("(forall (i:nat). i < 3 ==>
+                #[hax_lib::requires(fstar!(r#"(forall (i:nat). i < 3 ==>
                         Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                            ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"))]
+                            ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
                 pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem768KeyPairUnpacked, serialized: &mut MlKem768PublicKey) {
                     key_pair.serialized_public_key_mut::<RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768>(serialized);
                 }
 
                 /// Get the serialized public key.
-                #[hax_lib::requires(fstar!("forall (i:nat). i < 3 ==>
+                #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 3 ==>
                     Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
-                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"))]
+                        ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))]
                 pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked) ->MlKem768PublicKey {
                     key_pair.serialized_public_key::<RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768>()
                 }
@@ -450,8 +450,8 @@ pub fn validate_private_key(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem768_generate_keypair $randomness in
-        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)")
+    fstar!(r#"let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem768_generate_keypair $randomness in
+        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)"#)
 )]
 pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768KeyPair {
     multiplexing::generate_keypair::<
@@ -473,9 +473,9 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem768_encapsulate ${public_key}.f_value $randomness in
+    fstar!(r#"let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem768_encapsulate ${public_key}.f_value $randomness in
         let (res_ciphertext, res_shared_secret) = $res in
-        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)")
+        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)"#)
 )]
 pub fn encapsulate(
     public_key: &MlKem768PublicKey,
@@ -505,8 +505,8 @@ pub fn encapsulate(
 #[cfg(not(eurydice))]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
-    fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem768_decapsulate ${private_key}.f_value ${ciphertext}.f_value in
-        valid ==> $res == shared_secret")
+    fstar!(r#"let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem768_decapsulate ${private_key}.f_value ${ciphertext}.f_value in
+        valid ==> $res == shared_secret"#)
 )]
 pub fn decapsulate(
     private_key: &MlKem768PrivateKey,
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index fa08e35e5..12feb2485 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -24,36 +24,38 @@ use crate::{
         forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
                 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
 )]
-#[hax_lib::requires(fstar!("v ${*zeta_i} == 63 /\\
-    ntt_re_range_2 $re"))]
-#[hax_lib::ensures(|result| fstar!("ntt_re_range_1 ${re}_future /\\
-    v ${*zeta_i}_future == 127"))]
+#[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 63 /\
+    ntt_re_range_2 $re"#))]
+#[hax_lib::ensures(|result| fstar!(r#"ntt_re_range_1 ${re}_future /\
+    v ${*zeta_i}_future == 127"#))]
 pub(crate) fn ntt_at_layer_1<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     _layer: usize,
     _initial_coefficient_bound: usize,
 ) {
-    hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)");
-    hax_lib::fstar!("reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"#);
+    hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
         hax_lib::loop_invariant!(|round: usize| {
             fstar!(
-                "v zeta_i == v $_zeta_i_init + v $round * 4 /\\
-          (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+                r#"v zeta_i == v $_zeta_i_init + v $round * 4 /\
+          (v round < 16 ==> (forall (i:nat). (i >= v round /\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"#
             )
         });
         *zeta_i += 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         re.coefficients[round] = Vector::ntt_layer_1_step(
             re.coefficients[round],
             zeta(*zeta_i),
@@ -62,9 +64,11 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
             zeta(*zeta_i + 3),
         );
         *zeta_i += 3;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         hax_lib::fstar!(
             "assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
         (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
@@ -84,42 +88,46 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
             (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
 )]
-#[hax_lib::requires(fstar!("v ${*zeta_i} == 31 /\\
-    ntt_re_range_3 $re"))]
-#[hax_lib::ensures(|result| fstar!("ntt_re_range_2 ${re}_future /\\
-    v ${*zeta_i}_future == 63"))]
+#[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 31 /\
+    ntt_re_range_3 $re"#))]
+#[hax_lib::ensures(|result| fstar!(r#"ntt_re_range_2 ${re}_future /\
+    v ${*zeta_i}_future == 63"#))]
 pub(crate) fn ntt_at_layer_2<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     _layer: usize,
     _initial_coefficient_bound: usize,
 ) {
-    hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)");
-    hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"#);
+    hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
         hax_lib::loop_invariant!(|round: usize| {
             fstar!(
-                "v zeta_i == v $_zeta_i_init + v $round * 2 /\\
-          (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+                r#"v zeta_i == v $_zeta_i_init + v $round * 2 /\
+          (v round < 16 ==> (forall (i:nat). (i >= v round /\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"#
             )
         });
         *zeta_i += 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         re.coefficients[round] =
             Vector::ntt_layer_2_step(re.coefficients[round], zeta(*zeta_i), zeta(*zeta_i + 1));
         *zeta_i += 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         hax_lib::fstar!(
             "assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
             (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"
@@ -139,36 +147,38 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328)
             (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
 )]
-#[hax_lib::requires(fstar!("v ${*zeta_i} == 15 /\\
-    ntt_re_range_4 $re"))]
-#[hax_lib::ensures(|result| fstar!("ntt_re_range_3 ${re}_future /\\
-    v ${*zeta_i}_future == 31"))]
+#[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 15 /\
+    ntt_re_range_4 $re"#))]
+#[hax_lib::ensures(|result| fstar!(r#"ntt_re_range_3 ${re}_future /\
+    v ${*zeta_i}_future == 31"#))]
 pub(crate) fn ntt_at_layer_3<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     _layer: usize,
     _initial_coefficient_bound: usize,
 ) {
-    hax_lib::fstar!("reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #$:Vector)");
-    hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #$:Vector)"#);
+    hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for round in 0..16 {
         hax_lib::loop_invariant!(|round: usize| {
             fstar!(
-                "v zeta_i == v $_zeta_i_init + v $round /\\
-          (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+                r#"v zeta_i == v $_zeta_i_init + v $round /\
+          (v round < 16 ==> (forall (i:nat). (i >= v round /\ i < 16) ==>
             Spec.Utils.is_i16b_array_opaque (11207+3*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
           (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"
+              (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))"#
             )
         });
         *zeta_i += 1;
-        hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
+        hax_lib::fstar!(
+            r#"reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
                         (Spec.Utils.is_i16b_array_opaque (11207+3*3328)
-                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+                        (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"#
+        );
         re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], zeta(*zeta_i));
         hax_lib::fstar!(
             "reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) 
@@ -184,16 +194,16 @@ pub(crate) fn ntt_at_layer_3<Vector: Operations>(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 $zeta_r /\
     (let t = ${montgomery_multiply_fe::<Vector>} $b $zeta_r in
     (forall i. i < 16 ==>
         Spec.Utils.is_intb (pow2 15 - 1)
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) -
-        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\
+        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\
     (forall i. i < 16 ==>
         Spec.Utils.is_intb (pow2 15 - 1)
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) +
-        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"))]
+        v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"#))]
 fn ntt_layer_int_vec_step<Vector: Operations>(
     mut a: Vector,
     mut b: Vector,
@@ -207,16 +217,16 @@ fn ntt_layer_int_vec_step<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\
-    ((v $layer == 4 ==> v ${*zeta_i} == 7) /\\
-    (v $layer == 5 ==> v ${*zeta_i} == 3) /\\
-    (v $layer == 6 ==> v ${*zeta_i} == 1) /\\
-    (v $layer == 7 ==> v ${*zeta_i} == 0))"))]
-#[hax_lib::ensures(|result| fstar!("ntt_re_range_4 ${re}_future /\\
-    (v $layer == 4 ==> v ${*zeta_i}_future == 15) /\\
-    (v $layer == 5 ==> v ${*zeta_i}_future == 7) /\\
-    (v $layer == 6 ==> v ${*zeta_i}_future == 3) /\\
-    (v $layer == 7 ==> v ${*zeta_i}_future == 1)"))]
+#[hax_lib::requires(fstar!(r#"v $layer >= 4 /\ v $layer <= 7 /\
+    ((v $layer == 4 ==> v ${*zeta_i} == 7) /\
+    (v $layer == 5 ==> v ${*zeta_i} == 3) /\
+    (v $layer == 6 ==> v ${*zeta_i} == 1) /\
+    (v $layer == 7 ==> v ${*zeta_i} == 0))"#))]
+#[hax_lib::ensures(|result| fstar!(r#"ntt_re_range_4 ${re}_future /\
+    (v $layer == 4 ==> v ${*zeta_i}_future == 15) /\
+    (v $layer == 5 ==> v ${*zeta_i}_future == 7) /\
+    (v $layer == 6 ==> v ${*zeta_i}_future == 3) /\
+    (v $layer == 7 ==> v ${*zeta_i}_future == 1)"#))]
 pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
@@ -259,33 +269,33 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
         (re_0 re_1: v_Vector) =
     (forall i. i < 16 ==>
       Spec.Utils.is_intb (pow2 15 - 1)
-      (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\\
+      (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\
     (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in
     (forall i. i < 16 ==> 
       Spec.Utils.is_intb (pow2 15 - 1) 
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - 
-          v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\
+          v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\
     (forall i. i < 16 ==> 
       Spec.Utils.is_intb (pow2 15 - 1) 
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + 
           v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"
 )]
-#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
-    (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
+#[hax_lib::requires(fstar!(r#"forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
+    (${re}.f_coefficients.[ sz i +! sz 8 ])"#))]
 pub(crate) fn ntt_at_layer_7<Vector: Operations>(re: &mut PolynomialRingElement<Vector>) {
     let step = VECTORS_IN_RING_ELEMENT / 2;
-    hax_lib::fstar!("assert (v $step == 8)");
+    hax_lib::fstar!(r#"assert (v $step == 8)"#);
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for j in 0..step {
         hax_lib::loop_invariant!(|j: usize| {
             fstar!(
-                "(v j < 8 ==>
-          (forall (i:nat). (i >= v j /\\ i < 8) ==>
-            ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))"
+                r#"(v j < 8 ==>
+          (forall (i:nat). (i >= v j /\ i < 8) ==>
+            ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))"#
             )
         });
-        hax_lib::fstar!("reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #$:Vector)");
+        hax_lib::fstar!(r#"reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #$:Vector)"#);
         let t = Vector::multiply_by_constant(re.coefficients[j + step], -1600);
         re.coefficients[j + step] = Vector::sub(re.coefficients[j], &t);
         re.coefficients[j] = Vector::add(re.coefficients[j], &t);
@@ -296,11 +306,11 @@ pub(crate) fn ntt_at_layer_7<Vector: Operations>(re: &mut PolynomialRingElement<
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
-    (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
-#[hax_lib::ensures(|_| fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
-    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re) /\\
-    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector ${re}_future"))]
+#[hax_lib::requires(fstar!(r#"forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
+    (${re}.f_coefficients.[ sz i +! sz 8 ])"#))]
+#[hax_lib::ensures(|_| fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
+    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re) /\
+    Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector ${re}_future"#))]
 pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
     re: &mut PolynomialRingElement<Vector>,
 ) {
@@ -322,8 +332,8 @@ pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::ensures(|_| fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
-    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"))]
+#[hax_lib::ensures(|_| fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector ${re}_future ==
+    Spec.MLKEM.poly_ntt (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"#))]
 pub(crate) fn ntt_vector_u<const VECTOR_U_COMPRESSION_FACTOR: usize, Vector: Operations>(
     re: &mut PolynomialRingElement<Vector>,
 ) {
diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index 541322227..accd43531 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -1,7 +1,7 @@
 use crate::vector::{to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR};
 
 pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = {
-    hax_lib::fstar!("assert_norm (pow2 16 == 65536)");
+    hax_lib::fstar!(r#"assert_norm (pow2 16 == 65536)"#);
     [
         -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474,
         1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411,
@@ -19,7 +19,7 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = {
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(i < 128)]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 1664 result"))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 1664 result"#))]
 pub fn zeta(i: usize) -> i16 {
     ZETAS_TIMES_MONTGOMERY_R[i]
 }
diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs
index 9f17bf8c1..d10a4a7f2 100644
--- a/libcrux-ml-kem/src/sampling.rs
+++ b/libcrux-ml-kem/src/sampling.rs
@@ -178,21 +178,21 @@ fn sample_from_binomial_distribution_2<Vector: Operations>(
 
             let even_bits = random_bits_as_u32 & 0x55555555;
             let odd_bits = (random_bits_as_u32 >> 1) & 0x55555555;
-            hax_lib::fstar!("logand_lemma $random_bits_as_u32 1431655765ul;
-                logand_lemma ($random_bits_as_u32 >>! 1l) 1431655765ul");
+            hax_lib::fstar!(r#"logand_lemma $random_bits_as_u32 1431655765ul;
+                logand_lemma ($random_bits_as_u32 >>! 1l) 1431655765ul"#);
             let coin_toss_outcomes = even_bits + odd_bits;
 
             cloop! {
                 for outcome_set in (0..u32::BITS).step_by(4) {
                     let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x3) as i16;
                     let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as i16;
-                    hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul;
+                    hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul;
                         logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 2ul <: u32) <: u32) 3ul;
                         assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 3);
                         assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 3);
                         assert (v $chunk_number <= 31);
                         assert (v (sz 8 *! $chunk_number <: usize) <= 248);
-                        assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)");
+                        assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)"#);
 
                     let offset = (outcome_set >> 2) as usize;
                     sampled_i16s[8 * chunk_number + offset] = outcome_1 - outcome_2;
@@ -228,9 +228,9 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
             let first_bits = random_bits_as_u24 & 0x00249249;
             let second_bits = (random_bits_as_u24 >> 1) & 0x00249249;
             let third_bits = (random_bits_as_u24 >> 2) & 0x00249249;
-            hax_lib::fstar!("logand_lemma $random_bits_as_u24 2396745ul;
+            hax_lib::fstar!(r#"logand_lemma $random_bits_as_u24 2396745ul;
                 logand_lemma ($random_bits_as_u24 >>! 1l <: u32) 2396745ul;
-                logand_lemma ($random_bits_as_u24 >>! 2l <: u32) 2396745ul");
+                logand_lemma ($random_bits_as_u24 >>! 2l <: u32) 2396745ul"#);
 
             let coin_toss_outcomes = first_bits + second_bits + third_bits;
 
@@ -238,13 +238,13 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
                 for outcome_set in (0..24).step_by(6) {
                     let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x7) as i16;
                     let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as i16;
-                    hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul;
+                    hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul;
                         logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 3l <: i32) <: u32) 7ul;
                         assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 7);
                         assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 7);
                         assert (v $chunk_number <= 63);
                         assert (v (sz 4 *! $chunk_number <: usize) <= 252);
-                        assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)");
+                        assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)"#);
 
                     let offset = (outcome_set / 6) as usize;
                     sampled_i16s[4 * chunk_number + offset] = outcome_1 - outcome_2;
@@ -258,10 +258,10 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires((ETA == 2 || ETA == 3) && randomness.len() == ETA * 64)]
-#[hax_lib::ensures(|result| fstar!("(forall (i:nat). i < 8 ==> Libcrux_ml_kem.Ntt.ntt_layer_7_pre
+#[hax_lib::ensures(|result| fstar!(r#"(forall (i:nat). i < 8 ==> Libcrux_ml_kem.Ntt.ntt_layer_7_pre
     (${result}.f_coefficients.[ sz i ]) (${result}.f_coefficients.[ sz i +! sz 8 ])) /\\
     Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result ==
-        Spec.MLKEM.sample_poly_cbd $ETA $randomness"))]
+        Spec.MLKEM.sample_poly_cbd $ETA $randomness"#))]
 pub(super) fn sample_from_binomial_distribution<const ETA: usize, Vector: Operations>(
     randomness: &[u8],
 ) -> PolynomialRingElement<Vector> {
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 211b1a08b..8fc1de500 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -23,25 +23,25 @@ let field_modulus_range (#v_Vector: Type0)
         {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
         (a: v_Vector) =
     let coef = Libcrux_ml_kem.Vector.Traits.f_to_i16_array a in
-    forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v $FIELD_MODULUS) /\\
+    forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v $FIELD_MODULUS) /\
         v (Seq.index coef i) < v $FIELD_MODULUS"
 )]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("field_modulus_range $a"))]
-#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==>
-    v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) >= 0 /\\
-    v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) < v $FIELD_MODULUS"))]
+#[hax_lib::requires(fstar!(r#"field_modulus_range $a"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall (i:nat). i < 16 ==>
+    v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) >= 0 /\
+    v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) < v $FIELD_MODULUS"#))]
 pub(super) fn to_unsigned_field_modulus<Vector: Operations>(a: Vector) -> Vector {
-    hax_lib::fstar!("reveal_opaque (`%field_modulus_range) (field_modulus_range #$:Vector)");
+    hax_lib::fstar!(r#"reveal_opaque (`%field_modulus_range) (field_modulus_range #$:Vector)"#);
     to_unsigned_representative::<Vector>(a)
 }
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("coefficients_field_modulus_range $re"))]
+#[hax_lib::requires(fstar!(r#"coefficients_field_modulus_range $re"#))]
 #[hax_lib::ensures(|result|
-    fstar!("$result ==
-        Spec.MLKEM.compress_then_encode_message (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+    fstar!(r#"$result ==
+        Spec.MLKEM.compress_then_encode_message (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"#)
 )]
 pub(super) fn compress_then_serialize_message<Vector: Operations>(
     re: PolynomialRingElement<Vector>,
@@ -54,7 +54,7 @@ pub(super) fn compress_then_serialize_message<Vector: Operations>(
             coefficients_field_modulus_range $re"
             )
         });
-        hax_lib::fstar!("assert (2 * v $i + 2 <= 32)");
+        hax_lib::fstar!(r#"assert (2 * v $i + 2 <= 32)"#);
         hax_lib::fstar!(
             "reveal_opaque (`%coefficients_field_modulus_range)
             (coefficients_field_modulus_range #$:Vector)"
@@ -72,8 +72,8 @@ pub(super) fn compress_then_serialize_message<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|result|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result ==
-        Spec.MLKEM.decode_then_decompress_message $serialized")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result ==
+        Spec.MLKEM.decode_then_decompress_message $serialized"#)
 )]
 pub(super) fn deserialize_then_decompress_message<Vector: Operations>(
     serialized: [u8; SHARED_SECRET_SIZE],
@@ -88,24 +88,24 @@ pub(super) fn deserialize_then_decompress_message<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("coefficients_field_modulus_range $re"))]
+#[hax_lib::requires(fstar!(r#"coefficients_field_modulus_range $re"#))]
 #[hax_lib::ensures(|result|
-    fstar!("$result ==
-        Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+    fstar!(r#"$result ==
+        Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"#)
 )]
 pub(super) fn serialize_uncompressed_ring_element<Vector: Operations>(
     re: &PolynomialRingElement<Vector>,
 ) -> [u8; BYTES_PER_RING_ELEMENT] {
-    hax_lib::fstar!("assert_norm (pow2 12 == 4096)");
+    hax_lib::fstar!(r#"assert_norm (pow2 12 == 4096)"#);
     let mut serialized = [0u8; BYTES_PER_RING_ELEMENT];
     for i in 0..VECTORS_IN_RING_ELEMENT {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "v $i >= 0 /\\ v $i <= 16 /\\
-            v $i < 16 ==> coefficients_field_modulus_range $re"
+                r#"v $i >= 0 /\ v $i <= 16 /\
+            v $i < 16 ==> coefficients_field_modulus_range $re"#
             )
         });
-        hax_lib::fstar!("assert (24 * v $i + 24 <= 384)");
+        hax_lib::fstar!(r#"assert (24 * v $i + 24 <= 384)"#);
         hax_lib::fstar!(
             "reveal_opaque (`%coefficients_field_modulus_range)
             (coefficients_field_modulus_range #$:Vector)"
@@ -124,13 +124,13 @@ pub(super) fn serialize_uncompressed_ring_element<Vector: Operations>(
     serialized.len() == BYTES_PER_RING_ELEMENT
 )]
 #[hax_lib::ensures(|result|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.byte_decode 12 $serialized")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
+        Spec.MLKEM.byte_decode 12 $serialized"#)
 )]
 pub(super) fn deserialize_to_uncompressed_ring_element<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v $BYTES_PER_RING_ELEMENT / 24 == 16)");
+    hax_lib::fstar!(r#"assert (v $BYTES_PER_RING_ELEMENT / 24 == 16)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
     cloop! {
@@ -153,7 +153,7 @@ pub(super) fn deserialize_to_uncompressed_ring_element<Vector: Operations>(
 fn deserialize_to_reduced_ring_element<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v $BYTES_PER_RING_ELEMENT / 24 == 16)");
+    hax_lib::fstar!(r#"assert (v $BYTES_PER_RING_ELEMENT / 24 == 16)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
     cloop! {
@@ -172,12 +172,12 @@ fn deserialize_to_reduced_ring_element<Vector: Operations>(
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(
-    fstar!("Spec.MLKEM.is_rank v_K /\\ 
-            Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)")
+    fstar!(r#"Spec.MLKEM.is_rank v_K /\ 
+            Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"#)
 )]
 #[hax_lib::ensures(|result|
-    fstar!("forall (i:nat). i < v $K ==>
-        coefficients_field_modulus_range (Seq.index $result i)")
+    fstar!(r#"forall (i:nat). i < v $K ==>
+        coefficients_field_modulus_range (Seq.index $result i)"#)
 )]
 pub(super) fn deserialize_ring_elements_reduced_out<const K: usize, Vector: Operations>(
     public_key: &[u8],
@@ -191,12 +191,12 @@ pub(super) fn deserialize_ring_elements_reduced_out<const K: usize, Vector: Oper
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(
-    fstar!("Spec.MLKEM.is_rank v_K /\\ 
-            Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)")
+    fstar!(r#"Spec.MLKEM.is_rank v_K /\ 
+            Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"#)
 )]
 #[hax_lib::ensures(|_|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${deserialized_pk}_future == 
-        Spec.MLKEM.vector_decode_12 #$K $public_key")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${deserialized_pk}_future == 
+        Spec.MLKEM.vector_decode_12 #$K $public_key"#)
 )]
 pub(super) fn deserialize_ring_elements_reduced<const K: usize, Vector: Operations>(
     public_key: &[u8],
@@ -215,20 +215,20 @@ pub(super) fn deserialize_ring_elements_reduced<const K: usize, Vector: Operatio
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("v $OUT_LEN == 320 /\\ coefficients_field_modulus_range $re"))]
+#[hax_lib::requires(fstar!(r#"v $OUT_LEN == 320 /\ coefficients_field_modulus_range $re"#))]
 fn compress_then_serialize_10<const OUT_LEN: usize, Vector: Operations>(
     re: &PolynomialRingElement<Vector>,
 ) -> [u8; OUT_LEN] {
-    hax_lib::fstar!("assert_norm (pow2 10 == 1024)");
+    hax_lib::fstar!(r#"assert_norm (pow2 10 == 1024)"#);
     let mut serialized = [0u8; OUT_LEN];
     for i in 0..VECTORS_IN_RING_ELEMENT {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "v $i >= 0 /\\ v $i <= 16 /\\
-            v $i < 16 ==> coefficients_field_modulus_range $re"
+                r#"v $i >= 0 /\ v $i <= 16 /\
+            v $i < 16 ==> coefficients_field_modulus_range $re"#
             )
         });
-        hax_lib::fstar!("assert (20 * v $i + 20 <= 320)");
+        hax_lib::fstar!(r#"assert (20 * v $i + 20 <= 320)"#);
         hax_lib::fstar!(
             "reveal_opaque (`%coefficients_field_modulus_range)
             (coefficients_field_modulus_range #$:Vector)"
@@ -259,11 +259,11 @@ fn compress_then_serialize_11<const OUT_LEN: usize, Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\\
-    v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ coefficients_field_modulus_range $re"))]
+#[hax_lib::requires(fstar!(r#"(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\
+    v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\ coefficients_field_modulus_range $re"#))]
 #[hax_lib::ensures(|result|
-    fstar!("$result == Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
-        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+    fstar!(r#"$result == Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
+        (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"#)
 )]
 pub(super) fn compress_then_serialize_ring_element_u<
     const COMPRESSION_FACTOR: usize,
@@ -287,27 +287,27 @@ pub(super) fn compress_then_serialize_ring_element_u<
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("Seq.length $serialized == 128 /\\
-    coefficients_field_modulus_range $re"))]
+#[hax_lib::requires(fstar!(r#"Seq.length $serialized == 128 /\
+    coefficients_field_modulus_range $re"#))]
 #[hax_lib::ensures(|_|
-    fstar!("${serialized_future.len()} == ${serialized.len()}")
+    fstar!(r#"${serialized_future.len()} == ${serialized.len()}"#)
 )]
 fn compress_then_serialize_4<Vector: Operations>(
     re: PolynomialRingElement<Vector>,
     serialized: &mut [u8],
 ) {
-    hax_lib::fstar!("assert_norm (pow2 4 == 16)");
+    hax_lib::fstar!(r#"assert_norm (pow2 4 == 16)"#);
     // The semicolon and parentheses at the end of loop are a workaround
     // for the following bug https://github.com/hacspec/hax/issues/720
     for i in 0..VECTORS_IN_RING_ELEMENT {
         // NOTE: Using `$serialized` in loop_invariant doesn't work here
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "v $i >= 0 /\\ v $i <= 16 /\\
-            v $i < 16 ==> (Seq.length serialized == 128 /\\ coefficients_field_modulus_range $re)"
+                r#"v $i >= 0 /\ v $i <= 16 /\
+            v $i < 16 ==> (Seq.length serialized == 128 /\ coefficients_field_modulus_range $re)"#
             )
         });
-        hax_lib::fstar!("assert (8 * v $i + 8 <= 128)");
+        hax_lib::fstar!(r#"assert (8 * v $i + 8 <= 128)"#);
         hax_lib::fstar!(
             "reveal_opaque (`%coefficients_field_modulus_range)
             (coefficients_field_modulus_range #$:Vector)"
@@ -326,7 +326,7 @@ fn compress_then_serialize_4<Vector: Operations>(
     serialized.len() == 160
 )]
 #[hax_lib::ensures(|_|
-    fstar!("${serialized_future.len()} == ${serialized.len()}")
+    fstar!(r#"${serialized_future.len()} == ${serialized.len()}"#)
 )]
 fn compress_then_serialize_5<Vector: Operations>(
     re: PolynomialRingElement<Vector>,
@@ -346,14 +346,14 @@ fn compress_then_serialize_5<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ 
-    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\\
-    Seq.length $out == v $OUT_LEN /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\
-    coefficients_field_modulus_range $re"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank v_K /\ 
+    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+    Seq.length $out == v $OUT_LEN /\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\
+    coefficients_field_modulus_range $re"#))]
 #[hax_lib::ensures(|_|
-    fstar!("${out_future.len()} == ${out.len()} /\\
+    fstar!(r#"${out_future.len()} == ${out.len()} /\
         ${out}_future == Spec.MLKEM.compress_then_encode_v #v_K
-            (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)")
+            (Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $re)"#)
 )]
 pub(super) fn compress_then_serialize_ring_element_v<
     const K: usize,
@@ -384,7 +384,7 @@ pub(super) fn compress_then_serialize_ring_element_v<
 fn deserialize_then_decompress_10<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320)");
+    hax_lib::fstar!(r#"assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
     let _coefficients_length = re.coefficients.len();
@@ -405,7 +405,7 @@ fn deserialize_then_decompress_10<Vector: Operations>(
 fn deserialize_then_decompress_11<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352)");
+    hax_lib::fstar!(r#"assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
     cloop! {
@@ -425,8 +425,8 @@ fn deserialize_then_decompress_11<Vector: Operations>(
     serialized.len() == 32 * COMPRESSION_FACTOR
 )]
 #[hax_lib::ensures(|result|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.byte_decode_then_decompress (v $COMPRESSION_FACTOR) $serialized")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
+        Spec.MLKEM.byte_decode_then_decompress (v $COMPRESSION_FACTOR) $serialized"#)
 )]
 pub(super) fn deserialize_then_decompress_ring_element_u<
     const COMPRESSION_FACTOR: usize,
@@ -453,7 +453,7 @@ pub(super) fn deserialize_then_decompress_ring_element_u<
 fn deserialize_then_decompress_4<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128)");
+    hax_lib::fstar!(r#"assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
     cloop! {
@@ -473,7 +473,7 @@ fn deserialize_then_decompress_4<Vector: Operations>(
 fn deserialize_then_decompress_5<Vector: Operations>(
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
-    hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160)");
+    hax_lib::fstar!(r#"assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
     cloop! {
@@ -487,13 +487,13 @@ fn deserialize_then_decompress_5<Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ 
-    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-    Seq.length $serialized == 32 * v $COMPRESSION_FACTOR")
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\ 
+    $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+    Seq.length $serialized == 32 * v $COMPRESSION_FACTOR"#)
 )]
 #[hax_lib::ensures(|result|
-    fstar!("Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
-        Spec.MLKEM.decode_then_decompress_v #${K} $serialized")
+    fstar!(r#"Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result == 
+        Spec.MLKEM.decode_then_decompress_v #${K} $serialized"#)
 )]
 pub(super) fn deserialize_then_decompress_ring_element_v<
     const K: usize,
diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs
index f1a11eb52..851700cfb 100644
--- a/libcrux-ml-kem/src/types.rs
+++ b/libcrux-ml-kem/src/types.rs
@@ -13,7 +13,7 @@ macro_rules! impl_generic_struct {
 
         #[hax_lib::attributes]
         impl<const SIZE: usize> AsRef<[u8]> for $name<SIZE> {
-            #[ensures(|result| fstar!("$result = self___.f_value"))]
+            #[ensures(|result| fstar!(r#"$result = self___.f_value"#))]
             fn as_ref(&self) -> &[u8] {
                 &self.value
             }
@@ -21,7 +21,7 @@ macro_rules! impl_generic_struct {
 
         #[hax_lib::attributes]
         impl<const SIZE: usize> From<[u8; SIZE]> for $name<SIZE> {
-            #[ensures(|result| fstar!("${result}.f_value = $value"))]
+            #[ensures(|result| fstar!(r#"${result}.f_value = $value"#))]
             fn from(value: [u8; SIZE]) -> Self {
                 Self { value }
             }
@@ -55,7 +55,7 @@ macro_rules! impl_generic_struct {
         #[hax_lib::attributes]
         impl<const SIZE: usize> $name<SIZE> {
             /// A reference to the raw byte slice.
-            #[ensures(|result| fstar!("$result == self.f_value"))]
+            #[ensures(|result| fstar!(r#"$result == self.f_value"#))]
             pub fn as_slice(&self) -> &[u8; SIZE] {
                 &self.value
             }
@@ -165,7 +165,7 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
     }
 
     /// Create a new [`MlKemKeyPair`] from the secret and public key.
-    #[ensures(|result| fstar!("${result}.f_sk == $sk /\\ ${result}.f_pk == $pk"))]
+    #[ensures(|result| fstar!(r#"${result}.f_sk == $sk /\\ ${result}.f_pk == $pk"#))]
     pub fn from(
         sk: MlKemPrivateKey<PRIVATE_KEY_SIZE>,
         pk: MlKemPublicKey<PUBLIC_KEY_SIZE>,
@@ -207,10 +207,10 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
 /// Unpack an incoming private key into it's different parts.
 ///
 /// We have this here in types to extract into a common core for C.
-#[hax_lib::requires(fstar!("Seq.length private_key >= 
+#[hax_lib::requires(fstar!(r#"Seq.length private_key >= 
                             v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + 
-                            v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE"))]
-#[hax_lib::ensures(|result| fstar!("
+                            v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE"#))]
+#[hax_lib::ensures(|result| fstar!(r#"
            let (ind_cpa_secret_key_s,rest) = split $private_key $CPA_SECRET_KEY_SIZE in
            let (ind_cpa_public_key_s,rest) = split rest $PUBLIC_KEY_SIZE in
            let (ind_cpa_public_key_hash_s,implicit_rejection_value_s) = split rest Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in
@@ -226,7 +226,7 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
            Seq.length implicit_rejection_value == 
            Seq.length private_key - 
              (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)
-           "))]
+           "#))]
 pub(crate) fn unpack_private_key<const CPA_SECRET_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>(
     private_key: &[u8], // len: SECRET_KEY_SIZE
 ) -> (&[u8], &[u8], &[u8], &[u8]) {
diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs
index ec055f816..f38e3c088 100644
--- a/libcrux-ml-kem/src/utils.rs
+++ b/libcrux-ml-kem/src/utils.rs
@@ -9,16 +9,20 @@
     slice.len() <= LEN
 ))]
 #[cfg_attr(hax, hax_lib::ensures(|result|
-    fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v (${slice.len()})) 0uy)")))]
+    fstar!(r#"$result == Seq.append $slice (Seq.create (v $LEN - v (${slice.len()})) 0uy)"#)))]
 pub(crate) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
     let mut out = [0u8; LEN];
     out[0..slice.len()].copy_from_slice(slice);
-    hax_lib::fstar!("assert (Seq.slice out 0 (Seq.length slice) == slice)");
-    hax_lib::fstar!("assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN))");
+    hax_lib::fstar!(r#"assert (Seq.slice out 0 (Seq.length slice) == slice)"#);
+    hax_lib::fstar!(
+        r#"assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN))"#
+    );
     hax_lib::fstar!(
         "assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i)"
     );
-    hax_lib::fstar!("assert (forall i. (i >= Seq.length slice && i < v v_LEN) ==> Seq.index out i == Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice))");
+    hax_lib::fstar!(
+        r#"assert (forall i. (i >= Seq.length slice && i < v v_LEN) ==> Seq.index out i == Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice))"#
+    );
     hax_lib::fstar!(
         "Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy))"
     );
@@ -27,12 +31,12 @@ pub(crate) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::requires(fstar!("range (v $domain_separator + v $K) u8_inttype"))]
+#[hax_lib::requires(fstar!(r#"range (v $domain_separator + v $K) u8_inttype"#))]
 #[hax_lib::ensures(|ds|
-    fstar!("v $ds == v $domain_separator + v $K /\\
+    fstar!(r#"v $ds == v $domain_separator + v $K /\\
             (forall (i:nat). i < v $K ==>
                 v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\\
-                Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)")
+                Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)"#)
 )]
 pub(crate) fn prf_input_inc<const K: usize>(
     prf_inputs: &mut [[u8; 33]; K],
@@ -42,11 +46,13 @@ pub(crate) fn prf_input_inc<const K: usize>(
     let _prf_inputs_init = prf_inputs.clone();
     for i in 0..K {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("v $domain_separator == v $_domain_separator_init + v $i /\\
+            fstar!(
+                r#"v $domain_separator == v $_domain_separator_init + v $i /\\
           (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
             prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
           (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\\
-            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)")
+            Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)"#
+            )
         });
         prf_inputs[i][32] = domain_separator;
         domain_separator += 1;
diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs
index 0cdfa024b..fade344e8 100644
--- a/libcrux-ml-kem/src/variant.rs
+++ b/libcrux-ml-kem/src/variant.rs
@@ -12,17 +12,17 @@ use crate::{constants::CPA_PKE_KEY_GENERATION_SEED_SIZE, hash_functions::Hash, M
 #[hax_lib::attributes]
 pub(crate) trait Variant {
     #[requires(shared_secret.len() == 32)]
-    #[ensures(|res| fstar!("$res == $shared_secret"))] // We only have post-conditions for ML-KEM, not Kyber
+    #[ensures(|res| fstar!(r#"$res == $shared_secret"#))] // We only have post-conditions for ML-KEM, not Kyber
     fn kdf<const K: usize, const CIPHERTEXT_SIZE: usize, Hasher: Hash<K>>(
         shared_secret: &[u8],
         ciphertext: &MlKemCiphertext<CIPHERTEXT_SIZE>,
     ) -> [u8; 32];
     #[requires(randomness.len() == 32)]
-    #[ensures(|res| fstar!("$res == $randomness"))] // We only have post-conditions for ML-KEM, not Kyber
+    #[ensures(|res| fstar!(r#"$res == $randomness"#))] // We only have post-conditions for ML-KEM, not Kyber
     fn entropy_preprocess<const K: usize, Hasher: Hash<K>>(randomness: &[u8]) -> [u8; 32];
     #[requires(seed.len() == 32)]
-    #[ensures(|res| fstar!("Seq.length $seed == 32 ==> $res == Spec.Utils.v_G
-        (Seq.append $seed (Seq.create 1 (cast $K <: u8)))")
+    #[ensures(|res| fstar!(r#"Seq.length $seed == 32 ==> $res == Spec.Utils.v_G
+        (Seq.append $seed (Seq.create 1 (cast $K <: u8)))"#)
     )]
     fn cpa_keygen_seed<const K: usize, Hasher: Hash<K>>(seed: &[u8]) -> [u8; 64];
 }
@@ -73,7 +73,7 @@ pub(crate) struct MlKem {}
 impl Variant for MlKem {
     #[inline(always)]
     #[requires(shared_secret.len() == 32)]
-    #[ensures(|res| fstar!("$res == $shared_secret"))]
+    #[ensures(|res| fstar!(r#"$res == $shared_secret"#))]
     fn kdf<const K: usize, const CIPHERTEXT_SIZE: usize, Hasher: Hash<K>>(
         shared_secret: &[u8],
         _: &MlKemCiphertext<CIPHERTEXT_SIZE>,
@@ -85,7 +85,7 @@ impl Variant for MlKem {
 
     #[inline(always)]
     #[requires(randomness.len() == 32)]
-    #[ensures(|res| fstar!("$res == $randomness"))]
+    #[ensures(|res| fstar!(r#"$res == $randomness"#))]
     fn entropy_preprocess<const K: usize, Hasher: Hash<K>>(randomness: &[u8]) -> [u8; 32] {
         let mut out = [0u8; 32];
         out.copy_from_slice(randomness);
@@ -94,8 +94,8 @@ impl Variant for MlKem {
 
     #[inline(always)]
     #[requires(key_generation_seed.len() == 32)]
-    #[ensures(|res| fstar!("Seq.length $key_generation_seed == 32 ==> $res == Spec.Utils.v_G
-        (Seq.append $key_generation_seed (Seq.create 1 (cast $K <: u8)))")
+    #[ensures(|res| fstar!(r#"Seq.length $key_generation_seed == 32 ==> $res == Spec.Utils.v_G
+        (Seq.append $key_generation_seed (Seq.create 1 (cast $K <: u8)))"#)
     )]
     fn cpa_keygen_seed<const K: usize, Hasher: Hash<K>>(key_generation_seed: &[u8]) -> [u8; 64] {
         let mut seed = [0u8; CPA_PKE_KEY_GENERATION_SEED_SIZE + 1];
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 31ff6debe..80373cd1a 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -16,7 +16,7 @@ pub struct SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::ensures(|result| fstar!("repr ${result} == Seq.create 16 0s"))]
+#[hax_lib::ensures(|result| fstar!(r#"repr ${result} == Seq.create 16 0s"#))]
 fn vec_zero() -> SIMD256Vector {
     SIMD256Vector {
         elements: mm256_setzero_si256(),
@@ -25,7 +25,7 @@ fn vec_zero() -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::ensures(|result| fstar!("${result} == repr ${v}"))]
+#[hax_lib::ensures(|result| fstar!(r#"${result} == repr ${v}"#))]
 fn vec_to_i16_array(v: SIMD256Vector) -> [i16; 16] {
     let mut output = [0i16; 16];
     mm256_storeu_si256_i16(&mut output, v.elements);
@@ -35,7 +35,7 @@ fn vec_to_i16_array(v: SIMD256Vector) -> [i16; 16] {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::ensures(|result| fstar!("repr ${result} == ${array}"))]
+#[hax_lib::ensures(|result| fstar!(r#"repr ${result} == ${array}"#))]
 fn vec_from_i16_array(array: &[i16]) -> SIMD256Vector {
     SIMD256Vector {
         elements: mm256_loadu_si256_i16(array),
@@ -44,8 +44,8 @@ fn vec_from_i16_array(array: &[i16]) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (repr $vector)"))]
-#[hax_lib::ensures(|out| fstar!("repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (repr $vector)"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (repr $vector)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (repr $vector)"#))]
 fn cond_subtract_3329(vector: SIMD256Vector) -> SIMD256Vector {
     SIMD256Vector {
         elements: arithmetic::cond_subtract_3329(vector.elements),
@@ -54,9 +54,9 @@ fn cond_subtract_3329(vector: SIMD256Vector) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
-    v (Seq.index (repr $vector) i) < 3329"))]
-#[hax_lib::ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) 1"))]
+#[hax_lib::requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
+    v (Seq.index (repr $vector) i) < 3329"#))]
+#[hax_lib::ensures(|out| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) 1"#))]
 fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
     SIMD256Vector {
         elements: compress::compress_message_coefficient(vector.elements),
@@ -65,17 +65,17 @@ fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
     v $COEFFICIENT_BITS == 5 \\/
     v $COEFFICIENT_BITS == 10 \\/
     v $COEFFICIENT_BITS == 11) /\\
     (forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
-    v (Seq.index (repr $vector) i) < 3329)"))]
-#[hax_lib::ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    v (Seq.index (repr $vector) i) < 3329)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
     v $COEFFICIENT_BITS == 5 \\/
     v $COEFFICIENT_BITS == 10 \\/
     v $COEFFICIENT_BITS == 11) ==>
-        (forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) (v $COEFFICIENT_BITS))"))]
+        (forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) (v $COEFFICIENT_BITS))"#))]
 fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector {
     SIMD256Vector {
         elements: compress::compress_ciphertext_coefficient::<COEFFICIENT_BITS>(vector.elements),
@@ -84,10 +84,10 @@ fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                     Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                    Spec.Utils.is_i16b_array (11207+5*3328) (repr ${vector})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (repr $out)"))]
+                    Spec.Utils.is_i16b_array (11207+5*3328) (repr ${vector})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (repr $out)"#))]
 fn ntt_layer_1_step(
     vector: SIMD256Vector,
     zeta0: i16,
@@ -102,9 +102,9 @@ fn ntt_layer_1_step(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                    Spec.Utils.is_i16b_array (11207+4*3328) (repr ${vector})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (repr $out)"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                    Spec.Utils.is_i16b_array (11207+4*3328) (repr ${vector})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (repr $out)"#))]
 fn ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vector {
     SIMD256Vector {
         elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1),
@@ -113,9 +113,9 @@ fn ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vec
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                    Spec.Utils.is_i16b_array (11207+3*3328) (repr ${vector})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (repr $out)"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                    Spec.Utils.is_i16b_array (11207+3*3328) (repr ${vector})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (repr $out)"#))]
 fn ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
     SIMD256Vector {
         elements: ntt::ntt_layer_3_step(vector.elements, zeta),
@@ -124,10 +124,10 @@ fn ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                     Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
-                    Spec.Utils.is_i16b_array (4*3328) (repr ${vector})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+                    Spec.Utils.is_i16b_array (4*3328) (repr ${vector})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn inv_ntt_layer_1_step(
     vector: SIMD256Vector,
     zeta0: i16,
@@ -142,9 +142,9 @@ fn inv_ntt_layer_1_step(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                    Spec.Utils.is_i16b_array 3328 (repr ${vector})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                    Spec.Utils.is_i16b_array 3328 (repr ${vector})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn inv_ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vector {
     SIMD256Vector {
         elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1),
@@ -153,9 +153,9 @@ fn inv_ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD25
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                    Spec.Utils.is_i16b_array 3328 (repr ${vector})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                    Spec.Utils.is_i16b_array 3328 (repr ${vector})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn inv_ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
     SIMD256Vector {
         elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta),
@@ -164,11 +164,11 @@ fn inv_ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
                     Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
                     Spec.Utils.is_i16b_array 3328 (repr ${lhs}) /\\
-                    Spec.Utils.is_i16b_array 3328 (repr ${rhs})"))]
-#[hax_lib::ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (repr $out)"))]
+                    Spec.Utils.is_i16b_array 3328 (repr ${rhs})"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn ntt_multiply(
     lhs: &SIMD256Vector,
     rhs: &SIMD256Vector,
@@ -184,8 +184,8 @@ fn ntt_multiply(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 1 (repr $vector)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (repr $vector) ==> Spec.MLKEM.serialize_post 1 (repr $vector) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 1 (repr $vector)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 1 (repr $vector) ==> Spec.MLKEM.serialize_post 1 (repr $vector) $out"#))]
 fn serialize_1(vector: SIMD256Vector) -> [u8; 2] {
     serialize::serialize_1(vector.elements)
 }
@@ -193,7 +193,7 @@ fn serialize_1(vector: SIMD256Vector) -> [u8; 2] {
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(bytes.len() == 2)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (repr $out)"#))]
 fn deserialize_1(bytes: &[u8]) -> SIMD256Vector {
     SIMD256Vector {
         elements: serialize::deserialize_1(bytes),
@@ -202,8 +202,8 @@ fn deserialize_1(bytes: &[u8]) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 4 (repr $vector)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (repr $vector) ==> Spec.MLKEM.serialize_post 4 (repr $vector) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 4 (repr $vector)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 4 (repr $vector) ==> Spec.MLKEM.serialize_post 4 (repr $vector) $out"#))]
 fn serialize_4(vector: SIMD256Vector) -> [u8; 8] {
     serialize::serialize_4(vector.elements)
 }
@@ -211,7 +211,7 @@ fn serialize_4(vector: SIMD256Vector) -> [u8; 8] {
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(bytes.len() == 8)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (repr $out)"#))]
 fn deserialize_4(bytes: &[u8]) -> SIMD256Vector {
     SIMD256Vector {
         elements: serialize::deserialize_4(bytes),
@@ -220,8 +220,8 @@ fn deserialize_4(bytes: &[u8]) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 10 (repr $vector)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (repr $vector) ==> Spec.MLKEM.serialize_post 10 (repr $vector) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 10 (repr $vector)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 10 (repr $vector) ==> Spec.MLKEM.serialize_post 10 (repr $vector) $out"#))]
 fn serialize_10(vector: SIMD256Vector) -> [u8; 20] {
     serialize::serialize_10(vector.elements)
 }
@@ -229,7 +229,7 @@ fn serialize_10(vector: SIMD256Vector) -> [u8; 20] {
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(bytes.len() == 20)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (repr $out)"#))]
 fn deserialize_10(bytes: &[u8]) -> SIMD256Vector {
     SIMD256Vector {
         elements: serialize::deserialize_10(bytes),
@@ -238,8 +238,8 @@ fn deserialize_10(bytes: &[u8]) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 12 (repr $vector)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (repr $vector) ==> Spec.MLKEM.serialize_post 12 (repr $vector) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 12 (repr $vector)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 12 (repr $vector) ==> Spec.MLKEM.serialize_post 12 (repr $vector) $out"#))]
 fn serialize_12(vector: SIMD256Vector) -> [u8; 24] {
     serialize::serialize_12(vector.elements)
 }
@@ -247,7 +247,7 @@ fn serialize_12(vector: SIMD256Vector) -> [u8; 24] {
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(bytes.len() == 24)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (repr $out)"#))]
 fn deserialize_12(bytes: &[u8]) -> SIMD256Vector {
     SIMD256Vector {
         elements: serialize::deserialize_12(bytes),
@@ -264,29 +264,29 @@ impl crate::vector::traits::Repr for SIMD256Vector {
 #[hax_lib::attributes]
 impl Operations for SIMD256Vector {
     #[inline(always)]
-    #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 0s"#))]
     fn ZERO() -> Self {
         vec_zero()
     }
 
     #[requires(array.len() == 16)]
-    #[ensures(|out| fstar!("impl.f_repr out == $array"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == $array"#))]
     #[inline(always)]
     fn from_i16_array(array: &[i16]) -> Self {
         vec_from_i16_array(array)
     }
 
-    #[ensures(|out| fstar!("out == impl.f_repr $x"))]
+    #[ensures(|out| fstar!(r#"out == impl.f_repr $x"#))]
     #[inline(always)]
     fn to_i16_array(x: Self) -> [i16; 16] {
         vec_to_i16_array(x)
     }
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index (impl.f_repr ${result}) i) == 
-         v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))]
+         v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"#))]
     #[inline(always)]
     fn add(lhs: Self, rhs: &Self) -> Self {
         Self {
@@ -294,11 +294,11 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index (impl.f_repr ${result}) i) == 
-         v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))]
+         v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"#))]
     #[inline(always)]
     fn sub(lhs: Self, rhs: &Self) -> Self {
         Self {
@@ -306,11 +306,11 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${vec}) i) * v c)"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${vec}) i) * v c)"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index (impl.f_repr ${result}) i) == 
-         v (Seq.index (impl.f_repr ${vec}) i) * v c)"))]
+         v (Seq.index (impl.f_repr ${vec}) i) * v c)"#))]
     #[inline(always)]
     fn multiply_by_constant(vec: Self, c: i16) -> Self {
         Self {
@@ -318,7 +318,7 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"#))]
     #[inline(always)]
     fn bitwise_and_with_constant(vector: Self, constant: i16) -> Self {
         Self {
@@ -327,7 +327,7 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-    #[ensures(|out| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"))]
+    #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"#))]
     #[inline(always)]
     fn shift_right<const SHIFT_BY: i32>(vector: Self) -> Self {
         Self {
@@ -335,14 +335,14 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $vector)"))]
-    #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $vector)"#))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"#))]
     #[inline(always)]
     fn cond_subtract_3329(vector: Self) -> Self {
         cond_subtract_3329(vector)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (impl.f_repr ${vector})"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 (impl.f_repr ${vector})"#))]
     #[inline(always)]
     fn barrett_reduce(vector: Self) -> Self {
         Self {
@@ -350,7 +350,7 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 $constant"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 $constant"#))]
     #[inline(always)]
     fn montgomery_multiply_by_constant(vector: Self, constant: i16) -> Self {
         Self {
@@ -358,36 +358,36 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
-        v (Seq.index (impl.f_repr $vector) i) < 3329"))]
-    #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))]
+    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
+        v (Seq.index (impl.f_repr $vector) i) < 3329"#))]
+    #[ensures(|out| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"#))]
     #[inline(always)]
     fn compress_1(vector: Self) -> Self {
         compress_1(vector)
     }
 
-    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
             v $COEFFICIENT_BITS == 11) /\\
         (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
-            v (Seq.index (impl.f_repr $vector) i) < 3329)"))]
-    #[ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/
+            v (Seq.index (impl.f_repr $vector) i) < 3329)"#))]
+    #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
             v $COEFFICIENT_BITS == 11) ==>
-                (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"))]
+                (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"#))]
     #[inline(always)]
     fn compress<const COEFFICIENT_BITS: i32>(vector: Self) -> Self {
         compress::<COEFFICIENT_BITS>(vector)
     }
 
-    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
         v $COEFFICIENT_BITS == 5 \\/
         v $COEFFICIENT_BITS == 10 \\/
         v $COEFFICIENT_BITS == 11) /\\
     (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
-        v (Seq.index (impl.f_repr $vector) i) < pow2 (v $COEFFICIENT_BITS))"))]
+        v (Seq.index (impl.f_repr $vector) i) < pow2 (v $COEFFICIENT_BITS))"#))]
     #[inline(always)]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(vector: Self) -> Self {
         Self {
@@ -397,61 +397,61 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${vector})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))]
+                       Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${vector})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"#))]
     #[inline(always)]
     fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
         ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                       Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"#))]
     #[inline(always)]
     fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self {
         ntt_layer_2_step(vector, zeta0, zeta1)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                       Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                       Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"#))]
     #[inline(always)]
     fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self {
         ntt_layer_3_step(vector, zeta)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
-                       Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+                       Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
     fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
         inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
     fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self {
         inv_ntt_layer_2_step(vector, zeta0, zeta1)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
     fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self {
         inv_ntt_layer_3_step(vector, zeta)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
     fn ntt_multiply(
         lhs: &Self,
@@ -464,29 +464,29 @@ impl Operations for SIMD256Vector {
         ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"#))]
     #[inline(always)]
     fn serialize_1(vector: Self) -> [u8; 2] {
         serialize_1(vector)
     }
 
     #[requires(bytes.len() == 2)]
-    #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"#))]
     #[inline(always)]
     fn deserialize_1(bytes: &[u8]) -> Self {
         deserialize_1(bytes)
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"#))]
     #[inline(always)]
     fn serialize_4(vector: Self) -> [u8; 8] {
         serialize_4(vector)
     }
 
     #[requires(bytes.len() == 8)]
-    #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"#))]
     #[inline(always)]
     fn deserialize_4(bytes: &[u8]) -> Self {
         deserialize_4(bytes)
@@ -500,21 +500,21 @@ impl Operations for SIMD256Vector {
     #[requires(bytes.len() == 10)]
     #[inline(always)]
     fn deserialize_5(bytes: &[u8]) -> Self {
-        hax_lib::fstar!("assert (v (Core.Slice.impl__len $bytes) == Seq.length $bytes)");
+        hax_lib::fstar!(r#"assert (v (Core.Slice.impl__len $bytes) == Seq.length $bytes)"#);
         Self {
             elements: serialize::deserialize_5(bytes),
         }
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"#))]
     #[inline(always)]
     fn serialize_10(vector: Self) -> [u8; 20] {
         serialize_10(vector)
     }
 
     #[requires(bytes.len() == 20)]
-    #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"#))]
     #[inline(always)]
     fn deserialize_10(bytes: &[u8]) -> Self {
         deserialize_10(bytes)
@@ -533,15 +533,15 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"#))]
     #[inline(always)]
     fn serialize_12(vector: Self) -> [u8; 24] {
         serialize_12(vector)
     }
 
     #[requires(bytes.len() == 24)]
-    #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"#))]
     #[inline(always)]
     fn deserialize_12(bytes: &[u8]) -> Self {
         deserialize_12(bytes)
@@ -549,7 +549,7 @@ impl Operations for SIMD256Vector {
 
     #[requires(input.len() == 24 && output.len() == 16)]
     #[ensures(|result|
-        fstar!("Seq.length $output_future == Seq.length $output /\\ v $result <= 16")
+        fstar!(r#"Seq.length $output_future == Seq.length $output /\\ v $result <= 16"#)
     )]
     #[inline(always)]
     fn rej_sample(input: &[u8], output: &mut [i16]) -> usize {
diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
index 38cc0f4cd..1a46a54b6 100644
--- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
@@ -5,85 +5,95 @@ use super::*;
 #[inline(always)]
 #[hax_lib::fstar::before(interface, "open Libcrux_intrinsics.Avx2_extract")]
 #[hax_lib::fstar::before(
-    "
+    r#"
 let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma 
-  (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i))))
+  (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i))))
   (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) ==
             (v (get_lane lhs i) + v (get_lane rhs i))))
-  [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()"
+  [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()"#
 )]
-#[hax_lib::requires(fstar!("forall i. i < 16 ==> 
-    Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) + v (get_lane $rhs i))"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
-    v (get_lane $result i) == (v (get_lane $lhs i) + v (get_lane $rhs i))"))]
+#[hax_lib::requires(fstar!(r#"forall i. i < 16 ==> 
+    Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) + v (get_lane $rhs i))"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
+    v (get_lane $result i) == (v (get_lane $lhs i) + v (get_lane $rhs i))"#))]
 pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 {
     let result = mm256_add_epi16(lhs, rhs);
-    hax_lib::fstar!("assert (forall i. get_lane result i == get_lane lhs i +. get_lane rhs i);
-                     assert (forall i. v (get_lane result i) == v (get_lane lhs i) + v (get_lane rhs i))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane result i == get_lane lhs i +. get_lane rhs i);
+                     assert (forall i. v (get_lane result i) == v (get_lane lhs i) + v (get_lane rhs i))"#
+    );
     result
 }
 
 #[inline(always)]
 #[hax_lib::fstar::before(
-    "
+    r#"
 let lemma_sub_i (lhs rhs: t_Vec256) (i:nat):  Lemma 
-  (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i))))
+  (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i))))
   (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) ==
             (v (get_lane lhs i) - v (get_lane rhs i))))
-  [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()"
+  [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()"#
 )]
-#[hax_lib::requires(fstar!("forall i. i < 16 ==> 
-    Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) - v (get_lane $rhs i))"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
-    v (get_lane $result i) == (v (get_lane $lhs i) - v (get_lane $rhs i))"))]
+#[hax_lib::requires(fstar!(r#"forall i. i < 16 ==> 
+    Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) - v (get_lane $rhs i))"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
+    v (get_lane $result i) == (v (get_lane $lhs i) - v (get_lane $rhs i))"#))]
 pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 {
     let result = mm256_sub_epi16(lhs, rhs);
-    hax_lib::fstar!("assert (forall i. get_lane result i == get_lane lhs i -. get_lane rhs i);
-                     assert (forall i. v (get_lane result i) == v (get_lane lhs i) - v (get_lane rhs i))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane result i == get_lane lhs i -. get_lane rhs i);
+                     assert (forall i. v (get_lane result i) == v (get_lane lhs i) - v (get_lane rhs i))"#
+    );
     result
 }
 
 #[inline(always)]
 #[hax_lib::fstar::before(
-    "
+    r#"
 let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16):  Lemma 
-  (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c)))
+  (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c)))
   (ensures (v (mul_mod (get_lane lhs i) c) ==
             (v (get_lane lhs i) * v c)))
-  [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()"
+  [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()"#
 )]
-#[hax_lib::requires(fstar!("forall i. i < 16 ==> 
-    Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $vector i) * v constant)"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
-    v (get_lane $result i) == (v (get_lane $vector i) * v constant)"))]
+#[hax_lib::requires(fstar!(r#"forall i. i < 16 ==> 
+    Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $vector i) * v constant)"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
+    v (get_lane $result i) == (v (get_lane $vector i) * v constant)"#))]
 pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 {
     let cv = mm256_set1_epi16(constant);
     let result = mm256_mullo_epi16(vector, cv);
-    hax_lib::fstar!("Seq.lemma_eq_intro (vec256_as_i16x16 ${result})
-                        (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))");
+    hax_lib::fstar!(
+        r#"Seq.lemma_eq_intro (vec256_as_i16x16 ${result})
+                        (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"#
+    );
 
-    hax_lib::fstar!("assert (forall i. get_lane result i == get_lane vector i *. constant);
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane result i == get_lane vector i *. constant);
                      assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant);
-                     assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant)");
+                     assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant)"#
+    );
     result
 }
 
 #[inline(always)]
-#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == 
-                           Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))]
+#[hax_lib::ensures(|result| fstar!(r#"Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == 
+                           Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"#))]
 pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 {
     let cv = mm256_set1_epi16(constant);
     let result = mm256_and_si256(vector, cv);
-    hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result})
-                        (Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))");
+    hax_lib::fstar!(
+        r#"Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result})
+                        (Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"#
+    );
     result
 }
 
 #[inline(always)]
 #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> 
+#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> 
                             Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == 
-                            Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))]
+                            Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"#))]
 pub(crate) fn shift_right<const SHIFT_BY: i32>(vector: Vec256) -> Vec256 {
     let result = mm256_srai_epi16::<{ SHIFT_BY }>(vector);
     hax_lib::fstar!(
@@ -95,14 +105,14 @@ pub(crate) fn shift_right<const SHIFT_BY: i32>(vector: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"#))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
                 get_lane $result i == 
-                (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))]
+                (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"#))]
 pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 {
     let field_modulus = mm256_set1_epi16(FIELD_MODULUS);
-    hax_lib::fstar!("assert (forall i. get_lane $field_modulus i == 3329s)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $field_modulus i == 3329s)"#);
     // Compute v_i - Q and crate a mask from the sign bit of each of these
     // quantities.
     let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus);
@@ -117,12 +127,16 @@ pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 {
 
     // If v_i - Q < 0 then add back Q to (v_i - Q).
     let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus);
-    hax_lib::fstar!("assert (forall i. get_lane $conditional_add_field_modulus i == (get_lane $sign_mask i &. 3329s))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $conditional_add_field_modulus i == (get_lane $sign_mask i &. 3329s))"#
+    );
 
     let result = mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus);
-    hax_lib::fstar!("assert (forall i. get_lane $result i == (get_lane $v_minus_field_modulus i +. get_lane $conditional_add_field_modulus i));
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $result i == (get_lane $v_minus_field_modulus i +. get_lane $conditional_add_field_modulus i));
                      assert (forall i. get_lane $result i == Spec.Utils.cond_sub (get_lane $vector i));
-                     assert (forall i. get_lane $result i == (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i))");
+                     assert (forall i. get_lane $result i == (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i))"#
+    );
 
     result
 }
@@ -132,18 +146,20 @@ const BARRETT_MULTIPLIER: i16 = 20159;
 /// See Section 3.2 of the implementation notes document for an explanation
 /// of this code.
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"#))]
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 
-                                      (v (get_lane $vector i) % 3329))")))]
+                                      (v (get_lane $vector i) % 3329))"#)))]
 pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 {
     let t0 = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER));
-    hax_lib::fstar!("assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))"#
+    );
     let t512 = mm256_set1_epi16(512);
-    hax_lib::fstar!("assert (forall i. get_lane $t512 i == 512s)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $t512 i == 512s)"#);
     let t1 = mm256_add_epi16(t0, t512);
-    hax_lib::fstar!("assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"#);
     let quotient = mm256_srai_epi16::<10>(t1);
     hax_lib::fstar!(
         "assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))"
@@ -154,48 +170,57 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 {
                      get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)"
     );
     let result = mm256_sub_epi16(vector, quotient_times_field_modulus);
-    hax_lib::fstar!("assert (forall i. get_lane $result i ==
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $result i ==
                                        get_lane $vector i -.  get_lane $quotient_times_field_modulus i);
                     assert (forall i. get_lane $result i == Spec.Utils.barrett_red (get_lane $vector i));
                     assert (forall i. v (get_lane $result i) % 3329 == v (get_lane $vector i) % 3329);
                     assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i));
                     assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i));
-                    assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result))");
+                    assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result))"#
+    );
     result
 }
 
 #[inline(always)]
 #[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100 --ext context_pruning"))]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 constant"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 
-                                      ((v (get_lane $vector i) * v constant * 169) % 3329))")))]
+                                      ((v (get_lane $vector i) * v constant * 169) % 3329))"#)))]
 pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 {
     let vec_constant = mm256_set1_epi16(constant);
-    hax_lib::fstar!("assert (forall i. get_lane $vec_constant i == $constant)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $vec_constant i == $constant)"#);
     let value_low = mm256_mullo_epi16(vector, vec_constant);
-    hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vector i *. $constant)");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $value_low i == get_lane $vector i *. $constant)"#
+    );
     let k = mm256_mullo_epi16(
         value_low,
         mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16),
     );
-    hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"#);
     let modulus = mm256_set1_epi16(FIELD_MODULUS);
-    hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == 3329s)"#);
     let k_times_modulus = mm256_mulhi_epi16(k, modulus);
-    hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == 
+    hax_lib::fstar!(
+        r#"assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == 
                         Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16)
                                 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k)
                                 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus));
                      assert (forall i. get_lane $k_times_modulus i == 
-                        (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))");
+                        (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"#
+    );
 
     let value_high = mm256_mulhi_epi16(vector, vec_constant);
-    hax_lib::fstar!("assert (forall i. get_lane $value_high i == 
-        (cast (((cast (get_lane $vector i) <: i32) *. (cast (get_lane $vec_constant i) <: i32)) >>! 16l) <: i16))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $value_high i == 
+        (cast (((cast (get_lane $vector i) <: i32) *. (cast (get_lane $vec_constant i) <: i32)) >>! 16l) <: i16))"#
+    );
 
     let result = mm256_sub_epi16(value_high, k_times_modulus);
-    hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32);
+    hax_lib::fstar!(
+        r#"Spec.Utils.lemma_range_at_percent 3329 (pow2 32);
                     assert (v (cast 3329s <: i32) == (3329 @% pow2 32));
                     assert (v (cast 3329s <: i32) == 3329);
                     assert ((cast 3329s <: i32) == 3329l);
@@ -204,16 +229,17 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) ->
                     assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i));
                     assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i));
                     assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result));
-                    assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vector i) * v $constant * 169) % 3329))");
+                    assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vector i) * v $constant * 169) % 3329))"#
+    );
     result
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"#))]
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 
-                                      ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))")))]
+                                      ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"#)))]
 pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -> Vec256 {
     let value_low = mm256_mullo_epi16(vec, constants);
     hax_lib::fstar!(
@@ -224,25 +250,30 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -
         value_low,
         mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16),
     );
-    hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"#);
 
     let modulus = mm256_set1_epi16(FIELD_MODULUS);
-    hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == 3329s)"#);
 
     let k_times_modulus = mm256_mulhi_epi16(k, modulus);
-    hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == 
+    hax_lib::fstar!(
+        r#"assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == 
                         Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16)
                                 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k)
                                 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus));
                     assert (forall i. get_lane $k_times_modulus i == 
-                        (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))");
+                        (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"#
+    );
 
     let value_high = mm256_mulhi_epi16(vec, constants);
-    hax_lib::fstar!("assert (forall i. get_lane $value_high i == 
-            (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane $value_high i == 
+            (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))"#
+    );
 
     let result = mm256_sub_epi16(value_high, k_times_modulus);
-    hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32);
+    hax_lib::fstar!(
+        r#"Spec.Utils.lemma_range_at_percent 3329 (pow2 32);
                     assert (v (cast 3329s <: i32) == (3329 @% pow2 32));
                     assert (v (cast 3329s <: i32) == 3329);
                     assert ((cast 3329s <: i32) == 3329l);
@@ -251,18 +282,19 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -
                     assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i));
                     assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i));
                     assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result));
-                    assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))");
+                    assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"#
+    );
     result
 }
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (3328 * pow2 16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec))")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (3328 * pow2 16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec))"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\
                 (Spec.Utils.is_i16b_array (3328 * pow2 15) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec) ==>
-                 Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)) /\\
+                 Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)) /\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 
-                                      ((v (get_lane $vec i) * 169) % 3329))")))]
+                                      ((v (get_lane $vec i) * 169) % 3329))"#)))]
 pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 {
     let k = mm256_mullo_epi16(
         vec,
@@ -280,14 +312,16 @@ pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\\
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"#))]
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\
                 (forall i. i < 8 ==> v (get_lane128 $result i) % 3329 == 
-                                      ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))")))]
+                                      ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"#)))]
 pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec128) -> Vec128 {
     let value_low = mm_mullo_epi16(vec, constants);
-    hax_lib::fstar!("assert (forall i. get_lane128 $value_low i == get_lane128 $vec i *. get_lane128 $constants i)");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane128 $value_low i == get_lane128 $vec i *. get_lane128 $constants i)"#
+    );
 
     let k = mm_mullo_epi16(
         value_low,
@@ -298,22 +332,27 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec
     );
 
     let modulus = mm_set1_epi16(FIELD_MODULUS);
-    hax_lib::fstar!("assert (forall i. get_lane128 $modulus i == 3329s)");
+    hax_lib::fstar!(r#"assert (forall i. get_lane128 $modulus i == 3329s)"#);
 
     let k_times_modulus = mm_mulhi_epi16(k, modulus);
-    hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k_times_modulus == 
+    hax_lib::fstar!(
+        r#"assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k_times_modulus == 
                         Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16)
                                 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k)
                                 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $modulus));
                     assert (forall i. get_lane128 $k_times_modulus i == 
-                        (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))");
+                        (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))"#
+    );
 
     let value_high = mm_mulhi_epi16(vec, constants);
-    hax_lib::fstar!("assert (forall i. get_lane128 $value_high i == 
-                        (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))");
+    hax_lib::fstar!(
+        r#"assert (forall i. get_lane128 $value_high i == 
+                        (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))"#
+    );
 
     let result = mm_sub_epi16(value_high, k_times_modulus);
-    hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32);
+    hax_lib::fstar!(
+        r#"Spec.Utils.lemma_range_at_percent 3329 (pow2 32);
                     assert (v (cast 3329s <: i32) == (3329 @% pow2 32));
                     assert (v (cast 3329s <: i32) == 3329);
                     assert ((cast 3329s <: i32) == 3329l);
@@ -322,7 +361,8 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec
                     assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 $result i));
                     assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 $result i));
                     assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result));
-                    assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))");
+                    assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"#
+    );
 
     result
 }
diff --git a/libcrux-ml-kem/src/vector/avx2/compress.rs b/libcrux-ml-kem/src/vector/avx2/compress.rs
index 9d02e9730..bd428426b 100644
--- a/libcrux-ml-kem/src/vector/avx2/compress.rs
+++ b/libcrux-ml-kem/src/vector/avx2/compress.rs
@@ -38,8 +38,8 @@ pub(crate) fn compress_message_coefficient(vector: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype /\\
-    range (v (1l <<! $COEFFICIENT_BITS) - 1) i32_inttype"))]
+#[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype /\\
+    range (v (1l <<! $COEFFICIENT_BITS) - 1) i32_inttype"#))]
 pub(crate) fn compress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
     vector: Vec256,
 ) -> Vec256 {
@@ -105,7 +105,7 @@ pub(crate) fn compress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype"))]
+#[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype"#))]
 pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
     vector: Vec256,
 ) -> Vec256 {
diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs
index eedc0a1fd..14701b96c 100644
--- a/libcrux-ml-kem/src/vector/avx2/ntt.rs
+++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs
@@ -1,7 +1,7 @@
 use super::*;
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"#))]
 pub(crate) fn ntt_layer_1_step(
     vector: Vec256,
     zeta0: i16,
@@ -23,7 +23,7 @@ pub(crate) fn ntt_layer_1_step(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"#))]
 pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 {
     let zetas = mm256_set_epi16(
         -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0,
@@ -39,7 +39,7 @@ pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta"#))]
 pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
     let rhs = mm256_extracti128_si256::<1>(vector);
     let rhs = arithmetic::montgomery_multiply_m128i_by_constants(rhs, mm_set1_epi16(zeta));
@@ -57,7 +57,7 @@ pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"#))]
 pub(crate) fn inv_ntt_layer_1_step(
     vector: Vec256,
     zeta0: i16,
@@ -87,7 +87,7 @@ pub(crate) fn inv_ntt_layer_1_step(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"#))]
 pub(crate) fn inv_ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 {
     let lhs = mm256_permute4x64_epi64::<0b11_11_01_01>(vector);
 
@@ -109,7 +109,7 @@ pub(crate) fn inv_ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Ve
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta"#))]
 pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
     let lhs = mm256_extracti128_si256::<1>(vector);
     let rhs = mm256_castsi256_si128(vector);
@@ -128,7 +128,7 @@ pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"#))]
 pub(crate) fn ntt_multiply(
     lhs: Vec256,
     rhs: Vec256,
diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs
index 7c3f0b500..d4451fdad 100644
--- a/libcrux-ml-kem/src/vector/avx2/serialize.rs
+++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs
@@ -3,8 +3,8 @@ use crate::vector::portable::PortableVector;
 
 #[inline(always)]
 #[hax_lib::fstar::options("--ext context_pruning --compat_pre_core 0")]
-#[hax_lib::requires(fstar!("forall i. i % 16 >= 1 ==> vector i == 0"))]
-#[hax_lib::ensures(|result| fstar!("forall i. bit_vec_of_int_t_array $result 8 i == $vector (i * 16)"))]
+#[hax_lib::requires(fstar!(r#"forall i. i % 16 >= 1 ==> vector i == 0"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. bit_vec_of_int_t_array $result 8 i == $vector (i * 16)"#))]
 pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] {
     // Suppose |vector| is laid out as follows (superscript number indicates the
     // corresponding bit is duplicated that many times):
@@ -179,7 +179,7 @@ fn mm256_concat_pairs_n(n: u8, x: Vec256) -> Vec256 {
         r#"forall (i: nat{i < 256}). i % 16 < 4 || $vector i = 0"#
     )
 )]
-#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 64}). bit_vec_of_int_t_array $r 8 i == $vector ((i/4) * 16 + i%4)"))]
+#[hax_lib::ensures(|r| fstar!(r#"forall (i: nat{i < 64}). bit_vec_of_int_t_array $r 8 i == $vector ((i/4) * 16 + i%4)"#))]
 #[inline(always)]
 pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] {
     let mut serialized = [0u8; 16];
@@ -504,11 +504,11 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 {
 
 #[inline(always)]
 #[hax_lib::fstar::options("--ext context_pruning --split_queries always")]
-#[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))]
-#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i/10) * 16 + i%10)"))]
+#[hax_lib::requires(fstar!(r#"forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"#))]
+#[hax_lib::ensures(|r| fstar!(r#"forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i/10) * 16 + i%10)"#))]
 pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] {
     #[hax_lib::fstar::options("--ext context_pruning --split_queries always")]
-    #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))]
+    #[hax_lib::requires(fstar!(r#"forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"#))]
     #[hax_lib::ensures(|(lower_8, upper_8)| fstar!(
         r#"
          forall (i: nat{i < 160}).
@@ -686,12 +686,12 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 {
 
 #[inline(always)]
 #[hax_lib::fstar::options("--ext context_pruning --split_queries always")]
-#[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"))]
-#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i/12) * 16 + i%12)"))]
+#[hax_lib::requires(fstar!(r#"forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"#))]
+#[hax_lib::ensures(|r| fstar!(r#"forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i/12) * 16 + i%12)"#))]
 pub(crate) fn serialize_12(vector: Vec256) -> [u8; 24] {
     #[inline(always)]
     #[hax_lib::fstar::options("--ext context_pruning --split_queries always")]
-    #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"))]
+    #[hax_lib::requires(fstar!(r#"forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"#))]
     #[hax_lib::ensures(|(lower_8, upper_8)| fstar!(
         r#"
          forall (i: nat{i < 192}).
diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs
index bd3be862a..c961c654d 100644
--- a/libcrux-ml-kem/src/vector/neon.rs
+++ b/libcrux-ml-kem/src/vector/neon.rs
@@ -26,18 +26,18 @@ impl crate::vector::traits::Repr for SIMD128Vector {
 #[hax_lib::attributes]
 impl Operations for SIMD128Vector {
     #[inline(always)]
-    #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 0s"#))]
     fn ZERO() -> Self {
         ZERO()
     }
 
     #[requires(array.len() == 16)]
-    #[ensures(|out| fstar!("impl.f_repr out == $array"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == $array"#))]
     fn from_i16_array(array: &[i16]) -> Self {
         from_i16_array(array)
     }
 
-    #[ensures(|out| fstar!("out == impl.f_repr $x"))]
+    #[ensures(|out| fstar!(r#"out == impl.f_repr $x"#))]
     fn to_i16_array(x: Self) -> [i16; 16] {
         to_i16_array(x)
     }
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index 3eb62aa28..cc997b79e 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -21,36 +21,40 @@ impl crate::vector::traits::Repr for PortableVector {
     }
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> 
-                                 Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> 
+                                 Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"#))]
 fn serialize_1(a: PortableVector) -> [u8; 2] {
-    hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)");
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a");
+    hax_lib::fstar!(
+        r#"assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"#
+    );
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"#);
     serialize::serialize_1(a)
 }
 
 #[hax_lib::requires(a.len() == 2)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"#))]
 fn deserialize_1(a: &[u8]) -> PortableVector {
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a");
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a");
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"#);
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a"#);
     serialize::deserialize_1(a)
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"#))]
 fn serialize_4(a: PortableVector) -> [u8; 8] {
-    hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)");
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a");
+    hax_lib::fstar!(
+        r#"assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"#
+    );
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"#);
     serialize::serialize_4(a)
 }
 
 #[hax_lib::requires(a.len() == 8)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"#))]
 fn deserialize_4(a: &[u8]) -> PortableVector {
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a");
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a");
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"#);
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a"#);
     serialize::deserialize_4(a)
 }
 
@@ -63,18 +67,18 @@ fn deserialize_5(a: &[u8]) -> PortableVector {
     serialize::deserialize_5(a)
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"#))]
 fn serialize_10(a: PortableVector) -> [u8; 20] {
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a");
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"#);
     serialize::serialize_10(a)
 }
 
 #[hax_lib::requires(a.len() == 20)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"#))]
 fn deserialize_10(a: &[u8]) -> PortableVector {
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a");
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a");
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"#);
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a"#);
     serialize::deserialize_10(a)
 }
 
@@ -87,18 +91,18 @@ fn deserialize_11(a: &[u8]) -> PortableVector {
     serialize::deserialize_11(a)
 }
 
-#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))]
-#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))]
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"#))]
+#[hax_lib::ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"#))]
 fn serialize_12(a: PortableVector) -> [u8; 24] {
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a");
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"#);
     serialize::serialize_12(a)
 }
 
 #[hax_lib::requires(a.len() == 24)]
-#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))]
+#[hax_lib::ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"#))]
 fn deserialize_12(a: &[u8]) -> PortableVector {
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a");
-    hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a");
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"#);
+    hax_lib::fstar!(r#"Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a"#);
     serialize::deserialize_12(a)
 }
 
@@ -106,157 +110,157 @@ fn deserialize_12(a: &[u8]) -> PortableVector {
 #[hax_lib::fstar::after(r#"#pop-options"#)]
 #[hax_lib::attributes]
 impl Operations for PortableVector {
-    #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 0s"#))]
     fn ZERO() -> Self {
         zero()
     }
 
     #[requires(array.len() == 16)]
-    #[ensures(|out| fstar!("impl.f_repr out == $array"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == $array"#))]
     fn from_i16_array(array: &[i16]) -> Self {
         from_i16_array(array)
     }
 
-    #[ensures(|out| fstar!("out == impl.f_repr $x"))]
+    #[ensures(|out| fstar!(r#"out == impl.f_repr $x"#))]
     fn to_i16_array(x: Self) -> [i16; 16] {
         to_i16_array(x)
     }
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index ${result}.f_elements i) == 
-         v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))]
+         v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"#))]
     fn add(lhs: Self, rhs: &Self) -> Self {
         add(lhs, rhs)
     }
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index ${result}.f_elements i) == 
-         v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))]
+         v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"#))]
     fn sub(lhs: Self, rhs: &Self) -> Self {
         sub(lhs, rhs)
     }
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index ${result}.f_elements i) == 
-        v (Seq.index ${vec}.f_elements i) * v c)"))]
+        v (Seq.index ${vec}.f_elements i) * v c)"#))]
     fn multiply_by_constant(vec: Self, c: i16) -> Self {
         multiply_by_constant(vec, c)
     }
 
-    #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"#))]
     fn bitwise_and_with_constant(v: Self, c: i16) -> Self {
         bitwise_and_with_constant(v, c)
     }
 
     #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-    #[ensures(|out| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))]
+    #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"#))]
     fn shift_right<const SHIFT_BY: i32>(v: Self) -> Self {
         shift_right::<{ SHIFT_BY }>(v)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $v)"))]
-    #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $v)"#))]
+    #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"#))]
     fn cond_subtract_3329(v: Self) -> Self {
         cond_subtract_3329(v)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (impl.f_repr ${v})"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 (impl.f_repr ${v})"#))]
     fn barrett_reduce(v: Self) -> Self {
         barrett_reduce(v)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 $r"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 $r"#))]
     fn montgomery_multiply_by_constant(v: Self, r: i16) -> Self {
         montgomery_multiply_by_constant(v, r)
     }
 
-    #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
-        v (Seq.index (impl.f_repr $a) i) < 3329"))]
-    #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))]
+    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
+        v (Seq.index (impl.f_repr $a) i) < 3329"#))]
+    #[ensures(|out| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"#))]
     fn compress_1(a: Self) -> Self {
         compress_1(a)
     }
 
-    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
             v $COEFFICIENT_BITS == 11) /\\
         (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
-            v (Seq.index (impl.f_repr $a) i) < 3329)"))]
-    #[ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/
+            v (Seq.index (impl.f_repr $a) i) < 3329)"#))]
+    #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
             v $COEFFICIENT_BITS == 11) ==>
-                (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"))]
+                (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"#))]
     fn compress<const COEFFICIENT_BITS: i32>(a: Self) -> Self {
         compress::<COEFFICIENT_BITS>(a)
     }
 
-    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
         v $COEFFICIENT_BITS == 5 \\/
         v $COEFFICIENT_BITS == 10 \\/
         v $COEFFICIENT_BITS == 11) /\\
     (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
-        v (Seq.index (impl.f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"))]
+        v (Seq.index (impl.f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"#))]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self {
         decompress_ciphertext_coefficient::<COEFFICIENT_BITS>(a)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
-                       Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))]
+                       Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"#))]
     fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
         ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                       Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"#))]
     fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self {
         ntt_layer_2_step(a, zeta0, zeta1)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                       Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                       Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"#))]
     fn ntt_layer_3_step(a: Self, zeta: i16) -> Self {
         ntt_layer_3_step(a, zeta)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+                       Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
         inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self {
         inv_ntt_layer_2_step(a, zeta0, zeta1)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self {
         inv_ntt_layer_3_step(a, zeta)
     }
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn ntt_multiply(
         lhs: &Self,
         rhs: &Self,
@@ -268,26 +272,26 @@ impl Operations for PortableVector {
         ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"#))]
     fn serialize_1(a: Self) -> [u8; 2] {
         serialize_1(a)
     }
 
     #[requires(a.len() == 2)]
-    #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"#))]
     fn deserialize_1(a: &[u8]) -> Self {
         deserialize_1(a)
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"#))]
     fn serialize_4(a: Self) -> [u8; 8] {
         serialize_4(a)
     }
 
     #[requires(a.len() == 8)]
-    #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"#))]
     fn deserialize_4(a: &[u8]) -> Self {
         deserialize_4(a)
     }
@@ -301,14 +305,14 @@ impl Operations for PortableVector {
         deserialize_5(a)
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"#))]
     fn serialize_10(a: Self) -> [u8; 20] {
         serialize_10(a)
     }
 
     #[requires(a.len() == 20)]
-    #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"#))]
     fn deserialize_10(a: &[u8]) -> Self {
         deserialize_10(a)
     }
@@ -322,21 +326,21 @@ impl Operations for PortableVector {
         deserialize_11(a)
     }
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))]
-    #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"#))]
+    #[ensures(|out| fstar!(r#"Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"#))]
     fn serialize_12(a: Self) -> [u8; 24] {
         serialize_12(a)
     }
 
     #[requires(a.len() == 24)]
-    #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))]
+    #[ensures(|out| fstar!(r#"sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"#))]
     fn deserialize_12(a: &[u8]) -> Self {
         deserialize_12(a)
     }
 
     #[requires(a.len() == 24 && out.len() == 16)]
     #[ensures(|result|
-        fstar!("Seq.length $out_future == Seq.length $out /\\ v $result <= 16")
+        fstar!(r#"Seq.length $out_future == Seq.length $out /\\ v $result <= 16"#)
     )]
     fn rej_sample(a: &[u8], out: &mut [i16]) -> usize {
         rej_sample(a, out)
diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
index 64b92baed..9e909c2b6 100644
--- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
@@ -22,7 +22,7 @@ pub(crate) const BARRETT_MULTIPLIER: i32 = 20159;
 
 #[hax_lib::fstar::options("--z3rlimit 150 --split_queries always")]
 #[cfg_attr(hax, hax_lib::requires(n <= 16))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("v result == v value % pow2(v n)")))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"v result == v value % pow2(v n)"#)))]
 #[inline(always)]
 pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 {
     let res = value & ((1 << n) - 1);
@@ -46,19 +46,21 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 {
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[hax_lib::requires(fstar!("forall i. i < 16 ==> 
-    Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
+#[hax_lib::requires(fstar!(r#"forall i. i < 16 ==> 
+    Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
     (v (Seq.index ${result}.f_elements i) == 
-     v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))]
+     v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"#))]
 pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
     let _lhs0 = lhs;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == 
                                      (Seq.index ${_lhs0}.f_elements j) +! (Seq.index ${rhs}.f_elements j)) /\\
-              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))")
+              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))"#
+            )
         });
         lhs.elements[i] += rhs.elements[i];
     }
@@ -70,19 +72,21 @@ pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("forall i. i < 16 ==> 
-    Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
+#[hax_lib::requires(fstar!(r#"forall i. i < 16 ==> 
+    Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
     (v (Seq.index ${result}.f_elements i) == 
-     v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))]
+     v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"#))]
 pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
     let _lhs0 = lhs;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == 
                                      (Seq.index ${_lhs0}.f_elements j) -! (Seq.index ${rhs}.f_elements j)) /\\
-              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))")
+              (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))"#
+            )
         });
         lhs.elements[i] -= rhs.elements[i];
     }
@@ -94,19 +98,21 @@ pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!("forall i. i < 16 ==> 
-    Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"))]
-#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> 
+#[hax_lib::requires(fstar!(r#"forall i. i < 16 ==> 
+    Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
     (v (Seq.index ${result}.f_elements i) == 
-     v (Seq.index ${vec}.f_elements i) * v c)"))]
+     v (Seq.index ${vec}.f_elements i) * v c)"#))]
 pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==> (Seq.index ${vec}.f_elements j) == 
                                      (Seq.index ${_vec0}.f_elements j) *! c) /\\
-              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))")
+              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))"#
+            )
         });
         vec.elements[i] *= c;
     }
@@ -118,38 +124,46 @@ pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
 }
 
 #[inline(always)]
-#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${vec}.f_elements)"))]
+#[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${vec}.f_elements)"#))]
 pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (Seq.index ${_vec0}.f_elements j &. c)) /\\
-              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)")
+              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"#
+            )
         });
         vec.elements[i] &= c;
     }
-    hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)");
+    hax_lib::fstar!(
+        r#"Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)"#
+    );
     vec
 }
 
 #[inline(always)]
 #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> 
-        ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"))]
+#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> 
+        ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"#))]
 pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (Seq.index ${_vec0}.f_elements j >>! ${SHIFT_BY})) /\\
-              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)")
+              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"#
+            )
         });
         vec.elements[i] = vec.elements[i] >> SHIFT_BY;
     }
-    hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)");
+    hax_lib::fstar!(
+        r#"Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)"#
+    );
     vec
 }
 
@@ -157,26 +171,28 @@ pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVect
 /// Only use with public values.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array 
-                (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == Spec.Utils.map_array 
+                (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"#))]
 pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (let x = Seq.index ${_vec0}.f_elements j in
                                       if x >=. 3329s then x -! 3329s else x)) /\\
-              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)")
+              (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"#
+            )
         });
         if vec.elements[i] >= 3329 {
             vec.elements[i] -= 3329
         }
     }
     hax_lib::fstar!(
-        "Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array 
-                            (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"
+        r#"Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array 
+                            (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"#
     );
     vec
 }
@@ -194,20 +210,20 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
 /// Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS
 ///
 #[hax_lib::fstar::options("--z3rlimit 150 --ext context_pruning")]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 28296 value")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\
-                v result % 3329 == v value % 3329")))]
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 28296 value"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 3328 result /\\
+                v result % 3329 == v value % 3329"#)))]
 pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
     let t = (i32::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1);
     hax_lib::fstar!(
         "assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329));
                      assert (v t = v value * v v_BARRETT_MULTIPLIER + pow2 25)"
     );
-    hax_lib::fstar!("assert (v t / pow2 26 < 9)");
-    hax_lib::fstar!("assert (v t / pow2 26 > - 9)");
+    hax_lib::fstar!(r#"assert (v t / pow2 26 < 9)"#);
+    hax_lib::fstar!(r#"assert (v t / pow2 26 > - 9)"#);
     let quotient = (t >> BARRETT_SHIFT) as i16;
-    hax_lib::fstar!("assert (v quotient = v t / pow2 26)");
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b 9 quotient)");
+    hax_lib::fstar!(r#"assert (v quotient = v t / pow2 26)"#);
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b 9 quotient)"#);
     let result = value - (quotient * FIELD_MODULUS);
     hax_lib::fstar!(
         "calc (==) {
@@ -227,27 +243,31 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 ${vec}.f_elements")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 ${vec}.f_elements"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
                 (forall i. (v (Seq.index ${result}.f_elements i) % 3329) == 
-                           (v (Seq.index ${vec}.f_elements i) % 3329))")))]
+                           (v (Seq.index ${vec}.f_elements i) % 3329))"#)))]
 pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
                 (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\
                                         v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329))) /\\
                 (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\\
-                                         Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))")
+                                         Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))"#
+            )
         });
         let vi = barrett_reduce_element(vec.elements[i]);
         vec.elements[i] = vi;
-        hax_lib::fstar!("assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1);
+        hax_lib::fstar!(
+            r#"assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1);
                          assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j));
                          assert(Spec.Utils.is_i16b 3328 vi);
                          assert(Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i)));
-                         assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j))");
+                         assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j))"#
+        );
     }
     vec
 }
@@ -266,10 +286,10 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
 /// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664
 ///
 #[hax_lib::fstar::options("--z3rlimit 500 --split_queries always")]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i32b (3328 * pow2 16) value "#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b (3328 + 1665) result /\\
                 (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\\
-                v result % 3329 == (v value * 169) % 3329")))]
+                v result % 3329 == (v value * 169) % 3329"#)))]
 pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
     // This forces hax to extract code for MONTGOMERY_R before it extracts code
     // for this function. The removal of this line is being tracked in:
@@ -277,15 +297,19 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
     let _ = MONTGOMERY_R;
 
     let k = (value as i16) as i32 * (INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32);
-    hax_lib::fstar!("assert(v (cast (cast (value <: i32) <: i16) <: i32) == v value @% pow2 16);
+    hax_lib::fstar!(
+        r#"assert(v (cast (cast (value <: i32) <: i16) <: i32) == v value @% pow2 16);
                      assert(v k == (v value @% pow2 16) * 62209);
                      assert(v (cast (cast (k <: i32) <: i16) <: i32) == v k @% pow2 16);
                      assert(v (cast (cast (k <: i32) <: i16) <: i32) < pow2 15);
                      assert(v (cast (cast (k <: i32) <: i16) <: i32) >= -pow2 15);
-                     assert(v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) == 3329)");
+                     assert(v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) == 3329)"#
+    );
     let k_times_modulus = (k as i16 as i32) * (FIELD_MODULUS as i32);
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 15) (3329) (cast (k <: i32) <: i16) Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS;
-                     assert (Spec.Utils.is_i32b (pow2 15 * 3329) k_times_modulus)");
+    hax_lib::fstar!(
+        r#"Spec.Utils.lemma_mul_i16b (pow2 15) (3329) (cast (k <: i32) <: i16) Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS;
+                     assert (Spec.Utils.is_i32b (pow2 15 * 3329) k_times_modulus)"#
+    );
     let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16;
     hax_lib::fstar!(
         "assert (v k_times_modulus < pow2 31);
@@ -295,19 +319,22 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
                      assert(Spec.Utils.is_i16b 1665 c)"
     );
     let value_high = (value >> MONTGOMERY_SHIFT) as i16;
-    hax_lib::fstar!("assert (v value < pow2 31);
+    hax_lib::fstar!(
+        r#"assert (v value < pow2 31);
                      assert (v value / pow2 16 < pow2 15);
                      assert (v value_high == (v value / pow2 16) @% pow2 16);
                      Spec.Utils.lemma_div_at_percent (v value) (pow2 16);
                      assert (v value_high == (v value / pow2 16)); 
                      assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high);
-                     assert(Spec.Utils.is_i16b 3328 value_high)");
+                     assert(Spec.Utils.is_i16b 3328 value_high)"#
+    );
     let res = value_high - c;
-    hax_lib::fstar!("assert(Spec.Utils.is_i16b (3328 + 1665) res)");
+    hax_lib::fstar!(r#"assert(Spec.Utils.is_i16b (3328 + 1665) res)"#);
     hax_lib::fstar!(
         "assert(Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res)"
     );
-    hax_lib::fstar!("calc ( == ) {
+    hax_lib::fstar!(
+        r#"calc ( == ) {
         v k_times_modulus % pow2 16;
           ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) }
         ((v k @% pow2 16) * 3329) % pow2 16;
@@ -323,8 +350,10 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
         (v value) % pow2 16;
         };
       Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v value) (v k_times_modulus);
-      assert ((v value - v k_times_modulus) % pow2 16 == 0)");
-    hax_lib::fstar!("calc ( == ) {
+      assert ((v value - v k_times_modulus) % pow2 16 == 0)"#
+    );
+    hax_lib::fstar!(
+        r#"calc ( == ) {
         v res % 3329;
             ( == ) { assert (v res == v value_high - v c) }
         (v value / pow2 16 - v k_times_modulus / pow2 16) % 3329 ;
@@ -340,7 +369,8 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
         ((v value * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; 
             ( == ) { Math.Lemmas.lemma_mod_sub (v value * 169) 3329 ((v k @% pow2 16) * 169)}
         (v value * 169) % 3329;  
-        }");
+        }"#
+    );
     res
 }
 
@@ -354,36 +384,38 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
 /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 fer")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\
-                v result % 3329 == (v fe * v fer * 169) % 3329")))]
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 fer"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 3328 result /\\
+                v result % 3329 == (v fe * v fer * 169) % 3329"#)))]
 pub(crate) fn montgomery_multiply_fe_by_fer(
     fe: FieldElement,
     fer: FieldElementTimesMontgomeryR,
 ) -> FieldElement {
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 15) (1664) fe fer");
+    hax_lib::fstar!(r#"Spec.Utils.lemma_mul_i16b (pow2 15) (1664) fe fer"#);
     let product = (fe as i32) * (fer as i32);
     montgomery_reduce_element(product)
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 c")))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("
+#[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 c"#)))]
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"
 Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
 (forall i. i < 16 ==> 
     (v (Seq.index ${result}.f_elements i) % 3329 == 
-       (v (Seq.index ${vec}.f_elements i) * v c * 169) %3329))")))]
+       (v (Seq.index ${vec}.f_elements i) * v c * 169) %3329))"#)))]
 pub(crate) fn montgomery_multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
     let _vec0 = vec;
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("
+            fstar!(
+                r#"
               (forall j. j < v i ==>
 	      	  (let vecj = Seq.index ${vec}.f_elements j in
 		       (Spec.Utils.is_i16b 3328 vecj /\\
                 v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\\
-              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))")
+              (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))"#
+            )
         });
         vec.elements[i] = montgomery_multiply_fe_by_fer(vec.elements[i], c)
     }
diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs
index d9628d539..3b9d946ee 100644
--- a/libcrux-ml-kem/src/vector/portable/compress.rs
+++ b/libcrux-ml-kem/src/vector/portable/compress.rs
@@ -36,7 +36,7 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     // If 833 <= fe <= 2496,
     // then -832 <= shifted <= 831
     let shifted: i16 = 1664 - (fe as i16);
-    hax_lib::fstar!("assert (v $shifted == 1664 - v $fe)");
+    hax_lib::fstar!(r#"assert (v $shifted == 1664 - v $fe)"#);
 
     // If shifted < 0, then
     // (shifted >> 15) ^ shifted = flip_bits(shifted) = -shifted - 1, and so
@@ -75,14 +75,14 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 {
     let r1: i16 = r0 & 1;
     let res = r1 as u8;
     hax_lib::fstar!(
-        "assert (v $r0 = v $shifted_positive_in_range / pow2 15);
+        r#"assert (v $r0 = v $shifted_positive_in_range / pow2 15);
         assert (if v $shifted_positive_in_range < 0 then $r0 = ones else $r0 = zero);
         logand_lemma (mk_i16 1) $r0; 
         assert (if v $shifted_positive_in_range < 0 then $r1 = mk_i16 1 else $r1 = mk_i16 0);
         assert ((v $fe >= 833 && v $fe <= 2496) ==> $r1 = mk_i16 1);
         assert (v $fe < 833 ==> $r1 = mk_i16 0);
         assert (v $fe > 2496 ==> $r1 = mk_i16 0);
-        assert (v $res = v $r1)"
+        assert (v $res = v $r1)"#
     );
     res
 }
@@ -122,21 +122,21 @@ pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) ->
 #[cfg_attr(
     hax,
     hax_lib::fstar::before(
-        "
+        r#"
 let compress_message_coefficient_range_helper (fe: u16) : Lemma
   (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16))
-  (ensures v (cast (compress_message_coefficient fe) <: i16) >= 0 /\\
+  (ensures v (cast (compress_message_coefficient fe) <: i16) >= 0 /\
     v (cast (compress_message_coefficient fe) <: i16) < 2) =
-  assert (v (cast (compress_message_coefficient fe) <: i16) >= 0 /\\
+  assert (v (cast (compress_message_coefficient fe) <: i16) >= 0 /\
     v (cast (compress_message_coefficient fe) <: i16) < 2)
-"
+"#
     )
 )]
 #[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")]
-#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\
-    v (Seq.index ${a}.f_elements i) < 3329"))]
-#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\
-    v (${result}.f_elements.[ sz i ] <: i16) < 2"))]
+#[hax_lib::requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\
+    v (Seq.index ${a}.f_elements i) < 3329"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\
+    v (${result}.f_elements.[ sz i ] <: i16) < 2"#))]
 pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
     hax_lib::fstar!(
         "assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <.
@@ -145,10 +145,10 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
-            v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\\
-            (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\\
-                v (${a}.f_elements.[ sz j ] <: i16) < 2)"
+                r#"(v $i < 16 ==> (forall (j:nat). (j >= v $i /\ j < 16) ==>
+            v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\
+            (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\
+                v (${a}.f_elements.[ sz j ] <: i16) < 2)"#
             )
         });
         hax_lib::fstar!(
@@ -156,13 +156,13 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
         );
         a.elements[i] = compress_message_coefficient(a.elements[i] as u16) as i16;
         hax_lib::fstar!(
-            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\
+            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\
             v (${a}.f_elements.[ $i ] <: i16) < 2)"
         );
     }
 
     hax_lib::fstar!(
-        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\
+        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\
         v (${a}.f_elements.[ sz i ] <: i16) < 2)"
     );
     a
@@ -170,14 +170,14 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
 
 #[inline(always)]
 #[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")]
-#[hax_lib::requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
         v $COEFFICIENT_BITS == 5 \\/
         v $COEFFICIENT_BITS == 10 \\/
-        v $COEFFICIENT_BITS == 11) /\\
-    (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\
-        v (Seq.index ${a}.f_elements i) < 3329)"))]
-#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\
-    v (${result}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"))]
+        v $COEFFICIENT_BITS == 11) /\
+    (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\
+        v (Seq.index ${a}.f_elements i) < 3329)"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\
+    v (${result}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"#))]
 pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> PortableVector {
     hax_lib::fstar!(
         "assert (v (cast ($COEFFICIENT_BITS) <: u8) == v $COEFFICIENT_BITS);
@@ -191,21 +191,21 @@ pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> Po
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
-            v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\\
-            (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\\
-                v (${a}.f_elements.[ sz j ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"
+                r#"(v $i < 16 ==> (forall (j:nat). (j >= v $i /\ j < 16) ==>
+            v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\
+            (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\
+                v (${a}.f_elements.[ sz j ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"#
             )
         });
         a.elements[i] =
             compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, a.elements[i] as u16) as i16;
         hax_lib::fstar!(
-            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\
+            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\
             v (${a}.f_elements.[ $i ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"
         );
     }
     hax_lib::fstar!(
-        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\
+        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\
         v (${a}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"
     );
     a
@@ -213,13 +213,13 @@ pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> Po
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300 --ext context_pruning")]
-#[hax_lib::requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
         v $COEFFICIENT_BITS == 5 \\/
         v $COEFFICIENT_BITS == 10 \\/
-        v $COEFFICIENT_BITS == 11) /\\
-    (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\
-        v (Seq.index ${a}.f_elements i) < pow2 (v $COEFFICIENT_BITS))"))]
-#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (Seq.index ${result}.f_elements i) < v $FIELD_MODULUS"))]
+        v $COEFFICIENT_BITS == 11) /\
+    (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\
+        v (Seq.index ${a}.f_elements i) < pow2 (v $COEFFICIENT_BITS))"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index ${result}.f_elements i) < v $FIELD_MODULUS"#))]
 pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
     mut a: PortableVector,
 ) -> PortableVector {
@@ -233,10 +233,12 @@ pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
 
     for i in 0..FIELD_ELEMENTS_IN_VECTOR {
         hax_lib::loop_invariant!(|i: usize| {
-            fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==>
-            v (Seq.index ${a}.f_elements j) >= 0 /\\  v (Seq.index ${a}.f_elements j) < pow2 (v $COEFFICIENT_BITS))) /\\
+            fstar!(
+                r#"(v $i < 16 ==> (forall (j:nat). (j >= v $i /\ j < 16) ==>
+            v (Seq.index ${a}.f_elements j) >= 0 /\  v (Seq.index ${a}.f_elements j) < pow2 (v $COEFFICIENT_BITS))) /\
             (forall (j:nat). j < v $i ==>
-                v (Seq.index ${a}.f_elements j) < v $FIELD_MODULUS)")
+                v (Seq.index ${a}.f_elements j) < v $FIELD_MODULUS)"#
+            )
         });
         hax_lib::fstar!(
             "assert (v (${a}.f_elements.[ $i ] <: i16) < pow2 11);
diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs
index 46ef118d5..bf746901d 100644
--- a/libcrux-ml-kem/src/vector/portable/ntt.rs
+++ b/libcrux-ml-kem/src/vector/portable/ntt.rs
@@ -3,25 +3,26 @@ use super::vector_type::*;
 
 #[inline(always)]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
-#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ 
-                            Spec.Utils.is_i16b 1664 $zeta  /\\
-                            Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\
-                            Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\\
-                            Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"))]
-#[hax_lib::ensures(|result| fstar!("(forall k. (k <> v i /\\ k <> v j) ==>
-                                         Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\
-                                    (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\
+#[hax_lib::requires(fstar!(r#"v i < 16 /\ v j < 16 /\ v i <> v j /\ 
+                            Spec.Utils.is_i16b 1664 $zeta  /\
+                            Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\
+                            Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\
+                            Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"#))]
+#[hax_lib::ensures(|result| fstar!(r#"(forall k. (k <> v i /\ k <> v j) ==>
+                                         Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\
+                                    (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\
                                                Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==>
-                                              (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\
-                                               Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\\
-                                    Spec.Utils.ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))]
+                                              (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\
+                                               Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\
+                                    Spec.Utils.ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"#))]
 pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) {
     let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta);
     hax_lib::fstar!(
         "assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))"
     );
     let a_minus_t = vec.elements[i] - t;
-    hax_lib::fstar!("
+    hax_lib::fstar!(
+        r#"
     calc (==) {
         v $a_minus_t % 3329;
         (==) {}
@@ -32,9 +33,11 @@ pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize)
         (v (Seq.index vec.f_elements (v i)) - ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329;
         (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329}
         (v (Seq.index vec.f_elements (v $i)) - (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329;
-        }");
+        }"#
+    );
     let a_plus_t = vec.elements[i] + t;
-    hax_lib::fstar!("
+    hax_lib::fstar!(
+        r#"
     calc (==) {
         v a_plus_t % 3329;
         (==) {}
@@ -45,7 +48,8 @@ pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize)
         (v (Seq.index vec.f_elements (v $i)) + ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329;
         (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329}
         (v (Seq.index vec.f_elements (v $i)) + (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329;
-    }");
+    }"#
+    );
     vec.elements[j] = a_minus_t;
     vec.elements[i] = a_plus_t;
     hax_lib::fstar!(
@@ -56,10 +60,10 @@ pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize)
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                            Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                            Spec.Utils.is_i16b_array (11207+5*3328) ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) ${result}.f_elements"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                            Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+                            Spec.Utils.is_i16b_array (11207+5*3328) ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) ${result}.f_elements"#))]
 pub(crate) fn ntt_layer_1_step(
     mut vec: PortableVector,
     zeta0: i16,
@@ -80,9 +84,9 @@ pub(crate) fn ntt_layer_1_step(
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                            Spec.Utils.is_i16b_array (11207+4*3328) ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) ${result}.f_elements"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                            Spec.Utils.is_i16b_array (11207+4*3328) ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) ${result}.f_elements"#))]
 pub(crate) fn ntt_layer_2_step(mut vec: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector {
     ntt_step(&mut vec, zeta0, 0, 4);
     ntt_step(&mut vec, zeta0, 1, 5);
@@ -97,9 +101,9 @@ pub(crate) fn ntt_layer_2_step(mut vec: PortableVector, zeta0: i16, zeta1: i16)
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                            Spec.Utils.is_i16b_array (11207+3*3328) ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) ${result}.f_elements"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
+                            Spec.Utils.is_i16b_array (11207+3*3328) ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) ${result}.f_elements"#))]
 pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector {
     ntt_step(&mut vec, zeta, 0, 8);
     ntt_step(&mut vec, zeta, 1, 9);
@@ -114,23 +118,26 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe
 
 #[inline(always)]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
-#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\  v i <> v j /\\ 
-                        Spec.Utils.is_i16b 1664 $zeta /\\
-                        Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\
-                                    (forall k. (k <> v i /\\ k <> v j) ==>
-                                         Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\
-                                    Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\
-                                    Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)) /\\
-                                    Spec.Utils.inv_ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))]
+#[hax_lib::requires(fstar!(r#"v i < 16 /\ v j < 16 /\  v i <> v j /\ 
+                        Spec.Utils.is_i16b 1664 $zeta /\
+                        Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\
+                                    (forall k. (k <> v i /\ k <> v j) ==>
+                                         Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\
+                                    Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\
+                                    Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)) /\
+                                    Spec.Utils.inv_ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"#))]
 pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) {
     let a_minus_b = vec.elements[j] - vec.elements[i];
     let a_plus_b = vec.elements[j] + vec.elements[i];
-    hax_lib::fstar!("assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i)));
-                     assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i)))");
+    hax_lib::fstar!(
+        r#"assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i)));
+                     assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i)))"#
+    );
     let o0 = barrett_reduce_element(a_plus_b);
     let o1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta);
-    hax_lib::fstar!("
+    hax_lib::fstar!(
+        r#"
     calc (==) {
         v o0 % 3329;
         (==) { }
@@ -144,21 +151,22 @@ pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usi
         (v a_minus_b * v zeta * 169) % 3329;
         (==) { }
         ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % 3329;
-    }");
+    }"#
+    );
     vec.elements[i] = o0;
     vec.elements[j] = o1;
     hax_lib::fstar!(
-        "assert (Seq.index vec.f_elements (v i) == o0);
-                     assert (Seq.index vec.f_elements (v j) == o1)"
+        r#"assert (Seq.index vec.f_elements (v i) == o0);
+                     assert (Seq.index vec.f_elements (v j) == o1)"#
     );
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 200")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                            Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                            Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                            Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+                            Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements"#))]
 pub(crate) fn inv_ntt_layer_1_step(
     mut vec: PortableVector,
     zeta0: i16,
@@ -191,15 +199,15 @@ pub(crate) fn inv_ntt_layer_1_step(
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 3));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 0));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 2));
-        assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements i))");
+        assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements i))"#);
     vec
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                            Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                            Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements"#))]
 pub(crate) fn inv_ntt_layer_2_step(
     mut vec: PortableVector,
     zeta0: i16,
@@ -218,9 +226,9 @@ pub(crate) fn inv_ntt_layer_2_step(
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                            Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
+                            Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements"#))]
 pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector {
     inv_ntt_step(&mut vec, zeta, 0, 8);
     inv_ntt_step(&mut vec, zeta, 1, 9);
@@ -259,22 +267,22 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab
     "--z3rlimit 250 --split_queries always --query_stats --ext context_prune"
 )]
 #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
-#[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\
-        Spec.Utils.is_i16b_array 3328 ${a}.f_elements /\\
-        Spec.Utils.is_i16b_array 3328 ${b}.f_elements /\\
-        Spec.Utils.is_i16b_array 3328 ${out}.f_elements "))]
-#[hax_lib::ensures(|()| fstar!("
-        Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\\
-        (forall k. (k <> 2 * v $i /\\ k <> 2 * v $i + 1) ==> 
-                    Seq.index ${out}_future.f_elements k == Seq.index ${out}.f_elements k) /\\                 
+#[hax_lib::requires(fstar!(r#"v i < 8 /\ Spec.Utils.is_i16b 1664 $zeta /\
+        Spec.Utils.is_i16b_array 3328 ${a}.f_elements /\
+        Spec.Utils.is_i16b_array 3328 ${b}.f_elements /\
+        Spec.Utils.is_i16b_array 3328 ${out}.f_elements "#))]
+#[hax_lib::ensures(|()| fstar!(r#"
+        Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\
+        (forall k. (k <> 2 * v $i /\ k <> 2 * v $i + 1) ==> 
+                    Seq.index ${out}_future.f_elements k == Seq.index ${out}.f_elements k) /\                 
         (let ai = Seq.index ${a}.f_elements (2 * v $i) in
          let aj = Seq.index ${a}.f_elements (2 * v $i + 1) in
          let bi = Seq.index ${b}.f_elements (2 * v $i) in
          let bj = Seq.index ${b}.f_elements (2 * v $i + 1) in
          let oi = Seq.index out_future.f_elements (2 * v $i) in
          let oj = Seq.index out_future.f_elements (2 * v $i + 1) in
-         ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\\
-         ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))"))]
+         ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\
+         ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))"#))]
 pub(crate) fn ntt_multiply_binomials(
     a: &PortableVector,
     b: &PortableVector,
@@ -294,19 +302,20 @@ pub(crate) fn ntt_multiply_binomials(
                      assert_norm (3328 * 3328 < pow2 31)"
     );
 
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi");
+    hax_lib::fstar!(r#"Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi"#);
     let ai_bi = (ai as i32) * (bi as i32);
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj");
+    hax_lib::fstar!(r#"Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj"#);
     let aj_bj_ = (aj as i32) * (bj as i32);
-    hax_lib::fstar!("assert_norm (3328 * 3328 <= 3328 * pow2 15)");
+    hax_lib::fstar!(r#"assert_norm (3328 * 3328 <= 3328 * pow2 15)"#);
     let aj_bj = montgomery_reduce_element(aj_bj_);
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta");
+    hax_lib::fstar!(r#"Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta"#);
     let aj_bj_zeta = (aj_bj as i32) * (zeta as i32);
     let ai_bi_aj_bj = ai_bi + aj_bj_zeta;
-    hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*1664) $ai_bi_aj_bj)");
-    hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15)");
+    hax_lib::fstar!(r#"assert(Spec.Utils.is_i32b (3328*3328 + 3328*1664) $ai_bi_aj_bj)"#);
+    hax_lib::fstar!(r#"assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15)"#);
     let o0 = montgomery_reduce_element(ai_bi_aj_bj);
-    hax_lib::fstar!("calc  ( == ) {
+    hax_lib::fstar!(
+        r#"calc  ( == ) {
         v $o0 % 3329;
         ( == ) { () }
         (v $ai_bi_aj_bj * 169) % 3329;
@@ -332,14 +341,15 @@ pub(crate) fn ntt_multiply_binomials(
         (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) % 3329 * 169) % 3329;
         ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) 169 3329 }
         (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) * 169) % 3329;
-        }");
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bj");
+        }"#
+    );
+    hax_lib::fstar!(r#"Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bj"#);
     let ai_bj = (ai as i32) * (bj as i32);
-    hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bi");
+    hax_lib::fstar!(r#"Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bi"#);
     let aj_bi = (aj as i32) * (bi as i32);
     let ai_bj_aj_bi = ai_bj + aj_bi;
-    hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) ");
-    hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)");
+    hax_lib::fstar!(r#"assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) "#);
+    hax_lib::fstar!(r#"assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"#);
     let o1 = montgomery_reduce_element(ai_bj_aj_bi);
     hax_lib::fstar!(
         "calc  ( == ) {
@@ -358,25 +368,25 @@ pub(crate) fn ntt_multiply_binomials(
     out.elements[2 * i] = o0;
     out.elements[2 * i + 1] = o1;
     hax_lib::fstar!(
-        "assert (Seq.index out.f_elements (2 * v i) == o0);
+        r#"assert (Seq.index out.f_elements (2 * v i) == o0);
                      assert (Seq.index out.f_elements (2 * v i + 1) == o1);
                      assert (Spec.Utils.is_i16b_array 3328 out.f_elements);
-                     assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==>
+                     assert (forall k. (k <> 2 * v i /\ k <> 2 * v i + 1) ==>
                                         Seq.index out.f_elements k ==
-                                        Seq.index ${_out0} k)"
+                                        Seq.index ${_out0} k)"#
     );
 }
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::fstar::options("--z3rlimit 100")]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta0 /\\
-        Spec.Utils.is_i16b 1664 $zeta1 /\\
-        Spec.Utils.is_i16b 1664 $zeta2 /\\
-        Spec.Utils.is_i16b 1664 $zeta3 /\\
-        Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\\
-        Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 $zeta0 /\
+        Spec.Utils.is_i16b 1664 $zeta1 /\
+        Spec.Utils.is_i16b 1664 $zeta2 /\
+        Spec.Utils.is_i16b 1664 $zeta3 /\
+        Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\
+        Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "#))]
+#[hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\
           (let zetas = Seq.seq_of_list [v zeta0; - v zeta0; v zeta1; - v zeta1; v zeta2; - v zeta2; v zeta3; - v zeta3] in
           (forall (i:nat). i < 8 ==>
            (let ai = Seq.index lhs.f_elements (2 * i) in
@@ -385,8 +395,8 @@ pub(crate) fn ntt_multiply_binomials(
             let bj = Seq.index rhs.f_elements (2 * i + 1) in
             let oi = Seq.index result.f_elements (2 * i) in
             let oj = Seq.index result.f_elements (2 * i + 1) in
-            ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\\
-            ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))"))]
+            ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\
+            ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))"#))]
 pub(crate) fn ntt_multiply(
     lhs: &PortableVector,
     rhs: &PortableVector,
@@ -399,27 +409,27 @@ pub(crate) fn ntt_multiply(
     let nzeta1 = -zeta1;
     let nzeta2 = -zeta2;
     let nzeta3 = -zeta3;
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta0)");
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta1)");
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta2)");
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta3)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b 1664 nzeta0)"#);
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b 1664 nzeta1)"#);
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b 1664 nzeta2)"#);
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b 1664 nzeta3)"#);
     let mut out = zero();
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, zeta0, 0, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, nzeta0, 1, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, zeta1, 2, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, nzeta1, 3, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, zeta2, 4, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, nzeta2, 5, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, zeta3, 6, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     ntt_multiply_binomials(lhs, rhs, nzeta3, 7, &mut out);
-    hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+    hax_lib::fstar!(r#"assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"#);
     out
 }
diff --git a/libcrux-ml-kem/src/vector/portable/sampling.rs b/libcrux-ml-kem/src/vector/portable/sampling.rs
index 13f6f9f33..b2f4b4110 100644
--- a/libcrux-ml-kem/src/vector/portable/sampling.rs
+++ b/libcrux-ml-kem/src/vector/portable/sampling.rs
@@ -4,7 +4,7 @@ use crate::vector::FIELD_MODULUS;
 #[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(a.len() == 24 && result.len() == 16)]
 #[hax_lib::ensures(|res|
-        fstar!("Seq.length $result_future == Seq.length $result /\\ v $res <= 16")
+        fstar!(r#"Seq.length $result_future == Seq.length $result /\ v $res <= 16"#)
     )]
 pub(crate) fn rej_sample(a: &[u8], result: &mut [i16]) -> usize {
     let mut sampled = 0;
diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs
index 94dde4e71..aa52886dc 100644
--- a/libcrux-ml-kem/src/vector/portable/vector_type.rs
+++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs
@@ -10,7 +10,7 @@ pub struct PortableVector {
 }
 
 #[inline(always)]
-#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Seq.create 16 0s"))]
+#[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == Seq.create 16 0s"#))]
 pub fn zero() -> PortableVector {
     PortableVector {
         elements: [0i16; FIELD_ELEMENTS_IN_VECTOR],
@@ -18,14 +18,14 @@ pub fn zero() -> PortableVector {
 }
 
 #[inline(always)]
-#[hax_lib::ensures(|result| fstar!("${result} == ${x}.f_elements"))]
+#[hax_lib::ensures(|result| fstar!(r#"${result} == ${x}.f_elements"#))]
 pub fn to_i16_array(x: PortableVector) -> [i16; 16] {
     x.elements
 }
 
 #[inline(always)]
 #[hax_lib::requires(array.len() == 16)]
-#[hax_lib::ensures(|result| fstar!("${result}.f_elements == $array"))]
+#[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == $array"#))]
 pub fn from_i16_array(array: &[i16]) -> PortableVector {
     PortableVector {
         elements: array[0..16].try_into().unwrap(),
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 193d0edf6..87436fcd1 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -19,162 +19,162 @@ pub trait Repr: Copy + Clone {
 pub trait Operations: Copy + Clone + Repr {
     #[allow(non_snake_case)]
     #[requires(true)]
-    #[ensures(|result| fstar!("f_repr $result == Seq.create 16 0s"))]
+    #[ensures(|result| fstar!(r#"f_repr $result == Seq.create 16 0s"#))]
     fn ZERO() -> Self;
 
     #[requires(array.len() == 16)]
-    #[ensures(|result| fstar!("f_repr $result == $array"))]
+    #[ensures(|result| fstar!(r#"f_repr $result == $array"#))]
     fn from_i16_array(array: &[i16]) -> Self;
 
     #[requires(true)]
-    #[ensures(|result| fstar!("f_repr $x == $result"))]
+    #[ensures(|result| fstar!(r#"f_repr $x == $result"#))]
     fn to_i16_array(x: Self) -> [i16; 16];
 
     // Basic arithmetic
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index (f_repr ${result}) i) == 
-         v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))]
+         v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"#))]
     fn add(lhs: Self, rhs: &Self) -> Self;
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index (f_repr ${result}) i) == 
-         v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))]
+         v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"#))]
     fn sub(lhs: Self, rhs: &Self) -> Self;
 
-    #[requires(fstar!("forall i. i < 16 ==> 
-        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${vec}) i) * v c)"))]
-    #[ensures(|result| fstar!("forall i. i < 16 ==> 
+    #[requires(fstar!(r#"forall i. i < 16 ==> 
+        Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${vec}) i) * v c)"#))]
+    #[ensures(|result| fstar!(r#"forall i. i < 16 ==> 
         (v (Seq.index (f_repr ${result}) i) == 
-         v (Seq.index (f_repr ${vec}) i) * v c)"))]
+         v (Seq.index (f_repr ${vec}) i) * v c)"#))]
     fn multiply_by_constant(vec: Self, c: i16) -> Self;
 
     // Bitwise operations
     #[requires(true)]
-    #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> x &. c) (f_repr $v)"))]
+    #[ensures(|result| fstar!(r#"f_repr $result == Spec.Utils.map_array (fun x -> x &. c) (f_repr $v)"#))]
     fn bitwise_and_with_constant(v: Self, c: i16) -> Self;
 
     #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-    #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"))]
+    #[ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"#))]
     fn shift_right<const SHIFT_BY: i32>(v: Self) -> Self;
     // fn shift_left<const SHIFT_BY: i32>(v: Self) -> Self;
 
     // Modular operations
-    #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr $v)"))]
-    #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr $v)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr $v)"#))]
+    #[ensures(|result| fstar!(r#"f_repr $result == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr $v)"#))]
     fn cond_subtract_3329(v: Self) -> Self;
 
-    #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (f_repr $vector)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 (f_repr $vector)"#))]
     fn barrett_reduce(vector: Self) -> Self;
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 c"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 c"#))]
     fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self;
 
     // Compression
-    #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
-        v (Seq.index (f_repr $a) i) < 3329"))]
-    #[ensures(|result| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) 1"))]
+    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
+        v (Seq.index (f_repr $a) i) < 3329"#))]
+    #[ensures(|result| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) 1"#))]
     fn compress_1(a: Self) -> Self;
-    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
             v $COEFFICIENT_BITS == 11) /\\
         (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
-            v (Seq.index (f_repr $a) i) < 3329)"))]
-    #[ensures(|result| fstar!("(v $COEFFICIENT_BITS == 4 \\/
+            v (Seq.index (f_repr $a) i) < 3329)"#))]
+    #[ensures(|result| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
             v $COEFFICIENT_BITS == 11) ==>
-                (forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) (v $COEFFICIENT_BITS))"))]
+                (forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) (v $COEFFICIENT_BITS))"#))]
     fn compress<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
-    #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
         v $COEFFICIENT_BITS == 5 \\/
         v $COEFFICIENT_BITS == 10 \\/
         v $COEFFICIENT_BITS == 11) /\\
     (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
-        v (Seq.index (f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"))]
+        v (Seq.index (f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"#))]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
 
     // NTT
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))]
+                       Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"#))]
     fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self;
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                       Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"#))]
     fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self;
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\
-                       Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+                       Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"#))]
     fn ntt_layer_3_step(a: Self, zeta: i16) -> Self;
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))]
+                       Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self;
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+                       Spec.Utils.is_i16b_array 3328 (f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self;
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\
-                       Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))]
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta/\\
+                       Spec.Utils.is_i16b_array 3328 (f_repr ${a})"#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self;
 
-    #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
                        Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
                        Spec.Utils.is_i16b_array 3328 (f_repr ${lhs}) /\\
-                       Spec.Utils.is_i16b_array 3328 (f_repr ${rhs}) "))]
-    #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))]
+                       Spec.Utils.is_i16b_array 3328 (f_repr ${rhs}) "#))]
+    #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16)
         -> Self;
 
     // Serialization and deserialization
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a)"))]
-    #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 1 (f_repr $a)"#))]
+    #[ensures(|result| fstar!(r#"Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"#))]
     fn serialize_1(a: Self) -> [u8; 2];
     #[requires(a.len() == 2)]
-    #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (f_repr $result)"))]
+    #[ensures(|result| fstar!(r#"sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (f_repr $result)"#))]
     fn deserialize_1(a: &[u8]) -> Self;
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a)"))]
-    #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 4 (f_repr $a)"#))]
+    #[ensures(|result| fstar!(r#"Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"#))]
     fn serialize_4(a: Self) -> [u8; 8];
     #[requires(a.len() == 8)]
-    #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (f_repr $result)"))]
+    #[ensures(|result| fstar!(r#"sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (f_repr $result)"#))]
     fn deserialize_4(a: &[u8]) -> Self;
 
     fn serialize_5(a: Self) -> [u8; 10];
     #[requires(a.len() == 10)]
     fn deserialize_5(a: &[u8]) -> Self;
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a)"))]
-    #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 10 (f_repr $a)"#))]
+    #[ensures(|result| fstar!(r#"Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"#))]
     fn serialize_10(a: Self) -> [u8; 20];
     #[requires(a.len() == 20)]
-    #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (f_repr $result)"))]
+    #[ensures(|result| fstar!(r#"sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (f_repr $result)"#))]
     fn deserialize_10(a: &[u8]) -> Self;
 
     fn serialize_11(a: Self) -> [u8; 22];
     #[requires(a.len() == 22)]
     fn deserialize_11(a: &[u8]) -> Self;
 
-    #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a)"))]
-    #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"))]
+    #[requires(fstar!(r#"Spec.MLKEM.serialize_pre 12 (f_repr $a)"#))]
+    #[ensures(|result| fstar!(r#"Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"#))]
     fn serialize_12(a: Self) -> [u8; 24];
     #[requires(a.len() == 24)]
-    #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (f_repr $result)"))]
+    #[ensures(|result| fstar!(r#"sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (f_repr $result)"#))]
     fn deserialize_12(a: &[u8]) -> Self;
 
     #[requires(a.len() == 24 && out.len() == 16)]
     #[ensures(|result|
-        fstar!("Seq.length $out_future == Seq.length $out /\\ v $result <= 16")
+        fstar!(r#"Seq.length $out_future == Seq.length $out /\\ v $result <= 16"#)
     )]
     fn rej_sample(a: &[u8], out: &mut [i16]) -> usize;
 }
@@ -220,7 +220,7 @@ pub trait Operations: Copy + Clone {
 }
 
 // hax does not support trait with default implementations, so we use the following pattern
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $fer"))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 $fer"#))]
 #[inline(always)]
 pub fn montgomery_multiply_fe<T: Operations>(v: T, fer: i16) -> T {
     T::montgomery_multiply_by_constant(v, fer)
@@ -232,11 +232,11 @@ pub fn to_standard_domain<T: Operations>(v: T) -> T {
 }
 
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))]
-#[hax_lib::ensures(|result| fstar!("forall i.
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"#))]
+#[hax_lib::ensures(|result| fstar!(r#"forall i.
                                        (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in
                                         let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in
-                                        (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))]
+                                        (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"#))]
 #[inline(always)]
 pub fn to_unsigned_representative<T: Operations>(a: T) -> T {
     let t = T::shift_right::<15>(a);
@@ -244,9 +244,9 @@ pub fn to_unsigned_representative<T: Operations>(a: T) -> T {
     T::add(a, &fm)
 }
 
-#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always")]
-#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
-                                      (x == 0s \\/ x == 1s)"))]
+#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always"#)]
+#[hax_lib::requires(fstar!(r#"forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
+                                      (x == 0s \\/ x == 1s)"#))]
 #[inline(always)]
 pub fn decompress_1<T: Operations>(vec: T) -> T {
     let z = T::ZERO();
@@ -257,14 +257,18 @@ pub fn decompress_1<T: Operations>(vec: T) -> T {
         "assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
                                       ((0 - v x) == 0 \\/ (0 - v x) == -1))"
     );
-    hax_lib::fstar!("assert(forall i. i < 16 ==>
+    hax_lib::fstar!(
+        r#"assert(forall i. i < 16 ==>
                                       Spec.Utils.is_intb (pow2 15 - 1) 
-                                        (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))");
+                                        (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"#
+    );
 
     let s = T::sub(z, &vec);
-    hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ 
-                                      Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)");
-    hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)");
+    hax_lib::fstar!(
+        r#"assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ 
+                                      Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"#
+    );
+    hax_lib::fstar!(r#"assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"#);
     let res = T::bitwise_and_with_constant(s, 1665);
     res
 }

From 0953378121322f4b3bfa94f1e178e59537c275ab Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 18:11:52 +0100
Subject: [PATCH 106/142] raw strings

---
 libcrux-ml-kem/src/hash_functions.rs         |  22 +--
 libcrux-ml-kem/src/ind_cca/instantiations.rs | 156 +++++++++----------
 libcrux-ml-kem/src/ind_cca/multiplexing.rs   |  74 ++++-----
 libcrux-ml-kem/src/matrix.rs                 |   8 +-
 libcrux-ml-kem/src/mlkem1024.rs              |   4 +-
 libcrux-ml-kem/src/mlkem512.rs               |   4 +-
 libcrux-ml-kem/src/mlkem768.rs               |   4 +-
 libcrux-ml-kem/src/sampling.rs               |  16 +-
 libcrux-ml-kem/src/serialize.rs              |  26 ++--
 libcrux-ml-kem/src/types.rs                  |  16 +-
 libcrux-ml-kem/src/vector/avx2.rs            |  64 ++++----
 libcrux-ml-kem/src/vector/avx2/compress.rs   |   4 +-
 libcrux-ml-kem/src/vector/avx2/ntt.rs        |  10 +-
 libcrux-ml-kem/src/vector/avx2/sampling.rs   |   8 +-
 14 files changed, 209 insertions(+), 207 deletions(-)

diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs
index f76ad4c8f..d0acbab30 100644
--- a/libcrux-ml-kem/src/hash_functions.rs
+++ b/libcrux-ml-kem/src/hash_functions.rs
@@ -48,10 +48,10 @@ pub(crate) trait Hash<const K: usize> {
     fn PRF<const LEN: usize>(input: &[u8]) -> [u8; LEN];
 
     /// PRFxN aka N SHAKE256
-    #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+    #[requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
     #[ensures(|result|
         // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-        fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+        fstar!(r#"(v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)) ==>
             $result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
     fn PRFxN<const LEN: usize>(input: &[[u8; 33]; K]) -> [[u8; LEN]; K];
@@ -114,7 +114,7 @@ pub(crate) mod portable {
         digest
     }
 
-    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
     #[hax_lib::ensures(|result|
         fstar!(r#"$result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
@@ -197,9 +197,9 @@ pub(crate) mod portable {
             PRF::<LEN>(input)
         }
 
-        #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+        #[requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
         #[ensures(|out|
-            fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+            fstar!(r#"(v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)) ==>
                 $out == Spec.Utils.v_PRFxN $K $LEN $input"#))
         ]
         #[inline(always)]
@@ -273,7 +273,7 @@ pub(crate) mod avx2 {
         digest
     }
 
-    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
     #[hax_lib::ensures(|result|
         fstar!(r#"$result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
@@ -450,9 +450,9 @@ pub(crate) mod avx2 {
             PRF::<LEN>(input)
         }
 
-        #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+        #[requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
         #[ensures(|out|
-            fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+            fstar!(r#"(v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)) ==>
                 $out == Spec.Utils.v_PRFxN $K $LEN $input"#))
         ]
         #[inline(always)]
@@ -524,7 +524,7 @@ pub(crate) mod neon {
         digest
     }
 
-    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+    #[hax_lib::requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
     #[hax_lib::ensures(|result|
         fstar!(r#"$result == Spec.Utils.v_PRFxN $K $LEN $input"#))
     ]
@@ -728,10 +728,10 @@ pub(crate) mod neon {
             PRF::<LEN>(input)
         }
 
-        #[requires(fstar!(r#"v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)"#))]
+        #[requires(fstar!(r#"v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)"#))]
         #[ensures(|out|
             // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784
-            fstar!(r#"(v $LEN < pow2 32 /\\ (v $K == 2 \\/ v $K == 3 \\/ v $K == 4)) ==>
+            fstar!(r#"(v $LEN < pow2 32 /\ (v $K == 2 \/ v $K == 3 \/ v $K == 4)) ==>
                 $out == Spec.Utils.v_PRFxN $K $LEN $input"#))
         ]
         #[inline(always)]
diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs
index b9c6f7ff6..441279351 100644
--- a/libcrux-ml-kem/src/ind_cca/instantiations.rs
+++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs
@@ -7,12 +7,12 @@ macro_rules! instantiate {
             };
 
             /// Portable generate key pair.
-            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-                $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-                $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+                $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+                $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+                $ETA1 == Spec.MLKEM.v_ETA1 $K /\
                 $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
             pub(crate) fn generate_keypair<
                 const K: usize,
@@ -67,8 +67,8 @@ macro_rules! instantiate {
 
             /// Public key validation
             #[inline(always)]
-            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
                 $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
             pub(crate) fn validate_public_key<
                 const K: usize,
@@ -87,8 +87,8 @@ macro_rules! instantiate {
 
             /// Private key validation
             #[inline(always)]
-            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
                 $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
             pub(crate) fn validate_private_key<
                 const K: usize,
@@ -106,7 +106,7 @@ macro_rules! instantiate {
 
             /// Private key validation
             #[inline(always)]
-            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
                 $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"#))]
             pub(crate) fn validate_private_key_only<
                 const K: usize,
@@ -157,18 +157,18 @@ macro_rules! instantiate {
                 >(public_key, randomness)
             }
 
-            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-                $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-                $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-                $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-                $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-                $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-                $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-                $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-                $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+                $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+                $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+                $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+                $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+                $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+                $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+                $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+                $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+                $ETA2 == Spec.MLKEM.v_ETA2 $K /\
                 $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
             pub(crate) fn encapsulate<
                 const K: usize,
@@ -255,21 +255,21 @@ macro_rules! instantiate {
             }
 
             /// Portable decapsulate
-            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-                $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-                $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-                $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-                $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-                $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-                $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-                $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-                $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-                $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-                $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-                $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+            #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+                $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+                $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+                $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+                $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+                $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+                $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+                $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+                $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+                $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+                $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+                $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+                $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+                $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
                 $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
             pub fn decapsulate<
                 const K: usize,
@@ -326,8 +326,8 @@ macro_rules! instantiate {
 
                 /// Get the unpacked public key.
                 #[hax_lib::requires(
-                    fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+                    fstar!(r#"Spec.MLKEM.is_rank $K /\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
                     $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#)
                 )]
                 #[inline(always)]
@@ -353,11 +353,11 @@ macro_rules! instantiate {
                 /// Take a serialized private key and generate an unpacked key pair from it.
                 #[inline(always)]
                 #[hax_lib::requires(
-                    fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                            v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
-                            v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
-                            v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
-                            v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+                    fstar!(r#"Spec.MLKEM.is_rank $K /\
+                            v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+                            v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+                            v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+                            v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
                             v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"#))]
                 pub(crate) fn keypair_from_private_key<
                     const K: usize,
@@ -382,12 +382,12 @@ macro_rules! instantiate {
                 }
 
                 /// Generate a key pair
-                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-                    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+                    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+                    $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
                     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
                 #[inline(always)]
                 pub(crate) fn generate_keypair<
@@ -417,18 +417,18 @@ macro_rules! instantiate {
                 }
 
                 /// Unpacked encapsulate
-                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-                    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-                    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-                    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-                    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-                    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-                    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+                    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+                    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+                    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+                    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+                    $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+                    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
                     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
                 #[inline(always)]
                 pub(crate) fn encapsulate<
@@ -469,21 +469,21 @@ macro_rules! instantiate {
                 }
 
                 /// Unpacked decapsulate
-                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-                    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-                    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-                    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-                    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-                    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-                    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-                    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-                    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-                    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+                #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+                    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+                    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+                    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+                    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+                    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+                    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+                    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+                    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+                    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+                    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+                    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+                    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+                    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
                     $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
                 #[inline(always)]
                 pub(crate) fn decapsulate<
diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs
index d0ae1d7a9..ad13d9c58 100644
--- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs
+++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs
@@ -52,8 +52,8 @@ use instantiations::portable::{
     kyber_generate_keypair as kyber_generate_keypair_neon,
 };
 
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
 #[inline(always)]
 pub(crate) fn validate_public_key<
@@ -69,8 +69,8 @@ pub(crate) fn validate_public_key<
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+                $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
                 $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
 pub(crate) fn validate_private_key<
     const K: usize,
@@ -132,12 +132,12 @@ pub(crate) fn kyber_generate_keypair<
     }
 }
 
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
 pub(crate) fn generate_keypair<
     const K: usize,
@@ -254,18 +254,18 @@ pub(crate) fn kyber_encapsulate<
     }
 }
 
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
 pub(crate) fn encapsulate<
     const K: usize,
@@ -418,21 +418,21 @@ pub(crate) fn kyber_decapsulate<
     }
 }
 
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
     $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
 pub(crate) fn decapsulate<
     const K: usize,
diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs
index 3f008cd32..80f232545 100644
--- a/libcrux-ml-kem/src/matrix.rs
+++ b/libcrux-ml-kem/src/matrix.rs
@@ -53,7 +53,7 @@ pub(crate) fn sample_matrix_A<const K: usize, Vector: Operations, Hasher: Hash<K
         let u_spec = to_spec_vector_t $u_as_ntt in
         let v_spec = to_spec_poly_t $v in
         to_spec_poly_t $res ==
-            Spec.MLKEM.(poly_sub v_spec (poly_inv_ntt (vector_dot_product_ntt #$K secret_spec u_spec))) /\\
+            Spec.MLKEM.(poly_sub v_spec (poly_inv_ntt (vector_dot_product_ntt #$K secret_spec u_spec))) /\
         Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res"#)
 )]
 pub(crate) fn compute_message<const K: usize, Vector: Operations>(
@@ -85,7 +85,7 @@ pub(crate) fn compute_message<const K: usize, Vector: Operations>(
         let e2_spec = to_spec_poly_t $error_2 in
         let m_spec = to_spec_poly_t $message in
         let res_spec = to_spec_poly_t $res in
-        res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec) /\\
+        res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec) /\
         Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res"#)
 )]
 pub(crate) fn compute_ring_element_v<const K: usize, Vector: Operations>(
@@ -117,7 +117,7 @@ pub(crate) fn compute_ring_element_v<const K: usize, Vector: Operations>(
         let r_spec = to_spec_vector_t $r_as_ntt in
         let e_spec = to_spec_vector_t $error_1 in
         let res_spec = to_spec_vector_t $res in
-        res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\\
+        res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\
         (forall (i:nat). i < v $K ==>
             Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $res i))"#)
 )]
@@ -156,7 +156,7 @@ pub(crate) fn compute_vector_u<const K: usize, Vector: Operations>(
              Spec.MLKEM.compute_As_plus_e_ntt
                (to_spec_matrix_t $matrix_A) 
                (to_spec_vector_t $s_as_ntt) 
-               (to_spec_vector_t $error_as_ntt) /\\
+               (to_spec_vector_t $error_as_ntt) /\
         (forall (i: nat). i < v $K ==>
             Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${t_as_ntt}_future i))"#)
 )]
diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs
index 7e90491ea..7976f095e 100644
--- a/libcrux-ml-kem/src/mlkem1024.rs
+++ b/libcrux-ml-kem/src/mlkem1024.rs
@@ -468,7 +468,7 @@ pub fn validate_private_key(
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
     fstar!(r#"let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem1024_generate_keypair $randomness in
-        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)"#)
+        valid ==> (${res}.f_sk.f_value == secret_key /\ ${res}.f_pk.f_value == public_key)"#)
 )]
 pub fn generate_key_pair(
     randomness: [u8; KEY_GENERATION_SEED_SIZE],
@@ -494,7 +494,7 @@ pub fn generate_key_pair(
 #[hax_lib::ensures(|res|
     fstar!(r#"let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem1024_encapsulate ${public_key}.f_value $randomness in
         let (res_ciphertext, res_shared_secret) = $res in
-        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)"#)
+        valid ==> (res_ciphertext.f_value == ciphertext /\ res_shared_secret == shared_secret)"#)
 )]
 pub fn encapsulate(
     public_key: &MlKem1024PublicKey,
diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs
index 6b5498d51..52cfa2543 100644
--- a/libcrux-ml-kem/src/mlkem512.rs
+++ b/libcrux-ml-kem/src/mlkem512.rs
@@ -456,7 +456,7 @@ pub fn validate_private_key(
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
     fstar!(r#"let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem512_generate_keypair $randomness in
-        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)"#)
+        valid ==> (${res}.f_sk.f_value == secret_key /\ ${res}.f_pk.f_value == public_key)"#)
 )]
 pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512KeyPair {
     multiplexing::generate_keypair::<
@@ -480,7 +480,7 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512
 #[hax_lib::ensures(|res|
     fstar!(r#"let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem512_encapsulate ${public_key}.f_value $randomness in
         let (res_ciphertext, res_shared_secret) = $res in
-        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)"#)
+        valid ==> (res_ciphertext.f_value == ciphertext /\ res_shared_secret == shared_secret)"#)
 )]
 pub fn encapsulate(
     public_key: &MlKem512PublicKey,
diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs
index 9deb50115..a96c83304 100644
--- a/libcrux-ml-kem/src/mlkem768.rs
+++ b/libcrux-ml-kem/src/mlkem768.rs
@@ -451,7 +451,7 @@ pub fn validate_private_key(
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::ensures(|res|
     fstar!(r#"let ((secret_key, public_key), valid) = Spec.MLKEM.Instances.mlkem768_generate_keypair $randomness in
-        valid ==> (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)"#)
+        valid ==> (${res}.f_sk.f_value == secret_key /\ ${res}.f_pk.f_value == public_key)"#)
 )]
 pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768KeyPair {
     multiplexing::generate_keypair::<
@@ -475,7 +475,7 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768
 #[hax_lib::ensures(|res|
     fstar!(r#"let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem768_encapsulate ${public_key}.f_value $randomness in
         let (res_ciphertext, res_shared_secret) = $res in
-        valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)"#)
+        valid ==> (res_ciphertext.f_value == ciphertext /\ res_shared_secret == shared_secret)"#)
 )]
 pub fn encapsulate(
     public_key: &MlKem768PublicKey,
diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs
index d10a4a7f2..080d8e41b 100644
--- a/libcrux-ml-kem/src/sampling.rs
+++ b/libcrux-ml-kem/src/sampling.rs
@@ -188,8 +188,8 @@ fn sample_from_binomial_distribution_2<Vector: Operations>(
                     let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as i16;
                     hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul;
                         logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 2ul <: u32) <: u32) 3ul;
-                        assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 3);
-                        assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 3);
+                        assert (v $outcome_1 >= 0 /\ v $outcome_1 <= 3);
+                        assert (v $outcome_2 >= 0 /\ v $outcome_2 <= 3);
                         assert (v $chunk_number <= 31);
                         assert (v (sz 8 *! $chunk_number <: usize) <= 248);
                         assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)"#);
@@ -240,8 +240,8 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
                     let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as i16;
                     hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul;
                         logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 3l <: i32) <: u32) 7ul;
-                        assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 7);
-                        assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 7);
+                        assert (v $outcome_1 >= 0 /\ v $outcome_1 <= 7);
+                        assert (v $outcome_2 >= 0 /\ v $outcome_2 <= 7);
                         assert (v $chunk_number <= 63);
                         assert (v (sz 4 *! $chunk_number <: usize) <= 252);
                         assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)"#);
@@ -259,16 +259,16 @@ fn sample_from_binomial_distribution_3<Vector: Operations>(
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires((ETA == 2 || ETA == 3) && randomness.len() == ETA * 64)]
 #[hax_lib::ensures(|result| fstar!(r#"(forall (i:nat). i < 8 ==> Libcrux_ml_kem.Ntt.ntt_layer_7_pre
-    (${result}.f_coefficients.[ sz i ]) (${result}.f_coefficients.[ sz i +! sz 8 ])) /\\
+    (${result}.f_coefficients.[ sz i ]) (${result}.f_coefficients.[ sz i +! sz 8 ])) /\
     Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector $result ==
         Spec.MLKEM.sample_poly_cbd $ETA $randomness"#))]
 pub(super) fn sample_from_binomial_distribution<const ETA: usize, Vector: Operations>(
     randomness: &[u8],
 ) -> PolynomialRingElement<Vector> {
     hax_lib::fstar!(
-        "assert (
-        (v (cast $ETA <: u32) == 2) \\/
-        (v (cast $ETA <: u32) == 3))"
+        r#"assert (
+        (v (cast $ETA <: u32) == 2) \/
+        (v (cast $ETA <: u32) == 3))"#
     );
     match ETA as u32 {
         2 => sample_from_binomial_distribution_2(randomness),
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 8fc1de500..0ae669038 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -259,7 +259,7 @@ fn compress_then_serialize_11<const OUT_LEN: usize, Vector: Operations>(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(panic_free)]
-#[hax_lib::requires(fstar!(r#"(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\
+#[hax_lib::requires(fstar!(r#"(v $COMPRESSION_FACTOR == 10 \/ v $COMPRESSION_FACTOR == 11) /\
     v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\ coefficients_field_modulus_range $re"#))]
 #[hax_lib::ensures(|result|
     fstar!(r#"$result == Spec.MLKEM.compress_then_byte_encode (v $COMPRESSION_FACTOR)
@@ -273,10 +273,10 @@ pub(super) fn compress_then_serialize_ring_element_u<
     re: &PolynomialRingElement<Vector>,
 ) -> [u8; OUT_LEN] {
     hax_lib::fstar!(
-        "assert (
-        (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/
+        r#"assert (
+        (v (cast $COMPRESSION_FACTOR <: u32) == 10) \/
         (v (cast $COMPRESSION_FACTOR <: u32) == 11));
-        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"
+        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"#
     );
     match COMPRESSION_FACTOR as u32 {
         10 => compress_then_serialize_10(re),
@@ -365,10 +365,10 @@ pub(super) fn compress_then_serialize_ring_element_v<
     out: &mut [u8],
 ) {
     hax_lib::fstar!(
-        "assert (
-        (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/
+        r#"assert (
+        (v (cast $COMPRESSION_FACTOR <: u32) == 4) \/
         (v (cast $COMPRESSION_FACTOR <: u32) == 5));
-        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"
+        Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"#
     );
     match COMPRESSION_FACTOR as u32 {
         4 => compress_then_serialize_4(re, out),
@@ -435,9 +435,9 @@ pub(super) fn deserialize_then_decompress_ring_element_u<
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
     hax_lib::fstar!(
-        "assert (
-        (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/
-        (v (cast $COMPRESSION_FACTOR <: u32) == 11))"
+        r#"assert (
+        (v (cast $COMPRESSION_FACTOR <: u32) == 10) \/
+        (v (cast $COMPRESSION_FACTOR <: u32) == 11))"#
     );
     match COMPRESSION_FACTOR as u32 {
         10 => deserialize_then_decompress_10(serialized),
@@ -503,9 +503,9 @@ pub(super) fn deserialize_then_decompress_ring_element_v<
     serialized: &[u8],
 ) -> PolynomialRingElement<Vector> {
     hax_lib::fstar!(
-        "assert (
-        (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/
-        (v (cast $COMPRESSION_FACTOR <: u32) == 5))"
+        r#"assert (
+        (v (cast $COMPRESSION_FACTOR <: u32) == 4) \/
+        (v (cast $COMPRESSION_FACTOR <: u32) == 5))"#
     );
     match COMPRESSION_FACTOR as u32 {
         4 => deserialize_then_decompress_4(serialized),
diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs
index 851700cfb..f20498185 100644
--- a/libcrux-ml-kem/src/types.rs
+++ b/libcrux-ml-kem/src/types.rs
@@ -165,7 +165,7 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
     }
 
     /// Create a new [`MlKemKeyPair`] from the secret and public key.
-    #[ensures(|result| fstar!(r#"${result}.f_sk == $sk /\\ ${result}.f_pk == $pk"#))]
+    #[ensures(|result| fstar!(r#"${result}.f_sk == $sk /\ ${result}.f_pk == $pk"#))]
     pub fn from(
         sk: MlKemPrivateKey<PRIVATE_KEY_SIZE>,
         pk: MlKemPublicKey<PUBLIC_KEY_SIZE>,
@@ -216,13 +216,13 @@ impl<const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize>
            let (ind_cpa_public_key_hash_s,implicit_rejection_value_s) = split rest Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in
            let (ind_cpa_secret_key,ind_cpa_public_key,ind_cpa_public_key_hash,implicit_rejection_value)
                = result in
-           ind_cpa_secret_key_s == ind_cpa_secret_key /\\
-           ind_cpa_public_key_s == ind_cpa_public_key /\\
-           ind_cpa_public_key_hash_s == ind_cpa_public_key_hash /\\
-           implicit_rejection_value_s == implicit_rejection_value /\\
-           Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\\
-           Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\\
-           Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\\
+           ind_cpa_secret_key_s == ind_cpa_secret_key /\
+           ind_cpa_public_key_s == ind_cpa_public_key /\
+           ind_cpa_public_key_hash_s == ind_cpa_public_key_hash /\
+           implicit_rejection_value_s == implicit_rejection_value /\
+           Seq.length ind_cpa_secret_key == v v_CPA_SECRET_KEY_SIZE /\
+           Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE /\
+           Seq.length ind_cpa_public_key_hash == v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE /\
            Seq.length implicit_rejection_value == 
            Seq.length private_key - 
              (v v_CPA_SECRET_KEY_SIZE + v v_PUBLIC_KEY_SIZE + v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 80373cd1a..87d0f873b 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -54,7 +54,7 @@ fn cond_subtract_3329(vector: SIMD256Vector) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
+#[hax_lib::requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\
     v (Seq.index (repr $vector) i) < 3329"#))]
 #[hax_lib::ensures(|out| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) 1"#))]
 fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
@@ -68,8 +68,8 @@ fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
 #[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
     v $COEFFICIENT_BITS == 5 \\/
     v $COEFFICIENT_BITS == 10 \\/
-    v $COEFFICIENT_BITS == 11) /\\
-    (forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\\
+    v $COEFFICIENT_BITS == 11) /\
+    (forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\
     v (Seq.index (repr $vector) i) < 3329)"#))]
 #[hax_lib::ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
     v $COEFFICIENT_BITS == 5 \\/
@@ -84,8 +84,8 @@ fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                    Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                    Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
                     Spec.Utils.is_i16b_array (11207+5*3328) (repr ${vector})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (repr $out)"#))]
 fn ntt_layer_1_step(
@@ -102,7 +102,7 @@ fn ntt_layer_1_step(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                     Spec.Utils.is_i16b_array (11207+4*3328) (repr ${vector})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (repr $out)"#))]
 fn ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vector {
@@ -113,7 +113,7 @@ fn ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vec
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                     Spec.Utils.is_i16b_array (11207+3*3328) (repr ${vector})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (repr $out)"#))]
 fn ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
@@ -124,8 +124,8 @@ fn ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                    Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                    Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3  /\
                     Spec.Utils.is_i16b_array (4*3328) (repr ${vector})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn inv_ntt_layer_1_step(
@@ -142,7 +142,7 @@ fn inv_ntt_layer_1_step(
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                     Spec.Utils.is_i16b_array 3328 (repr ${vector})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn inv_ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD256Vector {
@@ -153,7 +153,7 @@ fn inv_ntt_layer_2_step(vector: SIMD256Vector, zeta0: i16, zeta1: i16) -> SIMD25
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                     Spec.Utils.is_i16b_array 3328 (repr ${vector})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn inv_ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
@@ -164,9 +164,9 @@ fn inv_ntt_layer_3_step(vector: SIMD256Vector, zeta: i16) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                    Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                    Spec.Utils.is_i16b_array 3328 (repr ${lhs}) /\\
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                    Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+                    Spec.Utils.is_i16b_array 3328 (repr ${lhs}) /\
                     Spec.Utils.is_i16b_array 3328 (repr ${rhs})"#))]
 #[hax_lib::ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (repr $out)"#))]
 fn ntt_multiply(
@@ -327,7 +327,7 @@ impl Operations for SIMD256Vector {
     }
 
     #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-    #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"#))]
+    #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"#))]
     #[inline(always)]
     fn shift_right<const SHIFT_BY: i32>(vector: Self) -> Self {
         Self {
@@ -358,7 +358,7 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
+    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\
         v (Seq.index (impl.f_repr $vector) i) < 3329"#))]
     #[ensures(|out| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"#))]
     #[inline(always)]
@@ -369,8 +369,8 @@ impl Operations for SIMD256Vector {
     #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
             v $COEFFICIENT_BITS == 10 \\/
-            v $COEFFICIENT_BITS == 11) /\\
-        (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
+            v $COEFFICIENT_BITS == 11) /\
+        (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\
             v (Seq.index (impl.f_repr $vector) i) < 3329)"#))]
     #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
             v $COEFFICIENT_BITS == 5 \\/
@@ -385,8 +385,8 @@ impl Operations for SIMD256Vector {
     #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
         v $COEFFICIENT_BITS == 5 \\/
         v $COEFFICIENT_BITS == 10 \\/
-        v $COEFFICIENT_BITS == 11) /\\
-    (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\
+        v $COEFFICIENT_BITS == 11) /\
+    (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\
         v (Seq.index (impl.f_repr $vector) i) < pow2 (v $COEFFICIENT_BITS))"#))]
     #[inline(always)]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(vector: Self) -> Self {
@@ -397,8 +397,8 @@ impl Operations for SIMD256Vector {
         }
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
                        Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${vector})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -406,7 +406,7 @@ impl Operations for SIMD256Vector {
         ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                        Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -414,7 +414,7 @@ impl Operations for SIMD256Vector {
         ntt_layer_2_step(vector, zeta0, zeta1)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                        Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -422,8 +422,8 @@ impl Operations for SIMD256Vector {
         ntt_layer_3_step(vector, zeta)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3  /\
                        Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -431,7 +431,7 @@ impl Operations for SIMD256Vector {
         inv_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -439,7 +439,7 @@ impl Operations for SIMD256Vector {
         inv_ntt_layer_2_step(vector, zeta0, zeta1)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -447,9 +447,9 @@ impl Operations for SIMD256Vector {
         inv_ntt_layer_3_step(vector, zeta)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     #[inline(always)]
@@ -549,7 +549,7 @@ impl Operations for SIMD256Vector {
 
     #[requires(input.len() == 24 && output.len() == 16)]
     #[ensures(|result|
-        fstar!(r#"Seq.length $output_future == Seq.length $output /\\ v $result <= 16"#)
+        fstar!(r#"Seq.length $output_future == Seq.length $output /\ v $result <= 16"#)
     )]
     #[inline(always)]
     fn rej_sample(input: &[u8], output: &mut [i16]) -> usize {
diff --git a/libcrux-ml-kem/src/vector/avx2/compress.rs b/libcrux-ml-kem/src/vector/avx2/compress.rs
index bd428426b..1761915b7 100644
--- a/libcrux-ml-kem/src/vector/avx2/compress.rs
+++ b/libcrux-ml-kem/src/vector/avx2/compress.rs
@@ -38,7 +38,7 @@ pub(crate) fn compress_message_coefficient(vector: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype /\\
+#[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\ v $COEFFICIENT_BITS < bits i32_inttype /\
     range (v (1l <<! $COEFFICIENT_BITS) - 1) i32_inttype"#))]
 pub(crate) fn compress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
     vector: Vec256,
@@ -105,7 +105,7 @@ pub(crate) fn compress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype"#))]
+#[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\ v $COEFFICIENT_BITS < bits i32_inttype"#))]
 pub(crate) fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(
     vector: Vec256,
 ) -> Vec256 {
diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs
index 14701b96c..518548b6b 100644
--- a/libcrux-ml-kem/src/vector/avx2/ntt.rs
+++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs
@@ -1,7 +1,7 @@
 use super::*;
 
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"#))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3"#))]
 pub(crate) fn ntt_layer_1_step(
     vector: Vec256,
     zeta0: i16,
@@ -23,7 +23,7 @@ pub(crate) fn ntt_layer_1_step(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"#))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1"#))]
 pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 {
     let zetas = mm256_set_epi16(
         -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0,
@@ -57,7 +57,7 @@ pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"#))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3"#))]
 pub(crate) fn inv_ntt_layer_1_step(
     vector: Vec256,
     zeta0: i16,
@@ -87,7 +87,7 @@ pub(crate) fn inv_ntt_layer_1_step(
 }
 
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"#))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1"#))]
 pub(crate) fn inv_ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 {
     let lhs = mm256_permute4x64_epi64::<0b11_11_01_01>(vector);
 
@@ -128,7 +128,7 @@ pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"#))]
+#[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3"#))]
 pub(crate) fn ntt_multiply(
     lhs: Vec256,
     rhs: Vec256,
diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs
index 1f3565b40..f8320e1d0 100644
--- a/libcrux-ml-kem/src/vector/avx2/sampling.rs
+++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs
@@ -8,7 +8,7 @@ use super::{
 #[hax_lib::fstar::verification_status(lax)]
 #[hax_lib::requires(input.len() == 24 && output.len() == 16)]
 #[hax_lib::ensures(|res|
-        fstar!("Seq.length $output_future == Seq.length $output /\\ v $res <= 16")
+        fstar!(r#"Seq.length $output_future == Seq.length $output /\ v $res <= 16"#)
     )]
 pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize {
     let field_modulus = mm256_set1_epi16(FIELD_MODULUS);
@@ -31,14 +31,16 @@ pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize {
     // each lane in the register to tell us what coefficients to keep and what
     // to throw-away. Combine all the bits (there are 16) into two bytes.
     let good = serialize_1(compare_with_field_modulus);
-    hax_lib::fstar!("assert (v (cast (${good}.[ sz 0 ] <: u8) <: usize) < 256);
+    hax_lib::fstar!(
+        r#"assert (v (cast (${good}.[ sz 0 ] <: u8) <: usize) < 256);
         assert (v (cast (${good}.[ sz 1 ] <: u8) <: usize) < 256);
         // We need to provide a definition or post-condition for Core.Num.impl__u8__count_ones
         assume (v (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) <= 8);
         assume (v (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 1 ]) <: usize) <= 8);
         assume (Core.Ops.Index.f_index_pre output ({
                     Core.Ops.Range.f_start = cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize;
-                    Core.Ops.Range.f_end = (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) +! sz 8 }))");
+                    Core.Ops.Range.f_end = (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) +! sz 8 }))"#
+    );
 
     // Each bit (and its corresponding position) represents an element we
     // want to sample. We'd like all such elements to be next to each other starting

From 939e5ea340ab0ec982f051ad2c14e36ad61dac29 Mon Sep 17 00:00:00 2001
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Wed, 11 Dec 2024 18:19:35 +0100
Subject: [PATCH 107/142] issue ref

---
 libcrux-ml-kem/src/polynomial.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs
index accd43531..75cfd1e49 100644
--- a/libcrux-ml-kem/src/polynomial.rs
+++ b/libcrux-ml-kem/src/polynomial.rs
@@ -264,6 +264,8 @@ fn ntt_multiply<Vector: Operations>(
     out
 }
 
+// FIXME: We pulled out all the items because of https://github.com/hacspec/hax/issues/1183
+// Revisit when that issue is fixed.
 #[hax_lib::attributes]
 impl<Vector: Operations> PolynomialRingElement<Vector> {
     #[allow(non_snake_case)]

From 23f67231af11af4e9d063b91bf5f00ed76b5e7f0 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 11 Dec 2024 18:29:25 +0000
Subject: [PATCH 108/142] update DsaXof comment

---
 libcrux-ml-dsa/src/hash_functions.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs
index 84ca5fbe9..c58a1b46f 100644
--- a/libcrux-ml-dsa/src/hash_functions.rs
+++ b/libcrux-ml-dsa/src/hash_functions.rs
@@ -5,6 +5,8 @@ pub(crate) mod shake256 {
     pub(crate) const BLOCK_SIZE: usize = 136;
 
     /// An ML-DSA specific Xof trait
+    /// This trait is not actually a full Xof implementation but opererates only
+    /// on multiple of blocks. The only real Xof API for SHAKE256 is [`Xof`].
     pub(crate) trait DsaXof {
         fn shake256<const OUTPUT_LENGTH: usize>(input: &[u8], out: &mut [u8; OUTPUT_LENGTH]);
         fn init_absorb_final(input: &[u8]) -> Self;

From f2e76e9d0b0eb79fc9b9b0bc25c0862b7d7db2c6 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 11 Dec 2024 18:29:42 +0000
Subject: [PATCH 109/142] mldsa: update F* extraction

---
 .../fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst  |  4 ++--
 .../fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti |  2 ++
 .../Libcrux_ml_dsa.Hash_functions.Shake256.fsti      |  2 ++
 .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst    | 12 ++++++------
 .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst    | 12 ++++++------
 .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst           | 12 ++++++------
 .../fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst   | 12 ++++++------
 .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst    | 12 ++++++------
 .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst    | 12 ++++++------
 .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst           | 12 ++++++------
 .../fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst   | 12 ++++++------
 .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst    | 12 ++++++------
 .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst    | 12 ++++++------
 .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst           | 12 ++++++------
 .../fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst   | 12 ++++++------
 .../proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst |  6 +++---
 .../fstar/extraction/Libcrux_ml_dsa.Types.fsti       |  6 +++---
 17 files changed, 84 insertions(+), 80 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst
index 2348e0868..4e42a3c10 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst
@@ -41,8 +41,8 @@ let deserialize
               (Libcrux_ml_dsa.Simd.Traits.f_t1_deserialize #v_SIMDUnit
                   #FStar.Tactics.Typeclasses.solve
                   (serialized.[ {
-                        Core.Ops.Range.f_start = i *! sz 10 <: usize;
-                        Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! sz 10 <: usize
+                        Core.Ops.Range.f_start = i *! deserialize__WINDOW <: usize;
+                        Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! deserialize__WINDOW <: usize
                       }
                       <:
                       Core.Ops.Range.t_Range usize ]
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti
index 6ac2183bb..b1b59a0dc 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti
@@ -9,6 +9,8 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
+let deserialize__WINDOW: usize = sz 10
+
 let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 10
 
 val deserialize
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti
index 4f08af6fa..de5a31b65 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti
@@ -4,6 +4,8 @@ open Core
 open FStar.Mul
 
 /// An ML-DSA specific Xof trait
+/// This trait is not actually a full Xof implementation but opererates only
+/// on multiple of blocks. The only real Xof API for SHAKE256 is [`Xof`].
 class t_DsaXof (v_Self: Type0) = {
   f_shake256_pre:v_OUTPUT_LENGTH: usize -> t_Slice u8 -> t_Array u8 v_OUTPUT_LENGTH -> Type0;
   f_shake256_post:
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst
index 57daef3c6..c923aaf46 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l
     (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2)
     (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17)
     (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst
index 881529d16..cbfcb41f1 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l
     (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2)
     (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17)
     (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst
index 47feb8acb..5ecf58ac3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17)
     95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560)
-    (sz 2420) (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560))
+    (sz 2420) (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560))
     message context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 4) (sz 4) (sz 2420) (sz 1312)
     (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst
index de9e24809..fd9368339 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l
     (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96)
     (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17)
     (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420)
     (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst
index 93a4a47d2..fb56ab400 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19)
     261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4)
     (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19)
     (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst
index 52cd13c55..06692d1d7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19)
     261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4)
     (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19)
     (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst
index 272c8f309..d696b883f 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19)
     261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032)
-    (sz 3309) (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032))
+    (sz 3309) (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032))
     message context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 6) (sz 5) (sz 3309) (sz 1952)
     (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst
index 47f6598f5..9029cf9f8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l
     (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128)
     (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19)
     (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309)
     (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst
index a5cb7cc82..bed872537 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19)
     261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2)
     (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19)
     (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst
index bec5c242e..f4bc8340a 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19)
     261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2)
     (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19)
     (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst
index a5b4a3a2a..6f6364908 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19)
     261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896)
-    (sz 4627) (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896))
+    (sz 4627) (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896))
     message context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 8) (sz 7) (sz 4627) (sz 2592)
     (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst
index b7bfad8f1..a72c5865b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l
     (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96)
     (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19)
     (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627)
     (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
index 0a457fc6e..ee9c6cfaa 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
@@ -9,17 +9,17 @@ let impl_2__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_4__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
-let impl_4__as_raw (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self.f_value
+let impl_4__as_ref (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self.f_value
 
 let impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) =
   { f_value = value } <: t_MLDSASignature v_SIZE
 
-let impl__as_raw (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value
+let impl__as_ref (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value
 
 let impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) =
   { f_value = value } <: t_MLDSASigningKey v_SIZE
 
-let impl_2__as_raw (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self.f_value
+let impl_2__as_ref (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self.f_value
 
 let impl_2__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) =
   { f_value = value } <: t_MLDSAVerificationKey v_SIZE
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
index 0a03514df..b399b3cd7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
@@ -18,7 +18,7 @@ val impl_4__len: v_SIZE: usize -> Prims.unit
 type t_MLDSASignature (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 /// A reference to the raw byte array.
-val impl_4__as_raw (v_SIZE: usize) (self: t_MLDSASignature v_SIZE)
+val impl_4__as_ref (v_SIZE: usize) (self: t_MLDSASignature v_SIZE)
     : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Build
@@ -29,7 +29,7 @@ val impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE)
 type t_MLDSASigningKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 /// A reference to the raw byte array.
-val impl__as_raw (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE)
+val impl__as_ref (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE)
     : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Build
@@ -40,7 +40,7 @@ val impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE)
 type t_MLDSAVerificationKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 /// A reference to the raw byte array.
-val impl_2__as_raw (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE)
+val impl_2__as_ref (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE)
     : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Build

From 0fc11d0192b3c434280f36914a5feeed67ae9e1e Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Sun, 15 Dec 2024 19:42:26 +0000
Subject: [PATCH 110/142] restoring F* extraction

---
 Cargo.lock                                    |  88 ++++---
 .../Libcrux_intrinsics.Avx2_extract.fsti      |  12 +
 libcrux-intrinsics/src/arm64_extract.rs       |  18 +-
 .../Libcrux_ml_kem.Hash_functions.Avx2.fsti   |   2 +-
 .../Libcrux_ml_kem.Hash_functions.Neon.fsti   |   2 +-
 ...ibcrux_ml_kem.Hash_functions.Portable.fsti |   2 +-
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fst       |  34 ++-
 .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti      |  24 +-
 .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst       |  18 ++
 .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti      |   8 +
 .../extraction/Libcrux_ml_kem.Polynomial.fst  |  48 +++-
 .../extraction/Libcrux_ml_kem.Polynomial.fsti |  30 ++-
 .../extraction/Libcrux_ml_kem.Variant.fst     |   6 +-
 .../extraction/Libcrux_ml_kem.Variant.fsti    |  10 +-
 .../extraction/Libcrux_ml_kem.Vector.Avx2.fst |  12 +
 .../Libcrux_ml_kem.Vector.Avx2.fsti           |   6 +
 ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst |  12 +
 ...ibcrux_ml_kem.Vector.Neon.Vector_type.fsti |   6 +
 ...rux_ml_kem.Vector.Portable.Vector_type.fst |  12 +
 ...ux_ml_kem.Vector.Portable.Vector_type.fsti |   6 +
 libcrux-ml-kem/src/constant_time_ops.rs       |   4 +-
 libcrux-ml-kem/src/hash_functions.rs          |   6 +-
 libcrux-ml-kem/src/ind_cca.rs                 | 232 +++++++++---------
 libcrux-ml-kem/src/ind_cpa.rs                 |   4 +-
 libcrux-ml-kem/src/invert_ntt.rs              |   2 +-
 libcrux-ml-kem/src/ntt.rs                     |  20 +-
 libcrux-ml-kem/src/serialize.rs               |   8 +-
 libcrux-ml-kem/src/utils.rs                   |  12 +-
 libcrux-ml-kem/src/vector/avx2.rs             |  30 +--
 libcrux-ml-kem/src/vector/avx2/arithmetic.rs  |   8 +-
 libcrux-ml-kem/src/vector/portable.rs         |  54 ++--
 .../src/vector/portable/arithmetic.rs         |  36 +--
 .../src/vector/portable/compress.rs           |  28 +--
 libcrux-ml-kem/src/vector/portable/ntt.rs     |   5 +-
 libcrux-ml-kem/src/vector/traits.rs           |  66 ++---
 libcrux-sha3/src/generic_keccak.rs            |   4 +-
 .../extraction/Libcrux_platform.X86.fsti      |   6 +
 37 files changed, 525 insertions(+), 356 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 94f450b74..823e87153 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "aead"
@@ -191,9 +191,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.2.2"
+version = "1.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f34d93e62b03caf570cccc334cbc6c2fceca82f39211051345108adcba3eebdc"
+checksum = "9157bbaa6b165880c27a4293a474c91cdcf265cc68cc829bf10be0964a391caf"
 dependencies = [
  "jobserver",
  "libc",
@@ -290,9 +290,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.21"
+version = "4.5.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f"
+checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -300,9 +300,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.21"
+version = "4.5.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec"
+checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838"
 dependencies = [
  "anstream",
  "anstyle",
@@ -324,9 +324,9 @@ dependencies = [
 
 [[package]]
 name = "clap_lex"
-version = "0.7.3"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7"
+checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 
 [[package]]
 name = "classic-mceliece-rust"
@@ -698,7 +698,7 @@ dependencies = [
 [[package]]
 name = "hax-lib"
 version = "0.1.0-rc.1"
-source = "git+https://github.com/hacspec/hax/#de59826b832befc82905286d052c8a961c31f3cd"
+source = "git+https://github.com/hacspec/hax/#62f7bfabe31ac2dcdbda867e3879b49b080fd292"
 dependencies = [
  "hax-lib-macros",
  "num-bigint",
@@ -708,7 +708,7 @@ dependencies = [
 [[package]]
 name = "hax-lib-macros"
 version = "0.1.0-rc.1"
-source = "git+https://github.com/hacspec/hax/#de59826b832befc82905286d052c8a961c31f3cd"
+source = "git+https://github.com/hacspec/hax/#62f7bfabe31ac2dcdbda867e3879b49b080fd292"
 dependencies = [
  "hax-lib-macros-types",
  "paste",
@@ -721,7 +721,7 @@ dependencies = [
 [[package]]
 name = "hax-lib-macros-types"
 version = "0.1.0-rc.1"
-source = "git+https://github.com/hacspec/hax/#de59826b832befc82905286d052c8a961c31f3cd"
+source = "git+https://github.com/hacspec/hax/#62f7bfabe31ac2dcdbda867e3879b49b080fd292"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -845,9 +845,9 @@ dependencies = [
 
 [[package]]
 name = "js-sys"
-version = "0.3.74"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a865e038f7f6ed956f788f0d7d60c541fff74c7bd74272c5d4cf15c63743e705"
+checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7"
 dependencies = [
  "once_cell",
  "wasm-bindgen",
@@ -886,9 +886,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.167"
+version = "0.2.168"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09d6582e104315a817dff97f75133544b2e094ee22447d2acf4a74e189ba06fc"
+checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d"
 
 [[package]]
 name = "libcrux"
@@ -1625,15 +1625,15 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.41"
+version = "0.38.42"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7f649912bc1495e167a6edee79151c84b1bad49748cb4f1f1167f459f6224f6"
+checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85"
 dependencies = [
  "bitflags",
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1673,24 +1673,24 @@ dependencies = [
 
 [[package]]
 name = "semver"
-version = "1.0.23"
+version = "1.0.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
+checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
 
 [[package]]
 name = "serde"
-version = "1.0.215"
+version = "1.0.216"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"
+checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.215"
+version = "1.0.216"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
+checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1894,9 +1894,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.97"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d15e63b4482863c109d70a7b8706c1e364eb6ea449b201a76c5b89cedcec2d5c"
+checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396"
 dependencies = [
  "cfg-if",
  "once_cell",
@@ -1905,13 +1905,12 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.97"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d36ef12e3aaca16ddd3f67922bc63e48e953f126de60bd33ccc0101ef9998cd"
+checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
 dependencies = [
  "bumpalo",
  "log",
- "once_cell",
  "proc-macro2",
  "quote",
  "syn 2.0.90",
@@ -1920,9 +1919,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.47"
+version = "0.4.49"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9dfaf8f50e5f293737ee323940c7d8b08a66a95a419223d9f41610ca08b0833d"
+checksum = "38176d9b44ea84e9184eff0bc34cc167ed044f816accfe5922e54d84cf48eca2"
 dependencies = [
  "cfg-if",
  "js-sys",
@@ -1933,9 +1932,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.97"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "705440e08b42d3e4b36de7d66c944be628d579796b8090bfa3471478a2260051"
+checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1943,9 +1942,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.97"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "98c9ae5a76e46f4deecd0f0255cc223cfa18dc9b261213b8aa0c7b36f61b3f1d"
+checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1956,19 +1955,18 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.97"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ee99da9c5ba11bd675621338ef6fa52296b76b83305e9b6e5c77d4c286d6d49"
+checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6"
 
 [[package]]
 name = "wasm-bindgen-test"
-version = "0.3.47"
+version = "0.3.49"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d919bb60ebcecb9160afee6c71b43a58a4f0517a2de0054cd050d02cec08201"
+checksum = "c61d44563646eb934577f2772656c7ad5e9c90fac78aa8013d776fcdaf24625d"
 dependencies = [
  "js-sys",
  "minicov",
- "once_cell",
  "scoped-tls",
  "wasm-bindgen",
  "wasm-bindgen-futures",
@@ -1977,9 +1975,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-test-macro"
-version = "0.3.47"
+version = "0.3.49"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "222ebde6ea87fbfa6bdd2e9f1fd8a91d60aee5db68792632176c4e16a74fc7d8"
+checksum = "54171416ce73aa0b9c377b51cc3cb542becee1cd678204812e8392e5b0e4a031"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1988,9 +1986,9 @@ dependencies = [
 
 [[package]]
 name = "web-sys"
-version = "0.3.74"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a98bc3c33f0fe7e59ad7cd041b89034fa82a7c2d4365ca538dda6cdaf513863c"
+checksum = "04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index 290b679a5..e597dd2fd 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -9,10 +9,22 @@ unfold type t_Vec128 = bit_vec 128
 val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8)
 let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_3:Core.Clone.t_Clone t_Vec128
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2:Core.Marker.t_Copy t_Vec128
+
 unfold type t_Vec256 = bit_vec 256
 val vec256_as_i16x16 (x: bit_vec 256) : t_Array i16 (sz 16)
 let get_lane (v: bit_vec 256) (i:nat{i < 16}) = Seq.index (vec256_as_i16x16 v) i
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Core.Clone.t_Clone t_Vec256
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Marker.t_Copy t_Vec256
+
 val mm256_abs_epi32 (a: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
 
 val mm256_add_epi16 (lhs rhs: t_Vec256)
diff --git a/libcrux-intrinsics/src/arm64_extract.rs b/libcrux-intrinsics/src/arm64_extract.rs
index d41241275..9f651b6c0 100644
--- a/libcrux-intrinsics/src/arm64_extract.rs
+++ b/libcrux-intrinsics/src/arm64_extract.rs
@@ -3,23 +3,23 @@
 
 #![allow(non_camel_case_types, unsafe_code, unused_variables)]
 
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _uint16x4_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _int16x4_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _int16x8_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _uint8x16_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _uint16x8_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _uint32x4_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _int32x4_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _uint64x2_t = u8;
-#[hax_lib::opaque_type]
+#[hax_lib::opaque]
 pub type _int64x2_t = u8;
 
 #[inline(always)]
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
index 336b75faa..c830bb8f6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti
@@ -6,7 +6,7 @@ open FStar.Mul
 /// The state.
 /// It\'s only used for SHAKE128.
 /// All other functions don\'t actually use any members.
-val t_Simd256Hash:Type0
+val t_Simd256Hash:eqtype
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
index 7b7869c77..1a7c6875a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti
@@ -6,7 +6,7 @@ open FStar.Mul
 /// The state.
 /// It\'s only used for SHAKE128.
 /// All other functions don\'t actually use any members.
-val t_Simd128Hash:Type0
+val t_Simd128Hash:eqtype
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
index 37255d0af..661213d58 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti
@@ -6,7 +6,7 @@ open FStar.Mul
 /// The state.
 /// It\'s only used for SHAKE128.
 /// All other functions don\'t actually use any members.
-val t_PortableHash (v_K: usize) : Type0
+val t_PortableHash (v_K: usize) : eqtype
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K) v_K
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
index e726f4578..ed2632129 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst
@@ -19,7 +19,7 @@ let impl_4__private_key
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      = self.f_private_key
@@ -28,11 +28,29 @@ let impl_4__public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      = self.f_public_key
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2':
+    v_K: usize ->
+    #v_Vector: Type0 ->
+    {| i1: Core.Clone.t_Clone v_Vector |} ->
+    {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+  -> Core.Clone.t_Clone (t_MlKemPublicKeyUnpacked v_K v_Vector)
+
+let impl_2
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Clone.t_Clone v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+     = impl_2' v_K #v_Vector #i1 #i2
+
 #push-options "--z3rlimit 200"
 
 let transpose_a
@@ -352,7 +370,7 @@ let impl_4__from_private_key
       (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
      =
@@ -592,7 +610,7 @@ let impl_4__serialized_public_key_mut
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
@@ -616,7 +634,7 @@ let impl_3__serialized
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
      =
@@ -637,7 +655,7 @@ let impl_4__serialized_public_key
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      =
@@ -831,7 +849,7 @@ let impl_4__serialized_private_key_mut
       (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
@@ -870,7 +888,7 @@ let impl_4__serialized_private_key
       (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
      =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
index 85ebcd273..a6eb033b1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti
@@ -43,7 +43,7 @@ type t_MlKemKeyPairUnpacked
 val impl_4__private_key
       (v_K: usize)
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (t_MlKemPrivateKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -51,10 +51,18 @@ val impl_4__private_key
 val impl_4__public_key
       (v_K: usize)
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2
+      (v_K: usize)
+      (#v_Vector: Type0)
+      {| i1: Core.Clone.t_Clone v_Vector |}
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Clone.t_Clone (t_MlKemPublicKeyUnpacked v_K v_Vector)
+
 val transpose_a
       (v_K: usize)
       (#v_Vector: Type0)
@@ -121,7 +129,7 @@ val impl_4__from_private_key
       (#v_Vector: Type0)
       (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE:
           usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
     : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector)
       (requires
@@ -238,7 +246,7 @@ val impl_4__serialized_public_key_mut
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
@@ -269,7 +277,7 @@ val impl_3__serialized
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemPublicKeyUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
       (requires
@@ -297,7 +305,7 @@ val impl_4__serialized_public_key
       (v_K: usize)
       (#v_Vector: Type0)
       (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
       (requires
@@ -355,7 +363,7 @@ val impl_4__serialized_private_key_mut
       (#v_Vector: Type0)
       (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
           usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
       (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
@@ -372,7 +380,7 @@ val impl_4__serialized_private_key
       (#v_Vector: Type0)
       (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT:
           usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_MlKemKeyPairUnpacked v_K v_Vector)
     : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
       (requires
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
index ef0c39424..1f6cee7c2 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst
@@ -9,6 +9,24 @@ let _ =
   let open Libcrux_ml_kem.Vector.Traits in
   ()
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2':
+    v_K: usize ->
+    #v_Vector: Type0 ->
+    {| i1: Core.Clone.t_Clone v_Vector |} ->
+    {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+  -> Core.Clone.t_Clone (t_IndCpaPublicKeyUnpacked v_K v_Vector)
+
+let impl_2
+      (v_K: usize)
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Clone.t_Clone v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+     = impl_2' v_K #v_Vector #i1 #i2
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 let impl
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
index d627f74c8..1f7036f4f 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti
@@ -23,6 +23,14 @@ type t_IndCpaPublicKeyUnpacked
   f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K
 }
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2
+      (v_K: usize)
+      (#v_Vector: Type0)
+      {| i1: Core.Clone.t_Clone v_Vector |}
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Clone.t_Clone (t_IndCpaPublicKeyUnpacked v_K v_Vector)
+
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl
       (v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
index ce5d113e4..4cad63238 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst
@@ -14,6 +14,38 @@ let zeta (i: usize) =
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl':
+    #v_Vector: Type0 ->
+    {| i1: Core.Clone.t_Clone v_Vector |} ->
+    {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+  -> Core.Clone.t_Clone (t_PolynomialRingElement v_Vector)
+
+let impl
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Clone.t_Clone v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+     = impl' #v_Vector #i1 #i2
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1':
+    #v_Vector: Type0 ->
+    {| i1: Core.Marker.t_Copy v_Vector |} ->
+    {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+  -> Core.Marker.t_Copy (t_PolynomialRingElement v_Vector)
+
+let impl_1
+      (#v_Vector: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Marker.t_Copy v_Vector)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
+     = impl_1' #v_Vector #i1 #i2
+
 #push-options "--admit_smt_queries true"
 
 let add_error_reduce
@@ -71,7 +103,7 @@ let add_error_reduce
 let impl_2__add_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self error: t_PolynomialRingElement v_Vector)
      =
@@ -141,7 +173,7 @@ let add_message_error_reduce
 let impl_2__add_message_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self message result: t_PolynomialRingElement v_Vector)
      = add_message_error_reduce #v_Vector self message result
@@ -201,7 +233,7 @@ let add_standard_error_reduce
 let impl_2__add_standard_error_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self error: t_PolynomialRingElement v_Vector)
      =
@@ -253,7 +285,7 @@ let poly_barrett_reduce
 let impl_2__poly_barrett_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self: t_PolynomialRingElement v_Vector)
      =
@@ -316,7 +348,7 @@ let subtract_reduce
 let impl_2__subtract_reduce
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self b: t_PolynomialRingElement v_Vector)
      = subtract_reduce #v_Vector self b
@@ -409,7 +441,7 @@ let from_i16_array
 let impl_2__from_i16_array
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (a: t_Slice i16)
      = from_i16_array #v_Vector a
@@ -464,7 +496,7 @@ let ntt_multiply
 let impl_2__ntt_multiply
       (#v_Vector: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self rhs: t_PolynomialRingElement v_Vector)
      = ntt_multiply #v_Vector self rhs
@@ -517,7 +549,7 @@ let impl_2__add_to_ring_element
       (#v_Vector: Type0)
       (v_K: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (self rhs: t_PolynomialRingElement v_Vector)
      =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
index 0ddfb6ea7..7f60ace38 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti
@@ -62,6 +62,20 @@ let v_VECTORS_IN_RING_ELEMENT: usize =
   Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /!
   Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl
+      (#v_Vector: Type0)
+      {| i1: Core.Clone.t_Clone v_Vector |}
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Clone.t_Clone (t_PolynomialRingElement v_Vector)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1
+      (#v_Vector: Type0)
+      {| i1: Core.Marker.t_Copy v_Vector |}
+      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+    : Core.Marker.t_Copy (t_PolynomialRingElement v_Vector)
+
 val add_error_reduce
       (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
@@ -70,7 +84,7 @@ val add_error_reduce
 
 val impl_2__add_error_reduce
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self error: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -82,7 +96,7 @@ val add_message_error_reduce
 
 val impl_2__add_message_error_reduce
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self message result: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -94,7 +108,7 @@ val add_standard_error_reduce
 
 val impl_2__add_standard_error_reduce
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self error: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -106,7 +120,7 @@ val poly_barrett_reduce
 
 val impl_2__poly_barrett_reduce
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -118,7 +132,7 @@ val subtract_reduce
 
 val impl_2__subtract_reduce
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self b: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -145,7 +159,7 @@ val from_i16_array
 
 val impl_2__from_i16_array
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (a: t_Slice i16)
     : Prims.Pure (t_PolynomialRingElement v_Vector)
       (requires
@@ -180,7 +194,7 @@ val ntt_multiply
 
 val impl_2__ntt_multiply
       (#v_Vector: Type0)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self rhs: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -198,6 +212,6 @@ val add_to_ring_element
 val impl_2__add_to_ring_element
       (#v_Vector: Type0)
       (v_K: usize)
-      {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+      {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (self rhs: t_PolynomialRingElement v_Vector)
     : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
index 90987de0b..dcdeb0041 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst
@@ -96,7 +96,7 @@ let impl: t_Variant t_MlKem =
         (v_K: usize)
         (#v_Hasher: Type0)
         (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
+          i3:
           Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
         (key_generation_seed: t_Slice u8)
         ->
@@ -107,7 +107,7 @@ let impl: t_Variant t_MlKem =
         (v_K: usize)
         (#v_Hasher: Type0)
         (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
+          i3:
           Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
         (key_generation_seed: t_Slice u8)
         (res: t_Array u8 (sz 64))
@@ -120,7 +120,7 @@ let impl: t_Variant t_MlKem =
       (v_K: usize)
       (#v_Hasher: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-        i4:
+        i3:
         Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
       (key_generation_seed: t_Slice u8)
       ->
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
index 590a79d4c..9f3dc29f3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
@@ -73,13 +73,13 @@ class t_Variant (v_Self: Type0) = {
   f_cpa_keygen_seed_pre:
       v_K: usize ->
       #v_Hasher: Type0 ->
-      {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
       seed: t_Slice u8
     -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred};
   f_cpa_keygen_seed_post:
       v_K: usize ->
       #v_Hasher: Type0 ->
-      {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
       seed: t_Slice u8 ->
       res: t_Array u8 (sz 64)
     -> pred:
@@ -90,11 +90,11 @@ class t_Variant (v_Self: Type0) = {
   f_cpa_keygen_seed:
       v_K: usize ->
       #v_Hasher: Type0 ->
-      {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+      {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
       x0: t_Slice u8
     -> Prims.Pure (t_Array u8 (sz 64))
-        (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0)
-        (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result)
+        (f_cpa_keygen_seed_pre v_K #v_Hasher #i3 x0)
+        (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i3 x0 result)
 }
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
index a352090e8..b0b8981ad 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst
@@ -158,6 +158,18 @@ let ntt_multiply (lhs rhs: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16) =
 
 #pop-options
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Core.Clone.t_Clone t_SIMD256Vector
+
+let impl_1 = impl_1'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2': Core.Marker.t_Copy t_SIMD256Vector
+
+let impl_2 = impl_2'
+
 #push-options "--admit_smt_queries true"
 
 let serialize_10_ (vector: t_SIMD256Vector) =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
index 952ee56eb..3ba81f3eb 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
@@ -159,6 +159,12 @@ val ntt_multiply (lhs rhs: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16)
           let out:t_SIMD256Vector = out in
           Spec.Utils.is_i16b_array 3328 (repr out))
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Clone.t_Clone t_SIMD256Vector
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2:Core.Marker.t_Copy t_SIMD256Vector
+
 val serialize_10_ (vector: t_SIMD256Vector)
     : Prims.Pure (t_Array u8 (sz 20))
       (requires Spec.MLKEM.serialize_pre 10 (repr vector))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst
index 9b4625de3..761d0a4b3 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst
@@ -47,6 +47,18 @@ let from_i16_array (array: t_Slice i16) =
   let _:Prims.unit = admit () (* Panic freedom *) in
   result
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Core.Clone.t_Clone t_SIMD128Vector
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Core.Marker.t_Copy t_SIMD128Vector
+
+let impl_1 = impl_1'
+
 let to_i16_array (v: t_SIMD128Vector) =
   let out:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in
   let out:t_Array i16 (sz 16) =
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti
index 2a950fdf6..ce6c9b299 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti
@@ -26,6 +26,12 @@ val from_i16_array (array: t_Slice i16)
           let result:t_SIMD128Vector = result in
           repr result == array)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Core.Clone.t_Clone t_SIMD128Vector
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Marker.t_Copy t_SIMD128Vector
+
 val to_i16_array (v: t_SIMD128Vector)
     : Prims.Pure (t_Array i16 (sz 16))
       Prims.l_True
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst
index 177b2fe04..70c80f4e5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst
@@ -25,5 +25,17 @@ let from_i16_array (array: t_Slice i16) =
 
 let to_i16_array (x: t_PortableVector) = x.f_elements
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Core.Clone.t_Clone t_PortableVector
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Core.Marker.t_Copy t_PortableVector
+
+let impl_1 = impl_1'
+
 let zero (_: Prims.unit) =
   { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti
index 782ad70eb..0d4b6268a 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti
@@ -21,6 +21,12 @@ val to_i16_array (x: t_PortableVector)
           let result:t_Array i16 (sz 16) = result in
           result == x.f_elements)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Core.Clone.t_Clone t_PortableVector
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Marker.t_Copy t_PortableVector
+
 val zero: Prims.unit
   -> Prims.Pure t_PortableVector
       Prims.l_True
diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs
index 33c7c858f..b462a2cff 100644
--- a/libcrux-ml-kem/src/constant_time_ops.rs
+++ b/libcrux-ml-kem/src/constant_time_ops.rs
@@ -69,10 +69,10 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 {
     for i in 0..lhs.len() {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "v $i <= Seq.length $lhs /\
+                r#"v $i <= Seq.length $lhs /\
             (if (Seq.slice $lhs 0 (v $i) = Seq.slice $rhs 0 (v $i)) then
                 $r == 0uy
-                else ~ ($r == 0uy))"
+                else ~ ($r == 0uy))"#
             )
         });
         let nr = r | (lhs[i] ^ rhs[i]);
diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs
index d0acbab30..572664cff 100644
--- a/libcrux-ml-kem/src/hash_functions.rs
+++ b/libcrux-ml-kem/src/hash_functions.rs
@@ -78,7 +78,7 @@ pub(crate) mod portable {
     ///
     /// It's only used for SHAKE128.
     /// All other functions don't actually use any members.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct PortableHash<const K: usize> {
         shake128_state: [KeccakState; K],
     }
@@ -237,7 +237,7 @@ pub(crate) mod avx2 {
     ///
     /// It's only used for SHAKE128.
     /// All other functions don't actually use any members.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Simd256Hash {
         shake128_state: KeccakState,
     }
@@ -487,7 +487,7 @@ pub(crate) mod neon {
     ///
     /// It's only used for SHAKE128.
     /// All other functions don't actually use any members.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Simd128Hash {
         shake128_state: [KeccakState; 2],
     }
diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs
index 843d347f2..916ff78a3 100644
--- a/libcrux-ml-kem/src/ind_cca.rs
+++ b/libcrux-ml-kem/src/ind_cca.rs
@@ -37,10 +37,10 @@ pub(crate) mod instantiations;
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
     ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"#))]
 #[hax_lib::ensures(|result| fstar!(r#"${serialized}_future == Seq.append $private_key (
                                               Seq.append $public_key (
@@ -67,7 +67,7 @@ fn serialize_kem_secret_key_mut<
         .copy_from_slice(implicit_rejection_value);
 
     hax_lib::fstar!(
-        r#"let open Spec.Utils in
+   "let open Spec.Utils in
     assert (Seq.slice serialized 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K)) `Seq.equal` $private_key);
     assert (Seq.slice serialized (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K))
                             (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K)) `Seq.equal` $public_key);
@@ -85,16 +85,16 @@ fn serialize_kem_secret_key_mut<
                                             Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +!
                                             Spec.MLKEM.v_SHARED_SECRET_SIZE))
             == $implicit_rejection_value);
-    lemma_slice_append_4 serialized $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value"#
+    lemma_slice_append_4 serialized $private_key $public_key (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K $public_key) $implicit_rejection_value"
     );
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
     ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"#))]
 #[hax_lib::ensures(|result| fstar!(r#"$result == Seq.append $private_key (
                                               Seq.append $public_key (
@@ -122,8 +122,8 @@ fn serialize_kem_secret_key<const K: usize, const SERIALIZED_KEY_LEN: usize, Has
 /// Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
 /// `public_key` type.
 #[inline(always)]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
     $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"#))]
 fn validate_public_key<
     const K: usize,
@@ -152,8 +152,8 @@ fn validate_public_key<
 /// and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
     $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
 fn validate_private_key<
     const K: usize,
@@ -172,7 +172,7 @@ fn validate_private_key<
 /// This implements the Hash check in 7.3 3.
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
     $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K"#))]
 fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hasher: Hash<K>>(
     private_key: &MlKemPrivateKey<SECRET_KEY_SIZE>,
@@ -192,12 +192,12 @@ fn validate_private_key_only<const K: usize, const SECRET_KEY_SIZE: usize, Hashe
 /// Depending on the `Vector` and `Hasher` used, this requires different hardware
 /// features
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
     $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"#))]
 #[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cca_generate_keypair $K $randomness in
                                     valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"#))]
@@ -243,18 +243,18 @@ fn generate_keypair<
 }
 
 #[hax_lib::fstar::options("--z3rlimit 300")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
     $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"#))]
 #[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness in
                                     valid ==> (${result}._1.f_value, ${result}._2) == expected"#))]
@@ -316,21 +316,21 @@ fn encapsulate<
 
 /// This code verifies on some machines, runs out of memory on others
 #[hax_lib::fstar::options("--z3rlimit 500")]
-#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
-    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
-    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\
-    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\\
-    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\\
-    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-    $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-    $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+#[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+    $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+    $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+    $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
+    $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
+    $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\
+    $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+    $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+    $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR  $K /\
+    $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR  $K /\
+    $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+    $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+    $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+    $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+    $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
     $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
 #[hax_lib::ensures(|result| fstar!(r#"let (expected, valid) = Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value in
                                     valid ==> $result == expected"#))]
@@ -483,16 +483,16 @@ pub(crate) mod unpacked {
 
     /// Generate an unpacked key from a serialized key.
     #[hax_lib::requires(
-        fstar!(r#"Spec.MLKEM.is_rank $K /\\
-        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
         $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#)
     )]
     #[hax_lib::ensures(|result|
         fstar!(r#"let (public_key_hash, (seed, (deserialized_pk, (matrix_A, valid)))) =
             Spec.MLKEM.ind_cca_unpack_public_key $K ${public_key}.f_value in (valid ==>
-            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_A == matrix_A) /\\
-        Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_t_as_ntt == deserialized_pk /\\
-        ${unpacked_public_key}_future.f_ind_cpa_public_key.f_seed_for_A == seed /\\
+            Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_A == matrix_A) /\
+        Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_t_as_ntt == deserialized_pk /\
+        ${unpacked_public_key}_future.f_ind_cpa_public_key.f_seed_for_A == seed /\
         ${unpacked_public_key}_future.f_public_key_hash == public_key_hash"#))
     ]
     #[inline(always)]
@@ -531,9 +531,9 @@ pub(crate) mod unpacked {
     impl<const K: usize, Vector: Operations> MlKemPublicKeyUnpacked<K, Vector> {
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
                     self.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
@@ -560,9 +560,9 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index
                     self.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
@@ -602,11 +602,11 @@ pub(crate) mod unpacked {
 
     /// Take a serialized private key and generate an unpacked key pair from it.
     #[inline(always)]
-    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-           v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
-           v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
-           v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
-           v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+           v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+           v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+           v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+           v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
            v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K"#))]
     pub fn keys_from_private_key<
         const K: usize,
@@ -666,11 +666,11 @@ pub(crate) mod unpacked {
 
         /// Take a serialized private key and generate an unpacked key pair from it.
         #[inline(always)]
-        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-           v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\\
-           v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\\
-           v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\\
-           v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+           v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\
+           v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+           v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\
+           v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
            v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)"#))]
         pub fn from_private_key<
             const SECRET_KEY_SIZE: usize,
@@ -696,9 +696,9 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index 
                     self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
@@ -722,9 +722,9 @@ pub(crate) mod unpacked {
 
         /// Get the serialized public key.
         #[inline(always)]
-        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
-            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+            $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
             (forall (i:nat). i < v $K ==>
                 Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index
                     self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))]
@@ -758,10 +758,10 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         #[inline(always)]
-        #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-            $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-            $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+            $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+            $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"#))]
         pub fn serialized_private_key_mut<
             const CPA_PRIVATE_KEY_SIZE: usize,
@@ -793,10 +793,10 @@ pub(crate) mod unpacked {
 
         /// Get the serialized private key.
         #[inline(always)]
-        #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-            $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\
-            $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
-            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
+        #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+            $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\
+            $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\
+            $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\
             $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K"#))]
         pub fn serialized_private_key<
             const CPA_PRIVATE_KEY_SIZE: usize,
@@ -848,21 +848,21 @@ pub(crate) mod unpacked {
         for i in 0..K {
             hax_lib::loop_invariant!(|i: usize| {
                 fstar!(
-                    "forall (j: nat). j < v $i ==>
+                    r#"forall (j: nat). j < v $i ==>
             (forall (k: nat). k < v $K ==>
                 Seq.index (Seq.index $A j) k ==
-                    Seq.index (Seq.index $ind_cpa_a k) j)"
+                    Seq.index (Seq.index $ind_cpa_a k) j)"#
                 )
             });
             let _a_i = A;
             for j in 0..K {
                 hax_lib::loop_invariant!(|j: usize| {
                     fstar!(
-                        "(forall (k: nat). k < v $i ==>
-                    Seq.index $A k == Seq.index $_a_i k) /\\
+                        r#"(forall (k: nat). k < v $i ==>
+                    Seq.index $A k == Seq.index $_a_i k) /\
                 (forall (k: nat). k < v $j ==>
                   Seq.index (Seq.index $A (v $i)) k ==
-                    Seq.index (Seq.index $ind_cpa_a k) (v $i))"
+                    Seq.index (Seq.index $ind_cpa_a k) (v $i))"#
                     )
                 });
                 A[i][j] = ind_cpa_a[j][i].clone();
@@ -874,17 +874,17 @@ pub(crate) mod unpacked {
     /// Generate Unpacked Keys
     #[inline(always)]
     #[hax_lib::fstar::options("--z3rlimit 1500 --ext context_pruning --z3refresh")]
-    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\
         $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))]
     #[hax_lib::ensures(|result|
         fstar!(r#"let ((m_A, public_key_hash), implicit_rejection_value), valid =
             Spec.MLKEM.ind_cca_unpack_generate_keypair $K $randomness in
         valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector
-            ${out}_future.f_public_key.f_ind_cpa_public_key.f_A == m_A /\\
-        ${out}_future.f_public_key.f_public_key_hash == public_key_hash /\\
+            ${out}_future.f_public_key.f_ind_cpa_public_key.f_A == m_A /\
+        ${out}_future.f_public_key.f_public_key_hash == public_key_hash /\
         ${out}_future.f_private_key.f_implicit_rejection_value == implicit_rejection_value"#))
     ]
     pub(crate) fn generate_keypair<
@@ -947,16 +947,16 @@ pub(crate) mod unpacked {
 
     // Encapsulate with Unpacked Public Key
     #[inline(always)]
-    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+        $VECTOR_U_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
         $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K"#))]
     #[hax_lib::ensures(|(ciphertext_result, shared_secret_array)|
         fstar!(r#"let (ciphertext, shared_secret) =
@@ -964,7 +964,7 @@ pub(crate) mod unpacked {
             (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_t_as_ntt)
             (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_A)
             $randomness in
-        ${ciphertext_result}.f_value == ciphertext /\\
+        ${ciphertext_result}.f_value == ciphertext /\
         $shared_secret_array == shared_secret"#))
     ]
     pub(crate) fn encapsulate<
@@ -1025,17 +1025,17 @@ pub(crate) mod unpacked {
     // Decapsulate with Unpacked Private Key
     #[inline(always)]
     #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning --z3refresh")]
-    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\\
-        $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
-        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
-        $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
-        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
-        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\
-        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\
-        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
-        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
-        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
-        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+    #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\
+        $ETA1 == Spec.MLKEM.v_ETA1 $K /\
+        $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\
+        $ETA2 == Spec.MLKEM.v_ETA2 $K /\
+        $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\
+        $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\
+        $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\
+        $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\
+        $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\
+        $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\
+        $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\
         $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))]
     #[hax_lib::ensures(|result|
         fstar!(r#"$result ==
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index 5dc48d300..a552ba5dd 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -380,10 +380,10 @@ fn sample_vector_cbd_then_ntt<
     for i in 0..K {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                "forall (j:nat). j < v $i ==>
+                r#"forall (j:nat). j < v $i ==>
             Libcrux_ml_kem.Polynomial.to_spec_poly_t #$:Vector re_as_ntt.[ sz j ] ==
               Spec.MLKEM.poly_ntt (Spec.MLKEM.sample_poly_cbd $ETA ${prf_outputs}.[ sz j ]) /\
-            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector re_as_ntt.[ sz j ]"
+            Libcrux_ml_kem.Serialize.coefficients_field_modulus_range #$:Vector re_as_ntt.[ sz j ]"#
             )
         });
         re_as_ntt[i] = sample_from_binomial_distribution::<ETA, Vector>(&prf_outputs[i]);
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 81d9db04f..65ab81748 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -77,7 +77,7 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
 }
 
 #[inline(always)]
-#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning"#)]
+#[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 64 /\
     invert_ntt_re_range_2 $re "#))]
 #[hax_lib::ensures(|result| fstar!(r#"invert_ntt_re_range_2 ${re}_future /\
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index 12feb2485..4446ddc64 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -8,21 +8,21 @@ use crate::{
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
    let ntt_re_range_2 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"#
 )]
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
     let ntt_re_range_1 (#v_Vector: Type0)
             {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
             (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
         forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
-                (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+                (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"#
 )]
 #[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 63 /\
     ntt_re_range_2 $re"#))]
@@ -81,12 +81,12 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
    let ntt_re_range_3 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"#
 )]
 #[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 31 /\
     ntt_re_range_3 $re"#))]
@@ -140,12 +140,12 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
 #[hax_lib::fstar::options("--z3rlimit 200 --ext context_pruning")]
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
    let ntt_re_range_4 (#v_Vector: Type0)
          {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
          (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
        forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328)
-            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"
+            (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))"#
 )]
 #[hax_lib::requires(fstar!(r#"v ${*zeta_i} == 15 /\
     ntt_re_range_4 $re"#))]
@@ -263,7 +263,7 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
 //We should make the loops inside this function `opaque_to_smt` to get it work
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
    let ntt_layer_7_pre (#v_Vector: Type0)
         {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
         (re_0 re_1: v_Vector) =
@@ -278,7 +278,7 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
     (forall i. i < 16 ==> 
       Spec.Utils.is_intb (pow2 15 - 1) 
         (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + 
-          v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"
+          v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"#
 )]
 #[hax_lib::requires(fstar!(r#"forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
     (${re}.f_coefficients.[ sz i +! sz 8 ])"#))]
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index 0ae669038..a3b3b2ce5 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -10,21 +10,21 @@ use crate::{
 #[inline(always)]
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
 let coefficients_field_modulus_range (#v_Vector: Type0)
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i)"
+    forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i)"#
 )]
 #[hax_lib::fstar::before(
     interface,
-    "[@@ \"opaque_to_smt\"]
+    r#"[@@ "opaque_to_smt"]
 let field_modulus_range (#v_Vector: Type0)
         {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
         (a: v_Vector) =
     let coef = Libcrux_ml_kem.Vector.Traits.f_to_i16_array a in
     forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v $FIELD_MODULUS) /\
-        v (Seq.index coef i) < v $FIELD_MODULUS"
+        v (Seq.index coef i) < v $FIELD_MODULUS"#
 )]
 #[hax_lib::fstar::verification_status(panic_free)]
 #[hax_lib::requires(fstar!(r#"field_modulus_range $a"#))]
diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs
index f38e3c088..ece8cdabc 100644
--- a/libcrux-ml-kem/src/utils.rs
+++ b/libcrux-ml-kem/src/utils.rs
@@ -33,9 +33,9 @@ pub(crate) fn into_padded_array<const LEN: usize>(slice: &[u8]) -> [u8; LEN] {
 #[hax_lib::fstar::options("--z3rlimit 200")]
 #[hax_lib::requires(fstar!(r#"range (v $domain_separator + v $K) u8_inttype"#))]
 #[hax_lib::ensures(|ds|
-    fstar!(r#"v $ds == v $domain_separator + v $K /\\
+    fstar!(r#"v $ds == v $domain_separator + v $K /\
             (forall (i:nat). i < v $K ==>
-                v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\\
+                v (Seq.index (Seq.index ${prf_inputs}_future i) 32) == v $domain_separator + i /\
                 Seq.slice (Seq.index ${prf_inputs}_future i) 0 32 == Seq.slice (Seq.index $prf_inputs i) 0 32)"#)
 )]
 pub(crate) fn prf_input_inc<const K: usize>(
@@ -47,10 +47,10 @@ pub(crate) fn prf_input_inc<const K: usize>(
     for i in 0..K {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
-                r#"v $domain_separator == v $_domain_separator_init + v $i /\\
-          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\\ j < v $K) ==>
-            prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\\
-          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\\
+                r#"v $domain_separator == v $_domain_separator_init + v $i /\
+          (v $i < v $K ==> (forall (j:nat). (j >= v $i /\ j < v $K) ==>
+            prf_inputs.[ sz j ] == ${_prf_inputs_init}.[ sz j ])) /\
+          (forall (j:nat). j < v $i ==> v (Seq.index (Seq.index prf_inputs j) 32) == v $_domain_separator_init + j /\
             Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index $_prf_inputs_init j) 0 32)"#
             )
         });
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 87d0f873b..89b1b01a4 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -65,15 +65,15 @@ fn compress_1(vector: SIMD256Vector) -> SIMD256Vector {
 
 #[inline(always)]
 #[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-    v $COEFFICIENT_BITS == 5 \\/
-    v $COEFFICIENT_BITS == 10 \\/
+#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+    v $COEFFICIENT_BITS == 5 \/
+    v $COEFFICIENT_BITS == 10 \/
     v $COEFFICIENT_BITS == 11) /\
     (forall (i:nat). i < 16 ==> v (Seq.index (repr $vector) i) >= 0 /\
     v (Seq.index (repr $vector) i) < 3329)"#))]
-#[hax_lib::ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-    v $COEFFICIENT_BITS == 5 \\/
-    v $COEFFICIENT_BITS == 10 \\/
+#[hax_lib::ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+    v $COEFFICIENT_BITS == 5 \/
+    v $COEFFICIENT_BITS == 10 \/
     v $COEFFICIENT_BITS == 11) ==>
         (forall (i:nat). i < 16 ==> bounded (Seq.index (repr $out) i) (v $COEFFICIENT_BITS))"#))]
 fn compress<const COEFFICIENT_BITS: i32>(vector: SIMD256Vector) -> SIMD256Vector {
@@ -366,15 +366,15 @@ impl Operations for SIMD256Vector {
         compress_1(vector)
     }
 
-    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-            v $COEFFICIENT_BITS == 5 \\/
-            v $COEFFICIENT_BITS == 10 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+            v $COEFFICIENT_BITS == 5 \/
+            v $COEFFICIENT_BITS == 10 \/
             v $COEFFICIENT_BITS == 11) /\
         (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\
             v (Seq.index (impl.f_repr $vector) i) < 3329)"#))]
-    #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-            v $COEFFICIENT_BITS == 5 \\/
-            v $COEFFICIENT_BITS == 10 \\/
+    #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+            v $COEFFICIENT_BITS == 5 \/
+            v $COEFFICIENT_BITS == 10 \/
             v $COEFFICIENT_BITS == 11) ==>
                 (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"#))]
     #[inline(always)]
@@ -382,9 +382,9 @@ impl Operations for SIMD256Vector {
         compress::<COEFFICIENT_BITS>(vector)
     }
 
-    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-        v $COEFFICIENT_BITS == 5 \\/
-        v $COEFFICIENT_BITS == 10 \\/
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+        v $COEFFICIENT_BITS == 5 \/
+        v $COEFFICIENT_BITS == 10 \/
         v $COEFFICIENT_BITS == 11) /\
     (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\
         v (Seq.index (impl.f_repr $vector) i) < pow2 (v $COEFFICIENT_BITS))"#))]
diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
index 1a46a54b6..905c5186b 100644
--- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
@@ -105,7 +105,7 @@ pub(crate) fn shift_right<const SHIFT_BY: i32>(vector: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"#))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
 #[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"#))]
 #[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> 
                 get_lane $result i == 
@@ -146,7 +146,7 @@ const BARRETT_MULTIPLIER: i16 = 20159;
 /// See Section 3.2 of the implementation notes document for an explanation
 /// of this code.
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"#))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})"#)))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 
@@ -235,7 +235,7 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) ->
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"#))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))"#)))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\
                 (forall i. i < 16 ==> v (get_lane $result i) % 3329 == 
@@ -312,7 +312,7 @@ pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 {
 }
 
 #[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"#))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))"#)))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\
                 (forall i. i < 8 ==> v (get_lane128 $result i) % 3329 == 
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index cc997b79e..d5432c02e 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -159,7 +159,7 @@ impl Operations for PortableVector {
     }
 
     #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-    #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"#))]
+    #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"#))]
     fn shift_right<const SHIFT_BY: i32>(v: Self) -> Self {
         shift_right::<{ SHIFT_BY }>(v)
     }
@@ -180,85 +180,85 @@ impl Operations for PortableVector {
         montgomery_multiply_by_constant(v, r)
     }
 
-    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
+    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\
         v (Seq.index (impl.f_repr $a) i) < 3329"#))]
     #[ensures(|out| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"#))]
     fn compress_1(a: Self) -> Self {
         compress_1(a)
     }
 
-    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-            v $COEFFICIENT_BITS == 5 \\/
-            v $COEFFICIENT_BITS == 10 \\/
-            v $COEFFICIENT_BITS == 11) /\\
-        (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+            v $COEFFICIENT_BITS == 5 \/
+            v $COEFFICIENT_BITS == 10 \/
+            v $COEFFICIENT_BITS == 11) /\
+        (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\
             v (Seq.index (impl.f_repr $a) i) < 3329)"#))]
-    #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-            v $COEFFICIENT_BITS == 5 \\/
-            v $COEFFICIENT_BITS == 10 \\/
+    #[ensures(|out| fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+            v $COEFFICIENT_BITS == 5 \/
+            v $COEFFICIENT_BITS == 10 \/
             v $COEFFICIENT_BITS == 11) ==>
                 (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"#))]
     fn compress<const COEFFICIENT_BITS: i32>(a: Self) -> Self {
         compress::<COEFFICIENT_BITS>(a)
     }
 
-    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-        v $COEFFICIENT_BITS == 5 \\/
-        v $COEFFICIENT_BITS == 10 \\/
-        v $COEFFICIENT_BITS == 11) /\\
-    (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+        v $COEFFICIENT_BITS == 5 \/
+        v $COEFFICIENT_BITS == 10 \/
+        v $COEFFICIENT_BITS == 11) /\
+    (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\
         v (Seq.index (impl.f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"#))]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self {
         decompress_ciphertext_coefficient::<COEFFICIENT_BITS>(a)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3  /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3  /\
                        Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"#))]
     fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
         ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                        Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"#))]
     fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self {
         ntt_layer_2_step(a, zeta0, zeta1)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                        Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"#))]
     fn ntt_layer_3_step(a: Self, zeta: i16) -> Self {
         ntt_layer_3_step(a, zeta)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
                        Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self {
         inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self {
         inv_ntt_layer_2_step(a, zeta0, zeta1)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self {
         inv_ntt_layer_3_step(a, zeta)
     }
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+                       Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\
                        Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"#))]
     fn ntt_multiply(
@@ -340,7 +340,7 @@ impl Operations for PortableVector {
 
     #[requires(a.len() == 24 && out.len() == 16)]
     #[ensures(|result|
-        fstar!(r#"Seq.length $out_future == Seq.length $out /\\ v $result <= 16"#)
+        fstar!(r#"Seq.length $out_future == Seq.length $out /\ v $result <= 16"#)
     )]
     fn rej_sample(a: &[u8], out: &mut [i16]) -> usize {
         rej_sample(a, out)
diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
index 9e909c2b6..dabef94f6 100644
--- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs
@@ -58,7 +58,7 @@ pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
             fstar!(
                 r#"
               (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == 
-                                     (Seq.index ${_lhs0}.f_elements j) +! (Seq.index ${rhs}.f_elements j)) /\\
+                                     (Seq.index ${_lhs0}.f_elements j) +! (Seq.index ${rhs}.f_elements j)) /\
               (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))"#
             )
         });
@@ -84,7 +84,7 @@ pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector {
             fstar!(
                 r#"
               (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == 
-                                     (Seq.index ${_lhs0}.f_elements j) -! (Seq.index ${rhs}.f_elements j)) /\\
+                                     (Seq.index ${_lhs0}.f_elements j) -! (Seq.index ${rhs}.f_elements j)) /\
               (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))"#
             )
         });
@@ -110,7 +110,7 @@ pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector {
             fstar!(
                 r#"
               (forall j. j < v i ==> (Seq.index ${vec}.f_elements j) == 
-                                     (Seq.index ${_vec0}.f_elements j) *! c) /\\
+                                     (Seq.index ${_vec0}.f_elements j) *! c) /\
               (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))"#
             )
         });
@@ -132,7 +132,7 @@ pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVec
             fstar!(
                 r#"
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
-                                     (Seq.index ${_vec0}.f_elements j &. c)) /\\
+                                     (Seq.index ${_vec0}.f_elements j &. c)) /\
               (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"#
             )
         });
@@ -146,7 +146,7 @@ pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVec
 
 #[inline(always)]
 #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> 
+#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> 
         ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"#))]
 pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVector {
     let _vec0 = vec;
@@ -155,7 +155,7 @@ pub fn shift_right<const SHIFT_BY: i32>(mut vec: PortableVector) -> PortableVect
             fstar!(
                 r#"
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
-                                     (Seq.index ${_vec0}.f_elements j >>! ${SHIFT_BY})) /\\
+                                     (Seq.index ${_vec0}.f_elements j >>! ${SHIFT_BY})) /\
               (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"#
             )
         });
@@ -182,7 +182,7 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
                 r#"
               (forall j. j < v i ==> Seq.index ${vec}.f_elements j == 
                                      (let x = Seq.index ${_vec0}.f_elements j in
-                                      if x >=. 3329s then x -! 3329s else x)) /\\
+                                      if x >=. 3329s then x -! 3329s else x)) /\
               (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"#
             )
         });
@@ -211,7 +211,7 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector {
 ///
 #[hax_lib::fstar::options("--z3rlimit 150 --ext context_pruning")]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 28296 value"#)))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 3328 result /\\
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 3328 result /\
                 v result % 3329 == v value % 3329"#)))]
 pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
     let t = (i32::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1);
@@ -244,7 +244,7 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement {
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 150")]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 ${vec}.f_elements"#)))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\
                 (forall i. (v (Seq.index ${result}.f_elements i) % 3329) == 
                            (v (Seq.index ${vec}.f_elements i) % 3329))"#)))]
 pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
@@ -253,9 +253,9 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
         hax_lib::loop_invariant!(|i: usize| {
             fstar!(
                 r#"
-                (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\
-                                        v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329))) /\\
-                (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\\
+                (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\
+                                        v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329))) /\
+                (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\
                                          Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))"#
             )
         });
@@ -287,8 +287,8 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector {
 ///
 #[hax_lib::fstar::options("--z3rlimit 500 --split_queries always")]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i32b (3328 * pow2 16) value "#)))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b (3328 + 1665) result /\\
-                (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\\
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b (3328 + 1665) result /\
+                (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\
                 v result % 3329 == (v value * 169) % 3329"#)))]
 pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
     // This forces hax to extract code for MONTGOMERY_R before it extracts code
@@ -385,7 +385,7 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement {
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300")]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 fer"#)))]
-#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 3328 result /\\
+#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"Spec.Utils.is_i16b 3328 result /\
                 v result % 3329 == (v fe * v fer * 169) % 3329"#)))]
 pub(crate) fn montgomery_multiply_fe_by_fer(
     fe: FieldElement,
@@ -400,7 +400,7 @@ pub(crate) fn montgomery_multiply_fe_by_fer(
 #[hax_lib::fstar::options("--z3rlimit 150")]
 #[cfg_attr(hax, hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b 1664 c"#)))]
 #[cfg_attr(hax, hax_lib::ensures(|result| fstar!(r#"
-Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
+Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\
 (forall i. i < 16 ==> 
     (v (Seq.index ${result}.f_elements i) % 3329 == 
        (v (Seq.index ${vec}.f_elements i) * v c * 169) %3329))"#)))]
@@ -412,8 +412,8 @@ pub(crate) fn montgomery_multiply_by_constant(mut vec: PortableVector, c: i16) -
                 r#"
               (forall j. j < v i ==>
 	      	  (let vecj = Seq.index ${vec}.f_elements j in
-		       (Spec.Utils.is_i16b 3328 vecj /\\
-                v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\\
+		       (Spec.Utils.is_i16b 3328 vecj /\
+                v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\
               (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))"#
             )
         });
diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs
index 3b9d946ee..7fb2bf672 100644
--- a/libcrux-ml-kem/src/vector/portable/compress.rs
+++ b/libcrux-ml-kem/src/vector/portable/compress.rs
@@ -156,23 +156,23 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector {
         );
         a.elements[i] = compress_message_coefficient(a.elements[i] as u16) as i16;
         hax_lib::fstar!(
-            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\
-            v (${a}.f_elements.[ $i ] <: i16) < 2)"
+            r#"assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\
+            v (${a}.f_elements.[ $i ] <: i16) < 2)"#
         );
     }
 
     hax_lib::fstar!(
-        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\
-        v (${a}.f_elements.[ sz i ] <: i16) < 2)"
+        r#"assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\
+        v (${a}.f_elements.[ sz i ] <: i16) < 2)"#
     );
     a
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")]
-#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-        v $COEFFICIENT_BITS == 5 \\/
-        v $COEFFICIENT_BITS == 10 \\/
+#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+        v $COEFFICIENT_BITS == 5 \/
+        v $COEFFICIENT_BITS == 10 \/
         v $COEFFICIENT_BITS == 11) /\
     (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\
         v (Seq.index ${a}.f_elements i) < 3329)"#))]
@@ -200,22 +200,22 @@ pub(crate) fn compress<const COEFFICIENT_BITS: i32>(mut a: PortableVector) -> Po
         a.elements[i] =
             compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, a.elements[i] as u16) as i16;
         hax_lib::fstar!(
-            "assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\
-            v (${a}.f_elements.[ $i ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"
+            r#"assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\
+            v (${a}.f_elements.[ $i ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"#
         );
     }
     hax_lib::fstar!(
-        "assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\
-        v (${a}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"
+        r#"assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\
+        v (${a}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"#
     );
     a
 }
 
 #[inline(always)]
 #[hax_lib::fstar::options("--z3rlimit 300 --ext context_pruning")]
-#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-        v $COEFFICIENT_BITS == 5 \\/
-        v $COEFFICIENT_BITS == 10 \\/
+#[hax_lib::requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+        v $COEFFICIENT_BITS == 5 \/
+        v $COEFFICIENT_BITS == 10 \/
         v $COEFFICIENT_BITS == 11) /\
     (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\
         v (Seq.index ${a}.f_elements i) < pow2 (v $COEFFICIENT_BITS))"#))]
diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs
index bf746901d..85d053afc 100644
--- a/libcrux-ml-kem/src/vector/portable/ntt.rs
+++ b/libcrux-ml-kem/src/vector/portable/ntt.rs
@@ -183,7 +183,7 @@ pub(crate) fn inv_ntt_layer_1_step(
     inv_ntt_step(&mut vec, zeta3, 12, 14);
     inv_ntt_step(&mut vec, zeta3, 13, 15);
     hax_lib::fstar!(
-       "assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 13));
+        r#"assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 13));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 15));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 12));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 14));
@@ -199,7 +199,8 @@ pub(crate) fn inv_ntt_layer_1_step(
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 3));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 0));
         assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 2));
-        assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements i))"#);
+        assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements i))"#
+    );
     vec
 }
 
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 87436fcd1..9898c741c 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -58,7 +58,7 @@ pub trait Operations: Copy + Clone + Repr {
     fn bitwise_and_with_constant(v: Self, c: i16) -> Self;
 
     #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)]
-    #[ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"#))]
+    #[ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"#))]
     fn shift_right<const SHIFT_BY: i32>(v: Self) -> Self;
     // fn shift_left<const SHIFT_BY: i32>(v: Self) -> Self;
 
@@ -74,62 +74,62 @@ pub trait Operations: Copy + Clone + Repr {
     fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self;
 
     // Compression
-    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
+    #[requires(fstar!(r#"forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\
         v (Seq.index (f_repr $a) i) < 3329"#))]
     #[ensures(|result| fstar!(r#"forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) 1"#))]
     fn compress_1(a: Self) -> Self;
-    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-            v $COEFFICIENT_BITS == 5 \\/
-            v $COEFFICIENT_BITS == 10 \\/
-            v $COEFFICIENT_BITS == 11) /\\
-        (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+            v $COEFFICIENT_BITS == 5 \/
+            v $COEFFICIENT_BITS == 10 \/
+            v $COEFFICIENT_BITS == 11) /\
+        (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\
             v (Seq.index (f_repr $a) i) < 3329)"#))]
-    #[ensures(|result| fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-            v $COEFFICIENT_BITS == 5 \\/
-            v $COEFFICIENT_BITS == 10 \\/
+    #[ensures(|result| fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+            v $COEFFICIENT_BITS == 5 \/
+            v $COEFFICIENT_BITS == 10 \/
             v $COEFFICIENT_BITS == 11) ==>
                 (forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) (v $COEFFICIENT_BITS))"#))]
     fn compress<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
-    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \\/
-        v $COEFFICIENT_BITS == 5 \\/
-        v $COEFFICIENT_BITS == 10 \\/
-        v $COEFFICIENT_BITS == 11) /\\
-    (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\
+    #[requires(fstar!(r#"(v $COEFFICIENT_BITS == 4 \/
+        v $COEFFICIENT_BITS == 5 \/
+        v $COEFFICIENT_BITS == 10 \/
+        v $COEFFICIENT_BITS == 11) /\
+    (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\
         v (Seq.index (f_repr $a) i) < pow2 (v $COEFFICIENT_BITS))"#))]
     fn decompress_ciphertext_coefficient<const COEFFICIENT_BITS: i32>(a: Self) -> Self;
 
     // NTT
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
                        Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"#))]
     fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self;
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                        Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"#))]
     fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self;
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta /\
                        Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"#))]
     fn ntt_layer_3_step(a: Self, zeta: i16) -> Self;
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ 
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ 
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
                        Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self;
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
                        Spec.Utils.is_i16b_array 3328 (f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self;
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta/\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta/\
                        Spec.Utils.is_i16b_array 3328 (f_repr ${a})"#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self;
 
-    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
-                       Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
-                       Spec.Utils.is_i16b_array 3328 (f_repr ${lhs}) /\\
+    #[requires(fstar!(r#"Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
+                       Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
+                       Spec.Utils.is_i16b_array 3328 (f_repr ${lhs}) /\
                        Spec.Utils.is_i16b_array 3328 (f_repr ${rhs}) "#))]
     #[ensures(|out| fstar!(r#"Spec.Utils.is_i16b_array 3328 (f_repr $out)"#))]
     fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16)
@@ -174,7 +174,7 @@ pub trait Operations: Copy + Clone + Repr {
 
     #[requires(a.len() == 24 && out.len() == 16)]
     #[ensures(|result|
-        fstar!(r#"Seq.length $out_future == Seq.length $out /\\ v $result <= 16"#)
+        fstar!(r#"Seq.length $out_future == Seq.length $out /\ v $result <= 16"#)
     )]
     fn rej_sample(a: &[u8], out: &mut [i16]) -> usize;
 }
@@ -236,7 +236,7 @@ pub fn to_standard_domain<T: Operations>(v: T) -> T {
 #[hax_lib::ensures(|result| fstar!(r#"forall i.
                                        (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in
                                         let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in
-                                        (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"#))]
+                                        (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))"#))]
 #[inline(always)]
 pub fn to_unsigned_representative<T: Operations>(a: T) -> T {
     let t = T::shift_right::<15>(a);
@@ -244,9 +244,9 @@ pub fn to_unsigned_representative<T: Operations>(a: T) -> T {
     T::add(a, &fm)
 }
 
-#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always"#)]
+#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always")]
 #[hax_lib::requires(fstar!(r#"forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
-                                      (x == 0s \\/ x == 1s)"#))]
+                                      (x == 0s \/ x == 1s)"#))]
 #[inline(always)]
 pub fn decompress_1<T: Operations>(vec: T) -> T {
     let z = T::ZERO();
@@ -254,8 +254,8 @@ pub fn decompress_1<T: Operations>(vec: T) -> T {
         "assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"
     );
     hax_lib::fstar!(
-        "assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
-                                      ((0 - v x) == 0 \\/ (0 - v x) == -1))"
+        r#"assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in 
+                                      ((0 - v x) == 0 \/ (0 - v x) == -1))"#
     );
     hax_lib::fstar!(
         r#"assert(forall i. i < 16 ==>
@@ -265,7 +265,7 @@ pub fn decompress_1<T: Operations>(vec: T) -> T {
 
     let s = T::sub(z, &vec);
     hax_lib::fstar!(
-        r#"assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ 
+        r#"assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \/ 
                                       Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"#
     );
     hax_lib::fstar!(r#"assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"#);
diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs
index 8751d95d5..ab3bd28e4 100644
--- a/libcrux-sha3/src/generic_keccak.rs
+++ b/libcrux-sha3/src/generic_keccak.rs
@@ -5,7 +5,7 @@ use core::ops::Index;
 
 use crate::traits::*;
 
-#[cfg_attr(hax, hax_lib::opaque_type)]
+#[cfg_attr(hax, hax_lib::opaque)]
 #[derive(Clone, Copy)]
 pub(crate) struct KeccakState<const N: usize, T: KeccakStateItem<N>> {
     st: [[T; 5]; 5],
@@ -31,7 +31,7 @@ impl<const N: usize, T: KeccakStateItem<N>> KeccakState<N, T> {
 
 /// The internal keccak state that can also buffer inputs to absorb.
 /// This is used in the general xof APIs.
-#[cfg_attr(hax, hax_lib::opaque_type)]
+#[cfg_attr(hax, hax_lib::opaque)]
 pub(crate) struct KeccakXofState<
     const PARALLEL_LANES: usize,
     const RATE: usize,
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
index 0b77def1e..d7c15a880 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
@@ -38,6 +38,12 @@ type t_Feature =
 
 val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Core.Clone.t_Clone t_Feature
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Marker.t_Copy t_Feature
+
 /// Initialize CPU detection.
 val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True)
 

From 2ce69364eadf81aec297e70ece280a7845e1255b Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 16 Dec 2024 10:08:14 +0000
Subject: [PATCH 111/142] addressed comments

---
 libcrux-ml-kem/src/serialize.rs               |   1 -
 .../src/vector/portable/vector_type.rs        |   2 +-
 specs/kyber/tests/interop_with_libcrux.rs     | 116 ------------------
 3 files changed, 1 insertion(+), 118 deletions(-)
 delete mode 100644 specs/kyber/tests/interop_with_libcrux.rs

diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index a3b3b2ce5..c63bf39a4 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -387,7 +387,6 @@ fn deserialize_then_decompress_10<Vector: Operations>(
     hax_lib::fstar!(r#"assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320)"#);
     let mut re = PolynomialRingElement::<Vector>::ZERO();
 
-    let _coefficients_length = re.coefficients.len();
     cloop! {
         for (i, bytes) in serialized.chunks_exact(20).enumerate() {
             let coefficient = Vector::deserialize_10(bytes);
diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs
index aa52886dc..dab81f2ef 100644
--- a/libcrux-ml-kem/src/vector/portable/vector_type.rs
+++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs
@@ -1,6 +1,6 @@
 use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR;
 
-/// Values having this type hold a representative 'x' of the Kyber field.
+/// Values having this type hold a representative 'x' of the ML-KEM field.
 /// We use 'fe' as a shorthand for this type.
 pub(crate) type FieldElement = i16;
 
diff --git a/specs/kyber/tests/interop_with_libcrux.rs b/specs/kyber/tests/interop_with_libcrux.rs
deleted file mode 100644
index 67110bdbd..000000000
--- a/specs/kyber/tests/interop_with_libcrux.rs
+++ /dev/null
@@ -1,116 +0,0 @@
-//! Test spec - code interop
-//!
-//! This is disabled because this spec has not been updated to the final version
-//! of FIPS 203.
-
-// use hacspec_kyber::{
-//     KYBER768_CIPHERTEXT_SIZE, KYBER768_KEY_GENERATION_SEED_SIZE, KYBER768_SHARED_SECRET_SIZE,
-// };
-// use libcrux_kem::MlKemCiphertext;
-// use rand::{rngs::OsRng, RngCore};
-
-// #[test]
-// fn same_inputs_result_in_same_output() {
-//     let mut keygen_seed = [0u8; KYBER768_KEY_GENERATION_SEED_SIZE];
-//     OsRng.fill_bytes(&mut keygen_seed);
-
-//     let spec_key_pair = hacspec_kyber::generate_keypair(keygen_seed).unwrap();
-//     let libcrux_key_pair =
-//         libcrux_kem::deterministic::mlkem768_generate_keypair_derand(keygen_seed);
-
-//     assert_eq!(libcrux_key_pair.pk(), spec_key_pair.pk());
-//     assert_eq!(libcrux_key_pair.sk(), spec_key_pair.sk());
-
-//     let mut message = [0u8; KYBER768_SHARED_SECRET_SIZE];
-//     OsRng.fill_bytes(&mut message);
-
-//     let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-//     let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-//         &libcrux_key_pair.pk().into(),
-//         message,
-//     );
-
-//     assert_eq!(libcrux_ct.as_ref(), spec_ct);
-//     assert_eq!(libcrux_ss.as_ref(), spec_ss);
-
-//     let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-//     let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-//         &libcrux_key_pair.pk().into(),
-//         message,
-//     );
-
-//     assert_eq!(libcrux_ct.as_ref(), spec_ct);
-//     assert_eq!(libcrux_ss.as_ref(), spec_ss);
-
-//     let spec_ss = hacspec_kyber::decapsulate(spec_ct, *spec_key_pair.sk());
-//     let libcrux_ss = libcrux_kem::deterministic::mlkem768_decapsulate_derand(
-//         libcrux_key_pair.private_key(),
-//         &libcrux_ct,
-//     );
-
-//     assert_eq!(libcrux_ss, spec_ss);
-// }
-
-// fn modify_ciphertext_pair(
-//     libcrux_ct: MlKemCiphertext<KYBER768_CIPHERTEXT_SIZE>,
-//     mut spec_ct: hacspec_kyber::Ciphertext,
-// ) -> (
-//     MlKemCiphertext<KYBER768_CIPHERTEXT_SIZE>,
-//     hacspec_kyber::Ciphertext,
-// ) {
-//     let mut random_bytes = [0u8; 3];
-//     OsRng.fill_bytes(&mut random_bytes);
-
-//     let mut byte_to_modify_with: u8 = random_bytes[0];
-//     if byte_to_modify_with == 0 {
-//         byte_to_modify_with += 1;
-//     }
-
-//     let random_u16 = (random_bytes[2] as usize) << 8 | random_bytes[1] as usize;
-//     let position = random_u16 % KYBER768_CIPHERTEXT_SIZE;
-
-//     let mut raw_libcrux_ct: [u8; KYBER768_CIPHERTEXT_SIZE] = libcrux_ct.into();
-//     raw_libcrux_ct[position] ^= byte_to_modify_with;
-
-//     spec_ct[position] ^= byte_to_modify_with;
-
-//     (raw_libcrux_ct.try_into().unwrap(), spec_ct)
-// }
-
-// #[test]
-// fn implicit_rejection_happens_the_same_way() {
-//     let mut keygen_seed = [0u8; KYBER768_KEY_GENERATION_SEED_SIZE];
-//     OsRng.fill_bytes(&mut keygen_seed);
-
-//     let spec_key_pair = hacspec_kyber::generate_keypair(keygen_seed).unwrap();
-//     let libcrux_key_pair =
-//         libcrux_kem::deterministic::mlkem768_generate_keypair_derand(keygen_seed);
-
-//     let mut message = [0u8; KYBER768_SHARED_SECRET_SIZE];
-//     OsRng.fill_bytes(&mut message);
-
-//     let (spec_ct, spec_ss) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-//     let (libcrux_ct, libcrux_ss) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-//         &libcrux_key_pair.pk().into(),
-//         message,
-//     );
-
-//     assert_eq!(libcrux_ct.as_ref(), spec_ct);
-//     assert_eq!(libcrux_ss.as_ref(), spec_ss);
-
-//     let (spec_ct, _) = hacspec_kyber::encapsulate(*spec_key_pair.pk(), message).unwrap();
-//     let (libcrux_ct, _) = libcrux_kem::deterministic::mlkem768_encapsulate_derand(
-//         &libcrux_key_pair.pk().into(),
-//         message,
-//     );
-
-//     let (modified_libcrux_ct, modified_spec_ct) = modify_ciphertext_pair(libcrux_ct, spec_ct);
-
-//     let spec_ss = hacspec_kyber::decapsulate(modified_spec_ct, *spec_key_pair.sk());
-//     let libcrux_ss = libcrux_kem::deterministic::mlkem768_decapsulate_derand(
-//         libcrux_key_pair.private_key(),
-//         &modified_libcrux_ct,
-//     );
-
-//     assert_eq!(libcrux_ss, spec_ss);
-// }

From 2ad3090db889bdbf807ac3ea28c0f5bb4deaae3c Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 16 Dec 2024 11:52:12 +0000
Subject: [PATCH 112/142] c code refresh

---
 libcrux-ml-kem/c/code_gen.txt                      | 2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h           | 2 +-
 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h     | 2 +-
 libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h | 2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h      | 2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_internal.h  | 2 +-
 libcrux-ml-kem/c/libcrux_core.c                    | 2 +-
 libcrux-ml-kem/c/libcrux_core.h                    | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h               | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c          | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h          | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c      | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h      | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h                | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c       | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h       | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h                | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h           | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c       | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h       | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c              | 7 +------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h              | 2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c          | 9 +--------
 libcrux-ml-kem/c/libcrux_mlkem_portable.h          | 2 +-
 libcrux-ml-kem/c/libcrux_sha3.h                    | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c               | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h               | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h           | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c               | 2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h               | 2 +-
 libcrux-ml-kem/cg/code_gen.txt                     | 2 +-
 libcrux-ml-kem/cg/libcrux_core.h                   | 2 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h                 | 2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h          | 7 +------
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h      | 9 +--------
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h              | 2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h          | 2 +-
 40 files changed, 40 insertions(+), 64 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index f42e3bf1a..e1570776d 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
-Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index b7ff1e8b0..b1592686b 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index c63a633d3..d7d281cdf 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index bd55f4e24..3ff3d603c 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 3ab69fcea..db0194e3f 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index a21f680ea..744f1a791 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index b0375afdd..34cbc8ce3 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 805ed4d12..7711dbbcc 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 4615f4581..ba6e14ae6 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 62ba3f91e..89313614f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 0a97605b7..33ec47760 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 108ad0257..5b461121b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index bff719544..34d934dc8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index a7911891e..40eb08903 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 4ad6511e6..788797ded 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index cea666c54..21a29dec3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index b9e8fb793..248c08c4a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 30e1b019e..ca794af26 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index d74bc6d6d..0ff51943d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 09c130c49..d5a93e9a2 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index d3c23ad3e..a78b5a229 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 039b83192..dc98ee332 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 55f70ef68..4809bbdb8 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 2c7e4cb9b..b7e44cda1 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -4235,11 +4235,6 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 deserialize_then_decompress_10_61(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i),
-          __m256i),
-      size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index f0eab0579..93497d2bd 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index a1986cd93..ea5b5855b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -5320,13 +5320,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 deserialize_then_decompress_10_8c(Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice(
-              (size_t)16U, re.coefficients,
-              libcrux_ml_kem_vector_portable_vector_type_PortableVector),
-          libcrux_ml_kem_vector_portable_vector_type_PortableVector),
-      size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index d6d62a521..9d15fe133 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 79d3345aa..d1e82104e 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 6a208bce4..ddb18960b 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 92c4e4419..afce118ef 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 4e5597311..ae47aa83b 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index 8e9935702..536095be8 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index 622d4c413..39a09fda8 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index f42e3bf1a..e1570776d 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
-Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 6d5eb7ae9..3aee66e09 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index c79af2820..751626346 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 9f9ed3e0f..d1e374411 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -1606,11 +1606,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_61(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
       libcrux_ml_kem_polynomial_ZERO_ef_61();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i),
-          __m256i),
-      size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 77b618194..757c70959 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -2731,13 +2731,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_8c(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
       libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  LowStar_Ignore_ignore(
-      Eurydice_slice_len(
-          Eurydice_array_to_slice(
-              (size_t)16U, re.coefficients,
-              libcrux_ml_kem_vector_portable_vector_type_PortableVector),
-          libcrux_ml_kem_vector_portable_vector_type_PortableVector),
-      size_t, void *);
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index f9f23fa2b..8b8ce9e86 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index c267a0ad9..4fb7add6a 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 0fc11d0192b3c434280f36914a5feeed67ae9e1e
+ * Libcrux: af3367d851f36102956c944b6bb3353f59d455bc
  */
 
 #ifndef __libcrux_sha3_portable_H

From 8e06ec17eb2c418ce4be04d8191c83c24ec5a790 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 16 Dec 2024 15:32:20 +0100
Subject: [PATCH 113/142] Update ecdh.yml

---
 .github/workflows/ecdh.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ecdh.yml b/.github/workflows/ecdh.yml
index 438386e60..ed13e1135 100644
--- a/.github/workflows/ecdh.yml
+++ b/.github/workflows/ecdh.yml
@@ -82,9 +82,10 @@ jobs:
       - name: 🔨 Build Release
         run: cargo build --verbose --release $RUST_TARGET_FLAG
 
-      - name: 🏃🏻 Asan MacOS
-        if: ${{ matrix.os == 'macos-latest' }}
-        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
+      # https://github.com/cryspen/libcrux/issues/717
+      # - name: 🏃🏻 Asan MacOS
+      #   if: ${{ matrix.os == 'macos-latest' }}
+      #   run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
 
       # - name: ⬆ Upload build
       #   uses: ./.github/actions/upload_artifacts

From eb7013cfac871de516410e6f893aa053b288391f Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Mon, 16 Dec 2024 15:33:10 +0100
Subject: [PATCH 114/142] Update kem.yml

---
 .github/workflows/kem.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/kem.yml b/.github/workflows/kem.yml
index d4ada3cdf..f25706dff 100644
--- a/.github/workflows/kem.yml
+++ b/.github/workflows/kem.yml
@@ -82,9 +82,10 @@ jobs:
       - name: 🔨 Build Release
         run: cargo build --verbose --release $RUST_TARGET_FLAG
 
-      - name: 🏃🏻 Asan MacOS
-        if: ${{ matrix.os == 'macos-latest' }}
-        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
+      # https://github.com/cryspen/libcrux/issues/717
+      # - name: 🏃🏻 Asan MacOS
+      #   if: ${{ matrix.os == 'macos-latest' }}
+      #   run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
 
       # - name: ⬆ Upload build
       #   uses: ./.github/actions/upload_artifacts

From 56c466470188395fd2ab0138af43f085e84499a3 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Mon, 16 Dec 2024 15:37:19 +0100
Subject: [PATCH 115/142] Select x4 Ring Element Sampler via enum

This allows us to have a `target_feature` boundary here as well.
---
 libcrux-ml-dsa/src/ml_dsa_generic.rs          |  34 +-
 .../src/ml_dsa_generic/instantiations.rs      |  28 +-
 .../src/ml_dsa_generic/instantiations/avx2.rs |  50 ++-
 libcrux-ml-dsa/src/sample.rs                  |  47 +-
 libcrux-ml-dsa/src/samplex4.rs                | 421 ++++++------------
 5 files changed, 246 insertions(+), 334 deletions(-)

diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index bf6950aa8..bd4b333e0 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -12,7 +12,7 @@ use crate::{
     ntt::ntt,
     pre_hash::{DomainSeparationContext, PreHash},
     sample::{sample_challenge_ring_element, sample_mask_vector},
-    samplex4,
+    samplex4::{self, X4Sampler},
     simd::traits::Operations,
     types::{SigningError, VerificationError},
     utils::into_padded_array,
@@ -41,6 +41,7 @@ pub(crate) fn generate_key_pair<
     const VERIFICATION_KEY_SIZE: usize,
 >(
     randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE],
+    sampler: X4Sampler,
 ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
     // 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE
     let mut seed_expanded = [0; 128];
@@ -55,9 +56,10 @@ pub(crate) fn generate_key_pair<
     let (seed_for_error_vectors, seed_for_signing) =
         seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE);
 
-    let a_as_ntt = unsafe {
-        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(seed_for_a))
-    };
+    let a_as_ntt = samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
+        into_padded_array(seed_for_a),
+        sampler,
+    );
 
     let (s1, s2) = samplex4::sample_s1_and_s2::<SIMDUnit, Shake256X4, ETA, COLUMNS_IN_A, ROWS_IN_A>(
         into_padded_array(seed_for_error_vectors),
@@ -123,6 +125,7 @@ pub(crate) fn sign_pre_hashed<
     message: &[u8],
     context: &[u8],
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
+    sampler: X4Sampler,
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     if context.len() > CONTEXT_MAX_LEN {
         return Err(SigningError::ContextTooLongError);
@@ -157,6 +160,7 @@ pub(crate) fn sign_pre_hashed<
         &pre_hashed_message,
         Some(domain_separation_context),
         randomness,
+        sampler,
     )
 }
 
@@ -187,6 +191,7 @@ pub(crate) fn sign<
     message: &[u8],
     context: &[u8],
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
+    sampler: X4Sampler,
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     let domain_separation_context = match DomainSeparationContext::new(context, None) {
         Ok(dsc) => dsc,
@@ -217,6 +222,7 @@ pub(crate) fn sign<
         message,
         Some(domain_separation_context),
         randomness,
+        sampler,
     )
 }
 
@@ -252,6 +258,7 @@ pub(crate) fn sign_internal<
     message: &[u8],
     domain_separation_context: Option<DomainSeparationContext>,
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
+    sampler: X4Sampler,
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     let (seed_for_A, seed_for_signing, verification_key_hash, s1_as_ntt, s2_as_ntt, t0_as_ntt) =
         encoding::signing_key::deserialize_then_ntt::<
@@ -263,9 +270,10 @@ pub(crate) fn sign_internal<
             SIGNING_KEY_SIZE,
         >(signing_key);
 
-    let A_as_ntt = unsafe {
-        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A))
-    };
+    let A_as_ntt = samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
+        into_padded_array(&seed_for_A),
+        sampler,
+    );
 
     let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
     derive_message_representative::<Shake256Xof>(
@@ -494,6 +502,7 @@ pub(crate) fn verify_internal<
     message: &[u8],
     domain_separation_context: Option<DomainSeparationContext>,
     signature_serialized: &[u8; SIGNATURE_SIZE],
+    sampler: X4Sampler,
 ) -> Result<(), VerificationError> {
     let (seed_for_A, t1) =
         encoding::verification_key::deserialize::<SIMDUnit, ROWS_IN_A, VERIFICATION_KEY_SIZE>(
@@ -519,9 +528,10 @@ pub(crate) fn verify_internal<
     ) {
         return Err(VerificationError::SignerResponseExceedsBoundError);
     }
-    let A_as_ntt = unsafe {
-        samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A))
-    };
+    let A_as_ntt = samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
+        into_padded_array(&seed_for_A),
+        sampler,
+    );
 
     let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH];
     Shake256::shake256::<BYTES_FOR_VERIFICATION_KEY_HASH>(
@@ -599,6 +609,7 @@ pub(crate) fn verify<
     message: &[u8],
     context: &[u8],
     signature_serialized: &[u8; SIGNATURE_SIZE],
+    sampler: X4Sampler,
 ) -> Result<(), VerificationError> {
     // We manually do the matching here to make Eurydice happy.
     let domain_separation_context = match DomainSeparationContext::new(context, None) {
@@ -628,6 +639,7 @@ pub(crate) fn verify<
         message,
         Some(domain_separation_context),
         &signature_serialized,
+        sampler,
     )
 }
 
@@ -659,6 +671,7 @@ pub(crate) fn verify_pre_hashed<
     message: &[u8],
     context: &[u8],
     signature_serialized: &[u8; SIGNATURE_SIZE],
+    sampler: X4Sampler,
 ) -> Result<(), VerificationError> {
     let pre_hashed_message = PH::hash::<Shake128>(message);
     let domain_separation_context = match DomainSeparationContext::new(context, Some(PH::oid())) {
@@ -689,5 +702,6 @@ pub(crate) fn verify_pre_hashed<
         &pre_hashed_message,
         Some(domain_separation_context),
         &signature_serialized,
+        sampler,
     )
 }
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
index 07920de39..f2714e110 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
@@ -1,5 +1,5 @@
 macro_rules! instantiate {
-    ($modp:ident, $simdunit:path, $shake128:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path) => {
+    ($modp:ident, $simdunit:path, $shake128:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path, $sampler:path) => {
         pub mod $modp {
             use crate::{
                 constants::*,
@@ -31,7 +31,7 @@ macro_rules! instantiate {
                     ERROR_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     VERIFICATION_KEY_SIZE,
-                >(randomness)
+                >(randomness, $sampler)
             }
 
             /// Sign.
@@ -76,7 +76,7 @@ macro_rules! instantiate {
                     GAMMA1_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     SIGNATURE_SIZE,
-                >(&signing_key, message, context, randomness)
+                >(&signing_key, message, context, randomness, $sampler)
             }
 
             /// Sign (internal API)
@@ -121,7 +121,13 @@ macro_rules! instantiate {
                     GAMMA1_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     SIGNATURE_SIZE,
-                >(&signing_key, message, None, randomness)
+                >(
+                    &signing_key,
+                    message,
+                    None,
+                    randomness,
+                    crate::samplex4::X4Sampler::AVX2,
+                )
             }
 
             /// Sign (pre-hashed).
@@ -169,7 +175,7 @@ macro_rules! instantiate {
                     GAMMA1_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     SIGNATURE_SIZE,
-                >(&signing_key, message, context, randomness)
+                >(&signing_key, message, context, randomness, $sampler)
             }
 
             /// Verify.
@@ -211,7 +217,7 @@ macro_rules! instantiate {
                     COMMITMENT_HASH_SIZE,
                     ONES_IN_VERIFIER_CHALLENGE,
                     MAX_ONES_IN_HINT,
-                >(verification_key, message, context, signature)
+                >(verification_key, message, context, signature, $sampler)
             }
 
             /// Verify (internal API).
@@ -253,7 +259,7 @@ macro_rules! instantiate {
                     COMMITMENT_HASH_SIZE,
                     ONES_IN_VERIFIER_CHALLENGE,
                     MAX_ONES_IN_HINT,
-                >(verification_key, message, None, signature)
+                >(verification_key, message, None, signature, $sampler)
             }
 
             /// Verify (pre-hashed with SHAKE-128).
@@ -298,7 +304,7 @@ macro_rules! instantiate {
                     COMMITMENT_HASH_SIZE,
                     ONES_IN_VERIFIER_CHALLENGE,
                     MAX_ONES_IN_HINT,
-                >(verification_key, message, context, signature)
+                >(verification_key, message, context, signature, $sampler)
             }
         }
     };
@@ -311,7 +317,8 @@ instantiate! {portable,
     crate::hash_functions::portable::Shake128X4,
     crate::hash_functions::portable::Shake256,
     crate::hash_functions::portable::Shake256Xof,
-    crate::hash_functions::portable::Shake256X4
+    crate::hash_functions::portable::Shake256X4,
+    crate::samplex4::X4Sampler::Portable
 }
 
 // AVX2 generic implementation.
@@ -326,5 +333,6 @@ instantiate! {neon,
     crate::hash_functions::neon::Shake128x4,
     crate::hash_functions::portable::Shake256,
     crate::hash_functions::portable::Shake256Xof,
-    crate::hash_functions::neon::Shake256x4
+    crate::hash_functions::neon::Shake256x4,
+    crate::samplex4::X4Sampler::Neon
 }
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
index 92d06ad8d..0e756ac25 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
@@ -33,7 +33,7 @@ mod avx2_feature {
             ERROR_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             VERIFICATION_KEY_SIZE,
-        >(randomness)
+        >(randomness, crate::samplex4::X4Sampler::AVX2)
     }
 
     /// Sign.
@@ -80,7 +80,13 @@ mod avx2_feature {
             GAMMA1_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             SIGNATURE_SIZE,
-        >(&signing_key, message, context, randomness)
+        >(
+            &signing_key,
+            message,
+            context,
+            randomness,
+            crate::samplex4::X4Sampler::AVX2,
+        )
     }
 
     /// Sign (internal API)
@@ -127,7 +133,13 @@ mod avx2_feature {
             GAMMA1_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             SIGNATURE_SIZE,
-        >(&signing_key, message, None, randomness)
+        >(
+            &signing_key,
+            message,
+            None,
+            randomness,
+            crate::samplex4::X4Sampler::AVX2,
+        )
     }
 
     /// Sign (pre-hashed).
@@ -177,7 +189,13 @@ mod avx2_feature {
             GAMMA1_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             SIGNATURE_SIZE,
-        >(&signing_key, message, context, randomness)
+        >(
+            &signing_key,
+            message,
+            context,
+            randomness,
+            crate::samplex4::X4Sampler::AVX2,
+        )
     }
 
     /// Verify.
@@ -221,7 +239,13 @@ mod avx2_feature {
             COMMITMENT_HASH_SIZE,
             ONES_IN_VERIFIER_CHALLENGE,
             MAX_ONES_IN_HINT,
-        >(verification_key, message, context, signature)
+        >(
+            verification_key,
+            message,
+            context,
+            signature,
+            crate::samplex4::X4Sampler::AVX2,
+        )
     }
 
     /// Verify (internal API).
@@ -265,7 +289,13 @@ mod avx2_feature {
             COMMITMENT_HASH_SIZE,
             ONES_IN_VERIFIER_CHALLENGE,
             MAX_ONES_IN_HINT,
-        >(verification_key, message, None, signature)
+        >(
+            verification_key,
+            message,
+            None,
+            signature,
+            crate::samplex4::X4Sampler::AVX2,
+        )
     }
 
     /// Verify (pre-hashed with SHAKE-128).
@@ -312,7 +342,13 @@ mod avx2_feature {
             COMMITMENT_HASH_SIZE,
             ONES_IN_VERIFIER_CHALLENGE,
             MAX_ONES_IN_HINT,
-        >(verification_key, message, context, signature)
+        >(
+            verification_key,
+            message,
+            context,
+            signature,
+            crate::samplex4::X4Sampler::AVX2,
+        )
     }
 }
 
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index b0d011258..fa69241a7 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -37,29 +37,35 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
 pub(super) struct SampleArgs<
     'a,
     SIMDUnit: Operations,
+    const STACK_SIZE: usize,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
 > {
     pub(super) rand_stack: &'a mut (
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; STACK_SIZE],
+        [u8; STACK_SIZE],
+        [u8; STACK_SIZE],
+        [u8; STACK_SIZE],
     ),
     pub(super) tmp_stack: &'a mut [[i32; 263]],
     pub(super) out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
     pub(super) indices: &'a [(usize, usize)],
 }
 
-impl<'a, SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>
-    SampleArgs<'a, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>
+impl<
+        'a,
+        SIMDUnit: Operations,
+        const STACK_SIZE: usize,
+        const ROWS_IN_A: usize,
+        const COLUMNS_IN_A: usize,
+    > SampleArgs<'a, SIMDUnit, STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>
 {
     pub(super) fn new(
         rand_stack: &'a mut (
-            [u8; shake128::FIVE_BLOCKS_SIZE],
-            [u8; shake128::FIVE_BLOCKS_SIZE],
-            [u8; shake128::FIVE_BLOCKS_SIZE],
-            [u8; shake128::FIVE_BLOCKS_SIZE],
+            [u8; STACK_SIZE],
+            [u8; STACK_SIZE],
+            [u8; STACK_SIZE],
+            [u8; STACK_SIZE],
         ),
         tmp_stack: &'a mut [[i32; 263]],
         out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
@@ -77,6 +83,7 @@ impl<'a, SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize
 #[inline(always)]
 pub(crate) fn sample_four_ring_elements<
     SIMDUnit: Operations,
+    Shake128: shake128::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
 >(
@@ -85,10 +92,8 @@ pub(crate) fn sample_four_ring_elements<
     domain_separator1: u16,
     domain_seperator2: u16,
     domain_separator3: u16,
-    memory: &mut SampleArgs<'_, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>,
+    memory: &mut SampleArgs<'_, SIMDUnit, { shake128::FIVE_BLOCKS_SIZE }, ROWS_IN_A, COLUMNS_IN_A>,
 ) {
-    use crate::hash_functions::shake128::XofX4;
-
     // Prepare the seeds
     seed0[32] = domain_separator0 as u8;
     seed0[33] = (domain_separator0 >> 8) as u8;
@@ -105,12 +110,7 @@ pub(crate) fn sample_four_ring_elements<
     seed3[32] = domain_separator3 as u8;
     seed3[33] = (domain_separator3 >> 8) as u8;
 
-    // FIXME: We use the portable implementation here, since the
-    // compiler has an easier time optimizing it, compared to the AVX2
-    // version, which actually results in faster code (except for key
-    // generation), even in the AVX2 instantiation of ML-DSA.
-    let mut state =
-        crate::hash_functions::simd256::Shake128x4::init_absorb(&seed0, &seed1, &seed2, &seed3);
+    let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3);
 
     state.squeeze_first_five_blocks(
         &mut memory.rand_stack.0,
@@ -529,7 +529,7 @@ mod tests {
 
     // This is just a wrapper around sample_four_ring_elements, for testing
     // purposes.
-    fn sample_ring_element_uniform<SIMDUnit: Operations>(
+    fn sample_ring_element_uniform<SIMDUnit: Operations, Shake128: shake128::XofX4>(
         seed: [u8; 34],
     ) -> PolynomialRingElement<SIMDUnit> {
         let mut rand_stack = (
@@ -542,7 +542,7 @@ mod tests {
         let mut out = [[PolynomialRingElement::<SIMDUnit>::ZERO(); 4]; 1];
         let indices = [(0, 0), (0, 1), (0, 2), (0, 3)];
         let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut out, &indices);
-        sample_four_ring_elements::<SIMDUnit, 1, 4>(
+        sample_four_ring_elements::<SIMDUnit, Shake128, 1, 4>(
             seed,
             ((seed[33] as u16) << 8) | (seed[32] as u16),
             0,
@@ -611,7 +611,7 @@ mod tests {
         ];
 
         assert_eq!(
-            sample_ring_element_uniform::<SIMDUnit>(seed).to_i32_array(),
+            sample_ring_element_uniform::<SIMDUnit, Shake128>(seed).to_i32_array(),
             expected_coefficients
         );
 
@@ -625,7 +625,8 @@ mod tests {
             0xB1, 0x83, 0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72, 0xA9, 0x56, 0xDC, 0xF1,
             0x01, 0x16, 0xDA, 0x9E, 0x01, 0x00,
         ];
-        let actual_coefficients = sample_ring_element_uniform::<SIMDUnit>(seed).to_i32_array();
+        let actual_coefficients =
+            sample_ring_element_uniform::<SIMDUnit, Shake128>(seed).to_i32_array();
 
         assert_eq!(actual_coefficients[0], 1_165_602);
         assert_eq!(
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 77cb1b7f8..285186ba0 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -5,31 +5,44 @@ use crate::{
     simd::traits::Operations,
 };
 
+/// The x4 sampling implementation that is selected during multiplexing.
+#[allow(unused)]
+pub(crate) enum X4Sampler {
+    AVX2,
+    Neon,
+    Portable,
+}
+
 #[inline(always)]
-fn generate_domain_separator(row: u8, column: u8) -> u16 {
+fn generate_domain_separator((row, column): (u8, u8)) -> u16 {
     (column as u16) | ((row as u16) << 8)
 }
 
-// Doing deep updates like `a[1][1] = 3` causes a memory blowup in F*
-// https://github.com/hacspec/hax/issues/1098
-// So we are instead using a matrix abstraction with a custom update function here.
-
 type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
     [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
 
-fn update_matrix<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
-    m: &mut Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>,
-    i: usize,
-    j: usize,
-    v: PolynomialRingElement<SIMDUnit>,
-) {
-    m[i][j] = v;
+/// A call to sample four ring elements from $seed into $memory at indices $a, $b
+/// $c, $d.
+macro_rules! sample_four_ring_elements_into {
+    ($memory:ident, $seed:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
+        $memory.indices = &[$a, $b, $c, $d];
+        sample_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
+            $seed,
+            generate_domain_separator($a),
+            generate_domain_separator($b),
+            generate_domain_separator($c),
+            generate_domain_separator($d),
+            &mut $memory,
+        );
+    };
 }
 
 #[allow(non_snake_case)]
 #[inline(always)]
+#[cfg(feature = "mldsa44")]
 pub(crate) fn matrix_A_4_by_4<
     SIMDUnit: Operations,
+    Shake128: shake128::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
 >(
@@ -45,58 +58,22 @@ pub(crate) fn matrix_A_4_by_4<
         [0u8; shake128::FIVE_BLOCKS_SIZE],
     );
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-    let mut memory = SampleArgs::new(
-        &mut rand_stack,
-        &mut tmp_stack,
-        &mut A,
-        &[(0, 0), (0, 1), (0, 2), (0, 3)],
-    );
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(0, 0),
-        generate_domain_separator(0, 1),
-        generate_domain_separator(0, 2),
-        generate_domain_separator(0, 3),
-        &mut memory,
-    );
+    let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]);
 
-    memory.indices = &[(1, 0), (1, 1), (1, 2), (1, 3)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(1, 0),
-        generate_domain_separator(1, 1),
-        generate_domain_separator(1, 2),
-        generate_domain_separator(1, 3),
-        &mut memory,
-    );
-
-    memory.indices = &[(2, 0), (2, 1), (2, 2), (2, 3)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(2, 0),
-        generate_domain_separator(2, 1),
-        generate_domain_separator(2, 2),
-        generate_domain_separator(2, 3),
-        &mut memory,
-    );
-
-    memory.indices = &[(3, 0), (3, 1), (3, 2), (3, 3)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(3, 0),
-        generate_domain_separator(3, 1),
-        generate_domain_separator(3, 2),
-        generate_domain_separator(3, 3),
-        &mut memory,
-    );
+    sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3));
+    sample_four_ring_elements_into!(memory, seed, (1, 0), (1, 1), (1, 2), (1, 3));
+    sample_four_ring_elements_into!(memory, seed, (2, 0), (2, 1), (2, 2), (2, 3));
+    sample_four_ring_elements_into!(memory, seed, (3, 0), (3, 1), (3, 2), (3, 3));
 
     A
 }
 
 #[allow(non_snake_case)]
 #[inline(always)]
+#[cfg(feature = "mldsa65")]
 pub(crate) fn matrix_A_6_by_5<
     SIMDUnit: Operations,
+    Shake128: shake128::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
 >(
@@ -111,89 +88,24 @@ pub(crate) fn matrix_A_6_by_5<
         [0u8; shake128::FIVE_BLOCKS_SIZE],
     );
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-    let mut memory = SampleArgs::new(
-        &mut rand_stack,
-        &mut tmp_stack,
-        &mut A,
-        &[(0, 0), (0, 1), (0, 2), (0, 3)],
-    );
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(0, 0),
-        generate_domain_separator(0, 1),
-        generate_domain_separator(0, 2),
-        generate_domain_separator(0, 3),
-        &mut memory,
-    );
+    let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]);
 
-    memory.indices = &[(0, 4), (1, 0), (1, 1), (1, 2)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(0, 4),
-        generate_domain_separator(1, 0),
-        generate_domain_separator(1, 1),
-        generate_domain_separator(1, 2),
-        &mut memory,
-    );
-
-    memory.indices = &[(1, 3), (1, 4), (2, 0), (2, 1)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(1, 3),
-        generate_domain_separator(1, 4),
-        generate_domain_separator(2, 0),
-        generate_domain_separator(2, 1),
-        &mut memory,
-    );
+    sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3));
+    sample_four_ring_elements_into!(memory, seed, (0, 4), (1, 0), (1, 1), (1, 2));
+    sample_four_ring_elements_into!(memory, seed, (1, 3), (1, 4), (2, 0), (2, 1));
+    sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (3, 0));
+    sample_four_ring_elements_into!(memory, seed, (3, 1), (3, 2), (3, 3), (3, 4));
+    sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3));
+    sample_four_ring_elements_into!(memory, seed, (4, 4), (5, 0), (5, 1), (5, 2));
 
-    memory.indices = &[(2, 2), (2, 3), (2, 4), (3, 0)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(2, 2),
-        generate_domain_separator(2, 3),
-        generate_domain_separator(2, 4),
-        generate_domain_separator(3, 0),
-        &mut memory,
-    );
-
-    memory.indices = &[(3, 1), (3, 2), (3, 3), (3, 4)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(3, 1),
-        generate_domain_separator(3, 2),
-        generate_domain_separator(3, 3),
-        generate_domain_separator(3, 4),
-        &mut memory,
-    );
-
-    memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(4, 0),
-        generate_domain_separator(4, 1),
-        generate_domain_separator(4, 2),
-        generate_domain_separator(4, 3),
-        &mut memory,
-    );
-
-    memory.indices = &[(4, 4), (5, 0), (5, 1), (5, 2)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(4, 4),
-        generate_domain_separator(5, 0),
-        generate_domain_separator(5, 1),
-        generate_domain_separator(5, 2),
-        &mut memory,
-    );
-
-    // The the last 2 sampled ring elements are discarded here.
+    // The last 2 sampled ring elements are discarded here.
     memory.indices = &[(5, 3), (5, 4)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
+    sample_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        generate_domain_separator(5, 3),
-        generate_domain_separator(5, 4),
-        generate_domain_separator(5, 5),
-        generate_domain_separator(5, 6),
+        generate_domain_separator((5, 3)),
+        generate_domain_separator((5, 4)),
+        generate_domain_separator((5, 5)),
+        generate_domain_separator((5, 6)),
         &mut memory,
     );
 
@@ -202,8 +114,10 @@ pub(crate) fn matrix_A_6_by_5<
 
 #[allow(non_snake_case)]
 #[inline(always)]
+#[cfg(feature = "mldsa87")]
 pub(crate) fn matrix_A_8_by_7<
     SIMDUnit: Operations,
+    Shake128: shake128::XofX4,
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
 >(
@@ -218,168 +132,107 @@ pub(crate) fn matrix_A_8_by_7<
         [0u8; shake128::FIVE_BLOCKS_SIZE],
     );
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-    let mut memory = SampleArgs::new(
-        &mut rand_stack,
-        &mut tmp_stack,
-        &mut A,
-        &[(0, 0), (0, 1), (0, 2), (0, 3)],
-    );
-
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(0, 0),
-        generate_domain_separator(0, 1),
-        generate_domain_separator(0, 2),
-        generate_domain_separator(0, 3),
-        &mut memory,
-    );
-
-    memory.indices = &[(0, 4), (0, 5), (0, 6), (1, 0)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(0, 4),
-        generate_domain_separator(0, 5),
-        generate_domain_separator(0, 6),
-        generate_domain_separator(1, 0),
-        &mut memory,
-    );
-
-    memory.indices = &[(1, 1), (1, 2), (1, 3), (1, 4)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(1, 1),
-        generate_domain_separator(1, 2),
-        generate_domain_separator(1, 3),
-        generate_domain_separator(1, 4),
-        &mut memory,
-    );
-
-    memory.indices = &[(1, 5), (1, 6), (2, 0), (2, 1)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(1, 5),
-        generate_domain_separator(1, 6),
-        generate_domain_separator(2, 0),
-        generate_domain_separator(2, 1),
-        &mut memory,
-    );
-
-    memory.indices = &[(2, 2), (2, 3), (2, 4), (2, 5)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(2, 2),
-        generate_domain_separator(2, 3),
-        generate_domain_separator(2, 4),
-        generate_domain_separator(2, 5),
-        &mut memory,
-    );
-
-    memory.indices = &[(2, 6), (3, 0), (3, 1), (3, 2)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(2, 6),
-        generate_domain_separator(3, 0),
-        generate_domain_separator(3, 1),
-        generate_domain_separator(3, 2),
-        &mut memory,
-    );
-
-    memory.indices = &[(3, 3), (3, 4), (3, 5), (3, 6)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(3, 3),
-        generate_domain_separator(3, 4),
-        generate_domain_separator(3, 5),
-        generate_domain_separator(3, 6),
-        &mut memory,
-    );
-
-    memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(4, 0),
-        generate_domain_separator(4, 1),
-        generate_domain_separator(4, 2),
-        generate_domain_separator(4, 3),
-        &mut memory,
-    );
-
-    memory.indices = &[(4, 4), (4, 5), (4, 6), (5, 0)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(4, 4),
-        generate_domain_separator(4, 5),
-        generate_domain_separator(4, 6),
-        generate_domain_separator(5, 0),
-        &mut memory,
-    );
-
-    memory.indices = &[(5, 1), (5, 2), (5, 3), (5, 4)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(5, 1),
-        generate_domain_separator(5, 2),
-        generate_domain_separator(5, 3),
-        generate_domain_separator(5, 4),
-        &mut memory,
-    );
-
-    memory.indices = &[(5, 5), (5, 6), (6, 0), (6, 1)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(5, 5),
-        generate_domain_separator(5, 6),
-        generate_domain_separator(6, 0),
-        generate_domain_separator(6, 1),
-        &mut memory,
-    );
-
-    memory.indices = &[(6, 2), (6, 3), (6, 4), (6, 5)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(6, 2),
-        generate_domain_separator(6, 3),
-        generate_domain_separator(6, 4),
-        generate_domain_separator(6, 5),
-        &mut memory,
-    );
-
-    memory.indices = &[(6, 6), (7, 0), (7, 1), (7, 2)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(6, 6),
-        generate_domain_separator(7, 0),
-        generate_domain_separator(7, 1),
-        generate_domain_separator(7, 2),
-        &mut memory,
-    );
-
-    memory.indices = &[(7, 3), (7, 4), (7, 5), (7, 6)];
-    sample_four_ring_elements::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        seed,
-        generate_domain_separator(7, 3),
-        generate_domain_separator(7, 4),
-        generate_domain_separator(7, 5),
-        generate_domain_separator(7, 6),
-        &mut memory,
-    );
+    let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]);
+
+    sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3));
+    sample_four_ring_elements_into!(memory, seed, (0, 4), (0, 5), (0, 6), (1, 0));
+    sample_four_ring_elements_into!(memory, seed, (1, 1), (1, 2), (1, 3), (1, 4));
+    sample_four_ring_elements_into!(memory, seed, (1, 5), (1, 6), (2, 0), (2, 1));
+    sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (2, 5));
+    sample_four_ring_elements_into!(memory, seed, (2, 6), (3, 0), (3, 1), (3, 2));
+    sample_four_ring_elements_into!(memory, seed, (3, 3), (3, 4), (3, 5), (3, 6));
+    sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3));
+    sample_four_ring_elements_into!(memory, seed, (4, 4), (4, 5), (4, 6), (5, 0));
+    sample_four_ring_elements_into!(memory, seed, (5, 1), (5, 2), (5, 3), (5, 4));
+    sample_four_ring_elements_into!(memory, seed, (5, 5), (5, 6), (6, 0), (6, 1));
+    sample_four_ring_elements_into!(memory, seed, (6, 2), (6, 3), (6, 4), (6, 5));
+    sample_four_ring_elements_into!(memory, seed, (6, 6), (7, 0), (7, 1), (7, 2));
+    sample_four_ring_elements_into!(memory, seed, (7, 3), (7, 4), (7, 5), (7, 6));
 
     A
 }
 
+#[inline(always)]
+#[allow(unsafe_code)]
+#[allow(non_snake_case)]
+pub(crate) fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+    seed: [u8; 34],
+    sampler: X4Sampler,
+) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
+    match sampler {
+        #[cfg(feature = "simd256")]
+        X4Sampler::AVX2 => unsafe { matrix_A_avx2::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(seed) },
+        #[cfg(feature = "simd128")]
+        X4Sampler::Neon => matrix_A_generic::<
+            SIMDUnit,
+            crate::hash_functions::neon::Shake128x4,
+            ROWS_IN_A,
+            COLUMNS_IN_A,
+        >(seed),
+        X4Sampler::Portable => matrix_A_generic::<
+            SIMDUnit,
+            crate::hash_functions::portable::Shake128X4,
+            ROWS_IN_A,
+            COLUMNS_IN_A,
+        >(seed),
+        _ => unreachable!(),
+    }
+}
+
 // XXX: of course we can't do this unconditionally, but with the manual monomorphization
 //      macro, we could inject this. This gives us +50% faster key generation and +70% signing.
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
 #[allow(unsafe_code)]
 #[allow(non_snake_case)]
-// #[inline(always)]
-pub(crate) unsafe fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+pub(crate) unsafe fn matrix_A_avx2<
+    SIMDUnit: Operations,
+    const ROWS_IN_A: usize,
+    const COLUMNS_IN_A: usize,
+>(
+    seed: [u8; 34],
+) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
+    match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) {
+        #[cfg(feature = "mldsa44")]
+        (4, 4) => matrix_A_4_by_4::<
+            SIMDUnit,
+            crate::hash_functions::simd256::Shake128x4,
+            ROWS_IN_A,
+            COLUMNS_IN_A,
+        >(seed),
+        #[cfg(feature = "mldsa65")]
+        (6, 5) => matrix_A_6_by_5::<
+            SIMDUnit,
+            crate::hash_functions::simd256::Shake128x4,
+            ROWS_IN_A,
+            COLUMNS_IN_A,
+        >(seed),
+        #[cfg(feature = "mldsa87")]
+        (8, 7) => matrix_A_8_by_7::<
+            SIMDUnit,
+            crate::hash_functions::simd256::Shake128x4,
+            ROWS_IN_A,
+            COLUMNS_IN_A,
+        >(seed),
+        _ => unreachable!(),
+    }
+}
+
+#[allow(non_snake_case)]
+pub(crate) fn matrix_A_generic<
+    SIMDUnit: Operations,
+    Shake128: shake128::XofX4,
+    const ROWS_IN_A: usize,
+    const COLUMNS_IN_A: usize,
+>(
     seed: [u8; 34],
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) {
-        (4, 4) => matrix_A_4_by_4::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(seed),
-        (6, 5) => matrix_A_6_by_5::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(seed),
-        (8, 7) => matrix_A_8_by_7::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(seed),
+        #[cfg(feature = "mldsa44")]
+        (4, 4) => matrix_A_4_by_4::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(seed),
+        #[cfg(feature = "mldsa65")]
+        (6, 5) => matrix_A_6_by_5::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(seed),
+        #[cfg(feature = "mldsa87")]
+        (8, 7) => matrix_A_8_by_7::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(seed),
         _ => unreachable!(),
     }
 }

From 2b2e4e8ba452934cd684e266af00e37442d4fe1e Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Mon, 16 Dec 2024 15:48:46 +0100
Subject: [PATCH 116/142] Remove obsolete comment

---
 libcrux-ml-dsa/src/samplex4.rs | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 285186ba0..1818cf758 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -179,8 +179,6 @@ pub(crate) fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUM
     }
 }
 
-// XXX: of course we can't do this unconditionally, but with the manual monomorphization
-//      macro, we could inject this. This gives us +50% faster key generation and +70% signing.
 #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
 #[allow(unsafe_code)]
 #[allow(non_snake_case)]

From b5039ee2a029db955de15ef8eb504e3c76317835 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Mon, 16 Dec 2024 15:58:12 +0100
Subject: [PATCH 117/142] Use specific nightly version for ASAN macos

---
 .github/workflows/ecdh.yml | 8 ++++----
 .github/workflows/kem.yml  | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ecdh.yml b/.github/workflows/ecdh.yml
index ed13e1135..53b07b057 100644
--- a/.github/workflows/ecdh.yml
+++ b/.github/workflows/ecdh.yml
@@ -82,10 +82,10 @@ jobs:
       - name: 🔨 Build Release
         run: cargo build --verbose --release $RUST_TARGET_FLAG
 
-      # https://github.com/cryspen/libcrux/issues/717
-      # - name: 🏃🏻 Asan MacOS
-      #   if: ${{ matrix.os == 'macos-latest' }}
-      #   run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
+      # TODO: https://github.com/cryspen/libcrux/issues/717
+      - name: 🏃🏻 Asan MacOS
+        if: ${{ matrix.os == 'macos-latest' }}
+        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly-2024-12-14 test --release --target aarch64-apple-darwin
 
       # - name: ⬆ Upload build
       #   uses: ./.github/actions/upload_artifacts
diff --git a/.github/workflows/kem.yml b/.github/workflows/kem.yml
index f25706dff..af4a00d63 100644
--- a/.github/workflows/kem.yml
+++ b/.github/workflows/kem.yml
@@ -82,10 +82,10 @@ jobs:
       - name: 🔨 Build Release
         run: cargo build --verbose --release $RUST_TARGET_FLAG
 
-      # https://github.com/cryspen/libcrux/issues/717
-      # - name: 🏃🏻 Asan MacOS
-      #   if: ${{ matrix.os == 'macos-latest' }}
-      #   run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly test --release --target aarch64-apple-darwin
+      # TODO: https://github.com/cryspen/libcrux/issues/717
+      - name: 🏃🏻 Asan MacOS
+        if: ${{ matrix.os == 'macos-latest' }}
+        run: RUSTDOCFLAGS=-Zsanitizer=address RUSTFLAGS=-Zsanitizer=address cargo +nightly-2024-12-14 test --release --target aarch64-apple-darwin
 
       # - name: ⬆ Upload build
       #   uses: ./.github/actions/upload_artifacts

From 2aa9d9193b971782bea975ef33b89ac5a5706ee8 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Mon, 16 Dec 2024 16:02:19 +0100
Subject: [PATCH 118/142] Install specific toolchain as well

---
 .github/workflows/ecdh.yml | 2 +-
 .github/workflows/kem.yml  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ecdh.yml b/.github/workflows/ecdh.yml
index 53b07b057..d2a3ca41c 100644
--- a/.github/workflows/ecdh.yml
+++ b/.github/workflows/ecdh.yml
@@ -47,7 +47,7 @@ jobs:
         if: ${{ matrix.bits == 64 }}
 
       - name: 🛠️ Setup Rust Nightly
-        run: rustup toolchain install nightly
+        run: rustup toolchain install nightly-2024-12-14
 
       - name: 🛠️ Setup Ubuntu x86
         if: ${{ matrix.bits == 32 &&  matrix.os == 'ubuntu-latest' }}
diff --git a/.github/workflows/kem.yml b/.github/workflows/kem.yml
index af4a00d63..a23ed54a5 100644
--- a/.github/workflows/kem.yml
+++ b/.github/workflows/kem.yml
@@ -47,7 +47,7 @@ jobs:
         if: ${{ matrix.bits == 64 }}
 
       - name: 🛠️ Setup Rust Nightly
-        run: rustup toolchain install nightly
+        run: rustup toolchain install nightly-2024-12-14
 
       - name: 🛠️ Setup Ubuntu x86
         if: ${{ matrix.bits == 32 &&  matrix.os == 'ubuntu-latest' }}

From 199e78642d64d5e6f3e70bbfbf54848fef002ad3 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Mon, 16 Dec 2024 16:24:14 +0100
Subject: [PATCH 119/142] Remove obsolete `unsafe` exceptions

---
 libcrux-ml-dsa/src/ml_dsa_generic.rs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index bd4b333e0..1c1cb164a 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -26,7 +26,6 @@ pub(crate) mod multiplexing;
 
 /// Generate a key pair.
 #[inline(always)]
-#[allow(unsafe_code)]
 pub(crate) fn generate_key_pair<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
@@ -232,7 +231,6 @@ pub(crate) fn sign<
 /// `message` already contains the domain separation.
 #[allow(non_snake_case)]
 #[inline(always)]
-#[allow(unsafe_code)]
 pub(crate) fn sign_internal<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,
@@ -478,7 +476,6 @@ fn derive_message_representative<Shake256Xof: shake256::Xof>(
 /// `message` already contains the domain separation.
 #[allow(non_snake_case)]
 #[inline(always)]
-#[allow(unsafe_code)]
 pub(crate) fn verify_internal<
     SIMDUnit: Operations,
     Shake128X4: shake128::XofX4,

From 7537f2b95b9049364d712f0e7896972e440e323b Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Mon, 16 Dec 2024 16:36:38 +0100
Subject: [PATCH 120/142] Some documentation around `SampleArgs`

---
 libcrux-ml-dsa/src/sample.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index fa69241a7..95ce8a771 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -34,6 +34,10 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
     done
 }
 
+/// A buffering data structure for sampling into a matrix.
+///
+/// After rejection sampling the ring element at `tmp_stack[i]` will
+/// be written to the indices at `indices[i]` in `out`.
 pub(super) struct SampleArgs<
     'a,
     SIMDUnit: Operations,
@@ -41,14 +45,21 @@ pub(super) struct SampleArgs<
     const ROWS_IN_A: usize,
     const COLUMNS_IN_A: usize,
 > {
+    /// Buffer for holding an initial supply of rejection sampling
+    /// randomness, e.g. five blocks of XoF output.
     pub(super) rand_stack: &'a mut (
         [u8; STACK_SIZE],
         [u8; STACK_SIZE],
         [u8; STACK_SIZE],
         [u8; STACK_SIZE],
     ),
+    /// Buffers for holding coefficients of field elements as they are sampled.
     pub(super) tmp_stack: &'a mut [[i32; 263]],
+    /// Matrix into which field elements are written from
+    /// `tmp_stack`, after successful rejection sampling.
     pub(super) out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
+    /// Indices in `out` where ring elements from `tmp_stack` should
+    /// be written to.
     pub(super) indices: &'a [(usize, usize)],
 }
 

From da72c141597b1db012f3bc23a96330f6de112770 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 17 Dec 2024 08:12:51 +0000
Subject: [PATCH 121/142] c code refresh

---
 libcrux-ml-kem/c/code_gen.txt                 |   10 +-
 libcrux-ml-kem/c/eurydice_glue.h              |    2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |   10 +-
 .../c/internal/libcrux_mlkem_avx2.h           |   10 +-
 .../c/internal/libcrux_mlkem_portable.h       |   10 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |   10 +-
 .../c/internal/libcrux_sha3_internal.h        |   10 +-
 .../c/karamel/include/krml/internal/target.h  |   13 +-
 libcrux-ml-kem/c/libcrux_core.c               |   28 +-
 libcrux-ml-kem/c/libcrux_core.h               |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |   10 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         | 1015 +++++++++--------
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |  142 +--
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     | 1005 ++++++++--------
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |  142 +--
 libcrux-ml-kem/c/libcrux_sha3.h               |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |   10 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |   10 +-
 libcrux-ml-kem/cg/code_gen.txt                |   10 +-
 libcrux-ml-kem/cg/libcrux_core.h              |   16 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |   10 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     |  720 ++++++------
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h |  706 ++++++------
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |   10 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |   10 +-
 libcrux-ml-kem/src/vector/avx2.rs             |    1 -
 libcrux-ml-kem/src/vector/neon.rs             |    1 -
 libcrux-ml-kem/src/vector/portable.rs         |    1 -
 libcrux-ml-kem/src/vector/traits.rs           |    7 +-
 46 files changed, 2108 insertions(+), 2011 deletions(-)

diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 9bf2d44d7..6e9a711b4 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
-Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
-Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
-F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h
index 746ab0dbf..ad026b9e1 100644
--- a/libcrux-ml-kem/c/eurydice_glue.h
+++ b/libcrux-ml-kem/c/eurydice_glue.h
@@ -213,7 +213,7 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N
 
 // ITERATORS
 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
-  (((iter_ptr)->start >= (iter_ptr)->end)            \
+  (((iter_ptr)->start == (iter_ptr)->end)            \
        ? (CLITERAL(ret_t){.tag = core_option_None})  \
        : (CLITERAL(ret_t){.tag = core_option_Some,   \
                           .f0 = (iter_ptr)->start++}))
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 3c1bd9034..bf1b3ef31 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index c8adfe2cf..6aadb08be 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index dbdd80a53..6ec5790dc 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 404418e36..26e588902 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index 23dd1875d..e7fcbead2 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h
index e765570fd..25313e254 100644
--- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h
+++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h
@@ -19,11 +19,6 @@
 #define inline __inline__
 #endif
 
-/* Include Apple-specific macros for use in defining KRML_ALIGNED_MALLOC. */
-#if defined(__APPLE__) && defined(__MACH__)
-#include <AvailabilityMacros.h>
-#endif
-
 /******************************************************************************/
 /* Macros that KaRaMeL will generate.                                         */
 /******************************************************************************/
@@ -130,8 +125,7 @@
 #endif
 
 /* MinGW-W64 does not support C11 aligned_alloc, but it supports
- * MSVC's _aligned_malloc. Also, fallback to use mm_malloc.h
- * implementation for macOS systems prior to 10.15 Catalina.
+ * MSVC's _aligned_malloc.
  */
 #ifndef KRML_ALIGNED_MALLOC
 #ifdef __MINGW32__
@@ -140,11 +134,6 @@
 #if (defined(_MSC_VER) || \
      (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
 #define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X)
-#elif defined(__APPLE__) && defined(__MACH__) && \
-    defined(MAC_OS_X_VERSION_MIN_REQUIRED) &&    \
-    (MAC_OS_X_VERSION_MIN_REQUIRED < 101500)
-#include <mm_malloc.h>
-#define KRML_ALIGNED_MALLOC(X, Y) _mm_malloc(Y, X)
 #else
 #define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y)
 #endif
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index dc66a1b06..9dc35bd7c 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "internal/libcrux_core.h"
@@ -279,10 +279,10 @@ with const generics
 */
 uint8_t libcrux_ml_kem_utils_prf_input_inc_e0(uint8_t (*prf_inputs)[33U],
                                               uint8_t domain_separator) {
-  uint8_t _prf_inputs_init[3U][33U];
+  uint8_t ret[3U][33U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
-      (size_t)3U, prf_inputs, _prf_inputs_init, uint8_t[33U], void *);
-  LowStar_Ignore_ignore(_prf_inputs_init, uint8_t[3U][33U], void *);
+      (size_t)3U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[3U][33U], void *);
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -412,10 +412,10 @@ with const generics
 */
 uint8_t libcrux_ml_kem_utils_prf_input_inc_fd(uint8_t (*prf_inputs)[33U],
                                               uint8_t domain_separator) {
-  uint8_t _prf_inputs_init[2U][33U];
+  uint8_t ret[2U][33U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
-      (size_t)2U, prf_inputs, _prf_inputs_init, uint8_t[33U], void *);
-  LowStar_Ignore_ignore(_prf_inputs_init, uint8_t[2U][33U], void *);
+      (size_t)2U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[2U][33U], void *);
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
@@ -585,10 +585,10 @@ with const generics
 */
 uint8_t libcrux_ml_kem_utils_prf_input_inc_ac(uint8_t (*prf_inputs)[33U],
                                               uint8_t domain_separator) {
-  uint8_t _prf_inputs_init[4U][33U];
+  uint8_t ret[4U][33U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
-      (size_t)4U, prf_inputs, _prf_inputs_init, uint8_t[33U], void *);
-  LowStar_Ignore_ignore(_prf_inputs_init, uint8_t[4U][33U], void *);
+      (size_t)4U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[4U][33U], void *);
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   prf_inputs[i0][32U] = domain_separator;
                   domain_separator = (uint32_t)domain_separator + 1U;);
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index 9f376b65a..b9094983b 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index c71b1468c..adccad760 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index fa88e4424..99dab1335 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 887b4c952..779a75fce 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 4497c9ffe..4d3a9798d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 6f10d9e76..62bd963b4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index bf9905219..4869b5cf7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 9010a9ac4..b00fe469b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index ce6385741..aef97c298 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index dd87e5927..7e8661d89 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 45ab7d160..4bbace2c4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index dcebc304f..f71738245 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 1e6747201..0b78f3103 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 616b763c3..7d99e3a8d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 0d55bc94b..e0e0ed51a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 24c70ba83..ed8baa51f 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 13bbb70d6..74eb91feb 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
@@ -39,9 +39,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) {
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_9a(void) {
   return libcrux_ml_kem_vector_avx2_vec_zero();
 }
 
@@ -52,10 +52,10 @@ libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) {
+libcrux_ml_kem_vector_avx2_from_i16_array_9a(Eurydice_slice array) {
   return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array);
 }
 
@@ -69,9 +69,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array_9a(
     __m256i x, int16_t ret[16U]) {
   libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret);
 }
@@ -83,9 +83,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs,
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_add_9a(__m256i lhs,
                                                           __m256i *rhs) {
   return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]);
 }
@@ -97,9 +97,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs,
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_sub_9a(__m256i lhs,
                                                           __m256i *rhs) {
   return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]);
 }
@@ -113,10 +113,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c) {
+libcrux_ml_kem_vector_avx2_multiply_by_constant_9a(__m256i vec, int16_t c) {
   return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c);
 }
 
@@ -129,9 +129,9 @@ libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(
     __m256i vector, int16_t constant) {
   return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(
       vector, constant);
@@ -156,10 +156,10 @@ libcrux_ml_kem_vector_avx2_cond_subtract_3329(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) {
+libcrux_ml_kem_vector_avx2_cond_subtract_3329_9a(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_cond_subtract_3329(vector);
 }
 
@@ -182,10 +182,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) {
+libcrux_ml_kem_vector_avx2_barrett_reduce_9a(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector);
 }
 
@@ -208,10 +208,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
     __m256i vector, int16_t constant) {
   return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(
       vector, constant);
@@ -239,10 +239,10 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_1(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) {
+libcrux_ml_kem_vector_avx2_compress_1_9a(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_1(vector);
 }
 
@@ -295,9 +295,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
   return libcrux_ml_kem_vector_avx2_ntt_layer_1_step(vector, zeta0, zeta1,
@@ -324,9 +324,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1) {
   return libcrux_ml_kem_vector_avx2_ntt_layer_2_step(vector, zeta0, zeta1);
 }
@@ -367,10 +367,10 @@ libcrux_ml_kem_vector_avx2_ntt_layer_3_step(__m256i vector, int16_t zeta) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, int16_t zeta) {
+libcrux_ml_kem_vector_avx2_ntt_layer_3_step_9a(__m256i vector, int16_t zeta) {
   return libcrux_ml_kem_vector_avx2_ntt_layer_3_step(vector, zeta);
 }
 
@@ -404,9 +404,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
   return libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(vector, zeta0, zeta1,
@@ -440,9 +440,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1) {
   return libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(vector, zeta0, zeta1);
 }
@@ -468,9 +468,9 @@ libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(__m256i vector, int16_t zeta) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_9a(
     __m256i vector, int16_t zeta) {
   return libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(vector, zeta);
 }
@@ -556,9 +556,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
+KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_9a(
     __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
   return libcrux_ml_kem_vector_avx2_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2,
@@ -583,9 +583,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1_9a(
     __m256i vector, uint8_t ret[2U]) {
   libcrux_ml_kem_vector_avx2_serialize_1(vector, ret);
 }
@@ -627,10 +627,10 @@ libcrux_ml_kem_vector_avx2_deserialize_1(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_1_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_1(bytes);
 }
 
@@ -688,9 +688,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4_9a(
     __m256i vector, uint8_t ret[8U]) {
   libcrux_ml_kem_vector_avx2_serialize_4(vector, ret);
 }
@@ -744,10 +744,10 @@ libcrux_ml_kem_vector_avx2_deserialize_4(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_4_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_4(bytes);
 }
 
@@ -795,9 +795,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_5_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_5_9a(
     __m256i vector, uint8_t ret[10U]) {
   libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret);
 }
@@ -862,10 +862,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_5_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes);
 }
 
@@ -927,9 +927,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10_9a(
     __m256i vector, uint8_t ret[20U]) {
   libcrux_ml_kem_vector_avx2_serialize_10(vector, ret);
 }
@@ -976,10 +976,10 @@ libcrux_ml_kem_vector_avx2_deserialize_10(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_10_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_10(bytes);
 }
 
@@ -989,18 +989,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11(
   mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t),
                          vector);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector input =
-      libcrux_ml_kem_vector_portable_from_i16_array_0d(
+      libcrux_ml_kem_vector_portable_from_i16_array_2c(
           Eurydice_array_to_slice((size_t)16U, array, int16_t));
   uint8_t ret0[22U];
-  libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0);
+  libcrux_ml_kem_vector_portable_serialize_11_2c(input, ret0);
   memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t));
 }
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_11_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_11_9a(
     __m256i vector, uint8_t ret[22U]) {
   libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret);
 }
@@ -1008,19 +1008,19 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_11_09(
 KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector output =
-      libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
+      libcrux_ml_kem_vector_portable_deserialize_11_2c(bytes);
   int16_t array[16U];
-  libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array);
+  libcrux_ml_kem_vector_portable_to_i16_array_2c(output, array);
   return mm256_loadu_si256_i16(
       Eurydice_array_to_slice((size_t)16U, array, int16_t));
 }
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_11_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes);
 }
 
@@ -1082,9 +1082,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12_09(
+KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12_9a(
     __m256i vector, uint8_t ret[24U]) {
   libcrux_ml_kem_vector_avx2_serialize_12(vector, ret);
 }
@@ -1131,10 +1131,10 @@ libcrux_ml_kem_vector_avx2_deserialize_12(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_12_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_12(bytes);
 }
 
@@ -1181,21 +1181,29 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_rej_sample_09(
+KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_rej_sample_9a(
     Eurydice_slice input, Eurydice_slice output) {
   return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output);
 }
 
 /**
 This function found in impl {(core::clone::Clone for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#1}
 */
-inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) {
+inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) {
   return self[0U];
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::vector::traits::Repr for
+libcrux_ml_kem::vector::avx2::SIMD256Vector)}
+*/
+void libcrux_ml_kem_vector_avx2_repr_11(__m256i x, int16_t ret[16U]) {
+  libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret);
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -1207,24 +1215,24 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_ef_61(void) {
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_ef_79(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
   return lit;
 }
 
@@ -1241,16 +1249,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_to_reduced_ring_element_61(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_to_reduced_ring_element_79(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_9a(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient);
+        libcrux_ml_kem_vector_avx2_cond_subtract_3329_9a(coefficient);
   }
   return re;
 }
@@ -1278,7 +1286,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_ab(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        deserialize_to_reduced_ring_element_61(ring_element);
+        deserialize_to_reduced_ring_element_79(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -1300,7 +1308,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_61(););
+                  deserialized_pk[i] = ZERO_ef_79(););
   deserialize_ring_elements_reduced_ab(public_key, deserialized_pk);
   memcpy(
       ret, deserialized_pk,
@@ -1318,14 +1326,14 @@ static KRML_MUSTINLINE __m256i shift_right_ef(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_9a
 with const generics
 - SHIFT_BY= 15
 */
-static KRML_MUSTINLINE __m256i shift_right_09_ef(__m256i vector) {
+static KRML_MUSTINLINE __m256i shift_right_9a_ef(__m256i vector) {
   return shift_right_ef(vector);
 }
 
@@ -1335,11 +1343,11 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE __m256i to_unsigned_representative_61(__m256i a) {
-  __m256i t = shift_right_09_ef(a);
-  __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
+static KRML_MUSTINLINE __m256i to_unsigned_representative_79(__m256i a) {
+  __m256i t = shift_right_9a_ef(a);
+  __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
+  return libcrux_ml_kem_vector_avx2_add_9a(a, &fm);
 }
 
 /**
@@ -1348,8 +1356,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_61(__m256i a) {
-  return to_unsigned_representative_61(a);
+static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_79(__m256i a) {
+  return to_unsigned_representative_79(a);
 }
 
 /**
@@ -1358,15 +1366,15 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_61(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = to_unsigned_field_modulus_61(re->coefficients[i0]);
+    __m256i coefficient = to_unsigned_field_modulus_79(re->coefficients[i0]);
     uint8_t bytes[24U];
-    libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_12_9a(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t);
     Eurydice_slice_copy(
@@ -1403,7 +1411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ed(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_61(&re, ret0);
+    serialize_uncompressed_ring_element_79(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -1487,6 +1495,19 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key) {
       (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
+libcrux_ml_kem::hash_functions::avx2::Simd256Hash)}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) {
+  libcrux_ml_kem_hash_functions_avx2_H(input, ret);
+}
+
 /**
  Validate an ML-KEM private key.
 
@@ -1501,9 +1522,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  H_a9_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
+          t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
+      (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -1550,9 +1578,9 @@ with const generics
 */
 static IndCpaPrivateKeyUnpacked_63 default_1a_ab(void) {
   IndCpaPrivateKeyUnpacked_63 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_61();
-  lit.secret_as_ntt[1U] = ZERO_ef_61();
-  lit.secret_as_ntt[2U] = ZERO_ef_61();
+  lit.secret_as_ntt[0U] = ZERO_ef_79();
+  lit.secret_as_ntt[1U] = ZERO_ef_79();
+  lit.secret_as_ntt[2U] = ZERO_ef_79();
   return lit;
 }
 
@@ -1582,22 +1610,22 @@ with const generics
 static IndCpaPublicKeyUnpacked_63 default_8d_ab(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_61(););
+                  uu____0[i] = ZERO_ef_79(););
   uint8_t uu____1[32U] = {0U};
   IndCpaPublicKeyUnpacked_63 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_61();
-  lit.A[0U][1U] = ZERO_ef_61();
-  lit.A[0U][2U] = ZERO_ef_61();
-  lit.A[1U][0U] = ZERO_ef_61();
-  lit.A[1U][1U] = ZERO_ef_61();
-  lit.A[1U][2U] = ZERO_ef_61();
-  lit.A[2U][0U] = ZERO_ef_61();
-  lit.A[2U][1U] = ZERO_ef_61();
-  lit.A[2U][2U] = ZERO_ef_61();
+  lit.A[0U][0U] = ZERO_ef_79();
+  lit.A[0U][1U] = ZERO_ef_79();
+  lit.A[0U][2U] = ZERO_ef_79();
+  lit.A[1U][0U] = ZERO_ef_79();
+  lit.A[1U][1U] = ZERO_ef_79();
+  lit.A[1U][2U] = ZERO_ef_79();
+  lit.A[2U][0U] = ZERO_ef_79();
+  lit.A[2U][1U] = ZERO_ef_79();
+  lit.A[2U][2U] = ZERO_ef_79();
   return lit;
 }
 
@@ -1780,7 +1808,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -1905,7 +1933,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed0(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -1931,24 +1959,24 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_61(void) {
+static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_79(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
   return lit;
 }
 
@@ -1959,13 +1987,13 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-from_i16_array_61(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_61();
+from_i16_array_79(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_79();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     result.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2(
+        libcrux_ml_kem_vector_avx2_from_i16_array_9a(Eurydice_slice_subslice2(
             a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t));
   }
   return result;
@@ -1983,8 +2011,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-from_i16_array_ef_61(Eurydice_slice a) {
-  return from_i16_array_61(a);
+from_i16_array_ef_79(Eurydice_slice a) {
+  return from_i16_array_79(a);
 }
 
 /**
@@ -1995,7 +2023,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c1(
     int16_t s[272U]) {
-  return from_i16_array_ef_61(
+  return from_i16_array_ef_79(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -2193,7 +2221,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-sample_from_binomial_distribution_2_61(Eurydice_slice randomness) {
+sample_from_binomial_distribution_2_79(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
@@ -2227,7 +2255,7 @@ sample_from_binomial_distribution_2_61(Eurydice_slice randomness) {
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_61(
+  return from_i16_array_ef_79(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -2238,7 +2266,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-sample_from_binomial_distribution_3_61(Eurydice_slice randomness) {
+sample_from_binomial_distribution_3_79(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) {
@@ -2271,7 +2299,7 @@ sample_from_binomial_distribution_3_61(Eurydice_slice randomness) {
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_61(
+  return from_i16_array_ef_79(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -2283,7 +2311,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 sample_from_binomial_distribution_89(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_2_61(randomness);
+  return sample_from_binomial_distribution_2_79(randomness);
 }
 
 /**
@@ -2292,17 +2320,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_61(
+static KRML_MUSTINLINE void ntt_at_layer_7_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
-    __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
+    __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_9a(
         re->coefficients[j + step], (int16_t)-1600);
     re->coefficients[j + step] =
-        libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_avx2_sub_9a(re->coefficients[j], &t);
     re->coefficients[j] =
-        libcrux_ml_kem_vector_avx2_add_09(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_avx2_add_9a(re->coefficients[j], &t);
   }
 }
 
@@ -2317,9 +2345,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i montgomery_multiply_fe_61(__m256i v,
+static KRML_MUSTINLINE __m256i montgomery_multiply_fe_79(__m256i v,
                                                          int16_t fer) {
-  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
+  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(v, fer);
 }
 
 /**
@@ -2329,10 +2357,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-ntt_layer_int_vec_step_61(__m256i a, __m256i b, int16_t zeta_r) {
-  __m256i t = montgomery_multiply_fe_61(b, zeta_r);
-  b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
-  a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
+ntt_layer_int_vec_step_79(__m256i a, __m256i b, int16_t zeta_r) {
+  __m256i t = montgomery_multiply_fe_79(b, zeta_r);
+  b = libcrux_ml_kem_vector_avx2_sub_9a(a, &t);
+  a = libcrux_ml_kem_vector_avx2_add_9a(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2343,7 +2371,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2356,7 +2384,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_61(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          ntt_layer_int_vec_step_61(re->coefficients[j],
+          ntt_layer_int_vec_step_79(re->coefficients[j],
                                     re->coefficients[j + step_vec],
                                     libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2373,12 +2401,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_61(
+static KRML_MUSTINLINE void ntt_at_layer_3_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
-      re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(
+      re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_9a(
           re->coefficients[round],
           libcrux_ml_kem_polynomial_zeta(zeta_i[0U])););
 }
@@ -2389,12 +2417,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_61(
+static KRML_MUSTINLINE void ntt_at_layer_2_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
-      re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
+      re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_9a(
           re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
           libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;);
@@ -2406,12 +2434,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_61(
+static KRML_MUSTINLINE void ntt_at_layer_1_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
-      re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
+      re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_9a(
           re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
           libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
           libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
@@ -2425,13 +2453,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_61(
+static KRML_MUSTINLINE void poly_barrett_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     myself->coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_barrett_reduce_09(myself->coefficients[i0]);
+        libcrux_ml_kem_vector_avx2_barrett_reduce_9a(myself->coefficients[i0]);
   }
 }
 
@@ -2446,9 +2474,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_61(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
-  poly_barrett_reduce_61(self);
+  poly_barrett_reduce_79(self);
 }
 
 /**
@@ -2457,17 +2485,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_61(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  ntt_at_layer_7_61(re);
+  ntt_at_layer_7_79(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_61(&zeta_i, re);
-  ntt_at_layer_2_61(&zeta_i, re);
-  ntt_at_layer_1_61(&zeta_i, re);
-  poly_barrett_reduce_ef_61(re);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_79(&zeta_i, re);
+  ntt_at_layer_2_79(&zeta_i, re);
+  ntt_at_layer_1_79(&zeta_i, re);
+  poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -2500,7 +2528,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b41(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -2527,7 +2555,7 @@ static KRML_MUSTINLINE tuple_23 sample_vector_cbd_then_ntt_out_b41(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_61(););
+                  re_as_ntt[i] = ZERO_ef_79(););
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -2580,13 +2608,13 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-ntt_multiply_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
+ntt_multiply_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
                 libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_79();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09(
+    out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_9a(
         &myself->coefficients[i0], &rhs->coefficients[i0],
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
@@ -2611,9 +2639,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-ntt_multiply_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+ntt_multiply_ef_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  return ntt_multiply_61(self, rhs);
+  return ntt_multiply_79(self, rhs);
 }
 
 /**
@@ -2635,7 +2663,7 @@ static KRML_MUSTINLINE void add_to_ring_element_ab(
                               __m256i);
        i++) {
     size_t i0 = i;
-    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_9a(
         myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
@@ -2663,8 +2691,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i to_standard_domain_61(__m256i v) {
-  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+static KRML_MUSTINLINE __m256i to_standard_domain_79(__m256i v) {
+  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
 
@@ -2674,16 +2702,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_61(
+static KRML_MUSTINLINE void add_standard_error_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        to_standard_domain_61(myself->coefficients[j]);
-    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
+        to_standard_domain_79(myself->coefficients[j]);
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+        libcrux_ml_kem_vector_avx2_add_9a(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
@@ -2699,10 +2727,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_61(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
-  add_standard_error_reduce_61(self, error);
+  add_standard_error_reduce_79(self, error);
 }
 
 /**
@@ -2728,7 +2756,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_79();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -2741,10 +2769,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          ntt_multiply_ef_61(matrix_element, &s_as_ntt[j]);
+          ntt_multiply_ef_79(matrix_element, &s_as_ntt[j]);
       add_to_ring_element_ef_ab(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_61(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_79(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -2900,19 +2928,6 @@ generate_keypair_bb1(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_8c(&public_key, &private_key);
 }
 
-/**
-This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
-libcrux_ml_kem::hash_functions::avx2::Simd256Hash)}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
-with const generics
-- K= 3
-*/
-static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_avx2_H(input, ret);
-}
-
 /**
  Serialize the secret key.
 */
@@ -3104,7 +3119,7 @@ static KRML_MUSTINLINE tuple_23
 sample_ring_element_cbd_b41(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  error_1[i] = ZERO_ef_61(););
+                  error_1[i] = ZERO_ef_79(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -3168,13 +3183,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_61(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
       re->coefficients[round] =
-          libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
+          libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_9a(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
@@ -3189,13 +3204,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_61(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
       re->coefficients[round] =
-          libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(
+          libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_9a(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
@@ -3208,12 +3223,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_61(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
                    zeta_i[0U] = zeta_i[0U] - (size_t)1U;
                    re->coefficients[round] =
-                       libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(
+                       libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_9a(
                            re->coefficients[round],
                            libcrux_ml_kem_polynomial_zeta(zeta_i[0U])););
 }
@@ -3225,11 +3240,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-inv_ntt_layer_int_vec_step_reduce_61(__m256i a, __m256i b, int16_t zeta_r) {
-  __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
-  a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-      libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = montgomery_multiply_fe_61(a_minus_b, zeta_r);
+inv_ntt_layer_int_vec_step_reduce_79(__m256i a, __m256i b, int16_t zeta_r) {
+  __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_9a(b, &a);
+  a = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+      libcrux_ml_kem_vector_avx2_add_9a(a, &b));
+  b = montgomery_multiply_fe_79(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -3240,7 +3255,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3255,7 +3270,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_61(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_61(
+          inv_ntt_layer_int_vec_step_reduce_79(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -3276,14 +3291,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_61(&zeta_i, re);
-  invert_ntt_at_layer_2_61(&zeta_i, re);
-  invert_ntt_at_layer_3_61(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_61(re);
+  invert_ntt_at_layer_1_79(&zeta_i, re);
+  invert_ntt_at_layer_2_79(&zeta_i, re);
+  invert_ntt_at_layer_3_79(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -3292,17 +3307,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_61(
+static KRML_MUSTINLINE void add_error_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
             myself->coefficients[j], (int16_t)1441);
-    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+        libcrux_ml_kem_vector_avx2_add_9a(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
@@ -3318,10 +3333,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_61(
+static KRML_MUSTINLINE void add_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
-  add_error_reduce_61(self, error);
+  add_error_reduce_79(self, error);
 }
 
 /**
@@ -3340,7 +3355,7 @@ static KRML_MUSTINLINE void compute_vector_u_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  result[i] = ZERO_ef_61(););
+                  result[i] = ZERO_ef_79(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -3360,11 +3375,11 @@ static KRML_MUSTINLINE void compute_vector_u_ab(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+          ntt_multiply_ef_79(a_element, &r_as_ntt[j]);
       add_to_ring_element_ef_ab(&result[i1], &product);
     }
     invert_ntt_montgomery_ab(&result[i1]);
-    add_error_reduce_ef_61(&result[i1], &error_1[i1]);
+    add_error_reduce_ef_79(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -3377,10 +3392,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE __m256i decompress_1_61(__m256i vec) {
-  __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
-  __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
-  return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s,
+static KRML_MUSTINLINE __m256i decompress_1_79(__m256i vec) {
+  __m256i z = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  __m256i s = libcrux_ml_kem_vector_avx2_sub_9a(z, &vec);
+  return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(s,
                                                                  (int16_t)1665);
 }
 
@@ -3391,16 +3406,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_message_61(uint8_t serialized[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_then_decompress_message_79(uint8_t serialized[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       __m256i coefficient_compressed =
-          libcrux_ml_kem_vector_avx2_deserialize_1_09(
+          libcrux_ml_kem_vector_avx2_deserialize_1_9a(
               Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                           (size_t)2U * i0 + (size_t)2U,
                                           uint8_t));
-      re.coefficients[i0] = decompress_1_61(coefficient_compressed););
+      re.coefficients[i0] = decompress_1_79(coefficient_compressed););
   return re;
 }
 
@@ -3411,7 +3426,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-add_message_error_reduce_61(
+add_message_error_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
@@ -3419,14 +3434,14 @@ add_message_error_reduce_61(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(myself->coefficients[i0],
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_9a(myself->coefficients[i0],
                                                     &message->coefficients[i0]);
     __m256i tmp0 =
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
+        libcrux_ml_kem_vector_avx2_add_9a(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0);
+        libcrux_ml_kem_vector_avx2_barrett_reduce_9a(tmp0);
   }
   return result;
 }
@@ -3443,11 +3458,11 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-add_message_error_reduce_ef_61(
+add_message_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
-  return add_message_error_reduce_61(self, message, result);
+  return add_message_error_reduce_79(self, message, result);
 }
 
 /**
@@ -3465,13 +3480,13 @@ compute_ring_element_v_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_79();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-                      ntt_multiply_ef_61(&t_as_ntt[i0], &r_as_ntt[i0]);
+                      ntt_multiply_ef_79(&t_as_ntt[i0], &r_as_ntt[i0]);
                   add_to_ring_element_ef_ab(&result, &product););
   invert_ntt_montgomery_ab(&result);
-  result = add_message_error_reduce_ef_61(error_2, message, result);
+  result = add_message_error_reduce_ef_79(error_2, message, result);
   return result;
 }
 
@@ -3531,14 +3546,14 @@ static KRML_MUSTINLINE __m256i compress_ef(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static KRML_MUSTINLINE __m256i compress_09_ef(__m256i vector) {
+static KRML_MUSTINLINE __m256i compress_9a_ef(__m256i vector) {
   return compress_ef(vector);
 }
 
@@ -3555,9 +3570,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_0e0(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_ef(to_unsigned_field_modulus_61(re->coefficients[i0]));
+        compress_9a_ef(to_unsigned_field_modulus_79(re->coefficients[i0]));
     uint8_t bytes[20U];
-    libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_10_9a(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t);
     Eurydice_slice_copy(
@@ -3622,14 +3637,14 @@ static KRML_MUSTINLINE __m256i compress_c4(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 11
 */
-static KRML_MUSTINLINE __m256i compress_09_c4(__m256i vector) {
+static KRML_MUSTINLINE __m256i compress_9a_c4(__m256i vector) {
   return compress_c4(vector);
 }
 
@@ -3737,14 +3752,14 @@ static KRML_MUSTINLINE __m256i compress_d1(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 4
 */
-static KRML_MUSTINLINE __m256i compress_09_d1(__m256i vector) {
+static KRML_MUSTINLINE __m256i compress_9a_d1(__m256i vector) {
   return compress_d1(vector);
 }
 
@@ -3754,16 +3769,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_61(
+static KRML_MUSTINLINE void compress_then_serialize_4_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_d1(to_unsigned_field_modulus_61(re.coefficients[i0]));
+        compress_9a_d1(to_unsigned_field_modulus_79(re.coefficients[i0]));
     uint8_t bytes[8U];
-    libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_4_9a(coefficient, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
@@ -3827,14 +3842,14 @@ static KRML_MUSTINLINE __m256i compress_f4(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 5
 */
-static KRML_MUSTINLINE __m256i compress_09_f4(__m256i vector) {
+static KRML_MUSTINLINE __m256i compress_9a_f4(__m256i vector) {
   return compress_f4(vector);
 }
 
@@ -3844,16 +3859,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_61(
+static KRML_MUSTINLINE void compress_then_serialize_5_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficients =
-        compress_09_f4(to_unsigned_representative_61(re.coefficients[i0]));
+        compress_9a_f4(to_unsigned_representative_79(re.coefficients[i0]));
     uint8_t bytes[10U];
-    libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_5_9a(coefficients, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)10U * i0,
                                  (size_t)10U * i0 + (size_t)10U, uint8_t),
@@ -3871,7 +3886,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ed(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
-  compress_then_serialize_4_61(re, out);
+  compress_then_serialize_4_79(re, out);
 }
 
 /**
@@ -3969,7 +3984,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_741(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
-      deserialize_then_decompress_message_61(copy_of_message);
+      deserialize_then_decompress_message_79(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       compute_ring_element_v_ab(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
@@ -4117,14 +4132,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_to_uncompressed_ring_element_79(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
-    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes);
+    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_9a(bytes);
   }
   return re;
 }
@@ -4143,7 +4158,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_61(););
+                  secret_as_ntt[i] = ZERO_ef_79(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -4155,7 +4170,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_ab(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        deserialize_to_uncompressed_ring_element_61(secret_bytes);
+        deserialize_to_uncompressed_ring_element_79(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
   memcpy(
@@ -4206,16 +4221,16 @@ decompress_ciphertext_coefficient_ef(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 10
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_09_ef(__m256i vector) {
+decompress_ciphertext_coefficient_9a_ef(__m256i vector) {
   return decompress_ciphertext_coefficient_ef(vector);
 }
 
@@ -4226,15 +4241,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_10_61(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_then_decompress_10_79(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_ef(coefficient);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_9a(bytes);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_9a_ef(coefficient);
   }
   return re;
 }
@@ -4282,16 +4297,16 @@ decompress_ciphertext_coefficient_c4(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 11
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_09_c4(__m256i vector) {
+decompress_ciphertext_coefficient_9a_c4(__m256i vector) {
   return decompress_ciphertext_coefficient_c4(vector);
 }
 
@@ -4302,15 +4317,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_11_61(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_then_decompress_11_79(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_c4(coefficient);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_9a(bytes);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_9a_c4(coefficient);
   }
   return re;
 }
@@ -4323,7 +4338,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 deserialize_then_decompress_ring_element_u_ee(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_61(serialized);
+  return deserialize_then_decompress_10_79(serialized);
 }
 
 /**
@@ -4335,14 +4350,14 @@ with const generics
 static KRML_MUSTINLINE void ntt_vector_u_ee(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_61(&zeta_i, re);
-  ntt_at_layer_2_61(&zeta_i, re);
-  ntt_at_layer_1_61(&zeta_i, re);
-  poly_barrett_reduce_ef_61(re);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_79(&zeta_i, re);
+  ntt_at_layer_2_79(&zeta_i, re);
+  ntt_at_layer_1_79(&zeta_i, re);
+  poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -4362,7 +4377,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ed(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_61(););
+                  u_as_ntt[i] = ZERO_ef_79(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
@@ -4431,16 +4446,16 @@ decompress_ciphertext_coefficient_d1(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 4
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_09_d1(__m256i vector) {
+decompress_ciphertext_coefficient_9a_d1(__m256i vector) {
   return decompress_ciphertext_coefficient_d1(vector);
 }
 
@@ -4451,15 +4466,15 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_4_61(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_then_decompress_4_79(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
-    re.coefficients[i0] = decompress_ciphertext_coefficient_09_d1(coefficient);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_9a(bytes);
+    re.coefficients[i0] = decompress_ciphertext_coefficient_9a_d1(coefficient);
   }
   return re;
 }
@@ -4507,16 +4522,16 @@ decompress_ciphertext_coefficient_f4(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 5
 */
 static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_09_f4(__m256i vector) {
+decompress_ciphertext_coefficient_9a_f4(__m256i vector) {
   return decompress_ciphertext_coefficient_f4(vector);
 }
 
@@ -4527,16 +4542,16 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-deserialize_then_decompress_5_61(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_61();
+deserialize_then_decompress_5_79(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
-    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
+    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_9a(bytes);
     re.coefficients[i0] =
-        decompress_ciphertext_coefficient_09_f4(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_9a_f4(re.coefficients[i0]);
   }
   return re;
 }
@@ -4550,7 +4565,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 deserialize_then_decompress_ring_element_v_ed(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_61(serialized);
+  return deserialize_then_decompress_4_79(serialized);
 }
 
 /**
@@ -4560,16 +4575,16 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-subtract_reduce_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
+subtract_reduce_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
             b.coefficients[i0], (int16_t)1441);
-    b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_sub_09(myself->coefficients[i0],
+    b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+        libcrux_ml_kem_vector_avx2_sub_9a(myself->coefficients[i0],
                                           &coefficient_normal_form));
   }
   return b;
@@ -4587,9 +4602,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-subtract_reduce_ef_61(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
+subtract_reduce_ef_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
-  return subtract_reduce_61(self, b);
+  return subtract_reduce_79(self, b);
 }
 
 /**
@@ -4609,13 +4624,13 @@ compute_message_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_79();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-                      ntt_multiply_ef_61(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                      ntt_multiply_ef_79(&secret_as_ntt[i0], &u_as_ntt[i0]);
                   add_to_ring_element_ef_ab(&result, &product););
   invert_ntt_montgomery_ab(&result);
-  result = subtract_reduce_ef_61(v, result);
+  result = subtract_reduce_ef_79(v, result);
   return result;
 }
 
@@ -4625,16 +4640,16 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_61(
+static KRML_MUSTINLINE void compress_then_serialize_message_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
-      __m256i coefficient = to_unsigned_field_modulus_61(re.coefficients[i0]);
+      __m256i coefficient = to_unsigned_field_modulus_79(re.coefficients[i0]);
       __m256i coefficient_compressed =
-          libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
+          libcrux_ml_kem_vector_avx2_compress_1_9a(coefficient);
       uint8_t bytes[2U];
-      libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes);
+      libcrux_ml_kem_vector_avx2_serialize_1_9a(coefficient_compressed, bytes);
       Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
           serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t);
       Eurydice_slice_copy(uu____0,
@@ -4689,7 +4704,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_2f(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_61(message, ret0);
+  compress_then_serialize_message_79(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -4857,7 +4872,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_42(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        deserialize_to_reduced_ring_element_61(ring_element);
+        deserialize_to_reduced_ring_element_79(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -4879,7 +4894,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_61(););
+                  deserialized_pk[i] = ZERO_ef_79(););
   deserialize_ring_elements_reduced_42(public_key, deserialized_pk);
   memcpy(
       ret, deserialized_pk,
@@ -4914,7 +4929,7 @@ static KRML_MUSTINLINE void serialize_secret_key_78(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_61(&re, ret0);
+    serialize_uncompressed_ring_element_79(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -4998,6 +5013,19 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key) {
       (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
+libcrux_ml_kem::hash_functions::avx2::Simd256Hash)}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
+with const generics
+- K= 4
+*/
+static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) {
+  libcrux_ml_kem_hash_functions_avx2_H(input, ret);
+}
+
 /**
  Validate an ML-KEM private key.
 
@@ -5012,9 +5040,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  H_a9_ac(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)4U,
+              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
+          t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
+      (size_t)768U * (size_t)4U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -5061,10 +5096,10 @@ with const generics
 */
 static IndCpaPrivateKeyUnpacked_39 default_1a_42(void) {
   IndCpaPrivateKeyUnpacked_39 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_61();
-  lit.secret_as_ntt[1U] = ZERO_ef_61();
-  lit.secret_as_ntt[2U] = ZERO_ef_61();
-  lit.secret_as_ntt[3U] = ZERO_ef_61();
+  lit.secret_as_ntt[0U] = ZERO_ef_79();
+  lit.secret_as_ntt[1U] = ZERO_ef_79();
+  lit.secret_as_ntt[2U] = ZERO_ef_79();
+  lit.secret_as_ntt[3U] = ZERO_ef_79();
   return lit;
 }
 
@@ -5094,29 +5129,29 @@ with const generics
 static IndCpaPublicKeyUnpacked_39 default_8d_42(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_61(););
+                  uu____0[i] = ZERO_ef_79(););
   uint8_t uu____1[32U] = {0U};
   IndCpaPublicKeyUnpacked_39 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_61();
-  lit.A[0U][1U] = ZERO_ef_61();
-  lit.A[0U][2U] = ZERO_ef_61();
-  lit.A[0U][3U] = ZERO_ef_61();
-  lit.A[1U][0U] = ZERO_ef_61();
-  lit.A[1U][1U] = ZERO_ef_61();
-  lit.A[1U][2U] = ZERO_ef_61();
-  lit.A[1U][3U] = ZERO_ef_61();
-  lit.A[2U][0U] = ZERO_ef_61();
-  lit.A[2U][1U] = ZERO_ef_61();
-  lit.A[2U][2U] = ZERO_ef_61();
-  lit.A[2U][3U] = ZERO_ef_61();
-  lit.A[3U][0U] = ZERO_ef_61();
-  lit.A[3U][1U] = ZERO_ef_61();
-  lit.A[3U][2U] = ZERO_ef_61();
-  lit.A[3U][3U] = ZERO_ef_61();
+  lit.A[0U][0U] = ZERO_ef_79();
+  lit.A[0U][1U] = ZERO_ef_79();
+  lit.A[0U][2U] = ZERO_ef_79();
+  lit.A[0U][3U] = ZERO_ef_79();
+  lit.A[1U][0U] = ZERO_ef_79();
+  lit.A[1U][1U] = ZERO_ef_79();
+  lit.A[1U][2U] = ZERO_ef_79();
+  lit.A[1U][3U] = ZERO_ef_79();
+  lit.A[2U][0U] = ZERO_ef_79();
+  lit.A[2U][1U] = ZERO_ef_79();
+  lit.A[2U][2U] = ZERO_ef_79();
+  lit.A[2U][3U] = ZERO_ef_79();
+  lit.A[3U][0U] = ZERO_ef_79();
+  lit.A[3U][1U] = ZERO_ef_79();
+  lit.A[3U][2U] = ZERO_ef_79();
+  lit.A[3U][3U] = ZERO_ef_79();
   return lit;
 }
 
@@ -5302,7 +5337,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_78(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -5430,7 +5465,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_780(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -5458,7 +5493,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c(
     int16_t s[272U]) {
-  return from_i16_array_ef_61(
+  return from_i16_array_ef_79(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -5633,7 +5668,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b4(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_89(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -5660,7 +5695,7 @@ static KRML_MUSTINLINE tuple_dd sample_vector_cbd_then_ntt_out_b4(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_61(););
+                  re_as_ntt[i] = ZERO_ef_79(););
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -5698,7 +5733,7 @@ static KRML_MUSTINLINE void add_to_ring_element_42(
                               __m256i);
        i++) {
     size_t i0 = i;
-    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_9a(
         myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
@@ -5743,7 +5778,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_42(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_79();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -5756,10 +5791,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_42(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          ntt_multiply_ef_61(matrix_element, &s_as_ntt[j]);
+          ntt_multiply_ef_79(matrix_element, &s_as_ntt[j]);
       add_to_ring_element_ef_42(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_61(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_79(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -5915,19 +5950,6 @@ generate_keypair_bb0(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_c9(&public_key, &private_key);
 }
 
-/**
-This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
-libcrux_ml_kem::hash_functions::avx2::Simd256Hash)}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
-with const generics
-- K= 4
-*/
-static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_avx2_H(input, ret);
-}
-
 /**
  Serialize the secret key.
 */
@@ -6119,7 +6141,7 @@ static KRML_MUSTINLINE tuple_dd
 sample_ring_element_cbd_b4(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  error_1[i] = ZERO_ef_61(););
+                  error_1[i] = ZERO_ef_79(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -6175,14 +6197,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_61(&zeta_i, re);
-  invert_ntt_at_layer_2_61(&zeta_i, re);
-  invert_ntt_at_layer_3_61(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_61(re);
+  invert_ntt_at_layer_1_79(&zeta_i, re);
+  invert_ntt_at_layer_2_79(&zeta_i, re);
+  invert_ntt_at_layer_3_79(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -6201,7 +6223,7 @@ static KRML_MUSTINLINE void compute_vector_u_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  result[i] = ZERO_ef_61(););
+                  result[i] = ZERO_ef_79(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -6221,11 +6243,11 @@ static KRML_MUSTINLINE void compute_vector_u_42(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+          ntt_multiply_ef_79(a_element, &r_as_ntt[j]);
       add_to_ring_element_ef_42(&result[i1], &product);
     }
     invert_ntt_montgomery_42(&result[i1]);
-    add_error_reduce_ef_61(&result[i1], &error_1[i1]);
+    add_error_reduce_ef_79(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -6247,13 +6269,13 @@ compute_ring_element_v_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_79();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-                      ntt_multiply_ef_61(&t_as_ntt[i0], &r_as_ntt[i0]);
+                      ntt_multiply_ef_79(&t_as_ntt[i0], &r_as_ntt[i0]);
                   add_to_ring_element_ef_42(&result, &product););
   invert_ntt_montgomery_42(&result);
-  result = add_message_error_reduce_ef_61(error_2, message, result);
+  result = add_message_error_reduce_ef_79(error_2, message, result);
   return result;
 }
 
@@ -6270,9 +6292,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_0e(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient =
-        compress_09_c4(to_unsigned_representative_61(re->coefficients[i0]));
+        compress_9a_c4(to_unsigned_representative_79(re->coefficients[i0]));
     uint8_t bytes[22U];
-    libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_11_9a(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t);
     Eurydice_slice_copy(
@@ -6339,7 +6361,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
-  compress_then_serialize_5_61(re, out);
+  compress_then_serialize_5_79(re, out);
 }
 
 /**
@@ -6437,7 +6459,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_74(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
-      deserialize_then_decompress_message_61(copy_of_message);
+      deserialize_then_decompress_message_79(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       compute_ring_element_v_42(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
@@ -6592,7 +6614,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_61(););
+                  secret_as_ntt[i] = ZERO_ef_79(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -6604,7 +6626,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_42(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        deserialize_to_uncompressed_ring_element_61(secret_bytes);
+        deserialize_to_uncompressed_ring_element_79(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
   memcpy(
@@ -6620,7 +6642,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 deserialize_then_decompress_ring_element_u_85(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_61(serialized);
+  return deserialize_then_decompress_11_79(serialized);
 }
 
 /**
@@ -6632,14 +6654,14 @@ with const generics
 static KRML_MUSTINLINE void ntt_vector_u_85(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_61(&zeta_i, re);
-  ntt_at_layer_2_61(&zeta_i, re);
-  ntt_at_layer_1_61(&zeta_i, re);
-  poly_barrett_reduce_ef_61(re);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_79(&zeta_i, re);
+  ntt_at_layer_2_79(&zeta_i, re);
+  ntt_at_layer_1_79(&zeta_i, re);
+  poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -6659,7 +6681,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_61(););
+                  u_as_ntt[i] = ZERO_ef_79(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t),
@@ -6694,7 +6716,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 deserialize_then_decompress_ring_element_v_78(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_61(serialized);
+  return deserialize_then_decompress_5_79(serialized);
 }
 
 /**
@@ -6714,13 +6736,13 @@ compute_message_42(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_79();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-                      ntt_multiply_ef_61(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                      ntt_multiply_ef_79(&secret_as_ntt[i0], &u_as_ntt[i0]);
                   add_to_ring_element_ef_42(&result, &product););
   invert_ntt_montgomery_42(&result);
-  result = subtract_reduce_ef_61(v, result);
+  result = subtract_reduce_ef_79(v, result);
   return result;
 }
 
@@ -6770,7 +6792,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_37(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_61(message, ret0);
+  compress_then_serialize_message_79(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -6926,7 +6948,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_89(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        deserialize_to_reduced_ring_element_61(ring_element);
+        deserialize_to_reduced_ring_element_79(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -6948,7 +6970,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_61(););
+                  deserialized_pk[i] = ZERO_ef_79(););
   deserialize_ring_elements_reduced_89(public_key, deserialized_pk);
   memcpy(
       ret, deserialized_pk,
@@ -6983,7 +7005,7 @@ static KRML_MUSTINLINE void serialize_secret_key_29(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_61(&re, ret0);
+    serialize_uncompressed_ring_element_79(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -7067,6 +7089,19 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key) {
       (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
+libcrux_ml_kem::hash_functions::avx2::Simd256Hash)}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
+with const generics
+- K= 2
+*/
+static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) {
+  libcrux_ml_kem_hash_functions_avx2_H(input, ret);
+}
+
 /**
  Validate an ML-KEM private key.
 
@@ -7081,9 +7116,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  H_a9_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
+          t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
+      (size_t)768U * (size_t)2U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -7130,8 +7172,8 @@ with const generics
 */
 static IndCpaPrivateKeyUnpacked_94 default_1a_89(void) {
   IndCpaPrivateKeyUnpacked_94 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_61();
-  lit.secret_as_ntt[1U] = ZERO_ef_61();
+  lit.secret_as_ntt[0U] = ZERO_ef_79();
+  lit.secret_as_ntt[1U] = ZERO_ef_79();
   return lit;
 }
 
@@ -7161,17 +7203,17 @@ with const generics
 static IndCpaPublicKeyUnpacked_94 default_8d_89(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_61(););
+                  uu____0[i] = ZERO_ef_79(););
   uint8_t uu____1[32U] = {0U};
   IndCpaPublicKeyUnpacked_94 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_61();
-  lit.A[0U][1U] = ZERO_ef_61();
-  lit.A[1U][0U] = ZERO_ef_61();
-  lit.A[1U][1U] = ZERO_ef_61();
+  lit.A[0U][0U] = ZERO_ef_79();
+  lit.A[0U][1U] = ZERO_ef_79();
+  lit.A[1U][0U] = ZERO_ef_79();
+  lit.A[1U][1U] = ZERO_ef_79();
   return lit;
 }
 
@@ -7351,7 +7393,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_29(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -7473,7 +7515,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_290(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+          size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -7501,7 +7543,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 */
 static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c0(
     int16_t s[272U]) {
-  return from_i16_array_ef_61(
+  return from_i16_array_ef_79(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -7648,7 +7690,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 sample_from_binomial_distribution_ab(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_3_61(randomness);
+  return sample_from_binomial_distribution_3_79(randomness);
 }
 
 /**
@@ -7681,7 +7723,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b40(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_ab(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -7708,7 +7750,7 @@ static KRML_MUSTINLINE tuple_40 sample_vector_cbd_then_ntt_out_b40(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_61(););
+                  re_as_ntt[i] = ZERO_ef_79(););
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -7746,7 +7788,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89(
                               __m256i);
        i++) {
     size_t i0 = i;
-    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_9a(
         myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
@@ -7791,7 +7833,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_89(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_61();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_ef_79();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -7804,10 +7846,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_89(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          ntt_multiply_ef_61(matrix_element, &s_as_ntt[j]);
+          ntt_multiply_ef_79(matrix_element, &s_as_ntt[j]);
       add_to_ring_element_ef_89(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_61(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_79(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -7963,19 +8005,6 @@ generate_keypair_bb(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_2d(&public_key, &private_key);
 }
 
-/**
-This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
-libcrux_ml_kem::hash_functions::avx2::Simd256Hash)}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9
-with const generics
-- K= 2
-*/
-static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_avx2_H(input, ret);
-}
-
 /**
  Serialize the secret key.
 */
@@ -8213,7 +8242,7 @@ static KRML_MUSTINLINE tuple_40
 sample_ring_element_cbd_b40(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  error_1[i] = ZERO_ef_61(););
+                  error_1[i] = ZERO_ef_79(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -8269,14 +8298,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_61(&zeta_i, re);
-  invert_ntt_at_layer_2_61(&zeta_i, re);
-  invert_ntt_at_layer_3_61(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_61(re);
+  invert_ntt_at_layer_1_79(&zeta_i, re);
+  invert_ntt_at_layer_2_79(&zeta_i, re);
+  invert_ntt_at_layer_3_79(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -8295,7 +8324,7 @@ static KRML_MUSTINLINE void compute_vector_u_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  result[i] = ZERO_ef_61(););
+                  result[i] = ZERO_ef_79(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -8315,11 +8344,11 @@ static KRML_MUSTINLINE void compute_vector_u_89(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+          ntt_multiply_ef_79(a_element, &r_as_ntt[j]);
       add_to_ring_element_ef_89(&result[i1], &product);
     }
     invert_ntt_montgomery_89(&result[i1]);
-    add_error_reduce_ef_61(&result[i1], &error_1[i1]);
+    add_error_reduce_ef_79(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -8341,13 +8370,13 @@ compute_ring_element_v_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_79();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-                      ntt_multiply_ef_61(&t_as_ntt[i0], &r_as_ntt[i0]);
+                      ntt_multiply_ef_79(&t_as_ntt[i0], &r_as_ntt[i0]);
                   add_to_ring_element_ef_89(&result, &product););
   invert_ntt_montgomery_89(&result);
-  result = add_message_error_reduce_ef_61(error_2, message, result);
+  result = add_message_error_reduce_ef_79(error_2, message, result);
   return result;
 }
 
@@ -8395,7 +8424,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
-  compress_then_serialize_4_61(re, out);
+  compress_then_serialize_4_79(re, out);
 }
 
 /**
@@ -8493,7 +8522,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_740(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
-      deserialize_then_decompress_message_61(copy_of_message);
+      deserialize_then_decompress_message_79(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       compute_ring_element_v_89(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
@@ -8648,7 +8677,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_61(););
+                  secret_as_ntt[i] = ZERO_ef_79(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -8660,7 +8689,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_89(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        deserialize_to_uncompressed_ring_element_61(secret_bytes);
+        deserialize_to_uncompressed_ring_element_79(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
   memcpy(
@@ -8685,7 +8714,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ba(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_61(););
+                  u_as_ntt[i] = ZERO_ef_79(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t),
@@ -8720,7 +8749,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 deserialize_then_decompress_ring_element_v_29(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_61(serialized);
+  return deserialize_then_decompress_4_79(serialized);
 }
 
 /**
@@ -8740,13 +8769,13 @@ compute_message_89(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_61();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_ef_79();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-                      ntt_multiply_ef_61(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                      ntt_multiply_ef_79(&secret_as_ntt[i0], &u_as_ntt[i0]);
                   add_to_ring_element_ef_89(&result, &product););
   invert_ntt_montgomery_89(&result);
-  result = subtract_reduce_ef_61(v, result);
+  result = subtract_reduce_ef_79(v, result);
   return result;
 }
 
@@ -8796,7 +8825,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_4b(
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message =
       compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_61(message, ret0);
+  compress_then_serialize_message_79(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 4fa6fb716..5b5cd3ad3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem_avx2_H
@@ -34,50 +34,50 @@ __m256i libcrux_ml_kem_vector_avx2_vec_zero(void);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_ZERO_09(void);
+__m256i libcrux_ml_kem_vector_avx2_ZERO_9a(void);
 
 __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array);
+__m256i libcrux_ml_kem_vector_avx2_from_i16_array_9a(Eurydice_slice array);
 
 void libcrux_ml_kem_vector_avx2_vec_to_i16_array(__m256i v, int16_t ret[16U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]);
+void libcrux_ml_kem_vector_avx2_to_i16_array_9a(__m256i x, int16_t ret[16U]);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs);
+__m256i libcrux_ml_kem_vector_avx2_add_9a(__m256i lhs, __m256i *rhs);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs);
+__m256i libcrux_ml_kem_vector_avx2_sub_9a(__m256i lhs, __m256i *rhs);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(
     __m256i vector, int16_t constant);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec,
+__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_9a(__m256i vec,
                                                            int16_t c);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(
@@ -85,9 +85,9 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
+__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(
     __m256i vector, int16_t constant);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(
@@ -97,9 +97,9 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329(__m256i vector);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector);
+__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_9a(__m256i vector);
 
 #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \
   ((int16_t)20159)
@@ -112,18 +112,18 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector);
+__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_9a(__m256i vector);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(
     __m256i vector, int16_t constant);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
     __m256i vector, int16_t constant);
 
 __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient(
@@ -133,9 +133,9 @@ __m256i libcrux_ml_kem_vector_avx2_compress_1(__m256i vector);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector);
+__m256i libcrux_ml_kem_vector_avx2_compress_1_9a(__m256i vector);
 
 __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs,
                                                               __m256i rhs);
@@ -151,9 +151,9 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
+__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
 
 __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector,
@@ -166,9 +166,9 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector,
+__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_9a(__m256i vector,
                                                        int16_t zeta0,
                                                        int16_t zeta1);
 
@@ -184,9 +184,9 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector,
+__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_9a(__m256i vector,
                                                        int16_t zeta);
 
 __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(
@@ -197,9 +197,9 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
+__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
 
 __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector,
@@ -212,9 +212,9 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector,
+__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_9a(__m256i vector,
                                                            int16_t zeta0,
                                                            int16_t zeta1);
 
@@ -226,9 +226,9 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector,
+__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_9a(__m256i vector,
                                                            int16_t zeta);
 
 __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(
@@ -246,9 +246,9 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_multiply(__m256i *lhs, __m256i *rhs,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs,
+__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_9a(__m256i *lhs, __m256i *rhs,
                                                    int16_t zeta0, int16_t zeta1,
                                                    int16_t zeta2,
                                                    int16_t zeta3);
@@ -260,9 +260,9 @@ void libcrux_ml_kem_vector_avx2_serialize_1(__m256i vector, uint8_t ret[2U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]);
+void libcrux_ml_kem_vector_avx2_serialize_1_9a(__m256i vector, uint8_t ret[2U]);
 
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s(
     int16_t a, int16_t b);
@@ -277,9 +277,9 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1(Eurydice_slice bytes);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes);
+__m256i libcrux_ml_kem_vector_avx2_deserialize_1_9a(Eurydice_slice bytes);
 
 /**
  `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets
@@ -297,9 +297,9 @@ void libcrux_ml_kem_vector_avx2_serialize_4(__m256i vector, uint8_t ret[8U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]);
+void libcrux_ml_kem_vector_avx2_serialize_4_9a(__m256i vector, uint8_t ret[8U]);
 
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s(
     int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5,
@@ -316,18 +316,18 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_4(Eurydice_slice bytes);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes);
+__m256i libcrux_ml_kem_vector_avx2_deserialize_4_9a(Eurydice_slice bytes);
 
 void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector,
                                                       uint8_t ret[10U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector,
+void libcrux_ml_kem_vector_avx2_serialize_5_9a(__m256i vector,
                                                uint8_t ret[10U]);
 
 /**
@@ -347,9 +347,9 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes);
+__m256i libcrux_ml_kem_vector_avx2_deserialize_5_9a(Eurydice_slice bytes);
 
 typedef struct core_core_arch_x86___m128i_x2_s {
   __m128i fst;
@@ -367,9 +367,9 @@ void libcrux_ml_kem_vector_avx2_serialize_10(__m256i vector, uint8_t ret[20U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector,
+void libcrux_ml_kem_vector_avx2_serialize_10_9a(__m256i vector,
                                                 uint8_t ret[20U]);
 
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec(
@@ -382,18 +382,18 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_10(Eurydice_slice bytes);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes);
+__m256i libcrux_ml_kem_vector_avx2_deserialize_10_9a(Eurydice_slice bytes);
 
 void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector,
                                                        uint8_t ret[22U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector,
+void libcrux_ml_kem_vector_avx2_serialize_11_9a(__m256i vector,
                                                 uint8_t ret[22U]);
 
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(
@@ -401,9 +401,9 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes);
+__m256i libcrux_ml_kem_vector_avx2_deserialize_11_9a(Eurydice_slice bytes);
 
 core_core_arch_x86___m128i_x2
 libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec(
@@ -416,9 +416,9 @@ void libcrux_ml_kem_vector_avx2_serialize_12(__m256i vector, uint8_t ret[24U]);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector,
+void libcrux_ml_kem_vector_avx2_serialize_12_9a(__m256i vector,
                                                 uint8_t ret[24U]);
 
 __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec(
@@ -431,25 +431,31 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_12(Eurydice_slice bytes);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-__m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes);
+__m256i libcrux_ml_kem_vector_avx2_deserialize_12_9a(Eurydice_slice bytes);
 
 size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(
     Eurydice_slice input, Eurydice_slice output);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
-size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input,
+size_t libcrux_ml_kem_vector_avx2_rej_sample_9a(Eurydice_slice input,
                                                 Eurydice_slice output);
 
 /**
 This function found in impl {(core::clone::Clone for
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#1}
+*/
+__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self);
+
+/**
+This function found in impl {(libcrux_ml_kem::vector::traits::Repr for
 libcrux_ml_kem::vector::avx2::SIMD256Vector)}
 */
-__m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self);
+void libcrux_ml_kem_vector_avx2_repr_11(__m256i x, int16_t ret[16U]);
 
 #if defined(__cplusplus)
 }
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 76ba23392..8bbde1bf7 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "internal/libcrux_mlkem_portable.h"
@@ -86,10 +86,10 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) {
+libcrux_ml_kem_vector_portable_from_i16_array_2c(Eurydice_slice array) {
   return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array);
 }
 
@@ -207,9 +207,9 @@ void libcrux_ml_kem_vector_portable_serialize_11(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_11_0d(
+void libcrux_ml_kem_vector_portable_serialize_11_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]) {
   libcrux_ml_kem_vector_portable_serialize_11(a, ret);
@@ -312,10 +312,10 @@ libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_11_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_11(a);
 }
 
@@ -327,9 +327,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_to_i16_array_0d(
+void libcrux_ml_kem_vector_portable_to_i16_array_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
     int16_t ret[16U]) {
   libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret);
@@ -874,10 +874,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ZERO_0d(void) {
+libcrux_ml_kem_vector_portable_ZERO_2c(void) {
   return libcrux_ml_kem_vector_portable_vector_type_zero();
 }
 
@@ -896,10 +896,10 @@ libcrux_ml_kem_vector_portable_arithmetic_add(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_add_0d(
+libcrux_ml_kem_vector_portable_add_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
   return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs);
@@ -920,10 +920,10 @@ libcrux_ml_kem_vector_portable_arithmetic_sub(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_sub_0d(
+libcrux_ml_kem_vector_portable_sub_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
   return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs);
@@ -943,10 +943,10 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
+libcrux_ml_kem_vector_portable_multiply_by_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) {
   return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c);
 }
@@ -965,10 +965,10 @@ libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
   return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v,
                                                                              c);
@@ -994,10 +994,10 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(
+libcrux_ml_kem_vector_portable_cond_subtract_3329_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v);
 }
@@ -1043,10 +1043,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+libcrux_ml_kem_vector_portable_barrett_reduce_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v);
 }
@@ -1119,10 +1119,10 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) {
   return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
       v, r);
@@ -1176,10 +1176,10 @@ libcrux_ml_kem_vector_portable_compress_compress_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_1_0d(
+libcrux_ml_kem_vector_portable_compress_1_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_compress_1(a);
 }
@@ -1238,10 +1238,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_1_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1, int16_t zeta2, int16_t zeta3) {
   return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1,
@@ -1273,10 +1273,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_2_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1) {
   return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1);
@@ -1307,10 +1307,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_3_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
   return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta);
 }
@@ -1354,10 +1354,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1, int16_t zeta2, int16_t zeta3) {
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
@@ -1389,10 +1389,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1) {
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0,
@@ -1424,10 +1424,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
 }
@@ -1516,10 +1516,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_multiply_0d(
+libcrux_ml_kem_vector_portable_ntt_multiply_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
     int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
@@ -1558,9 +1558,9 @@ void libcrux_ml_kem_vector_portable_serialize_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_1_0d(
+void libcrux_ml_kem_vector_portable_serialize_1_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]) {
   libcrux_ml_kem_vector_portable_serialize_1(a, ret);
@@ -1657,10 +1657,10 @@ libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_1_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_1(a);
 }
 
@@ -1719,9 +1719,9 @@ void libcrux_ml_kem_vector_portable_serialize_4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_4_0d(
+void libcrux_ml_kem_vector_portable_serialize_4_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]) {
   libcrux_ml_kem_vector_portable_serialize_4(a, ret);
@@ -1801,10 +1801,10 @@ libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_4_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_4(a);
 }
 
@@ -1861,9 +1861,9 @@ void libcrux_ml_kem_vector_portable_serialize_5(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_5_0d(
+void libcrux_ml_kem_vector_portable_serialize_5_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]) {
   libcrux_ml_kem_vector_portable_serialize_5(a, ret);
@@ -1954,10 +1954,10 @@ libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_5_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_5(a);
 }
 
@@ -2040,9 +2040,9 @@ void libcrux_ml_kem_vector_portable_serialize_10(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_10_0d(
+void libcrux_ml_kem_vector_portable_serialize_10_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]) {
   libcrux_ml_kem_vector_portable_serialize_10(a, ret);
@@ -2141,10 +2141,10 @@ libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_10_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_10(a);
 }
 
@@ -2221,9 +2221,9 @@ void libcrux_ml_kem_vector_portable_serialize_12(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_12_0d(
+void libcrux_ml_kem_vector_portable_serialize_12_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]) {
   libcrux_ml_kem_vector_portable_serialize_12(a, ret);
@@ -2291,10 +2291,10 @@ libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_12_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_12(a);
 }
 
@@ -2360,9 +2360,9 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-size_t libcrux_ml_kem_vector_portable_rej_sample_0d(Eurydice_slice a,
+size_t libcrux_ml_kem_vector_portable_rej_sample_2c(Eurydice_slice a,
                                                     Eurydice_slice out) {
   return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out);
 }
@@ -2377,6 +2377,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b(
   return self[0U];
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::vector::traits::Repr for
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+*/
+void libcrux_ml_kem_vector_portable_repr_94(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
+    int16_t ret[16U]) {
+  libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret);
+}
+
 /**
 This function found in impl
 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
@@ -2388,24 +2398,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_ef_8c(void) {
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_ef_96(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_2c();
   return lit;
 }
 
@@ -2422,17 +2432,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_to_reduced_ring_element_8c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_to_reduced_ring_element_96(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_12_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(coefficient);
+        libcrux_ml_kem_vector_portable_cond_subtract_3329_2c(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -2461,7 +2471,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        deserialize_to_reduced_ring_element_8c(ring_element);
+        deserialize_to_reduced_ring_element_96(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -2483,7 +2493,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_8c(););
+                  deserialized_pk[i] = ZERO_ef_96(););
   deserialize_ring_elements_reduced_d0(public_key, deserialized_pk);
   memcpy(
       ret, deserialized_pk,
@@ -2507,15 +2517,15 @@ shift_right_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_2c
 with const generics
 - SHIFT_BY= 15
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_0d_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+shift_right_2c_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return shift_right_ef(v);
 }
 
@@ -2526,14 +2536,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_representative_8c(
+to_unsigned_representative_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      shift_right_0d_ef(a);
+      shift_right_2c_ef(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
-      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  return libcrux_ml_kem_vector_portable_add_0d(a, &fm);
+  return libcrux_ml_kem_vector_portable_add_2c(a, &fm);
 }
 
 /**
@@ -2543,9 +2553,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_field_modulus_8c(
+to_unsigned_field_modulus_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return to_unsigned_representative_8c(a);
+  return to_unsigned_representative_96(a);
 }
 
 /**
@@ -2554,16 +2564,16 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8c(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        to_unsigned_field_modulus_8c(re->coefficients[i0]);
+        to_unsigned_field_modulus_96(re->coefficients[i0]);
     uint8_t bytes[24U];
-    libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_12_2c(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t);
     Eurydice_slice_copy(
@@ -2600,7 +2610,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ff(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_8c(&re, ret0);
+    serialize_uncompressed_ring_element_96(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -2684,6 +2694,19 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key) {
       (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
+libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
+with const generics
+- K= 4
+*/
+static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) {
+  libcrux_ml_kem_hash_functions_portable_H(input, ret);
+}
+
 /**
  Validate an ML-KEM private key.
 
@@ -2698,9 +2721,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_60(
     libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  H_f1_ac(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)4U,
+              (size_t)768U * (size_t)4U + (size_t)32U, uint8_t),
+          t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)4U + (size_t)32U,
+      (size_t)768U * (size_t)4U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -2747,10 +2777,10 @@ with const generics
 */
 static IndCpaPrivateKeyUnpacked_af default_1a_d0(void) {
   IndCpaPrivateKeyUnpacked_af lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_8c();
-  lit.secret_as_ntt[1U] = ZERO_ef_8c();
-  lit.secret_as_ntt[2U] = ZERO_ef_8c();
-  lit.secret_as_ntt[3U] = ZERO_ef_8c();
+  lit.secret_as_ntt[0U] = ZERO_ef_96();
+  lit.secret_as_ntt[1U] = ZERO_ef_96();
+  lit.secret_as_ntt[2U] = ZERO_ef_96();
+  lit.secret_as_ntt[3U] = ZERO_ef_96();
   return lit;
 }
 
@@ -2780,29 +2810,29 @@ with const generics
 static IndCpaPublicKeyUnpacked_af default_8d_d0(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_8c(););
+                  uu____0[i] = ZERO_ef_96(););
   uint8_t uu____1[32U] = {0U};
   IndCpaPublicKeyUnpacked_af lit;
   memcpy(
       lit.t_as_ntt, uu____0,
       (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_8c();
-  lit.A[0U][1U] = ZERO_ef_8c();
-  lit.A[0U][2U] = ZERO_ef_8c();
-  lit.A[0U][3U] = ZERO_ef_8c();
-  lit.A[1U][0U] = ZERO_ef_8c();
-  lit.A[1U][1U] = ZERO_ef_8c();
-  lit.A[1U][2U] = ZERO_ef_8c();
-  lit.A[1U][3U] = ZERO_ef_8c();
-  lit.A[2U][0U] = ZERO_ef_8c();
-  lit.A[2U][1U] = ZERO_ef_8c();
-  lit.A[2U][2U] = ZERO_ef_8c();
-  lit.A[2U][3U] = ZERO_ef_8c();
-  lit.A[3U][0U] = ZERO_ef_8c();
-  lit.A[3U][1U] = ZERO_ef_8c();
-  lit.A[3U][2U] = ZERO_ef_8c();
-  lit.A[3U][3U] = ZERO_ef_8c();
+  lit.A[0U][0U] = ZERO_ef_96();
+  lit.A[0U][1U] = ZERO_ef_96();
+  lit.A[0U][2U] = ZERO_ef_96();
+  lit.A[0U][3U] = ZERO_ef_96();
+  lit.A[1U][0U] = ZERO_ef_96();
+  lit.A[1U][1U] = ZERO_ef_96();
+  lit.A[1U][2U] = ZERO_ef_96();
+  lit.A[1U][3U] = ZERO_ef_96();
+  lit.A[2U][0U] = ZERO_ef_96();
+  lit.A[2U][1U] = ZERO_ef_96();
+  lit.A[2U][2U] = ZERO_ef_96();
+  lit.A[2U][3U] = ZERO_ef_96();
+  lit.A[3U][0U] = ZERO_ef_96();
+  lit.A[3U][1U] = ZERO_ef_96();
+  lit.A[3U][2U] = ZERO_ef_96();
+  lit.A[3U][3U] = ZERO_ef_96();
   return lit;
 }
 
@@ -2990,7 +3020,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -3102,7 +3132,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff0(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -3128,24 +3158,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_8c(void) {
+static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_96(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_2c();
   return lit;
 }
 
@@ -3156,13 +3186,13 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-from_i16_array_8c(Eurydice_slice a) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_8c();
+from_i16_array_96(Eurydice_slice a) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_96();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_from_i16_array_0d(
+        libcrux_ml_kem_vector_portable_from_i16_array_2c(
             Eurydice_slice_subslice2(a, i0 * (size_t)16U,
                                      (i0 + (size_t)1U) * (size_t)16U, int16_t));
     result.coefficients[i0] = uu____0;
@@ -3182,8 +3212,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-from_i16_array_ef_8c(Eurydice_slice a) {
-  return from_i16_array_8c(a);
+from_i16_array_ef_96(Eurydice_slice a) {
+  return from_i16_array_96(a);
 }
 
 /**
@@ -3195,7 +3225,7 @@ generics
 */
 static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b(
     int16_t s[272U]) {
-  return from_i16_array_ef_8c(
+  return from_i16_array_ef_96(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -3377,7 +3407,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-sample_from_binomial_distribution_2_8c(Eurydice_slice randomness) {
+sample_from_binomial_distribution_2_96(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
@@ -3411,7 +3441,7 @@ sample_from_binomial_distribution_2_8c(Eurydice_slice randomness) {
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_8c(
+  return from_i16_array_ef_96(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3422,7 +3452,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-sample_from_binomial_distribution_3_8c(Eurydice_slice randomness) {
+sample_from_binomial_distribution_3_96(Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) {
@@ -3455,7 +3485,7 @@ sample_from_binomial_distribution_3_8c(Eurydice_slice randomness) {
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return from_i16_array_ef_8c(
+  return from_i16_array_ef_96(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3467,7 +3497,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 sample_from_binomial_distribution_a0(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_2_8c(randomness);
+  return sample_from_binomial_distribution_2_96(randomness);
 }
 
 /**
@@ -3476,18 +3506,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_7_8c(
+static KRML_MUSTINLINE void ntt_at_layer_7_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-        libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
+        libcrux_ml_kem_vector_portable_multiply_by_constant_2c(
             re->coefficients[j + step], (int16_t)-1600);
     re->coefficients[j + step] =
-        libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_portable_sub_2c(re->coefficients[j], &t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_portable_add_2c(re->coefficients[j], &t);
     re->coefficients[j] = uu____1;
   }
 }
@@ -3504,9 +3534,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-montgomery_multiply_fe_8c(
+montgomery_multiply_fe_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
-  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
+  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(v,
                                                                            fer);
 }
 
@@ -3518,14 +3548,14 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    ntt_layer_int_vec_step_8c(
+    ntt_layer_int_vec_step_96(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      montgomery_multiply_fe_8c(b, zeta_r);
-  b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
-  a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
+      montgomery_multiply_fe_96(b, zeta_r);
+  b = libcrux_ml_kem_vector_portable_sub_2c(a, &t);
+  a = libcrux_ml_kem_vector_portable_add_2c(a, &t);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -3537,7 +3567,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
+static KRML_MUSTINLINE void ntt_at_layer_4_plus_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3550,7 +3580,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          ntt_layer_int_vec_step_8c(re->coefficients[j],
+          ntt_layer_int_vec_step_96(re->coefficients[j],
                                     re->coefficients[j + step_vec],
                                     libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3567,13 +3597,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_3_8c(
+static KRML_MUSTINLINE void ntt_at_layer_3_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-          libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
+          libcrux_ml_kem_vector_portable_ntt_layer_3_step_2c(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       re->coefficients[round] = uu____0;);
@@ -3585,13 +3615,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_2_8c(
+static KRML_MUSTINLINE void ntt_at_layer_2_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
       re->coefficients[round] =
-          libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
+          libcrux_ml_kem_vector_portable_ntt_layer_2_step_2c(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
@@ -3604,13 +3634,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_at_layer_1_8c(
+static KRML_MUSTINLINE void ntt_at_layer_1_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] + (size_t)1U;
       re->coefficients[round] =
-          libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
+          libcrux_ml_kem_vector_portable_ntt_layer_1_step_2c(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
@@ -3625,13 +3655,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_8c(
+static KRML_MUSTINLINE void poly_barrett_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
             myself->coefficients[i0]);
     myself->coefficients[i0] = uu____0;
   }
@@ -3648,9 +3678,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_8c(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
-  poly_barrett_reduce_8c(self);
+  poly_barrett_reduce_96(self);
 }
 
 /**
@@ -3659,17 +3689,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  ntt_at_layer_7_8c(re);
+  ntt_at_layer_7_96(re);
   size_t zeta_i = (size_t)1U;
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_8c(&zeta_i, re);
-  ntt_at_layer_2_8c(&zeta_i, re);
-  ntt_at_layer_1_8c(&zeta_i, re);
-  poly_barrett_reduce_ef_8c(re);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_96(&zeta_i, re);
+  ntt_at_layer_2_96(&zeta_i, re);
+  ntt_at_layer_1_96(&zeta_i, re);
+  poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -3703,7 +3733,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b(
       i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_96(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -3731,7 +3761,7 @@ static KRML_MUSTINLINE tuple_dd0 sample_vector_cbd_then_ntt_out_3b(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_8c(););
+                  re_as_ntt[i] = ZERO_ef_96(););
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -3784,14 +3814,14 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-ntt_multiply_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
+ntt_multiply_96(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
                 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_96();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_ntt_multiply_0d(
+        libcrux_ml_kem_vector_portable_ntt_multiply_2c(
             &myself->coefficients[i0], &rhs->coefficients[i0],
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
@@ -3817,9 +3847,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-ntt_multiply_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+ntt_multiply_ef_96(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  return ntt_multiply_8c(self, rhs);
+  return ntt_multiply_96(self, rhs);
 }
 
 /**
@@ -3844,7 +3874,7 @@ static KRML_MUSTINLINE void add_to_ring_element_d0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_2c(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
     myself->coefficients[i0] = uu____0;
   }
@@ -3874,9 +3904,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_standard_domain_8c(
+to_standard_domain_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
 
@@ -3886,7 +3916,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_8c(
+static KRML_MUSTINLINE void add_standard_error_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
@@ -3894,10 +3924,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_8c(
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            to_standard_domain_8c(myself->coefficients[j]);
+            to_standard_domain_96(myself->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+            libcrux_ml_kem_vector_portable_add_2c(coefficient_normal_form,
                                                   &error->coefficients[j]));
     myself->coefficients[j] = uu____0;
   }
@@ -3914,10 +3944,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_8c(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
-  add_standard_error_reduce_8c(self, error);
+  add_standard_error_reduce_96(self, error);
 }
 
 /**
@@ -3943,7 +3973,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_96();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -3956,10 +3986,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0(
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          ntt_multiply_ef_8c(matrix_element, &s_as_ntt[j]);
+          ntt_multiply_ef_96(matrix_element, &s_as_ntt[j]);
       add_to_ring_element_ef_d0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_8c(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_96(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -4115,19 +4145,6 @@ generate_keypair_151(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_2f(&public_key, &private_key);
 }
 
-/**
-This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
-libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
-with const generics
-- K= 4
-*/
-static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_portable_H(input, ret);
-}
-
 /**
  Serialize the secret key.
 */
@@ -4322,7 +4339,7 @@ static KRML_MUSTINLINE tuple_dd0
 sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  error_1[i] = ZERO_ef_8c(););
+                  error_1[i] = ZERO_ef_96(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -4386,13 +4403,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_8c(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
       re->coefficients[round] =
-          libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
+          libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_2c(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
@@ -4407,13 +4424,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_8c(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
       re->coefficients[round] =
-          libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
+          libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_2c(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
@@ -4426,13 +4443,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_8c(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
       zeta_i[0U] = zeta_i[0U] - (size_t)1U;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-          libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
+          libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_2c(
               re->coefficients[round],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       re->coefficients[round] = uu____0;);
@@ -4446,15 +4463,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    inv_ntt_layer_int_vec_step_reduce_8c(
+    inv_ntt_layer_int_vec_step_reduce_96(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b =
-      libcrux_ml_kem_vector_portable_sub_0d(b, &a);
-  a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-      libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = montgomery_multiply_fe_8c(a_minus_b, zeta_r);
+      libcrux_ml_kem_vector_portable_sub_2c(b, &a);
+  a = libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+      libcrux_ml_kem_vector_portable_add_2c(a, &b));
+  b = montgomery_multiply_fe_96(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -4466,7 +4483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -4481,7 +4498,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          inv_ntt_layer_int_vec_step_reduce_8c(
+          inv_ntt_layer_int_vec_step_reduce_96(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -4502,14 +4519,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_8c(&zeta_i, re);
-  invert_ntt_at_layer_2_8c(&zeta_i, re);
-  invert_ntt_at_layer_3_8c(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_8c(re);
+  invert_ntt_at_layer_1_96(&zeta_i, re);
+  invert_ntt_at_layer_2_96(&zeta_i, re);
+  invert_ntt_at_layer_3_96(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -4518,7 +4535,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_8c(
+static KRML_MUSTINLINE void add_error_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
@@ -4526,11 +4543,11 @@ static KRML_MUSTINLINE void add_error_reduce_8c(
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
                 myself->coefficients[j], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+            libcrux_ml_kem_vector_portable_add_2c(coefficient_normal_form,
                                                   &error->coefficients[j]));
     myself->coefficients[j] = uu____0;
   }
@@ -4547,10 +4564,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void add_error_reduce_ef_8c(
+static KRML_MUSTINLINE void add_error_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
-  add_error_reduce_8c(self, error);
+  add_error_reduce_96(self, error);
 }
 
 /**
@@ -4569,7 +4586,7 @@ static KRML_MUSTINLINE void compute_vector_u_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  result[i] = ZERO_ef_8c(););
+                  result[i] = ZERO_ef_96(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -4589,11 +4606,11 @@ static KRML_MUSTINLINE void compute_vector_u_d0(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+          ntt_multiply_ef_96(a_element, &r_as_ntt[j]);
       add_to_ring_element_ef_d0(&result[i1], &product);
     }
     invert_ntt_montgomery_d0(&result[i1]);
-    add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
+    add_error_reduce_ef_96(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -4607,13 +4624,13 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_1_8c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+decompress_1_96(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
-      libcrux_ml_kem_vector_portable_ZERO_0d();
+      libcrux_ml_kem_vector_portable_ZERO_2c();
   libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
-      libcrux_ml_kem_vector_portable_sub_0d(z, &vec);
+      libcrux_ml_kem_vector_portable_sub_2c(z, &vec);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector res =
-      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
           s, (int16_t)1665);
   return res;
 }
@@ -4625,18 +4642,18 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_message_8c(uint8_t serialized[32U]) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_then_decompress_message_96(uint8_t serialized[32U]) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector
           coefficient_compressed =
-              libcrux_ml_kem_vector_portable_deserialize_1_0d(
+              libcrux_ml_kem_vector_portable_deserialize_1_2c(
                   Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                               (size_t)2U * i0 + (size_t)2U,
                                               uint8_t));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-          decompress_1_8c(coefficient_compressed);
+          decompress_1_96(coefficient_compressed);
       re.coefficients[i0] = uu____0;);
   return re;
 }
@@ -4648,7 +4665,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-add_message_error_reduce_8c(
+add_message_error_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
@@ -4657,15 +4674,15 @@ add_message_error_reduce_8c(
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_2c(myself->coefficients[i0],
                                               &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
-        libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
+        libcrux_ml_kem_vector_portable_add_2c(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(tmp0);
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(tmp0);
     result.coefficients[i0] = uu____0;
   }
   return result;
@@ -4683,11 +4700,11 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-add_message_error_reduce_ef_8c(
+add_message_error_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
-  return add_message_error_reduce_8c(self, message, result);
+  return add_message_error_reduce_96(self, message, result);
 }
 
 /**
@@ -4705,13 +4722,13 @@ compute_ring_element_v_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_96();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-                      ntt_multiply_ef_8c(&t_as_ntt[i0], &r_as_ntt[i0]);
+                      ntt_multiply_ef_96(&t_as_ntt[i0], &r_as_ntt[i0]);
                   add_to_ring_element_ef_d0(&result, &product););
   invert_ntt_montgomery_d0(&result);
-  result = add_message_error_reduce_ef_8c(error_2, message, result);
+  result = add_message_error_reduce_ef_96(error_2, message, result);
   return result;
 }
 
@@ -4735,14 +4752,14 @@ compress_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 10
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_ef(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_2c_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return compress_ef(a);
 }
@@ -4767,14 +4784,14 @@ compress_c4(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 11
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_c4(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_2c_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return compress_c4(a);
 }
@@ -4792,9 +4809,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_54(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_c4(to_unsigned_representative_8c(re->coefficients[i0]));
+        compress_2c_c4(to_unsigned_representative_96(re->coefficients[i0]));
     uint8_t bytes[22U];
-    libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_11_2c(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t);
     Eurydice_slice_copy(
@@ -4871,14 +4888,14 @@ compress_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 4
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_d1(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_2c_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return compress_d1(a);
 }
@@ -4889,16 +4906,16 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_4_8c(
+static KRML_MUSTINLINE void compress_then_serialize_4_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_d1(to_unsigned_field_modulus_8c(re.coefficients[i0]));
+        compress_2c_d1(to_unsigned_field_modulus_96(re.coefficients[i0]));
     uint8_t bytes[8U];
-    libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_4_2c(coefficient, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
@@ -4926,14 +4943,14 @@ compress_f4(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 5
 */
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_f4(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_2c_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return compress_f4(a);
 }
@@ -4944,16 +4961,16 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_5_8c(
+static KRML_MUSTINLINE void compress_then_serialize_5_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0]));
+        compress_2c_f4(to_unsigned_representative_96(re.coefficients[i0]));
     uint8_t bytes[10U];
-    libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
+    libcrux_ml_kem_vector_portable_serialize_5_2c(coefficients, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)10U * i0,
                                  (size_t)10U * i0 + (size_t)10U, uint8_t),
@@ -4971,7 +4988,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_00(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
-  compress_then_serialize_5_8c(re, out);
+  compress_then_serialize_5_96(re, out);
 }
 
 /**
@@ -5070,7 +5087,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
-      deserialize_then_decompress_message_8c(copy_of_message);
+      deserialize_then_decompress_message_96(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       compute_ring_element_v_d0(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
@@ -5219,15 +5236,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_to_uncompressed_ring_element_96(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_12_2c(bytes);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5247,7 +5264,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_8c(););
+                  secret_as_ntt[i] = ZERO_ef_96(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -5259,7 +5276,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        deserialize_to_uncompressed_ring_element_8c(secret_bytes);
+        deserialize_to_uncompressed_ring_element_96(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
   memcpy(
@@ -5290,16 +5307,16 @@ decompress_ciphertext_coefficient_ef(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 10
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ef(
+decompress_ciphertext_coefficient_2c_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return decompress_ciphertext_coefficient_ef(a);
 }
@@ -5311,17 +5328,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_10_8c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_then_decompress_10_96(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_10_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_ef(coefficient);
+        decompress_ciphertext_coefficient_2c_ef(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5350,16 +5367,16 @@ decompress_ciphertext_coefficient_c4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 11
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_c4(
+decompress_ciphertext_coefficient_2c_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return decompress_ciphertext_coefficient_c4(a);
 }
@@ -5371,17 +5388,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_11_8c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_then_decompress_11_96(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_11_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_c4(coefficient);
+        decompress_ciphertext_coefficient_2c_c4(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5395,7 +5412,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 deserialize_then_decompress_ring_element_u_5e(Eurydice_slice serialized) {
-  return deserialize_then_decompress_11_8c(serialized);
+  return deserialize_then_decompress_11_96(serialized);
 }
 
 /**
@@ -5407,14 +5424,14 @@ with const generics
 static KRML_MUSTINLINE void ntt_vector_u_5e(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_8c(&zeta_i, re);
-  ntt_at_layer_2_8c(&zeta_i, re);
-  ntt_at_layer_1_8c(&zeta_i, re);
-  poly_barrett_reduce_ef_8c(re);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_96(&zeta_i, re);
+  ntt_at_layer_2_96(&zeta_i, re);
+  ntt_at_layer_1_96(&zeta_i, re);
+  poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -5434,7 +5451,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_00(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U];
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_8c(););
+                  u_as_ntt[i] = ZERO_ef_96(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t),
@@ -5483,16 +5500,16 @@ decompress_ciphertext_coefficient_d1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 4
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_d1(
+decompress_ciphertext_coefficient_2c_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return decompress_ciphertext_coefficient_d1(a);
 }
@@ -5504,17 +5521,17 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_4_8c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_then_decompress_4_96(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_4_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        decompress_ciphertext_coefficient_0d_d1(coefficient);
+        decompress_ciphertext_coefficient_2c_d1(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -5543,16 +5560,16 @@ decompress_ciphertext_coefficient_f4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 5
 */
 static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_f4(
+decompress_ciphertext_coefficient_2c_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return decompress_ciphertext_coefficient_f4(a);
 }
@@ -5564,17 +5581,17 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-deserialize_then_decompress_5_8c(Eurydice_slice serialized) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_8c();
+deserialize_then_decompress_5_96(Eurydice_slice serialized) {
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_5_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        decompress_ciphertext_coefficient_0d_f4(re.coefficients[i0]);
+        decompress_ciphertext_coefficient_2c_f4(re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
   return re;
@@ -5589,7 +5606,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 deserialize_then_decompress_ring_element_v_ff(Eurydice_slice serialized) {
-  return deserialize_then_decompress_5_8c(serialized);
+  return deserialize_then_decompress_5_96(serialized);
 }
 
 /**
@@ -5599,18 +5616,18 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-subtract_reduce_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
+subtract_reduce_96(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
                    libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
                 b.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_sub_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+            libcrux_ml_kem_vector_portable_sub_2c(myself->coefficients[i0],
                                                   &coefficient_normal_form));
     b.coefficients[i0] = uu____0;
   }
@@ -5629,9 +5646,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-subtract_reduce_ef_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
+subtract_reduce_ef_96(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
                       libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
-  return subtract_reduce_8c(self, b);
+  return subtract_reduce_96(self, b);
 }
 
 /**
@@ -5651,13 +5668,13 @@ compute_message_d0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_96();
   KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-                      ntt_multiply_ef_8c(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                      ntt_multiply_ef_96(&secret_as_ntt[i0], &u_as_ntt[i0]);
                   add_to_ring_element_ef_d0(&result, &product););
   invert_ntt_montgomery_d0(&result);
-  result = subtract_reduce_ef_8c(v, result);
+  result = subtract_reduce_ef_96(v, result);
   return result;
 }
 
@@ -5667,17 +5684,17 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
-static KRML_MUSTINLINE void compress_then_serialize_message_8c(
+static KRML_MUSTINLINE void compress_then_serialize_message_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   KRML_MAYBE_FOR16(
       i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-          to_unsigned_field_modulus_8c(re.coefficients[i0]);
+          to_unsigned_field_modulus_96(re.coefficients[i0]);
       libcrux_ml_kem_vector_portable_vector_type_PortableVector
           coefficient_compressed =
-              libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
-      uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d(
+              libcrux_ml_kem_vector_portable_compress_1_2c(coefficient);
+      uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_2c(
           coefficient_compressed, bytes);
       Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
           serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t);
@@ -5733,7 +5750,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_7d(
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_8c(message, ret0);
+  compress_then_serialize_message_96(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -5901,7 +5918,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        deserialize_to_reduced_ring_element_8c(ring_element);
+        deserialize_to_reduced_ring_element_96(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -5923,7 +5940,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_8c(););
+                  deserialized_pk[i] = ZERO_ef_96(););
   deserialize_ring_elements_reduced_a0(public_key, deserialized_pk);
   memcpy(
       ret, deserialized_pk,
@@ -5958,7 +5975,7 @@ static KRML_MUSTINLINE void serialize_secret_key_64(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_8c(&re, ret0);
+    serialize_uncompressed_ring_element_96(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -6042,6 +6059,19 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key) {
       (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
+libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
+with const generics
+- K= 2
+*/
+static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) {
+  libcrux_ml_kem_hash_functions_portable_H(input, ret);
+}
+
 /**
  Validate an ML-KEM private key.
 
@@ -6056,9 +6086,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_30(
     libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  H_f1_fd(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)2U,
+              (size_t)768U * (size_t)2U + (size_t)32U, uint8_t),
+          t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)2U + (size_t)32U,
+      (size_t)768U * (size_t)2U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -6105,8 +6142,8 @@ with const generics
 */
 static IndCpaPrivateKeyUnpacked_d4 default_1a_a0(void) {
   IndCpaPrivateKeyUnpacked_d4 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_8c();
-  lit.secret_as_ntt[1U] = ZERO_ef_8c();
+  lit.secret_as_ntt[0U] = ZERO_ef_96();
+  lit.secret_as_ntt[1U] = ZERO_ef_96();
   return lit;
 }
 
@@ -6136,17 +6173,17 @@ with const generics
 static IndCpaPublicKeyUnpacked_d4 default_8d_a0(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_8c(););
+                  uu____0[i] = ZERO_ef_96(););
   uint8_t uu____1[32U] = {0U};
   IndCpaPublicKeyUnpacked_d4 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
       (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_8c();
-  lit.A[0U][1U] = ZERO_ef_8c();
-  lit.A[1U][0U] = ZERO_ef_8c();
-  lit.A[1U][1U] = ZERO_ef_8c();
+  lit.A[0U][0U] = ZERO_ef_96();
+  lit.A[0U][1U] = ZERO_ef_96();
+  lit.A[1U][0U] = ZERO_ef_96();
+  lit.A[1U][1U] = ZERO_ef_96();
   return lit;
 }
 
@@ -6334,7 +6371,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_64(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -6446,7 +6483,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_640(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -6475,7 +6512,7 @@ generics
 */
 static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b0(
     int16_t s[272U]) {
-  return from_i16_array_ef_8c(
+  return from_i16_array_ef_96(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -6609,7 +6646,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 sample_from_binomial_distribution_1b(Eurydice_slice randomness) {
-  return sample_from_binomial_distribution_3_8c(randomness);
+  return sample_from_binomial_distribution_3_96(randomness);
 }
 
 /**
@@ -6643,7 +6680,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b0(
       i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_1b(
           Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_96(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -6671,7 +6708,7 @@ static KRML_MUSTINLINE tuple_400 sample_vector_cbd_then_ntt_out_3b0(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_8c(););
+                  re_as_ntt[i] = ZERO_ef_96(););
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -6712,7 +6749,7 @@ static KRML_MUSTINLINE void add_to_ring_element_a0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_2c(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
     myself->coefficients[i0] = uu____0;
   }
@@ -6758,7 +6795,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_96();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -6771,10 +6808,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0(
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          ntt_multiply_ef_8c(matrix_element, &s_as_ntt[j]);
+          ntt_multiply_ef_96(matrix_element, &s_as_ntt[j]);
       add_to_ring_element_ef_a0(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_8c(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_96(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -6930,19 +6967,6 @@ generate_keypair_150(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_6d(&public_key, &private_key);
 }
 
-/**
-This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
-libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
-with const generics
-- K= 2
-*/
-static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_portable_H(input, ret);
-}
-
 /**
  Serialize the secret key.
 */
@@ -7169,7 +7193,7 @@ static KRML_MUSTINLINE tuple_400
 sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  error_1[i] = ZERO_ef_8c(););
+                  error_1[i] = ZERO_ef_96(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -7225,14 +7249,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_8c(&zeta_i, re);
-  invert_ntt_at_layer_2_8c(&zeta_i, re);
-  invert_ntt_at_layer_3_8c(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_8c(re);
+  invert_ntt_at_layer_1_96(&zeta_i, re);
+  invert_ntt_at_layer_2_96(&zeta_i, re);
+  invert_ntt_at_layer_3_96(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -7251,7 +7275,7 @@ static KRML_MUSTINLINE void compute_vector_u_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  result[i] = ZERO_ef_8c(););
+                  result[i] = ZERO_ef_96(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -7271,11 +7295,11 @@ static KRML_MUSTINLINE void compute_vector_u_a0(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+          ntt_multiply_ef_96(a_element, &r_as_ntt[j]);
       add_to_ring_element_ef_a0(&result[i1], &product);
     }
     invert_ntt_montgomery_a0(&result[i1]);
-    add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
+    add_error_reduce_ef_96(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -7297,13 +7321,13 @@ compute_ring_element_v_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_96();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-                      ntt_multiply_ef_8c(&t_as_ntt[i0], &r_as_ntt[i0]);
+                      ntt_multiply_ef_96(&t_as_ntt[i0], &r_as_ntt[i0]);
                   add_to_ring_element_ef_a0(&result, &product););
   invert_ntt_montgomery_a0(&result);
-  result = add_message_error_reduce_ef_8c(error_2, message, result);
+  result = add_message_error_reduce_ef_96(error_2, message, result);
   return result;
 }
 
@@ -7320,9 +7344,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_ff(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        compress_0d_ef(to_unsigned_field_modulus_8c(re->coefficients[i0]));
+        compress_2c_ef(to_unsigned_field_modulus_96(re->coefficients[i0]));
     uint8_t bytes[20U];
-    libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_10_2c(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t);
     Eurydice_slice_copy(
@@ -7389,7 +7413,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_86(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
-  compress_then_serialize_4_8c(re, out);
+  compress_then_serialize_4_96(re, out);
 }
 
 /**
@@ -7489,7 +7513,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a0(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
-      deserialize_then_decompress_message_8c(copy_of_message);
+      deserialize_then_decompress_message_96(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       compute_ring_element_v_a0(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
@@ -7645,7 +7669,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_8c(););
+                  secret_as_ntt[i] = ZERO_ef_96(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -7657,7 +7681,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a0(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        deserialize_to_uncompressed_ring_element_8c(secret_bytes);
+        deserialize_to_uncompressed_ring_element_96(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
   memcpy(
@@ -7673,7 +7697,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 deserialize_then_decompress_ring_element_u_0a(Eurydice_slice serialized) {
-  return deserialize_then_decompress_10_8c(serialized);
+  return deserialize_then_decompress_10_96(serialized);
 }
 
 /**
@@ -7685,14 +7709,14 @@ with const generics
 static KRML_MUSTINLINE void ntt_vector_u_0a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i = (size_t)0U;
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
-  ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
-  ntt_at_layer_3_8c(&zeta_i, re);
-  ntt_at_layer_2_8c(&zeta_i, re);
-  ntt_at_layer_1_8c(&zeta_i, re);
-  poly_barrett_reduce_ef_8c(re);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)7U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U);
+  ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U);
+  ntt_at_layer_3_96(&zeta_i, re);
+  ntt_at_layer_2_96(&zeta_i, re);
+  ntt_at_layer_1_96(&zeta_i, re);
+  poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -7712,7 +7736,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_86(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U];
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_8c(););
+                  u_as_ntt[i] = ZERO_ef_96(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t),
@@ -7747,7 +7771,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 deserialize_then_decompress_ring_element_v_64(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_8c(serialized);
+  return deserialize_then_decompress_4_96(serialized);
 }
 
 /**
@@ -7767,13 +7791,13 @@ compute_message_a0(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_96();
   KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-                      ntt_multiply_ef_8c(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                      ntt_multiply_ef_96(&secret_as_ntt[i0], &u_as_ntt[i0]);
                   add_to_ring_element_ef_a0(&result, &product););
   invert_ntt_montgomery_a0(&result);
-  result = subtract_reduce_ef_8c(v, result);
+  result = subtract_reduce_ef_96(v, result);
   return result;
 }
 
@@ -7823,7 +7847,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_d1(
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_8c(message, ret0);
+  compress_then_serialize_message_96(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -7979,7 +8003,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        deserialize_to_reduced_ring_element_8c(ring_element);
+        deserialize_to_reduced_ring_element_96(ring_element);
     deserialized_pk[i0] = uu____0;
   }
 }
@@ -8001,7 +8025,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  deserialized_pk[i] = ZERO_ef_8c(););
+                  deserialized_pk[i] = ZERO_ef_96(););
   deserialize_ring_elements_reduced_1b(public_key, deserialized_pk);
   memcpy(
       ret, deserialized_pk,
@@ -8036,7 +8060,7 @@ static KRML_MUSTINLINE void serialize_secret_key_89(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    serialize_uncompressed_ring_element_8c(&re, ret0);
+    serialize_uncompressed_ring_element_96(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -8120,6 +8144,19 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) {
       (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
+libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
+*/
+/**
+A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
+with const generics
+- K= 3
+*/
+static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) {
+  libcrux_ml_kem_hash_functions_portable_H(input, ret);
+}
+
 /**
  Validate an ML-KEM private key.
 
@@ -8134,9 +8171,16 @@ with const generics
 */
 bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  H_f1_e0(Eurydice_array_to_subslice2(
+              private_key->value, (size_t)384U * (size_t)3U,
+              (size_t)768U * (size_t)3U + (size_t)32U, uint8_t),
+          t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
+      (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -8183,9 +8227,9 @@ with const generics
 */
 static IndCpaPrivateKeyUnpacked_a0 default_1a_1b(void) {
   IndCpaPrivateKeyUnpacked_a0 lit;
-  lit.secret_as_ntt[0U] = ZERO_ef_8c();
-  lit.secret_as_ntt[1U] = ZERO_ef_8c();
-  lit.secret_as_ntt[2U] = ZERO_ef_8c();
+  lit.secret_as_ntt[0U] = ZERO_ef_96();
+  lit.secret_as_ntt[1U] = ZERO_ef_96();
+  lit.secret_as_ntt[2U] = ZERO_ef_96();
   return lit;
 }
 
@@ -8215,22 +8259,22 @@ with const generics
 static IndCpaPublicKeyUnpacked_a0 default_8d_1b(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  uu____0[i] = ZERO_ef_8c(););
+                  uu____0[i] = ZERO_ef_96(););
   uint8_t uu____1[32U] = {0U};
   IndCpaPublicKeyUnpacked_a0 lit;
   memcpy(
       lit.t_as_ntt, uu____0,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = ZERO_ef_8c();
-  lit.A[0U][1U] = ZERO_ef_8c();
-  lit.A[0U][2U] = ZERO_ef_8c();
-  lit.A[1U][0U] = ZERO_ef_8c();
-  lit.A[1U][1U] = ZERO_ef_8c();
-  lit.A[1U][2U] = ZERO_ef_8c();
-  lit.A[2U][0U] = ZERO_ef_8c();
-  lit.A[2U][1U] = ZERO_ef_8c();
-  lit.A[2U][2U] = ZERO_ef_8c();
+  lit.A[0U][0U] = ZERO_ef_96();
+  lit.A[0U][1U] = ZERO_ef_96();
+  lit.A[0U][2U] = ZERO_ef_96();
+  lit.A[1U][0U] = ZERO_ef_96();
+  lit.A[1U][1U] = ZERO_ef_96();
+  lit.A[1U][2U] = ZERO_ef_96();
+  lit.A[2U][0U] = ZERO_ef_96();
+  lit.A[2U][1U] = ZERO_ef_96();
+  lit.A[2U][2U] = ZERO_ef_96();
   return lit;
 }
 
@@ -8418,7 +8462,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -8530,7 +8574,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890(
           Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
               randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U,
               uint8_t);
-          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+          size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
               uu____0, Eurydice_array_to_subslice2(
                            out[i1], sampled_coefficients[i1],
                            sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -8559,7 +8603,7 @@ generics
 */
 static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b1(
     int16_t s[272U]) {
-  return from_i16_array_ef_8c(
+  return from_i16_array_ef_96(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -8716,7 +8760,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b1(
       i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
       re_as_ntt[i0] = sample_from_binomial_distribution_a0(
           Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-      ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]););
+      ntt_binomially_sampled_ring_element_96(&re_as_ntt[i0]););
   return domain_separator;
 }
 
@@ -8744,7 +8788,7 @@ static KRML_MUSTINLINE tuple_230 sample_vector_cbd_then_ntt_out_3b1(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  re_as_ntt[i] = ZERO_ef_8c(););
+                  re_as_ntt[i] = ZERO_ef_96(););
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
   memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -8785,7 +8829,7 @@ static KRML_MUSTINLINE void add_to_ring_element_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_2c(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
     myself->coefficients[i0] = uu____0;
   }
@@ -8831,7 +8875,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
-    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_8c();
+    libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_ef_96();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -8844,10 +8888,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b(
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          ntt_multiply_ef_8c(matrix_element, &s_as_ntt[j]);
+          ntt_multiply_ef_96(matrix_element, &s_as_ntt[j]);
       add_to_ring_element_ef_1b(&t_as_ntt[i0], &product);
     }
-    add_standard_error_reduce_ef_8c(&t_as_ntt[i0], &error_as_ntt[i0]);
+    add_standard_error_reduce_ef_96(&t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
 
@@ -9003,19 +9047,6 @@ generate_keypair_15(Eurydice_slice key_generation_seed) {
   return serialize_unpacked_secret_key_43(&public_key, &private_key);
 }
 
-/**
-This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
-libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
-*/
-/**
-A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
-with const generics
-- K= 3
-*/
-static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) {
-  libcrux_ml_kem_hash_functions_portable_H(input, ret);
-}
-
 /**
  Serialize the secret key.
 */
@@ -9210,7 +9241,7 @@ static KRML_MUSTINLINE tuple_230
 sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  error_1[i] = ZERO_ef_8c(););
+                  error_1[i] = ZERO_ef_96(););
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
   memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
@@ -9266,14 +9297,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  invert_ntt_at_layer_1_8c(&zeta_i, re);
-  invert_ntt_at_layer_2_8c(&zeta_i, re);
-  invert_ntt_at_layer_3_8c(&zeta_i, re);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U);
-  invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U);
-  poly_barrett_reduce_ef_8c(re);
+  invert_ntt_at_layer_1_96(&zeta_i, re);
+  invert_ntt_at_layer_2_96(&zeta_i, re);
+  invert_ntt_at_layer_3_96(&zeta_i, re);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U);
+  invert_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)7U);
+  poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -9292,7 +9323,7 @@ static KRML_MUSTINLINE void compute_vector_u_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  result[i] = ZERO_ef_8c(););
+                  result[i] = ZERO_ef_96(););
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
                 Eurydice_array_to_slice(
@@ -9312,11 +9343,11 @@ static KRML_MUSTINLINE void compute_vector_u_1b(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+          ntt_multiply_ef_96(a_element, &r_as_ntt[j]);
       add_to_ring_element_ef_1b(&result[i1], &product);
     }
     invert_ntt_montgomery_1b(&result[i1]);
-    add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
+    add_error_reduce_ef_96(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -9338,13 +9369,13 @@ compute_ring_element_v_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_96();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-                      ntt_multiply_ef_8c(&t_as_ntt[i0], &r_as_ntt[i0]);
+                      ntt_multiply_ef_96(&t_as_ntt[i0], &r_as_ntt[i0]);
                   add_to_ring_element_ef_1b(&result, &product););
   invert_ntt_montgomery_1b(&result);
-  result = add_message_error_reduce_ef_8c(error_2, message, result);
+  result = add_message_error_reduce_ef_96(error_2, message, result);
   return result;
 }
 
@@ -9392,7 +9423,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
-  compress_then_serialize_4_8c(re, out);
+  compress_then_serialize_4_96(re, out);
 }
 
 /**
@@ -9492,7 +9523,7 @@ static KRML_MUSTINLINE void encrypt_unpacked_2a1(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
-      deserialize_then_decompress_message_8c(copy_of_message);
+      deserialize_then_decompress_message_96(copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       compute_ring_element_v_1b(public_key->t_as_ntt, r_as_ntt, &error_2,
                                 &message_as_ring_element);
@@ -9648,7 +9679,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  secret_as_ntt[i] = ZERO_ef_8c(););
+                  secret_as_ntt[i] = ZERO_ef_96(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
                LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
@@ -9660,7 +9691,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_1b(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        deserialize_to_uncompressed_ring_element_8c(secret_bytes);
+        deserialize_to_uncompressed_ring_element_96(secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
   memcpy(
@@ -9685,7 +9716,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
-                  u_as_ntt[i] = ZERO_ef_8c(););
+                  u_as_ntt[i] = ZERO_ef_96(););
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
                Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
@@ -9720,7 +9751,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 deserialize_then_decompress_ring_element_v_89(Eurydice_slice serialized) {
-  return deserialize_then_decompress_4_8c(serialized);
+  return deserialize_then_decompress_4_96(serialized);
 }
 
 /**
@@ -9740,13 +9771,13 @@ compute_message_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
-  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_8c();
+  libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_ef_96();
   KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
                   libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-                      ntt_multiply_ef_8c(&secret_as_ntt[i0], &u_as_ntt[i0]);
+                      ntt_multiply_ef_96(&secret_as_ntt[i0], &u_as_ntt[i0]);
                   add_to_ring_element_ef_1b(&result, &product););
   invert_ntt_montgomery_1b(&result);
-  result = subtract_reduce_ef_8c(v, result);
+  result = subtract_reduce_ef_96(v, result);
   return result;
 }
 
@@ -9796,7 +9827,7 @@ static KRML_MUSTINLINE void decrypt_unpacked_42(
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
       compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt);
   uint8_t ret0[32U];
-  compress_then_serialize_message_8c(message, ret0);
+  compress_then_serialize_message_96(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 88fd26fd6..2eacb6f5a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem_portable_H
@@ -48,10 +48,10 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array);
+libcrux_ml_kem_vector_portable_from_i16_array_2c(Eurydice_slice array);
 
 typedef struct uint8_t_x11_s {
   uint8_t fst;
@@ -80,9 +80,9 @@ void libcrux_ml_kem_vector_portable_serialize_11(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_11_0d(
+void libcrux_ml_kem_vector_portable_serialize_11_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]);
 
@@ -108,10 +108,10 @@ libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a);
+libcrux_ml_kem_vector_portable_deserialize_11_2c(Eurydice_slice a);
 
 void libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
@@ -119,9 +119,9 @@ void libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_to_i16_array_0d(
+void libcrux_ml_kem_vector_portable_to_i16_array_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
     int16_t ret[16U]);
 
@@ -134,10 +134,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ZERO_0d(void);
+libcrux_ml_kem_vector_portable_ZERO_2c(void);
 
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_arithmetic_add(
@@ -146,10 +146,10 @@ libcrux_ml_kem_vector_portable_arithmetic_add(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_add_0d(
+libcrux_ml_kem_vector_portable_add_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs);
 
@@ -160,10 +160,10 @@ libcrux_ml_kem_vector_portable_arithmetic_sub(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_sub_0d(
+libcrux_ml_kem_vector_portable_sub_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs);
 
@@ -173,10 +173,10 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
+libcrux_ml_kem_vector_portable_multiply_by_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c);
 
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -185,10 +185,10 @@ libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c);
 
 /**
@@ -201,10 +201,10 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(
+libcrux_ml_kem_vector_portable_cond_subtract_3329_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v);
 
 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \
@@ -239,10 +239,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+libcrux_ml_kem_vector_portable_barrett_reduce_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v);
 
 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U)
@@ -290,10 +290,10 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r);
 
 /**
@@ -327,10 +327,10 @@ libcrux_ml_kem_vector_portable_compress_compress_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_1_0d(
+libcrux_ml_kem_vector_portable_compress_1_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a);
 
 uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
@@ -350,10 +350,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_1_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1, int16_t zeta2, int16_t zeta3);
 
@@ -364,10 +364,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_2_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1);
 
@@ -378,10 +378,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_3_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta);
 
 void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
@@ -395,10 +395,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1, int16_t zeta2, int16_t zeta3);
 
@@ -409,10 +409,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1);
 
@@ -423,10 +423,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta);
 
 /**
@@ -464,10 +464,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_multiply_0d(
+libcrux_ml_kem_vector_portable_ntt_multiply_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
     int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3);
@@ -482,9 +482,9 @@ void libcrux_ml_kem_vector_portable_serialize_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_1_0d(
+void libcrux_ml_kem_vector_portable_serialize_1_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]);
 
@@ -496,10 +496,10 @@ libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a);
+libcrux_ml_kem_vector_portable_deserialize_1_2c(Eurydice_slice a);
 
 typedef struct uint8_t_x4_s {
   uint8_t fst;
@@ -521,9 +521,9 @@ void libcrux_ml_kem_vector_portable_serialize_4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_4_0d(
+void libcrux_ml_kem_vector_portable_serialize_4_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]);
 
@@ -538,10 +538,10 @@ libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a);
+libcrux_ml_kem_vector_portable_deserialize_4_2c(Eurydice_slice a);
 
 typedef struct uint8_t_x5_s {
   uint8_t fst;
@@ -564,9 +564,9 @@ void libcrux_ml_kem_vector_portable_serialize_5(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_5_0d(
+void libcrux_ml_kem_vector_portable_serialize_5_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]);
 
@@ -581,10 +581,10 @@ libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a);
+libcrux_ml_kem_vector_portable_deserialize_5_2c(Eurydice_slice a);
 
 uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
     Eurydice_slice v);
@@ -599,9 +599,9 @@ void libcrux_ml_kem_vector_portable_serialize_10(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_10_0d(
+void libcrux_ml_kem_vector_portable_serialize_10_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]);
 
@@ -616,10 +616,10 @@ libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a);
+libcrux_ml_kem_vector_portable_deserialize_10_2c(Eurydice_slice a);
 
 typedef struct uint8_t_x3_s {
   uint8_t fst;
@@ -640,9 +640,9 @@ void libcrux_ml_kem_vector_portable_serialize_12(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-void libcrux_ml_kem_vector_portable_serialize_12_0d(
+void libcrux_ml_kem_vector_portable_serialize_12_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]);
 
@@ -662,19 +662,19 @@ libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a);
+libcrux_ml_kem_vector_portable_deserialize_12_2c(Eurydice_slice a);
 
 size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(
     Eurydice_slice a, Eurydice_slice result);
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-size_t libcrux_ml_kem_vector_portable_rej_sample_0d(Eurydice_slice a,
+size_t libcrux_ml_kem_vector_portable_rej_sample_2c(Eurydice_slice a,
                                                     Eurydice_slice out);
 
 /**
@@ -685,6 +685,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector
 libcrux_ml_kem_vector_portable_vector_type_clone_3b(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *self);
 
+/**
+This function found in impl {(libcrux_ml_kem::vector::traits::Repr for
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+*/
+void libcrux_ml_kem_vector_portable_repr_94(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
+    int16_t ret[16U]);
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index aae1f9684..a9ba58c6d 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 0bfdf225b..54eba8306 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 0313a44b0..e76f57b2d 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index bd57a7437..0516278ef 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index e27e9d6c8..c5731d420 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index d8b6db0f3..d951056fc 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 9bf2d44d7..6e9a711b4 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
-Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
-Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
-F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 30272dcd6..052dc1e0b 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_core_H
@@ -2803,10 +2803,10 @@ with const generics
 */
 static KRML_MUSTINLINE uint8_t libcrux_ml_kem_utils_prf_input_inc_e0(
     uint8_t (*prf_inputs)[33U], uint8_t domain_separator) {
-  uint8_t _prf_inputs_init[3U][33U];
+  uint8_t ret[3U][33U];
   core_array___core__clone__Clone_for__Array_T__N___20__clone(
-      (size_t)3U, prf_inputs, _prf_inputs_init, uint8_t[33U], void *);
-  LowStar_Ignore_ignore(_prf_inputs_init, uint8_t[3U][33U], void *);
+      (size_t)3U, prf_inputs, ret, uint8_t[33U], void *);
+  LowStar_Ignore_ignore(ret, uint8_t[3U][33U], void *);
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     prf_inputs[i0][32U] = domain_separator;
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 140b4bb1c..13f94e042 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 5f425463e..0ea2b2306 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -53,10 +53,10 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) {
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_9a(void) {
   return libcrux_ml_kem_vector_avx2_vec_zero();
 }
 
@@ -68,11 +68,11 @@ libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) {
+libcrux_ml_kem_vector_avx2_from_i16_array_9a(Eurydice_slice array) {
   return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array);
 }
 
@@ -87,10 +87,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array_9a(
     __m256i x, int16_t ret[16U]) {
   libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret);
 }
@@ -103,10 +103,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs,
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_add_9a(__m256i lhs,
                                                                  __m256i *rhs) {
   return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]);
 }
@@ -119,10 +119,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs,
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_sub_9a(__m256i lhs,
                                                                  __m256i *rhs) {
   return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]);
 }
@@ -137,11 +137,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c) {
+libcrux_ml_kem_vector_avx2_multiply_by_constant_9a(__m256i vec, int16_t c) {
   return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c);
 }
 
@@ -155,11 +155,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(__m256i vector,
+libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(__m256i vector,
                                                         int16_t constant) {
   return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant(
       vector, constant);
@@ -188,11 +188,11 @@ libcrux_ml_kem_vector_avx2_cond_subtract_3329(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) {
+libcrux_ml_kem_vector_avx2_cond_subtract_3329_9a(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_cond_subtract_3329(vector);
 }
 
@@ -223,11 +223,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) {
+libcrux_ml_kem_vector_avx2_barrett_reduce_9a(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector);
 }
 
@@ -254,11 +254,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
     __m256i vector, int16_t constant) {
   return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant(
       vector, constant);
@@ -294,11 +294,11 @@ libcrux_ml_kem_vector_avx2_compress_1(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) {
+libcrux_ml_kem_vector_avx2_compress_1_9a(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_1(vector);
 }
 
@@ -361,10 +361,10 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
   return libcrux_ml_kem_vector_avx2_ntt_layer_1_step(vector, zeta0, zeta1,
@@ -395,10 +395,10 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_9a(
     __m256i vector, int16_t zeta0, int16_t zeta1) {
   return libcrux_ml_kem_vector_avx2_ntt_layer_2_step(vector, zeta0, zeta1);
 }
@@ -445,11 +445,11 @@ libcrux_ml_kem_vector_avx2_ntt_layer_3_step(__m256i vector, int16_t zeta) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, int16_t zeta) {
+libcrux_ml_kem_vector_avx2_ntt_layer_3_step_9a(__m256i vector, int16_t zeta) {
   return libcrux_ml_kem_vector_avx2_ntt_layer_3_step(vector, zeta);
 }
 
@@ -492,11 +492,11 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(__m256i vector,
+libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_9a(__m256i vector,
                                                    int16_t zeta0, int16_t zeta1,
                                                    int16_t zeta2,
                                                    int16_t zeta3) {
@@ -539,11 +539,11 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector,
+libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_9a(__m256i vector,
                                                    int16_t zeta0,
                                                    int16_t zeta1) {
   return libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step(vector, zeta0, zeta1);
@@ -575,11 +575,11 @@ libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(__m256i vector, int16_t zeta) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector,
+libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_9a(__m256i vector,
                                                    int16_t zeta) {
   return libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step(vector, zeta);
 }
@@ -681,10 +681,10 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(
+static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_9a(
     __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2,
     int16_t zeta3) {
   return libcrux_ml_kem_vector_avx2_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2,
@@ -713,10 +713,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_1_9a(
     __m256i vector, uint8_t ret[2U]) {
   libcrux_ml_kem_vector_avx2_serialize_1(vector, ret);
 }
@@ -763,11 +763,11 @@ libcrux_ml_kem_vector_avx2_deserialize_1(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_1_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_1(bytes);
 }
 
@@ -828,10 +828,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_4_9a(
     __m256i vector, uint8_t ret[8U]) {
   libcrux_ml_kem_vector_avx2_serialize_4(vector, ret);
 }
@@ -890,11 +890,11 @@ libcrux_ml_kem_vector_avx2_deserialize_4(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_4_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_4(bytes);
 }
 
@@ -946,10 +946,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_5_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_5_9a(
     __m256i vector, uint8_t ret[10U]) {
   libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret);
 }
@@ -1018,11 +1018,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_5_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes);
 }
 
@@ -1095,10 +1095,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_10_9a(
     __m256i vector, uint8_t ret[20U]) {
   libcrux_ml_kem_vector_avx2_serialize_10(vector, ret);
 }
@@ -1153,11 +1153,11 @@ libcrux_ml_kem_vector_avx2_deserialize_10(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_10_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_10(bytes);
 }
 
@@ -1168,19 +1168,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11(
   libcrux_intrinsics_avx2_mm256_storeu_si256_i16(
       Eurydice_array_to_slice((size_t)16U, array, int16_t), vector);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector input =
-      libcrux_ml_kem_vector_portable_from_i16_array_0d(
+      libcrux_ml_kem_vector_portable_from_i16_array_2c(
           Eurydice_array_to_slice((size_t)16U, array, int16_t));
   uint8_t ret0[22U];
-  libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0);
+  libcrux_ml_kem_vector_portable_serialize_11_2c(input, ret0);
   memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t));
 }
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_11_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_11_9a(
     __m256i vector, uint8_t ret[22U]) {
   libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret);
 }
@@ -1189,20 +1189,20 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
 libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector output =
-      libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
+      libcrux_ml_kem_vector_portable_deserialize_11_2c(bytes);
   int16_t array[16U];
-  libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array);
+  libcrux_ml_kem_vector_portable_to_i16_array_2c(output, array);
   return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(
       Eurydice_array_to_slice((size_t)16U, array, int16_t));
 }
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_11_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes);
 }
 
@@ -1269,10 +1269,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12_09(
+static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_12_9a(
     __m256i vector, uint8_t ret[24U]) {
   libcrux_ml_kem_vector_avx2_serialize_12(vector, ret);
 }
@@ -1326,11 +1326,11 @@ libcrux_ml_kem_vector_avx2_deserialize_12(Eurydice_slice bytes) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) {
+libcrux_ml_kem_vector_avx2_deserialize_12_9a(Eurydice_slice bytes) {
   return libcrux_ml_kem_vector_avx2_deserialize_12(bytes);
 }
 
@@ -1382,10 +1382,10 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_rej_sample_09(
+static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_rej_sample_9a(
     Eurydice_slice input, Eurydice_slice output) {
   return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output);
 }
@@ -1412,24 +1412,24 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_ZERO_ef_61(void) {
+libcrux_ml_kem_polynomial_ZERO_ef_79(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
   return lit;
 }
 
@@ -1442,7 +1442,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ab(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -1453,16 +1453,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_61(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_79(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
-    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes);
+    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_9a(bytes);
   }
   return re;
 }
@@ -1482,7 +1482,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
@@ -1495,7 +1495,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_61(
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_79(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
@@ -1525,7 +1525,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ed(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -1578,17 +1578,17 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ef(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_ef(
     __m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef(
       vector);
@@ -1602,18 +1602,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_61(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_79(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_9a(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ef(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_ef(
             coefficient);
   }
   return re;
@@ -1669,17 +1669,17 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 11
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_c4(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_c4(
     __m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4(
       vector);
@@ -1693,18 +1693,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_61(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_79(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_9a(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_c4(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_c4(
             coefficient);
   }
   return re;
@@ -1720,7 +1720,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ee(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_61(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_79(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s {
@@ -1736,8 +1736,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_traits_montgomery_multiply_fe_61(__m256i v, int16_t fer) {
-  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer);
+libcrux_ml_kem_vector_traits_montgomery_multiply_fe_79(__m256i v, int16_t fer) {
+  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(v, fer);
 }
 
 /**
@@ -1748,11 +1748,11 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_ntt_ntt_layer_int_vec_step_61(__m256i a, __m256i b,
+libcrux_ml_kem_ntt_ntt_layer_int_vec_step_79(__m256i a, __m256i b,
                                              int16_t zeta_r) {
-  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_61(b, zeta_r);
-  b = libcrux_ml_kem_vector_avx2_sub_09(a, &t);
-  a = libcrux_ml_kem_vector_avx2_add_09(a, &t);
+  __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_79(b, zeta_r);
+  b = libcrux_ml_kem_vector_avx2_sub_9a(a, &t);
+  a = libcrux_ml_kem_vector_avx2_add_9a(a, &t);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -1764,7 +1764,7 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -1777,7 +1777,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_61(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_79(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -1795,13 +1795,13 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
-    re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(
+    re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_9a(
         re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
   }
 }
@@ -1813,13 +1813,13 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
-    re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(
+    re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_9a(
         re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
         libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -1833,13 +1833,13 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
-    re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(
+    re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_9a(
         re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
         libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
         libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
@@ -1855,13 +1855,13 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     myself->coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_barrett_reduce_09(myself->coefficients[i0]);
+        libcrux_ml_kem_vector_avx2_barrett_reduce_9a(myself->coefficients[i0]);
   }
 }
 
@@ -1877,9 +1877,9 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_61(self);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_79(self);
 }
 
 /**
@@ -1892,21 +1892,21 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ee(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_79(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_79(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_79(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -1928,7 +1928,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
@@ -2007,17 +2007,17 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_d1(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_d1(
     __m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1(
       vector);
@@ -2031,18 +2031,18 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_79(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_9a(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_d1(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_d1(
             coefficient);
   }
   return re;
@@ -2098,17 +2098,17 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
+libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_9a with const
 generics
 - COEFFICIENT_BITS= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f4(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_f4(
     __m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4(
       vector);
@@ -2122,18 +2122,18 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_61(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_79(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
-    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
+    re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_9a(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f4(
+        libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_9a_f4(
             re.coefficients[i0]);
   }
   return re;
@@ -2150,7 +2150,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ed(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_61(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_79(serialized);
 }
 
 /**
@@ -2161,24 +2161,24 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_ZERO_61(void) {
+libcrux_ml_kem_polynomial_ZERO_79(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_9a();
   return lit;
 }
 
@@ -2217,15 +2217,15 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_ntt_multiply_61(
+libcrux_ml_kem_polynomial_ntt_multiply_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out =
-      libcrux_ml_kem_polynomial_ZERO_61();
+      libcrux_ml_kem_polynomial_ZERO_79();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09(
+    out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_9a(
         &myself->coefficients[i0], &rhs->coefficients[i0],
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
         libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
@@ -2251,10 +2251,10 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_ntt_multiply_ef_61(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) {
-  return libcrux_ml_kem_polynomial_ntt_multiply_61(self, rhs);
+  return libcrux_ml_kem_polynomial_ntt_multiply_79(self, rhs);
 }
 
 /**
@@ -2277,7 +2277,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ab(
                               __m256i);
        i++) {
     size_t i0 = i;
-    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09(
+    myself->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_9a(
         myself->coefficients[i0], &rhs->coefficients[i0]);
   }
 }
@@ -2307,14 +2307,14 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(
+        libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_9a(
             re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
@@ -2330,14 +2330,14 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(
+        libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_9a(
             re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2351,14 +2351,14 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(
+        libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_9a(
             re->coefficients[round],
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
   }
@@ -2372,13 +2372,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(__m256i a,
+libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_79(__m256i a,
                                                                __m256i b,
                                                                int16_t zeta_r) {
-  __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
-  a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-      libcrux_ml_kem_vector_avx2_add_09(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_61(a_minus_b, zeta_r);
+  __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_9a(b, &a);
+  a = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+      libcrux_ml_kem_vector_avx2_add_9a(a, &b));
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_79(a_minus_b, zeta_r);
   return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a,
                                                                 .snd = b});
 }
@@ -2391,7 +2391,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2406,7 +2406,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_79(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       __m256i x = uu____0.fst;
@@ -2428,18 +2428,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_61(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_61(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_79(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_79(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_79(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_61(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -2450,17 +2450,17 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_subtract_reduce_61(
+libcrux_ml_kem_polynomial_subtract_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
             b.coefficients[i0], (int16_t)1441);
-    b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_sub_09(myself->coefficients[i0],
+    b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+        libcrux_ml_kem_vector_avx2_sub_9a(myself->coefficients[i0],
                                           &coefficient_normal_form));
   }
   return b;
@@ -2479,10 +2479,10 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_subtract_reduce_ef_61(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) {
-  return libcrux_ml_kem_polynomial_subtract_reduce_61(self, b);
+  return libcrux_ml_kem_polynomial_subtract_reduce_79(self, b);
 }
 
 /**
@@ -2504,16 +2504,16 @@ libcrux_ml_kem_matrix_compute_message_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_61(&secret_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_79(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
     libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&result, &product);
   }
   libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_61(v, result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_79(v, result);
   return result;
 }
 
@@ -2530,16 +2530,16 @@ libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ef(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_9a
 with const generics
 - SHIFT_BY= 15
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_shift_right_09_ef(__m256i vector) {
+libcrux_ml_kem_vector_avx2_shift_right_9a_ef(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ef(vector);
 }
 
@@ -2551,11 +2551,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_traits_to_unsigned_representative_61(__m256i a) {
-  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_ef(a);
-  __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
+libcrux_ml_kem_vector_traits_to_unsigned_representative_79(__m256i a) {
+  __m256i t = libcrux_ml_kem_vector_avx2_shift_right_9a_ef(a);
+  __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(
       t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
+  return libcrux_ml_kem_vector_avx2_add_9a(a, &fm);
 }
 
 /**
@@ -2566,8 +2566,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(__m256i a) {
-  return libcrux_ml_kem_vector_traits_to_unsigned_representative_61(a);
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_79(__m256i a) {
+  return libcrux_ml_kem_vector_traits_to_unsigned_representative_79(a);
 }
 
 /**
@@ -2578,17 +2578,17 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_61(
+libcrux_ml_kem_serialize_compress_then_serialize_message_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_79(
         re.coefficients[i0]);
     __m256i coefficient_compressed =
-        libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
+        libcrux_ml_kem_vector_avx2_compress_1_9a(coefficient);
     uint8_t bytes[2U];
-    libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_1_9a(coefficient_compressed, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t);
     Eurydice_slice_copy(
@@ -2645,7 +2645,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f(
       libcrux_ml_kem_matrix_compute_message_ab(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_61(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_79(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -2753,7 +2753,7 @@ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63
 libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   uint8_t uu____1[32U] = {0U};
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit;
@@ -2761,15 +2761,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(void) {
       lit.t_as_ntt, uu____0,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   return lit;
 }
 
@@ -2787,18 +2787,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_61(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_79(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes);
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_9a(bytes);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient);
+        libcrux_ml_kem_vector_avx2_cond_subtract_3329_9a(coefficient);
   }
   return re;
 }
@@ -2828,7 +2828,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_61(
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_79(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -2990,7 +2990,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed(
         Eurydice_slice uu____0 =
             Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
                                         r * (size_t)24U + (size_t)24U, uint8_t);
-        size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+        size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
             uu____0, Eurydice_array_to_subslice2(
                          out[i1], sampled_coefficients[i1],
                          sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -3124,7 +3124,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed0(
         Eurydice_slice uu____0 =
             Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
                                         r * (size_t)24U + (size_t)24U, uint8_t);
-        size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09(
+        size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_9a(
             uu____0, Eurydice_array_to_subslice2(
                          out[i1], sampled_coefficients[i1],
                          sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -3155,14 +3155,14 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_from_i16_array_61(Eurydice_slice a) {
+libcrux_ml_kem_polynomial_from_i16_array_79(Eurydice_slice a) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
-      libcrux_ml_kem_polynomial_ZERO_61();
+      libcrux_ml_kem_polynomial_ZERO_79();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     result.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2(
+        libcrux_ml_kem_vector_avx2_from_i16_array_9a(Eurydice_slice_subslice2(
             a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t));
   }
   return result;
@@ -3181,8 +3181,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_from_i16_array_ef_61(Eurydice_slice a) {
-  return libcrux_ml_kem_polynomial_from_i16_array_61(a);
+libcrux_ml_kem_polynomial_from_i16_array_ef_79(Eurydice_slice a) {
+  return libcrux_ml_kem_polynomial_from_i16_array_79(a);
 }
 
 /**
@@ -3194,7 +3194,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_sampling_sample_from_xof_closure_6c(int16_t s[272U]) {
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_79(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -3367,7 +3367,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_b4(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -3478,7 +3478,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_61(
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_79(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -3513,7 +3513,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_61(
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_79(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3525,7 +3525,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_61(
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_79(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -3559,7 +3559,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_61(
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_79(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -3573,7 +3573,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
     Eurydice_slice randomness) {
-  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_61(
+  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_79(
       randomness);
 }
 
@@ -3584,17 +3584,17 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
-    __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09(
+    __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_9a(
         re->coefficients[j + step], (int16_t)-1600);
     re->coefficients[j + step] =
-        libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_avx2_sub_9a(re->coefficients[j], &t);
     re->coefficients[j] =
-        libcrux_ml_kem_vector_avx2_add_09(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_avx2_add_9a(re->coefficients[j], &t);
   }
 }
 
@@ -3606,23 +3606,23 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_61(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_79(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_61(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_61(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_79(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_61(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_79(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_61(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_79(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_61(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_79(re);
 }
 
 /**
@@ -3658,7 +3658,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b4(
     re_as_ntt[i0] =
         libcrux_ml_kem_sampling_sample_from_binomial_distribution_89(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_61(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -3677,7 +3677,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_b4(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
@@ -3708,7 +3708,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b4(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -3728,7 +3728,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -3800,7 +3800,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_matrix_compute_vector_u_closure_ab(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -3810,17 +3810,17 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
             myself->coefficients[j], (int16_t)1441);
-    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+        libcrux_ml_kem_vector_avx2_add_9a(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
@@ -3837,10 +3837,10 @@ with const generics
 
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_61(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
-  libcrux_ml_kem_polynomial_add_error_reduce_61(self, error);
+  libcrux_ml_kem_polynomial_add_error_reduce_79(self, error);
 }
 
 /**
@@ -3860,7 +3860,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
@@ -3881,12 +3881,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ab(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_61(a_element, &r_as_ntt[j]);
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_79(a_element, &r_as_ntt[j]);
       libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&result[i1],
                                                           &product);
     }
     libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(&result[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_61(&result[i1], &error_1[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_79(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -3901,10 +3901,10 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_traits_decompress_1_61(__m256i vec) {
-  __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
-  __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
-  return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s,
+libcrux_ml_kem_vector_traits_decompress_1_79(__m256i vec) {
+  __m256i z = libcrux_ml_kem_vector_avx2_ZERO_9a();
+  __m256i s = libcrux_ml_kem_vector_avx2_sub_9a(z, &vec);
+  return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_9a(s,
                                                                  (int16_t)1665);
 }
 
@@ -3916,18 +3916,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_79(
     uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     __m256i coefficient_compressed =
-        libcrux_ml_kem_vector_avx2_deserialize_1_09(
+        libcrux_ml_kem_vector_avx2_deserialize_1_9a(
             Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                         (size_t)2U * i0 + (size_t)2U, uint8_t));
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_traits_decompress_1_61(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_79(coefficient_compressed);
   }
   return re;
 }
@@ -3940,7 +3940,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_add_message_error_reduce_61(
+libcrux_ml_kem_polynomial_add_message_error_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
@@ -3948,14 +3948,14 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_61(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+        libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
             result.coefficients[i0], (int16_t)1441);
-    __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(myself->coefficients[i0],
+    __m256i tmp = libcrux_ml_kem_vector_avx2_add_9a(myself->coefficients[i0],
                                                     &message->coefficients[i0]);
     __m256i tmp0 =
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp);
+        libcrux_ml_kem_vector_avx2_add_9a(coefficient_normal_form, &tmp);
     result.coefficients[i0] =
-        libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0);
+        libcrux_ml_kem_vector_avx2_barrett_reduce_9a(tmp0);
   }
   return result;
 }
@@ -3973,11 +3973,11 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) {
-  return libcrux_ml_kem_polynomial_add_message_error_reduce_61(self, message,
+  return libcrux_ml_kem_polynomial_add_message_error_reduce_79(self, message,
                                                                result);
 }
 
@@ -3998,16 +3998,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result =
-      libcrux_ml_kem_polynomial_ZERO_ef_61();
+      libcrux_ml_kem_polynomial_ZERO_ef_79();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_61(&t_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_79(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
     libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&result, &product);
   }
   libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_61(
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_79(
       error_2, message, result);
   return result;
 }
@@ -4079,16 +4079,16 @@ libcrux_ml_kem_vector_avx2_compress_ef(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 10
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_09_ef(__m256i vector) {
+libcrux_ml_kem_vector_avx2_compress_9a_ef(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_ef(vector);
 }
 
@@ -4106,11 +4106,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_0e(
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_ef(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_9a_ef(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_79(
             re->coefficients[i0]));
     uint8_t bytes[20U];
-    libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_10_9a(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t);
     Eurydice_slice_copy(
@@ -4186,16 +4186,16 @@ libcrux_ml_kem_vector_avx2_compress_c4(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 11
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_09_c4(__m256i vector) {
+libcrux_ml_kem_vector_avx2_compress_9a_c4(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_c4(vector);
 }
 
@@ -4213,11 +4213,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_0e(
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_c4(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_9a_c4(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_79(
             re->coefficients[i0]));
     uint8_t bytes[22U];
-    libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_11_9a(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t);
     Eurydice_slice_copy(
@@ -4345,16 +4345,16 @@ libcrux_ml_kem_vector_avx2_compress_d1(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 4
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_09_d1(__m256i vector) {
+libcrux_ml_kem_vector_avx2_compress_9a_d1(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_d1(vector);
 }
 
@@ -4366,17 +4366,17 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_61(
+libcrux_ml_kem_serialize_compress_then_serialize_4_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_d1(
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
+    __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_9a_d1(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_79(
             re.coefficients[i0]));
     uint8_t bytes[8U];
-    libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_4_9a(coefficient, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
@@ -4451,16 +4451,16 @@ libcrux_ml_kem_vector_avx2_compress_f4(__m256i vector) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)#2}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#3}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
+A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_9a
 with const generics
 - COEFFICIENT_BITS= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_09_f4(__m256i vector) {
+libcrux_ml_kem_vector_avx2_compress_9a_f4(__m256i vector) {
   return libcrux_ml_kem_vector_avx2_compress_f4(vector);
 }
 
@@ -4472,17 +4472,17 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_61(
+libcrux_ml_kem_serialize_compress_then_serialize_5_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_f4(
-        libcrux_ml_kem_vector_traits_to_unsigned_representative_61(
+    __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_9a_f4(
+        libcrux_ml_kem_vector_traits_to_unsigned_representative_79(
             re.coefficients[i0]));
     uint8_t bytes[10U];
-    libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_5_9a(coefficients, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)10U * i0,
                                  (size_t)10U * i0 + (size_t)10U, uint8_t),
@@ -4502,7 +4502,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ed(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_61(re, out);
+  libcrux_ml_kem_serialize_compress_then_serialize_4_79(re, out);
 }
 
 /**
@@ -4603,7 +4603,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_61(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_79(
           copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v =
       libcrux_ml_kem_matrix_compute_ring_element_v_ab(
@@ -5045,9 +5045,9 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63
 libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab(void) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 lit;
-  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
-  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
+  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   return lit;
 }
 
@@ -5086,8 +5086,8 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_traits_to_standard_domain_61(__m256i v) {
-  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
+libcrux_ml_kem_vector_traits_to_standard_domain_79(__m256i v) {
+  return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_9a(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
 
@@ -5099,17 +5099,17 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_61(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t j = i;
     __m256i coefficient_normal_form =
-        libcrux_ml_kem_vector_traits_to_standard_domain_61(
+        libcrux_ml_kem_vector_traits_to_standard_domain_79(
             myself->coefficients[j]);
-    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
-        libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
+    myself->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_9a(
+        libcrux_ml_kem_vector_avx2_add_9a(coefficient_normal_form,
                                           &error->coefficients[j]));
   }
 }
@@ -5127,10 +5127,10 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) {
-  libcrux_ml_kem_polynomial_add_standard_error_reduce_61(self, error);
+  libcrux_ml_kem_polynomial_add_standard_error_reduce_79(self, error);
 }
 
 /**
@@ -5158,7 +5158,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0];
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-        libcrux_ml_kem_polynomial_ZERO_ef_61();
+        libcrux_ml_kem_polynomial_ZERO_ef_79();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -5171,12 +5171,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab(
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_61(matrix_element,
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_79(matrix_element,
                                                        &s_as_ntt[j]);
       libcrux_ml_kem_polynomial_add_to_ring_element_ef_ab(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_61(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_79(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -5287,16 +5287,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_61(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
-    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_61(
+    __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_79(
         re->coefficients[i0]);
     uint8_t bytes[24U];
-    libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
+    libcrux_ml_kem_vector_avx2_serialize_12_9a(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t);
     Eurydice_slice_copy(
@@ -5334,7 +5334,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_61(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -6281,9 +6281,17 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  libcrux_ml_kem_hash_functions_avx2_H_a9_e0(
+      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
+                                  (size_t)768U * (size_t)3U + (size_t)32U,
+                                  uint8_t),
+      t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
+      (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -6394,7 +6402,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ab(
     size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -6416,7 +6424,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ab(
       public_key, deserialized_pk);
@@ -6855,7 +6863,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_closure_ab(size_t _j) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_61();
+  return libcrux_ml_kem_polynomial_ZERO_ef_79();
 }
 
 /**
@@ -6868,7 +6876,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_ab(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_61();
+    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_79();
   }
 }
 
@@ -6885,7 +6893,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
-libcrux_ml_kem_polynomial_clone_8d_61(
+libcrux_ml_kem_polynomial_clone_8d_79(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit;
   __m256i ret[16U];
@@ -6918,7 +6926,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_ab(
     for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) {
       size_t j = i1;
       libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_61(&ind_cpa_a[j][i0]);
+          libcrux_ml_kem_polynomial_clone_8d_79(&ind_cpa_a[j][i0]);
       A[i0][j] = uu____0;
     }
   }
@@ -7204,7 +7212,7 @@ generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6
 libcrux_ml_kem_sampling_sample_from_xof_closure_b3(int16_t s[272U]) {
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_61(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_79(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -7833,13 +7841,23 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key(
 
 /**
 This function found in impl {(core::clone::Clone for
-libcrux_ml_kem::vector::avx2::SIMD256Vector)}
+libcrux_ml_kem::vector::avx2::SIMD256Vector)#1}
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) {
+static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) {
   return self[0U];
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::vector::traits::Repr for
+libcrux_ml_kem::vector::avx2::SIMD256Vector)}
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_kem_vector_avx2_repr_11(__m256i x,
+                                                      int16_t ret[16U]) {
+  libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret);
+}
+
 typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63
     libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked;
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index ed8fddfd7..8639096c4 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -125,10 +125,10 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) {
+libcrux_ml_kem_vector_portable_from_i16_array_2c(Eurydice_slice array) {
   return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array);
 }
 
@@ -261,9 +261,9 @@ static inline void libcrux_ml_kem_vector_portable_serialize_11(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_serialize_11_0d(
+static inline void libcrux_ml_kem_vector_portable_serialize_11_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[22U]) {
   libcrux_ml_kem_vector_portable_serialize_11(a, ret);
@@ -377,10 +377,10 @@ libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_11_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_11(a);
 }
 
@@ -393,9 +393,9 @@ libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d(
+static inline void libcrux_ml_kem_vector_portable_to_i16_array_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
     int16_t ret[16U]) {
   libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret);
@@ -940,10 +940,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ZERO_0d(void) {
+libcrux_ml_kem_vector_portable_ZERO_2c(void) {
   return libcrux_ml_kem_vector_portable_vector_type_zero();
 }
 
@@ -962,10 +962,10 @@ libcrux_ml_kem_vector_portable_arithmetic_add(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_add_0d(
+libcrux_ml_kem_vector_portable_add_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
   return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs);
@@ -986,10 +986,10 @@ libcrux_ml_kem_vector_portable_arithmetic_sub(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_sub_0d(
+libcrux_ml_kem_vector_portable_sub_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
   return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs);
@@ -1009,10 +1009,10 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
+libcrux_ml_kem_vector_portable_multiply_by_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) {
   return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c);
 }
@@ -1031,10 +1031,10 @@ libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
   return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v,
                                                                              c);
@@ -1060,10 +1060,10 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(
+libcrux_ml_kem_vector_portable_cond_subtract_3329_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v);
 }
@@ -1118,10 +1118,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+libcrux_ml_kem_vector_portable_barrett_reduce_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v);
 }
@@ -1201,10 +1201,10 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) {
   return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
       v, r);
@@ -1259,10 +1259,10 @@ libcrux_ml_kem_vector_portable_compress_compress_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_1_0d(
+libcrux_ml_kem_vector_portable_compress_1_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_compress_1(a);
 }
@@ -1322,10 +1322,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_1_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1, int16_t zeta2, int16_t zeta3) {
   return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1,
@@ -1357,10 +1357,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_2_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1) {
   return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1);
@@ -1391,10 +1391,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
+libcrux_ml_kem_vector_portable_ntt_layer_3_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
   return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta);
 }
@@ -1438,10 +1438,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1, int16_t zeta2, int16_t zeta3) {
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
@@ -1473,10 +1473,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
     int16_t zeta1) {
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0,
@@ -1508,10 +1508,10 @@ libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
+libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
   return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
 }
@@ -1601,10 +1601,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_ntt_multiply_0d(
+libcrux_ml_kem_vector_portable_ntt_multiply_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
     libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
     int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
@@ -1644,9 +1644,9 @@ static inline void libcrux_ml_kem_vector_portable_serialize_1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_serialize_1_0d(
+static inline void libcrux_ml_kem_vector_portable_serialize_1_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[2U]) {
   libcrux_ml_kem_vector_portable_serialize_1(a, ret);
@@ -1743,10 +1743,10 @@ libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_1_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_1(a);
 }
 
@@ -1813,9 +1813,9 @@ static inline void libcrux_ml_kem_vector_portable_serialize_4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_serialize_4_0d(
+static inline void libcrux_ml_kem_vector_portable_serialize_4_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[8U]) {
   libcrux_ml_kem_vector_portable_serialize_4(a, ret);
@@ -1895,10 +1895,10 @@ libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_4_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_4(a);
 }
 
@@ -1964,9 +1964,9 @@ static inline void libcrux_ml_kem_vector_portable_serialize_5(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_serialize_5_0d(
+static inline void libcrux_ml_kem_vector_portable_serialize_5_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[10U]) {
   libcrux_ml_kem_vector_portable_serialize_5(a, ret);
@@ -2057,10 +2057,10 @@ libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_5_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_5(a);
 }
 
@@ -2144,9 +2144,9 @@ static inline void libcrux_ml_kem_vector_portable_serialize_10(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_serialize_10_0d(
+static inline void libcrux_ml_kem_vector_portable_serialize_10_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[20U]) {
   libcrux_ml_kem_vector_portable_serialize_10(a, ret);
@@ -2245,10 +2245,10 @@ libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_10_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_10(a);
 }
 
@@ -2332,9 +2332,9 @@ static inline void libcrux_ml_kem_vector_portable_serialize_12(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline void libcrux_ml_kem_vector_portable_serialize_12_0d(
+static inline void libcrux_ml_kem_vector_portable_serialize_12_2c(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
     uint8_t ret[24U]) {
   libcrux_ml_kem_vector_portable_serialize_12(a, ret);
@@ -2407,10 +2407,10 @@ libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
+libcrux_ml_kem_vector_portable_deserialize_12_2c(Eurydice_slice a) {
   return libcrux_ml_kem_vector_portable_deserialize_12(a);
 }
 
@@ -2477,9 +2477,9 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
-static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d(
+static inline size_t libcrux_ml_kem_vector_portable_rej_sample_2c(
     Eurydice_slice a, Eurydice_slice out) {
   return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out);
 }
@@ -2568,24 +2568,24 @@ with const generics
 
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_ZERO_ef_8c(void) {
+libcrux_ml_kem_polynomial_ZERO_ef_96(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_2c();
   return lit;
 }
 
@@ -2597,7 +2597,7 @@ with const generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_1b(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -2607,17 +2607,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8c(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_96(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_12_2c(bytes);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -2637,7 +2637,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(secret_key, uint8_t) /
@@ -2650,7 +2650,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8c(
+        libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_96(
             secret_bytes);
     secret_as_ntt[i0] = uu____0;
   }
@@ -2679,7 +2679,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6c(size_t _) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -2705,16 +2705,16 @@ libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ef(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
       a);
@@ -2727,19 +2727,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_8c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_96(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_10_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ef(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_ef(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2769,16 +2769,16 @@ libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_c4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_c4(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_c4(
       a);
@@ -2791,19 +2791,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_8c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_96(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_11_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_c4(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_c4(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -2819,7 +2819,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8c(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_10_96(serialized);
 }
 
 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
@@ -2834,9 +2834,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_montgomery_multiply_fe_8c(
+libcrux_ml_kem_vector_traits_montgomery_multiply_fe_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
-  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
+  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(v,
                                                                            fer);
 }
 
@@ -2848,14 +2848,14 @@ with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_8c(
+    libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_8c(b, zeta_r);
-  b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
-  a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
+      libcrux_ml_kem_vector_traits_montgomery_multiply_fe_96(b, zeta_r);
+  b = libcrux_ml_kem_vector_portable_sub_2c(a, &t);
+  a = libcrux_ml_kem_vector_portable_add_2c(a, &t);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -2867,7 +2867,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer, size_t _initial_coefficient_bound) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -2880,7 +2880,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_8c(
+          libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -2897,14 +2897,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
+        libcrux_ml_kem_vector_portable_ntt_layer_3_step_2c(
             re->coefficients[round],
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
     re->coefficients[round] = uu____0;
@@ -2917,14 +2917,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
+        libcrux_ml_kem_vector_portable_ntt_layer_2_step_2c(
             re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -2937,14 +2937,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer, size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
+        libcrux_ml_kem_vector_portable_ntt_layer_1_step_2c(
             re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
@@ -2959,13 +2959,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
             myself->coefficients[i0]);
     myself->coefficients[i0] = uu____0;
   }
@@ -2982,9 +2982,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_8c(self);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_96(self);
 }
 
 /**
@@ -2996,21 +2996,21 @@ with const generics
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i = (size_t)0U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)7U,
                                             (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U,
                                             (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U,
                                             (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U,
+  libcrux_ml_kem_ntt_ntt_at_layer_3_96(&zeta_i, re, (size_t)3U,
                                        (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U,
+  libcrux_ml_kem_ntt_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U,
                                        (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U,
+  libcrux_ml_kem_ntt_ntt_at_layer_1_96(&zeta_i, re, (size_t)1U,
                                        (size_t)7U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -3031,7 +3031,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(
@@ -3083,16 +3083,16 @@ libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_d1(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
       a);
@@ -3105,19 +3105,19 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_8c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_96(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_4_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_d1(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_d1(
             coefficient);
     re.coefficients[i0] = uu____0;
   }
@@ -3147,16 +3147,16 @@ libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_f4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
 A monomorphic instance of
-libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
+libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_2c with const
 generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_f4(
       a);
@@ -3169,19 +3169,19 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_96(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
     re.coefficients[i0] =
-        libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_5_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4(
+        libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_2c_f4(
             re.coefficients[i0]);
     re.coefficients[i0] = uu____1;
   }
@@ -3198,7 +3198,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
     Eurydice_slice serialized) {
-  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_8c(serialized);
+  return libcrux_ml_kem_serialize_deserialize_then_decompress_4_96(serialized);
 }
 
 /**
@@ -3208,24 +3208,24 @@ with const generics
 
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_ZERO_8c(void) {
+libcrux_ml_kem_polynomial_ZERO_96(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
-  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
-  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
+  lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_2c();
+  lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_2c();
   return lit;
 }
 
@@ -3263,16 +3263,16 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_ntt_multiply_8c(
+libcrux_ml_kem_polynomial_ntt_multiply_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d out =
-      libcrux_ml_kem_polynomial_ZERO_8c();
+      libcrux_ml_kem_polynomial_ZERO_96();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_ntt_multiply_0d(
+        libcrux_ml_kem_vector_portable_ntt_multiply_2c(
             &myself->coefficients[i0], &rhs->coefficients[i0],
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
             libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
@@ -3298,10 +3298,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
-  return libcrux_ml_kem_polynomial_ntt_multiply_8c(self, rhs);
+  return libcrux_ml_kem_polynomial_ntt_multiply_96(self, rhs);
 }
 
 /**
@@ -3326,7 +3326,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_1b(
        i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_2c(myself->coefficients[i0],
                                               &rhs->coefficients[i0]);
     myself->coefficients[i0] = uu____0;
   }
@@ -3355,14 +3355,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
+        libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_2c(
             re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
@@ -3377,14 +3377,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     re->coefficients[round] =
-        libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
+        libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_2c(
             re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -3397,14 +3397,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t _layer) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
+        libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_2c(
             re->coefficients[round],
             libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
     re->coefficients[round] = uu____0;
@@ -3419,15 +3419,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static KRML_MUSTINLINE
     libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
-    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c(
+    libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
         libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
         libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
         int16_t zeta_r) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b =
-      libcrux_ml_kem_vector_portable_sub_0d(b, &a);
-  a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-      libcrux_ml_kem_vector_portable_add_0d(a, &b));
-  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_8c(a_minus_b, zeta_r);
+      libcrux_ml_kem_vector_portable_sub_2c(b, &a);
+  a = libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+      libcrux_ml_kem_vector_portable_add_2c(a, &b));
+  b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_96(a_minus_b, zeta_r);
   return (
       CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
           .fst = a, .snd = b});
@@ -3440,7 +3440,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
     size_t layer) {
   size_t step = (size_t)1U << (uint32_t)layer;
@@ -3455,7 +3455,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(
     for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
       size_t j = i;
       libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
-          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c(
+          libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
               re->coefficients[j], re->coefficients[j + step_vec],
               libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
       libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3476,18 +3476,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_96(&zeta_i, re, (size_t)1U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_96(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(&zeta_i, re,
                                                           (size_t)4U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(&zeta_i, re,
                                                           (size_t)5U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(&zeta_i, re,
                                                           (size_t)6U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re,
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(&zeta_i, re,
                                                           (size_t)7U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -3497,7 +3497,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_subtract_reduce_8c(
+libcrux_ml_kem_polynomial_subtract_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
   for (size_t i = (size_t)0U;
@@ -3505,11 +3505,11 @@ libcrux_ml_kem_polynomial_subtract_reduce_8c(
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
                 b.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_sub_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+            libcrux_ml_kem_vector_portable_sub_2c(myself->coefficients[i0],
                                                   &coefficient_normal_form));
     b.coefficients[i0] = uu____0;
   }
@@ -3528,10 +3528,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
-  return libcrux_ml_kem_polynomial_subtract_reduce_8c(self, b);
+  return libcrux_ml_kem_polynomial_subtract_reduce_96(self, b);
 }
 
 /**
@@ -3552,16 +3552,16 @@ libcrux_ml_kem_matrix_compute_message_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(&secret_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_96(&secret_as_ntt[i0],
                                                      &u_as_ntt[i0]);
     libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&result, &product);
   }
   libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result);
-  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_8c(v, result);
+  result = libcrux_ml_kem_polynomial_subtract_reduce_ef_96(v, result);
   return result;
 }
 
@@ -3583,15 +3583,15 @@ libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_2c
 with const generics
 - SHIFT_BY= 15
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_shift_right_0d_ef(
+libcrux_ml_kem_vector_portable_shift_right_2c_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
   return libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(v);
 }
@@ -3603,14 +3603,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(
+libcrux_ml_kem_vector_traits_to_unsigned_representative_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-      libcrux_ml_kem_vector_portable_shift_right_0d_ef(a);
+      libcrux_ml_kem_vector_portable_shift_right_2c_ef(a);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
-      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
           t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
-  return libcrux_ml_kem_vector_portable_add_0d(a, &fm);
+  return libcrux_ml_kem_vector_portable_add_2c(a, &fm);
 }
 
 /**
@@ -3620,9 +3620,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
-  return libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(a);
+  return libcrux_ml_kem_vector_traits_to_unsigned_representative_96(a);
 }
 
 /**
@@ -3632,19 +3632,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_8c(
+libcrux_ml_kem_serialize_compress_then_serialize_message_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) {
   uint8_t serialized[32U] = {0U};
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_96(
             re.coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_compressed =
-            libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
+            libcrux_ml_kem_vector_portable_compress_1_2c(coefficient);
     uint8_t bytes[2U];
-    libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed,
+    libcrux_ml_kem_vector_portable_serialize_1_2c(coefficient_compressed,
                                                   bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t);
@@ -3701,7 +3701,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
       libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt,
                                                u_as_ntt);
   uint8_t ret0[32U];
-  libcrux_ml_kem_serialize_compress_then_serialize_message_8c(message, ret0);
+  libcrux_ml_kem_serialize_compress_then_serialize_message_96(message, ret0);
   memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
 }
 
@@ -3804,7 +3804,7 @@ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
 libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(void) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   uint8_t uu____1[32U] = {0U};
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
@@ -3812,15 +3812,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(void) {
       lit.t_as_ntt, uu____0,
       (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
   memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
-  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   return lit;
 }
 
@@ -3837,19 +3837,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8c(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_96(
     Eurydice_slice serialized) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U;
        i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
     size_t i0 = i;
     Eurydice_slice bytes = Eurydice_slice_subslice2(
         serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
+        libcrux_ml_kem_vector_portable_deserialize_12_2c(bytes);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(coefficient);
+        libcrux_ml_kem_vector_portable_cond_subtract_3329_2c(coefficient);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -3879,7 +3879,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
             LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_8c(
+        libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_96(
             ring_element);
     deserialized_pk[i0] = uu____0;
   }
@@ -4042,7 +4042,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
         Eurydice_slice uu____0 =
             Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
                                         r * (size_t)24U + (size_t)24U, uint8_t);
-        size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+        size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
             uu____0, Eurydice_array_to_subslice2(
                          out[i1], sampled_coefficients[i1],
                          sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -4164,7 +4164,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(
         Eurydice_slice uu____0 =
             Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
                                         r * (size_t)24U + (size_t)24U, uint8_t);
-        size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
+        size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_2c(
             uu____0, Eurydice_array_to_subslice2(
                          out[i1], sampled_coefficients[i1],
                          sampled_coefficients[i1] + (size_t)16U, int16_t));
@@ -4194,14 +4194,14 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_from_i16_array_8c(Eurydice_slice a) {
+libcrux_ml_kem_polynomial_from_i16_array_96(Eurydice_slice a) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
-      libcrux_ml_kem_polynomial_ZERO_8c();
+      libcrux_ml_kem_polynomial_ZERO_96();
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_from_i16_array_0d(
+        libcrux_ml_kem_vector_portable_from_i16_array_2c(
             Eurydice_slice_subslice2(a, i0 * (size_t)16U,
                                      (i0 + (size_t)1U) * (size_t)16U, int16_t));
     result.coefficients[i0] = uu____0;
@@ -4221,8 +4221,8 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_from_i16_array_ef_8c(Eurydice_slice a) {
-  return libcrux_ml_kem_polynomial_from_i16_array_8c(a);
+libcrux_ml_kem_polynomial_from_i16_array_ef_96(Eurydice_slice a) {
+  return libcrux_ml_kem_polynomial_from_i16_array_96(a);
 }
 
 /**
@@ -4234,7 +4234,7 @@ generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_sampling_sample_from_xof_closure_2b(int16_t s[272U]) {
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_8c(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_96(
       Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
 }
 
@@ -4407,7 +4407,7 @@ generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_3b(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -4499,7 +4499,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_8c(
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_96(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -4534,7 +4534,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_8c(
       sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_8c(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_96(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -4545,7 +4545,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_8c(
+libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_96(
     Eurydice_slice randomness) {
   int16_t sampled_i16s[256U] = {0U};
   for (size_t i0 = (size_t)0U;
@@ -4579,7 +4579,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_8c(
       sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
     }
   }
-  return libcrux_ml_kem_polynomial_from_i16_array_ef_8c(
+  return libcrux_ml_kem_polynomial_from_i16_array_ef_96(
       Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
 }
 
@@ -4592,7 +4592,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
     Eurydice_slice randomness) {
-  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_8c(
+  return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_96(
       randomness);
 }
 
@@ -4602,18 +4602,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
   for (size_t i = (size_t)0U; i < step; i++) {
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
-        libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
+        libcrux_ml_kem_vector_portable_multiply_by_constant_2c(
             re->coefficients[j + step], (int16_t)-1600);
     re->coefficients[j + step] =
-        libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_portable_sub_2c(re->coefficients[j], &t);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
-        libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t);
+        libcrux_ml_kem_vector_portable_add_2c(re->coefficients[j], &t);
     re->coefficients[j] = uu____1;
   }
 }
@@ -4625,23 +4625,23 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
-  libcrux_ml_kem_ntt_ntt_at_layer_7_8c(re);
+  libcrux_ml_kem_ntt_ntt_at_layer_7_96(re);
   size_t zeta_i = (size_t)1U;
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)6U,
                                             (size_t)11207U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U,
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)5U,
                                             (size_t)11207U + (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(
+  libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_8c(
+  libcrux_ml_kem_ntt_ntt_at_layer_3_96(
       &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_8c(
+  libcrux_ml_kem_ntt_ntt_at_layer_2_96(
       &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_8c(
+  libcrux_ml_kem_ntt_ntt_at_layer_1_96(
       &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_8c(re);
+  libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_96(re);
 }
 
 /**
@@ -4677,7 +4677,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
     re_as_ntt[i0] =
         libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
             Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
-    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]);
+    libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_96(&re_as_ntt[i0]);
   }
   return domain_separator;
 }
@@ -4696,7 +4696,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_3b(
     uint8_t prf_input[33U], uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt;
   uint8_t uu____1[33U];
@@ -4727,7 +4727,7 @@ generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3b(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -4747,7 +4747,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t prf_input[33U],
                                                   uint8_t domain_separator) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_prf_input[33U];
@@ -4816,7 +4816,7 @@ with const generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_matrix_compute_vector_u_closure_1b(size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -4825,7 +4825,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
@@ -4833,11 +4833,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_8c(
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
                 myself->coefficients[j], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+            libcrux_ml_kem_vector_portable_add_2c(coefficient_normal_form,
                                                   &error->coefficients[j]));
     myself->coefficients[j] = uu____0;
   }
@@ -4854,10 +4854,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
 with const generics
 
 */
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
-  libcrux_ml_kem_polynomial_add_error_reduce_8c(self, error);
+  libcrux_ml_kem_polynomial_add_error_reduce_96(self, error);
 }
 
 /**
@@ -4876,7 +4876,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    result[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   for (size_t i0 = (size_t)0U;
        i0 < Eurydice_slice_len(
@@ -4897,12 +4897,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b(
       size_t j = i;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(a_element, &r_as_ntt[j]);
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_96(a_element, &r_as_ntt[j]);
       libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&result[i1],
                                                           &product);
     }
     libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result[i1]);
-    libcrux_ml_kem_polynomial_add_error_reduce_ef_8c(&result[i1], &error_1[i1]);
+    libcrux_ml_kem_polynomial_add_error_reduce_ef_96(&result[i1], &error_1[i1]);
   }
   memcpy(
       ret, result,
@@ -4916,14 +4916,14 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_decompress_1_8c(
+libcrux_ml_kem_vector_traits_decompress_1_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
   libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
-      libcrux_ml_kem_vector_portable_ZERO_0d();
+      libcrux_ml_kem_vector_portable_ZERO_2c();
   libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
-      libcrux_ml_kem_vector_portable_sub_0d(z, &vec);
+      libcrux_ml_kem_vector_portable_sub_2c(z, &vec);
   libcrux_ml_kem_vector_portable_vector_type_PortableVector res =
-      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
+      libcrux_ml_kem_vector_portable_bitwise_and_with_constant_2c(
           s, (int16_t)1665);
   return res;
 }
@@ -4935,20 +4935,20 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_96(
     uint8_t serialized[32U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_compressed =
-            libcrux_ml_kem_vector_portable_deserialize_1_0d(
+            libcrux_ml_kem_vector_portable_deserialize_1_2c(
                 Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
                                             (size_t)2U * i0 + (size_t)2U,
                                             uint8_t));
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_traits_decompress_1_8c(coefficient_compressed);
+        libcrux_ml_kem_vector_traits_decompress_1_96(coefficient_compressed);
     re.coefficients[i0] = uu____0;
   }
   return re;
@@ -4961,7 +4961,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_add_message_error_reduce_8c(
+libcrux_ml_kem_polynomial_add_message_error_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
@@ -4970,15 +4970,15 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_8c(
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+            libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
                 result.coefficients[i0], (int16_t)1441);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
-        libcrux_ml_kem_vector_portable_add_0d(myself->coefficients[i0],
+        libcrux_ml_kem_vector_portable_add_2c(myself->coefficients[i0],
                                               &message->coefficients[i0]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
-        libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
+        libcrux_ml_kem_vector_portable_add_2c(coefficient_normal_form, &tmp);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(tmp0);
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(tmp0);
     result.coefficients[i0] = uu____0;
   }
   return result;
@@ -4996,11 +4996,11 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
-  return libcrux_ml_kem_polynomial_add_message_error_reduce_8c(self, message,
+  return libcrux_ml_kem_polynomial_add_message_error_reduce_96(self, message,
                                                                result);
 }
 
@@ -5020,16 +5020,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
-      libcrux_ml_kem_polynomial_ZERO_ef_8c();
+      libcrux_ml_kem_polynomial_ZERO_ef_96();
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-        libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(&t_as_ntt[i0],
+        libcrux_ml_kem_polynomial_ntt_multiply_ef_96(&t_as_ntt[i0],
                                                      &r_as_ntt[i0]);
     libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&result, &product);
   }
   libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result);
-  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_8c(
+  result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_96(
       error_2, message, result);
   return result;
 }
@@ -5055,15 +5055,15 @@ libcrux_ml_kem_vector_portable_compress_compress_ef(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 10
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_ef(
+libcrux_ml_kem_vector_portable_compress_2c_ef(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_compress_ef(a);
 }
@@ -5082,11 +5082,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_ff(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_ef(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
+        libcrux_ml_kem_vector_portable_compress_2c_ef(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_96(
                 re->coefficients[i0]));
     uint8_t bytes[20U];
-    libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_10_2c(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t);
     Eurydice_slice_copy(
@@ -5116,15 +5116,15 @@ libcrux_ml_kem_vector_portable_compress_compress_c4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 11
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_c4(
+libcrux_ml_kem_vector_portable_compress_2c_c4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_compress_c4(a);
 }
@@ -5143,11 +5143,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_ff(
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_c4(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(
+        libcrux_ml_kem_vector_portable_compress_2c_c4(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_96(
                 re->coefficients[i0]));
     uint8_t bytes[22U];
-    libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_11_2c(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t);
     Eurydice_slice_copy(
@@ -5227,15 +5227,15 @@ libcrux_ml_kem_vector_portable_compress_compress_d1(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 4
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_d1(
+libcrux_ml_kem_vector_portable_compress_2c_d1(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_compress_d1(a);
 }
@@ -5247,18 +5247,18 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_8c(
+libcrux_ml_kem_serialize_compress_then_serialize_4_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_vector_portable_compress_0d_d1(
-            libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
+        libcrux_ml_kem_vector_portable_compress_2c_d1(
+            libcrux_ml_kem_serialize_to_unsigned_field_modulus_96(
                 re.coefficients[i0]));
     uint8_t bytes[8U];
-    libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_4_2c(coefficient, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)8U * i0,
                                  (size_t)8U * i0 + (size_t)8U, uint8_t),
@@ -5287,15 +5287,15 @@ libcrux_ml_kem_vector_portable_compress_compress_f4(
 
 /**
 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
-libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)#1}
 */
 /**
-A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
+A monomorphic instance of libcrux_ml_kem.vector.portable.compress_2c
 with const generics
 - COEFFICIENT_BITS= 5
 */
 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_f4(
+libcrux_ml_kem_vector_portable_compress_2c_f4(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
   return libcrux_ml_kem_vector_portable_compress_compress_f4(a);
 }
@@ -5307,18 +5307,18 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_8c(
+libcrux_ml_kem_serialize_compress_then_serialize_5_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
     Eurydice_slice serialized) {
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
-        libcrux_ml_kem_vector_portable_compress_0d_f4(
-            libcrux_ml_kem_vector_traits_to_unsigned_representative_8c(
+        libcrux_ml_kem_vector_portable_compress_2c_f4(
+            libcrux_ml_kem_vector_traits_to_unsigned_representative_96(
                 re.coefficients[i0]));
     uint8_t bytes[10U];
-    libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
+    libcrux_ml_kem_vector_portable_serialize_5_2c(coefficients, bytes);
     Eurydice_slice_copy(
         Eurydice_slice_subslice2(serialized, (size_t)10U * i0,
                                  (size_t)10U * i0 + (size_t)10U, uint8_t),
@@ -5337,7 +5337,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 static KRML_MUSTINLINE void
 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
-  libcrux_ml_kem_serialize_compress_then_serialize_4_8c(re, out);
+  libcrux_ml_kem_serialize_compress_then_serialize_4_96(re, out);
 }
 
 /**
@@ -5438,7 +5438,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
   uint8_t copy_of_message[32U];
   memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
-      libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c(
+      libcrux_ml_kem_serialize_deserialize_then_decompress_message_96(
           copy_of_message);
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
       libcrux_ml_kem_matrix_compute_ring_element_v_1b(
@@ -5815,9 +5815,9 @@ with const generics
 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
 libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b(void) {
   libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit;
-  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
-  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
+  lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   return lit;
 }
 
@@ -5854,9 +5854,9 @@ with const generics
 
 */
 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_standard_domain_8c(
+libcrux_ml_kem_vector_traits_to_standard_domain_96(
     libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
-  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
+  return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_2c(
       v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
 }
 
@@ -5867,7 +5867,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_8c(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
   for (size_t i = (size_t)0U;
@@ -5875,11 +5875,11 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_8c(
     size_t j = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector
         coefficient_normal_form =
-            libcrux_ml_kem_vector_traits_to_standard_domain_8c(
+            libcrux_ml_kem_vector_traits_to_standard_domain_96(
                 myself->coefficients[j]);
     libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
-        libcrux_ml_kem_vector_portable_barrett_reduce_0d(
-            libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
+        libcrux_ml_kem_vector_portable_barrett_reduce_2c(
+            libcrux_ml_kem_vector_portable_add_2c(coefficient_normal_form,
                                                   &error->coefficients[j]));
     myself->coefficients[j] = uu____0;
   }
@@ -5897,10 +5897,10 @@ with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
-  libcrux_ml_kem_polynomial_add_standard_error_reduce_8c(self, error);
+  libcrux_ml_kem_polynomial_add_standard_error_reduce_96(self, error);
 }
 
 /**
@@ -5927,7 +5927,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
     size_t i0 = i;
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-        libcrux_ml_kem_polynomial_ZERO_ef_8c();
+        libcrux_ml_kem_polynomial_ZERO_ef_96();
     t_as_ntt[i0] = uu____0;
     for (size_t i1 = (size_t)0U;
          i1 < Eurydice_slice_len(
@@ -5940,12 +5940,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
           &row[j];
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
-          libcrux_ml_kem_polynomial_ntt_multiply_ef_8c(matrix_element,
+          libcrux_ml_kem_polynomial_ntt_multiply_ef_96(matrix_element,
                                                        &s_as_ntt[j]);
       libcrux_ml_kem_polynomial_add_to_ring_element_ef_1b(&t_as_ntt[i0],
                                                           &product);
     }
-    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_8c(
+    libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_96(
         &t_as_ntt[i0], &error_as_ntt[i0]);
   }
 }
@@ -6054,17 +6054,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 
 */
 static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) {
   uint8_t serialized[384U] = {0U};
   for (size_t i = (size_t)0U;
        i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
     size_t i0 = i;
     libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
-        libcrux_ml_kem_serialize_to_unsigned_field_modulus_8c(
+        libcrux_ml_kem_serialize_to_unsigned_field_modulus_96(
             re->coefficients[i0]);
     uint8_t bytes[24U];
-    libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
+    libcrux_ml_kem_vector_portable_serialize_12_2c(coefficient, bytes);
     Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
         serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t);
     Eurydice_slice_copy(
@@ -6101,7 +6101,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_89(
         (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
         uint8_t);
     uint8_t ret0[384U];
-    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(&re, ret0);
+    libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_96(&re, ret0);
     Eurydice_slice_copy(
         uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
   }
@@ -6927,9 +6927,17 @@ with const generics
 */
 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
     libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
-  KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-                    "Eurydice error: Invalid_argument(\"List.combine\")\n");
-  KRML_HOST_EXIT(255U);
+  uint8_t t[32U];
+  libcrux_ml_kem_hash_functions_portable_H_f1_e0(
+      Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
+                                  (size_t)768U * (size_t)3U + (size_t)32U,
+                                  uint8_t),
+      t);
+  Eurydice_slice expected = Eurydice_array_to_subslice2(
+      private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
+      (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
+  return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
+      (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
 }
 
 /**
@@ -7021,7 +7029,7 @@ generics
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1b(
     size_t _i) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -7042,7 +7050,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
   libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
       public_key, deserialized_pk);
@@ -7403,7 +7411,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
 libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_closure_1b(size_t _j) {
-  return libcrux_ml_kem_polynomial_ZERO_ef_8c();
+  return libcrux_ml_kem_polynomial_ZERO_ef_96();
 }
 
 /**
@@ -7415,7 +7423,7 @@ with const generics
 static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_1b(
     size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
   for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
-    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_8c();
+    ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_96();
   }
 }
 
@@ -7431,7 +7439,7 @@ with const generics
 
 */
 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
-libcrux_ml_kem_polynomial_clone_8d_8c(
+libcrux_ml_kem_polynomial_clone_8d_96(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
   libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
   libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U];
@@ -7466,7 +7474,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(
     for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) {
       size_t j = i1;
       libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
-          libcrux_ml_kem_polynomial_clone_8d_8c(&ind_cpa_a[j][i0]);
+          libcrux_ml_kem_polynomial_clone_8d_96(&ind_cpa_a[j][i0]);
       A[i0][j] = uu____0;
     }
   }
@@ -8179,6 +8187,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b(
   return self[0U];
 }
 
+/**
+This function found in impl {(libcrux_ml_kem::vector::traits::Repr for
+libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
+*/
+static inline void libcrux_ml_kem_vector_portable_repr_94(
+    libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
+    int16_t ret[16U]) {
+  libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret);
+}
+
 typedef int16_t libcrux_ml_kem_vector_portable_vector_type_FieldElement;
 
 typedef int16_t
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index cf602b418..c8984d272 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 6fd829a20..49806daba 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -4,11 +4,11 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: e6a9a3d65857f37917f378fd98db7b7b4d0a060f
- * Eurydice: 907fef61b716e094dcd6b41a9a41f0850ac7fd73
- * Karamel: 21c28f3b016868a7cdd715382338bdcd9685a3b4
- * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 887cc3c3760e64d740774adb301e4bae530126d1
+ * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
+ * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
+ * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
+ * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
+ * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
  */
 
 #ifndef __libcrux_sha3_portable_H
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index 89b1b01a4..730fe0e6c 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -254,7 +254,6 @@ fn deserialize_12(bytes: &[u8]) -> SIMD256Vector {
     }
 }
 
-#[cfg(hax)]
 impl crate::vector::traits::Repr for SIMD256Vector {
     fn repr(x: Self) -> [i16; 16] {
         vec_to_i16_array(x)
diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs
index c961c654d..bd582f6bb 100644
--- a/libcrux-ml-kem/src/vector/neon.rs
+++ b/libcrux-ml-kem/src/vector/neon.rs
@@ -16,7 +16,6 @@ use serialize::*;
 pub(crate) use vector_type::SIMD128Vector;
 use vector_type::*;
 
-#[cfg(hax)]
 impl crate::vector::traits::Repr for SIMD128Vector {
     fn repr(x: Self) -> [i16; 16] {
         to_i16_array(x)
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index d5432c02e..58ccdf1e0 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -14,7 +14,6 @@ use vector_type::*;
 
 pub(crate) use vector_type::PortableVector;
 
-#[cfg(hax)]
 impl crate::vector::traits::Repr for PortableVector {
     fn repr(x: Self) -> [i16; 16] {
         to_i16_array(x)
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 9898c741c..2263b02d3 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -7,14 +7,13 @@ pub const BARRETT_R: i32 = 1 << BARRETT_SHIFT;
 
 // We define a trait that allows us to talk about the contents of a vector.
 // This is used extensively in pre- and post-conditions to reason about the code.
-#[cfg(hax)]
 #[hax_lib::attributes]
 pub trait Repr: Copy + Clone {
     #[requires(true)]
     fn repr(x: Self) -> [i16; 16];
 }
 
-#[cfg(hax)]
+#[cfg(not(eurydice))]
 #[hax_lib::attributes]
 pub trait Operations: Copy + Clone + Repr {
     #[allow(non_snake_case)]
@@ -179,7 +178,9 @@ pub trait Operations: Copy + Clone + Repr {
     fn rej_sample(a: &[u8], out: &mut [i16]) -> usize;
 }
 
-#[cfg(not(hax))]
+// The trait is duplicated for Eurudice to avoid the trait inheritance between Operations and Repr
+// This is needed because of this issue: https://github.com/AeneasVerif/eurydice/issues/111
+#[cfg(eurydice)]
 pub trait Operations: Copy + Clone {
     #[allow(non_snake_case)]
     fn ZERO() -> Self;

From 229548656e4eaa1324c514638f9f8d135499a5c1 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Tue, 17 Dec 2024 14:22:52 +0100
Subject: [PATCH 122/142] Use trait for Sampler instead of enum

---
 libcrux-ml-dsa/src/ml_dsa_generic.rs          |  40 ++---
 .../src/ml_dsa_generic/instantiations.rs      |  31 ++--
 .../src/ml_dsa_generic/instantiations/avx2.rs |  57 ++-----
 libcrux-ml-dsa/src/samplex4.rs                | 153 +++++++++++-------
 4 files changed, 138 insertions(+), 143 deletions(-)

diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
index 1c1cb164a..a5bde6d4a 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -28,6 +28,7 @@ pub(crate) mod multiplexing;
 #[inline(always)]
 pub(crate) fn generate_key_pair<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -40,7 +41,6 @@ pub(crate) fn generate_key_pair<
     const VERIFICATION_KEY_SIZE: usize,
 >(
     randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE],
-    sampler: X4Sampler,
 ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
     // 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE
     let mut seed_expanded = [0; 128];
@@ -55,10 +55,8 @@ pub(crate) fn generate_key_pair<
     let (seed_for_error_vectors, seed_for_signing) =
         seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE);
 
-    let a_as_ntt = samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        into_padded_array(seed_for_a),
-        sampler,
-    );
+    let a_as_ntt =
+        Sampler::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(seed_for_a));
 
     let (s1, s2) = samplex4::sample_s1_and_s2::<SIMDUnit, Shake256X4, ETA, COLUMNS_IN_A, ROWS_IN_A>(
         into_padded_array(seed_for_error_vectors),
@@ -98,6 +96,7 @@ pub(crate) fn generate_key_pair<
 #[inline(always)]
 pub(crate) fn sign_pre_hashed<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128: shake128::Xof,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
@@ -124,7 +123,6 @@ pub(crate) fn sign_pre_hashed<
     message: &[u8],
     context: &[u8],
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
-    sampler: X4Sampler,
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     if context.len() > CONTEXT_MAX_LEN {
         return Err(SigningError::ContextTooLongError);
@@ -136,6 +134,7 @@ pub(crate) fn sign_pre_hashed<
     };
     sign_internal::<
         SIMDUnit,
+        Sampler,
         Shake128X4,
         Shake256,
         Shake256Xof,
@@ -159,7 +158,6 @@ pub(crate) fn sign_pre_hashed<
         &pre_hashed_message,
         Some(domain_separation_context),
         randomness,
-        sampler,
     )
 }
 
@@ -167,6 +165,7 @@ pub(crate) fn sign_pre_hashed<
 #[inline(always)]
 pub(crate) fn sign<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -190,7 +189,6 @@ pub(crate) fn sign<
     message: &[u8],
     context: &[u8],
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
-    sampler: X4Sampler,
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     let domain_separation_context = match DomainSeparationContext::new(context, None) {
         Ok(dsc) => dsc,
@@ -198,6 +196,7 @@ pub(crate) fn sign<
     };
     sign_internal::<
         SIMDUnit,
+        Sampler,
         Shake128X4,
         Shake256,
         Shake256Xof,
@@ -221,7 +220,6 @@ pub(crate) fn sign<
         message,
         Some(domain_separation_context),
         randomness,
-        sampler,
     )
 }
 
@@ -233,6 +231,7 @@ pub(crate) fn sign<
 #[inline(always)]
 pub(crate) fn sign_internal<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -256,7 +255,6 @@ pub(crate) fn sign_internal<
     message: &[u8],
     domain_separation_context: Option<DomainSeparationContext>,
     randomness: [u8; SIGNING_RANDOMNESS_SIZE],
-    sampler: X4Sampler,
 ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
     let (seed_for_A, seed_for_signing, verification_key_hash, s1_as_ntt, s2_as_ntt, t0_as_ntt) =
         encoding::signing_key::deserialize_then_ntt::<
@@ -268,10 +266,8 @@ pub(crate) fn sign_internal<
             SIGNING_KEY_SIZE,
         >(signing_key);
 
-    let A_as_ntt = samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        into_padded_array(&seed_for_A),
-        sampler,
-    );
+    let A_as_ntt =
+        Sampler::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
 
     let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE];
     derive_message_representative::<Shake256Xof>(
@@ -478,6 +474,7 @@ fn derive_message_representative<Shake256Xof: shake256::Xof>(
 #[inline(always)]
 pub(crate) fn verify_internal<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -499,7 +496,6 @@ pub(crate) fn verify_internal<
     message: &[u8],
     domain_separation_context: Option<DomainSeparationContext>,
     signature_serialized: &[u8; SIGNATURE_SIZE],
-    sampler: X4Sampler,
 ) -> Result<(), VerificationError> {
     let (seed_for_A, t1) =
         encoding::verification_key::deserialize::<SIMDUnit, ROWS_IN_A, VERIFICATION_KEY_SIZE>(
@@ -525,10 +521,8 @@ pub(crate) fn verify_internal<
     ) {
         return Err(VerificationError::SignerResponseExceedsBoundError);
     }
-    let A_as_ntt = samplex4::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(
-        into_padded_array(&seed_for_A),
-        sampler,
-    );
+    let A_as_ntt =
+        Sampler::matrix_A::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(into_padded_array(&seed_for_A));
 
     let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH];
     Shake256::shake256::<BYTES_FOR_VERIFICATION_KEY_HASH>(
@@ -585,6 +579,7 @@ pub(crate) fn verify_internal<
 #[inline(always)]
 pub(crate) fn verify<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
     Shake256Xof: shake256::Xof,
@@ -606,7 +601,6 @@ pub(crate) fn verify<
     message: &[u8],
     context: &[u8],
     signature_serialized: &[u8; SIGNATURE_SIZE],
-    sampler: X4Sampler,
 ) -> Result<(), VerificationError> {
     // We manually do the matching here to make Eurydice happy.
     let domain_separation_context = match DomainSeparationContext::new(context, None) {
@@ -615,6 +609,7 @@ pub(crate) fn verify<
     };
     verify_internal::<
         SIMDUnit,
+        Sampler,
         Shake128X4,
         Shake256,
         Shake256Xof,
@@ -636,7 +631,6 @@ pub(crate) fn verify<
         message,
         Some(domain_separation_context),
         &signature_serialized,
-        sampler,
     )
 }
 
@@ -644,6 +638,7 @@ pub(crate) fn verify<
 #[inline(always)]
 pub(crate) fn verify_pre_hashed<
     SIMDUnit: Operations,
+    Sampler: X4Sampler,
     Shake128: shake128::Xof,
     Shake128X4: shake128::XofX4,
     Shake256: shake256::DsaXof,
@@ -668,7 +663,6 @@ pub(crate) fn verify_pre_hashed<
     message: &[u8],
     context: &[u8],
     signature_serialized: &[u8; SIGNATURE_SIZE],
-    sampler: X4Sampler,
 ) -> Result<(), VerificationError> {
     let pre_hashed_message = PH::hash::<Shake128>(message);
     let domain_separation_context = match DomainSeparationContext::new(context, Some(PH::oid())) {
@@ -678,6 +672,7 @@ pub(crate) fn verify_pre_hashed<
 
     verify_internal::<
         SIMDUnit,
+        Sampler,
         Shake128X4,
         Shake256,
         Shake256Xof,
@@ -699,6 +694,5 @@ pub(crate) fn verify_pre_hashed<
         &pre_hashed_message,
         Some(domain_separation_context),
         &signature_serialized,
-        sampler,
     )
 }
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
index f2714e110..a3f240793 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs
@@ -21,6 +21,7 @@ macro_rules! instantiate {
             ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
                 crate::ml_dsa_generic::generate_key_pair::<
                     $simdunit,
+                    $sampler,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -31,7 +32,7 @@ macro_rules! instantiate {
                     ERROR_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     VERIFICATION_KEY_SIZE,
-                >(randomness, $sampler)
+                >(randomness)
             }
 
             /// Sign.
@@ -58,6 +59,7 @@ macro_rules! instantiate {
             ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
                 crate::ml_dsa_generic::sign::<
                     $simdunit,
+                    $sampler,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -76,7 +78,7 @@ macro_rules! instantiate {
                     GAMMA1_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     SIGNATURE_SIZE,
-                >(&signing_key, message, context, randomness, $sampler)
+                >(&signing_key, message, context, randomness)
             }
 
             /// Sign (internal API)
@@ -103,6 +105,7 @@ macro_rules! instantiate {
             ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
                 crate::ml_dsa_generic::sign_internal::<
                     $simdunit,
+                    $sampler,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -121,13 +124,7 @@ macro_rules! instantiate {
                     GAMMA1_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     SIGNATURE_SIZE,
-                >(
-                    &signing_key,
-                    message,
-                    None,
-                    randomness,
-                    crate::samplex4::X4Sampler::AVX2,
-                )
+                >(&signing_key, message, None, randomness)
             }
 
             /// Sign (pre-hashed).
@@ -154,6 +151,7 @@ macro_rules! instantiate {
             ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
                 crate::ml_dsa_generic::sign_pre_hashed::<
                     $simdunit,
+                    $sampler,
                     $shake128,
                     $shake128x4,
                     $shake256,
@@ -175,7 +173,7 @@ macro_rules! instantiate {
                     GAMMA1_RING_ELEMENT_SIZE,
                     SIGNING_KEY_SIZE,
                     SIGNATURE_SIZE,
-                >(&signing_key, message, context, randomness, $sampler)
+                >(&signing_key, message, context, randomness)
             }
 
             /// Verify.
@@ -201,6 +199,7 @@ macro_rules! instantiate {
             ) -> Result<(), VerificationError> {
                 crate::ml_dsa_generic::verify::<
                     $simdunit,
+                    $sampler,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -217,7 +216,7 @@ macro_rules! instantiate {
                     COMMITMENT_HASH_SIZE,
                     ONES_IN_VERIFIER_CHALLENGE,
                     MAX_ONES_IN_HINT,
-                >(verification_key, message, context, signature, $sampler)
+                >(verification_key, message, context, signature)
             }
 
             /// Verify (internal API).
@@ -243,6 +242,7 @@ macro_rules! instantiate {
             ) -> Result<(), VerificationError> {
                 crate::ml_dsa_generic::verify_internal::<
                     $simdunit,
+                    $sampler,
                     $shake128x4,
                     $shake256,
                     $shake256xof,
@@ -259,7 +259,7 @@ macro_rules! instantiate {
                     COMMITMENT_HASH_SIZE,
                     ONES_IN_VERIFIER_CHALLENGE,
                     MAX_ONES_IN_HINT,
-                >(verification_key, message, None, signature, $sampler)
+                >(verification_key, message, None, signature)
             }
 
             /// Verify (pre-hashed with SHAKE-128).
@@ -285,6 +285,7 @@ macro_rules! instantiate {
             ) -> Result<(), VerificationError> {
                 crate::ml_dsa_generic::verify_pre_hashed::<
                     $simdunit,
+                    $sampler,
                     $shake128,
                     $shake128x4,
                     $shake256,
@@ -304,7 +305,7 @@ macro_rules! instantiate {
                     COMMITMENT_HASH_SIZE,
                     ONES_IN_VERIFIER_CHALLENGE,
                     MAX_ONES_IN_HINT,
-                >(verification_key, message, context, signature, $sampler)
+                >(verification_key, message, context, signature)
             }
         }
     };
@@ -318,7 +319,7 @@ instantiate! {portable,
     crate::hash_functions::portable::Shake256,
     crate::hash_functions::portable::Shake256Xof,
     crate::hash_functions::portable::Shake256X4,
-    crate::samplex4::X4Sampler::Portable
+    crate::samplex4::portable::PortableSampler
 }
 
 // AVX2 generic implementation.
@@ -334,5 +335,5 @@ instantiate! {neon,
     crate::hash_functions::portable::Shake256,
     crate::hash_functions::portable::Shake256Xof,
     crate::hash_functions::neon::Shake256x4,
-    crate::samplex4::X4Sampler::Neon
+    crate::samplex4::neon::NeonSampler
 }
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
index 0e756ac25..b582d0a54 100644
--- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
+++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs
@@ -23,6 +23,7 @@ mod avx2_feature {
     ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
         crate::ml_dsa_generic::generate_key_pair::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
@@ -33,7 +34,7 @@ mod avx2_feature {
             ERROR_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             VERIFICATION_KEY_SIZE,
-        >(randomness, crate::samplex4::X4Sampler::AVX2)
+        >(randomness)
     }
 
     /// Sign.
@@ -62,6 +63,7 @@ mod avx2_feature {
     ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
         crate::ml_dsa_generic::sign::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
@@ -80,13 +82,7 @@ mod avx2_feature {
             GAMMA1_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             SIGNATURE_SIZE,
-        >(
-            &signing_key,
-            message,
-            context,
-            randomness,
-            crate::samplex4::X4Sampler::AVX2,
-        )
+        >(&signing_key, message, context, randomness)
     }
 
     /// Sign (internal API)
@@ -115,6 +111,7 @@ mod avx2_feature {
     ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
         crate::ml_dsa_generic::sign_internal::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
@@ -133,13 +130,7 @@ mod avx2_feature {
             GAMMA1_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             SIGNATURE_SIZE,
-        >(
-            &signing_key,
-            message,
-            None,
-            randomness,
-            crate::samplex4::X4Sampler::AVX2,
-        )
+        >(&signing_key, message, None, randomness)
     }
 
     /// Sign (pre-hashed).
@@ -168,6 +159,7 @@ mod avx2_feature {
     ) -> Result<MLDSASignature<SIGNATURE_SIZE>, SigningError> {
         crate::ml_dsa_generic::sign_pre_hashed::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::portable::Shake128, // XXX: Use simd256
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
@@ -189,13 +181,7 @@ mod avx2_feature {
             GAMMA1_RING_ELEMENT_SIZE,
             SIGNING_KEY_SIZE,
             SIGNATURE_SIZE,
-        >(
-            &signing_key,
-            message,
-            context,
-            randomness,
-            crate::samplex4::X4Sampler::AVX2,
-        )
+        >(&signing_key, message, context, randomness)
     }
 
     /// Verify.
@@ -223,6 +209,7 @@ mod avx2_feature {
     ) -> Result<(), VerificationError> {
         crate::ml_dsa_generic::verify::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
@@ -239,13 +226,7 @@ mod avx2_feature {
             COMMITMENT_HASH_SIZE,
             ONES_IN_VERIFIER_CHALLENGE,
             MAX_ONES_IN_HINT,
-        >(
-            verification_key,
-            message,
-            context,
-            signature,
-            crate::samplex4::X4Sampler::AVX2,
-        )
+        >(verification_key, message, context, signature)
     }
 
     /// Verify (internal API).
@@ -273,6 +254,7 @@ mod avx2_feature {
     ) -> Result<(), VerificationError> {
         crate::ml_dsa_generic::verify_internal::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
             crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256
@@ -289,13 +271,7 @@ mod avx2_feature {
             COMMITMENT_HASH_SIZE,
             ONES_IN_VERIFIER_CHALLENGE,
             MAX_ONES_IN_HINT,
-        >(
-            verification_key,
-            message,
-            None,
-            signature,
-            crate::samplex4::X4Sampler::AVX2,
-        )
+        >(verification_key, message, None, signature)
     }
 
     /// Verify (pre-hashed with SHAKE-128).
@@ -323,6 +299,7 @@ mod avx2_feature {
     ) -> Result<(), VerificationError> {
         crate::ml_dsa_generic::verify_pre_hashed::<
             crate::simd::avx2::AVX2SIMDUnit,
+            crate::samplex4::avx2::AVX2Sampler,
             crate::hash_functions::portable::Shake128, // XXX: Use simd256
             crate::hash_functions::simd256::Shake128x4,
             crate::hash_functions::simd256::Shake256,
@@ -342,13 +319,7 @@ mod avx2_feature {
             COMMITMENT_HASH_SIZE,
             ONES_IN_VERIFIER_CHALLENGE,
             MAX_ONES_IN_HINT,
-        >(
-            verification_key,
-            message,
-            context,
-            signature,
-            crate::samplex4::X4Sampler::AVX2,
-        )
+        >(verification_key, message, context, signature)
     }
 }
 
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 1818cf758..760041885 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -6,11 +6,12 @@ use crate::{
 };
 
 /// The x4 sampling implementation that is selected during multiplexing.
-#[allow(unused)]
-pub(crate) enum X4Sampler {
-    AVX2,
-    Neon,
-    Portable,
+pub(crate) trait X4Sampler {
+    /// Sample the matrix A using platform specific implementation.
+    #[allow(non_snake_case)]
+    fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+        seed: [u8; 34],
+    ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
 }
 
 #[inline(always)]
@@ -152,66 +153,94 @@ pub(crate) fn matrix_A_8_by_7<
     A
 }
 
-#[inline(always)]
-#[allow(unsafe_code)]
-#[allow(non_snake_case)]
-pub(crate) fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
-    seed: [u8; 34],
-    sampler: X4Sampler,
-) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
-    match sampler {
-        #[cfg(feature = "simd256")]
-        X4Sampler::AVX2 => unsafe { matrix_A_avx2::<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>(seed) },
-        #[cfg(feature = "simd128")]
-        X4Sampler::Neon => matrix_A_generic::<
-            SIMDUnit,
-            crate::hash_functions::neon::Shake128x4,
-            ROWS_IN_A,
-            COLUMNS_IN_A,
-        >(seed),
-        X4Sampler::Portable => matrix_A_generic::<
-            SIMDUnit,
-            crate::hash_functions::portable::Shake128X4,
-            ROWS_IN_A,
-            COLUMNS_IN_A,
-        >(seed),
-        _ => unreachable!(),
+pub(crate) mod portable {
+    use super::*;
+
+    pub(crate) struct PortableSampler {}
+    impl X4Sampler for PortableSampler {
+        #[inline(always)]
+        fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+            seed: [u8; 34],
+        ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
+            matrix_A_generic::<
+                SIMDUnit,
+                crate::hash_functions::portable::Shake128X4,
+                ROWS_IN_A,
+                COLUMNS_IN_A,
+            >(seed)
+        }
     }
 }
 
-#[cfg_attr(not(hax), target_feature(enable = "avx2"))]
-#[allow(unsafe_code)]
-#[allow(non_snake_case)]
-pub(crate) unsafe fn matrix_A_avx2<
-    SIMDUnit: Operations,
-    const ROWS_IN_A: usize,
-    const COLUMNS_IN_A: usize,
->(
-    seed: [u8; 34],
-) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
-    match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) {
-        #[cfg(feature = "mldsa44")]
-        (4, 4) => matrix_A_4_by_4::<
-            SIMDUnit,
-            crate::hash_functions::simd256::Shake128x4,
-            ROWS_IN_A,
-            COLUMNS_IN_A,
-        >(seed),
-        #[cfg(feature = "mldsa65")]
-        (6, 5) => matrix_A_6_by_5::<
-            SIMDUnit,
-            crate::hash_functions::simd256::Shake128x4,
-            ROWS_IN_A,
-            COLUMNS_IN_A,
-        >(seed),
-        #[cfg(feature = "mldsa87")]
-        (8, 7) => matrix_A_8_by_7::<
-            SIMDUnit,
-            crate::hash_functions::simd256::Shake128x4,
-            ROWS_IN_A,
-            COLUMNS_IN_A,
-        >(seed),
-        _ => unreachable!(),
+#[cfg(feature = "simd128")]
+pub(crate) mod neon {
+    use super::*;
+
+    pub(crate) struct NeonSampler {}
+    impl X4Sampler for NeonSampler {
+        #[inline(always)]
+        fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+            seed: [u8; 34],
+        ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
+            matrix_A_generic::<
+                SIMDUnit,
+                crate::hash_functions::neon::Shake128X4,
+                ROWS_IN_A,
+                COLUMNS_IN_A,
+            >(seed)
+        }
+    }
+}
+
+#[cfg(feature = "simd256")]
+pub(crate) mod avx2 {
+    use super::*;
+
+    pub(crate) struct AVX2Sampler {}
+    impl X4Sampler for AVX2Sampler {
+        #[inline(always)]
+        #[allow(unsafe_code)]
+        fn matrix_A<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+            seed: [u8; 34],
+        ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
+            unsafe { matrix_A_avx2(seed) }
+        }
+    }
+
+    #[cfg_attr(not(hax), target_feature(enable = "avx2"))]
+    #[allow(unsafe_code)]
+    #[allow(non_snake_case)]
+    pub(crate) unsafe fn matrix_A_avx2<
+        SIMDUnit: Operations,
+        const ROWS_IN_A: usize,
+        const COLUMNS_IN_A: usize,
+    >(
+        seed: [u8; 34],
+    ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
+        match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) {
+            #[cfg(feature = "mldsa44")]
+            (4, 4) => matrix_A_4_by_4::<
+                SIMDUnit,
+                crate::hash_functions::simd256::Shake128x4,
+                ROWS_IN_A,
+                COLUMNS_IN_A,
+            >(seed),
+            #[cfg(feature = "mldsa65")]
+            (6, 5) => matrix_A_6_by_5::<
+                SIMDUnit,
+                crate::hash_functions::simd256::Shake128x4,
+                ROWS_IN_A,
+                COLUMNS_IN_A,
+            >(seed),
+            #[cfg(feature = "mldsa87")]
+            (8, 7) => matrix_A_8_by_7::<
+                SIMDUnit,
+                crate::hash_functions::simd256::Shake128x4,
+                ROWS_IN_A,
+                COLUMNS_IN_A,
+            >(seed),
+            _ => unreachable!(),
+        }
     }
 }
 

From 7329f77864abb16a99160326232cd2188a7ea379 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Tue, 17 Dec 2024 14:26:05 +0100
Subject: [PATCH 123/142] C Extraction Update

---
 libcrux-ml-dsa/cg.yaml                       |    4 +-
 libcrux-ml-dsa/cg/code_gen.txt               |    2 +-
 libcrux-ml-dsa/cg/header.txt                 |    2 +-
 libcrux-ml-dsa/cg/libcrux_core.h             |   24 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 2851 +++++++++++------
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 2894 ++++++++++++------
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |    2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |    2 +-
 8 files changed, 4021 insertions(+), 1760 deletions(-)

diff --git a/libcrux-ml-dsa/cg.yaml b/libcrux-ml-dsa/cg.yaml
index 8989a1168..5ea47625a 100644
--- a/libcrux-ml-dsa/cg.yaml
+++ b/libcrux-ml-dsa/cg.yaml
@@ -53,7 +53,8 @@ files:
     include_in_h:
       - '"intrinsics/libcrux_intrinsics_avx2.h"'
     api:
-      patterns:  
+      patterns:
+        - [libcrux_ml_dsa, samplex4, avx2, "*"]
         - [libcrux_ml_dsa, simd, avx2, "*"]
         - [libcrux_ml_dsa, hash_functions, simd256, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, avx2, "*"]
@@ -76,6 +77,7 @@ files:
     api:
       patterns:
         - [libcrux_ml_dsa, "*"]
+        - [libcrux_ml_dsa, samplex4, portable, "*"]
         - [libcrux_ml_dsa, simd, "*"]
         - [libcrux_ml_dsa, hash_functions, portable, "*"]
         - [libcrux_ml_dsa, ml_dsa_65, portable, "*"]
diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index ff59781b4..2534e4163 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 17dad08f7..3d06fc7fc 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590
+ * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
  */
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index ed839622f..fcb82cc0a 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
+ * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
  */
 
 #ifndef __libcrux_core_H
@@ -42,7 +42,7 @@ typedef uint8_t Result_a9_tags;
 #define None 0
 #define Some 1
 
-typedef uint8_t Option_d8_tags;
+typedef uint8_t Option_08_tags;
 
 /**
 A monomorphic instance of core.option.Option
@@ -50,7 +50,7 @@ with types size_t
 
 */
 typedef struct Option_08_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   size_t f0;
 } Option_08;
 
@@ -139,11 +139,11 @@ typedef struct libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature_s {
 This function found in impl {libcrux_ml_dsa::types::MLDSASignature<SIZE>#4}
 */
 /**
-A monomorphic instance of libcrux_ml_dsa.types.as_raw_8f
+A monomorphic instance of libcrux_ml_dsa.types.as_ref_8f
 with const generics
 - SIZE= 3309
 */
-static inline uint8_t *libcrux_ml_dsa_types_as_raw_8f_fa(
+static inline uint8_t *libcrux_ml_dsa_types_as_ref_8f_fa(
     libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *self) {
   return self->value;
 }
@@ -216,11 +216,11 @@ This function found in impl
 {libcrux_ml_dsa::types::MLDSAVerificationKey<SIZE>#2}
 */
 /**
-A monomorphic instance of libcrux_ml_dsa.types.as_raw_66
+A monomorphic instance of libcrux_ml_dsa.types.as_ref_66
 with const generics
 - SIZE= 1952
 */
-static inline uint8_t *libcrux_ml_dsa_types_as_raw_66_97(
+static inline uint8_t *libcrux_ml_dsa_types_as_ref_66_97(
     libcrux_ml_dsa_types_MLDSAVerificationKey_ea *self) {
   return self->value;
 }
@@ -231,7 +231,7 @@ with types int32_t[256size_t][6size_t]
 
 */
 typedef struct Option_f0_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   int32_t f0[6U][256U];
 } Option_f0;
 
@@ -241,7 +241,7 @@ with types uint8_t[48size_t]
 
 */
 typedef struct Option_67_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   uint8_t f0[48U];
 } Option_67;
 
@@ -369,11 +369,11 @@ typedef struct libcrux_ml_dsa_types_MLDSASigningKey_22_s {
 This function found in impl {libcrux_ml_dsa::types::MLDSASigningKey<SIZE>}
 */
 /**
-A monomorphic instance of libcrux_ml_dsa.types.as_raw_9b
+A monomorphic instance of libcrux_ml_dsa.types.as_ref_9b
 with const generics
 - SIZE= 4032
 */
-static inline uint8_t *libcrux_ml_dsa_types_as_raw_9b_09(
+static inline uint8_t *libcrux_ml_dsa_types_as_ref_9b_09(
     libcrux_ml_dsa_types_MLDSASigningKey_22 *self) {
   return self->value;
 }
@@ -499,7 +499,7 @@ with types uint8_t[11size_t]
 
 */
 typedef struct Option_30_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   uint8_t f0[11U];
 } Option_30;
 
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 4cd046ed1..df9227c80 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
+ * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -3230,6 +3230,9 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invert_ntt_montgomery_a2(
   memcpy(ret, ret0, (size_t)32U * sizeof(__m256i));
 }
 
+typedef struct libcrux_ml_dsa_samplex4_avx2_AVX2Sampler_s {
+} libcrux_ml_dsa_samplex4_avx2_AVX2Sampler;
+
 /**
 A monomorphic instance of libcrux_ml_dsa.polynomial.PolynomialRingElement
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
@@ -3289,579 +3292,77 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ea(void) {
   return lit;
 }
 
-typedef struct
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4_s {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 thd;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f3;
-} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4;
-
 /**
-A monomorphic instance of
-libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
-libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
-
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool
-libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
-  bool done = false;
-  for (size_t i = (size_t)0U;
-       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) {
-    size_t _cloop_i = i;
-    Eurydice_slice random_bytes =
-        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U,
-                                 _cloop_i * (size_t)24U + (size_t)24U, uint8_t);
-    if (!done) {
-      Eurydice_slice uu____0 = random_bytes;
-      size_t sampled =
-          libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2(
-              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
-                                                       sampled_coefficients[0U],
-                                                       int32_t, size_t));
-      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-      if (sampled_coefficients[0U] >=
-          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-        done = true;
-      }
-    }
-  }
-  return done;
-}
-
-/**
-This function found in impl
-{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
-TraitClause@1]}
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
 with const generics
-
+- $840size_t
+- $6size_t
+- $5size_t
 */
-KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
-libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result =
-      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
-        Eurydice_slice_subslice2(
-            array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-            (i0 + (size_t)1U) *
-                LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-            int32_t));
-  }
-  return result;
-}
+typedef struct libcrux_ml_dsa_sample_SampleArgs_c5_s {
+  uint8_t_840size_t__x4 *rand_stack;
+  Eurydice_slice tmp_stack;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U];
+  Eurydice_slice indices;
+} libcrux_ml_dsa_sample_SampleArgs_c5;
 
 /**
-A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
-
+This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit,
+STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]}
 */
-KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-libcrux_ml_dsa_sample_sample_four_ring_elements_ea(uint8_t seed0[34U],
-                                                   uint16_t domain_separator0,
-                                                   uint16_t domain_separator1,
-                                                   uint16_t domain_seperator2,
-                                                   uint16_t domain_separator3) {
-  seed0[32U] = (uint8_t)domain_separator0;
-  seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
-  uint8_t seed1[34U];
-  memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t));
-  seed1[32U] = (uint8_t)domain_separator1;
-  seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
-  uint8_t seed2[34U];
-  memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
-  seed2[32U] = (uint8_t)domain_seperator2;
-  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
-  uint8_t seed3[34U];
-  memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
-  seed3[32U] = (uint8_t)domain_separator3;
-  seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
-  libcrux_ml_dsa_hash_functions_portable_Shake128X4 state =
-      libcrux_ml_dsa_hash_functions_portable_init_absorb_ed(
-          Eurydice_array_to_slice((size_t)34U, seed0, uint8_t),
-          Eurydice_array_to_slice((size_t)34U, seed1, uint8_t),
-          Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
-          Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
-  uint8_t randomness0[840U] = {0U};
-  uint8_t randomness1[840U] = {0U};
-  uint8_t randomness2[840U] = {0U};
-  uint8_t randomness3[840U] = {0U};
-  libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
-      &state, randomness0, randomness1, randomness2, randomness3);
-  int32_t coefficients0[263U] = {0U};
-  int32_t coefficients1[263U] = {0U};
-  int32_t coefficients2[263U] = {0U};
-  int32_t coefficients3[263U] = {0U};
-  size_t sampled0 = (size_t)0U;
-  size_t sampled1 = (size_t)0U;
-  size_t sampled2 = (size_t)0U;
-  size_t sampled3 = (size_t)0U;
-  bool done0 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, randomness0, uint8_t),
-          &sampled0, coefficients0);
-  bool done1 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, randomness1, uint8_t),
-          &sampled1, coefficients1);
-  bool done2 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, randomness2, uint8_t),
-          &sampled2, coefficients2);
-  bool done3 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, randomness3, uint8_t),
-          &sampled3, coefficients3);
-  while (true) {
-    if (done0) {
-      if (done1) {
-        if (done2) {
-          if (done3) {
-            break;
-          } else {
-            uint8_t_168size_t__x4 randomnesses =
-                libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
-                    &state);
-            if (!done0) {
-              done0 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                              uint8_t),
-                      &sampled0, coefficients0);
-            }
-            if (!done1) {
-              done1 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                              uint8_t),
-                      &sampled1, coefficients1);
-            }
-            if (!done2) {
-              done2 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                              uint8_t),
-                      &sampled2, coefficients2);
-            }
-            if (!done3) {
-              done3 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
-                                              uint8_t),
-                      &sampled3, coefficients3);
-            }
-          }
-        } else {
-          uint8_t_168size_t__x4 randomnesses =
-              libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
-                  &state);
-          if (!done0) {
-            done0 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                            uint8_t),
-                    &sampled0, coefficients0);
-          }
-          if (!done1) {
-            done1 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                            uint8_t),
-                    &sampled1, coefficients1);
-          }
-          if (!done2) {
-            done2 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                            uint8_t),
-                    &sampled2, coefficients2);
-          }
-          if (!done3) {
-            done3 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
-                                            uint8_t),
-                    &sampled3, coefficients3);
-          }
-        }
-      } else {
-        uint8_t_168size_t__x4 randomnesses =
-            libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
-                &state);
-        if (!done0) {
-          done0 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                          uint8_t),
-                  &sampled0, coefficients0);
-        }
-        if (!done1) {
-          done1 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                          uint8_t),
-                  &sampled1, coefficients1);
-        }
-        if (!done2) {
-          done2 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                          uint8_t),
-                  &sampled2, coefficients2);
-        }
-        if (!done3) {
-          done3 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
-                                          uint8_t),
-                  &sampled3, coefficients3);
-        }
-      }
-    } else {
-      uint8_t_168size_t__x4 randomnesses =
-          libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state);
-      if (!done0) {
-        done0 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                        uint8_t),
-                &sampled0, coefficients0);
-      }
-      if (!done1) {
-        done1 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                        uint8_t),
-                &sampled1, coefficients1);
-      }
-      if (!done2) {
-        done2 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                        uint8_t),
-                &sampled2, coefficients2);
-      }
-      if (!done3) {
-        done3 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
-                &sampled3, coefficients3);
-      }
-    }
-  }
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 =
-      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
-          Eurydice_array_to_slice((size_t)263U, coefficients0, int32_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
-      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
-          Eurydice_array_to_slice((size_t)263U, coefficients1, int32_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 =
-      libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
-          Eurydice_array_to_slice((size_t)263U, coefficients2, int32_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      lit;
-  lit.fst = uu____0;
-  lit.snd = uu____1;
-  lit.thd = uu____2;
-  lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(
-      Eurydice_array_to_slice((size_t)263U, coefficients3, int32_t));
-  return lit;
-}
-
 /**
-A monomorphic instance of libcrux_ml_dsa.samplex4.update_matrix
+A monomorphic instance of libcrux_ml_dsa.sample.new_29
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
 with const generics
+- STACK_SIZE= 840
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_dsa_samplex4_update_matrix_fe(
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*m)[5U], size_t i,
-    size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_24 v) {
-  m[i][j] = v;
+static inline libcrux_ml_dsa_sample_SampleArgs_c5
+libcrux_ml_dsa_sample_new_29_4f(
+    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U],
+    Eurydice_slice indices) {
+  libcrux_ml_dsa_sample_SampleArgs_c5 lit;
+  lit.rand_stack = rand_stack;
+  lit.tmp_stack = tmp_stack;
+  lit.out = out;
+  lit.indices = indices;
+  return lit;
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_4_by_4
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
+A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_4_by_4_fe(
-    uint8_t seed[34U],
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed[34U];
-  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U,
-                                           four_ring_elements.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U,
-                                           four_ring_elements.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U,
-                                           four_ring_elements.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U,
-                                           four_ring_elements.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed0[34U];
-  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed0,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U,
-                                           four_ring_elements0.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U,
-                                           four_ring_elements0.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U,
-                                           four_ring_elements0.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U,
-                                           four_ring_elements0.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed1[34U];
-  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed1,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U,
-                                           four_ring_elements1.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U,
-                                           four_ring_elements1.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U,
-                                           four_ring_elements1.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U,
-                                           four_ring_elements1.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed2[34U];
-  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed2,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U,
-                                           four_ring_elements2.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U,
-                                           four_ring_elements2.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U,
-                                           four_ring_elements2.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U,
-                                           four_ring_elements2.f3);
-  memcpy(ret, A,
-         (size_t)6U *
-             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+    uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1,
+    uint16_t domain_seperator2, uint16_t domain_separator3,
+    libcrux_ml_dsa_sample_SampleArgs_c5 *memory) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, "
+      "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
 }
 
 /**
 A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_6_by_5
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_fe(
-    uint8_t seed[34U],
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed[34U];
-  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U,
-                                           four_ring_elements.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U,
-                                           four_ring_elements.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U,
-                                           four_ring_elements.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U,
-                                           four_ring_elements.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed0[34U];
-  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed0,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)4U,
-                                           four_ring_elements0.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U,
-                                           four_ring_elements0.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U,
-                                           four_ring_elements0.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U,
-                                           four_ring_elements0.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed1[34U];
-  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed1,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U,
-                                           four_ring_elements1.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)4U,
-                                           four_ring_elements1.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U,
-                                           four_ring_elements1.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U,
-                                           four_ring_elements1.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed2[34U];
-  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed2,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U,
-                                           four_ring_elements2.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U,
-                                           four_ring_elements2.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)4U,
-                                           four_ring_elements2.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U,
-                                           four_ring_elements2.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed3[34U];
-  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed3,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U,
-                                           four_ring_elements3.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U,
-                                           four_ring_elements3.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U,
-                                           four_ring_elements3.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)4U,
-                                           four_ring_elements3.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed4[34U];
-  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed4,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)0U,
-                                           four_ring_elements4.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)1U,
-                                           four_ring_elements4.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)2U,
-                                           four_ring_elements4.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)3U,
-                                           four_ring_elements4.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed5[34U];
-  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed5,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)4U,
-                                           four_ring_elements5.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)0U,
-                                           four_ring_elements5.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)1U,
-                                           four_ring_elements5.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)2U,
-                                           four_ring_elements5.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed6[34U];
-  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed6,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)3U,
-                                           four_ring_elements6.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)4U,
-                                           four_ring_elements6.snd);
-  memcpy(ret, A,
-         (size_t)6U *
-             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
-}
-
-/**
-A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_8_by_7
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_hash_functions_simd256_Shake128x4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe(
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
     uint8_t seed[34U],
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
   libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U];
@@ -3872,296 +3373,1865 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe(
     A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
     A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
   }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed[34U];
-  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U,
-                                           four_ring_elements.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U,
-                                           four_ring_elements.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U,
-                                           four_ring_elements.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U,
-                                           four_ring_elements.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed0[34U];
-  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed0,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)4U,
-                                           four_ring_elements0.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)5U,
-                                           four_ring_elements0.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)6U,
-                                           four_ring_elements0.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U,
-                                           four_ring_elements0.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed1[34U];
-  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed1,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U,
-                                           four_ring_elements1.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U,
-                                           four_ring_elements1.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U,
-                                           four_ring_elements1.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)4U,
-                                           four_ring_elements1.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed2[34U];
-  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed2,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)5U,
-                                           four_ring_elements2.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)6U,
-                                           four_ring_elements2.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U,
-                                           four_ring_elements2.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U,
-                                           four_ring_elements2.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed3[34U];
-  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed3,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 5U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U,
-                                           four_ring_elements3.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U,
-                                           four_ring_elements3.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)4U,
-                                           four_ring_elements3.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)5U,
-                                           four_ring_elements3.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed4[34U];
-  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed4,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)6U,
-                                           four_ring_elements4.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U,
-                                           four_ring_elements4.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U,
-                                           four_ring_elements4.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U,
-                                           four_ring_elements4.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed5[34U];
-  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed5,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 6U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U,
-                                           four_ring_elements5.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)4U,
-                                           four_ring_elements5.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)5U,
-                                           four_ring_elements5.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)6U,
-                                           four_ring_elements5.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed6[34U];
-  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed6,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)0U,
-                                           four_ring_elements6.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)1U,
-                                           four_ring_elements6.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)2U,
-                                           four_ring_elements6.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)3U,
-                                           four_ring_elements6.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed7[34U];
-  memcpy(copy_of_seed7, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements7 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed7,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)4U,
-                                           four_ring_elements7.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)5U,
-                                           four_ring_elements7.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)6U,
-                                           four_ring_elements7.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)0U,
-                                           four_ring_elements7.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed8[34U];
-  memcpy(copy_of_seed8, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements8 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed8,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)1U,
-                                           four_ring_elements8.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)2U,
-                                           four_ring_elements8.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)3U,
-                                           four_ring_elements8.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)4U,
-                                           four_ring_elements8.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed9[34U];
-  memcpy(copy_of_seed9, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements9 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed9,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 1U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)5U,
-                                           four_ring_elements9.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)6U,
-                                           four_ring_elements9.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)0U,
-                                           four_ring_elements9.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)1U,
-                                           four_ring_elements9.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed10[34U];
-  memcpy(copy_of_seed10, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements10 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed10,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 5U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)2U,
-                                           four_ring_elements10.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)3U,
-                                           four_ring_elements10.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)4U,
-                                           four_ring_elements10.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)5U,
-                                           four_ring_elements10.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed11[34U];
-  memcpy(copy_of_seed11, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements11 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed11,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)6U,
-                                           four_ring_elements11.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)0U,
-                                           four_ring_elements11.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)1U,
-                                           four_ring_elements11.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)2U,
-                                           four_ring_elements11.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed12[34U];
-  memcpy(copy_of_seed12, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4
-      four_ring_elements12 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea(
-          copy_of_seed12,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 6U));
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)3U,
-                                           four_ring_elements12.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)4U,
-                                           four_ring_elements12.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)5U,
-                                           four_ring_elements12.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)6U,
-                                           four_ring_elements12.f3);
+  uint8_t uu____0[840U] = {0U};
+  uint8_t uu____1[840U] = {0U};
+  uint8_t_840size_t__x4 rand_stack;
+  rand_stack.fst[0U] = 0U;
+  rand_stack.fst[1U] = 0U;
+  rand_stack.fst[2U] = 0U;
+  rand_stack.fst[3U] = 0U;
+  rand_stack.fst[4U] = 0U;
+  rand_stack.fst[5U] = 0U;
+  rand_stack.fst[6U] = 0U;
+  rand_stack.fst[7U] = 0U;
+  rand_stack.fst[8U] = 0U;
+  rand_stack.fst[9U] = 0U;
+  rand_stack.fst[10U] = 0U;
+  rand_stack.fst[11U] = 0U;
+  rand_stack.fst[12U] = 0U;
+  rand_stack.fst[13U] = 0U;
+  rand_stack.fst[14U] = 0U;
+  rand_stack.fst[15U] = 0U;
+  rand_stack.fst[16U] = 0U;
+  rand_stack.fst[17U] = 0U;
+  rand_stack.fst[18U] = 0U;
+  rand_stack.fst[19U] = 0U;
+  rand_stack.fst[20U] = 0U;
+  rand_stack.fst[21U] = 0U;
+  rand_stack.fst[22U] = 0U;
+  rand_stack.fst[23U] = 0U;
+  rand_stack.fst[24U] = 0U;
+  rand_stack.fst[25U] = 0U;
+  rand_stack.fst[26U] = 0U;
+  rand_stack.fst[27U] = 0U;
+  rand_stack.fst[28U] = 0U;
+  rand_stack.fst[29U] = 0U;
+  rand_stack.fst[30U] = 0U;
+  rand_stack.fst[31U] = 0U;
+  rand_stack.fst[32U] = 0U;
+  rand_stack.fst[33U] = 0U;
+  rand_stack.fst[34U] = 0U;
+  rand_stack.fst[35U] = 0U;
+  rand_stack.fst[36U] = 0U;
+  rand_stack.fst[37U] = 0U;
+  rand_stack.fst[38U] = 0U;
+  rand_stack.fst[39U] = 0U;
+  rand_stack.fst[40U] = 0U;
+  rand_stack.fst[41U] = 0U;
+  rand_stack.fst[42U] = 0U;
+  rand_stack.fst[43U] = 0U;
+  rand_stack.fst[44U] = 0U;
+  rand_stack.fst[45U] = 0U;
+  rand_stack.fst[46U] = 0U;
+  rand_stack.fst[47U] = 0U;
+  rand_stack.fst[48U] = 0U;
+  rand_stack.fst[49U] = 0U;
+  rand_stack.fst[50U] = 0U;
+  rand_stack.fst[51U] = 0U;
+  rand_stack.fst[52U] = 0U;
+  rand_stack.fst[53U] = 0U;
+  rand_stack.fst[54U] = 0U;
+  rand_stack.fst[55U] = 0U;
+  rand_stack.fst[56U] = 0U;
+  rand_stack.fst[57U] = 0U;
+  rand_stack.fst[58U] = 0U;
+  rand_stack.fst[59U] = 0U;
+  rand_stack.fst[60U] = 0U;
+  rand_stack.fst[61U] = 0U;
+  rand_stack.fst[62U] = 0U;
+  rand_stack.fst[63U] = 0U;
+  rand_stack.fst[64U] = 0U;
+  rand_stack.fst[65U] = 0U;
+  rand_stack.fst[66U] = 0U;
+  rand_stack.fst[67U] = 0U;
+  rand_stack.fst[68U] = 0U;
+  rand_stack.fst[69U] = 0U;
+  rand_stack.fst[70U] = 0U;
+  rand_stack.fst[71U] = 0U;
+  rand_stack.fst[72U] = 0U;
+  rand_stack.fst[73U] = 0U;
+  rand_stack.fst[74U] = 0U;
+  rand_stack.fst[75U] = 0U;
+  rand_stack.fst[76U] = 0U;
+  rand_stack.fst[77U] = 0U;
+  rand_stack.fst[78U] = 0U;
+  rand_stack.fst[79U] = 0U;
+  rand_stack.fst[80U] = 0U;
+  rand_stack.fst[81U] = 0U;
+  rand_stack.fst[82U] = 0U;
+  rand_stack.fst[83U] = 0U;
+  rand_stack.fst[84U] = 0U;
+  rand_stack.fst[85U] = 0U;
+  rand_stack.fst[86U] = 0U;
+  rand_stack.fst[87U] = 0U;
+  rand_stack.fst[88U] = 0U;
+  rand_stack.fst[89U] = 0U;
+  rand_stack.fst[90U] = 0U;
+  rand_stack.fst[91U] = 0U;
+  rand_stack.fst[92U] = 0U;
+  rand_stack.fst[93U] = 0U;
+  rand_stack.fst[94U] = 0U;
+  rand_stack.fst[95U] = 0U;
+  rand_stack.fst[96U] = 0U;
+  rand_stack.fst[97U] = 0U;
+  rand_stack.fst[98U] = 0U;
+  rand_stack.fst[99U] = 0U;
+  rand_stack.fst[100U] = 0U;
+  rand_stack.fst[101U] = 0U;
+  rand_stack.fst[102U] = 0U;
+  rand_stack.fst[103U] = 0U;
+  rand_stack.fst[104U] = 0U;
+  rand_stack.fst[105U] = 0U;
+  rand_stack.fst[106U] = 0U;
+  rand_stack.fst[107U] = 0U;
+  rand_stack.fst[108U] = 0U;
+  rand_stack.fst[109U] = 0U;
+  rand_stack.fst[110U] = 0U;
+  rand_stack.fst[111U] = 0U;
+  rand_stack.fst[112U] = 0U;
+  rand_stack.fst[113U] = 0U;
+  rand_stack.fst[114U] = 0U;
+  rand_stack.fst[115U] = 0U;
+  rand_stack.fst[116U] = 0U;
+  rand_stack.fst[117U] = 0U;
+  rand_stack.fst[118U] = 0U;
+  rand_stack.fst[119U] = 0U;
+  rand_stack.fst[120U] = 0U;
+  rand_stack.fst[121U] = 0U;
+  rand_stack.fst[122U] = 0U;
+  rand_stack.fst[123U] = 0U;
+  rand_stack.fst[124U] = 0U;
+  rand_stack.fst[125U] = 0U;
+  rand_stack.fst[126U] = 0U;
+  rand_stack.fst[127U] = 0U;
+  rand_stack.fst[128U] = 0U;
+  rand_stack.fst[129U] = 0U;
+  rand_stack.fst[130U] = 0U;
+  rand_stack.fst[131U] = 0U;
+  rand_stack.fst[132U] = 0U;
+  rand_stack.fst[133U] = 0U;
+  rand_stack.fst[134U] = 0U;
+  rand_stack.fst[135U] = 0U;
+  rand_stack.fst[136U] = 0U;
+  rand_stack.fst[137U] = 0U;
+  rand_stack.fst[138U] = 0U;
+  rand_stack.fst[139U] = 0U;
+  rand_stack.fst[140U] = 0U;
+  rand_stack.fst[141U] = 0U;
+  rand_stack.fst[142U] = 0U;
+  rand_stack.fst[143U] = 0U;
+  rand_stack.fst[144U] = 0U;
+  rand_stack.fst[145U] = 0U;
+  rand_stack.fst[146U] = 0U;
+  rand_stack.fst[147U] = 0U;
+  rand_stack.fst[148U] = 0U;
+  rand_stack.fst[149U] = 0U;
+  rand_stack.fst[150U] = 0U;
+  rand_stack.fst[151U] = 0U;
+  rand_stack.fst[152U] = 0U;
+  rand_stack.fst[153U] = 0U;
+  rand_stack.fst[154U] = 0U;
+  rand_stack.fst[155U] = 0U;
+  rand_stack.fst[156U] = 0U;
+  rand_stack.fst[157U] = 0U;
+  rand_stack.fst[158U] = 0U;
+  rand_stack.fst[159U] = 0U;
+  rand_stack.fst[160U] = 0U;
+  rand_stack.fst[161U] = 0U;
+  rand_stack.fst[162U] = 0U;
+  rand_stack.fst[163U] = 0U;
+  rand_stack.fst[164U] = 0U;
+  rand_stack.fst[165U] = 0U;
+  rand_stack.fst[166U] = 0U;
+  rand_stack.fst[167U] = 0U;
+  rand_stack.fst[168U] = 0U;
+  rand_stack.fst[169U] = 0U;
+  rand_stack.fst[170U] = 0U;
+  rand_stack.fst[171U] = 0U;
+  rand_stack.fst[172U] = 0U;
+  rand_stack.fst[173U] = 0U;
+  rand_stack.fst[174U] = 0U;
+  rand_stack.fst[175U] = 0U;
+  rand_stack.fst[176U] = 0U;
+  rand_stack.fst[177U] = 0U;
+  rand_stack.fst[178U] = 0U;
+  rand_stack.fst[179U] = 0U;
+  rand_stack.fst[180U] = 0U;
+  rand_stack.fst[181U] = 0U;
+  rand_stack.fst[182U] = 0U;
+  rand_stack.fst[183U] = 0U;
+  rand_stack.fst[184U] = 0U;
+  rand_stack.fst[185U] = 0U;
+  rand_stack.fst[186U] = 0U;
+  rand_stack.fst[187U] = 0U;
+  rand_stack.fst[188U] = 0U;
+  rand_stack.fst[189U] = 0U;
+  rand_stack.fst[190U] = 0U;
+  rand_stack.fst[191U] = 0U;
+  rand_stack.fst[192U] = 0U;
+  rand_stack.fst[193U] = 0U;
+  rand_stack.fst[194U] = 0U;
+  rand_stack.fst[195U] = 0U;
+  rand_stack.fst[196U] = 0U;
+  rand_stack.fst[197U] = 0U;
+  rand_stack.fst[198U] = 0U;
+  rand_stack.fst[199U] = 0U;
+  rand_stack.fst[200U] = 0U;
+  rand_stack.fst[201U] = 0U;
+  rand_stack.fst[202U] = 0U;
+  rand_stack.fst[203U] = 0U;
+  rand_stack.fst[204U] = 0U;
+  rand_stack.fst[205U] = 0U;
+  rand_stack.fst[206U] = 0U;
+  rand_stack.fst[207U] = 0U;
+  rand_stack.fst[208U] = 0U;
+  rand_stack.fst[209U] = 0U;
+  rand_stack.fst[210U] = 0U;
+  rand_stack.fst[211U] = 0U;
+  rand_stack.fst[212U] = 0U;
+  rand_stack.fst[213U] = 0U;
+  rand_stack.fst[214U] = 0U;
+  rand_stack.fst[215U] = 0U;
+  rand_stack.fst[216U] = 0U;
+  rand_stack.fst[217U] = 0U;
+  rand_stack.fst[218U] = 0U;
+  rand_stack.fst[219U] = 0U;
+  rand_stack.fst[220U] = 0U;
+  rand_stack.fst[221U] = 0U;
+  rand_stack.fst[222U] = 0U;
+  rand_stack.fst[223U] = 0U;
+  rand_stack.fst[224U] = 0U;
+  rand_stack.fst[225U] = 0U;
+  rand_stack.fst[226U] = 0U;
+  rand_stack.fst[227U] = 0U;
+  rand_stack.fst[228U] = 0U;
+  rand_stack.fst[229U] = 0U;
+  rand_stack.fst[230U] = 0U;
+  rand_stack.fst[231U] = 0U;
+  rand_stack.fst[232U] = 0U;
+  rand_stack.fst[233U] = 0U;
+  rand_stack.fst[234U] = 0U;
+  rand_stack.fst[235U] = 0U;
+  rand_stack.fst[236U] = 0U;
+  rand_stack.fst[237U] = 0U;
+  rand_stack.fst[238U] = 0U;
+  rand_stack.fst[239U] = 0U;
+  rand_stack.fst[240U] = 0U;
+  rand_stack.fst[241U] = 0U;
+  rand_stack.fst[242U] = 0U;
+  rand_stack.fst[243U] = 0U;
+  rand_stack.fst[244U] = 0U;
+  rand_stack.fst[245U] = 0U;
+  rand_stack.fst[246U] = 0U;
+  rand_stack.fst[247U] = 0U;
+  rand_stack.fst[248U] = 0U;
+  rand_stack.fst[249U] = 0U;
+  rand_stack.fst[250U] = 0U;
+  rand_stack.fst[251U] = 0U;
+  rand_stack.fst[252U] = 0U;
+  rand_stack.fst[253U] = 0U;
+  rand_stack.fst[254U] = 0U;
+  rand_stack.fst[255U] = 0U;
+  rand_stack.fst[256U] = 0U;
+  rand_stack.fst[257U] = 0U;
+  rand_stack.fst[258U] = 0U;
+  rand_stack.fst[259U] = 0U;
+  rand_stack.fst[260U] = 0U;
+  rand_stack.fst[261U] = 0U;
+  rand_stack.fst[262U] = 0U;
+  rand_stack.fst[263U] = 0U;
+  rand_stack.fst[264U] = 0U;
+  rand_stack.fst[265U] = 0U;
+  rand_stack.fst[266U] = 0U;
+  rand_stack.fst[267U] = 0U;
+  rand_stack.fst[268U] = 0U;
+  rand_stack.fst[269U] = 0U;
+  rand_stack.fst[270U] = 0U;
+  rand_stack.fst[271U] = 0U;
+  rand_stack.fst[272U] = 0U;
+  rand_stack.fst[273U] = 0U;
+  rand_stack.fst[274U] = 0U;
+  rand_stack.fst[275U] = 0U;
+  rand_stack.fst[276U] = 0U;
+  rand_stack.fst[277U] = 0U;
+  rand_stack.fst[278U] = 0U;
+  rand_stack.fst[279U] = 0U;
+  rand_stack.fst[280U] = 0U;
+  rand_stack.fst[281U] = 0U;
+  rand_stack.fst[282U] = 0U;
+  rand_stack.fst[283U] = 0U;
+  rand_stack.fst[284U] = 0U;
+  rand_stack.fst[285U] = 0U;
+  rand_stack.fst[286U] = 0U;
+  rand_stack.fst[287U] = 0U;
+  rand_stack.fst[288U] = 0U;
+  rand_stack.fst[289U] = 0U;
+  rand_stack.fst[290U] = 0U;
+  rand_stack.fst[291U] = 0U;
+  rand_stack.fst[292U] = 0U;
+  rand_stack.fst[293U] = 0U;
+  rand_stack.fst[294U] = 0U;
+  rand_stack.fst[295U] = 0U;
+  rand_stack.fst[296U] = 0U;
+  rand_stack.fst[297U] = 0U;
+  rand_stack.fst[298U] = 0U;
+  rand_stack.fst[299U] = 0U;
+  rand_stack.fst[300U] = 0U;
+  rand_stack.fst[301U] = 0U;
+  rand_stack.fst[302U] = 0U;
+  rand_stack.fst[303U] = 0U;
+  rand_stack.fst[304U] = 0U;
+  rand_stack.fst[305U] = 0U;
+  rand_stack.fst[306U] = 0U;
+  rand_stack.fst[307U] = 0U;
+  rand_stack.fst[308U] = 0U;
+  rand_stack.fst[309U] = 0U;
+  rand_stack.fst[310U] = 0U;
+  rand_stack.fst[311U] = 0U;
+  rand_stack.fst[312U] = 0U;
+  rand_stack.fst[313U] = 0U;
+  rand_stack.fst[314U] = 0U;
+  rand_stack.fst[315U] = 0U;
+  rand_stack.fst[316U] = 0U;
+  rand_stack.fst[317U] = 0U;
+  rand_stack.fst[318U] = 0U;
+  rand_stack.fst[319U] = 0U;
+  rand_stack.fst[320U] = 0U;
+  rand_stack.fst[321U] = 0U;
+  rand_stack.fst[322U] = 0U;
+  rand_stack.fst[323U] = 0U;
+  rand_stack.fst[324U] = 0U;
+  rand_stack.fst[325U] = 0U;
+  rand_stack.fst[326U] = 0U;
+  rand_stack.fst[327U] = 0U;
+  rand_stack.fst[328U] = 0U;
+  rand_stack.fst[329U] = 0U;
+  rand_stack.fst[330U] = 0U;
+  rand_stack.fst[331U] = 0U;
+  rand_stack.fst[332U] = 0U;
+  rand_stack.fst[333U] = 0U;
+  rand_stack.fst[334U] = 0U;
+  rand_stack.fst[335U] = 0U;
+  rand_stack.fst[336U] = 0U;
+  rand_stack.fst[337U] = 0U;
+  rand_stack.fst[338U] = 0U;
+  rand_stack.fst[339U] = 0U;
+  rand_stack.fst[340U] = 0U;
+  rand_stack.fst[341U] = 0U;
+  rand_stack.fst[342U] = 0U;
+  rand_stack.fst[343U] = 0U;
+  rand_stack.fst[344U] = 0U;
+  rand_stack.fst[345U] = 0U;
+  rand_stack.fst[346U] = 0U;
+  rand_stack.fst[347U] = 0U;
+  rand_stack.fst[348U] = 0U;
+  rand_stack.fst[349U] = 0U;
+  rand_stack.fst[350U] = 0U;
+  rand_stack.fst[351U] = 0U;
+  rand_stack.fst[352U] = 0U;
+  rand_stack.fst[353U] = 0U;
+  rand_stack.fst[354U] = 0U;
+  rand_stack.fst[355U] = 0U;
+  rand_stack.fst[356U] = 0U;
+  rand_stack.fst[357U] = 0U;
+  rand_stack.fst[358U] = 0U;
+  rand_stack.fst[359U] = 0U;
+  rand_stack.fst[360U] = 0U;
+  rand_stack.fst[361U] = 0U;
+  rand_stack.fst[362U] = 0U;
+  rand_stack.fst[363U] = 0U;
+  rand_stack.fst[364U] = 0U;
+  rand_stack.fst[365U] = 0U;
+  rand_stack.fst[366U] = 0U;
+  rand_stack.fst[367U] = 0U;
+  rand_stack.fst[368U] = 0U;
+  rand_stack.fst[369U] = 0U;
+  rand_stack.fst[370U] = 0U;
+  rand_stack.fst[371U] = 0U;
+  rand_stack.fst[372U] = 0U;
+  rand_stack.fst[373U] = 0U;
+  rand_stack.fst[374U] = 0U;
+  rand_stack.fst[375U] = 0U;
+  rand_stack.fst[376U] = 0U;
+  rand_stack.fst[377U] = 0U;
+  rand_stack.fst[378U] = 0U;
+  rand_stack.fst[379U] = 0U;
+  rand_stack.fst[380U] = 0U;
+  rand_stack.fst[381U] = 0U;
+  rand_stack.fst[382U] = 0U;
+  rand_stack.fst[383U] = 0U;
+  rand_stack.fst[384U] = 0U;
+  rand_stack.fst[385U] = 0U;
+  rand_stack.fst[386U] = 0U;
+  rand_stack.fst[387U] = 0U;
+  rand_stack.fst[388U] = 0U;
+  rand_stack.fst[389U] = 0U;
+  rand_stack.fst[390U] = 0U;
+  rand_stack.fst[391U] = 0U;
+  rand_stack.fst[392U] = 0U;
+  rand_stack.fst[393U] = 0U;
+  rand_stack.fst[394U] = 0U;
+  rand_stack.fst[395U] = 0U;
+  rand_stack.fst[396U] = 0U;
+  rand_stack.fst[397U] = 0U;
+  rand_stack.fst[398U] = 0U;
+  rand_stack.fst[399U] = 0U;
+  rand_stack.fst[400U] = 0U;
+  rand_stack.fst[401U] = 0U;
+  rand_stack.fst[402U] = 0U;
+  rand_stack.fst[403U] = 0U;
+  rand_stack.fst[404U] = 0U;
+  rand_stack.fst[405U] = 0U;
+  rand_stack.fst[406U] = 0U;
+  rand_stack.fst[407U] = 0U;
+  rand_stack.fst[408U] = 0U;
+  rand_stack.fst[409U] = 0U;
+  rand_stack.fst[410U] = 0U;
+  rand_stack.fst[411U] = 0U;
+  rand_stack.fst[412U] = 0U;
+  rand_stack.fst[413U] = 0U;
+  rand_stack.fst[414U] = 0U;
+  rand_stack.fst[415U] = 0U;
+  rand_stack.fst[416U] = 0U;
+  rand_stack.fst[417U] = 0U;
+  rand_stack.fst[418U] = 0U;
+  rand_stack.fst[419U] = 0U;
+  rand_stack.fst[420U] = 0U;
+  rand_stack.fst[421U] = 0U;
+  rand_stack.fst[422U] = 0U;
+  rand_stack.fst[423U] = 0U;
+  rand_stack.fst[424U] = 0U;
+  rand_stack.fst[425U] = 0U;
+  rand_stack.fst[426U] = 0U;
+  rand_stack.fst[427U] = 0U;
+  rand_stack.fst[428U] = 0U;
+  rand_stack.fst[429U] = 0U;
+  rand_stack.fst[430U] = 0U;
+  rand_stack.fst[431U] = 0U;
+  rand_stack.fst[432U] = 0U;
+  rand_stack.fst[433U] = 0U;
+  rand_stack.fst[434U] = 0U;
+  rand_stack.fst[435U] = 0U;
+  rand_stack.fst[436U] = 0U;
+  rand_stack.fst[437U] = 0U;
+  rand_stack.fst[438U] = 0U;
+  rand_stack.fst[439U] = 0U;
+  rand_stack.fst[440U] = 0U;
+  rand_stack.fst[441U] = 0U;
+  rand_stack.fst[442U] = 0U;
+  rand_stack.fst[443U] = 0U;
+  rand_stack.fst[444U] = 0U;
+  rand_stack.fst[445U] = 0U;
+  rand_stack.fst[446U] = 0U;
+  rand_stack.fst[447U] = 0U;
+  rand_stack.fst[448U] = 0U;
+  rand_stack.fst[449U] = 0U;
+  rand_stack.fst[450U] = 0U;
+  rand_stack.fst[451U] = 0U;
+  rand_stack.fst[452U] = 0U;
+  rand_stack.fst[453U] = 0U;
+  rand_stack.fst[454U] = 0U;
+  rand_stack.fst[455U] = 0U;
+  rand_stack.fst[456U] = 0U;
+  rand_stack.fst[457U] = 0U;
+  rand_stack.fst[458U] = 0U;
+  rand_stack.fst[459U] = 0U;
+  rand_stack.fst[460U] = 0U;
+  rand_stack.fst[461U] = 0U;
+  rand_stack.fst[462U] = 0U;
+  rand_stack.fst[463U] = 0U;
+  rand_stack.fst[464U] = 0U;
+  rand_stack.fst[465U] = 0U;
+  rand_stack.fst[466U] = 0U;
+  rand_stack.fst[467U] = 0U;
+  rand_stack.fst[468U] = 0U;
+  rand_stack.fst[469U] = 0U;
+  rand_stack.fst[470U] = 0U;
+  rand_stack.fst[471U] = 0U;
+  rand_stack.fst[472U] = 0U;
+  rand_stack.fst[473U] = 0U;
+  rand_stack.fst[474U] = 0U;
+  rand_stack.fst[475U] = 0U;
+  rand_stack.fst[476U] = 0U;
+  rand_stack.fst[477U] = 0U;
+  rand_stack.fst[478U] = 0U;
+  rand_stack.fst[479U] = 0U;
+  rand_stack.fst[480U] = 0U;
+  rand_stack.fst[481U] = 0U;
+  rand_stack.fst[482U] = 0U;
+  rand_stack.fst[483U] = 0U;
+  rand_stack.fst[484U] = 0U;
+  rand_stack.fst[485U] = 0U;
+  rand_stack.fst[486U] = 0U;
+  rand_stack.fst[487U] = 0U;
+  rand_stack.fst[488U] = 0U;
+  rand_stack.fst[489U] = 0U;
+  rand_stack.fst[490U] = 0U;
+  rand_stack.fst[491U] = 0U;
+  rand_stack.fst[492U] = 0U;
+  rand_stack.fst[493U] = 0U;
+  rand_stack.fst[494U] = 0U;
+  rand_stack.fst[495U] = 0U;
+  rand_stack.fst[496U] = 0U;
+  rand_stack.fst[497U] = 0U;
+  rand_stack.fst[498U] = 0U;
+  rand_stack.fst[499U] = 0U;
+  rand_stack.fst[500U] = 0U;
+  rand_stack.fst[501U] = 0U;
+  rand_stack.fst[502U] = 0U;
+  rand_stack.fst[503U] = 0U;
+  rand_stack.fst[504U] = 0U;
+  rand_stack.fst[505U] = 0U;
+  rand_stack.fst[506U] = 0U;
+  rand_stack.fst[507U] = 0U;
+  rand_stack.fst[508U] = 0U;
+  rand_stack.fst[509U] = 0U;
+  rand_stack.fst[510U] = 0U;
+  rand_stack.fst[511U] = 0U;
+  rand_stack.fst[512U] = 0U;
+  rand_stack.fst[513U] = 0U;
+  rand_stack.fst[514U] = 0U;
+  rand_stack.fst[515U] = 0U;
+  rand_stack.fst[516U] = 0U;
+  rand_stack.fst[517U] = 0U;
+  rand_stack.fst[518U] = 0U;
+  rand_stack.fst[519U] = 0U;
+  rand_stack.fst[520U] = 0U;
+  rand_stack.fst[521U] = 0U;
+  rand_stack.fst[522U] = 0U;
+  rand_stack.fst[523U] = 0U;
+  rand_stack.fst[524U] = 0U;
+  rand_stack.fst[525U] = 0U;
+  rand_stack.fst[526U] = 0U;
+  rand_stack.fst[527U] = 0U;
+  rand_stack.fst[528U] = 0U;
+  rand_stack.fst[529U] = 0U;
+  rand_stack.fst[530U] = 0U;
+  rand_stack.fst[531U] = 0U;
+  rand_stack.fst[532U] = 0U;
+  rand_stack.fst[533U] = 0U;
+  rand_stack.fst[534U] = 0U;
+  rand_stack.fst[535U] = 0U;
+  rand_stack.fst[536U] = 0U;
+  rand_stack.fst[537U] = 0U;
+  rand_stack.fst[538U] = 0U;
+  rand_stack.fst[539U] = 0U;
+  rand_stack.fst[540U] = 0U;
+  rand_stack.fst[541U] = 0U;
+  rand_stack.fst[542U] = 0U;
+  rand_stack.fst[543U] = 0U;
+  rand_stack.fst[544U] = 0U;
+  rand_stack.fst[545U] = 0U;
+  rand_stack.fst[546U] = 0U;
+  rand_stack.fst[547U] = 0U;
+  rand_stack.fst[548U] = 0U;
+  rand_stack.fst[549U] = 0U;
+  rand_stack.fst[550U] = 0U;
+  rand_stack.fst[551U] = 0U;
+  rand_stack.fst[552U] = 0U;
+  rand_stack.fst[553U] = 0U;
+  rand_stack.fst[554U] = 0U;
+  rand_stack.fst[555U] = 0U;
+  rand_stack.fst[556U] = 0U;
+  rand_stack.fst[557U] = 0U;
+  rand_stack.fst[558U] = 0U;
+  rand_stack.fst[559U] = 0U;
+  rand_stack.fst[560U] = 0U;
+  rand_stack.fst[561U] = 0U;
+  rand_stack.fst[562U] = 0U;
+  rand_stack.fst[563U] = 0U;
+  rand_stack.fst[564U] = 0U;
+  rand_stack.fst[565U] = 0U;
+  rand_stack.fst[566U] = 0U;
+  rand_stack.fst[567U] = 0U;
+  rand_stack.fst[568U] = 0U;
+  rand_stack.fst[569U] = 0U;
+  rand_stack.fst[570U] = 0U;
+  rand_stack.fst[571U] = 0U;
+  rand_stack.fst[572U] = 0U;
+  rand_stack.fst[573U] = 0U;
+  rand_stack.fst[574U] = 0U;
+  rand_stack.fst[575U] = 0U;
+  rand_stack.fst[576U] = 0U;
+  rand_stack.fst[577U] = 0U;
+  rand_stack.fst[578U] = 0U;
+  rand_stack.fst[579U] = 0U;
+  rand_stack.fst[580U] = 0U;
+  rand_stack.fst[581U] = 0U;
+  rand_stack.fst[582U] = 0U;
+  rand_stack.fst[583U] = 0U;
+  rand_stack.fst[584U] = 0U;
+  rand_stack.fst[585U] = 0U;
+  rand_stack.fst[586U] = 0U;
+  rand_stack.fst[587U] = 0U;
+  rand_stack.fst[588U] = 0U;
+  rand_stack.fst[589U] = 0U;
+  rand_stack.fst[590U] = 0U;
+  rand_stack.fst[591U] = 0U;
+  rand_stack.fst[592U] = 0U;
+  rand_stack.fst[593U] = 0U;
+  rand_stack.fst[594U] = 0U;
+  rand_stack.fst[595U] = 0U;
+  rand_stack.fst[596U] = 0U;
+  rand_stack.fst[597U] = 0U;
+  rand_stack.fst[598U] = 0U;
+  rand_stack.fst[599U] = 0U;
+  rand_stack.fst[600U] = 0U;
+  rand_stack.fst[601U] = 0U;
+  rand_stack.fst[602U] = 0U;
+  rand_stack.fst[603U] = 0U;
+  rand_stack.fst[604U] = 0U;
+  rand_stack.fst[605U] = 0U;
+  rand_stack.fst[606U] = 0U;
+  rand_stack.fst[607U] = 0U;
+  rand_stack.fst[608U] = 0U;
+  rand_stack.fst[609U] = 0U;
+  rand_stack.fst[610U] = 0U;
+  rand_stack.fst[611U] = 0U;
+  rand_stack.fst[612U] = 0U;
+  rand_stack.fst[613U] = 0U;
+  rand_stack.fst[614U] = 0U;
+  rand_stack.fst[615U] = 0U;
+  rand_stack.fst[616U] = 0U;
+  rand_stack.fst[617U] = 0U;
+  rand_stack.fst[618U] = 0U;
+  rand_stack.fst[619U] = 0U;
+  rand_stack.fst[620U] = 0U;
+  rand_stack.fst[621U] = 0U;
+  rand_stack.fst[622U] = 0U;
+  rand_stack.fst[623U] = 0U;
+  rand_stack.fst[624U] = 0U;
+  rand_stack.fst[625U] = 0U;
+  rand_stack.fst[626U] = 0U;
+  rand_stack.fst[627U] = 0U;
+  rand_stack.fst[628U] = 0U;
+  rand_stack.fst[629U] = 0U;
+  rand_stack.fst[630U] = 0U;
+  rand_stack.fst[631U] = 0U;
+  rand_stack.fst[632U] = 0U;
+  rand_stack.fst[633U] = 0U;
+  rand_stack.fst[634U] = 0U;
+  rand_stack.fst[635U] = 0U;
+  rand_stack.fst[636U] = 0U;
+  rand_stack.fst[637U] = 0U;
+  rand_stack.fst[638U] = 0U;
+  rand_stack.fst[639U] = 0U;
+  rand_stack.fst[640U] = 0U;
+  rand_stack.fst[641U] = 0U;
+  rand_stack.fst[642U] = 0U;
+  rand_stack.fst[643U] = 0U;
+  rand_stack.fst[644U] = 0U;
+  rand_stack.fst[645U] = 0U;
+  rand_stack.fst[646U] = 0U;
+  rand_stack.fst[647U] = 0U;
+  rand_stack.fst[648U] = 0U;
+  rand_stack.fst[649U] = 0U;
+  rand_stack.fst[650U] = 0U;
+  rand_stack.fst[651U] = 0U;
+  rand_stack.fst[652U] = 0U;
+  rand_stack.fst[653U] = 0U;
+  rand_stack.fst[654U] = 0U;
+  rand_stack.fst[655U] = 0U;
+  rand_stack.fst[656U] = 0U;
+  rand_stack.fst[657U] = 0U;
+  rand_stack.fst[658U] = 0U;
+  rand_stack.fst[659U] = 0U;
+  rand_stack.fst[660U] = 0U;
+  rand_stack.fst[661U] = 0U;
+  rand_stack.fst[662U] = 0U;
+  rand_stack.fst[663U] = 0U;
+  rand_stack.fst[664U] = 0U;
+  rand_stack.fst[665U] = 0U;
+  rand_stack.fst[666U] = 0U;
+  rand_stack.fst[667U] = 0U;
+  rand_stack.fst[668U] = 0U;
+  rand_stack.fst[669U] = 0U;
+  rand_stack.fst[670U] = 0U;
+  rand_stack.fst[671U] = 0U;
+  rand_stack.fst[672U] = 0U;
+  rand_stack.fst[673U] = 0U;
+  rand_stack.fst[674U] = 0U;
+  rand_stack.fst[675U] = 0U;
+  rand_stack.fst[676U] = 0U;
+  rand_stack.fst[677U] = 0U;
+  rand_stack.fst[678U] = 0U;
+  rand_stack.fst[679U] = 0U;
+  rand_stack.fst[680U] = 0U;
+  rand_stack.fst[681U] = 0U;
+  rand_stack.fst[682U] = 0U;
+  rand_stack.fst[683U] = 0U;
+  rand_stack.fst[684U] = 0U;
+  rand_stack.fst[685U] = 0U;
+  rand_stack.fst[686U] = 0U;
+  rand_stack.fst[687U] = 0U;
+  rand_stack.fst[688U] = 0U;
+  rand_stack.fst[689U] = 0U;
+  rand_stack.fst[690U] = 0U;
+  rand_stack.fst[691U] = 0U;
+  rand_stack.fst[692U] = 0U;
+  rand_stack.fst[693U] = 0U;
+  rand_stack.fst[694U] = 0U;
+  rand_stack.fst[695U] = 0U;
+  rand_stack.fst[696U] = 0U;
+  rand_stack.fst[697U] = 0U;
+  rand_stack.fst[698U] = 0U;
+  rand_stack.fst[699U] = 0U;
+  rand_stack.fst[700U] = 0U;
+  rand_stack.fst[701U] = 0U;
+  rand_stack.fst[702U] = 0U;
+  rand_stack.fst[703U] = 0U;
+  rand_stack.fst[704U] = 0U;
+  rand_stack.fst[705U] = 0U;
+  rand_stack.fst[706U] = 0U;
+  rand_stack.fst[707U] = 0U;
+  rand_stack.fst[708U] = 0U;
+  rand_stack.fst[709U] = 0U;
+  rand_stack.fst[710U] = 0U;
+  rand_stack.fst[711U] = 0U;
+  rand_stack.fst[712U] = 0U;
+  rand_stack.fst[713U] = 0U;
+  rand_stack.fst[714U] = 0U;
+  rand_stack.fst[715U] = 0U;
+  rand_stack.fst[716U] = 0U;
+  rand_stack.fst[717U] = 0U;
+  rand_stack.fst[718U] = 0U;
+  rand_stack.fst[719U] = 0U;
+  rand_stack.fst[720U] = 0U;
+  rand_stack.fst[721U] = 0U;
+  rand_stack.fst[722U] = 0U;
+  rand_stack.fst[723U] = 0U;
+  rand_stack.fst[724U] = 0U;
+  rand_stack.fst[725U] = 0U;
+  rand_stack.fst[726U] = 0U;
+  rand_stack.fst[727U] = 0U;
+  rand_stack.fst[728U] = 0U;
+  rand_stack.fst[729U] = 0U;
+  rand_stack.fst[730U] = 0U;
+  rand_stack.fst[731U] = 0U;
+  rand_stack.fst[732U] = 0U;
+  rand_stack.fst[733U] = 0U;
+  rand_stack.fst[734U] = 0U;
+  rand_stack.fst[735U] = 0U;
+  rand_stack.fst[736U] = 0U;
+  rand_stack.fst[737U] = 0U;
+  rand_stack.fst[738U] = 0U;
+  rand_stack.fst[739U] = 0U;
+  rand_stack.fst[740U] = 0U;
+  rand_stack.fst[741U] = 0U;
+  rand_stack.fst[742U] = 0U;
+  rand_stack.fst[743U] = 0U;
+  rand_stack.fst[744U] = 0U;
+  rand_stack.fst[745U] = 0U;
+  rand_stack.fst[746U] = 0U;
+  rand_stack.fst[747U] = 0U;
+  rand_stack.fst[748U] = 0U;
+  rand_stack.fst[749U] = 0U;
+  rand_stack.fst[750U] = 0U;
+  rand_stack.fst[751U] = 0U;
+  rand_stack.fst[752U] = 0U;
+  rand_stack.fst[753U] = 0U;
+  rand_stack.fst[754U] = 0U;
+  rand_stack.fst[755U] = 0U;
+  rand_stack.fst[756U] = 0U;
+  rand_stack.fst[757U] = 0U;
+  rand_stack.fst[758U] = 0U;
+  rand_stack.fst[759U] = 0U;
+  rand_stack.fst[760U] = 0U;
+  rand_stack.fst[761U] = 0U;
+  rand_stack.fst[762U] = 0U;
+  rand_stack.fst[763U] = 0U;
+  rand_stack.fst[764U] = 0U;
+  rand_stack.fst[765U] = 0U;
+  rand_stack.fst[766U] = 0U;
+  rand_stack.fst[767U] = 0U;
+  rand_stack.fst[768U] = 0U;
+  rand_stack.fst[769U] = 0U;
+  rand_stack.fst[770U] = 0U;
+  rand_stack.fst[771U] = 0U;
+  rand_stack.fst[772U] = 0U;
+  rand_stack.fst[773U] = 0U;
+  rand_stack.fst[774U] = 0U;
+  rand_stack.fst[775U] = 0U;
+  rand_stack.fst[776U] = 0U;
+  rand_stack.fst[777U] = 0U;
+  rand_stack.fst[778U] = 0U;
+  rand_stack.fst[779U] = 0U;
+  rand_stack.fst[780U] = 0U;
+  rand_stack.fst[781U] = 0U;
+  rand_stack.fst[782U] = 0U;
+  rand_stack.fst[783U] = 0U;
+  rand_stack.fst[784U] = 0U;
+  rand_stack.fst[785U] = 0U;
+  rand_stack.fst[786U] = 0U;
+  rand_stack.fst[787U] = 0U;
+  rand_stack.fst[788U] = 0U;
+  rand_stack.fst[789U] = 0U;
+  rand_stack.fst[790U] = 0U;
+  rand_stack.fst[791U] = 0U;
+  rand_stack.fst[792U] = 0U;
+  rand_stack.fst[793U] = 0U;
+  rand_stack.fst[794U] = 0U;
+  rand_stack.fst[795U] = 0U;
+  rand_stack.fst[796U] = 0U;
+  rand_stack.fst[797U] = 0U;
+  rand_stack.fst[798U] = 0U;
+  rand_stack.fst[799U] = 0U;
+  rand_stack.fst[800U] = 0U;
+  rand_stack.fst[801U] = 0U;
+  rand_stack.fst[802U] = 0U;
+  rand_stack.fst[803U] = 0U;
+  rand_stack.fst[804U] = 0U;
+  rand_stack.fst[805U] = 0U;
+  rand_stack.fst[806U] = 0U;
+  rand_stack.fst[807U] = 0U;
+  rand_stack.fst[808U] = 0U;
+  rand_stack.fst[809U] = 0U;
+  rand_stack.fst[810U] = 0U;
+  rand_stack.fst[811U] = 0U;
+  rand_stack.fst[812U] = 0U;
+  rand_stack.fst[813U] = 0U;
+  rand_stack.fst[814U] = 0U;
+  rand_stack.fst[815U] = 0U;
+  rand_stack.fst[816U] = 0U;
+  rand_stack.fst[817U] = 0U;
+  rand_stack.fst[818U] = 0U;
+  rand_stack.fst[819U] = 0U;
+  rand_stack.fst[820U] = 0U;
+  rand_stack.fst[821U] = 0U;
+  rand_stack.fst[822U] = 0U;
+  rand_stack.fst[823U] = 0U;
+  rand_stack.fst[824U] = 0U;
+  rand_stack.fst[825U] = 0U;
+  rand_stack.fst[826U] = 0U;
+  rand_stack.fst[827U] = 0U;
+  rand_stack.fst[828U] = 0U;
+  rand_stack.fst[829U] = 0U;
+  rand_stack.fst[830U] = 0U;
+  rand_stack.fst[831U] = 0U;
+  rand_stack.fst[832U] = 0U;
+  rand_stack.fst[833U] = 0U;
+  rand_stack.fst[834U] = 0U;
+  rand_stack.fst[835U] = 0U;
+  rand_stack.fst[836U] = 0U;
+  rand_stack.fst[837U] = 0U;
+  rand_stack.fst[838U] = 0U;
+  rand_stack.fst[839U] = 0U;
+  memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t));
+  memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t));
+  rand_stack.f3[0U] = 0U;
+  rand_stack.f3[1U] = 0U;
+  rand_stack.f3[2U] = 0U;
+  rand_stack.f3[3U] = 0U;
+  rand_stack.f3[4U] = 0U;
+  rand_stack.f3[5U] = 0U;
+  rand_stack.f3[6U] = 0U;
+  rand_stack.f3[7U] = 0U;
+  rand_stack.f3[8U] = 0U;
+  rand_stack.f3[9U] = 0U;
+  rand_stack.f3[10U] = 0U;
+  rand_stack.f3[11U] = 0U;
+  rand_stack.f3[12U] = 0U;
+  rand_stack.f3[13U] = 0U;
+  rand_stack.f3[14U] = 0U;
+  rand_stack.f3[15U] = 0U;
+  rand_stack.f3[16U] = 0U;
+  rand_stack.f3[17U] = 0U;
+  rand_stack.f3[18U] = 0U;
+  rand_stack.f3[19U] = 0U;
+  rand_stack.f3[20U] = 0U;
+  rand_stack.f3[21U] = 0U;
+  rand_stack.f3[22U] = 0U;
+  rand_stack.f3[23U] = 0U;
+  rand_stack.f3[24U] = 0U;
+  rand_stack.f3[25U] = 0U;
+  rand_stack.f3[26U] = 0U;
+  rand_stack.f3[27U] = 0U;
+  rand_stack.f3[28U] = 0U;
+  rand_stack.f3[29U] = 0U;
+  rand_stack.f3[30U] = 0U;
+  rand_stack.f3[31U] = 0U;
+  rand_stack.f3[32U] = 0U;
+  rand_stack.f3[33U] = 0U;
+  rand_stack.f3[34U] = 0U;
+  rand_stack.f3[35U] = 0U;
+  rand_stack.f3[36U] = 0U;
+  rand_stack.f3[37U] = 0U;
+  rand_stack.f3[38U] = 0U;
+  rand_stack.f3[39U] = 0U;
+  rand_stack.f3[40U] = 0U;
+  rand_stack.f3[41U] = 0U;
+  rand_stack.f3[42U] = 0U;
+  rand_stack.f3[43U] = 0U;
+  rand_stack.f3[44U] = 0U;
+  rand_stack.f3[45U] = 0U;
+  rand_stack.f3[46U] = 0U;
+  rand_stack.f3[47U] = 0U;
+  rand_stack.f3[48U] = 0U;
+  rand_stack.f3[49U] = 0U;
+  rand_stack.f3[50U] = 0U;
+  rand_stack.f3[51U] = 0U;
+  rand_stack.f3[52U] = 0U;
+  rand_stack.f3[53U] = 0U;
+  rand_stack.f3[54U] = 0U;
+  rand_stack.f3[55U] = 0U;
+  rand_stack.f3[56U] = 0U;
+  rand_stack.f3[57U] = 0U;
+  rand_stack.f3[58U] = 0U;
+  rand_stack.f3[59U] = 0U;
+  rand_stack.f3[60U] = 0U;
+  rand_stack.f3[61U] = 0U;
+  rand_stack.f3[62U] = 0U;
+  rand_stack.f3[63U] = 0U;
+  rand_stack.f3[64U] = 0U;
+  rand_stack.f3[65U] = 0U;
+  rand_stack.f3[66U] = 0U;
+  rand_stack.f3[67U] = 0U;
+  rand_stack.f3[68U] = 0U;
+  rand_stack.f3[69U] = 0U;
+  rand_stack.f3[70U] = 0U;
+  rand_stack.f3[71U] = 0U;
+  rand_stack.f3[72U] = 0U;
+  rand_stack.f3[73U] = 0U;
+  rand_stack.f3[74U] = 0U;
+  rand_stack.f3[75U] = 0U;
+  rand_stack.f3[76U] = 0U;
+  rand_stack.f3[77U] = 0U;
+  rand_stack.f3[78U] = 0U;
+  rand_stack.f3[79U] = 0U;
+  rand_stack.f3[80U] = 0U;
+  rand_stack.f3[81U] = 0U;
+  rand_stack.f3[82U] = 0U;
+  rand_stack.f3[83U] = 0U;
+  rand_stack.f3[84U] = 0U;
+  rand_stack.f3[85U] = 0U;
+  rand_stack.f3[86U] = 0U;
+  rand_stack.f3[87U] = 0U;
+  rand_stack.f3[88U] = 0U;
+  rand_stack.f3[89U] = 0U;
+  rand_stack.f3[90U] = 0U;
+  rand_stack.f3[91U] = 0U;
+  rand_stack.f3[92U] = 0U;
+  rand_stack.f3[93U] = 0U;
+  rand_stack.f3[94U] = 0U;
+  rand_stack.f3[95U] = 0U;
+  rand_stack.f3[96U] = 0U;
+  rand_stack.f3[97U] = 0U;
+  rand_stack.f3[98U] = 0U;
+  rand_stack.f3[99U] = 0U;
+  rand_stack.f3[100U] = 0U;
+  rand_stack.f3[101U] = 0U;
+  rand_stack.f3[102U] = 0U;
+  rand_stack.f3[103U] = 0U;
+  rand_stack.f3[104U] = 0U;
+  rand_stack.f3[105U] = 0U;
+  rand_stack.f3[106U] = 0U;
+  rand_stack.f3[107U] = 0U;
+  rand_stack.f3[108U] = 0U;
+  rand_stack.f3[109U] = 0U;
+  rand_stack.f3[110U] = 0U;
+  rand_stack.f3[111U] = 0U;
+  rand_stack.f3[112U] = 0U;
+  rand_stack.f3[113U] = 0U;
+  rand_stack.f3[114U] = 0U;
+  rand_stack.f3[115U] = 0U;
+  rand_stack.f3[116U] = 0U;
+  rand_stack.f3[117U] = 0U;
+  rand_stack.f3[118U] = 0U;
+  rand_stack.f3[119U] = 0U;
+  rand_stack.f3[120U] = 0U;
+  rand_stack.f3[121U] = 0U;
+  rand_stack.f3[122U] = 0U;
+  rand_stack.f3[123U] = 0U;
+  rand_stack.f3[124U] = 0U;
+  rand_stack.f3[125U] = 0U;
+  rand_stack.f3[126U] = 0U;
+  rand_stack.f3[127U] = 0U;
+  rand_stack.f3[128U] = 0U;
+  rand_stack.f3[129U] = 0U;
+  rand_stack.f3[130U] = 0U;
+  rand_stack.f3[131U] = 0U;
+  rand_stack.f3[132U] = 0U;
+  rand_stack.f3[133U] = 0U;
+  rand_stack.f3[134U] = 0U;
+  rand_stack.f3[135U] = 0U;
+  rand_stack.f3[136U] = 0U;
+  rand_stack.f3[137U] = 0U;
+  rand_stack.f3[138U] = 0U;
+  rand_stack.f3[139U] = 0U;
+  rand_stack.f3[140U] = 0U;
+  rand_stack.f3[141U] = 0U;
+  rand_stack.f3[142U] = 0U;
+  rand_stack.f3[143U] = 0U;
+  rand_stack.f3[144U] = 0U;
+  rand_stack.f3[145U] = 0U;
+  rand_stack.f3[146U] = 0U;
+  rand_stack.f3[147U] = 0U;
+  rand_stack.f3[148U] = 0U;
+  rand_stack.f3[149U] = 0U;
+  rand_stack.f3[150U] = 0U;
+  rand_stack.f3[151U] = 0U;
+  rand_stack.f3[152U] = 0U;
+  rand_stack.f3[153U] = 0U;
+  rand_stack.f3[154U] = 0U;
+  rand_stack.f3[155U] = 0U;
+  rand_stack.f3[156U] = 0U;
+  rand_stack.f3[157U] = 0U;
+  rand_stack.f3[158U] = 0U;
+  rand_stack.f3[159U] = 0U;
+  rand_stack.f3[160U] = 0U;
+  rand_stack.f3[161U] = 0U;
+  rand_stack.f3[162U] = 0U;
+  rand_stack.f3[163U] = 0U;
+  rand_stack.f3[164U] = 0U;
+  rand_stack.f3[165U] = 0U;
+  rand_stack.f3[166U] = 0U;
+  rand_stack.f3[167U] = 0U;
+  rand_stack.f3[168U] = 0U;
+  rand_stack.f3[169U] = 0U;
+  rand_stack.f3[170U] = 0U;
+  rand_stack.f3[171U] = 0U;
+  rand_stack.f3[172U] = 0U;
+  rand_stack.f3[173U] = 0U;
+  rand_stack.f3[174U] = 0U;
+  rand_stack.f3[175U] = 0U;
+  rand_stack.f3[176U] = 0U;
+  rand_stack.f3[177U] = 0U;
+  rand_stack.f3[178U] = 0U;
+  rand_stack.f3[179U] = 0U;
+  rand_stack.f3[180U] = 0U;
+  rand_stack.f3[181U] = 0U;
+  rand_stack.f3[182U] = 0U;
+  rand_stack.f3[183U] = 0U;
+  rand_stack.f3[184U] = 0U;
+  rand_stack.f3[185U] = 0U;
+  rand_stack.f3[186U] = 0U;
+  rand_stack.f3[187U] = 0U;
+  rand_stack.f3[188U] = 0U;
+  rand_stack.f3[189U] = 0U;
+  rand_stack.f3[190U] = 0U;
+  rand_stack.f3[191U] = 0U;
+  rand_stack.f3[192U] = 0U;
+  rand_stack.f3[193U] = 0U;
+  rand_stack.f3[194U] = 0U;
+  rand_stack.f3[195U] = 0U;
+  rand_stack.f3[196U] = 0U;
+  rand_stack.f3[197U] = 0U;
+  rand_stack.f3[198U] = 0U;
+  rand_stack.f3[199U] = 0U;
+  rand_stack.f3[200U] = 0U;
+  rand_stack.f3[201U] = 0U;
+  rand_stack.f3[202U] = 0U;
+  rand_stack.f3[203U] = 0U;
+  rand_stack.f3[204U] = 0U;
+  rand_stack.f3[205U] = 0U;
+  rand_stack.f3[206U] = 0U;
+  rand_stack.f3[207U] = 0U;
+  rand_stack.f3[208U] = 0U;
+  rand_stack.f3[209U] = 0U;
+  rand_stack.f3[210U] = 0U;
+  rand_stack.f3[211U] = 0U;
+  rand_stack.f3[212U] = 0U;
+  rand_stack.f3[213U] = 0U;
+  rand_stack.f3[214U] = 0U;
+  rand_stack.f3[215U] = 0U;
+  rand_stack.f3[216U] = 0U;
+  rand_stack.f3[217U] = 0U;
+  rand_stack.f3[218U] = 0U;
+  rand_stack.f3[219U] = 0U;
+  rand_stack.f3[220U] = 0U;
+  rand_stack.f3[221U] = 0U;
+  rand_stack.f3[222U] = 0U;
+  rand_stack.f3[223U] = 0U;
+  rand_stack.f3[224U] = 0U;
+  rand_stack.f3[225U] = 0U;
+  rand_stack.f3[226U] = 0U;
+  rand_stack.f3[227U] = 0U;
+  rand_stack.f3[228U] = 0U;
+  rand_stack.f3[229U] = 0U;
+  rand_stack.f3[230U] = 0U;
+  rand_stack.f3[231U] = 0U;
+  rand_stack.f3[232U] = 0U;
+  rand_stack.f3[233U] = 0U;
+  rand_stack.f3[234U] = 0U;
+  rand_stack.f3[235U] = 0U;
+  rand_stack.f3[236U] = 0U;
+  rand_stack.f3[237U] = 0U;
+  rand_stack.f3[238U] = 0U;
+  rand_stack.f3[239U] = 0U;
+  rand_stack.f3[240U] = 0U;
+  rand_stack.f3[241U] = 0U;
+  rand_stack.f3[242U] = 0U;
+  rand_stack.f3[243U] = 0U;
+  rand_stack.f3[244U] = 0U;
+  rand_stack.f3[245U] = 0U;
+  rand_stack.f3[246U] = 0U;
+  rand_stack.f3[247U] = 0U;
+  rand_stack.f3[248U] = 0U;
+  rand_stack.f3[249U] = 0U;
+  rand_stack.f3[250U] = 0U;
+  rand_stack.f3[251U] = 0U;
+  rand_stack.f3[252U] = 0U;
+  rand_stack.f3[253U] = 0U;
+  rand_stack.f3[254U] = 0U;
+  rand_stack.f3[255U] = 0U;
+  rand_stack.f3[256U] = 0U;
+  rand_stack.f3[257U] = 0U;
+  rand_stack.f3[258U] = 0U;
+  rand_stack.f3[259U] = 0U;
+  rand_stack.f3[260U] = 0U;
+  rand_stack.f3[261U] = 0U;
+  rand_stack.f3[262U] = 0U;
+  rand_stack.f3[263U] = 0U;
+  rand_stack.f3[264U] = 0U;
+  rand_stack.f3[265U] = 0U;
+  rand_stack.f3[266U] = 0U;
+  rand_stack.f3[267U] = 0U;
+  rand_stack.f3[268U] = 0U;
+  rand_stack.f3[269U] = 0U;
+  rand_stack.f3[270U] = 0U;
+  rand_stack.f3[271U] = 0U;
+  rand_stack.f3[272U] = 0U;
+  rand_stack.f3[273U] = 0U;
+  rand_stack.f3[274U] = 0U;
+  rand_stack.f3[275U] = 0U;
+  rand_stack.f3[276U] = 0U;
+  rand_stack.f3[277U] = 0U;
+  rand_stack.f3[278U] = 0U;
+  rand_stack.f3[279U] = 0U;
+  rand_stack.f3[280U] = 0U;
+  rand_stack.f3[281U] = 0U;
+  rand_stack.f3[282U] = 0U;
+  rand_stack.f3[283U] = 0U;
+  rand_stack.f3[284U] = 0U;
+  rand_stack.f3[285U] = 0U;
+  rand_stack.f3[286U] = 0U;
+  rand_stack.f3[287U] = 0U;
+  rand_stack.f3[288U] = 0U;
+  rand_stack.f3[289U] = 0U;
+  rand_stack.f3[290U] = 0U;
+  rand_stack.f3[291U] = 0U;
+  rand_stack.f3[292U] = 0U;
+  rand_stack.f3[293U] = 0U;
+  rand_stack.f3[294U] = 0U;
+  rand_stack.f3[295U] = 0U;
+  rand_stack.f3[296U] = 0U;
+  rand_stack.f3[297U] = 0U;
+  rand_stack.f3[298U] = 0U;
+  rand_stack.f3[299U] = 0U;
+  rand_stack.f3[300U] = 0U;
+  rand_stack.f3[301U] = 0U;
+  rand_stack.f3[302U] = 0U;
+  rand_stack.f3[303U] = 0U;
+  rand_stack.f3[304U] = 0U;
+  rand_stack.f3[305U] = 0U;
+  rand_stack.f3[306U] = 0U;
+  rand_stack.f3[307U] = 0U;
+  rand_stack.f3[308U] = 0U;
+  rand_stack.f3[309U] = 0U;
+  rand_stack.f3[310U] = 0U;
+  rand_stack.f3[311U] = 0U;
+  rand_stack.f3[312U] = 0U;
+  rand_stack.f3[313U] = 0U;
+  rand_stack.f3[314U] = 0U;
+  rand_stack.f3[315U] = 0U;
+  rand_stack.f3[316U] = 0U;
+  rand_stack.f3[317U] = 0U;
+  rand_stack.f3[318U] = 0U;
+  rand_stack.f3[319U] = 0U;
+  rand_stack.f3[320U] = 0U;
+  rand_stack.f3[321U] = 0U;
+  rand_stack.f3[322U] = 0U;
+  rand_stack.f3[323U] = 0U;
+  rand_stack.f3[324U] = 0U;
+  rand_stack.f3[325U] = 0U;
+  rand_stack.f3[326U] = 0U;
+  rand_stack.f3[327U] = 0U;
+  rand_stack.f3[328U] = 0U;
+  rand_stack.f3[329U] = 0U;
+  rand_stack.f3[330U] = 0U;
+  rand_stack.f3[331U] = 0U;
+  rand_stack.f3[332U] = 0U;
+  rand_stack.f3[333U] = 0U;
+  rand_stack.f3[334U] = 0U;
+  rand_stack.f3[335U] = 0U;
+  rand_stack.f3[336U] = 0U;
+  rand_stack.f3[337U] = 0U;
+  rand_stack.f3[338U] = 0U;
+  rand_stack.f3[339U] = 0U;
+  rand_stack.f3[340U] = 0U;
+  rand_stack.f3[341U] = 0U;
+  rand_stack.f3[342U] = 0U;
+  rand_stack.f3[343U] = 0U;
+  rand_stack.f3[344U] = 0U;
+  rand_stack.f3[345U] = 0U;
+  rand_stack.f3[346U] = 0U;
+  rand_stack.f3[347U] = 0U;
+  rand_stack.f3[348U] = 0U;
+  rand_stack.f3[349U] = 0U;
+  rand_stack.f3[350U] = 0U;
+  rand_stack.f3[351U] = 0U;
+  rand_stack.f3[352U] = 0U;
+  rand_stack.f3[353U] = 0U;
+  rand_stack.f3[354U] = 0U;
+  rand_stack.f3[355U] = 0U;
+  rand_stack.f3[356U] = 0U;
+  rand_stack.f3[357U] = 0U;
+  rand_stack.f3[358U] = 0U;
+  rand_stack.f3[359U] = 0U;
+  rand_stack.f3[360U] = 0U;
+  rand_stack.f3[361U] = 0U;
+  rand_stack.f3[362U] = 0U;
+  rand_stack.f3[363U] = 0U;
+  rand_stack.f3[364U] = 0U;
+  rand_stack.f3[365U] = 0U;
+  rand_stack.f3[366U] = 0U;
+  rand_stack.f3[367U] = 0U;
+  rand_stack.f3[368U] = 0U;
+  rand_stack.f3[369U] = 0U;
+  rand_stack.f3[370U] = 0U;
+  rand_stack.f3[371U] = 0U;
+  rand_stack.f3[372U] = 0U;
+  rand_stack.f3[373U] = 0U;
+  rand_stack.f3[374U] = 0U;
+  rand_stack.f3[375U] = 0U;
+  rand_stack.f3[376U] = 0U;
+  rand_stack.f3[377U] = 0U;
+  rand_stack.f3[378U] = 0U;
+  rand_stack.f3[379U] = 0U;
+  rand_stack.f3[380U] = 0U;
+  rand_stack.f3[381U] = 0U;
+  rand_stack.f3[382U] = 0U;
+  rand_stack.f3[383U] = 0U;
+  rand_stack.f3[384U] = 0U;
+  rand_stack.f3[385U] = 0U;
+  rand_stack.f3[386U] = 0U;
+  rand_stack.f3[387U] = 0U;
+  rand_stack.f3[388U] = 0U;
+  rand_stack.f3[389U] = 0U;
+  rand_stack.f3[390U] = 0U;
+  rand_stack.f3[391U] = 0U;
+  rand_stack.f3[392U] = 0U;
+  rand_stack.f3[393U] = 0U;
+  rand_stack.f3[394U] = 0U;
+  rand_stack.f3[395U] = 0U;
+  rand_stack.f3[396U] = 0U;
+  rand_stack.f3[397U] = 0U;
+  rand_stack.f3[398U] = 0U;
+  rand_stack.f3[399U] = 0U;
+  rand_stack.f3[400U] = 0U;
+  rand_stack.f3[401U] = 0U;
+  rand_stack.f3[402U] = 0U;
+  rand_stack.f3[403U] = 0U;
+  rand_stack.f3[404U] = 0U;
+  rand_stack.f3[405U] = 0U;
+  rand_stack.f3[406U] = 0U;
+  rand_stack.f3[407U] = 0U;
+  rand_stack.f3[408U] = 0U;
+  rand_stack.f3[409U] = 0U;
+  rand_stack.f3[410U] = 0U;
+  rand_stack.f3[411U] = 0U;
+  rand_stack.f3[412U] = 0U;
+  rand_stack.f3[413U] = 0U;
+  rand_stack.f3[414U] = 0U;
+  rand_stack.f3[415U] = 0U;
+  rand_stack.f3[416U] = 0U;
+  rand_stack.f3[417U] = 0U;
+  rand_stack.f3[418U] = 0U;
+  rand_stack.f3[419U] = 0U;
+  rand_stack.f3[420U] = 0U;
+  rand_stack.f3[421U] = 0U;
+  rand_stack.f3[422U] = 0U;
+  rand_stack.f3[423U] = 0U;
+  rand_stack.f3[424U] = 0U;
+  rand_stack.f3[425U] = 0U;
+  rand_stack.f3[426U] = 0U;
+  rand_stack.f3[427U] = 0U;
+  rand_stack.f3[428U] = 0U;
+  rand_stack.f3[429U] = 0U;
+  rand_stack.f3[430U] = 0U;
+  rand_stack.f3[431U] = 0U;
+  rand_stack.f3[432U] = 0U;
+  rand_stack.f3[433U] = 0U;
+  rand_stack.f3[434U] = 0U;
+  rand_stack.f3[435U] = 0U;
+  rand_stack.f3[436U] = 0U;
+  rand_stack.f3[437U] = 0U;
+  rand_stack.f3[438U] = 0U;
+  rand_stack.f3[439U] = 0U;
+  rand_stack.f3[440U] = 0U;
+  rand_stack.f3[441U] = 0U;
+  rand_stack.f3[442U] = 0U;
+  rand_stack.f3[443U] = 0U;
+  rand_stack.f3[444U] = 0U;
+  rand_stack.f3[445U] = 0U;
+  rand_stack.f3[446U] = 0U;
+  rand_stack.f3[447U] = 0U;
+  rand_stack.f3[448U] = 0U;
+  rand_stack.f3[449U] = 0U;
+  rand_stack.f3[450U] = 0U;
+  rand_stack.f3[451U] = 0U;
+  rand_stack.f3[452U] = 0U;
+  rand_stack.f3[453U] = 0U;
+  rand_stack.f3[454U] = 0U;
+  rand_stack.f3[455U] = 0U;
+  rand_stack.f3[456U] = 0U;
+  rand_stack.f3[457U] = 0U;
+  rand_stack.f3[458U] = 0U;
+  rand_stack.f3[459U] = 0U;
+  rand_stack.f3[460U] = 0U;
+  rand_stack.f3[461U] = 0U;
+  rand_stack.f3[462U] = 0U;
+  rand_stack.f3[463U] = 0U;
+  rand_stack.f3[464U] = 0U;
+  rand_stack.f3[465U] = 0U;
+  rand_stack.f3[466U] = 0U;
+  rand_stack.f3[467U] = 0U;
+  rand_stack.f3[468U] = 0U;
+  rand_stack.f3[469U] = 0U;
+  rand_stack.f3[470U] = 0U;
+  rand_stack.f3[471U] = 0U;
+  rand_stack.f3[472U] = 0U;
+  rand_stack.f3[473U] = 0U;
+  rand_stack.f3[474U] = 0U;
+  rand_stack.f3[475U] = 0U;
+  rand_stack.f3[476U] = 0U;
+  rand_stack.f3[477U] = 0U;
+  rand_stack.f3[478U] = 0U;
+  rand_stack.f3[479U] = 0U;
+  rand_stack.f3[480U] = 0U;
+  rand_stack.f3[481U] = 0U;
+  rand_stack.f3[482U] = 0U;
+  rand_stack.f3[483U] = 0U;
+  rand_stack.f3[484U] = 0U;
+  rand_stack.f3[485U] = 0U;
+  rand_stack.f3[486U] = 0U;
+  rand_stack.f3[487U] = 0U;
+  rand_stack.f3[488U] = 0U;
+  rand_stack.f3[489U] = 0U;
+  rand_stack.f3[490U] = 0U;
+  rand_stack.f3[491U] = 0U;
+  rand_stack.f3[492U] = 0U;
+  rand_stack.f3[493U] = 0U;
+  rand_stack.f3[494U] = 0U;
+  rand_stack.f3[495U] = 0U;
+  rand_stack.f3[496U] = 0U;
+  rand_stack.f3[497U] = 0U;
+  rand_stack.f3[498U] = 0U;
+  rand_stack.f3[499U] = 0U;
+  rand_stack.f3[500U] = 0U;
+  rand_stack.f3[501U] = 0U;
+  rand_stack.f3[502U] = 0U;
+  rand_stack.f3[503U] = 0U;
+  rand_stack.f3[504U] = 0U;
+  rand_stack.f3[505U] = 0U;
+  rand_stack.f3[506U] = 0U;
+  rand_stack.f3[507U] = 0U;
+  rand_stack.f3[508U] = 0U;
+  rand_stack.f3[509U] = 0U;
+  rand_stack.f3[510U] = 0U;
+  rand_stack.f3[511U] = 0U;
+  rand_stack.f3[512U] = 0U;
+  rand_stack.f3[513U] = 0U;
+  rand_stack.f3[514U] = 0U;
+  rand_stack.f3[515U] = 0U;
+  rand_stack.f3[516U] = 0U;
+  rand_stack.f3[517U] = 0U;
+  rand_stack.f3[518U] = 0U;
+  rand_stack.f3[519U] = 0U;
+  rand_stack.f3[520U] = 0U;
+  rand_stack.f3[521U] = 0U;
+  rand_stack.f3[522U] = 0U;
+  rand_stack.f3[523U] = 0U;
+  rand_stack.f3[524U] = 0U;
+  rand_stack.f3[525U] = 0U;
+  rand_stack.f3[526U] = 0U;
+  rand_stack.f3[527U] = 0U;
+  rand_stack.f3[528U] = 0U;
+  rand_stack.f3[529U] = 0U;
+  rand_stack.f3[530U] = 0U;
+  rand_stack.f3[531U] = 0U;
+  rand_stack.f3[532U] = 0U;
+  rand_stack.f3[533U] = 0U;
+  rand_stack.f3[534U] = 0U;
+  rand_stack.f3[535U] = 0U;
+  rand_stack.f3[536U] = 0U;
+  rand_stack.f3[537U] = 0U;
+  rand_stack.f3[538U] = 0U;
+  rand_stack.f3[539U] = 0U;
+  rand_stack.f3[540U] = 0U;
+  rand_stack.f3[541U] = 0U;
+  rand_stack.f3[542U] = 0U;
+  rand_stack.f3[543U] = 0U;
+  rand_stack.f3[544U] = 0U;
+  rand_stack.f3[545U] = 0U;
+  rand_stack.f3[546U] = 0U;
+  rand_stack.f3[547U] = 0U;
+  rand_stack.f3[548U] = 0U;
+  rand_stack.f3[549U] = 0U;
+  rand_stack.f3[550U] = 0U;
+  rand_stack.f3[551U] = 0U;
+  rand_stack.f3[552U] = 0U;
+  rand_stack.f3[553U] = 0U;
+  rand_stack.f3[554U] = 0U;
+  rand_stack.f3[555U] = 0U;
+  rand_stack.f3[556U] = 0U;
+  rand_stack.f3[557U] = 0U;
+  rand_stack.f3[558U] = 0U;
+  rand_stack.f3[559U] = 0U;
+  rand_stack.f3[560U] = 0U;
+  rand_stack.f3[561U] = 0U;
+  rand_stack.f3[562U] = 0U;
+  rand_stack.f3[563U] = 0U;
+  rand_stack.f3[564U] = 0U;
+  rand_stack.f3[565U] = 0U;
+  rand_stack.f3[566U] = 0U;
+  rand_stack.f3[567U] = 0U;
+  rand_stack.f3[568U] = 0U;
+  rand_stack.f3[569U] = 0U;
+  rand_stack.f3[570U] = 0U;
+  rand_stack.f3[571U] = 0U;
+  rand_stack.f3[572U] = 0U;
+  rand_stack.f3[573U] = 0U;
+  rand_stack.f3[574U] = 0U;
+  rand_stack.f3[575U] = 0U;
+  rand_stack.f3[576U] = 0U;
+  rand_stack.f3[577U] = 0U;
+  rand_stack.f3[578U] = 0U;
+  rand_stack.f3[579U] = 0U;
+  rand_stack.f3[580U] = 0U;
+  rand_stack.f3[581U] = 0U;
+  rand_stack.f3[582U] = 0U;
+  rand_stack.f3[583U] = 0U;
+  rand_stack.f3[584U] = 0U;
+  rand_stack.f3[585U] = 0U;
+  rand_stack.f3[586U] = 0U;
+  rand_stack.f3[587U] = 0U;
+  rand_stack.f3[588U] = 0U;
+  rand_stack.f3[589U] = 0U;
+  rand_stack.f3[590U] = 0U;
+  rand_stack.f3[591U] = 0U;
+  rand_stack.f3[592U] = 0U;
+  rand_stack.f3[593U] = 0U;
+  rand_stack.f3[594U] = 0U;
+  rand_stack.f3[595U] = 0U;
+  rand_stack.f3[596U] = 0U;
+  rand_stack.f3[597U] = 0U;
+  rand_stack.f3[598U] = 0U;
+  rand_stack.f3[599U] = 0U;
+  rand_stack.f3[600U] = 0U;
+  rand_stack.f3[601U] = 0U;
+  rand_stack.f3[602U] = 0U;
+  rand_stack.f3[603U] = 0U;
+  rand_stack.f3[604U] = 0U;
+  rand_stack.f3[605U] = 0U;
+  rand_stack.f3[606U] = 0U;
+  rand_stack.f3[607U] = 0U;
+  rand_stack.f3[608U] = 0U;
+  rand_stack.f3[609U] = 0U;
+  rand_stack.f3[610U] = 0U;
+  rand_stack.f3[611U] = 0U;
+  rand_stack.f3[612U] = 0U;
+  rand_stack.f3[613U] = 0U;
+  rand_stack.f3[614U] = 0U;
+  rand_stack.f3[615U] = 0U;
+  rand_stack.f3[616U] = 0U;
+  rand_stack.f3[617U] = 0U;
+  rand_stack.f3[618U] = 0U;
+  rand_stack.f3[619U] = 0U;
+  rand_stack.f3[620U] = 0U;
+  rand_stack.f3[621U] = 0U;
+  rand_stack.f3[622U] = 0U;
+  rand_stack.f3[623U] = 0U;
+  rand_stack.f3[624U] = 0U;
+  rand_stack.f3[625U] = 0U;
+  rand_stack.f3[626U] = 0U;
+  rand_stack.f3[627U] = 0U;
+  rand_stack.f3[628U] = 0U;
+  rand_stack.f3[629U] = 0U;
+  rand_stack.f3[630U] = 0U;
+  rand_stack.f3[631U] = 0U;
+  rand_stack.f3[632U] = 0U;
+  rand_stack.f3[633U] = 0U;
+  rand_stack.f3[634U] = 0U;
+  rand_stack.f3[635U] = 0U;
+  rand_stack.f3[636U] = 0U;
+  rand_stack.f3[637U] = 0U;
+  rand_stack.f3[638U] = 0U;
+  rand_stack.f3[639U] = 0U;
+  rand_stack.f3[640U] = 0U;
+  rand_stack.f3[641U] = 0U;
+  rand_stack.f3[642U] = 0U;
+  rand_stack.f3[643U] = 0U;
+  rand_stack.f3[644U] = 0U;
+  rand_stack.f3[645U] = 0U;
+  rand_stack.f3[646U] = 0U;
+  rand_stack.f3[647U] = 0U;
+  rand_stack.f3[648U] = 0U;
+  rand_stack.f3[649U] = 0U;
+  rand_stack.f3[650U] = 0U;
+  rand_stack.f3[651U] = 0U;
+  rand_stack.f3[652U] = 0U;
+  rand_stack.f3[653U] = 0U;
+  rand_stack.f3[654U] = 0U;
+  rand_stack.f3[655U] = 0U;
+  rand_stack.f3[656U] = 0U;
+  rand_stack.f3[657U] = 0U;
+  rand_stack.f3[658U] = 0U;
+  rand_stack.f3[659U] = 0U;
+  rand_stack.f3[660U] = 0U;
+  rand_stack.f3[661U] = 0U;
+  rand_stack.f3[662U] = 0U;
+  rand_stack.f3[663U] = 0U;
+  rand_stack.f3[664U] = 0U;
+  rand_stack.f3[665U] = 0U;
+  rand_stack.f3[666U] = 0U;
+  rand_stack.f3[667U] = 0U;
+  rand_stack.f3[668U] = 0U;
+  rand_stack.f3[669U] = 0U;
+  rand_stack.f3[670U] = 0U;
+  rand_stack.f3[671U] = 0U;
+  rand_stack.f3[672U] = 0U;
+  rand_stack.f3[673U] = 0U;
+  rand_stack.f3[674U] = 0U;
+  rand_stack.f3[675U] = 0U;
+  rand_stack.f3[676U] = 0U;
+  rand_stack.f3[677U] = 0U;
+  rand_stack.f3[678U] = 0U;
+  rand_stack.f3[679U] = 0U;
+  rand_stack.f3[680U] = 0U;
+  rand_stack.f3[681U] = 0U;
+  rand_stack.f3[682U] = 0U;
+  rand_stack.f3[683U] = 0U;
+  rand_stack.f3[684U] = 0U;
+  rand_stack.f3[685U] = 0U;
+  rand_stack.f3[686U] = 0U;
+  rand_stack.f3[687U] = 0U;
+  rand_stack.f3[688U] = 0U;
+  rand_stack.f3[689U] = 0U;
+  rand_stack.f3[690U] = 0U;
+  rand_stack.f3[691U] = 0U;
+  rand_stack.f3[692U] = 0U;
+  rand_stack.f3[693U] = 0U;
+  rand_stack.f3[694U] = 0U;
+  rand_stack.f3[695U] = 0U;
+  rand_stack.f3[696U] = 0U;
+  rand_stack.f3[697U] = 0U;
+  rand_stack.f3[698U] = 0U;
+  rand_stack.f3[699U] = 0U;
+  rand_stack.f3[700U] = 0U;
+  rand_stack.f3[701U] = 0U;
+  rand_stack.f3[702U] = 0U;
+  rand_stack.f3[703U] = 0U;
+  rand_stack.f3[704U] = 0U;
+  rand_stack.f3[705U] = 0U;
+  rand_stack.f3[706U] = 0U;
+  rand_stack.f3[707U] = 0U;
+  rand_stack.f3[708U] = 0U;
+  rand_stack.f3[709U] = 0U;
+  rand_stack.f3[710U] = 0U;
+  rand_stack.f3[711U] = 0U;
+  rand_stack.f3[712U] = 0U;
+  rand_stack.f3[713U] = 0U;
+  rand_stack.f3[714U] = 0U;
+  rand_stack.f3[715U] = 0U;
+  rand_stack.f3[716U] = 0U;
+  rand_stack.f3[717U] = 0U;
+  rand_stack.f3[718U] = 0U;
+  rand_stack.f3[719U] = 0U;
+  rand_stack.f3[720U] = 0U;
+  rand_stack.f3[721U] = 0U;
+  rand_stack.f3[722U] = 0U;
+  rand_stack.f3[723U] = 0U;
+  rand_stack.f3[724U] = 0U;
+  rand_stack.f3[725U] = 0U;
+  rand_stack.f3[726U] = 0U;
+  rand_stack.f3[727U] = 0U;
+  rand_stack.f3[728U] = 0U;
+  rand_stack.f3[729U] = 0U;
+  rand_stack.f3[730U] = 0U;
+  rand_stack.f3[731U] = 0U;
+  rand_stack.f3[732U] = 0U;
+  rand_stack.f3[733U] = 0U;
+  rand_stack.f3[734U] = 0U;
+  rand_stack.f3[735U] = 0U;
+  rand_stack.f3[736U] = 0U;
+  rand_stack.f3[737U] = 0U;
+  rand_stack.f3[738U] = 0U;
+  rand_stack.f3[739U] = 0U;
+  rand_stack.f3[740U] = 0U;
+  rand_stack.f3[741U] = 0U;
+  rand_stack.f3[742U] = 0U;
+  rand_stack.f3[743U] = 0U;
+  rand_stack.f3[744U] = 0U;
+  rand_stack.f3[745U] = 0U;
+  rand_stack.f3[746U] = 0U;
+  rand_stack.f3[747U] = 0U;
+  rand_stack.f3[748U] = 0U;
+  rand_stack.f3[749U] = 0U;
+  rand_stack.f3[750U] = 0U;
+  rand_stack.f3[751U] = 0U;
+  rand_stack.f3[752U] = 0U;
+  rand_stack.f3[753U] = 0U;
+  rand_stack.f3[754U] = 0U;
+  rand_stack.f3[755U] = 0U;
+  rand_stack.f3[756U] = 0U;
+  rand_stack.f3[757U] = 0U;
+  rand_stack.f3[758U] = 0U;
+  rand_stack.f3[759U] = 0U;
+  rand_stack.f3[760U] = 0U;
+  rand_stack.f3[761U] = 0U;
+  rand_stack.f3[762U] = 0U;
+  rand_stack.f3[763U] = 0U;
+  rand_stack.f3[764U] = 0U;
+  rand_stack.f3[765U] = 0U;
+  rand_stack.f3[766U] = 0U;
+  rand_stack.f3[767U] = 0U;
+  rand_stack.f3[768U] = 0U;
+  rand_stack.f3[769U] = 0U;
+  rand_stack.f3[770U] = 0U;
+  rand_stack.f3[771U] = 0U;
+  rand_stack.f3[772U] = 0U;
+  rand_stack.f3[773U] = 0U;
+  rand_stack.f3[774U] = 0U;
+  rand_stack.f3[775U] = 0U;
+  rand_stack.f3[776U] = 0U;
+  rand_stack.f3[777U] = 0U;
+  rand_stack.f3[778U] = 0U;
+  rand_stack.f3[779U] = 0U;
+  rand_stack.f3[780U] = 0U;
+  rand_stack.f3[781U] = 0U;
+  rand_stack.f3[782U] = 0U;
+  rand_stack.f3[783U] = 0U;
+  rand_stack.f3[784U] = 0U;
+  rand_stack.f3[785U] = 0U;
+  rand_stack.f3[786U] = 0U;
+  rand_stack.f3[787U] = 0U;
+  rand_stack.f3[788U] = 0U;
+  rand_stack.f3[789U] = 0U;
+  rand_stack.f3[790U] = 0U;
+  rand_stack.f3[791U] = 0U;
+  rand_stack.f3[792U] = 0U;
+  rand_stack.f3[793U] = 0U;
+  rand_stack.f3[794U] = 0U;
+  rand_stack.f3[795U] = 0U;
+  rand_stack.f3[796U] = 0U;
+  rand_stack.f3[797U] = 0U;
+  rand_stack.f3[798U] = 0U;
+  rand_stack.f3[799U] = 0U;
+  rand_stack.f3[800U] = 0U;
+  rand_stack.f3[801U] = 0U;
+  rand_stack.f3[802U] = 0U;
+  rand_stack.f3[803U] = 0U;
+  rand_stack.f3[804U] = 0U;
+  rand_stack.f3[805U] = 0U;
+  rand_stack.f3[806U] = 0U;
+  rand_stack.f3[807U] = 0U;
+  rand_stack.f3[808U] = 0U;
+  rand_stack.f3[809U] = 0U;
+  rand_stack.f3[810U] = 0U;
+  rand_stack.f3[811U] = 0U;
+  rand_stack.f3[812U] = 0U;
+  rand_stack.f3[813U] = 0U;
+  rand_stack.f3[814U] = 0U;
+  rand_stack.f3[815U] = 0U;
+  rand_stack.f3[816U] = 0U;
+  rand_stack.f3[817U] = 0U;
+  rand_stack.f3[818U] = 0U;
+  rand_stack.f3[819U] = 0U;
+  rand_stack.f3[820U] = 0U;
+  rand_stack.f3[821U] = 0U;
+  rand_stack.f3[822U] = 0U;
+  rand_stack.f3[823U] = 0U;
+  rand_stack.f3[824U] = 0U;
+  rand_stack.f3[825U] = 0U;
+  rand_stack.f3[826U] = 0U;
+  rand_stack.f3[827U] = 0U;
+  rand_stack.f3[828U] = 0U;
+  rand_stack.f3[829U] = 0U;
+  rand_stack.f3[830U] = 0U;
+  rand_stack.f3[831U] = 0U;
+  rand_stack.f3[832U] = 0U;
+  rand_stack.f3[833U] = 0U;
+  rand_stack.f3[834U] = 0U;
+  rand_stack.f3[835U] = 0U;
+  rand_stack.f3[836U] = 0U;
+  rand_stack.f3[837U] = 0U;
+  rand_stack.f3[838U] = 0U;
+  rand_stack.f3[839U] = 0U;
+  int32_t tmp_stack[4U][263U] = {{0U}};
+  size_t_x2 buf0[0U] = {};
+  libcrux_ml_dsa_sample_SampleArgs_c5 memory = libcrux_ml_dsa_sample_new_29_4f(
+      &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A,
+      Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2));
+  size_t_x2 buf[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2);
+  uint8_t uu____2[34U];
+  memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____2,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})),
+      &memory);
+  size_t_x2 buf1[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2);
+  uint8_t uu____3[34U];
+  memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____3,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})),
+      &memory);
+  size_t_x2 buf2[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2);
+  uint8_t uu____4[34U];
+  memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____4,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})),
+      &memory);
+  size_t_x2 buf3[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2);
+  uint8_t uu____5[34U];
+  memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____5,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})),
+      &memory);
+  size_t_x2 buf4[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2);
+  uint8_t uu____6[34U];
+  memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____6,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})),
+      &memory);
+  size_t_x2 buf5[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2);
+  uint8_t uu____7[34U];
+  memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____7,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})),
+      &memory);
+  size_t_x2 buf6[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2);
+  uint8_t uu____8[34U];
+  memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____8,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})),
+      &memory);
+  size_t_x2 buf7[2U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})};
+  memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2);
+  uint8_t uu____9[34U];
+  memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
+      uu____9,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})),
+      &memory);
   memcpy(ret, A,
          (size_t)6U *
              sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A
+A monomorphic instance of libcrux_ml_dsa.samplex4.avx2.matrix_A_avx2
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe(
+static inline void libcrux_ml_dsa_samplex4_avx2_matrix_A_avx2_fe(
     uint8_t seed[34U],
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
   uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)6U, .snd = (uint8_t)(size_t)5U};
   switch (uu____0.fst) {
-    case 4U: {
-      switch (uu____0.snd) {
-        case 4U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[34U];
-          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-          libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
-          libcrux_ml_dsa_samplex4_matrix_A_4_by_4_fe(copy_of_seed, ret0);
-          memcpy(
-              ret, ret0,
-              (size_t)6U *
-                  sizeof(
-                      libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
-          return;
-        }
-        default: {
-        }
-      }
-      break;
-    }
     case 6U: {
       switch (uu____0.snd) {
         case 5U: {
@@ -4169,27 +5239,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe(
           uint8_t copy_of_seed[34U];
           memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
           libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
-          libcrux_ml_dsa_samplex4_matrix_A_6_by_5_fe(copy_of_seed, ret0);
-          memcpy(
-              ret, ret0,
-              (size_t)6U *
-                  sizeof(
-                      libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
-          return;
-        }
-        default: {
-        }
-      }
-      break;
-    }
-    case 8U: {
-      switch (uu____0.snd) {
-        case 7U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[34U];
-          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-          libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
-          libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe(copy_of_seed, ret0);
+          libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(copy_of_seed, ret0);
           memcpy(
               ret, ret0,
               (size_t)6U *
@@ -4210,6 +5260,31 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe(
   KRML_HOST_EXIT(255U);
 }
 
+/**
+This function found in impl {(libcrux_ml_dsa::samplex4::X4Sampler for
+libcrux_ml_dsa::samplex4::avx2::AVX2Sampler)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.avx2.matrix_A_b8
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U];
+  libcrux_ml_dsa_samplex4_avx2_matrix_A_avx2_fe(copy_of_seed, ret0);
+  memcpy(ret, ret0,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
+}
+
 /**
 A monomorphic instance of K.
 with types libcrux_ml_dsa_polynomial_PolynomialRingElement
@@ -4223,6 +5298,14 @@ typedef struct tuple_ce0_s {
   libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd[6U];
 } tuple_ce0;
 
+typedef struct
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 thd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f3;
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4;
+
 /**
 A monomorphic instance of
 libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_2 with types
@@ -4305,6 +5388,35 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
       randomness, sampled, out);
 }
 
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
+        Eurydice_slice_subslice2(
+            array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+            int32_t));
+  }
+  return result;
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
@@ -5134,6 +6246,7 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.generate_key_pair
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
@@ -5147,7 +6260,7 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE tuple_a0
-libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(uint8_t randomness[32U]) {
+libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_90(uint8_t randomness[32U]) {
   uint8_t seed_expanded0[128U] = {0U};
   libcrux_sha3_portable_incremental_Shake256Xof shake =
       libcrux_ml_dsa_hash_functions_portable_init_83();
@@ -5172,7 +6285,7 @@ libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(uint8_t randomness[32U]) {
   libcrux_ml_dsa_polynomial_PolynomialRingElement_24 a_as_ntt[6U][5U];
   uint8_t ret[34U];
   libcrux_ml_dsa_utils_into_padded_array_b6(seed_for_a, ret);
-  libcrux_ml_dsa_samplex4_matrix_A_fe(ret, a_as_ntt);
+  libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(ret, a_as_ntt);
   uint8_t ret0[66U];
   libcrux_ml_dsa_utils_into_padded_array_20(seed_for_error_vectors, ret0);
   tuple_ce0 uu____2 = libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(ret0);
@@ -5270,7 +6383,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_generate_key_pair
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(copy_of_randomness);
+  return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_90(copy_of_randomness);
 }
 
 /**
@@ -5646,7 +6759,7 @@ libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t]
 
 */
 typedef struct Option_a4_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f0[5U];
 } Option_a4;
 
@@ -6806,6 +7919,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_signature_serialize_92_cc(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
@@ -6826,7 +7940,7 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
 - SIGNATURE_SIZE= 3309
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_6b(
     uint8_t *signing_key, Eurydice_slice message,
     Option_84 domain_separation_context, uint8_t randomness[32U]) {
   tuple_f00 uu____0 =
@@ -6853,7 +7967,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
   uint8_t ret[34U];
   libcrux_ml_dsa_utils_into_padded_array_b6(
       Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
-  libcrux_ml_dsa_samplex4_matrix_A_fe(ret, A_as_ntt);
+  libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(ret, A_as_ntt);
   uint8_t message_representative[64U] = {0U};
   uint8_t uu____1[64U];
   memcpy(uu____1, verification_key_hash, (size_t)64U * sizeof(uint8_t));
@@ -7122,6 +8236,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
@@ -7142,7 +8257,7 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics
 - SIGNATURE_SIZE= 3309
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_6b(
     uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
     uint8_t randomness[32U]) {
   Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
@@ -7158,7 +8273,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea(
     /* Passing arrays by value in Rust generates a copy in C */
     uint8_t copy_of_randomness[32U];
     memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_6b(
         uu____2, uu____3, uu____4, copy_of_randomness);
   } else {
     uu____1 = (CLITERAL(Result_2e){
@@ -7201,7 +8316,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_f3(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_sign_ea(uu____0, uu____1, uu____2,
+  return libcrux_ml_dsa_ml_dsa_generic_sign_6b(uu____0, uu____1, uu____2,
                                                copy_of_randomness);
 }
 
@@ -7252,7 +8367,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign(
     libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
     Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
-  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key);
   Eurydice_slice uu____1 = message;
   Eurydice_slice uu____2 = context;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -7265,6 +8380,7 @@ static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
@@ -7289,7 +8405,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE Result_2e
-libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(uint8_t *signing_key,
+libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_b7(uint8_t *signing_key,
                                                  Eurydice_slice message,
                                                  Eurydice_slice context,
                                                  uint8_t randomness[32U]) {
@@ -7320,7 +8436,7 @@ libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(uint8_t *signing_key,
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[32U];
       memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-      uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea(
+      uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_6b(
           uu____3, uu____4, uu____5, copy_of_randomness);
     } else {
       uu____0 = (CLITERAL(Result_2e){
@@ -7364,7 +8480,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_pre_hashed_s
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(
+  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_b7(
       uu____0, uu____1, uu____2, copy_of_randomness);
 }
 
@@ -7416,7 +8532,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
 static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign_pre_hashed_shake128(
     libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
     Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
-  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key);
   Eurydice_slice uu____1 = message;
   Eurydice_slice uu____2 = context;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -8000,6 +9116,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_arithmetic_use_hint_fe(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
@@ -8019,7 +9136,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE Result_41
-libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+libcrux_ml_dsa_ml_dsa_generic_verify_internal_44(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Option_84 domain_separation_context, uint8_t *signature_serialized) {
   tuple_930 uu____0 = libcrux_ml_dsa_encoding_verification_key_deserialize_fe(
@@ -8050,7 +9167,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
       uint8_t ret[34U];
       libcrux_ml_dsa_utils_into_padded_array_b6(
           Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
-      libcrux_ml_dsa_samplex4_matrix_A_fe(ret, A_as_ntt);
+      libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(ret, A_as_ntt);
       uint8_t verification_key_hash[64U] = {0U};
       libcrux_ml_dsa_hash_functions_simd256_shake256_d9_24(
           Eurydice_array_to_slice((size_t)1952U, verification_key_serialized,
@@ -8132,6 +9249,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
@@ -8150,7 +9268,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 - MAX_ONES_IN_HINT= 55
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1(
+static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_44(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
   Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
@@ -8160,7 +9278,7 @@ static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1(
     libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok;
     libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
         dsc;
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_44(
         verification_key_serialized, message,
         (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
         signature_serialized);
@@ -8198,7 +9316,7 @@ static inline Result_41
 libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_01(
     uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
     uint8_t *signature) {
-  return libcrux_ml_dsa_ml_dsa_generic_verify_d1(verification_key, message,
+  return libcrux_ml_dsa_ml_dsa_generic_verify_44(verification_key, message,
                                                  context, signature);
 }
 
@@ -8244,13 +9362,14 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_65_avx2_verify(
     Eurydice_slice message, Eurydice_slice context,
     libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
   return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_01(
-      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
-      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+      libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_ref_8f_fa(signature));
 }
 
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_pre_hashed
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
+libcrux_ml_dsa_samplex4_avx2_AVX2Sampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4,
 libcrux_ml_dsa_hash_functions_simd256_Shake256,
@@ -8273,7 +9392,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE Result_41
-libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07(
+libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_f8(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
   uint8_t pre_hashed_message[256U];
@@ -8290,7 +9409,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07(
     libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____1.val.case_Ok;
     libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
         dsc;
-    uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1(
+    uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_44(
         verification_key_serialized,
         Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t),
         (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
@@ -8329,7 +9448,7 @@ static inline Result_41
 libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_pre_hashed_shake128_01(
     uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
     uint8_t *signature) {
-  return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07(
+  return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_f8(
       verification_key, message, context, signature);
 }
 
@@ -8377,8 +9496,8 @@ libcrux_ml_dsa_ml_dsa_65_avx2_verify_pre_hashed_shake128(
     Eurydice_slice message, Eurydice_slice context,
     libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
   return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_pre_hashed_shake128_01(
-      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
-      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+      libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_ref_8f_fa(signature));
 }
 
 KRML_ATTRIBUTE_TARGET("avx2")
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index 7c1e075a3..b661b4316 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
+ * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -512,16 +512,23 @@ typedef libcrux_ml_dsa_types_MLDSAVerificationKey_ea
         LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T) /           \
        (size_t)8U)
 
-static KRML_MUSTINLINE uint16_t
-libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t row, uint8_t column) {
-  return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U;
-}
-
 #define LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS ((int32_t)8380417)
 
 #define LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
   (58728449ULL)
 
+typedef struct uint8_t_x2_s {
+  uint8_t fst;
+  uint8_t snd;
+} uint8_t_x2;
+
+static KRML_MUSTINLINE uint16_t
+libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t_x2 _) {
+  uint8_t row = _.fst;
+  uint8_t column = _.snd;
+  return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U;
+}
+
 typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s {
   Eurydice_slice context;
   Option_30 pre_hash_oid;
@@ -645,6 +652,8 @@ static inline void libcrux_ml_dsa_pre_hash_oid_bd(uint8_t ret[11U]) {
          (size_t)11U * sizeof(uint8_t));
 }
 
+typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s {
+} libcrux_ml_dsa_pre_hash_SHAKE128_PH;
 
 typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_s {
   int32_t coefficients[8U];
@@ -4152,10 +4161,20 @@ static inline void libcrux_ml_dsa_simd_portable_invert_ntt_montgomery_36(
              sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit));
 }
 
-typedef struct uint8_t_x2_s {
-  uint8_t fst;
-  uint8_t snd;
-} uint8_t_x2;
+typedef struct libcrux_ml_dsa_samplex4_portable_PortableSampler_s {
+} libcrux_ml_dsa_samplex4_portable_PortableSampler;
+
+typedef struct uint8_t_840size_t__x4_s {
+  uint8_t fst[840U];
+  uint8_t snd[840U];
+  uint8_t thd[840U];
+  uint8_t f3[840U];
+} uint8_t_840size_t__x4;
+
+typedef struct size_t_x2_s {
+  size_t fst;
+  size_t snd;
+} size_t_x2;
 
 /**
 A monomorphic instance of K.
@@ -4225,575 +4244,74 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ba(void) {
   return lit;
 }
 
-typedef struct
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4_s {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b thd;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f3;
-} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4;
-
 /**
-A monomorphic instance of
-libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
-libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
-
-*/
-static KRML_MUSTINLINE bool
-libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
-  bool done = false;
-  for (size_t i = (size_t)0U;
-       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) {
-    size_t _cloop_i = i;
-    Eurydice_slice random_bytes =
-        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U,
-                                 _cloop_i * (size_t)24U + (size_t)24U, uint8_t);
-    if (!done) {
-      Eurydice_slice uu____0 = random_bytes;
-      size_t sampled =
-          libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36(
-              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
-                                                       sampled_coefficients[0U],
-                                                       int32_t, size_t));
-      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
-      if (sampled_coefficients[0U] >=
-          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
-        done = true;
-      }
-    }
-  }
-  return done;
-}
-
-/**
-This function found in impl
-{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
-TraitClause@1]}
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
 with const generics
-
+- $840size_t
+- $6size_t
+- $5size_t
 */
-static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
-libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result =
-      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
-        libcrux_ml_dsa_simd_portable_from_coefficient_array_36(
-            Eurydice_slice_subslice2(
-                array,
-                i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-                (i0 + (size_t)1U) *
-                    LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-                int32_t));
-    result.simd_units[i0] = uu____0;
-  }
-  return result;
-}
+typedef struct libcrux_ml_dsa_sample_SampleArgs_4e_s {
+  uint8_t_840size_t__x4 *rand_stack;
+  Eurydice_slice tmp_stack;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U];
+  Eurydice_slice indices;
+} libcrux_ml_dsa_sample_SampleArgs_4e;
 
 /**
-A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
-
+This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit,
+STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]}
 */
-static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-libcrux_ml_dsa_sample_sample_four_ring_elements_ba(uint8_t seed0[34U],
-                                                   uint16_t domain_separator0,
-                                                   uint16_t domain_separator1,
-                                                   uint16_t domain_seperator2,
-                                                   uint16_t domain_separator3) {
-  seed0[32U] = (uint8_t)domain_separator0;
-  seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
-  uint8_t seed1[34U];
-  memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t));
-  seed1[32U] = (uint8_t)domain_separator1;
-  seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
-  uint8_t seed2[34U];
-  memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
-  seed2[32U] = (uint8_t)domain_seperator2;
-  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
-  uint8_t seed3[34U];
-  memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
-  seed3[32U] = (uint8_t)domain_separator3;
-  seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
-  libcrux_ml_dsa_hash_functions_portable_Shake128X4 state =
-      libcrux_ml_dsa_hash_functions_portable_init_absorb_ed(
-          Eurydice_array_to_slice((size_t)34U, seed0, uint8_t),
-          Eurydice_array_to_slice((size_t)34U, seed1, uint8_t),
-          Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
-          Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
-  uint8_t randomness0[840U] = {0U};
-  uint8_t randomness1[840U] = {0U};
-  uint8_t randomness2[840U] = {0U};
-  uint8_t randomness3[840U] = {0U};
-  libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
-      &state, randomness0, randomness1, randomness2, randomness3);
-  int32_t coefficients0[263U] = {0U};
-  int32_t coefficients1[263U] = {0U};
-  int32_t coefficients2[263U] = {0U};
-  int32_t coefficients3[263U] = {0U};
-  size_t sampled0 = (size_t)0U;
-  size_t sampled1 = (size_t)0U;
-  size_t sampled2 = (size_t)0U;
-  size_t sampled3 = (size_t)0U;
-  bool done0 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, randomness0, uint8_t),
-          &sampled0, coefficients0);
-  bool done1 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, randomness1, uint8_t),
-          &sampled1, coefficients1);
-  bool done2 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, randomness2, uint8_t),
-          &sampled2, coefficients2);
-  bool done3 =
-      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, randomness3, uint8_t),
-          &sampled3, coefficients3);
-  while (true) {
-    if (done0) {
-      if (done1) {
-        if (done2) {
-          if (done3) {
-            break;
-          } else {
-            uint8_t_168size_t__x4 randomnesses =
-                libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
-                    &state);
-            if (!done0) {
-              done0 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                              uint8_t),
-                      &sampled0, coefficients0);
-            }
-            if (!done1) {
-              done1 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                              uint8_t),
-                      &sampled1, coefficients1);
-            }
-            if (!done2) {
-              done2 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                              uint8_t),
-                      &sampled2, coefficients2);
-            }
-            if (!done3) {
-              done3 =
-                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                      Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
-                                              uint8_t),
-                      &sampled3, coefficients3);
-            }
-          }
-        } else {
-          uint8_t_168size_t__x4 randomnesses =
-              libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
-                  &state);
-          if (!done0) {
-            done0 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                            uint8_t),
-                    &sampled0, coefficients0);
-          }
-          if (!done1) {
-            done1 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                            uint8_t),
-                    &sampled1, coefficients1);
-          }
-          if (!done2) {
-            done2 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                            uint8_t),
-                    &sampled2, coefficients2);
-          }
-          if (!done3) {
-            done3 =
-                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                    Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
-                                            uint8_t),
-                    &sampled3, coefficients3);
-          }
-        }
-      } else {
-        uint8_t_168size_t__x4 randomnesses =
-            libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
-                &state);
-        if (!done0) {
-          done0 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                          uint8_t),
-                  &sampled0, coefficients0);
-        }
-        if (!done1) {
-          done1 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                          uint8_t),
-                  &sampled1, coefficients1);
-        }
-        if (!done2) {
-          done2 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                          uint8_t),
-                  &sampled2, coefficients2);
-        }
-        if (!done3) {
-          done3 =
-              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                  Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
-                                          uint8_t),
-                  &sampled3, coefficients3);
-        }
-      }
-    } else {
-      uint8_t_168size_t__x4 randomnesses =
-          libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state);
-      if (!done0) {
-        done0 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
-                                        uint8_t),
-                &sampled0, coefficients0);
-      }
-      if (!done1) {
-        done1 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
-                                        uint8_t),
-                &sampled1, coefficients1);
-      }
-      if (!done2) {
-        done2 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
-                                        uint8_t),
-                &sampled2, coefficients2);
-      }
-      if (!done3) {
-        done3 =
-            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-                Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
-                &sampled3, coefficients3);
-      }
-    }
-  }
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 =
-      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
-          Eurydice_array_to_slice((size_t)263U, coefficients0, int32_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
-      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
-          Eurydice_array_to_slice((size_t)263U, coefficients1, int32_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 =
-      libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
-          Eurydice_array_to_slice((size_t)263U, coefficients2, int32_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      lit;
-  lit.fst = uu____0;
-  lit.snd = uu____1;
-  lit.thd = uu____2;
-  lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(
-      Eurydice_array_to_slice((size_t)263U, coefficients3, int32_t));
-  return lit;
-}
-
 /**
-A monomorphic instance of libcrux_ml_dsa.samplex4.update_matrix
+A monomorphic instance of libcrux_ml_dsa.sample.new_29
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
 with const generics
+- STACK_SIZE= 840
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
-static inline void libcrux_ml_dsa_samplex4_update_matrix_2f(
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*m)[5U], size_t i,
-    size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_9b v) {
-  m[i][j] = v;
+static inline libcrux_ml_dsa_sample_SampleArgs_4e
+libcrux_ml_dsa_sample_new_29_ab(
+    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U],
+    Eurydice_slice indices) {
+  libcrux_ml_dsa_sample_SampleArgs_4e lit;
+  lit.rand_stack = rand_stack;
+  lit.tmp_stack = tmp_stack;
+  lit.out = out;
+  lit.indices = indices;
+  return lit;
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_4_by_4
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
+A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_4_by_4_2f(
-    uint8_t seed[34U],
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed[34U];
-  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U,
-                                           four_ring_elements.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U,
-                                           four_ring_elements.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U,
-                                           four_ring_elements.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U,
-                                           four_ring_elements.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed0[34U];
-  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed0,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U,
-                                           four_ring_elements0.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U,
-                                           four_ring_elements0.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U,
-                                           four_ring_elements0.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U,
-                                           four_ring_elements0.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed1[34U];
-  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed1,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U,
-                                           four_ring_elements1.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U,
-                                           four_ring_elements1.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U,
-                                           four_ring_elements1.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U,
-                                           four_ring_elements1.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed2[34U];
-  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed2,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U,
-                                           four_ring_elements2.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U,
-                                           four_ring_elements2.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U,
-                                           four_ring_elements2.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U,
-                                           four_ring_elements2.f3);
-  memcpy(ret, A,
-         (size_t)6U *
-             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+    uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1,
+    uint16_t domain_seperator2, uint16_t domain_separator3,
+    libcrux_ml_dsa_sample_SampleArgs_4e *memory) {
+  KRML_HOST_EPRINTF(
+      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
+      "Eurydice error: Failure(\"Error looking trait impl: "
+      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
+      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, "
+      "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n");
+  KRML_HOST_EXIT(255U);
 }
 
 /**
 A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_6_by_5
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-*/
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_2f(
-    uint8_t seed[34U],
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U];
-  for (size_t i = (size_t)0U; i < (size_t)6U; i++) {
-    A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-    A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed[34U];
-  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U,
-                                           four_ring_elements.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U,
-                                           four_ring_elements.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U,
-                                           four_ring_elements.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U,
-                                           four_ring_elements.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed0[34U];
-  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed0,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)4U,
-                                           four_ring_elements0.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U,
-                                           four_ring_elements0.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U,
-                                           four_ring_elements0.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U,
-                                           four_ring_elements0.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed1[34U];
-  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed1,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U,
-                                           four_ring_elements1.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)4U,
-                                           four_ring_elements1.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U,
-                                           four_ring_elements1.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U,
-                                           four_ring_elements1.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed2[34U];
-  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed2,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U,
-                                           four_ring_elements2.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U,
-                                           four_ring_elements2.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)4U,
-                                           four_ring_elements2.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U,
-                                           four_ring_elements2.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed3[34U];
-  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed3,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U,
-                                           four_ring_elements3.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U,
-                                           four_ring_elements3.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U,
-                                           four_ring_elements3.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)4U,
-                                           four_ring_elements3.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed4[34U];
-  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed4,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)0U,
-                                           four_ring_elements4.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)1U,
-                                           four_ring_elements4.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)2U,
-                                           four_ring_elements4.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)3U,
-                                           four_ring_elements4.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed5[34U];
-  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed5,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)4U,
-                                           four_ring_elements5.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)0U,
-                                           four_ring_elements5.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)1U,
-                                           four_ring_elements5.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)2U,
-                                           four_ring_elements5.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed6[34U];
-  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed6,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)3U,
-                                           four_ring_elements6.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)4U,
-                                           four_ring_elements6.snd);
-  memcpy(ret, A,
-         (size_t)6U *
-             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
-}
-
-/**
-A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_8_by_7
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f(
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
     uint8_t seed[34U],
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U];
@@ -4804,295 +4322,1864 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f(
     A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
     A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
   }
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed[34U];
-  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U,
-                                           four_ring_elements.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U,
-                                           four_ring_elements.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U,
-                                           four_ring_elements.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U,
-                                           four_ring_elements.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed0[34U];
-  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed0,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)4U,
-                                           four_ring_elements0.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)5U,
-                                           four_ring_elements0.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)6U,
-                                           four_ring_elements0.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U,
-                                           four_ring_elements0.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed1[34U];
-  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed1,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U,
-                                           four_ring_elements1.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U,
-                                           four_ring_elements1.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U,
-                                           four_ring_elements1.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)4U,
-                                           four_ring_elements1.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed2[34U];
-  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed2,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)5U,
-                                           four_ring_elements2.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)6U,
-                                           four_ring_elements2.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U,
-                                           four_ring_elements2.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U,
-                                           four_ring_elements2.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed3[34U];
-  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed3,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 5U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U,
-                                           four_ring_elements3.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U,
-                                           four_ring_elements3.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)4U,
-                                           four_ring_elements3.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)5U,
-                                           four_ring_elements3.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed4[34U];
-  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed4,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)6U,
-                                           four_ring_elements4.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U,
-                                           four_ring_elements4.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U,
-                                           four_ring_elements4.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U,
-                                           four_ring_elements4.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed5[34U];
-  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed5,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 6U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U,
-                                           four_ring_elements5.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)4U,
-                                           four_ring_elements5.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)5U,
-                                           four_ring_elements5.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)6U,
-                                           four_ring_elements5.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed6[34U];
-  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed6,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)0U,
-                                           four_ring_elements6.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)1U,
-                                           four_ring_elements6.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)2U,
-                                           four_ring_elements6.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)3U,
-                                           four_ring_elements6.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed7[34U];
-  memcpy(copy_of_seed7, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements7 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed7,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)4U,
-                                           four_ring_elements7.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)5U,
-                                           four_ring_elements7.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)6U,
-                                           four_ring_elements7.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)0U,
-                                           four_ring_elements7.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed8[34U];
-  memcpy(copy_of_seed8, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements8 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed8,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)1U,
-                                           four_ring_elements8.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)2U,
-                                           four_ring_elements8.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)3U,
-                                           four_ring_elements8.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)4U,
-                                           four_ring_elements8.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed9[34U];
-  memcpy(copy_of_seed9, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements9 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed9,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 1U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)5U,
-                                           four_ring_elements9.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)6U,
-                                           four_ring_elements9.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)0U,
-                                           four_ring_elements9.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)1U,
-                                           four_ring_elements9.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed10[34U];
-  memcpy(copy_of_seed10, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements10 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed10,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 2U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 5U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)2U,
-                                           four_ring_elements10.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)3U,
-                                           four_ring_elements10.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)4U,
-                                           four_ring_elements10.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)5U,
-                                           four_ring_elements10.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed11[34U];
-  memcpy(copy_of_seed11, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements11 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed11,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 6U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 0U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 1U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 2U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)6U,
-                                           four_ring_elements11.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)0U,
-                                           four_ring_elements11.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)1U,
-                                           four_ring_elements11.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)2U,
-                                           four_ring_elements11.f3);
-  /* Passing arrays by value in Rust generates a copy in C */
-  uint8_t copy_of_seed12[34U];
-  memcpy(copy_of_seed12, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4
-      four_ring_elements12 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba(
-          copy_of_seed12,
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 3U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 4U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 5U),
-          libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 6U));
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)3U,
-                                           four_ring_elements12.fst);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)4U,
-                                           four_ring_elements12.snd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)5U,
-                                           four_ring_elements12.thd);
-  libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)6U,
-                                           four_ring_elements12.f3);
+  uint8_t uu____0[840U] = {0U};
+  uint8_t uu____1[840U] = {0U};
+  uint8_t_840size_t__x4 rand_stack;
+  rand_stack.fst[0U] = 0U;
+  rand_stack.fst[1U] = 0U;
+  rand_stack.fst[2U] = 0U;
+  rand_stack.fst[3U] = 0U;
+  rand_stack.fst[4U] = 0U;
+  rand_stack.fst[5U] = 0U;
+  rand_stack.fst[6U] = 0U;
+  rand_stack.fst[7U] = 0U;
+  rand_stack.fst[8U] = 0U;
+  rand_stack.fst[9U] = 0U;
+  rand_stack.fst[10U] = 0U;
+  rand_stack.fst[11U] = 0U;
+  rand_stack.fst[12U] = 0U;
+  rand_stack.fst[13U] = 0U;
+  rand_stack.fst[14U] = 0U;
+  rand_stack.fst[15U] = 0U;
+  rand_stack.fst[16U] = 0U;
+  rand_stack.fst[17U] = 0U;
+  rand_stack.fst[18U] = 0U;
+  rand_stack.fst[19U] = 0U;
+  rand_stack.fst[20U] = 0U;
+  rand_stack.fst[21U] = 0U;
+  rand_stack.fst[22U] = 0U;
+  rand_stack.fst[23U] = 0U;
+  rand_stack.fst[24U] = 0U;
+  rand_stack.fst[25U] = 0U;
+  rand_stack.fst[26U] = 0U;
+  rand_stack.fst[27U] = 0U;
+  rand_stack.fst[28U] = 0U;
+  rand_stack.fst[29U] = 0U;
+  rand_stack.fst[30U] = 0U;
+  rand_stack.fst[31U] = 0U;
+  rand_stack.fst[32U] = 0U;
+  rand_stack.fst[33U] = 0U;
+  rand_stack.fst[34U] = 0U;
+  rand_stack.fst[35U] = 0U;
+  rand_stack.fst[36U] = 0U;
+  rand_stack.fst[37U] = 0U;
+  rand_stack.fst[38U] = 0U;
+  rand_stack.fst[39U] = 0U;
+  rand_stack.fst[40U] = 0U;
+  rand_stack.fst[41U] = 0U;
+  rand_stack.fst[42U] = 0U;
+  rand_stack.fst[43U] = 0U;
+  rand_stack.fst[44U] = 0U;
+  rand_stack.fst[45U] = 0U;
+  rand_stack.fst[46U] = 0U;
+  rand_stack.fst[47U] = 0U;
+  rand_stack.fst[48U] = 0U;
+  rand_stack.fst[49U] = 0U;
+  rand_stack.fst[50U] = 0U;
+  rand_stack.fst[51U] = 0U;
+  rand_stack.fst[52U] = 0U;
+  rand_stack.fst[53U] = 0U;
+  rand_stack.fst[54U] = 0U;
+  rand_stack.fst[55U] = 0U;
+  rand_stack.fst[56U] = 0U;
+  rand_stack.fst[57U] = 0U;
+  rand_stack.fst[58U] = 0U;
+  rand_stack.fst[59U] = 0U;
+  rand_stack.fst[60U] = 0U;
+  rand_stack.fst[61U] = 0U;
+  rand_stack.fst[62U] = 0U;
+  rand_stack.fst[63U] = 0U;
+  rand_stack.fst[64U] = 0U;
+  rand_stack.fst[65U] = 0U;
+  rand_stack.fst[66U] = 0U;
+  rand_stack.fst[67U] = 0U;
+  rand_stack.fst[68U] = 0U;
+  rand_stack.fst[69U] = 0U;
+  rand_stack.fst[70U] = 0U;
+  rand_stack.fst[71U] = 0U;
+  rand_stack.fst[72U] = 0U;
+  rand_stack.fst[73U] = 0U;
+  rand_stack.fst[74U] = 0U;
+  rand_stack.fst[75U] = 0U;
+  rand_stack.fst[76U] = 0U;
+  rand_stack.fst[77U] = 0U;
+  rand_stack.fst[78U] = 0U;
+  rand_stack.fst[79U] = 0U;
+  rand_stack.fst[80U] = 0U;
+  rand_stack.fst[81U] = 0U;
+  rand_stack.fst[82U] = 0U;
+  rand_stack.fst[83U] = 0U;
+  rand_stack.fst[84U] = 0U;
+  rand_stack.fst[85U] = 0U;
+  rand_stack.fst[86U] = 0U;
+  rand_stack.fst[87U] = 0U;
+  rand_stack.fst[88U] = 0U;
+  rand_stack.fst[89U] = 0U;
+  rand_stack.fst[90U] = 0U;
+  rand_stack.fst[91U] = 0U;
+  rand_stack.fst[92U] = 0U;
+  rand_stack.fst[93U] = 0U;
+  rand_stack.fst[94U] = 0U;
+  rand_stack.fst[95U] = 0U;
+  rand_stack.fst[96U] = 0U;
+  rand_stack.fst[97U] = 0U;
+  rand_stack.fst[98U] = 0U;
+  rand_stack.fst[99U] = 0U;
+  rand_stack.fst[100U] = 0U;
+  rand_stack.fst[101U] = 0U;
+  rand_stack.fst[102U] = 0U;
+  rand_stack.fst[103U] = 0U;
+  rand_stack.fst[104U] = 0U;
+  rand_stack.fst[105U] = 0U;
+  rand_stack.fst[106U] = 0U;
+  rand_stack.fst[107U] = 0U;
+  rand_stack.fst[108U] = 0U;
+  rand_stack.fst[109U] = 0U;
+  rand_stack.fst[110U] = 0U;
+  rand_stack.fst[111U] = 0U;
+  rand_stack.fst[112U] = 0U;
+  rand_stack.fst[113U] = 0U;
+  rand_stack.fst[114U] = 0U;
+  rand_stack.fst[115U] = 0U;
+  rand_stack.fst[116U] = 0U;
+  rand_stack.fst[117U] = 0U;
+  rand_stack.fst[118U] = 0U;
+  rand_stack.fst[119U] = 0U;
+  rand_stack.fst[120U] = 0U;
+  rand_stack.fst[121U] = 0U;
+  rand_stack.fst[122U] = 0U;
+  rand_stack.fst[123U] = 0U;
+  rand_stack.fst[124U] = 0U;
+  rand_stack.fst[125U] = 0U;
+  rand_stack.fst[126U] = 0U;
+  rand_stack.fst[127U] = 0U;
+  rand_stack.fst[128U] = 0U;
+  rand_stack.fst[129U] = 0U;
+  rand_stack.fst[130U] = 0U;
+  rand_stack.fst[131U] = 0U;
+  rand_stack.fst[132U] = 0U;
+  rand_stack.fst[133U] = 0U;
+  rand_stack.fst[134U] = 0U;
+  rand_stack.fst[135U] = 0U;
+  rand_stack.fst[136U] = 0U;
+  rand_stack.fst[137U] = 0U;
+  rand_stack.fst[138U] = 0U;
+  rand_stack.fst[139U] = 0U;
+  rand_stack.fst[140U] = 0U;
+  rand_stack.fst[141U] = 0U;
+  rand_stack.fst[142U] = 0U;
+  rand_stack.fst[143U] = 0U;
+  rand_stack.fst[144U] = 0U;
+  rand_stack.fst[145U] = 0U;
+  rand_stack.fst[146U] = 0U;
+  rand_stack.fst[147U] = 0U;
+  rand_stack.fst[148U] = 0U;
+  rand_stack.fst[149U] = 0U;
+  rand_stack.fst[150U] = 0U;
+  rand_stack.fst[151U] = 0U;
+  rand_stack.fst[152U] = 0U;
+  rand_stack.fst[153U] = 0U;
+  rand_stack.fst[154U] = 0U;
+  rand_stack.fst[155U] = 0U;
+  rand_stack.fst[156U] = 0U;
+  rand_stack.fst[157U] = 0U;
+  rand_stack.fst[158U] = 0U;
+  rand_stack.fst[159U] = 0U;
+  rand_stack.fst[160U] = 0U;
+  rand_stack.fst[161U] = 0U;
+  rand_stack.fst[162U] = 0U;
+  rand_stack.fst[163U] = 0U;
+  rand_stack.fst[164U] = 0U;
+  rand_stack.fst[165U] = 0U;
+  rand_stack.fst[166U] = 0U;
+  rand_stack.fst[167U] = 0U;
+  rand_stack.fst[168U] = 0U;
+  rand_stack.fst[169U] = 0U;
+  rand_stack.fst[170U] = 0U;
+  rand_stack.fst[171U] = 0U;
+  rand_stack.fst[172U] = 0U;
+  rand_stack.fst[173U] = 0U;
+  rand_stack.fst[174U] = 0U;
+  rand_stack.fst[175U] = 0U;
+  rand_stack.fst[176U] = 0U;
+  rand_stack.fst[177U] = 0U;
+  rand_stack.fst[178U] = 0U;
+  rand_stack.fst[179U] = 0U;
+  rand_stack.fst[180U] = 0U;
+  rand_stack.fst[181U] = 0U;
+  rand_stack.fst[182U] = 0U;
+  rand_stack.fst[183U] = 0U;
+  rand_stack.fst[184U] = 0U;
+  rand_stack.fst[185U] = 0U;
+  rand_stack.fst[186U] = 0U;
+  rand_stack.fst[187U] = 0U;
+  rand_stack.fst[188U] = 0U;
+  rand_stack.fst[189U] = 0U;
+  rand_stack.fst[190U] = 0U;
+  rand_stack.fst[191U] = 0U;
+  rand_stack.fst[192U] = 0U;
+  rand_stack.fst[193U] = 0U;
+  rand_stack.fst[194U] = 0U;
+  rand_stack.fst[195U] = 0U;
+  rand_stack.fst[196U] = 0U;
+  rand_stack.fst[197U] = 0U;
+  rand_stack.fst[198U] = 0U;
+  rand_stack.fst[199U] = 0U;
+  rand_stack.fst[200U] = 0U;
+  rand_stack.fst[201U] = 0U;
+  rand_stack.fst[202U] = 0U;
+  rand_stack.fst[203U] = 0U;
+  rand_stack.fst[204U] = 0U;
+  rand_stack.fst[205U] = 0U;
+  rand_stack.fst[206U] = 0U;
+  rand_stack.fst[207U] = 0U;
+  rand_stack.fst[208U] = 0U;
+  rand_stack.fst[209U] = 0U;
+  rand_stack.fst[210U] = 0U;
+  rand_stack.fst[211U] = 0U;
+  rand_stack.fst[212U] = 0U;
+  rand_stack.fst[213U] = 0U;
+  rand_stack.fst[214U] = 0U;
+  rand_stack.fst[215U] = 0U;
+  rand_stack.fst[216U] = 0U;
+  rand_stack.fst[217U] = 0U;
+  rand_stack.fst[218U] = 0U;
+  rand_stack.fst[219U] = 0U;
+  rand_stack.fst[220U] = 0U;
+  rand_stack.fst[221U] = 0U;
+  rand_stack.fst[222U] = 0U;
+  rand_stack.fst[223U] = 0U;
+  rand_stack.fst[224U] = 0U;
+  rand_stack.fst[225U] = 0U;
+  rand_stack.fst[226U] = 0U;
+  rand_stack.fst[227U] = 0U;
+  rand_stack.fst[228U] = 0U;
+  rand_stack.fst[229U] = 0U;
+  rand_stack.fst[230U] = 0U;
+  rand_stack.fst[231U] = 0U;
+  rand_stack.fst[232U] = 0U;
+  rand_stack.fst[233U] = 0U;
+  rand_stack.fst[234U] = 0U;
+  rand_stack.fst[235U] = 0U;
+  rand_stack.fst[236U] = 0U;
+  rand_stack.fst[237U] = 0U;
+  rand_stack.fst[238U] = 0U;
+  rand_stack.fst[239U] = 0U;
+  rand_stack.fst[240U] = 0U;
+  rand_stack.fst[241U] = 0U;
+  rand_stack.fst[242U] = 0U;
+  rand_stack.fst[243U] = 0U;
+  rand_stack.fst[244U] = 0U;
+  rand_stack.fst[245U] = 0U;
+  rand_stack.fst[246U] = 0U;
+  rand_stack.fst[247U] = 0U;
+  rand_stack.fst[248U] = 0U;
+  rand_stack.fst[249U] = 0U;
+  rand_stack.fst[250U] = 0U;
+  rand_stack.fst[251U] = 0U;
+  rand_stack.fst[252U] = 0U;
+  rand_stack.fst[253U] = 0U;
+  rand_stack.fst[254U] = 0U;
+  rand_stack.fst[255U] = 0U;
+  rand_stack.fst[256U] = 0U;
+  rand_stack.fst[257U] = 0U;
+  rand_stack.fst[258U] = 0U;
+  rand_stack.fst[259U] = 0U;
+  rand_stack.fst[260U] = 0U;
+  rand_stack.fst[261U] = 0U;
+  rand_stack.fst[262U] = 0U;
+  rand_stack.fst[263U] = 0U;
+  rand_stack.fst[264U] = 0U;
+  rand_stack.fst[265U] = 0U;
+  rand_stack.fst[266U] = 0U;
+  rand_stack.fst[267U] = 0U;
+  rand_stack.fst[268U] = 0U;
+  rand_stack.fst[269U] = 0U;
+  rand_stack.fst[270U] = 0U;
+  rand_stack.fst[271U] = 0U;
+  rand_stack.fst[272U] = 0U;
+  rand_stack.fst[273U] = 0U;
+  rand_stack.fst[274U] = 0U;
+  rand_stack.fst[275U] = 0U;
+  rand_stack.fst[276U] = 0U;
+  rand_stack.fst[277U] = 0U;
+  rand_stack.fst[278U] = 0U;
+  rand_stack.fst[279U] = 0U;
+  rand_stack.fst[280U] = 0U;
+  rand_stack.fst[281U] = 0U;
+  rand_stack.fst[282U] = 0U;
+  rand_stack.fst[283U] = 0U;
+  rand_stack.fst[284U] = 0U;
+  rand_stack.fst[285U] = 0U;
+  rand_stack.fst[286U] = 0U;
+  rand_stack.fst[287U] = 0U;
+  rand_stack.fst[288U] = 0U;
+  rand_stack.fst[289U] = 0U;
+  rand_stack.fst[290U] = 0U;
+  rand_stack.fst[291U] = 0U;
+  rand_stack.fst[292U] = 0U;
+  rand_stack.fst[293U] = 0U;
+  rand_stack.fst[294U] = 0U;
+  rand_stack.fst[295U] = 0U;
+  rand_stack.fst[296U] = 0U;
+  rand_stack.fst[297U] = 0U;
+  rand_stack.fst[298U] = 0U;
+  rand_stack.fst[299U] = 0U;
+  rand_stack.fst[300U] = 0U;
+  rand_stack.fst[301U] = 0U;
+  rand_stack.fst[302U] = 0U;
+  rand_stack.fst[303U] = 0U;
+  rand_stack.fst[304U] = 0U;
+  rand_stack.fst[305U] = 0U;
+  rand_stack.fst[306U] = 0U;
+  rand_stack.fst[307U] = 0U;
+  rand_stack.fst[308U] = 0U;
+  rand_stack.fst[309U] = 0U;
+  rand_stack.fst[310U] = 0U;
+  rand_stack.fst[311U] = 0U;
+  rand_stack.fst[312U] = 0U;
+  rand_stack.fst[313U] = 0U;
+  rand_stack.fst[314U] = 0U;
+  rand_stack.fst[315U] = 0U;
+  rand_stack.fst[316U] = 0U;
+  rand_stack.fst[317U] = 0U;
+  rand_stack.fst[318U] = 0U;
+  rand_stack.fst[319U] = 0U;
+  rand_stack.fst[320U] = 0U;
+  rand_stack.fst[321U] = 0U;
+  rand_stack.fst[322U] = 0U;
+  rand_stack.fst[323U] = 0U;
+  rand_stack.fst[324U] = 0U;
+  rand_stack.fst[325U] = 0U;
+  rand_stack.fst[326U] = 0U;
+  rand_stack.fst[327U] = 0U;
+  rand_stack.fst[328U] = 0U;
+  rand_stack.fst[329U] = 0U;
+  rand_stack.fst[330U] = 0U;
+  rand_stack.fst[331U] = 0U;
+  rand_stack.fst[332U] = 0U;
+  rand_stack.fst[333U] = 0U;
+  rand_stack.fst[334U] = 0U;
+  rand_stack.fst[335U] = 0U;
+  rand_stack.fst[336U] = 0U;
+  rand_stack.fst[337U] = 0U;
+  rand_stack.fst[338U] = 0U;
+  rand_stack.fst[339U] = 0U;
+  rand_stack.fst[340U] = 0U;
+  rand_stack.fst[341U] = 0U;
+  rand_stack.fst[342U] = 0U;
+  rand_stack.fst[343U] = 0U;
+  rand_stack.fst[344U] = 0U;
+  rand_stack.fst[345U] = 0U;
+  rand_stack.fst[346U] = 0U;
+  rand_stack.fst[347U] = 0U;
+  rand_stack.fst[348U] = 0U;
+  rand_stack.fst[349U] = 0U;
+  rand_stack.fst[350U] = 0U;
+  rand_stack.fst[351U] = 0U;
+  rand_stack.fst[352U] = 0U;
+  rand_stack.fst[353U] = 0U;
+  rand_stack.fst[354U] = 0U;
+  rand_stack.fst[355U] = 0U;
+  rand_stack.fst[356U] = 0U;
+  rand_stack.fst[357U] = 0U;
+  rand_stack.fst[358U] = 0U;
+  rand_stack.fst[359U] = 0U;
+  rand_stack.fst[360U] = 0U;
+  rand_stack.fst[361U] = 0U;
+  rand_stack.fst[362U] = 0U;
+  rand_stack.fst[363U] = 0U;
+  rand_stack.fst[364U] = 0U;
+  rand_stack.fst[365U] = 0U;
+  rand_stack.fst[366U] = 0U;
+  rand_stack.fst[367U] = 0U;
+  rand_stack.fst[368U] = 0U;
+  rand_stack.fst[369U] = 0U;
+  rand_stack.fst[370U] = 0U;
+  rand_stack.fst[371U] = 0U;
+  rand_stack.fst[372U] = 0U;
+  rand_stack.fst[373U] = 0U;
+  rand_stack.fst[374U] = 0U;
+  rand_stack.fst[375U] = 0U;
+  rand_stack.fst[376U] = 0U;
+  rand_stack.fst[377U] = 0U;
+  rand_stack.fst[378U] = 0U;
+  rand_stack.fst[379U] = 0U;
+  rand_stack.fst[380U] = 0U;
+  rand_stack.fst[381U] = 0U;
+  rand_stack.fst[382U] = 0U;
+  rand_stack.fst[383U] = 0U;
+  rand_stack.fst[384U] = 0U;
+  rand_stack.fst[385U] = 0U;
+  rand_stack.fst[386U] = 0U;
+  rand_stack.fst[387U] = 0U;
+  rand_stack.fst[388U] = 0U;
+  rand_stack.fst[389U] = 0U;
+  rand_stack.fst[390U] = 0U;
+  rand_stack.fst[391U] = 0U;
+  rand_stack.fst[392U] = 0U;
+  rand_stack.fst[393U] = 0U;
+  rand_stack.fst[394U] = 0U;
+  rand_stack.fst[395U] = 0U;
+  rand_stack.fst[396U] = 0U;
+  rand_stack.fst[397U] = 0U;
+  rand_stack.fst[398U] = 0U;
+  rand_stack.fst[399U] = 0U;
+  rand_stack.fst[400U] = 0U;
+  rand_stack.fst[401U] = 0U;
+  rand_stack.fst[402U] = 0U;
+  rand_stack.fst[403U] = 0U;
+  rand_stack.fst[404U] = 0U;
+  rand_stack.fst[405U] = 0U;
+  rand_stack.fst[406U] = 0U;
+  rand_stack.fst[407U] = 0U;
+  rand_stack.fst[408U] = 0U;
+  rand_stack.fst[409U] = 0U;
+  rand_stack.fst[410U] = 0U;
+  rand_stack.fst[411U] = 0U;
+  rand_stack.fst[412U] = 0U;
+  rand_stack.fst[413U] = 0U;
+  rand_stack.fst[414U] = 0U;
+  rand_stack.fst[415U] = 0U;
+  rand_stack.fst[416U] = 0U;
+  rand_stack.fst[417U] = 0U;
+  rand_stack.fst[418U] = 0U;
+  rand_stack.fst[419U] = 0U;
+  rand_stack.fst[420U] = 0U;
+  rand_stack.fst[421U] = 0U;
+  rand_stack.fst[422U] = 0U;
+  rand_stack.fst[423U] = 0U;
+  rand_stack.fst[424U] = 0U;
+  rand_stack.fst[425U] = 0U;
+  rand_stack.fst[426U] = 0U;
+  rand_stack.fst[427U] = 0U;
+  rand_stack.fst[428U] = 0U;
+  rand_stack.fst[429U] = 0U;
+  rand_stack.fst[430U] = 0U;
+  rand_stack.fst[431U] = 0U;
+  rand_stack.fst[432U] = 0U;
+  rand_stack.fst[433U] = 0U;
+  rand_stack.fst[434U] = 0U;
+  rand_stack.fst[435U] = 0U;
+  rand_stack.fst[436U] = 0U;
+  rand_stack.fst[437U] = 0U;
+  rand_stack.fst[438U] = 0U;
+  rand_stack.fst[439U] = 0U;
+  rand_stack.fst[440U] = 0U;
+  rand_stack.fst[441U] = 0U;
+  rand_stack.fst[442U] = 0U;
+  rand_stack.fst[443U] = 0U;
+  rand_stack.fst[444U] = 0U;
+  rand_stack.fst[445U] = 0U;
+  rand_stack.fst[446U] = 0U;
+  rand_stack.fst[447U] = 0U;
+  rand_stack.fst[448U] = 0U;
+  rand_stack.fst[449U] = 0U;
+  rand_stack.fst[450U] = 0U;
+  rand_stack.fst[451U] = 0U;
+  rand_stack.fst[452U] = 0U;
+  rand_stack.fst[453U] = 0U;
+  rand_stack.fst[454U] = 0U;
+  rand_stack.fst[455U] = 0U;
+  rand_stack.fst[456U] = 0U;
+  rand_stack.fst[457U] = 0U;
+  rand_stack.fst[458U] = 0U;
+  rand_stack.fst[459U] = 0U;
+  rand_stack.fst[460U] = 0U;
+  rand_stack.fst[461U] = 0U;
+  rand_stack.fst[462U] = 0U;
+  rand_stack.fst[463U] = 0U;
+  rand_stack.fst[464U] = 0U;
+  rand_stack.fst[465U] = 0U;
+  rand_stack.fst[466U] = 0U;
+  rand_stack.fst[467U] = 0U;
+  rand_stack.fst[468U] = 0U;
+  rand_stack.fst[469U] = 0U;
+  rand_stack.fst[470U] = 0U;
+  rand_stack.fst[471U] = 0U;
+  rand_stack.fst[472U] = 0U;
+  rand_stack.fst[473U] = 0U;
+  rand_stack.fst[474U] = 0U;
+  rand_stack.fst[475U] = 0U;
+  rand_stack.fst[476U] = 0U;
+  rand_stack.fst[477U] = 0U;
+  rand_stack.fst[478U] = 0U;
+  rand_stack.fst[479U] = 0U;
+  rand_stack.fst[480U] = 0U;
+  rand_stack.fst[481U] = 0U;
+  rand_stack.fst[482U] = 0U;
+  rand_stack.fst[483U] = 0U;
+  rand_stack.fst[484U] = 0U;
+  rand_stack.fst[485U] = 0U;
+  rand_stack.fst[486U] = 0U;
+  rand_stack.fst[487U] = 0U;
+  rand_stack.fst[488U] = 0U;
+  rand_stack.fst[489U] = 0U;
+  rand_stack.fst[490U] = 0U;
+  rand_stack.fst[491U] = 0U;
+  rand_stack.fst[492U] = 0U;
+  rand_stack.fst[493U] = 0U;
+  rand_stack.fst[494U] = 0U;
+  rand_stack.fst[495U] = 0U;
+  rand_stack.fst[496U] = 0U;
+  rand_stack.fst[497U] = 0U;
+  rand_stack.fst[498U] = 0U;
+  rand_stack.fst[499U] = 0U;
+  rand_stack.fst[500U] = 0U;
+  rand_stack.fst[501U] = 0U;
+  rand_stack.fst[502U] = 0U;
+  rand_stack.fst[503U] = 0U;
+  rand_stack.fst[504U] = 0U;
+  rand_stack.fst[505U] = 0U;
+  rand_stack.fst[506U] = 0U;
+  rand_stack.fst[507U] = 0U;
+  rand_stack.fst[508U] = 0U;
+  rand_stack.fst[509U] = 0U;
+  rand_stack.fst[510U] = 0U;
+  rand_stack.fst[511U] = 0U;
+  rand_stack.fst[512U] = 0U;
+  rand_stack.fst[513U] = 0U;
+  rand_stack.fst[514U] = 0U;
+  rand_stack.fst[515U] = 0U;
+  rand_stack.fst[516U] = 0U;
+  rand_stack.fst[517U] = 0U;
+  rand_stack.fst[518U] = 0U;
+  rand_stack.fst[519U] = 0U;
+  rand_stack.fst[520U] = 0U;
+  rand_stack.fst[521U] = 0U;
+  rand_stack.fst[522U] = 0U;
+  rand_stack.fst[523U] = 0U;
+  rand_stack.fst[524U] = 0U;
+  rand_stack.fst[525U] = 0U;
+  rand_stack.fst[526U] = 0U;
+  rand_stack.fst[527U] = 0U;
+  rand_stack.fst[528U] = 0U;
+  rand_stack.fst[529U] = 0U;
+  rand_stack.fst[530U] = 0U;
+  rand_stack.fst[531U] = 0U;
+  rand_stack.fst[532U] = 0U;
+  rand_stack.fst[533U] = 0U;
+  rand_stack.fst[534U] = 0U;
+  rand_stack.fst[535U] = 0U;
+  rand_stack.fst[536U] = 0U;
+  rand_stack.fst[537U] = 0U;
+  rand_stack.fst[538U] = 0U;
+  rand_stack.fst[539U] = 0U;
+  rand_stack.fst[540U] = 0U;
+  rand_stack.fst[541U] = 0U;
+  rand_stack.fst[542U] = 0U;
+  rand_stack.fst[543U] = 0U;
+  rand_stack.fst[544U] = 0U;
+  rand_stack.fst[545U] = 0U;
+  rand_stack.fst[546U] = 0U;
+  rand_stack.fst[547U] = 0U;
+  rand_stack.fst[548U] = 0U;
+  rand_stack.fst[549U] = 0U;
+  rand_stack.fst[550U] = 0U;
+  rand_stack.fst[551U] = 0U;
+  rand_stack.fst[552U] = 0U;
+  rand_stack.fst[553U] = 0U;
+  rand_stack.fst[554U] = 0U;
+  rand_stack.fst[555U] = 0U;
+  rand_stack.fst[556U] = 0U;
+  rand_stack.fst[557U] = 0U;
+  rand_stack.fst[558U] = 0U;
+  rand_stack.fst[559U] = 0U;
+  rand_stack.fst[560U] = 0U;
+  rand_stack.fst[561U] = 0U;
+  rand_stack.fst[562U] = 0U;
+  rand_stack.fst[563U] = 0U;
+  rand_stack.fst[564U] = 0U;
+  rand_stack.fst[565U] = 0U;
+  rand_stack.fst[566U] = 0U;
+  rand_stack.fst[567U] = 0U;
+  rand_stack.fst[568U] = 0U;
+  rand_stack.fst[569U] = 0U;
+  rand_stack.fst[570U] = 0U;
+  rand_stack.fst[571U] = 0U;
+  rand_stack.fst[572U] = 0U;
+  rand_stack.fst[573U] = 0U;
+  rand_stack.fst[574U] = 0U;
+  rand_stack.fst[575U] = 0U;
+  rand_stack.fst[576U] = 0U;
+  rand_stack.fst[577U] = 0U;
+  rand_stack.fst[578U] = 0U;
+  rand_stack.fst[579U] = 0U;
+  rand_stack.fst[580U] = 0U;
+  rand_stack.fst[581U] = 0U;
+  rand_stack.fst[582U] = 0U;
+  rand_stack.fst[583U] = 0U;
+  rand_stack.fst[584U] = 0U;
+  rand_stack.fst[585U] = 0U;
+  rand_stack.fst[586U] = 0U;
+  rand_stack.fst[587U] = 0U;
+  rand_stack.fst[588U] = 0U;
+  rand_stack.fst[589U] = 0U;
+  rand_stack.fst[590U] = 0U;
+  rand_stack.fst[591U] = 0U;
+  rand_stack.fst[592U] = 0U;
+  rand_stack.fst[593U] = 0U;
+  rand_stack.fst[594U] = 0U;
+  rand_stack.fst[595U] = 0U;
+  rand_stack.fst[596U] = 0U;
+  rand_stack.fst[597U] = 0U;
+  rand_stack.fst[598U] = 0U;
+  rand_stack.fst[599U] = 0U;
+  rand_stack.fst[600U] = 0U;
+  rand_stack.fst[601U] = 0U;
+  rand_stack.fst[602U] = 0U;
+  rand_stack.fst[603U] = 0U;
+  rand_stack.fst[604U] = 0U;
+  rand_stack.fst[605U] = 0U;
+  rand_stack.fst[606U] = 0U;
+  rand_stack.fst[607U] = 0U;
+  rand_stack.fst[608U] = 0U;
+  rand_stack.fst[609U] = 0U;
+  rand_stack.fst[610U] = 0U;
+  rand_stack.fst[611U] = 0U;
+  rand_stack.fst[612U] = 0U;
+  rand_stack.fst[613U] = 0U;
+  rand_stack.fst[614U] = 0U;
+  rand_stack.fst[615U] = 0U;
+  rand_stack.fst[616U] = 0U;
+  rand_stack.fst[617U] = 0U;
+  rand_stack.fst[618U] = 0U;
+  rand_stack.fst[619U] = 0U;
+  rand_stack.fst[620U] = 0U;
+  rand_stack.fst[621U] = 0U;
+  rand_stack.fst[622U] = 0U;
+  rand_stack.fst[623U] = 0U;
+  rand_stack.fst[624U] = 0U;
+  rand_stack.fst[625U] = 0U;
+  rand_stack.fst[626U] = 0U;
+  rand_stack.fst[627U] = 0U;
+  rand_stack.fst[628U] = 0U;
+  rand_stack.fst[629U] = 0U;
+  rand_stack.fst[630U] = 0U;
+  rand_stack.fst[631U] = 0U;
+  rand_stack.fst[632U] = 0U;
+  rand_stack.fst[633U] = 0U;
+  rand_stack.fst[634U] = 0U;
+  rand_stack.fst[635U] = 0U;
+  rand_stack.fst[636U] = 0U;
+  rand_stack.fst[637U] = 0U;
+  rand_stack.fst[638U] = 0U;
+  rand_stack.fst[639U] = 0U;
+  rand_stack.fst[640U] = 0U;
+  rand_stack.fst[641U] = 0U;
+  rand_stack.fst[642U] = 0U;
+  rand_stack.fst[643U] = 0U;
+  rand_stack.fst[644U] = 0U;
+  rand_stack.fst[645U] = 0U;
+  rand_stack.fst[646U] = 0U;
+  rand_stack.fst[647U] = 0U;
+  rand_stack.fst[648U] = 0U;
+  rand_stack.fst[649U] = 0U;
+  rand_stack.fst[650U] = 0U;
+  rand_stack.fst[651U] = 0U;
+  rand_stack.fst[652U] = 0U;
+  rand_stack.fst[653U] = 0U;
+  rand_stack.fst[654U] = 0U;
+  rand_stack.fst[655U] = 0U;
+  rand_stack.fst[656U] = 0U;
+  rand_stack.fst[657U] = 0U;
+  rand_stack.fst[658U] = 0U;
+  rand_stack.fst[659U] = 0U;
+  rand_stack.fst[660U] = 0U;
+  rand_stack.fst[661U] = 0U;
+  rand_stack.fst[662U] = 0U;
+  rand_stack.fst[663U] = 0U;
+  rand_stack.fst[664U] = 0U;
+  rand_stack.fst[665U] = 0U;
+  rand_stack.fst[666U] = 0U;
+  rand_stack.fst[667U] = 0U;
+  rand_stack.fst[668U] = 0U;
+  rand_stack.fst[669U] = 0U;
+  rand_stack.fst[670U] = 0U;
+  rand_stack.fst[671U] = 0U;
+  rand_stack.fst[672U] = 0U;
+  rand_stack.fst[673U] = 0U;
+  rand_stack.fst[674U] = 0U;
+  rand_stack.fst[675U] = 0U;
+  rand_stack.fst[676U] = 0U;
+  rand_stack.fst[677U] = 0U;
+  rand_stack.fst[678U] = 0U;
+  rand_stack.fst[679U] = 0U;
+  rand_stack.fst[680U] = 0U;
+  rand_stack.fst[681U] = 0U;
+  rand_stack.fst[682U] = 0U;
+  rand_stack.fst[683U] = 0U;
+  rand_stack.fst[684U] = 0U;
+  rand_stack.fst[685U] = 0U;
+  rand_stack.fst[686U] = 0U;
+  rand_stack.fst[687U] = 0U;
+  rand_stack.fst[688U] = 0U;
+  rand_stack.fst[689U] = 0U;
+  rand_stack.fst[690U] = 0U;
+  rand_stack.fst[691U] = 0U;
+  rand_stack.fst[692U] = 0U;
+  rand_stack.fst[693U] = 0U;
+  rand_stack.fst[694U] = 0U;
+  rand_stack.fst[695U] = 0U;
+  rand_stack.fst[696U] = 0U;
+  rand_stack.fst[697U] = 0U;
+  rand_stack.fst[698U] = 0U;
+  rand_stack.fst[699U] = 0U;
+  rand_stack.fst[700U] = 0U;
+  rand_stack.fst[701U] = 0U;
+  rand_stack.fst[702U] = 0U;
+  rand_stack.fst[703U] = 0U;
+  rand_stack.fst[704U] = 0U;
+  rand_stack.fst[705U] = 0U;
+  rand_stack.fst[706U] = 0U;
+  rand_stack.fst[707U] = 0U;
+  rand_stack.fst[708U] = 0U;
+  rand_stack.fst[709U] = 0U;
+  rand_stack.fst[710U] = 0U;
+  rand_stack.fst[711U] = 0U;
+  rand_stack.fst[712U] = 0U;
+  rand_stack.fst[713U] = 0U;
+  rand_stack.fst[714U] = 0U;
+  rand_stack.fst[715U] = 0U;
+  rand_stack.fst[716U] = 0U;
+  rand_stack.fst[717U] = 0U;
+  rand_stack.fst[718U] = 0U;
+  rand_stack.fst[719U] = 0U;
+  rand_stack.fst[720U] = 0U;
+  rand_stack.fst[721U] = 0U;
+  rand_stack.fst[722U] = 0U;
+  rand_stack.fst[723U] = 0U;
+  rand_stack.fst[724U] = 0U;
+  rand_stack.fst[725U] = 0U;
+  rand_stack.fst[726U] = 0U;
+  rand_stack.fst[727U] = 0U;
+  rand_stack.fst[728U] = 0U;
+  rand_stack.fst[729U] = 0U;
+  rand_stack.fst[730U] = 0U;
+  rand_stack.fst[731U] = 0U;
+  rand_stack.fst[732U] = 0U;
+  rand_stack.fst[733U] = 0U;
+  rand_stack.fst[734U] = 0U;
+  rand_stack.fst[735U] = 0U;
+  rand_stack.fst[736U] = 0U;
+  rand_stack.fst[737U] = 0U;
+  rand_stack.fst[738U] = 0U;
+  rand_stack.fst[739U] = 0U;
+  rand_stack.fst[740U] = 0U;
+  rand_stack.fst[741U] = 0U;
+  rand_stack.fst[742U] = 0U;
+  rand_stack.fst[743U] = 0U;
+  rand_stack.fst[744U] = 0U;
+  rand_stack.fst[745U] = 0U;
+  rand_stack.fst[746U] = 0U;
+  rand_stack.fst[747U] = 0U;
+  rand_stack.fst[748U] = 0U;
+  rand_stack.fst[749U] = 0U;
+  rand_stack.fst[750U] = 0U;
+  rand_stack.fst[751U] = 0U;
+  rand_stack.fst[752U] = 0U;
+  rand_stack.fst[753U] = 0U;
+  rand_stack.fst[754U] = 0U;
+  rand_stack.fst[755U] = 0U;
+  rand_stack.fst[756U] = 0U;
+  rand_stack.fst[757U] = 0U;
+  rand_stack.fst[758U] = 0U;
+  rand_stack.fst[759U] = 0U;
+  rand_stack.fst[760U] = 0U;
+  rand_stack.fst[761U] = 0U;
+  rand_stack.fst[762U] = 0U;
+  rand_stack.fst[763U] = 0U;
+  rand_stack.fst[764U] = 0U;
+  rand_stack.fst[765U] = 0U;
+  rand_stack.fst[766U] = 0U;
+  rand_stack.fst[767U] = 0U;
+  rand_stack.fst[768U] = 0U;
+  rand_stack.fst[769U] = 0U;
+  rand_stack.fst[770U] = 0U;
+  rand_stack.fst[771U] = 0U;
+  rand_stack.fst[772U] = 0U;
+  rand_stack.fst[773U] = 0U;
+  rand_stack.fst[774U] = 0U;
+  rand_stack.fst[775U] = 0U;
+  rand_stack.fst[776U] = 0U;
+  rand_stack.fst[777U] = 0U;
+  rand_stack.fst[778U] = 0U;
+  rand_stack.fst[779U] = 0U;
+  rand_stack.fst[780U] = 0U;
+  rand_stack.fst[781U] = 0U;
+  rand_stack.fst[782U] = 0U;
+  rand_stack.fst[783U] = 0U;
+  rand_stack.fst[784U] = 0U;
+  rand_stack.fst[785U] = 0U;
+  rand_stack.fst[786U] = 0U;
+  rand_stack.fst[787U] = 0U;
+  rand_stack.fst[788U] = 0U;
+  rand_stack.fst[789U] = 0U;
+  rand_stack.fst[790U] = 0U;
+  rand_stack.fst[791U] = 0U;
+  rand_stack.fst[792U] = 0U;
+  rand_stack.fst[793U] = 0U;
+  rand_stack.fst[794U] = 0U;
+  rand_stack.fst[795U] = 0U;
+  rand_stack.fst[796U] = 0U;
+  rand_stack.fst[797U] = 0U;
+  rand_stack.fst[798U] = 0U;
+  rand_stack.fst[799U] = 0U;
+  rand_stack.fst[800U] = 0U;
+  rand_stack.fst[801U] = 0U;
+  rand_stack.fst[802U] = 0U;
+  rand_stack.fst[803U] = 0U;
+  rand_stack.fst[804U] = 0U;
+  rand_stack.fst[805U] = 0U;
+  rand_stack.fst[806U] = 0U;
+  rand_stack.fst[807U] = 0U;
+  rand_stack.fst[808U] = 0U;
+  rand_stack.fst[809U] = 0U;
+  rand_stack.fst[810U] = 0U;
+  rand_stack.fst[811U] = 0U;
+  rand_stack.fst[812U] = 0U;
+  rand_stack.fst[813U] = 0U;
+  rand_stack.fst[814U] = 0U;
+  rand_stack.fst[815U] = 0U;
+  rand_stack.fst[816U] = 0U;
+  rand_stack.fst[817U] = 0U;
+  rand_stack.fst[818U] = 0U;
+  rand_stack.fst[819U] = 0U;
+  rand_stack.fst[820U] = 0U;
+  rand_stack.fst[821U] = 0U;
+  rand_stack.fst[822U] = 0U;
+  rand_stack.fst[823U] = 0U;
+  rand_stack.fst[824U] = 0U;
+  rand_stack.fst[825U] = 0U;
+  rand_stack.fst[826U] = 0U;
+  rand_stack.fst[827U] = 0U;
+  rand_stack.fst[828U] = 0U;
+  rand_stack.fst[829U] = 0U;
+  rand_stack.fst[830U] = 0U;
+  rand_stack.fst[831U] = 0U;
+  rand_stack.fst[832U] = 0U;
+  rand_stack.fst[833U] = 0U;
+  rand_stack.fst[834U] = 0U;
+  rand_stack.fst[835U] = 0U;
+  rand_stack.fst[836U] = 0U;
+  rand_stack.fst[837U] = 0U;
+  rand_stack.fst[838U] = 0U;
+  rand_stack.fst[839U] = 0U;
+  memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t));
+  memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t));
+  rand_stack.f3[0U] = 0U;
+  rand_stack.f3[1U] = 0U;
+  rand_stack.f3[2U] = 0U;
+  rand_stack.f3[3U] = 0U;
+  rand_stack.f3[4U] = 0U;
+  rand_stack.f3[5U] = 0U;
+  rand_stack.f3[6U] = 0U;
+  rand_stack.f3[7U] = 0U;
+  rand_stack.f3[8U] = 0U;
+  rand_stack.f3[9U] = 0U;
+  rand_stack.f3[10U] = 0U;
+  rand_stack.f3[11U] = 0U;
+  rand_stack.f3[12U] = 0U;
+  rand_stack.f3[13U] = 0U;
+  rand_stack.f3[14U] = 0U;
+  rand_stack.f3[15U] = 0U;
+  rand_stack.f3[16U] = 0U;
+  rand_stack.f3[17U] = 0U;
+  rand_stack.f3[18U] = 0U;
+  rand_stack.f3[19U] = 0U;
+  rand_stack.f3[20U] = 0U;
+  rand_stack.f3[21U] = 0U;
+  rand_stack.f3[22U] = 0U;
+  rand_stack.f3[23U] = 0U;
+  rand_stack.f3[24U] = 0U;
+  rand_stack.f3[25U] = 0U;
+  rand_stack.f3[26U] = 0U;
+  rand_stack.f3[27U] = 0U;
+  rand_stack.f3[28U] = 0U;
+  rand_stack.f3[29U] = 0U;
+  rand_stack.f3[30U] = 0U;
+  rand_stack.f3[31U] = 0U;
+  rand_stack.f3[32U] = 0U;
+  rand_stack.f3[33U] = 0U;
+  rand_stack.f3[34U] = 0U;
+  rand_stack.f3[35U] = 0U;
+  rand_stack.f3[36U] = 0U;
+  rand_stack.f3[37U] = 0U;
+  rand_stack.f3[38U] = 0U;
+  rand_stack.f3[39U] = 0U;
+  rand_stack.f3[40U] = 0U;
+  rand_stack.f3[41U] = 0U;
+  rand_stack.f3[42U] = 0U;
+  rand_stack.f3[43U] = 0U;
+  rand_stack.f3[44U] = 0U;
+  rand_stack.f3[45U] = 0U;
+  rand_stack.f3[46U] = 0U;
+  rand_stack.f3[47U] = 0U;
+  rand_stack.f3[48U] = 0U;
+  rand_stack.f3[49U] = 0U;
+  rand_stack.f3[50U] = 0U;
+  rand_stack.f3[51U] = 0U;
+  rand_stack.f3[52U] = 0U;
+  rand_stack.f3[53U] = 0U;
+  rand_stack.f3[54U] = 0U;
+  rand_stack.f3[55U] = 0U;
+  rand_stack.f3[56U] = 0U;
+  rand_stack.f3[57U] = 0U;
+  rand_stack.f3[58U] = 0U;
+  rand_stack.f3[59U] = 0U;
+  rand_stack.f3[60U] = 0U;
+  rand_stack.f3[61U] = 0U;
+  rand_stack.f3[62U] = 0U;
+  rand_stack.f3[63U] = 0U;
+  rand_stack.f3[64U] = 0U;
+  rand_stack.f3[65U] = 0U;
+  rand_stack.f3[66U] = 0U;
+  rand_stack.f3[67U] = 0U;
+  rand_stack.f3[68U] = 0U;
+  rand_stack.f3[69U] = 0U;
+  rand_stack.f3[70U] = 0U;
+  rand_stack.f3[71U] = 0U;
+  rand_stack.f3[72U] = 0U;
+  rand_stack.f3[73U] = 0U;
+  rand_stack.f3[74U] = 0U;
+  rand_stack.f3[75U] = 0U;
+  rand_stack.f3[76U] = 0U;
+  rand_stack.f3[77U] = 0U;
+  rand_stack.f3[78U] = 0U;
+  rand_stack.f3[79U] = 0U;
+  rand_stack.f3[80U] = 0U;
+  rand_stack.f3[81U] = 0U;
+  rand_stack.f3[82U] = 0U;
+  rand_stack.f3[83U] = 0U;
+  rand_stack.f3[84U] = 0U;
+  rand_stack.f3[85U] = 0U;
+  rand_stack.f3[86U] = 0U;
+  rand_stack.f3[87U] = 0U;
+  rand_stack.f3[88U] = 0U;
+  rand_stack.f3[89U] = 0U;
+  rand_stack.f3[90U] = 0U;
+  rand_stack.f3[91U] = 0U;
+  rand_stack.f3[92U] = 0U;
+  rand_stack.f3[93U] = 0U;
+  rand_stack.f3[94U] = 0U;
+  rand_stack.f3[95U] = 0U;
+  rand_stack.f3[96U] = 0U;
+  rand_stack.f3[97U] = 0U;
+  rand_stack.f3[98U] = 0U;
+  rand_stack.f3[99U] = 0U;
+  rand_stack.f3[100U] = 0U;
+  rand_stack.f3[101U] = 0U;
+  rand_stack.f3[102U] = 0U;
+  rand_stack.f3[103U] = 0U;
+  rand_stack.f3[104U] = 0U;
+  rand_stack.f3[105U] = 0U;
+  rand_stack.f3[106U] = 0U;
+  rand_stack.f3[107U] = 0U;
+  rand_stack.f3[108U] = 0U;
+  rand_stack.f3[109U] = 0U;
+  rand_stack.f3[110U] = 0U;
+  rand_stack.f3[111U] = 0U;
+  rand_stack.f3[112U] = 0U;
+  rand_stack.f3[113U] = 0U;
+  rand_stack.f3[114U] = 0U;
+  rand_stack.f3[115U] = 0U;
+  rand_stack.f3[116U] = 0U;
+  rand_stack.f3[117U] = 0U;
+  rand_stack.f3[118U] = 0U;
+  rand_stack.f3[119U] = 0U;
+  rand_stack.f3[120U] = 0U;
+  rand_stack.f3[121U] = 0U;
+  rand_stack.f3[122U] = 0U;
+  rand_stack.f3[123U] = 0U;
+  rand_stack.f3[124U] = 0U;
+  rand_stack.f3[125U] = 0U;
+  rand_stack.f3[126U] = 0U;
+  rand_stack.f3[127U] = 0U;
+  rand_stack.f3[128U] = 0U;
+  rand_stack.f3[129U] = 0U;
+  rand_stack.f3[130U] = 0U;
+  rand_stack.f3[131U] = 0U;
+  rand_stack.f3[132U] = 0U;
+  rand_stack.f3[133U] = 0U;
+  rand_stack.f3[134U] = 0U;
+  rand_stack.f3[135U] = 0U;
+  rand_stack.f3[136U] = 0U;
+  rand_stack.f3[137U] = 0U;
+  rand_stack.f3[138U] = 0U;
+  rand_stack.f3[139U] = 0U;
+  rand_stack.f3[140U] = 0U;
+  rand_stack.f3[141U] = 0U;
+  rand_stack.f3[142U] = 0U;
+  rand_stack.f3[143U] = 0U;
+  rand_stack.f3[144U] = 0U;
+  rand_stack.f3[145U] = 0U;
+  rand_stack.f3[146U] = 0U;
+  rand_stack.f3[147U] = 0U;
+  rand_stack.f3[148U] = 0U;
+  rand_stack.f3[149U] = 0U;
+  rand_stack.f3[150U] = 0U;
+  rand_stack.f3[151U] = 0U;
+  rand_stack.f3[152U] = 0U;
+  rand_stack.f3[153U] = 0U;
+  rand_stack.f3[154U] = 0U;
+  rand_stack.f3[155U] = 0U;
+  rand_stack.f3[156U] = 0U;
+  rand_stack.f3[157U] = 0U;
+  rand_stack.f3[158U] = 0U;
+  rand_stack.f3[159U] = 0U;
+  rand_stack.f3[160U] = 0U;
+  rand_stack.f3[161U] = 0U;
+  rand_stack.f3[162U] = 0U;
+  rand_stack.f3[163U] = 0U;
+  rand_stack.f3[164U] = 0U;
+  rand_stack.f3[165U] = 0U;
+  rand_stack.f3[166U] = 0U;
+  rand_stack.f3[167U] = 0U;
+  rand_stack.f3[168U] = 0U;
+  rand_stack.f3[169U] = 0U;
+  rand_stack.f3[170U] = 0U;
+  rand_stack.f3[171U] = 0U;
+  rand_stack.f3[172U] = 0U;
+  rand_stack.f3[173U] = 0U;
+  rand_stack.f3[174U] = 0U;
+  rand_stack.f3[175U] = 0U;
+  rand_stack.f3[176U] = 0U;
+  rand_stack.f3[177U] = 0U;
+  rand_stack.f3[178U] = 0U;
+  rand_stack.f3[179U] = 0U;
+  rand_stack.f3[180U] = 0U;
+  rand_stack.f3[181U] = 0U;
+  rand_stack.f3[182U] = 0U;
+  rand_stack.f3[183U] = 0U;
+  rand_stack.f3[184U] = 0U;
+  rand_stack.f3[185U] = 0U;
+  rand_stack.f3[186U] = 0U;
+  rand_stack.f3[187U] = 0U;
+  rand_stack.f3[188U] = 0U;
+  rand_stack.f3[189U] = 0U;
+  rand_stack.f3[190U] = 0U;
+  rand_stack.f3[191U] = 0U;
+  rand_stack.f3[192U] = 0U;
+  rand_stack.f3[193U] = 0U;
+  rand_stack.f3[194U] = 0U;
+  rand_stack.f3[195U] = 0U;
+  rand_stack.f3[196U] = 0U;
+  rand_stack.f3[197U] = 0U;
+  rand_stack.f3[198U] = 0U;
+  rand_stack.f3[199U] = 0U;
+  rand_stack.f3[200U] = 0U;
+  rand_stack.f3[201U] = 0U;
+  rand_stack.f3[202U] = 0U;
+  rand_stack.f3[203U] = 0U;
+  rand_stack.f3[204U] = 0U;
+  rand_stack.f3[205U] = 0U;
+  rand_stack.f3[206U] = 0U;
+  rand_stack.f3[207U] = 0U;
+  rand_stack.f3[208U] = 0U;
+  rand_stack.f3[209U] = 0U;
+  rand_stack.f3[210U] = 0U;
+  rand_stack.f3[211U] = 0U;
+  rand_stack.f3[212U] = 0U;
+  rand_stack.f3[213U] = 0U;
+  rand_stack.f3[214U] = 0U;
+  rand_stack.f3[215U] = 0U;
+  rand_stack.f3[216U] = 0U;
+  rand_stack.f3[217U] = 0U;
+  rand_stack.f3[218U] = 0U;
+  rand_stack.f3[219U] = 0U;
+  rand_stack.f3[220U] = 0U;
+  rand_stack.f3[221U] = 0U;
+  rand_stack.f3[222U] = 0U;
+  rand_stack.f3[223U] = 0U;
+  rand_stack.f3[224U] = 0U;
+  rand_stack.f3[225U] = 0U;
+  rand_stack.f3[226U] = 0U;
+  rand_stack.f3[227U] = 0U;
+  rand_stack.f3[228U] = 0U;
+  rand_stack.f3[229U] = 0U;
+  rand_stack.f3[230U] = 0U;
+  rand_stack.f3[231U] = 0U;
+  rand_stack.f3[232U] = 0U;
+  rand_stack.f3[233U] = 0U;
+  rand_stack.f3[234U] = 0U;
+  rand_stack.f3[235U] = 0U;
+  rand_stack.f3[236U] = 0U;
+  rand_stack.f3[237U] = 0U;
+  rand_stack.f3[238U] = 0U;
+  rand_stack.f3[239U] = 0U;
+  rand_stack.f3[240U] = 0U;
+  rand_stack.f3[241U] = 0U;
+  rand_stack.f3[242U] = 0U;
+  rand_stack.f3[243U] = 0U;
+  rand_stack.f3[244U] = 0U;
+  rand_stack.f3[245U] = 0U;
+  rand_stack.f3[246U] = 0U;
+  rand_stack.f3[247U] = 0U;
+  rand_stack.f3[248U] = 0U;
+  rand_stack.f3[249U] = 0U;
+  rand_stack.f3[250U] = 0U;
+  rand_stack.f3[251U] = 0U;
+  rand_stack.f3[252U] = 0U;
+  rand_stack.f3[253U] = 0U;
+  rand_stack.f3[254U] = 0U;
+  rand_stack.f3[255U] = 0U;
+  rand_stack.f3[256U] = 0U;
+  rand_stack.f3[257U] = 0U;
+  rand_stack.f3[258U] = 0U;
+  rand_stack.f3[259U] = 0U;
+  rand_stack.f3[260U] = 0U;
+  rand_stack.f3[261U] = 0U;
+  rand_stack.f3[262U] = 0U;
+  rand_stack.f3[263U] = 0U;
+  rand_stack.f3[264U] = 0U;
+  rand_stack.f3[265U] = 0U;
+  rand_stack.f3[266U] = 0U;
+  rand_stack.f3[267U] = 0U;
+  rand_stack.f3[268U] = 0U;
+  rand_stack.f3[269U] = 0U;
+  rand_stack.f3[270U] = 0U;
+  rand_stack.f3[271U] = 0U;
+  rand_stack.f3[272U] = 0U;
+  rand_stack.f3[273U] = 0U;
+  rand_stack.f3[274U] = 0U;
+  rand_stack.f3[275U] = 0U;
+  rand_stack.f3[276U] = 0U;
+  rand_stack.f3[277U] = 0U;
+  rand_stack.f3[278U] = 0U;
+  rand_stack.f3[279U] = 0U;
+  rand_stack.f3[280U] = 0U;
+  rand_stack.f3[281U] = 0U;
+  rand_stack.f3[282U] = 0U;
+  rand_stack.f3[283U] = 0U;
+  rand_stack.f3[284U] = 0U;
+  rand_stack.f3[285U] = 0U;
+  rand_stack.f3[286U] = 0U;
+  rand_stack.f3[287U] = 0U;
+  rand_stack.f3[288U] = 0U;
+  rand_stack.f3[289U] = 0U;
+  rand_stack.f3[290U] = 0U;
+  rand_stack.f3[291U] = 0U;
+  rand_stack.f3[292U] = 0U;
+  rand_stack.f3[293U] = 0U;
+  rand_stack.f3[294U] = 0U;
+  rand_stack.f3[295U] = 0U;
+  rand_stack.f3[296U] = 0U;
+  rand_stack.f3[297U] = 0U;
+  rand_stack.f3[298U] = 0U;
+  rand_stack.f3[299U] = 0U;
+  rand_stack.f3[300U] = 0U;
+  rand_stack.f3[301U] = 0U;
+  rand_stack.f3[302U] = 0U;
+  rand_stack.f3[303U] = 0U;
+  rand_stack.f3[304U] = 0U;
+  rand_stack.f3[305U] = 0U;
+  rand_stack.f3[306U] = 0U;
+  rand_stack.f3[307U] = 0U;
+  rand_stack.f3[308U] = 0U;
+  rand_stack.f3[309U] = 0U;
+  rand_stack.f3[310U] = 0U;
+  rand_stack.f3[311U] = 0U;
+  rand_stack.f3[312U] = 0U;
+  rand_stack.f3[313U] = 0U;
+  rand_stack.f3[314U] = 0U;
+  rand_stack.f3[315U] = 0U;
+  rand_stack.f3[316U] = 0U;
+  rand_stack.f3[317U] = 0U;
+  rand_stack.f3[318U] = 0U;
+  rand_stack.f3[319U] = 0U;
+  rand_stack.f3[320U] = 0U;
+  rand_stack.f3[321U] = 0U;
+  rand_stack.f3[322U] = 0U;
+  rand_stack.f3[323U] = 0U;
+  rand_stack.f3[324U] = 0U;
+  rand_stack.f3[325U] = 0U;
+  rand_stack.f3[326U] = 0U;
+  rand_stack.f3[327U] = 0U;
+  rand_stack.f3[328U] = 0U;
+  rand_stack.f3[329U] = 0U;
+  rand_stack.f3[330U] = 0U;
+  rand_stack.f3[331U] = 0U;
+  rand_stack.f3[332U] = 0U;
+  rand_stack.f3[333U] = 0U;
+  rand_stack.f3[334U] = 0U;
+  rand_stack.f3[335U] = 0U;
+  rand_stack.f3[336U] = 0U;
+  rand_stack.f3[337U] = 0U;
+  rand_stack.f3[338U] = 0U;
+  rand_stack.f3[339U] = 0U;
+  rand_stack.f3[340U] = 0U;
+  rand_stack.f3[341U] = 0U;
+  rand_stack.f3[342U] = 0U;
+  rand_stack.f3[343U] = 0U;
+  rand_stack.f3[344U] = 0U;
+  rand_stack.f3[345U] = 0U;
+  rand_stack.f3[346U] = 0U;
+  rand_stack.f3[347U] = 0U;
+  rand_stack.f3[348U] = 0U;
+  rand_stack.f3[349U] = 0U;
+  rand_stack.f3[350U] = 0U;
+  rand_stack.f3[351U] = 0U;
+  rand_stack.f3[352U] = 0U;
+  rand_stack.f3[353U] = 0U;
+  rand_stack.f3[354U] = 0U;
+  rand_stack.f3[355U] = 0U;
+  rand_stack.f3[356U] = 0U;
+  rand_stack.f3[357U] = 0U;
+  rand_stack.f3[358U] = 0U;
+  rand_stack.f3[359U] = 0U;
+  rand_stack.f3[360U] = 0U;
+  rand_stack.f3[361U] = 0U;
+  rand_stack.f3[362U] = 0U;
+  rand_stack.f3[363U] = 0U;
+  rand_stack.f3[364U] = 0U;
+  rand_stack.f3[365U] = 0U;
+  rand_stack.f3[366U] = 0U;
+  rand_stack.f3[367U] = 0U;
+  rand_stack.f3[368U] = 0U;
+  rand_stack.f3[369U] = 0U;
+  rand_stack.f3[370U] = 0U;
+  rand_stack.f3[371U] = 0U;
+  rand_stack.f3[372U] = 0U;
+  rand_stack.f3[373U] = 0U;
+  rand_stack.f3[374U] = 0U;
+  rand_stack.f3[375U] = 0U;
+  rand_stack.f3[376U] = 0U;
+  rand_stack.f3[377U] = 0U;
+  rand_stack.f3[378U] = 0U;
+  rand_stack.f3[379U] = 0U;
+  rand_stack.f3[380U] = 0U;
+  rand_stack.f3[381U] = 0U;
+  rand_stack.f3[382U] = 0U;
+  rand_stack.f3[383U] = 0U;
+  rand_stack.f3[384U] = 0U;
+  rand_stack.f3[385U] = 0U;
+  rand_stack.f3[386U] = 0U;
+  rand_stack.f3[387U] = 0U;
+  rand_stack.f3[388U] = 0U;
+  rand_stack.f3[389U] = 0U;
+  rand_stack.f3[390U] = 0U;
+  rand_stack.f3[391U] = 0U;
+  rand_stack.f3[392U] = 0U;
+  rand_stack.f3[393U] = 0U;
+  rand_stack.f3[394U] = 0U;
+  rand_stack.f3[395U] = 0U;
+  rand_stack.f3[396U] = 0U;
+  rand_stack.f3[397U] = 0U;
+  rand_stack.f3[398U] = 0U;
+  rand_stack.f3[399U] = 0U;
+  rand_stack.f3[400U] = 0U;
+  rand_stack.f3[401U] = 0U;
+  rand_stack.f3[402U] = 0U;
+  rand_stack.f3[403U] = 0U;
+  rand_stack.f3[404U] = 0U;
+  rand_stack.f3[405U] = 0U;
+  rand_stack.f3[406U] = 0U;
+  rand_stack.f3[407U] = 0U;
+  rand_stack.f3[408U] = 0U;
+  rand_stack.f3[409U] = 0U;
+  rand_stack.f3[410U] = 0U;
+  rand_stack.f3[411U] = 0U;
+  rand_stack.f3[412U] = 0U;
+  rand_stack.f3[413U] = 0U;
+  rand_stack.f3[414U] = 0U;
+  rand_stack.f3[415U] = 0U;
+  rand_stack.f3[416U] = 0U;
+  rand_stack.f3[417U] = 0U;
+  rand_stack.f3[418U] = 0U;
+  rand_stack.f3[419U] = 0U;
+  rand_stack.f3[420U] = 0U;
+  rand_stack.f3[421U] = 0U;
+  rand_stack.f3[422U] = 0U;
+  rand_stack.f3[423U] = 0U;
+  rand_stack.f3[424U] = 0U;
+  rand_stack.f3[425U] = 0U;
+  rand_stack.f3[426U] = 0U;
+  rand_stack.f3[427U] = 0U;
+  rand_stack.f3[428U] = 0U;
+  rand_stack.f3[429U] = 0U;
+  rand_stack.f3[430U] = 0U;
+  rand_stack.f3[431U] = 0U;
+  rand_stack.f3[432U] = 0U;
+  rand_stack.f3[433U] = 0U;
+  rand_stack.f3[434U] = 0U;
+  rand_stack.f3[435U] = 0U;
+  rand_stack.f3[436U] = 0U;
+  rand_stack.f3[437U] = 0U;
+  rand_stack.f3[438U] = 0U;
+  rand_stack.f3[439U] = 0U;
+  rand_stack.f3[440U] = 0U;
+  rand_stack.f3[441U] = 0U;
+  rand_stack.f3[442U] = 0U;
+  rand_stack.f3[443U] = 0U;
+  rand_stack.f3[444U] = 0U;
+  rand_stack.f3[445U] = 0U;
+  rand_stack.f3[446U] = 0U;
+  rand_stack.f3[447U] = 0U;
+  rand_stack.f3[448U] = 0U;
+  rand_stack.f3[449U] = 0U;
+  rand_stack.f3[450U] = 0U;
+  rand_stack.f3[451U] = 0U;
+  rand_stack.f3[452U] = 0U;
+  rand_stack.f3[453U] = 0U;
+  rand_stack.f3[454U] = 0U;
+  rand_stack.f3[455U] = 0U;
+  rand_stack.f3[456U] = 0U;
+  rand_stack.f3[457U] = 0U;
+  rand_stack.f3[458U] = 0U;
+  rand_stack.f3[459U] = 0U;
+  rand_stack.f3[460U] = 0U;
+  rand_stack.f3[461U] = 0U;
+  rand_stack.f3[462U] = 0U;
+  rand_stack.f3[463U] = 0U;
+  rand_stack.f3[464U] = 0U;
+  rand_stack.f3[465U] = 0U;
+  rand_stack.f3[466U] = 0U;
+  rand_stack.f3[467U] = 0U;
+  rand_stack.f3[468U] = 0U;
+  rand_stack.f3[469U] = 0U;
+  rand_stack.f3[470U] = 0U;
+  rand_stack.f3[471U] = 0U;
+  rand_stack.f3[472U] = 0U;
+  rand_stack.f3[473U] = 0U;
+  rand_stack.f3[474U] = 0U;
+  rand_stack.f3[475U] = 0U;
+  rand_stack.f3[476U] = 0U;
+  rand_stack.f3[477U] = 0U;
+  rand_stack.f3[478U] = 0U;
+  rand_stack.f3[479U] = 0U;
+  rand_stack.f3[480U] = 0U;
+  rand_stack.f3[481U] = 0U;
+  rand_stack.f3[482U] = 0U;
+  rand_stack.f3[483U] = 0U;
+  rand_stack.f3[484U] = 0U;
+  rand_stack.f3[485U] = 0U;
+  rand_stack.f3[486U] = 0U;
+  rand_stack.f3[487U] = 0U;
+  rand_stack.f3[488U] = 0U;
+  rand_stack.f3[489U] = 0U;
+  rand_stack.f3[490U] = 0U;
+  rand_stack.f3[491U] = 0U;
+  rand_stack.f3[492U] = 0U;
+  rand_stack.f3[493U] = 0U;
+  rand_stack.f3[494U] = 0U;
+  rand_stack.f3[495U] = 0U;
+  rand_stack.f3[496U] = 0U;
+  rand_stack.f3[497U] = 0U;
+  rand_stack.f3[498U] = 0U;
+  rand_stack.f3[499U] = 0U;
+  rand_stack.f3[500U] = 0U;
+  rand_stack.f3[501U] = 0U;
+  rand_stack.f3[502U] = 0U;
+  rand_stack.f3[503U] = 0U;
+  rand_stack.f3[504U] = 0U;
+  rand_stack.f3[505U] = 0U;
+  rand_stack.f3[506U] = 0U;
+  rand_stack.f3[507U] = 0U;
+  rand_stack.f3[508U] = 0U;
+  rand_stack.f3[509U] = 0U;
+  rand_stack.f3[510U] = 0U;
+  rand_stack.f3[511U] = 0U;
+  rand_stack.f3[512U] = 0U;
+  rand_stack.f3[513U] = 0U;
+  rand_stack.f3[514U] = 0U;
+  rand_stack.f3[515U] = 0U;
+  rand_stack.f3[516U] = 0U;
+  rand_stack.f3[517U] = 0U;
+  rand_stack.f3[518U] = 0U;
+  rand_stack.f3[519U] = 0U;
+  rand_stack.f3[520U] = 0U;
+  rand_stack.f3[521U] = 0U;
+  rand_stack.f3[522U] = 0U;
+  rand_stack.f3[523U] = 0U;
+  rand_stack.f3[524U] = 0U;
+  rand_stack.f3[525U] = 0U;
+  rand_stack.f3[526U] = 0U;
+  rand_stack.f3[527U] = 0U;
+  rand_stack.f3[528U] = 0U;
+  rand_stack.f3[529U] = 0U;
+  rand_stack.f3[530U] = 0U;
+  rand_stack.f3[531U] = 0U;
+  rand_stack.f3[532U] = 0U;
+  rand_stack.f3[533U] = 0U;
+  rand_stack.f3[534U] = 0U;
+  rand_stack.f3[535U] = 0U;
+  rand_stack.f3[536U] = 0U;
+  rand_stack.f3[537U] = 0U;
+  rand_stack.f3[538U] = 0U;
+  rand_stack.f3[539U] = 0U;
+  rand_stack.f3[540U] = 0U;
+  rand_stack.f3[541U] = 0U;
+  rand_stack.f3[542U] = 0U;
+  rand_stack.f3[543U] = 0U;
+  rand_stack.f3[544U] = 0U;
+  rand_stack.f3[545U] = 0U;
+  rand_stack.f3[546U] = 0U;
+  rand_stack.f3[547U] = 0U;
+  rand_stack.f3[548U] = 0U;
+  rand_stack.f3[549U] = 0U;
+  rand_stack.f3[550U] = 0U;
+  rand_stack.f3[551U] = 0U;
+  rand_stack.f3[552U] = 0U;
+  rand_stack.f3[553U] = 0U;
+  rand_stack.f3[554U] = 0U;
+  rand_stack.f3[555U] = 0U;
+  rand_stack.f3[556U] = 0U;
+  rand_stack.f3[557U] = 0U;
+  rand_stack.f3[558U] = 0U;
+  rand_stack.f3[559U] = 0U;
+  rand_stack.f3[560U] = 0U;
+  rand_stack.f3[561U] = 0U;
+  rand_stack.f3[562U] = 0U;
+  rand_stack.f3[563U] = 0U;
+  rand_stack.f3[564U] = 0U;
+  rand_stack.f3[565U] = 0U;
+  rand_stack.f3[566U] = 0U;
+  rand_stack.f3[567U] = 0U;
+  rand_stack.f3[568U] = 0U;
+  rand_stack.f3[569U] = 0U;
+  rand_stack.f3[570U] = 0U;
+  rand_stack.f3[571U] = 0U;
+  rand_stack.f3[572U] = 0U;
+  rand_stack.f3[573U] = 0U;
+  rand_stack.f3[574U] = 0U;
+  rand_stack.f3[575U] = 0U;
+  rand_stack.f3[576U] = 0U;
+  rand_stack.f3[577U] = 0U;
+  rand_stack.f3[578U] = 0U;
+  rand_stack.f3[579U] = 0U;
+  rand_stack.f3[580U] = 0U;
+  rand_stack.f3[581U] = 0U;
+  rand_stack.f3[582U] = 0U;
+  rand_stack.f3[583U] = 0U;
+  rand_stack.f3[584U] = 0U;
+  rand_stack.f3[585U] = 0U;
+  rand_stack.f3[586U] = 0U;
+  rand_stack.f3[587U] = 0U;
+  rand_stack.f3[588U] = 0U;
+  rand_stack.f3[589U] = 0U;
+  rand_stack.f3[590U] = 0U;
+  rand_stack.f3[591U] = 0U;
+  rand_stack.f3[592U] = 0U;
+  rand_stack.f3[593U] = 0U;
+  rand_stack.f3[594U] = 0U;
+  rand_stack.f3[595U] = 0U;
+  rand_stack.f3[596U] = 0U;
+  rand_stack.f3[597U] = 0U;
+  rand_stack.f3[598U] = 0U;
+  rand_stack.f3[599U] = 0U;
+  rand_stack.f3[600U] = 0U;
+  rand_stack.f3[601U] = 0U;
+  rand_stack.f3[602U] = 0U;
+  rand_stack.f3[603U] = 0U;
+  rand_stack.f3[604U] = 0U;
+  rand_stack.f3[605U] = 0U;
+  rand_stack.f3[606U] = 0U;
+  rand_stack.f3[607U] = 0U;
+  rand_stack.f3[608U] = 0U;
+  rand_stack.f3[609U] = 0U;
+  rand_stack.f3[610U] = 0U;
+  rand_stack.f3[611U] = 0U;
+  rand_stack.f3[612U] = 0U;
+  rand_stack.f3[613U] = 0U;
+  rand_stack.f3[614U] = 0U;
+  rand_stack.f3[615U] = 0U;
+  rand_stack.f3[616U] = 0U;
+  rand_stack.f3[617U] = 0U;
+  rand_stack.f3[618U] = 0U;
+  rand_stack.f3[619U] = 0U;
+  rand_stack.f3[620U] = 0U;
+  rand_stack.f3[621U] = 0U;
+  rand_stack.f3[622U] = 0U;
+  rand_stack.f3[623U] = 0U;
+  rand_stack.f3[624U] = 0U;
+  rand_stack.f3[625U] = 0U;
+  rand_stack.f3[626U] = 0U;
+  rand_stack.f3[627U] = 0U;
+  rand_stack.f3[628U] = 0U;
+  rand_stack.f3[629U] = 0U;
+  rand_stack.f3[630U] = 0U;
+  rand_stack.f3[631U] = 0U;
+  rand_stack.f3[632U] = 0U;
+  rand_stack.f3[633U] = 0U;
+  rand_stack.f3[634U] = 0U;
+  rand_stack.f3[635U] = 0U;
+  rand_stack.f3[636U] = 0U;
+  rand_stack.f3[637U] = 0U;
+  rand_stack.f3[638U] = 0U;
+  rand_stack.f3[639U] = 0U;
+  rand_stack.f3[640U] = 0U;
+  rand_stack.f3[641U] = 0U;
+  rand_stack.f3[642U] = 0U;
+  rand_stack.f3[643U] = 0U;
+  rand_stack.f3[644U] = 0U;
+  rand_stack.f3[645U] = 0U;
+  rand_stack.f3[646U] = 0U;
+  rand_stack.f3[647U] = 0U;
+  rand_stack.f3[648U] = 0U;
+  rand_stack.f3[649U] = 0U;
+  rand_stack.f3[650U] = 0U;
+  rand_stack.f3[651U] = 0U;
+  rand_stack.f3[652U] = 0U;
+  rand_stack.f3[653U] = 0U;
+  rand_stack.f3[654U] = 0U;
+  rand_stack.f3[655U] = 0U;
+  rand_stack.f3[656U] = 0U;
+  rand_stack.f3[657U] = 0U;
+  rand_stack.f3[658U] = 0U;
+  rand_stack.f3[659U] = 0U;
+  rand_stack.f3[660U] = 0U;
+  rand_stack.f3[661U] = 0U;
+  rand_stack.f3[662U] = 0U;
+  rand_stack.f3[663U] = 0U;
+  rand_stack.f3[664U] = 0U;
+  rand_stack.f3[665U] = 0U;
+  rand_stack.f3[666U] = 0U;
+  rand_stack.f3[667U] = 0U;
+  rand_stack.f3[668U] = 0U;
+  rand_stack.f3[669U] = 0U;
+  rand_stack.f3[670U] = 0U;
+  rand_stack.f3[671U] = 0U;
+  rand_stack.f3[672U] = 0U;
+  rand_stack.f3[673U] = 0U;
+  rand_stack.f3[674U] = 0U;
+  rand_stack.f3[675U] = 0U;
+  rand_stack.f3[676U] = 0U;
+  rand_stack.f3[677U] = 0U;
+  rand_stack.f3[678U] = 0U;
+  rand_stack.f3[679U] = 0U;
+  rand_stack.f3[680U] = 0U;
+  rand_stack.f3[681U] = 0U;
+  rand_stack.f3[682U] = 0U;
+  rand_stack.f3[683U] = 0U;
+  rand_stack.f3[684U] = 0U;
+  rand_stack.f3[685U] = 0U;
+  rand_stack.f3[686U] = 0U;
+  rand_stack.f3[687U] = 0U;
+  rand_stack.f3[688U] = 0U;
+  rand_stack.f3[689U] = 0U;
+  rand_stack.f3[690U] = 0U;
+  rand_stack.f3[691U] = 0U;
+  rand_stack.f3[692U] = 0U;
+  rand_stack.f3[693U] = 0U;
+  rand_stack.f3[694U] = 0U;
+  rand_stack.f3[695U] = 0U;
+  rand_stack.f3[696U] = 0U;
+  rand_stack.f3[697U] = 0U;
+  rand_stack.f3[698U] = 0U;
+  rand_stack.f3[699U] = 0U;
+  rand_stack.f3[700U] = 0U;
+  rand_stack.f3[701U] = 0U;
+  rand_stack.f3[702U] = 0U;
+  rand_stack.f3[703U] = 0U;
+  rand_stack.f3[704U] = 0U;
+  rand_stack.f3[705U] = 0U;
+  rand_stack.f3[706U] = 0U;
+  rand_stack.f3[707U] = 0U;
+  rand_stack.f3[708U] = 0U;
+  rand_stack.f3[709U] = 0U;
+  rand_stack.f3[710U] = 0U;
+  rand_stack.f3[711U] = 0U;
+  rand_stack.f3[712U] = 0U;
+  rand_stack.f3[713U] = 0U;
+  rand_stack.f3[714U] = 0U;
+  rand_stack.f3[715U] = 0U;
+  rand_stack.f3[716U] = 0U;
+  rand_stack.f3[717U] = 0U;
+  rand_stack.f3[718U] = 0U;
+  rand_stack.f3[719U] = 0U;
+  rand_stack.f3[720U] = 0U;
+  rand_stack.f3[721U] = 0U;
+  rand_stack.f3[722U] = 0U;
+  rand_stack.f3[723U] = 0U;
+  rand_stack.f3[724U] = 0U;
+  rand_stack.f3[725U] = 0U;
+  rand_stack.f3[726U] = 0U;
+  rand_stack.f3[727U] = 0U;
+  rand_stack.f3[728U] = 0U;
+  rand_stack.f3[729U] = 0U;
+  rand_stack.f3[730U] = 0U;
+  rand_stack.f3[731U] = 0U;
+  rand_stack.f3[732U] = 0U;
+  rand_stack.f3[733U] = 0U;
+  rand_stack.f3[734U] = 0U;
+  rand_stack.f3[735U] = 0U;
+  rand_stack.f3[736U] = 0U;
+  rand_stack.f3[737U] = 0U;
+  rand_stack.f3[738U] = 0U;
+  rand_stack.f3[739U] = 0U;
+  rand_stack.f3[740U] = 0U;
+  rand_stack.f3[741U] = 0U;
+  rand_stack.f3[742U] = 0U;
+  rand_stack.f3[743U] = 0U;
+  rand_stack.f3[744U] = 0U;
+  rand_stack.f3[745U] = 0U;
+  rand_stack.f3[746U] = 0U;
+  rand_stack.f3[747U] = 0U;
+  rand_stack.f3[748U] = 0U;
+  rand_stack.f3[749U] = 0U;
+  rand_stack.f3[750U] = 0U;
+  rand_stack.f3[751U] = 0U;
+  rand_stack.f3[752U] = 0U;
+  rand_stack.f3[753U] = 0U;
+  rand_stack.f3[754U] = 0U;
+  rand_stack.f3[755U] = 0U;
+  rand_stack.f3[756U] = 0U;
+  rand_stack.f3[757U] = 0U;
+  rand_stack.f3[758U] = 0U;
+  rand_stack.f3[759U] = 0U;
+  rand_stack.f3[760U] = 0U;
+  rand_stack.f3[761U] = 0U;
+  rand_stack.f3[762U] = 0U;
+  rand_stack.f3[763U] = 0U;
+  rand_stack.f3[764U] = 0U;
+  rand_stack.f3[765U] = 0U;
+  rand_stack.f3[766U] = 0U;
+  rand_stack.f3[767U] = 0U;
+  rand_stack.f3[768U] = 0U;
+  rand_stack.f3[769U] = 0U;
+  rand_stack.f3[770U] = 0U;
+  rand_stack.f3[771U] = 0U;
+  rand_stack.f3[772U] = 0U;
+  rand_stack.f3[773U] = 0U;
+  rand_stack.f3[774U] = 0U;
+  rand_stack.f3[775U] = 0U;
+  rand_stack.f3[776U] = 0U;
+  rand_stack.f3[777U] = 0U;
+  rand_stack.f3[778U] = 0U;
+  rand_stack.f3[779U] = 0U;
+  rand_stack.f3[780U] = 0U;
+  rand_stack.f3[781U] = 0U;
+  rand_stack.f3[782U] = 0U;
+  rand_stack.f3[783U] = 0U;
+  rand_stack.f3[784U] = 0U;
+  rand_stack.f3[785U] = 0U;
+  rand_stack.f3[786U] = 0U;
+  rand_stack.f3[787U] = 0U;
+  rand_stack.f3[788U] = 0U;
+  rand_stack.f3[789U] = 0U;
+  rand_stack.f3[790U] = 0U;
+  rand_stack.f3[791U] = 0U;
+  rand_stack.f3[792U] = 0U;
+  rand_stack.f3[793U] = 0U;
+  rand_stack.f3[794U] = 0U;
+  rand_stack.f3[795U] = 0U;
+  rand_stack.f3[796U] = 0U;
+  rand_stack.f3[797U] = 0U;
+  rand_stack.f3[798U] = 0U;
+  rand_stack.f3[799U] = 0U;
+  rand_stack.f3[800U] = 0U;
+  rand_stack.f3[801U] = 0U;
+  rand_stack.f3[802U] = 0U;
+  rand_stack.f3[803U] = 0U;
+  rand_stack.f3[804U] = 0U;
+  rand_stack.f3[805U] = 0U;
+  rand_stack.f3[806U] = 0U;
+  rand_stack.f3[807U] = 0U;
+  rand_stack.f3[808U] = 0U;
+  rand_stack.f3[809U] = 0U;
+  rand_stack.f3[810U] = 0U;
+  rand_stack.f3[811U] = 0U;
+  rand_stack.f3[812U] = 0U;
+  rand_stack.f3[813U] = 0U;
+  rand_stack.f3[814U] = 0U;
+  rand_stack.f3[815U] = 0U;
+  rand_stack.f3[816U] = 0U;
+  rand_stack.f3[817U] = 0U;
+  rand_stack.f3[818U] = 0U;
+  rand_stack.f3[819U] = 0U;
+  rand_stack.f3[820U] = 0U;
+  rand_stack.f3[821U] = 0U;
+  rand_stack.f3[822U] = 0U;
+  rand_stack.f3[823U] = 0U;
+  rand_stack.f3[824U] = 0U;
+  rand_stack.f3[825U] = 0U;
+  rand_stack.f3[826U] = 0U;
+  rand_stack.f3[827U] = 0U;
+  rand_stack.f3[828U] = 0U;
+  rand_stack.f3[829U] = 0U;
+  rand_stack.f3[830U] = 0U;
+  rand_stack.f3[831U] = 0U;
+  rand_stack.f3[832U] = 0U;
+  rand_stack.f3[833U] = 0U;
+  rand_stack.f3[834U] = 0U;
+  rand_stack.f3[835U] = 0U;
+  rand_stack.f3[836U] = 0U;
+  rand_stack.f3[837U] = 0U;
+  rand_stack.f3[838U] = 0U;
+  rand_stack.f3[839U] = 0U;
+  int32_t tmp_stack[4U][263U] = {{0U}};
+  size_t_x2 buf0[0U] = {};
+  libcrux_ml_dsa_sample_SampleArgs_4e memory = libcrux_ml_dsa_sample_new_29_ab(
+      &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A,
+      Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2));
+  size_t_x2 buf[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2);
+  uint8_t uu____2[34U];
+  memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____2,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})),
+      &memory);
+  size_t_x2 buf1[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2);
+  uint8_t uu____3[34U];
+  memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____3,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})),
+      &memory);
+  size_t_x2 buf2[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2);
+  uint8_t uu____4[34U];
+  memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____4,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})),
+      &memory);
+  size_t_x2 buf3[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2);
+  uint8_t uu____5[34U];
+  memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____5,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})),
+      &memory);
+  size_t_x2 buf4[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2);
+  uint8_t uu____6[34U];
+  memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____6,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})),
+      &memory);
+  size_t_x2 buf5[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2);
+  uint8_t uu____7[34U];
+  memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____7,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})),
+      &memory);
+  size_t_x2 buf6[4U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})};
+  memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2);
+  uint8_t uu____8[34U];
+  memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____8,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})),
+      &memory);
+  size_t_x2 buf7[2U] = {
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}),
+      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})};
+  memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2);
+  uint8_t uu____9[34U];
+  memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
+      uu____9,
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})),
+      libcrux_ml_dsa_samplex4_generate_domain_separator(
+          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})),
+      &memory);
   memcpy(ret, A,
          (size_t)6U *
              sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
+A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_generic
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
-static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f(
+static inline void libcrux_ml_dsa_samplex4_matrix_A_generic_49(
     uint8_t seed[34U],
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
   uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)6U, .snd = (uint8_t)(size_t)5U};
   switch (uu____0.fst) {
-    case 4U: {
-      switch (uu____0.snd) {
-        case 4U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[34U];
-          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
-          libcrux_ml_dsa_samplex4_matrix_A_4_by_4_2f(copy_of_seed, ret0);
-          memcpy(
-              ret, ret0,
-              (size_t)6U *
-                  sizeof(
-                      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
-          return;
-        }
-        default: {
-        }
-      }
-      break;
-    }
     case 6U: {
       switch (uu____0.snd) {
         case 5U: {
@@ -5100,27 +6187,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f(
           uint8_t copy_of_seed[34U];
           memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
           libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
-          libcrux_ml_dsa_samplex4_matrix_A_6_by_5_2f(copy_of_seed, ret0);
-          memcpy(
-              ret, ret0,
-              (size_t)6U *
-                  sizeof(
-                      libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
-          return;
-        }
-        default: {
-        }
-      }
-      break;
-    }
-    case 8U: {
-      switch (uu____0.snd) {
-        case 7U: {
-          /* Passing arrays by value in Rust generates a copy in C */
-          uint8_t copy_of_seed[34U];
-          memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
-          libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
-          libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f(copy_of_seed, ret0);
+          libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(copy_of_seed, ret0);
           memcpy(
               ret, ret0,
               (size_t)6U *
@@ -5141,6 +6208,30 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f(
   KRML_HOST_EXIT(255U);
 }
 
+/**
+This function found in impl {(libcrux_ml_dsa::samplex4::X4Sampler for
+libcrux_ml_dsa::samplex4::portable::PortableSampler)}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.samplex4.portable.matrix_A_36
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(
+    uint8_t seed[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) {
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U];
+  libcrux_ml_dsa_samplex4_matrix_A_generic_49(copy_of_seed, ret0);
+  memcpy(ret, ret0,
+         (size_t)6U *
+             sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
+}
+
 /**
 A monomorphic instance of K.
 with types libcrux_ml_dsa_polynomial_PolynomialRingElement
@@ -5154,6 +6245,14 @@ typedef struct tuple_ce_s {
   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd[6U];
 } tuple_ce;
 
+typedef struct
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4_s {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b thd;
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f3;
+} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4;
+
 /**
 A monomorphic instance of
 libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_2 with types
@@ -5233,6 +6332,37 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
       randomness, sampled, out);
 }
 
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_from_coefficient_array_36(
+            Eurydice_slice_subslice2(
+                array,
+                i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+                (i0 + (size_t)1U) *
+                    LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+                int32_t));
+    result.simd_units[i0] = uu____0;
+  }
+  return result;
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
@@ -6075,6 +7205,7 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.generate_key_pair
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
@@ -6087,7 +7218,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
 - VERIFICATION_KEY_SIZE= 1952
 */
 static KRML_MUSTINLINE tuple_a0
-libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(uint8_t randomness[32U]) {
+libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_c3(uint8_t randomness[32U]) {
   uint8_t seed_expanded0[128U] = {0U};
   libcrux_sha3_portable_incremental_Shake256Xof shake =
       libcrux_ml_dsa_hash_functions_portable_init_83();
@@ -6112,7 +7243,7 @@ libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(uint8_t randomness[32U]) {
   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b a_as_ntt[6U][5U];
   uint8_t ret[34U];
   libcrux_ml_dsa_utils_into_padded_array_b6(seed_for_a, ret);
-  libcrux_ml_dsa_samplex4_matrix_A_2f(ret, a_as_ntt);
+  libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(ret, a_as_ntt);
   uint8_t ret0[66U];
   libcrux_ml_dsa_utils_into_padded_array_20(seed_for_error_vectors, ret0);
   tuple_ce uu____2 = libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(ret0);
@@ -6209,7 +7340,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_generate_key_pair_52(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(copy_of_randomness);
+  return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_c3(copy_of_randomness);
 }
 
 /**
@@ -6259,7 +7390,7 @@ with types libcrux_ml_dsa_pre_hash_DomainSeparationContext
 
 */
 typedef struct Option_84_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   libcrux_ml_dsa_pre_hash_DomainSeparationContext f0;
 } Option_84;
 
@@ -6635,7 +7766,7 @@ libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t]
 
 */
 typedef struct Option_f3_s {
-  Option_d8_tags tag;
+  Option_08_tags tag;
   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f0[5U];
 } Option_f3;
 
@@ -7775,6 +8906,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_signature_serialize_92_76(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
@@ -7794,7 +8926,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
 - SIGNING_KEY_SIZE= 4032
 - SIGNATURE_SIZE= 3309
 */
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_3f(
     uint8_t *signing_key, Eurydice_slice message,
     Option_84 domain_separation_context, uint8_t randomness[32U]) {
   tuple_f0 uu____0 =
@@ -7821,7 +8953,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
   uint8_t ret[34U];
   libcrux_ml_dsa_utils_into_padded_array_b6(
       Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
-  libcrux_ml_dsa_samplex4_matrix_A_2f(ret, A_as_ntt);
+  libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(ret, A_as_ntt);
   uint8_t message_representative[64U] = {0U};
   uint8_t uu____1[64U];
   memcpy(uu____1, verification_key_hash, (size_t)64U * sizeof(uint8_t));
@@ -8090,6 +9222,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof,
@@ -8109,7 +9242,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics
 - SIGNING_KEY_SIZE= 4032
 - SIGNATURE_SIZE= 3309
 */
-static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
+static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_3f(
     uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context,
     uint8_t randomness[32U]) {
   Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
@@ -8125,7 +9258,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05(
     /* Passing arrays by value in Rust generates a copy in C */
     uint8_t copy_of_randomness[32U];
     memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_3f(
         uu____2, uu____3, uu____4, copy_of_randomness);
   } else {
     uu____1 = (CLITERAL(Result_2e){
@@ -8166,7 +9299,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_sign_05(uu____0, uu____1, uu____2,
+  return libcrux_ml_dsa_ml_dsa_generic_sign_3f(uu____0, uu____1, uu____2,
                                                copy_of_randomness);
 }
 
@@ -8180,7 +9313,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3(
 static inline Result_2e libcrux_ml_dsa_ml_dsa_65_portable_sign(
     libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
     Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
-  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key);
   Eurydice_slice uu____1 = message;
   Eurydice_slice uu____2 = context;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -8236,6 +9369,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_pre_hash_hash_bd_54(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
@@ -8259,7 +9393,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
 - SIGNATURE_SIZE= 3309
 */
 static KRML_MUSTINLINE Result_2e
-libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key,
+libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_da(uint8_t *signing_key,
                                                  Eurydice_slice message,
                                                  Eurydice_slice context,
                                                  uint8_t randomness[32U]) {
@@ -8290,7 +9424,7 @@ libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key,
       /* Passing arrays by value in Rust generates a copy in C */
       uint8_t copy_of_randomness[32U];
       memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-      uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05(
+      uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_3f(
           uu____3, uu____4, uu____5, copy_of_randomness);
     } else {
       uu____0 = (CLITERAL(Result_2e){
@@ -8333,7 +9467,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_randomness[32U];
   memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
-  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(
+  return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_da(
       uu____0, uu____1, uu____2, copy_of_randomness);
 }
 
@@ -8348,7 +9482,7 @@ static inline Result_2e
 libcrux_ml_dsa_ml_dsa_65_portable_sign_pre_hashed_shake128(
     libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key,
     Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) {
-  uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key);
+  uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key);
   Eurydice_slice uu____1 = message;
   Eurydice_slice uu____2 = context;
   /* Passing arrays by value in Rust generates a copy in C */
@@ -8963,6 +10097,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_arithmetic_use_hint_2f(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
@@ -8981,7 +10116,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 - MAX_ONES_IN_HINT= 55
 */
 static KRML_MUSTINLINE Result_41
-libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+libcrux_ml_dsa_ml_dsa_generic_verify_internal_51(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Option_84 domain_separation_context, uint8_t *signature_serialized) {
   tuple_93 uu____0 = libcrux_ml_dsa_encoding_verification_key_deserialize_2f(
@@ -9012,7 +10147,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
       uint8_t ret[34U];
       libcrux_ml_dsa_utils_into_padded_array_b6(
           Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret);
-      libcrux_ml_dsa_samplex4_matrix_A_2f(ret, A_as_ntt);
+      libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(ret, A_as_ntt);
       uint8_t verification_key_hash[64U] = {0U};
       libcrux_ml_dsa_hash_functions_portable_shake256_5c_24(
           Eurydice_array_to_slice((size_t)1952U, verification_key_serialized,
@@ -9094,6 +10229,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
 libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
@@ -9111,7 +10247,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics
 - ONES_IN_VERIFIER_CHALLENGE= 49
 - MAX_ONES_IN_HINT= 55
 */
-static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99(
+static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_51(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
   Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45(
@@ -9121,7 +10257,7 @@ static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99(
     libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok;
     libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
         dsc;
-    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+    uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_51(
         verification_key_serialized, message,
         (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
         signature_serialized);
@@ -9157,7 +10293,7 @@ static inline Result_41
 libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_01(
     uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
     uint8_t *signature) {
-  return libcrux_ml_dsa_ml_dsa_generic_verify_99(verification_key, message,
+  return libcrux_ml_dsa_ml_dsa_generic_verify_51(verification_key, message,
                                                  context, signature);
 }
 
@@ -9173,13 +10309,14 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_65_portable_verify(
     Eurydice_slice message, Eurydice_slice context,
     libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
   return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_01(
-      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
-      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+      libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_ref_8f_fa(signature));
 }
 
 /**
 A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_pre_hashed
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
+libcrux_ml_dsa_samplex4_portable_PortableSampler,
 libcrux_ml_dsa_hash_functions_portable_Shake128,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4,
 libcrux_ml_dsa_hash_functions_portable_Shake256,
@@ -9201,7 +10338,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics
 - MAX_ONES_IN_HINT= 55
 */
 static KRML_MUSTINLINE Result_41
-libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae(
+libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_3b(
     uint8_t *verification_key_serialized, Eurydice_slice message,
     Eurydice_slice context, uint8_t *signature_serialized) {
   uint8_t pre_hashed_message[256U];
@@ -9218,7 +10355,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae(
     libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____1.val.case_Ok;
     libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context =
         dsc;
-    uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99(
+    uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_51(
         verification_key_serialized,
         Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t),
         (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}),
@@ -9256,7 +10393,7 @@ static inline Result_41
 libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_pre_hashed_shake128_01(
     uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context,
     uint8_t *signature) {
-  return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae(
+  return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_3b(
       verification_key, message, context, signature);
 }
 
@@ -9273,8 +10410,8 @@ libcrux_ml_dsa_ml_dsa_65_portable_verify_pre_hashed_shake128(
     Eurydice_slice message, Eurydice_slice context,
     libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) {
   return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_pre_hashed_shake128_01(
-      libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context,
-      libcrux_ml_dsa_types_as_raw_8f_fa(signature));
+      libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context,
+      libcrux_ml_dsa_types_as_ref_8f_fa(signature));
 }
 
 #define LIBCRUX_ML_DSA_PRE_HASH_PRE_HASH_OID_LEN ((size_t)11U)
@@ -9318,6 +10455,9 @@ typedef int32_t libcrux_ml_dsa_simd_portable_vector_type_FieldElement;
 
 typedef Result_a8 libcrux_ml_dsa_pre_hash_PreHashResult;
 
+typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s {
+} libcrux_ml_dsa_hash_functions_portable_Shake128;
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index ed58cea67..d0deb87d1 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
+ * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index dabbeb171..283cdac39 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74
+ * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
  */
 
 #ifndef __libcrux_sha3_portable_H

From 192edaf802604e2a52d47edca43cf9dc495a4721 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Tue, 17 Dec 2024 14:38:19 +0100
Subject: [PATCH 124/142] Avoid iterator

---
 libcrux-ml-dsa/src/sample.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 95ce8a771..2e68339ea 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -196,9 +196,9 @@ pub(crate) fn sample_four_ring_elements<
         }
     }
 
-    for (k, (i, j)) in memory.indices.iter().enumerate() {
-        memory.out[*i][*j] =
-            PolynomialRingElement::<SIMDUnit>::from_i32_array(&memory.tmp_stack[k]);
+    for k in 0..memory.indices.len() {
+        let (i, j) = memory.indices[k];
+        memory.out[i][j] = PolynomialRingElement::<SIMDUnit>::from_i32_array(&memory.tmp_stack[k]);
     }
 }
 

From 29b8c9729681b7e5ea8e98a6c8c0f2eb830abc98 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Tue, 17 Dec 2024 14:41:35 +0100
Subject: [PATCH 125/142] Update C extraction

---
 libcrux-ml-dsa/cg/code_gen.txt               |   2 +-
 libcrux-ml-dsa/cg/header.txt                 |   2 +-
 libcrux-ml-dsa/cg/libcrux_core.h             |  12 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 344 ++++++++++++++++--
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 350 ++++++++++++++++---
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |   2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |   2 +-
 7 files changed, 625 insertions(+), 89 deletions(-)

diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 2534e4163..3d7b1d30b 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 3d06fc7fc..d76b62aa4 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+ * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
  */
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index fcb82cc0a..b31608d46 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+ * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
  */
 
 #ifndef __libcrux_core_H
@@ -42,7 +42,7 @@ typedef uint8_t Result_a9_tags;
 #define None 0
 #define Some 1
 
-typedef uint8_t Option_08_tags;
+typedef uint8_t Option_d8_tags;
 
 /**
 A monomorphic instance of core.option.Option
@@ -50,7 +50,7 @@ with types size_t
 
 */
 typedef struct Option_08_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   size_t f0;
 } Option_08;
 
@@ -231,7 +231,7 @@ with types int32_t[256size_t][6size_t]
 
 */
 typedef struct Option_f0_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   int32_t f0[6U][256U];
 } Option_f0;
 
@@ -241,7 +241,7 @@ with types uint8_t[48size_t]
 
 */
 typedef struct Option_67_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   uint8_t f0[48U];
 } Option_67;
 
@@ -499,7 +499,7 @@ with types uint8_t[11size_t]
 
 */
 typedef struct Option_30_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   uint8_t f0[11U];
 } Option_30;
 
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index df9227c80..673df0bcc 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+ * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -3333,6 +3333,69 @@ libcrux_ml_dsa_sample_new_29_4f(
   return lit;
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
+libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U,
+                                 _cloop_i * (size_t)24U + (size_t)24U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
+      }
+    }
+  }
+  return done;
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
+libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
+        Eurydice_slice_subslice2(
+            array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+            (i0 + (size_t)1U) *
+                LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+            int32_t));
+  }
+  return result;
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
@@ -3345,13 +3408,247 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
     uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1,
     uint16_t domain_seperator2, uint16_t domain_separator3,
     libcrux_ml_dsa_sample_SampleArgs_c5 *memory) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, "
-      "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  seed0[32U] = (uint8_t)domain_separator0;
+  seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
+  uint8_t seed1[34U];
+  memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t));
+  seed1[32U] = (uint8_t)domain_separator1;
+  seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
+  uint8_t seed2[34U];
+  memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
+  seed2[32U] = (uint8_t)domain_seperator2;
+  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  uint8_t seed3[34U];
+  memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
+  seed3[32U] = (uint8_t)domain_separator3;
+  seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
+  libcrux_sha3_avx2_x4_incremental_KeccakState state =
+      libcrux_ml_dsa_hash_functions_simd256_init_absorb_7b(
+          Eurydice_array_to_slice((size_t)34U, seed0, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed1, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
+  libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b(
+      &state, memory->rand_stack->fst, memory->rand_stack->snd,
+      memory->rand_stack->thd, memory->rand_stack->f3);
+  size_t sampled0 = (size_t)0U;
+  size_t sampled1 = (size_t)0U;
+  size_t sampled2 = (size_t)0U;
+  size_t sampled3 = (size_t)0U;
+  bool done0 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst,
+                                  uint8_t),
+          &sampled0,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U],
+                               int32_t(*)[263U]));
+  bool done1 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd,
+                                  uint8_t),
+          &sampled1,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U],
+                               int32_t(*)[263U]));
+  bool done2 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd,
+                                  uint8_t),
+          &sampled2,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U],
+                               int32_t(*)[263U]));
+  bool done3 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3,
+                                  uint8_t),
+          &sampled3,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U],
+                               int32_t(*)[263U]));
+  while (true) {
+    if (done0) {
+      if (done1) {
+        if (done2) {
+          if (done3) {
+            break;
+          } else {
+            uint8_t_168size_t__x4 randomnesses =
+                libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(
+                    &state);
+            if (!done0) {
+              done0 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                              uint8_t),
+                      &sampled0,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+            if (!done1) {
+              done1 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                              uint8_t),
+                      &sampled1,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+            if (!done2) {
+              done2 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                              uint8_t),
+                      &sampled2,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+            if (!done3) {
+              done3 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                              uint8_t),
+                      &sampled3,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+          }
+        } else {
+          uint8_t_168size_t__x4 randomnesses =
+              libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(
+                  &state);
+          if (!done0) {
+            done0 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                            uint8_t),
+                    &sampled0,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+          if (!done1) {
+            done1 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                            uint8_t),
+                    &sampled1,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+          if (!done2) {
+            done2 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                            uint8_t),
+                    &sampled2,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+          if (!done3) {
+            done3 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                            uint8_t),
+                    &sampled3,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+        }
+      } else {
+        uint8_t_168size_t__x4 randomnesses =
+            libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(&state);
+        if (!done0) {
+          done0 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                          uint8_t),
+                  &sampled0,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+        if (!done1) {
+          done1 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                          uint8_t),
+                  &sampled1,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+        if (!done2) {
+          done2 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                          uint8_t),
+                  &sampled2,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+        if (!done3) {
+          done3 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                          uint8_t),
+                  &sampled3,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+      }
+    } else {
+      uint8_t_168size_t__x4 randomnesses =
+          libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(&state);
+      if (!done0) {
+        done0 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                        uint8_t),
+                &sampled0,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+      if (!done1) {
+        done1 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                        uint8_t),
+                &sampled1,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+      if (!done2) {
+        done2 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                        uint8_t),
+                &sampled2,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+      if (!done3) {
+        done3 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
+                &sampled3,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+    }
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) {
+    size_t k = i0;
+    size_t uu____0 = k;
+    size_t i =
+        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
+            .fst;
+    size_t j =
+        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
+            .snd;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+        libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_array_to_slice(
+            (size_t)263U,
+            Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U],
+                                 int32_t(*)[263U]),
+            int32_t));
+    memory->out[i][j] = uu____1;
+  }
 }
 
 /**
@@ -5388,35 +5685,6 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d(
       randomness, sampled, out);
 }
 
-/**
-This function found in impl
-{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
-TraitClause@1]}
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
-
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24
-libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result =
-      libcrux_ml_dsa_polynomial_ZERO_ff_ea();
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2(
-        Eurydice_slice_subslice2(
-            array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-            (i0 + (size_t)1U) *
-                LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-            int32_t));
-  }
-  return result;
-}
-
 /**
 A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
@@ -6759,7 +7027,7 @@ libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t]
 
 */
 typedef struct Option_a4_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f0[5U];
 } Option_a4;
 
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index b661b4316..e1ee4a6e2 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+ * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -4284,6 +4284,70 @@ libcrux_ml_dsa_sample_new_29_ab(
   return lit;
 }
 
+/**
+A monomorphic instance of
+libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
+libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics
+
+*/
+static KRML_MUSTINLINE bool
+libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+    Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) {
+  bool done = false;
+  for (size_t i = (size_t)0U;
+       i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) {
+    size_t _cloop_i = i;
+    Eurydice_slice random_bytes =
+        Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U,
+                                 _cloop_i * (size_t)24U + (size_t)24U, uint8_t);
+    if (!done) {
+      Eurydice_slice uu____0 = random_bytes;
+      size_t sampled =
+          libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36(
+              uu____0, Eurydice_array_to_subslice_from((size_t)263U, out,
+                                                       sampled_coefficients[0U],
+                                                       int32_t, size_t));
+      sampled_coefficients[0U] = sampled_coefficients[0U] + sampled;
+      if (sampled_coefficients[0U] >=
+          LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
+        done = true;
+      }
+    }
+  }
+  return done;
+}
+
+/**
+This function found in impl
+{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
+TraitClause@1]}
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+
+*/
+static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
+libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
+  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result =
+      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
+  for (size_t i = (size_t)0U;
+       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
+    size_t i0 = i;
+    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
+        libcrux_ml_dsa_simd_portable_from_coefficient_array_36(
+            Eurydice_slice_subslice2(
+                array,
+                i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+                (i0 + (size_t)1U) *
+                    LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
+                int32_t));
+    result.simd_units[i0] = uu____0;
+  }
+  return result;
+}
+
 /**
 A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
@@ -4295,13 +4359,248 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
     uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1,
     uint16_t domain_seperator2, uint16_t domain_separator3,
     libcrux_ml_dsa_sample_SampleArgs_4e *memory) {
-  KRML_HOST_EPRINTF(
-      "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
-      "Eurydice error: Failure(\"Error looking trait impl: "
-      "core::slice::iter::{core::iter::traits::iterator::Iterator for "
-      "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, "
-      "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n");
-  KRML_HOST_EXIT(255U);
+  seed0[32U] = (uint8_t)domain_separator0;
+  seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
+  uint8_t seed1[34U];
+  memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t));
+  seed1[32U] = (uint8_t)domain_separator1;
+  seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
+  uint8_t seed2[34U];
+  memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
+  seed2[32U] = (uint8_t)domain_seperator2;
+  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  uint8_t seed3[34U];
+  memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
+  seed3[32U] = (uint8_t)domain_separator3;
+  seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U);
+  libcrux_ml_dsa_hash_functions_portable_Shake128X4 state =
+      libcrux_ml_dsa_hash_functions_portable_init_absorb_ed(
+          Eurydice_array_to_slice((size_t)34U, seed0, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed1, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
+          Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
+  libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
+      &state, memory->rand_stack->fst, memory->rand_stack->snd,
+      memory->rand_stack->thd, memory->rand_stack->f3);
+  size_t sampled0 = (size_t)0U;
+  size_t sampled1 = (size_t)0U;
+  size_t sampled2 = (size_t)0U;
+  size_t sampled3 = (size_t)0U;
+  bool done0 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst,
+                                  uint8_t),
+          &sampled0,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U],
+                               int32_t(*)[263U]));
+  bool done1 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd,
+                                  uint8_t),
+          &sampled1,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U],
+                               int32_t(*)[263U]));
+  bool done2 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd,
+                                  uint8_t),
+          &sampled2,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U],
+                               int32_t(*)[263U]));
+  bool done3 =
+      libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3,
+                                  uint8_t),
+          &sampled3,
+          Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U],
+                               int32_t(*)[263U]));
+  while (true) {
+    if (done0) {
+      if (done1) {
+        if (done2) {
+          if (done3) {
+            break;
+          } else {
+            uint8_t_168size_t__x4 randomnesses =
+                libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                    &state);
+            if (!done0) {
+              done0 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                              uint8_t),
+                      &sampled0,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+            if (!done1) {
+              done1 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                              uint8_t),
+                      &sampled1,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+            if (!done2) {
+              done2 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                              uint8_t),
+                      &sampled2,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+            if (!done3) {
+              done3 =
+                  libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                      Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                              uint8_t),
+                      &sampled3,
+                      Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                           int32_t[263U], int32_t(*)[263U]));
+            }
+          }
+        } else {
+          uint8_t_168size_t__x4 randomnesses =
+              libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                  &state);
+          if (!done0) {
+            done0 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                            uint8_t),
+                    &sampled0,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+          if (!done1) {
+            done1 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                            uint8_t),
+                    &sampled1,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+          if (!done2) {
+            done2 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                            uint8_t),
+                    &sampled2,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+          if (!done3) {
+            done3 =
+                libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                    Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                            uint8_t),
+                    &sampled3,
+                    Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                         int32_t[263U], int32_t(*)[263U]));
+          }
+        }
+      } else {
+        uint8_t_168size_t__x4 randomnesses =
+            libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(
+                &state);
+        if (!done0) {
+          done0 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                          uint8_t),
+                  &sampled0,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+        if (!done1) {
+          done1 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                          uint8_t),
+                  &sampled1,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+        if (!done2) {
+          done2 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                          uint8_t),
+                  &sampled2,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+        if (!done3) {
+          done3 =
+              libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                  Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
+                                          uint8_t),
+                  &sampled3,
+                  Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                       int32_t[263U], int32_t(*)[263U]));
+        }
+      }
+    } else {
+      uint8_t_168size_t__x4 randomnesses =
+          libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state);
+      if (!done0) {
+        done0 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
+                                        uint8_t),
+                &sampled0,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+      if (!done1) {
+        done1 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
+                                        uint8_t),
+                &sampled1,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+      if (!done2) {
+        done2 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
+                                        uint8_t),
+                &sampled2,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+      if (!done3) {
+        done3 =
+            libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
+                Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
+                &sampled3,
+                Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
+                                     int32_t[263U], int32_t(*)[263U]));
+      }
+    }
+  }
+  for (size_t i0 = (size_t)0U;
+       i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) {
+    size_t k = i0;
+    size_t uu____0 = k;
+    size_t i =
+        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
+            .fst;
+    size_t j =
+        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
+            .snd;
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+        libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_array_to_slice(
+            (size_t)263U,
+            Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U],
+                                 int32_t(*)[263U]),
+            int32_t));
+    memory->out[i][j] = uu____1;
+  }
 }
 
 /**
@@ -6332,37 +6631,6 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73(
       randomness, sampled, out);
 }
 
-/**
-This function found in impl
-{libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
-TraitClause@1]}
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
-
-*/
-static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b
-libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result =
-      libcrux_ml_dsa_polynomial_ZERO_ff_ba();
-  for (size_t i = (size_t)0U;
-       i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) {
-    size_t i0 = i;
-    libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
-        libcrux_ml_dsa_simd_portable_from_coefficient_array_36(
-            Eurydice_slice_subslice2(
-                array,
-                i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-                (i0 + (size_t)1U) *
-                    LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT,
-                int32_t));
-    result.simd_units[i0] = uu____0;
-  }
-  return result;
-}
-
 /**
 A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
@@ -7390,7 +7658,7 @@ with types libcrux_ml_dsa_pre_hash_DomainSeparationContext
 
 */
 typedef struct Option_84_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   libcrux_ml_dsa_pre_hash_DomainSeparationContext f0;
 } Option_84;
 
@@ -7766,7 +8034,7 @@ libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t]
 
 */
 typedef struct Option_f3_s {
-  Option_08_tags tag;
+  Option_d8_tags tag;
   libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f0[5U];
 } Option_f3;
 
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index d0deb87d1..1241bcd5b 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+ * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index 283cdac39..3611ecbf2 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1
+ * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
  */
 
 #ifndef __libcrux_sha3_portable_H

From 07b53c6ff9d67519cdbdac4d17858fabf0fc0544 Mon Sep 17 00:00:00 2001
From: karthikbhargavan <karthik.bhargavan@gmail.com>
Date: Tue, 17 Dec 2024 17:36:35 +0000
Subject: [PATCH 126/142] removed some unused args and regenerated c anf f*

---
 .../Libcrux_intrinsics.Arm64_extract.fst      |  2 +-
 .../Libcrux_intrinsics.Arm64_extract.fsti     |  2 +-
 .../Libcrux_intrinsics.Avx2_extract.fst       |  2 +-
 .../Libcrux_intrinsics.Avx2_extract.fsti      |  2 +-
 libcrux-ml-kem/c/code_gen.txt                 |  2 +-
 libcrux-ml-kem/c/internal/libcrux_core.h      |  2 +-
 .../c/internal/libcrux_mlkem_avx2.h           |  2 +-
 .../c/internal/libcrux_mlkem_portable.h       |  2 +-
 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h |  2 +-
 .../c/internal/libcrux_sha3_internal.h        |  2 +-
 libcrux-ml-kem/c/libcrux_core.c               |  2 +-
 libcrux-ml-kem/c/libcrux_core.h               |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024.h          |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c     |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h     |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem512.h           |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c      |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h      |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.c  |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem512_portable.h  |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem768.h           |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c      |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h      |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.c  |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem768_portable.h  |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.c         |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem_avx2.h         |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.c     |  2 +-
 libcrux-ml-kem/c/libcrux_mlkem_portable.h     |  2 +-
 libcrux-ml-kem/c/libcrux_sha3.h               |  2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.c          |  2 +-
 libcrux-ml-kem/c/libcrux_sha3_avx2.h          |  2 +-
 libcrux-ml-kem/c/libcrux_sha3_internal.h      |  2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.c          |  2 +-
 libcrux-ml-kem/c/libcrux_sha3_neon.h          |  2 +-
 libcrux-ml-kem/cg/code_gen.txt                |  2 +-
 libcrux-ml-kem/cg/libcrux_core.h              |  2 +-
 libcrux-ml-kem/cg/libcrux_ct_ops.h            |  2 +-
 libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h     | 38 ++++++++-----------
 libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 38 ++++++++-----------
 libcrux-ml-kem/cg/libcrux_sha3_avx2.h         |  2 +-
 libcrux-ml-kem/cg/libcrux_sha3_portable.h     |  2 +-
 .../extraction/Libcrux_ml_kem.Invert_ntt.fst  |  9 ++---
 .../extraction/Libcrux_ml_kem.Invert_ntt.fsti |  3 --
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fst   | 18 ++++-----
 .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti  |  6 +--
 libcrux-ml-kem/src/invert_ntt.rs              |  9 ++---
 libcrux-ml-kem/src/ntt.rs                     | 23 +++++------
 .../extraction/Libcrux_platform.Platform.fst  |  2 +-
 .../extraction/Libcrux_platform.Platform.fsti |  2 +-
 .../fstar/extraction/Libcrux_platform.X86.fst |  2 +-
 .../extraction/Libcrux_platform.X86.fsti      |  2 +-
 54 files changed, 106 insertions(+), 130 deletions(-)

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
index e23020d49..4110ce845 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
index d4014e6a8..a03c287ec 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
index 5cf54bf43..98c34da43 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index 4b6ebb714..e597dd2fd 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 6e9a711b4..f79583aac 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
-Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+Libcrux: da72c141597b1db012f3bc23a96330f6de112770
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index bf1b3ef31..12e124ead 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __internal_libcrux_core_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index 6aadb08be..db1273acd 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __internal_libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index 6ec5790dc..4eb95b685 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __internal_libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 26e588902..a8e016886 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index e7fcbead2..29d383df5 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index 9dc35bd7c..8d36883e4 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "internal/libcrux_core.h"
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index b9094983b..3e81d2dc0 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index adccad760..fb6f70eaa 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 99dab1335..65c3d7236 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_mlkem1024_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index 779a75fce..17b0c0046 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index 4d3a9798d..35b28ea4a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_mlkem1024_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 62bd963b4..2d9862c52 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 4869b5cf7..26616454d 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index b00fe469b..b3197512a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_mlkem512_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index aef97c298..17beb7efe 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 7e8661d89..95355e049 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_mlkem512_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 4bbace2c4..062f3666e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index f71738245..aae08ebb5 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 0b78f3103..e16553589 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_mlkem768_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index 7d99e3a8d..a2ac464f9 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index e0e0ed51a..60b294d9a 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_mlkem768_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index ed8baa51f..d3ef0d130 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 74eb91feb..20fa22c11 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "internal/libcrux_mlkem_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 5b5cd3ad3..8f6b4009e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 8bbde1bf7..f787aa9c9 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "internal/libcrux_mlkem_portable.h"
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index 2eacb6f5a..fe8972889 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index a9ba58c6d..5b00b2050 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 54eba8306..86cd49d43 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index e76f57b2d..8cf00fb6d 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 0516278ef..16c7766a0 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index c5731d420..fb6b2e649 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index d951056fc..62eca860c 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 6e9a711b4..f79583aac 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9
 Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
 Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
 F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
-Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+Libcrux: da72c141597b1db012f3bc23a96330f6de112770
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index 052dc1e0b..1536ceb2d 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 13f94e042..515fb6146 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 0ea2b2306..0ed56b579 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem768_avx2_H
@@ -1797,7 +1797,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
-    size_t _layer, size_t _initial_coefficient_bound) {
+    size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -1815,7 +1815,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
-    size_t _layer, size_t _initial_coefficient_bound) {
+    size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -1835,7 +1835,7 @@ with const generics
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_79(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
-    size_t _layer, size_t _initial_coefficient_bound) {
+    size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -1900,12 +1900,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ee(
                                             (size_t)3U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_79(&zeta_i, re, (size_t)3U,
-                                       (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_79(&zeta_i, re, (size_t)2U,
-                                       (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_79(&zeta_i, re, (size_t)1U,
-                                       (size_t)7U * (size_t)3328U);
+  libcrux_ml_kem_ntt_ntt_at_layer_3_79(&zeta_i, re, (size_t)5U * (size_t)3328U);
+  libcrux_ml_kem_ntt_ntt_at_layer_2_79(&zeta_i, re, (size_t)6U * (size_t)3328U);
+  libcrux_ml_kem_ntt_ntt_at_layer_1_79(&zeta_i, re, (size_t)7U * (size_t)3328U);
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_79(re);
 }
 
@@ -2308,8 +2305,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_79(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
-    size_t _layer) {
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2331,8 +2327,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_79(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
-    size_t _layer) {
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2352,8 +2347,7 @@ with const generics
 */
 KRML_ATTRIBUTE_TARGET("avx2")
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_79(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re,
-    size_t _layer) {
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2428,9 +2422,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab(
     libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_79(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_79(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_79(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_79(&zeta_i, re);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_79(&zeta_i, re);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_79(&zeta_i, re);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(&zeta_i, re,
                                                           (size_t)4U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79(&zeta_i, re,
@@ -3617,11 +3611,11 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_79(
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_3_79(
-      &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
+      &zeta_i, re, (size_t)11207U + (size_t)3U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_2_79(
-      &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
+      &zeta_i, re, (size_t)11207U + (size_t)4U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_1_79(
-      &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
+      &zeta_i, re, (size_t)11207U + (size_t)5U * (size_t)3328U);
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_79(re);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 8639096c4..1b133f2eb 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_mlkem768_portable_H
@@ -2899,7 +2899,7 @@ with const generics
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
-    size_t _layer, size_t _initial_coefficient_bound) {
+    size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -2919,7 +2919,7 @@ with const generics
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
-    size_t _layer, size_t _initial_coefficient_bound) {
+    size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -2939,7 +2939,7 @@ with const generics
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_96(
     size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
-    size_t _layer, size_t _initial_coefficient_bound) {
+    size_t _initial_coefficient_bound) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] + (size_t)1U;
@@ -3004,12 +3004,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a(
                                             (size_t)3U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(&zeta_i, re, (size_t)4U,
                                             (size_t)4U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_3_96(&zeta_i, re, (size_t)3U,
-                                       (size_t)5U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U,
-                                       (size_t)6U * (size_t)3328U);
-  libcrux_ml_kem_ntt_ntt_at_layer_1_96(&zeta_i, re, (size_t)1U,
-                                       (size_t)7U * (size_t)3328U);
+  libcrux_ml_kem_ntt_ntt_at_layer_3_96(&zeta_i, re, (size_t)5U * (size_t)3328U);
+  libcrux_ml_kem_ntt_ntt_at_layer_2_96(&zeta_i, re, (size_t)6U * (size_t)3328U);
+  libcrux_ml_kem_ntt_ntt_at_layer_1_96(&zeta_i, re, (size_t)7U * (size_t)3328U);
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_96(re);
 }
 
@@ -3356,8 +3353,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_96(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
-    size_t _layer) {
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -3378,8 +3374,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
-    size_t _layer) {
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -3398,8 +3393,7 @@ with const generics
 
 */
 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_96(
-    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
-    size_t _layer) {
+    size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
     size_t round = i;
     zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -3476,9 +3470,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
     libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
   size_t zeta_i =
       LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_96(&zeta_i, re, (size_t)1U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U);
-  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_96(&zeta_i, re, (size_t)3U);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_96(&zeta_i, re);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re);
+  libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_96(&zeta_i, re);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(&zeta_i, re,
                                                           (size_t)4U);
   libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_96(&zeta_i, re,
@@ -4636,11 +4630,11 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_96(
   libcrux_ml_kem_ntt_ntt_at_layer_4_plus_96(
       &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_3_96(
-      &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
+      &zeta_i, re, (size_t)11207U + (size_t)3U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_2_96(
-      &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
+      &zeta_i, re, (size_t)11207U + (size_t)4U * (size_t)3328U);
   libcrux_ml_kem_ntt_ntt_at_layer_1_96(
-      &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
+      &zeta_i, re, (size_t)11207U + (size_t)5U * (size_t)3328U);
   libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_96(re);
 }
 
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index c8984d272..1ae0f9b0f 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index 49806daba..242a6e8dc 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20
  * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd
  * F*: 8b6fce63ca91b16386d8f76e82ea87a3c109a208
- * Libcrux: 2009b0d205f3d27e1762f7e2b8a21bc47705b2c9
+ * Libcrux: da72c141597b1db012f3bc23a96330f6de112770
  */
 
 #ifndef __libcrux_sha3_portable_H
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
index 53290fba7..b819cb727 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
@@ -38,7 +38,6 @@ let invert_ntt_at_layer_1_
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer: usize)
      =
   let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #v_Vector) in
   let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in
@@ -120,7 +119,6 @@ let invert_ntt_at_layer_2_
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer: usize)
      =
   let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in
   let v__zeta_i_init:usize = zeta_i in
@@ -199,7 +197,6 @@ let invert_ntt_at_layer_3_
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer: usize)
      =
   let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in
   let v__zeta_i_init:usize = zeta_i in
@@ -364,19 +361,19 @@ let invert_ntt_montgomery
      =
   let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    invert_ntt_at_layer_1_ #v_Vector zeta_i re (sz 1)
+    invert_ntt_at_layer_1_ #v_Vector zeta_i re
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    invert_ntt_at_layer_2_ #v_Vector zeta_i re (sz 2)
+    invert_ntt_at_layer_2_ #v_Vector zeta_i re
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    invert_ntt_at_layer_3_ #v_Vector zeta_i re (sz 3)
+    invert_ntt_at_layer_3_ #v_Vector zeta_i re
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
index 99f466207..52d37549d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
@@ -50,7 +50,6 @@ val invert_ntt_at_layer_1_
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer: usize)
     : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires v zeta_i == 128 /\ invert_ntt_re_range_1 re)
       (ensures
@@ -66,7 +65,6 @@ val invert_ntt_at_layer_2_
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer: usize)
     : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires v zeta_i == 64 /\ invert_ntt_re_range_2 re)
       (ensures
@@ -82,7 +80,6 @@ val invert_ntt_at_layer_3_
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer: usize)
     : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires v zeta_i == 32 /\ invert_ntt_re_range_2 re)
       (ensures
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
index 41d6dfad3..d9896a6e6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
@@ -35,7 +35,7 @@ let ntt_at_layer_1_
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer v__initial_coefficient_bound: usize)
+      (v__initial_coefficient_bound: usize)
      =
   let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in
   let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in
@@ -117,7 +117,7 @@ let ntt_at_layer_2_
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer v__initial_coefficient_bound: usize)
+      (v__initial_coefficient_bound: usize)
      =
   let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in
   let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in
@@ -197,7 +197,7 @@ let ntt_at_layer_3_
           Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector)
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer v__initial_coefficient_bound: usize)
+      (v__initial_coefficient_bound: usize)
      =
   let _:Prims.unit = reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #v_Vector) in
   let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in
@@ -459,19 +459,19 @@ let ntt_binomially_sampled_ring_element
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 11207 +! (sz 3 *! sz 3328 <: usize) <: usize)
+    ntt_at_layer_3_ #v_Vector zeta_i re (sz 11207 +! (sz 3 *! sz 3328 <: usize) <: usize)
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 11207 +! (sz 4 *! sz 3328 <: usize) <: usize)
+    ntt_at_layer_2_ #v_Vector zeta_i re (sz 11207 +! (sz 4 *! sz 3328 <: usize) <: usize)
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 11207 +! (sz 5 *! sz 3328 <: usize) <: usize)
+    ntt_at_layer_1_ #v_Vector zeta_i re (sz 11207 +! (sz 5 *! sz 3328 <: usize) <: usize)
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
@@ -523,19 +523,19 @@ let ntt_vector_u
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 5 *! sz 3328 <: usize)
+    ntt_at_layer_3_ #v_Vector zeta_i re (sz 5 *! sz 3328 <: usize)
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 6 *! sz 3328 <: usize)
+    ntt_at_layer_2_ #v_Vector zeta_i re (sz 6 *! sz 3328 <: usize)
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
   let _:Prims.unit = () in
   let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
-    ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 7 *! sz 3328 <: usize)
+    ntt_at_layer_1_ #v_Vector zeta_i re (sz 7 *! sz 3328 <: usize)
   in
   let zeta_i:usize = tmp0 in
   let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
index 75973c8fb..7f10c45bd 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
@@ -49,7 +49,7 @@ val ntt_at_layer_1_
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer v__initial_coefficient_bound: usize)
+      (v__initial_coefficient_bound: usize)
     : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires v zeta_i == 63 /\ ntt_re_range_2 re)
       (ensures
@@ -72,7 +72,7 @@ val ntt_at_layer_2_
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer v__initial_coefficient_bound: usize)
+      (v__initial_coefficient_bound: usize)
     : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires v zeta_i == 31 /\ ntt_re_range_3 re)
       (ensures
@@ -95,7 +95,7 @@ val ntt_at_layer_3_
       {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
       (zeta_i: usize)
       (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
-      (v__layer v__initial_coefficient_bound: usize)
+      (v__initial_coefficient_bound: usize)
     : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
       (requires v zeta_i == 15 /\ ntt_re_range_4 re)
       (ensures
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 65ab81748..1d87eea97 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -31,7 +31,6 @@ use crate::{
 pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
-    _layer: usize,
 ) {
     hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #$:Vector)"#);
     hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"#);
@@ -85,7 +84,6 @@ pub(crate) fn invert_ntt_at_layer_1<Vector: Operations>(
 pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
-    _layer: usize,
 ) {
     hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
@@ -133,7 +131,6 @@ pub(crate) fn invert_ntt_at_layer_2<Vector: Operations>(
 pub(crate) fn invert_ntt_at_layer_3<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
-    _layer: usize,
 ) {
     hax_lib::fstar!(r#"reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"#);
     let _zeta_i_init = *zeta_i;
@@ -238,9 +235,9 @@ pub(crate) fn invert_ntt_montgomery<const K: usize, Vector: Operations>(
 
     let mut zeta_i = super::constants::COEFFICIENTS_IN_RING_ELEMENT / 2;
 
-    invert_ntt_at_layer_1(&mut zeta_i, re, 1);
-    invert_ntt_at_layer_2(&mut zeta_i, re, 2);
-    invert_ntt_at_layer_3(&mut zeta_i, re, 3);
+    invert_ntt_at_layer_1(&mut zeta_i, re);
+    invert_ntt_at_layer_2(&mut zeta_i, re);
+    invert_ntt_at_layer_3(&mut zeta_i, re);
     invert_ntt_at_layer_4_plus(&mut zeta_i, re, 4);
     invert_ntt_at_layer_4_plus(&mut zeta_i, re, 5);
     invert_ntt_at_layer_4_plus(&mut zeta_i, re, 6);
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index 4446ddc64..5ea2923c3 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -31,8 +31,7 @@ use crate::{
 pub(crate) fn ntt_at_layer_1<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
-    _layer: usize,
-    _initial_coefficient_bound: usize,
+    _initial_coefficient_bound: usize, // This can be used for specifying the range of values allowed in re
 ) {
     hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"#);
     hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #$:Vector)"#);
@@ -95,8 +94,7 @@ pub(crate) fn ntt_at_layer_1<Vector: Operations>(
 pub(crate) fn ntt_at_layer_2<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
-    _layer: usize,
-    _initial_coefficient_bound: usize,
+    _initial_coefficient_bound: usize, // This can be used for specifying the range of values allowed in re
 ) {
     hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"#);
     hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"#);
@@ -154,8 +152,7 @@ pub(crate) fn ntt_at_layer_2<Vector: Operations>(
 pub(crate) fn ntt_at_layer_3<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
-    _layer: usize,
-    _initial_coefficient_bound: usize,
+    _initial_coefficient_bound: usize, // This can be used for specifying the range of values allowed in re
 ) {
     hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #$:Vector)"#);
     hax_lib::fstar!(r#"reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"#);
@@ -231,7 +228,7 @@ pub(crate) fn ntt_at_layer_4_plus<Vector: Operations>(
     zeta_i: &mut usize,
     re: &mut PolynomialRingElement<Vector>,
     layer: usize,
-    _initial_coefficient_bound: usize,
+    _initial_coefficient_bound: usize, // This can be used for specifying the range of values allowed in re
 ) {
     let step = 1 << layer;
 
@@ -322,9 +319,9 @@ pub(crate) fn ntt_binomially_sampled_ring_element<Vector: Operations>(
     ntt_at_layer_4_plus(&mut zeta_i, re, 6, 11207);
     ntt_at_layer_4_plus(&mut zeta_i, re, 5, 11207 + 3328);
     ntt_at_layer_4_plus(&mut zeta_i, re, 4, 11207 + 2 * 3328);
-    ntt_at_layer_3(&mut zeta_i, re, 3, 11207 + 3 * 3328);
-    ntt_at_layer_2(&mut zeta_i, re, 2, 11207 + 4 * 3328);
-    ntt_at_layer_1(&mut zeta_i, re, 1, 11207 + 5 * 3328);
+    ntt_at_layer_3(&mut zeta_i, re, 11207 + 3 * 3328);
+    ntt_at_layer_2(&mut zeta_i, re, 11207 + 4 * 3328);
+    ntt_at_layer_1(&mut zeta_i, re, 11207 + 5 * 3328);
 
     re.poly_barrett_reduce()
 }
@@ -347,9 +344,9 @@ pub(crate) fn ntt_vector_u<const VECTOR_U_COMPRESSION_FACTOR: usize, Vector: Ope
     ntt_at_layer_4_plus(&mut zeta_i, re, 6, 2 * 3328);
     ntt_at_layer_4_plus(&mut zeta_i, re, 5, 3 * 3328);
     ntt_at_layer_4_plus(&mut zeta_i, re, 4, 4 * 3328);
-    ntt_at_layer_3(&mut zeta_i, re, 3, 5 * 3328);
-    ntt_at_layer_2(&mut zeta_i, re, 2, 6 * 3328);
-    ntt_at_layer_1(&mut zeta_i, re, 1, 7 * 3328);
+    ntt_at_layer_3(&mut zeta_i, re, 5 * 3328);
+    ntt_at_layer_2(&mut zeta_i, re, 6 * 3328);
+    ntt_at_layer_1(&mut zeta_i, re, 7 * 3328);
 
     re.poly_barrett_reduce()
 }
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
index a740de583..0451136c0 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
index 95dad6932..e8713dad5 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
index 2ddf180ff..4284c4102 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
@@ -1,5 +1,5 @@
 module Libcrux_platform.X86
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
index 0c9c90e71..d7c15a880 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.X86
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
 open Core
 open FStar.Mul
 

From fab0db31d3d09ff4712c2b332f921e89f1653c65 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 08:28:09 +0100
Subject: [PATCH 127/142] Fix Neon sampling

---
 libcrux-ml-dsa/src/samplex4.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 760041885..743108c5c 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -184,7 +184,7 @@ pub(crate) mod neon {
         ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
             matrix_A_generic::<
                 SIMDUnit,
-                crate::hash_functions::neon::Shake128X4,
+                crate::hash_functions::neon::Shake128x4,
                 ROWS_IN_A,
                 COLUMNS_IN_A,
             >(seed)

From 656df9f4c0864927154be6f37811630b7fc6a508 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 11:25:42 +0100
Subject: [PATCH 128/142] Breaking up `SampleArgs` for hax

---
 libcrux-ml-dsa/src/sample.rs   | 170 ++++++++----------
 libcrux-ml-dsa/src/samplex4.rs | 309 ++++++++++++++++++++++++++++-----
 2 files changed, 337 insertions(+), 142 deletions(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 2e68339ea..116dabc0a 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -34,63 +34,16 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
     done
 }
 
-/// A buffering data structure for sampling into a matrix.
-///
-/// After rejection sampling the ring element at `tmp_stack[i]` will
-/// be written to the indices at `indices[i]` in `out`.
-pub(super) struct SampleArgs<
-    'a,
-    SIMDUnit: Operations,
-    const STACK_SIZE: usize,
-    const ROWS_IN_A: usize,
-    const COLUMNS_IN_A: usize,
-> {
-    /// Buffer for holding an initial supply of rejection sampling
-    /// randomness, e.g. five blocks of XoF output.
-    pub(super) rand_stack: &'a mut (
-        [u8; STACK_SIZE],
-        [u8; STACK_SIZE],
-        [u8; STACK_SIZE],
-        [u8; STACK_SIZE],
-    ),
-    /// Buffers for holding coefficients of field elements as they are sampled.
-    pub(super) tmp_stack: &'a mut [[i32; 263]],
-    /// Matrix into which field elements are written from
-    /// `tmp_stack`, after successful rejection sampling.
-    pub(super) out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
-    /// Indices in `out` where ring elements from `tmp_stack` should
-    /// be written to.
-    pub(super) indices: &'a [(usize, usize)],
-}
-
-impl<
-        'a,
-        SIMDUnit: Operations,
-        const STACK_SIZE: usize,
-        const ROWS_IN_A: usize,
-        const COLUMNS_IN_A: usize,
-    > SampleArgs<'a, SIMDUnit, STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>
-{
-    pub(super) fn new(
-        rand_stack: &'a mut (
-            [u8; STACK_SIZE],
-            [u8; STACK_SIZE],
-            [u8; STACK_SIZE],
-            [u8; STACK_SIZE],
-        ),
-        tmp_stack: &'a mut [[i32; 263]],
-        out: &'a mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
-        indices: &'a [(usize, usize)],
-    ) -> Self {
-        Self {
-            rand_stack,
-            tmp_stack,
-            out,
-            indices,
-        }
-    }
+#[inline(always)]
+fn generate_domain_separator((row, column): (u8, u8)) -> u16 {
+    (column as u16) | ((row as u16) << 8)
 }
 
+/// Sample and write out up to four ring elements.
+///
+/// If `indices[i]` is provided, a field element with domain separated
+/// seed according to the provided index is generated in `tmp_stack`. After successful rejection sampling in `tmp_stack[i]`, the ring element is written to `matrix` at the provided index in `indices[i]`.
+/// `rand_stack` is a working buffer that holds initial Shake output.
 #[inline(always)]
 pub(crate) fn sample_four_ring_elements<
     SIMDUnit: Operations,
@@ -99,12 +52,26 @@ pub(crate) fn sample_four_ring_elements<
     const COLUMNS_IN_A: usize,
 >(
     mut seed0: [u8; 34],
-    domain_separator0: u16,
-    domain_separator1: u16,
-    domain_seperator2: u16,
-    domain_separator3: u16,
-    memory: &mut SampleArgs<'_, SIMDUnit, { shake128::FIVE_BLOCKS_SIZE }, ROWS_IN_A, COLUMNS_IN_A>,
+    matrix: &mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
+    rand_stack: &mut (
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+        [u8; shake128::FIVE_BLOCKS_SIZE],
+    ),
+    tmp_stack: &mut [[i32; 263]],
+    indices: &[(u8, u8)],
 ) {
+    debug_assert!(indices.len() <= 4);
+
+    // If less than four indices are provided, the remaining slots are
+    // filled with dummy values and the results are not written out to
+    // `matrix`.
+    let domain_separator0 = generate_domain_separator(*indices.get(0).unwrap_or(&(0, 0)));
+    let domain_separator1 = generate_domain_separator(*indices.get(1).unwrap_or(&(0, 0)));
+    let domain_separator2 = generate_domain_separator(*indices.get(2).unwrap_or(&(0, 0)));
+    let domain_separator3 = generate_domain_separator(*indices.get(3).unwrap_or(&(0, 0)));
+
     // Prepare the seeds
     seed0[32] = domain_separator0 as u8;
     seed0[33] = (domain_separator0 >> 8) as u8;
@@ -114,8 +81,8 @@ pub(crate) fn sample_four_ring_elements<
     seed1[33] = (domain_separator1 >> 8) as u8;
 
     let mut seed2 = seed0;
-    seed2[32] = domain_seperator2 as u8;
-    seed2[33] = (domain_seperator2 >> 8) as u8;
+    seed2[32] = domain_separator2 as u8;
+    seed2[33] = (domain_separator2 >> 8) as u8;
 
     let mut seed3 = seed0;
     seed3[32] = domain_separator3 as u8;
@@ -124,10 +91,10 @@ pub(crate) fn sample_four_ring_elements<
     let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3);
 
     state.squeeze_first_five_blocks(
-        &mut memory.rand_stack.0,
-        &mut memory.rand_stack.1,
-        &mut memory.rand_stack.2,
-        &mut memory.rand_stack.3,
+        &mut rand_stack.0,
+        &mut rand_stack.1,
+        &mut rand_stack.2,
+        &mut rand_stack.3,
     );
 
     // Every call to |rejection_sample_less_than_field_modulus|
@@ -144,24 +111,24 @@ pub(crate) fn sample_four_ring_elements<
     let mut sampled3 = 0;
 
     let mut done0 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut memory.rand_stack.0,
+        &mut rand_stack.0,
         &mut sampled0,
-        &mut memory.tmp_stack[0],
+        &mut tmp_stack[0],
     );
     let mut done1 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut memory.rand_stack.1,
+        &mut rand_stack.1,
         &mut sampled1,
-        &mut memory.tmp_stack[1],
+        &mut tmp_stack[1],
     );
     let mut done2 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut memory.rand_stack.2,
+        &mut rand_stack.2,
         &mut sampled2,
-        &mut memory.tmp_stack[2],
+        &mut tmp_stack[2],
     );
     let mut done3 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut memory.rand_stack.3,
+        &mut rand_stack.3,
         &mut sampled3,
-        &mut memory.tmp_stack[3],
+        &mut tmp_stack[3],
     );
 
     while !done0 || !done1 || !done2 || !done3 {
@@ -170,35 +137,36 @@ pub(crate) fn sample_four_ring_elements<
             done0 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.0,
                 &mut sampled0,
-                &mut memory.tmp_stack[0],
+                &mut tmp_stack[0],
             );
         }
         if !done1 {
             done1 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.1,
                 &mut sampled1,
-                &mut memory.tmp_stack[1],
+                &mut tmp_stack[1],
             );
         }
         if !done2 {
             done2 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.2,
                 &mut sampled2,
-                &mut memory.tmp_stack[2],
+                &mut tmp_stack[2],
             );
         }
         if !done3 {
             done3 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
                 &randomnesses.3,
                 &mut sampled3,
-                &mut memory.tmp_stack[3],
+                &mut tmp_stack[3],
             );
         }
     }
 
-    for k in 0..memory.indices.len() {
-        let (i, j) = memory.indices[k];
-        memory.out[i][j] = PolynomialRingElement::<SIMDUnit>::from_i32_array(&memory.tmp_stack[k]);
+    for k in 0..core::cmp::min(indices.len(), 4) {
+        let (i, j) = indices[k];
+        matrix[i as usize][j as usize] =
+            PolynomialRingElement::<SIMDUnit>::from_i32_array(&tmp_stack[k]);
     }
 }
 
@@ -538,8 +506,6 @@ mod tests {
         simd::{self, traits::Operations},
     };
 
-    // This is just a wrapper around sample_four_ring_elements, for testing
-    // purposes.
     fn sample_ring_element_uniform<SIMDUnit: Operations, Shake128: shake128::XofX4>(
         seed: [u8; 34],
     ) -> PolynomialRingElement<SIMDUnit> {
@@ -549,20 +515,36 @@ mod tests {
             [0u8; shake128::FIVE_BLOCKS_SIZE],
             [0u8; shake128::FIVE_BLOCKS_SIZE],
         );
+
+        let dummy_input = [0u8; 34];
+        let mut state = Shake128::init_absorb(&seed, &dummy_input, &dummy_input, &dummy_input);
+        state.squeeze_first_five_blocks(
+            &mut rand_stack.0,
+            &mut rand_stack.1,
+            &mut rand_stack.2,
+            &mut rand_stack.3,
+        );
         let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-        let mut out = [[PolynomialRingElement::<SIMDUnit>::ZERO(); 4]; 1];
-        let indices = [(0, 0), (0, 1), (0, 2), (0, 3)];
-        let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut out, &indices);
-        sample_four_ring_elements::<SIMDUnit, Shake128, 1, 4>(
-            seed,
-            ((seed[33] as u16) << 8) | (seed[32] as u16),
-            0,
-            0,
-            0,
-            &mut memory,
+        let mut sampled = 0;
+
+        let mut done = rejection_sample_less_than_field_modulus::<SIMDUnit>(
+            &mut rand_stack.0,
+            &mut sampled,
+            &mut tmp_stack[0],
         );
 
-        out[0][0]
+        while !done {
+            let randomnesses = state.squeeze_next_block();
+            if !done {
+                done = rejection_sample_less_than_field_modulus::<SIMDUnit>(
+                    &randomnesses.0,
+                    &mut sampled,
+                    &mut tmp_stack[0],
+                );
+            }
+        }
+
+        PolynomialRingElement::<SIMDUnit>::from_i32_array(&tmp_stack[0])
     }
 
     // This is just a wrapper around sample_four_ring_elements, for testing
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 743108c5c..45b13d994 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -1,7 +1,7 @@
 use crate::{
     hash_functions::{shake128, shake256},
     polynomial::PolynomialRingElement,
-    sample::{sample_four_error_ring_elements, sample_four_ring_elements, SampleArgs},
+    sample::{sample_four_error_ring_elements, sample_four_ring_elements},
     simd::traits::Operations,
 };
 
@@ -14,26 +14,19 @@ pub(crate) trait X4Sampler {
     ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
 }
 
-#[inline(always)]
-fn generate_domain_separator((row, column): (u8, u8)) -> u16 {
-    (column as u16) | ((row as u16) << 8)
-}
-
 type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
     [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
 
 /// A call to sample four ring elements from $seed into $memory at indices $a, $b
 /// $c, $d.
 macro_rules! sample_four_ring_elements_into {
-    ($memory:ident, $seed:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
-        $memory.indices = &[$a, $b, $c, $d];
+    ($seed:ident, $matrix:ident, $rand_stack:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
         sample_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
             $seed,
-            generate_domain_separator($a),
-            generate_domain_separator($b),
-            generate_domain_separator($c),
-            generate_domain_separator($d),
-            &mut $memory,
+            &mut $matrix,
+            &mut $rand_stack,
+            &mut $tmp_stack,
+            &[$a, $b, $c, $d],
         );
     };
 }
@@ -59,12 +52,47 @@ pub(crate) fn matrix_A_4_by_4<
         [0u8; shake128::FIVE_BLOCKS_SIZE],
     );
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-    let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]);
 
-    sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3));
-    sample_four_ring_elements_into!(memory, seed, (1, 0), (1, 1), (1, 2), (1, 3));
-    sample_four_ring_elements_into!(memory, seed, (2, 0), (2, 1), (2, 2), (2, 3));
-    sample_four_ring_elements_into!(memory, seed, (3, 0), (3, 1), (3, 2), (3, 3));
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (0, 0),
+        (0, 1),
+        (0, 2),
+        (0, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (1, 0),
+        (1, 1),
+        (1, 2),
+        (1, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (2, 0),
+        (2, 1),
+        (2, 2),
+        (2, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (3, 0),
+        (3, 1),
+        (3, 2),
+        (3, 3)
+    );
 
     A
 }
@@ -89,25 +117,85 @@ pub(crate) fn matrix_A_6_by_5<
         [0u8; shake128::FIVE_BLOCKS_SIZE],
     );
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-    let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]);
 
-    sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3));
-    sample_four_ring_elements_into!(memory, seed, (0, 4), (1, 0), (1, 1), (1, 2));
-    sample_four_ring_elements_into!(memory, seed, (1, 3), (1, 4), (2, 0), (2, 1));
-    sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (3, 0));
-    sample_four_ring_elements_into!(memory, seed, (3, 1), (3, 2), (3, 3), (3, 4));
-    sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3));
-    sample_four_ring_elements_into!(memory, seed, (4, 4), (5, 0), (5, 1), (5, 2));
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (0, 0),
+        (0, 1),
+        (0, 2),
+        (0, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (0, 4),
+        (1, 0),
+        (1, 1),
+        (1, 2)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (1, 3),
+        (1, 4),
+        (2, 0),
+        (2, 1)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (2, 2),
+        (2, 3),
+        (2, 4),
+        (3, 0)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (3, 1),
+        (3, 2),
+        (3, 3),
+        (3, 4)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (4, 0),
+        (4, 1),
+        (4, 2),
+        (4, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (4, 4),
+        (5, 0),
+        (5, 1),
+        (5, 2)
+    );
 
     // The last 2 sampled ring elements are discarded here.
-    memory.indices = &[(5, 3), (5, 4)];
     sample_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        generate_domain_separator((5, 3)),
-        generate_domain_separator((5, 4)),
-        generate_domain_separator((5, 5)),
-        generate_domain_separator((5, 6)),
-        &mut memory,
+        &mut A,
+        &mut rand_stack,
+        &mut tmp_stack,
+        &[(5, 3), (5, 4)],
     );
 
     A
@@ -133,22 +221,147 @@ pub(crate) fn matrix_A_8_by_7<
         [0u8; shake128::FIVE_BLOCKS_SIZE],
     );
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
-    let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]);
-
-    sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3));
-    sample_four_ring_elements_into!(memory, seed, (0, 4), (0, 5), (0, 6), (1, 0));
-    sample_four_ring_elements_into!(memory, seed, (1, 1), (1, 2), (1, 3), (1, 4));
-    sample_four_ring_elements_into!(memory, seed, (1, 5), (1, 6), (2, 0), (2, 1));
-    sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (2, 5));
-    sample_four_ring_elements_into!(memory, seed, (2, 6), (3, 0), (3, 1), (3, 2));
-    sample_four_ring_elements_into!(memory, seed, (3, 3), (3, 4), (3, 5), (3, 6));
-    sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3));
-    sample_four_ring_elements_into!(memory, seed, (4, 4), (4, 5), (4, 6), (5, 0));
-    sample_four_ring_elements_into!(memory, seed, (5, 1), (5, 2), (5, 3), (5, 4));
-    sample_four_ring_elements_into!(memory, seed, (5, 5), (5, 6), (6, 0), (6, 1));
-    sample_four_ring_elements_into!(memory, seed, (6, 2), (6, 3), (6, 4), (6, 5));
-    sample_four_ring_elements_into!(memory, seed, (6, 6), (7, 0), (7, 1), (7, 2));
-    sample_four_ring_elements_into!(memory, seed, (7, 3), (7, 4), (7, 5), (7, 6));
+
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (0, 0),
+        (0, 1),
+        (0, 2),
+        (0, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (0, 4),
+        (0, 5),
+        (0, 6),
+        (1, 0)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (1, 1),
+        (1, 2),
+        (1, 3),
+        (1, 4)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (1, 5),
+        (1, 6),
+        (2, 0),
+        (2, 1)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (2, 2),
+        (2, 3),
+        (2, 4),
+        (2, 5)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (2, 6),
+        (3, 0),
+        (3, 1),
+        (3, 2)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (3, 3),
+        (3, 4),
+        (3, 5),
+        (3, 6)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (4, 0),
+        (4, 1),
+        (4, 2),
+        (4, 3)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (4, 4),
+        (4, 5),
+        (4, 6),
+        (5, 0)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (5, 1),
+        (5, 2),
+        (5, 3),
+        (5, 4)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (5, 5),
+        (5, 6),
+        (6, 0),
+        (6, 1)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (6, 2),
+        (6, 3),
+        (6, 4),
+        (6, 5)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (6, 6),
+        (7, 0),
+        (7, 1),
+        (7, 2)
+    );
+    sample_four_ring_elements_into!(
+        seed,
+        A,
+        rand_stack,
+        tmp_stack,
+        (7, 3),
+        (7, 4),
+        (7, 5),
+        (7, 6)
+    );
 
     A
 }

From aecb2cd116d530465d34c6857e170fd6bab281b0 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 11:34:36 +0100
Subject: [PATCH 129/142] No call to `core::cmp::min`

We check the length beforehand.
---
 libcrux-ml-dsa/src/sample.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 116dabc0a..073a2ce4c 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -163,7 +163,7 @@ pub(crate) fn sample_four_ring_elements<
         }
     }
 
-    for k in 0..core::cmp::min(indices.len(), 4) {
+    for k in 0..indices.len() {
         let (i, j) = indices[k];
         matrix[i as usize][j as usize] =
             PolynomialRingElement::<SIMDUnit>::from_i32_array(&tmp_stack[k]);

From ea8901986ab609066db01fc4af30c55fbf7cede8 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 12:10:33 +0100
Subject: [PATCH 130/142] Avoid array operations

---
 libcrux-ml-dsa/src/sample.rs   | 29 +++++++++++++++--------------
 libcrux-ml-dsa/src/samplex4.rs | 10 ++++++----
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 073a2ce4c..0b947bb0b 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -41,11 +41,14 @@ fn generate_domain_separator((row, column): (u8, u8)) -> u16 {
 
 /// Sample and write out up to four ring elements.
 ///
-/// If `indices[i]` is provided, a field element with domain separated
-/// seed according to the provided index is generated in `tmp_stack`. After successful rejection sampling in `tmp_stack[i]`, the ring element is written to `matrix` at the provided index in `indices[i]`.
+/// If i <= `elements_requested`, a field element with domain separated
+/// seed according to the provided index is generated in
+/// `tmp_stack[i]`. After successful rejection sampling in
+/// `tmp_stack[i]`, the ring element is written to `matrix` at the
+/// provided index in `indices[i]`.
 /// `rand_stack` is a working buffer that holds initial Shake output.
 #[inline(always)]
-pub(crate) fn sample_four_ring_elements<
+pub(crate) fn sample_up_to_four_ring_elements<
     SIMDUnit: Operations,
     Shake128: shake128::XofX4,
     const ROWS_IN_A: usize,
@@ -60,18 +63,16 @@ pub(crate) fn sample_four_ring_elements<
         [u8; shake128::FIVE_BLOCKS_SIZE],
     ),
     tmp_stack: &mut [[i32; 263]],
-    indices: &[(u8, u8)],
+    indices: &[(u8, u8); 4],
+    elements_requested: usize,
 ) {
-    debug_assert!(indices.len() <= 4);
-
-    // If less than four indices are provided, the remaining slots are
-    // filled with dummy values and the results are not written out to
-    // `matrix`.
-    let domain_separator0 = generate_domain_separator(*indices.get(0).unwrap_or(&(0, 0)));
-    let domain_separator1 = generate_domain_separator(*indices.get(1).unwrap_or(&(0, 0)));
-    let domain_separator2 = generate_domain_separator(*indices.get(2).unwrap_or(&(0, 0)));
-    let domain_separator3 = generate_domain_separator(*indices.get(3).unwrap_or(&(0, 0)));
+    debug_assert!(elements_requested <= 4);
 
+    let domain_separator0 = generate_domain_separator(indices[0]);
+    let domain_separator1 = generate_domain_separator(indices[1]);
+    let domain_separator2 = generate_domain_separator(indices[2]);
+    let domain_separator3 = generate_domain_separator(indices[3]);
+    
     // Prepare the seeds
     seed0[32] = domain_separator0 as u8;
     seed0[33] = (domain_separator0 >> 8) as u8;
@@ -163,7 +164,7 @@ pub(crate) fn sample_four_ring_elements<
         }
     }
 
-    for k in 0..indices.len() {
+    for k in 0..elements_requested {
         let (i, j) = indices[k];
         matrix[i as usize][j as usize] =
             PolynomialRingElement::<SIMDUnit>::from_i32_array(&tmp_stack[k]);
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 45b13d994..d0191c503 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -1,7 +1,7 @@
 use crate::{
     hash_functions::{shake128, shake256},
     polynomial::PolynomialRingElement,
-    sample::{sample_four_error_ring_elements, sample_four_ring_elements},
+    sample::{sample_four_error_ring_elements, sample_up_to_four_ring_elements},
     simd::traits::Operations,
 };
 
@@ -21,12 +21,13 @@ type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
 /// $c, $d.
 macro_rules! sample_four_ring_elements_into {
     ($seed:ident, $matrix:ident, $rand_stack:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
-        sample_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
+        sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
             $seed,
             &mut $matrix,
             &mut $rand_stack,
             &mut $tmp_stack,
             &[$a, $b, $c, $d],
+            4,
         );
     };
 }
@@ -190,12 +191,13 @@ pub(crate) fn matrix_A_6_by_5<
     );
 
     // The last 2 sampled ring elements are discarded here.
-    sample_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         &mut A,
         &mut rand_stack,
         &mut tmp_stack,
-        &[(5, 3), (5, 4)],
+        &[(5, 3), (5, 4), (5,5), (5,6)],
+        2,
     );
 
     A

From a3dba9d64509df3d5adf5d656f4e7fee3fce8562 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 12:10:48 +0100
Subject: [PATCH 131/142] Update C extraction

---
 libcrux-ml-dsa/cg/code_gen.txt               |   2 +-
 libcrux-ml-dsa/cg/header.txt                 |   2 +-
 libcrux-ml-dsa/cg/libcrux_core.h             |   2 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 424 +++++++-----------
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 430 +++++++------------
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |   2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |   2 +-
 7 files changed, 332 insertions(+), 532 deletions(-)

diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index 3d7b1d30b..b0e4f99c7 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index d76b62aa4..bdd12b396 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+ * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
  */
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index b31608d46..57c7db76c 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+ * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 673df0bcc..8a3d324dc 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+ * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -3292,47 +3292,6 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ea(void) {
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
-- $840size_t
-- $6size_t
-- $5size_t
-*/
-typedef struct libcrux_ml_dsa_sample_SampleArgs_c5_s {
-  uint8_t_840size_t__x4 *rand_stack;
-  Eurydice_slice tmp_stack;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U];
-  Eurydice_slice indices;
-} libcrux_ml_dsa_sample_SampleArgs_c5;
-
-/**
-This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit,
-STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]}
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.sample.new_29
-with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
-with const generics
-- STACK_SIZE= 840
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-*/
-KRML_ATTRIBUTE_TARGET("avx2")
-static inline libcrux_ml_dsa_sample_SampleArgs_c5
-libcrux_ml_dsa_sample_new_29_4f(
-    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U],
-    Eurydice_slice indices) {
-  libcrux_ml_dsa_sample_SampleArgs_c5 lit;
-  lit.rand_stack = rand_stack;
-  lit.tmp_stack = tmp_stack;
-  lit.out = out;
-  lit.indices = indices;
-  return lit;
-}
-
 /**
 A monomorphic instance of
 libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
@@ -3397,17 +3356,37 @@ libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
+ Sample and write out up to four ring elements.
+
+ If i <= `elements_requested`, a field element with domain separated
+ seed according to the provided index is generated in
+ `tmp_stack[i]`. After successful rejection sampling in
+ `tmp_stack[i]`, the ring element is written to `matrix` at the
+ provided index in `indices[i]`.
+ `rand_stack` is a working buffer that holds initial Shake output.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_up_to_four_ring_elements
 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit,
 libcrux_ml_dsa_hash_functions_simd256_Shake128x4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
 KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-    uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1,
-    uint16_t domain_seperator2, uint16_t domain_separator3,
-    libcrux_ml_dsa_sample_SampleArgs_c5 *memory) {
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+    uint8_t seed0[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*matrix)[5U],
+    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
+    uint8_t_x2 *indices, size_t elements_requested) {
+  uint16_t domain_separator0 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]);
+  uint16_t domain_separator1 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[1U]);
+  uint16_t domain_separator2 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[2U]);
+  uint16_t domain_separator3 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[3U]);
   seed0[32U] = (uint8_t)domain_separator0;
   seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
   uint8_t seed1[34U];
@@ -3416,8 +3395,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
   seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
   uint8_t seed2[34U];
   memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
-  seed2[32U] = (uint8_t)domain_seperator2;
-  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  seed2[32U] = (uint8_t)domain_separator2;
+  seed2[33U] = (uint8_t)((uint32_t)domain_separator2 >> 8U);
   uint8_t seed3[34U];
   memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
   seed3[32U] = (uint8_t)domain_separator3;
@@ -3429,39 +3408,35 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
           Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
           Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
   libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b(
-      &state, memory->rand_stack->fst, memory->rand_stack->snd,
-      memory->rand_stack->thd, memory->rand_stack->f3);
+      &state, rand_stack->fst, rand_stack->snd, rand_stack->thd,
+      rand_stack->f3);
   size_t sampled0 = (size_t)0U;
   size_t sampled1 = (size_t)0U;
   size_t sampled2 = (size_t)0U;
   size_t sampled3 = (size_t)0U;
   bool done0 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t),
           &sampled0,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done1 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t),
           &sampled1,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done2 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t),
           &sampled2,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done3 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t),
           &sampled3,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
                                int32_t(*)[263U]));
   while (true) {
     if (done0) {
@@ -3479,8 +3454,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                               uint8_t),
                       &sampled0,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
             if (!done1) {
               done1 =
@@ -3488,8 +3463,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                               uint8_t),
                       &sampled1,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
             if (!done2) {
               done2 =
@@ -3497,8 +3472,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                               uint8_t),
                       &sampled2,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
             if (!done3) {
               done3 =
@@ -3506,8 +3481,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
                                               uint8_t),
                       &sampled3,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
           }
         } else {
@@ -3520,8 +3495,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                             uint8_t),
                     &sampled0,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
           if (!done1) {
             done1 =
@@ -3529,8 +3504,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                             uint8_t),
                     &sampled1,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
           if (!done2) {
             done2 =
@@ -3538,8 +3513,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                             uint8_t),
                     &sampled2,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
           if (!done3) {
             done3 =
@@ -3547,8 +3522,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
                                             uint8_t),
                     &sampled3,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
         }
       } else {
@@ -3560,8 +3535,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                           uint8_t),
                   &sampled0,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
         if (!done1) {
           done1 =
@@ -3569,8 +3544,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                           uint8_t),
                   &sampled1,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
         if (!done2) {
           done2 =
@@ -3578,8 +3553,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                           uint8_t),
                   &sampled2,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
         if (!done3) {
           done3 =
@@ -3587,8 +3562,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
                                           uint8_t),
                   &sampled3,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
       }
     } else {
@@ -3600,8 +3575,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                         uint8_t),
                 &sampled0,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
       if (!done1) {
         done1 =
@@ -3609,8 +3584,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                         uint8_t),
                 &sampled1,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
       if (!done2) {
         done2 =
@@ -3618,36 +3593,30 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                         uint8_t),
                 &sampled2,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
       if (!done3) {
         done3 =
             libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
                 &sampled3,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
     }
   }
-  for (size_t i0 = (size_t)0U;
-       i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) {
+  for (size_t i0 = (size_t)0U; i0 < elements_requested; i0++) {
     size_t k = i0;
     size_t uu____0 = k;
-    size_t i =
-        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
-            .fst;
-    size_t j =
-        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
-            .snd;
+    uint8_t i = indices[uu____0].fst;
+    uint8_t j = indices[uu____0].snd;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
         libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_array_to_slice(
             (size_t)263U,
-            Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U],
-                                 int32_t(*)[263U]),
+            Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]),
             int32_t));
-    memory->out[i][j] = uu____1;
+    matrix[(size_t)i][(size_t)j] = uu____1;
   }
 }
 
@@ -5356,161 +5325,94 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
   rand_stack.f3[838U] = 0U;
   rand_stack.f3[839U] = 0U;
   int32_t tmp_stack[4U][263U] = {{0U}};
-  size_t_x2 buf0[0U] = {};
-  libcrux_ml_dsa_sample_SampleArgs_c5 memory = libcrux_ml_dsa_sample_new_29_4f(
-      &rand_stack,
-      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A,
-      Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2));
-  size_t_x2 buf[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2);
-  uint8_t uu____2[34U];
-  memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____2,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})),
-      &memory);
-  size_t_x2 buf1[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2);
-  uint8_t uu____3[34U];
-  memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____3,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})),
-      &memory);
-  size_t_x2 buf2[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2);
-  uint8_t uu____4[34U];
-  memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____4,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})),
-      &memory);
-  size_t_x2 buf3[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2);
-  uint8_t uu____5[34U];
-  memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____5,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})),
-      &memory);
-  size_t_x2 buf4[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2);
-  uint8_t uu____6[34U];
-  memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____6,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})),
-      &memory);
-  size_t_x2 buf5[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2);
-  uint8_t uu____7[34U];
-  memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____7,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})),
-      &memory);
-  size_t_x2 buf6[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2);
-  uint8_t uu____8[34U];
-  memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____8,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})),
-      &memory);
-  size_t_x2 buf7[2U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})};
-  memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2);
-  uint8_t uu____9[34U];
-  memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_f4(
-      uu____9,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})),
-      &memory);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf0[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf1[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed0, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf2[4U] = {(CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed1, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf3[4U] = {(CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed2, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[34U];
+  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf4[4U] = {(CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed3, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed4[34U];
+  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf5[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed4, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed5[34U];
+  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf6[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed5, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed6[34U];
+  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf[4U] = {(CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U}),
+                        (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U}),
+                        (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}),
+                        (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
+      copy_of_seed6, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf,
+      (size_t)2U);
   memcpy(ret, A,
          (size_t)6U *
              sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U]));
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index e1ee4a6e2..f05d7b3af 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+ * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -523,7 +523,7 @@ typedef struct uint8_t_x2_s {
 } uint8_t_x2;
 
 static KRML_MUSTINLINE uint16_t
-libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t_x2 _) {
+libcrux_ml_dsa_sample_generate_domain_separator(uint8_t_x2 _) {
   uint8_t row = _.fst;
   uint8_t column = _.snd;
   return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U;
@@ -4171,11 +4171,6 @@ typedef struct uint8_t_840size_t__x4_s {
   uint8_t f3[840U];
 } uint8_t_840size_t__x4;
 
-typedef struct size_t_x2_s {
-  size_t fst;
-  size_t snd;
-} size_t_x2;
-
 /**
 A monomorphic instance of K.
 with types uint8_t[4032size_t], uint8_t[1952size_t]
@@ -4244,46 +4239,6 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ba(void) {
   return lit;
 }
 
-/**
-A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
-- $840size_t
-- $6size_t
-- $5size_t
-*/
-typedef struct libcrux_ml_dsa_sample_SampleArgs_4e_s {
-  uint8_t_840size_t__x4 *rand_stack;
-  Eurydice_slice tmp_stack;
-  libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U];
-  Eurydice_slice indices;
-} libcrux_ml_dsa_sample_SampleArgs_4e;
-
-/**
-This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit,
-STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]}
-*/
-/**
-A monomorphic instance of libcrux_ml_dsa.sample.new_29
-with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
-with const generics
-- STACK_SIZE= 840
-- ROWS_IN_A= 6
-- COLUMNS_IN_A= 5
-*/
-static inline libcrux_ml_dsa_sample_SampleArgs_4e
-libcrux_ml_dsa_sample_new_29_ab(
-    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U],
-    Eurydice_slice indices) {
-  libcrux_ml_dsa_sample_SampleArgs_4e lit;
-  lit.rand_stack = rand_stack;
-  lit.tmp_stack = tmp_stack;
-  lit.out = out;
-  lit.indices = indices;
-  return lit;
-}
-
 /**
 A monomorphic instance of
 libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types
@@ -4349,16 +4304,36 @@ libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) {
 }
 
 /**
-A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements
+ Sample and write out up to four ring elements.
+
+ If i <= `elements_requested`, a field element with domain separated
+ seed according to the provided index is generated in
+ `tmp_stack[i]`. After successful rejection sampling in
+ `tmp_stack[i]`, the ring element is written to `matrix` at the
+ provided index in `indices[i]`.
+ `rand_stack` is a working buffer that holds initial Shake output.
+*/
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.sample_up_to_four_ring_elements
 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit,
 libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics
 - ROWS_IN_A= 6
 - COLUMNS_IN_A= 5
 */
-static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-    uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1,
-    uint16_t domain_seperator2, uint16_t domain_separator3,
-    libcrux_ml_dsa_sample_SampleArgs_4e *memory) {
+static KRML_MUSTINLINE void
+libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+    uint8_t seed0[34U],
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*matrix)[5U],
+    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
+    uint8_t_x2 *indices, size_t elements_requested) {
+  uint16_t domain_separator0 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]);
+  uint16_t domain_separator1 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[1U]);
+  uint16_t domain_separator2 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[2U]);
+  uint16_t domain_separator3 =
+      libcrux_ml_dsa_sample_generate_domain_separator(indices[3U]);
   seed0[32U] = (uint8_t)domain_separator0;
   seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U);
   uint8_t seed1[34U];
@@ -4367,8 +4342,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
   seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U);
   uint8_t seed2[34U];
   memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t));
-  seed2[32U] = (uint8_t)domain_seperator2;
-  seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U);
+  seed2[32U] = (uint8_t)domain_separator2;
+  seed2[33U] = (uint8_t)((uint32_t)domain_separator2 >> 8U);
   uint8_t seed3[34U];
   memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t));
   seed3[32U] = (uint8_t)domain_separator3;
@@ -4380,39 +4355,35 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
           Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
           Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
   libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
-      &state, memory->rand_stack->fst, memory->rand_stack->snd,
-      memory->rand_stack->thd, memory->rand_stack->f3);
+      &state, rand_stack->fst, rand_stack->snd, rand_stack->thd,
+      rand_stack->f3);
   size_t sampled0 = (size_t)0U;
   size_t sampled1 = (size_t)0U;
   size_t sampled2 = (size_t)0U;
   size_t sampled3 = (size_t)0U;
   bool done0 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t),
           &sampled0,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done1 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t),
           &sampled1,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done2 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t),
           &sampled2,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done3 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3,
-                                  uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t),
           &sampled3,
-          Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U],
+          Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
                                int32_t(*)[263U]));
   while (true) {
     if (done0) {
@@ -4430,8 +4401,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                               uint8_t),
                       &sampled0,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
             if (!done1) {
               done1 =
@@ -4439,8 +4410,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                               uint8_t),
                       &sampled1,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
             if (!done2) {
               done2 =
@@ -4448,8 +4419,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                               uint8_t),
                       &sampled2,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
             if (!done3) {
               done3 =
@@ -4457,8 +4428,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                       Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
                                               uint8_t),
                       &sampled3,
-                      Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                           int32_t[263U], int32_t(*)[263U]));
+                      Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                           int32_t(*)[263U]));
             }
           }
         } else {
@@ -4471,8 +4442,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                             uint8_t),
                     &sampled0,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
           if (!done1) {
             done1 =
@@ -4480,8 +4451,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                             uint8_t),
                     &sampled1,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
           if (!done2) {
             done2 =
@@ -4489,8 +4460,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                             uint8_t),
                     &sampled2,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
           if (!done3) {
             done3 =
@@ -4498,8 +4469,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                     Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
                                             uint8_t),
                     &sampled3,
-                    Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                         int32_t[263U], int32_t(*)[263U]));
+                    Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                         int32_t(*)[263U]));
           }
         }
       } else {
@@ -4512,8 +4483,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                           uint8_t),
                   &sampled0,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
         if (!done1) {
           done1 =
@@ -4521,8 +4492,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                           uint8_t),
                   &sampled1,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
         if (!done2) {
           done2 =
@@ -4530,8 +4501,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                           uint8_t),
                   &sampled2,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
         if (!done3) {
           done3 =
@@ -4539,8 +4510,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                   Eurydice_array_to_slice((size_t)168U, randomnesses.f3,
                                           uint8_t),
                   &sampled3,
-                  Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                       int32_t[263U], int32_t(*)[263U]));
+                  Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                       int32_t(*)[263U]));
         }
       }
     } else {
@@ -4552,8 +4523,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.fst,
                                         uint8_t),
                 &sampled0,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)0U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
       if (!done1) {
         done1 =
@@ -4561,8 +4532,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.snd,
                                         uint8_t),
                 &sampled1,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)1U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
       if (!done2) {
         done2 =
@@ -4570,36 +4541,30 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.thd,
                                         uint8_t),
                 &sampled2,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)2U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
       if (!done3) {
         done3 =
             libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
                 Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t),
                 &sampled3,
-                Eurydice_slice_index(memory->tmp_stack, (size_t)3U,
-                                     int32_t[263U], int32_t(*)[263U]));
+                Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
+                                     int32_t(*)[263U]));
       }
     }
   }
-  for (size_t i0 = (size_t)0U;
-       i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) {
+  for (size_t i0 = (size_t)0U; i0 < elements_requested; i0++) {
     size_t k = i0;
     size_t uu____0 = k;
-    size_t i =
-        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
-            .fst;
-    size_t j =
-        Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *)
-            .snd;
+    uint8_t i = indices[uu____0].fst;
+    uint8_t j = indices[uu____0].snd;
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
         libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_array_to_slice(
             (size_t)263U,
-            Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U],
-                                 int32_t(*)[263U]),
+            Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]),
             int32_t));
-    memory->out[i][j] = uu____1;
+    matrix[(size_t)i][(size_t)j] = uu____1;
   }
 }
 
@@ -6307,161 +6272,94 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
   rand_stack.f3[838U] = 0U;
   rand_stack.f3[839U] = 0U;
   int32_t tmp_stack[4U][263U] = {{0U}};
-  size_t_x2 buf0[0U] = {};
-  libcrux_ml_dsa_sample_SampleArgs_4e memory = libcrux_ml_dsa_sample_new_29_ab(
-      &rand_stack,
-      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A,
-      Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2));
-  size_t_x2 buf[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2);
-  uint8_t uu____2[34U];
-  memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____2,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})),
-      &memory);
-  size_t_x2 buf1[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2);
-  uint8_t uu____3[34U];
-  memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____3,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})),
-      &memory);
-  size_t_x2 buf2[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2);
-  uint8_t uu____4[34U];
-  memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____4,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})),
-      &memory);
-  size_t_x2 buf3[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2);
-  uint8_t uu____5[34U];
-  memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____5,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})),
-      &memory);
-  size_t_x2 buf4[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2);
-  uint8_t uu____6[34U];
-  memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____6,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})),
-      &memory);
-  size_t_x2 buf5[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2);
-  uint8_t uu____7[34U];
-  memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____7,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})),
-      &memory);
-  size_t_x2 buf6[4U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})};
-  memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2);
-  uint8_t uu____8[34U];
-  memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____8,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})),
-      &memory);
-  size_t_x2 buf7[2U] = {
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}),
-      (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})};
-  memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2);
-  uint8_t uu____9[34U];
-  memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t));
-  libcrux_ml_dsa_sample_sample_four_ring_elements_49(
-      uu____9,
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})),
-      libcrux_ml_dsa_samplex4_generate_domain_separator(
-          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})),
-      &memory);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed[34U];
+  memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf0[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed0[34U];
+  memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf1[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed0, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed1[34U];
+  memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf2[4U] = {(CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U}),
+                         (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed1, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed2[34U];
+  memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf3[4U] = {(CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U}),
+                         (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed2, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed3[34U];
+  memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf4[4U] = {(CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}),
+                         (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed3, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed4[34U];
+  memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf5[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}),
+                         (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed4, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed5[34U];
+  memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf6[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U}),
+                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U}),
+                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}),
+                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed5, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6,
+      (size_t)4U);
+  /* Passing arrays by value in Rust generates a copy in C */
+  uint8_t copy_of_seed6[34U];
+  memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t));
+  uint8_t_x2 buf[4U] = {(CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U}),
+                        (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U}),
+                        (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}),
+                        (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})};
+  libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
+      copy_of_seed6, A, &rand_stack,
+      Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf,
+      (size_t)2U);
   memcpy(ret, A,
          (size_t)6U *
              sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U]));
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index 1241bcd5b..b786152bb 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+ * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index 3611ecbf2..c12c02ac6 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721
+ * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
  */
 
 #ifndef __libcrux_sha3_portable_H

From 95c30a208bc28f06e462cc2dbb62e1f8fb81c839 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 12:13:35 +0100
Subject: [PATCH 132/142] Use `opaque` instead of `opaque_type`

---
 libcrux-ml-dsa/src/hash_functions.rs | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs
index 84ca5fbe9..2be51bd30 100644
--- a/libcrux-ml-dsa/src/hash_functions.rs
+++ b/libcrux-ml-dsa/src/hash_functions.rs
@@ -101,7 +101,7 @@ pub(crate) mod portable {
     /// Portable SHAKE 128 x4 state.
     ///
     /// We're using a portable implementation so this is actually sequential.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake128X4 {
         state0: KeccakState,
         state1: KeccakState,
@@ -197,7 +197,7 @@ pub(crate) mod portable {
     }
 
     /// Portable SHAKE 128 state
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake128 {}
 
     #[inline(always)]
@@ -213,7 +213,7 @@ pub(crate) mod portable {
     }
 
     /// Portable SHAKE 256 state
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake256 {
         state: KeccakState,
     }
@@ -269,7 +269,7 @@ pub(crate) mod portable {
     /// Portable SHAKE 256 x4 state.
     ///
     /// We're using a portable implementation so this is actually sequential.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake256X4 {
         state0: libcrux_sha3::portable::KeccakState,
         state1: libcrux_sha3::portable::KeccakState,
@@ -389,7 +389,7 @@ pub(crate) mod portable {
         }
     }
 
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake256Xof {
         state: incremental::Shake256Xof,
     }
@@ -426,7 +426,7 @@ pub(crate) mod simd256 {
     ///
     /// This only implements the XofX4 API. For the single Xof, the portable
     /// version is used.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake128x4 {
         state: libcrux_sha3::avx2::x4::incremental::KeccakState,
     }
@@ -512,7 +512,7 @@ pub(crate) mod simd256 {
     }
 
     /// AVX2 SHAKE 256 state
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake256 {
         state: libcrux_sha3::portable::KeccakState,
     }
@@ -573,7 +573,7 @@ pub(crate) mod simd256 {
     }
 
     /// AVX2 SHAKE 256 x4 state.
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake256x4 {
         state: libcrux_sha3::avx2::x4::incremental::KeccakState,
     }
@@ -699,10 +699,10 @@ pub(crate) mod neon {
 
     use super::{shake128, shake256};
     use libcrux_sha3::neon::x2;
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) type KeccakState = x2::incremental::KeccakState;
 
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake128x4 {
         state: [KeccakState; 2],
     }
@@ -773,7 +773,7 @@ pub(crate) mod neon {
     }
 
     /// Neon SHAKE 256 x4 state
-    #[cfg_attr(hax, hax_lib::opaque_type)]
+    #[cfg_attr(hax, hax_lib::opaque)]
     pub(crate) struct Shake256x4 {
         state: [KeccakState; 2],
     }

From a9714a49b61929b267e95bbf799c0c0a8ac8a5b1 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 12:13:53 +0100
Subject: [PATCH 133/142] Update hax extraction

---
 .../Libcrux_ml_dsa.Encoding.Signature.fst     |    2 +-
 .../Libcrux_ml_dsa.Encoding.Signature.fsti    |    2 +-
 .../Libcrux_ml_dsa.Hash_functions.Neon.fsti   |    4 +-
 ...ibcrux_ml_dsa.Hash_functions.Portable.fsti |   10 +-
 ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti |   10 +-
 .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst        |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst        |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst    |   12 +-
 .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst  |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst        |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst        |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst    |   12 +-
 .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst  |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst        |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst        |   12 +-
 .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst    |   12 +-
 .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst  |   12 +-
 ...neric.Instantiations.Avx2.Avx2_feature.fst |   12 +-
 ...eric.Instantiations.Avx2.Avx2_feature.fsti |    2 +
 ...dsa.Ml_dsa_generic.Instantiations.Neon.fst |   12 +-
 ...sa.Ml_dsa_generic.Instantiations.Neon.fsti |    2 +
 ...Ml_dsa_generic.Instantiations.Portable.fst |    7 +
 ...l_dsa_generic.Instantiations.Portable.fsti |    2 +
 .../Libcrux_ml_dsa.Ml_dsa_generic.fst         |  812 ++++----
 .../Libcrux_ml_dsa.Ml_dsa_generic.fsti        |  179 +-
 .../extraction/Libcrux_ml_dsa.Polynomial.fst  |   42 +-
 .../extraction/Libcrux_ml_dsa.Polynomial.fsti |   24 +-
 .../extraction/Libcrux_ml_dsa.Sample.fst      |  735 +++----
 .../extraction/Libcrux_ml_dsa.Sample.fsti     |   45 +-
 .../extraction/Libcrux_ml_dsa.Samplex4.fst    | 1681 +++++++++--------
 .../extraction/Libcrux_ml_dsa.Samplex4.fsti   |   67 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst  |   12 +
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti |    6 +
 ...bcrux_ml_dsa.Simd.Portable.Vector_type.fst |   12 +
 ...crux_ml_dsa.Simd.Portable.Vector_type.fsti |    6 +
 .../fstar/extraction/Libcrux_ml_dsa.Types.fst |   36 +-
 .../extraction/Libcrux_ml_dsa.Types.fsti      |   21 +-
 .../extraction/Libcrux_platform.X86.fsti      |    6 +
 38 files changed, 2063 insertions(+), 1830 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst
index 096a14a68..c351af8bb 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst
@@ -14,7 +14,7 @@ let impl__deserialize
       (v_COMMITMENT_HASH_SIZE v_COLUMNS_IN_A v_ROWS_IN_A v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_MAX_ONES_IN_HINT v_SIGNATURE_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (serialized: t_Array u8 v_SIGNATURE_SIZE)
      =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti
index 0ef8c6563..53b1e72ed 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti
@@ -25,7 +25,7 @@ val impl__deserialize
       (#v_SIMDUnit: Type0)
       (v_COMMITMENT_HASH_SIZE v_COLUMNS_IN_A v_ROWS_IN_A v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_MAX_ONES_IN_HINT v_SIGNATURE_SIZE:
           usize)
-      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (serialized: t_Array u8 v_SIGNATURE_SIZE)
     : Prims.Pure
       (Core.Result.t_Result
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti
index a7762dfe1..d27a20455 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti
@@ -3,10 +3,10 @@ module Libcrux_ml_dsa.Hash_functions.Neon
 open Core
 open FStar.Mul
 
-val t_Shake128x4:Type0
+val t_Shake128x4:eqtype
 
 /// Neon SHAKE 256 x4 state
-val t_Shake256x4:Type0
+val t_Shake256x4:eqtype
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
index b2a04571e..0b7e313f7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti
@@ -4,20 +4,20 @@ open Core
 open FStar.Mul
 
 /// Portable SHAKE 128 state
-val t_Shake128:Type0
+val t_Shake128:eqtype
 
 /// Portable SHAKE 128 x4 state.
 /// We\'re using a portable implementation so this is actually sequential.
-val t_Shake128X4:Type0
+val t_Shake128X4:eqtype
 
 /// Portable SHAKE 256 state
-val t_Shake256:Type0
+val t_Shake256:eqtype
 
 /// Portable SHAKE 256 x4 state.
 /// We\'re using a portable implementation so this is actually sequential.
-val t_Shake256X4:Type0
+val t_Shake256X4:eqtype
 
-val t_Shake256Xof:Type0
+val t_Shake256Xof:eqtype
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
index c40649c70..109c7ccf9 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti
@@ -6,13 +6,13 @@ open FStar.Mul
 /// AVX2 SHAKE 128 state
 /// This only implements the XofX4 API. For the single Xof, the portable
 /// version is used.
-val t_Shake128x4:Type0
-
-/// AVX2 SHAKE 256 x4 state.
-val t_Shake256x4:Type0
+val t_Shake128x4:eqtype
 
 /// AVX2 SHAKE 256 state
-val t_Shake256:Type0
+val t_Shake256:eqtype
+
+/// AVX2 SHAKE 256 x4 state.
+val t_Shake256x4:eqtype
 
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst
index 57daef3c6..c923aaf46 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l
     (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2)
     (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17)
     (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst
index 881529d16..cbfcb41f1 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l
     (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2)
     (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17)
     (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst
index 47feb8acb..5ecf58ac3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17)
     95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560)
-    (sz 2420) (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560))
+    (sz 2420) (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560))
     message context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 4) (sz 4) (sz 2420) (sz 1312)
     (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 4) (sz 4)
     (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst
index de9e24809..fd9368339 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l
     (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96)
     (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17)
     (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420)
     (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst
index 93a4a47d2..fb56ab400 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19)
     261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4)
     (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19)
     (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst
index 52cd13c55..06692d1d7 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19)
     261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4)
     (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19)
     (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst
index 272c8f309..d696b883f 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19)
     261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032)
-    (sz 3309) (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032))
+    (sz 3309) (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032))
     message context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 6) (sz 5) (sz 3309) (sz 1952)
     (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 6) (sz 5)
     (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst
index 47f6598f5..9029cf9f8 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l
     (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128)
     (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19)
     (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309)
     (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst
index a5cb7cc82..bed872537 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19)
     261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2)
     (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19)
     (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst
index bec5c242e..f4bc8340a 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19)
     261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2)
     (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19)
     (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst
index a5b4a3a2a..6f6364908 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19)
     261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896)
-    (sz 4627) (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896))
+    (sz 4627) (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896))
     message context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 8) (sz 7) (sz 4627) (sz 2592)
     (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 8) (sz 7)
     (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst
index b7bfad8f1..a72c5865b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst
@@ -29,7 +29,7 @@ let sign
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l
     (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let sign_pre_hashed_shake128
@@ -39,7 +39,7 @@ let sign_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96)
     (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627)
-    (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
+    (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message
     context randomness
 
 let verify
@@ -49,8 +49,8 @@ let verify
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19)
     (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
 
 let verify_pre_hashed_shake128
       (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592))
@@ -59,5 +59,5 @@ let verify_pre_hashed_shake128
      =
   Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627)
     (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75)
-    (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
-    context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627))
+    (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message
+    context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
index 3ae7a4680..c1553434f 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst
@@ -11,6 +11,8 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Hash_functions.Simd256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
+  let open Libcrux_ml_dsa.Samplex4.Avx2 in
   let open Libcrux_ml_dsa.Simd.Avx2 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
@@ -21,7 +23,7 @@ let generate_key_pair
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
+    #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
@@ -37,7 +39,7 @@ let sign
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
+    #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
@@ -56,7 +58,7 @@ let sign_pre_hashed_shake128
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
+    #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -77,7 +79,7 @@ let verify
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
+    #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
     v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
@@ -95,7 +97,7 @@ let verify_pre_hashed_shake128
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
+    #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti
index d24fb5ad1..aaa4d5643 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti
@@ -11,6 +11,8 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Hash_functions.Simd256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
+  let open Libcrux_ml_dsa.Samplex4.Avx2 in
   let open Libcrux_ml_dsa.Simd.Avx2 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
index bc44352c6..c81b51ec3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst
@@ -11,6 +11,8 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
+  let open Libcrux_ml_dsa.Samplex4.Neon in
   let open Libcrux_ml_dsa.Simd.Portable in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
@@ -21,7 +23,7 @@ let generate_key_pair
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
+    #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
@@ -37,7 +39,7 @@ let sign
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
+    #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA
@@ -56,7 +58,7 @@ let sign_pre_hashed_shake128
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
+    #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -77,7 +79,7 @@ let verify
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
+    #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
     v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
@@ -95,7 +97,7 @@ let verify_pre_hashed_shake128
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
-    #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
+    #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti
index 93c40dc34..45fac8db0 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti
@@ -11,6 +11,8 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
+  let open Libcrux_ml_dsa.Samplex4.Neon in
   let open Libcrux_ml_dsa.Simd.Portable in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
index 581a147b8..fba006d14 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst
@@ -10,6 +10,8 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
+  let open Libcrux_ml_dsa.Samplex4.Portable in
   let open Libcrux_ml_dsa.Simd.Portable in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
@@ -20,6 +22,7 @@ let generate_key_pair
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -36,6 +39,7 @@ let sign
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof
@@ -55,6 +59,7 @@ let sign_pre_hashed_shake128
       (randomness: t_Array u8 (sz 32))
      =
   Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
@@ -76,6 +81,7 @@ let verify
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
@@ -94,6 +100,7 @@ let verify_pre_hashed_shake128
       (signature: t_Array u8 v_SIGNATURE_SIZE)
      =
   Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit
+    #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
     #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti
index 1e4399d64..9bd1f00f2 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti
@@ -10,6 +10,8 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
+  let open Libcrux_ml_dsa.Samplex4.Portable in
   let open Libcrux_ml_dsa.Simd.Portable in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
index 0bf89311c..1fec04ec9 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst
@@ -9,6 +9,7 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
@@ -109,26 +110,311 @@ let derive_message_representative
   let _:Prims.unit = () in
   message_representative
 
+let verify_internal
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
+          usize)
+      (v_GAMMA2 v_BETA: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
+          usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i5:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i7:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
+      (message: t_Slice u8)
+      (domain_separation_context:
+          Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext)
+      (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
+     =
+  let seed_for_A, t1:(t_Array u8 (sz 32) &
+    t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) =
+    Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit
+      v_ROWS_IN_A
+      v_VERIFICATION_KEY_SIZE
+      verification_key_serialized
+  in
+  match
+    Libcrux_ml_dsa.Encoding.Signature.impl__deserialize #v_SIMDUnit
+      v_COMMITMENT_HASH_SIZE
+      v_COLUMNS_IN_A
+      v_ROWS_IN_A
+      v_GAMMA1_EXPONENT
+      v_GAMMA1_RING_ELEMENT_SIZE
+      v_MAX_ONES_IN_HINT
+      v_SIGNATURE_SIZE
+      signature_serialized
+  with
+  | Core.Result.Result_Ok s ->
+    let signature:Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit
+      v_COMMITMENT_HASH_SIZE
+      v_COLUMNS_IN_A
+      v_ROWS_IN_A =
+      s
+    in
+    if
+      Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit
+        v_COLUMNS_IN_A
+        signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response
+        ((2l <<! v_GAMMA1_EXPONENT <: i32) -! v_BETA <: i32)
+    then
+      Core.Result.Result_Err
+      (Libcrux_ml_dsa.Types.VerificationError_SignerResponseExceedsBoundError
+        <:
+        Libcrux_ml_dsa.Types.t_VerificationError)
+      <:
+      Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+    else
+      let v_A_as_ntt:t_Array
+        (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+        v_ROWS_IN_A =
+        Libcrux_ml_dsa.Samplex4.f_matrix_A #v_Sampler
+          #FStar.Tactics.Typeclasses.solve
+          #v_SIMDUnit
+          v_ROWS_IN_A
+          v_COLUMNS_IN_A
+          (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) (seed_for_A <: t_Slice u8)
+            <:
+            t_Array u8 (sz 34))
+      in
+      let verification_key_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
+      let verification_key_hash:t_Array u8 (sz 64) =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256
+          #FStar.Tactics.Typeclasses.solve
+          (sz 64)
+          (verification_key_serialized <: t_Slice u8)
+          verification_key_hash
+      in
+      let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
+      let message_representative:t_Array u8 (sz 64) =
+        derive_message_representative #v_Shake256Xof
+          verification_key_hash
+          domain_separation_context
+          message
+          message_representative
+      in
+      let verifier_challenge_as_ntt:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
+        Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
+          (Libcrux_ml_dsa.Sample.sample_challenge_ring_element #v_SIMDUnit
+              #v_Shake256
+              v_ONES_IN_VERIFIER_CHALLENGE
+              v_COMMITMENT_HASH_SIZE
+              signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash
+            <:
+            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+      in
+      let w_approx:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+        v_ROWS_IN_A =
+        Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit
+          v_ROWS_IN_A
+          v_COLUMNS_IN_A
+          v_A_as_ntt
+          signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response
+          verifier_challenge_as_ntt
+          t1
+      in
+      let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE =
+        Rust_primitives.Hax.repeat 0uy v_COMMITMENT_HASH_SIZE
+      in
+      let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+        v_ROWS_IN_A =
+        Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit
+          v_ROWS_IN_A
+          v_GAMMA2
+          signature.Libcrux_ml_dsa.Encoding.Signature.f_hint
+          w_approx
+      in
+      let commitment_serialized:t_Array u8 v_COMMITMENT_VECTOR_SIZE =
+        Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit
+          v_ROWS_IN_A
+          v_COMMITMENT_RING_ELEMENT_SIZE
+          v_COMMITMENT_VECTOR_SIZE
+          commitment
+      in
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          ()
+      in
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
+          (message_representative <: t_Slice u8)
+      in
+      let shake:v_Shake256Xof =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
+          (commitment_serialized <: t_Slice u8)
+      in
+      let tmp0, tmp1:(v_Shake256Xof & t_Array u8 v_COMMITMENT_HASH_SIZE) =
+        Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
+          #FStar.Tactics.Typeclasses.solve
+          shake
+          commitment_hash
+      in
+      let shake:v_Shake256Xof = tmp0 in
+      let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = tmp1 in
+      let _:Prims.unit = () in
+      let _:Prims.unit = () in
+      if signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash =. commitment_hash
+      then
+        Core.Result.Result_Ok (() <: Prims.unit)
+        <:
+        Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+      else
+        Core.Result.Result_Err
+        (Libcrux_ml_dsa.Types.VerificationError_CommitmentHashesDontMatchError
+          <:
+          Libcrux_ml_dsa.Types.t_VerificationError)
+        <:
+        Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+  | Core.Result.Result_Err e ->
+    Core.Result.Result_Err e
+    <:
+    Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+
+let verify
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
+          usize)
+      (v_GAMMA2 v_BETA: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
+          usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i5:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i7:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i8:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
+      (message context: t_Slice u8)
+      (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
+     =
+  match
+    Libcrux_ml_dsa.Pre_hash.impl_1__new context
+      (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11)))
+  with
+  | Core.Result.Result_Ok dsc ->
+    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
+    verify_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A
+      v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT
+      v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE
+      v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE
+      v_MAX_ONES_IN_HINT verification_key_serialized message
+      (Core.Option.Option_Some domain_separation_context
+        <:
+        Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized
+  | Core.Result.Result_Err _ ->
+    Core.Result.Result_Err
+    (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
+      <:
+      Libcrux_ml_dsa.Types.t_VerificationError)
+    <:
+    Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+
+let verify_pre_hashed
+      (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
+      (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
+          usize)
+      (v_GAMMA2 v_BETA: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
+          usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i7:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i8: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i9:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i10:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i11:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i12:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i13:
+          Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
+      (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
+      (message context: t_Slice u8)
+      (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
+     =
+  let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN =
+    Libcrux_ml_dsa.Pre_hash.f_hash #v_PH
+      #v_PH_DIGEST_LEN
+      #FStar.Tactics.Typeclasses.solve
+      #v_Shake128
+      message
+  in
+  match
+    Libcrux_ml_dsa.Pre_hash.impl_1__new context
+      (Core.Option.Option_Some
+        (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve ()
+          <:
+          t_Array u8 (sz 11))
+        <:
+        Core.Option.t_Option (t_Array u8 (sz 11)))
+  with
+  | Core.Result.Result_Ok dsc ->
+    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
+    verify_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A
+      v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT
+      v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE
+      v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE
+      v_MAX_ONES_IN_HINT verification_key_serialized (pre_hashed_message <: t_Slice u8)
+      (Core.Option.Option_Some domain_separation_context
+        <:
+        Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized
+  | Core.Result.Result_Err _ ->
+    Core.Result.Result_Err
+    (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
+      <:
+      Libcrux_ml_dsa.Types.t_VerificationError)
+    <:
+    Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+
 let sign_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
       (v_GAMMA2: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
+          i6:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
+          i8:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
+          i10:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
+          i11:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
       (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message: t_Slice u8)
@@ -154,7 +440,9 @@ let sign_internal
   let v_A_as_ntt:t_Array
     (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
     v_ROWS_IN_A =
-    Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit
+    Libcrux_ml_dsa.Samplex4.f_matrix_A #v_Sampler
+      #FStar.Tactics.Typeclasses.solve
+      #v_SIMDUnit
       v_ROWS_IN_A
       v_COLUMNS_IN_A
       (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) (seed_for_A <: t_Slice u8)
@@ -480,354 +768,67 @@ let sign_internal
                 ({
                     Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash = commitment_hash;
                     Libcrux_ml_dsa.Encoding.Signature.f_signer_response = signer_response;
-                    Libcrux_ml_dsa.Encoding.Signature.f_hint = hint
-                  }
-                  <:
-                  Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit
-                    v_COMMITMENT_HASH_SIZE
-                    v_COLUMNS_IN_A
-                    v_ROWS_IN_A)
-            in
-            Core.Result.Result_Ok (Libcrux_ml_dsa.Types.impl_4__new v_SIGNATURE_SIZE signature)
-            <:
-            Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-              Libcrux_ml_dsa.Types.t_SigningError
-          | Core.Option.Option_None  ->
-            Core.Result.Result_Err
-            (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
-              <:
-              Libcrux_ml_dsa.Types.t_SigningError)
-            <:
-            Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-              Libcrux_ml_dsa.Types.t_SigningError)
-      | Core.Option.Option_None  ->
-        Core.Result.Result_Err
-        (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
-          <:
-          Libcrux_ml_dsa.Types.t_SigningError)
-        <:
-        Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-          Libcrux_ml_dsa.Types.t_SigningError)
-  | Core.Option.Option_None  ->
-    Core.Result.Result_Err
-    (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError <: Libcrux_ml_dsa.Types.t_SigningError
-    )
-    <:
-    Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-      Libcrux_ml_dsa.Types.t_SigningError
-
-let sign
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
-      (v_GAMMA2: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
-          usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
-      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
-      (message context: t_Slice u8)
-      (randomness: t_Array u8 (sz 32))
-     =
-  match
-    Libcrux_ml_dsa.Pre_hash.impl_1__new context
-      (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11)))
-  with
-  | Core.Result.Result_Ok dsc ->
-    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
-    sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A
-      v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
-      v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
-      v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE
-      v_SIGNATURE_SIZE signing_key message
-      (Core.Option.Option_Some domain_separation_context
-        <:
-        Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
-  | Core.Result.Result_Err _ ->
-    Core.Result.Result_Err
-    (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
-    <:
-    Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-      Libcrux_ml_dsa.Types.t_SigningError
-
-let sign_pre_hashed
-      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
-      (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
-          usize)
-      (v_GAMMA2: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
-          usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i10:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i11:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i12:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i13:
-          Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
-      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
-      (message context: t_Slice u8)
-      (randomness: t_Array u8 (sz 32))
-     =
-  if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN
-  then
-    Core.Result.Result_Err
-    (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
-    <:
-    Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-      Libcrux_ml_dsa.Types.t_SigningError
-  else
-    let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN =
-      Libcrux_ml_dsa.Pre_hash.f_hash #v_PH
-        #v_PH_DIGEST_LEN
-        #FStar.Tactics.Typeclasses.solve
-        #v_Shake128
-        message
-    in
-    match
-      Libcrux_ml_dsa.Pre_hash.impl_1__new context
-        (Core.Option.Option_Some
-          (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve ()
-            <:
-            t_Array u8 (sz 11))
-          <:
-          Core.Option.t_Option (t_Array u8 (sz 11)))
-    with
-    | Core.Result.Result_Ok dsc ->
-      let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
-      sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A
-        v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
-        v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
-        v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE
-        v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key (pre_hashed_message <: t_Slice u8)
-        (Core.Option.Option_Some domain_separation_context
-          <:
-          Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
-    | Core.Result.Result_Err _ ->
-      Core.Result.Result_Err
-      (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
-      <:
-      Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-        Libcrux_ml_dsa.Types.t_SigningError
-
-let verify_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
-          usize)
-      (v_GAMMA2 v_BETA: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
-          usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
-          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
-          Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
-      (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
-      (message: t_Slice u8)
-      (domain_separation_context:
-          Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext)
-      (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
-     =
-  let seed_for_A, t1:(t_Array u8 (sz 32) &
-    t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) =
-    Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit
-      v_ROWS_IN_A
-      v_VERIFICATION_KEY_SIZE
-      verification_key_serialized
-  in
-  match
-    Libcrux_ml_dsa.Encoding.Signature.impl__deserialize #v_SIMDUnit
-      v_COMMITMENT_HASH_SIZE
-      v_COLUMNS_IN_A
-      v_ROWS_IN_A
-      v_GAMMA1_EXPONENT
-      v_GAMMA1_RING_ELEMENT_SIZE
-      v_MAX_ONES_IN_HINT
-      v_SIGNATURE_SIZE
-      signature_serialized
-  with
-  | Core.Result.Result_Ok s ->
-    let signature:Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit
-      v_COMMITMENT_HASH_SIZE
-      v_COLUMNS_IN_A
-      v_ROWS_IN_A =
-      s
-    in
-    if
-      Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit
-        v_COLUMNS_IN_A
-        signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response
-        ((2l <<! v_GAMMA1_EXPONENT <: i32) -! v_BETA <: i32)
-    then
-      Core.Result.Result_Err
-      (Libcrux_ml_dsa.Types.VerificationError_SignerResponseExceedsBoundError
-        <:
-        Libcrux_ml_dsa.Types.t_VerificationError)
-      <:
-      Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
-    else
-      let v_A_as_ntt:t_Array
-        (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-        v_ROWS_IN_A =
-        Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit
-          v_ROWS_IN_A
-          v_COLUMNS_IN_A
-          (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) (seed_for_A <: t_Slice u8)
+                    Libcrux_ml_dsa.Encoding.Signature.f_hint = hint
+                  }
+                  <:
+                  Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit
+                    v_COMMITMENT_HASH_SIZE
+                    v_COLUMNS_IN_A
+                    v_ROWS_IN_A)
+            in
+            Core.Result.Result_Ok (Libcrux_ml_dsa.Types.impl_4__new v_SIGNATURE_SIZE signature)
             <:
-            t_Array u8 (sz 34))
-      in
-      let verification_key_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
-      let verification_key_hash:t_Array u8 (sz 64) =
-        Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256
-          #FStar.Tactics.Typeclasses.solve
-          (sz 64)
-          (verification_key_serialized <: t_Slice u8)
-          verification_key_hash
-      in
-      let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in
-      let message_representative:t_Array u8 (sz 64) =
-        derive_message_representative #v_Shake256Xof
-          verification_key_hash
-          domain_separation_context
-          message
-          message_representative
-      in
-      let verifier_challenge_as_ntt:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit =
-        Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit
-          (Libcrux_ml_dsa.Sample.sample_challenge_ring_element #v_SIMDUnit
-              #v_Shake256
-              v_ONES_IN_VERIFIER_CHALLENGE
-              v_COMMITMENT_HASH_SIZE
-              signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash
+            Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+              Libcrux_ml_dsa.Types.t_SigningError
+          | Core.Option.Option_None  ->
+            Core.Result.Result_Err
+            (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
+              <:
+              Libcrux_ml_dsa.Types.t_SigningError)
             <:
-            Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      in
-      let w_approx:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-        v_ROWS_IN_A =
-        Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit
-          v_ROWS_IN_A
-          v_COLUMNS_IN_A
-          v_A_as_ntt
-          signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response
-          verifier_challenge_as_ntt
-          t1
-      in
-      let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE =
-        Rust_primitives.Hax.repeat 0uy v_COMMITMENT_HASH_SIZE
-      in
-      let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-        v_ROWS_IN_A =
-        Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit
-          v_ROWS_IN_A
-          v_GAMMA2
-          signature.Libcrux_ml_dsa.Encoding.Signature.f_hint
-          w_approx
-      in
-      let commitment_serialized:t_Array u8 v_COMMITMENT_VECTOR_SIZE =
-        Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit
-          v_ROWS_IN_A
-          v_COMMITMENT_RING_ELEMENT_SIZE
-          v_COMMITMENT_VECTOR_SIZE
-          commitment
-      in
-      let shake:v_Shake256Xof =
-        Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof
-          #FStar.Tactics.Typeclasses.solve
-          ()
-      in
-      let shake:v_Shake256Xof =
-        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof
-          #FStar.Tactics.Typeclasses.solve
-          shake
-          (message_representative <: t_Slice u8)
-      in
-      let shake:v_Shake256Xof =
-        Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof
-          #FStar.Tactics.Typeclasses.solve
-          shake
-          (commitment_serialized <: t_Slice u8)
-      in
-      let tmp0, tmp1:(v_Shake256Xof & t_Array u8 v_COMMITMENT_HASH_SIZE) =
-        Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof
-          #FStar.Tactics.Typeclasses.solve
-          shake
-          commitment_hash
-      in
-      let shake:v_Shake256Xof = tmp0 in
-      let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = tmp1 in
-      let _:Prims.unit = () in
-      let _:Prims.unit = () in
-      if signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash =. commitment_hash
-      then
-        Core.Result.Result_Ok (() <: Prims.unit)
-        <:
-        Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
-      else
+            Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+              Libcrux_ml_dsa.Types.t_SigningError)
+      | Core.Option.Option_None  ->
         Core.Result.Result_Err
-        (Libcrux_ml_dsa.Types.VerificationError_CommitmentHashesDontMatchError
+        (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError
           <:
-          Libcrux_ml_dsa.Types.t_VerificationError)
+          Libcrux_ml_dsa.Types.t_SigningError)
         <:
-        Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
-  | Core.Result.Result_Err e ->
-    Core.Result.Result_Err e
+        Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+          Libcrux_ml_dsa.Types.t_SigningError)
+  | Core.Option.Option_None  ->
+    Core.Result.Result_Err
+    (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError <: Libcrux_ml_dsa.Types.t_SigningError
+    )
     <:
-    Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+    Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+      Libcrux_ml_dsa.Types.t_SigningError
 
-let verify
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
-          usize)
-      (v_GAMMA2 v_BETA: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
+let sign
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
+      (v_GAMMA2: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i4:
+          i6:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
+          i8:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
+          i10:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
-      (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i11:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
+      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
-      (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
+      (randomness: t_Array u8 (sz 32))
      =
   match
     Libcrux_ml_dsa.Pre_hash.impl_1__new context
@@ -835,102 +836,115 @@ let verify
   with
   | Core.Result.Result_Ok dsc ->
     let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
-    verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
-      v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
-      v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
-      v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized message
+    sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4
+      v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
+      v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+      v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE
+      v_SIGNATURE_SIZE signing_key message
       (Core.Option.Option_Some domain_separation_context
         <:
-        Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized
+        Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
   | Core.Result.Result_Err _ ->
     Core.Result.Result_Err
-    (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
-      <:
-      Libcrux_ml_dsa.Types.t_VerificationError)
+    (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
     <:
-    Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+    Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+      Libcrux_ml_dsa.Types.t_SigningError
 
-let verify_pre_hashed
-      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
-      (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
+let sign_pre_hashed
+      (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH:
+          Type0)
+      (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
           usize)
-      (v_GAMMA2 v_BETA: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
+      (v_GAMMA2: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
+          i8:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
+          i10:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
+          i11:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
+          i12:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i10:
+          i13:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i11:
+          i14:
+          Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i15:
           Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN)
-      (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
+      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
       (message context: t_Slice u8)
-      (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
+      (randomness: t_Array u8 (sz 32))
      =
-  let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN =
-    Libcrux_ml_dsa.Pre_hash.f_hash #v_PH
-      #v_PH_DIGEST_LEN
-      #FStar.Tactics.Typeclasses.solve
-      #v_Shake128
-      message
-  in
-  match
-    Libcrux_ml_dsa.Pre_hash.impl_1__new context
-      (Core.Option.Option_Some
-        (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve ()
-          <:
-          t_Array u8 (sz 11))
-        <:
-        Core.Option.t_Option (t_Array u8 (sz 11)))
-  with
-  | Core.Result.Result_Ok dsc ->
-    let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
-    verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A
-      v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2
-      v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
-      v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized
-      (pre_hashed_message <: t_Slice u8)
-      (Core.Option.Option_Some domain_separation_context
-        <:
-        Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized
-  | Core.Result.Result_Err _ ->
+  if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN
+  then
     Core.Result.Result_Err
-    (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError
-      <:
-      Libcrux_ml_dsa.Types.t_VerificationError)
+    (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
     <:
-    Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError
+    Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+      Libcrux_ml_dsa.Types.t_SigningError
+  else
+    let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN =
+      Libcrux_ml_dsa.Pre_hash.f_hash #v_PH
+        #v_PH_DIGEST_LEN
+        #FStar.Tactics.Typeclasses.solve
+        #v_Shake128
+        message
+    in
+    match
+      Libcrux_ml_dsa.Pre_hash.impl_1__new context
+        (Core.Option.Option_Some
+          (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve ()
+            <:
+            t_Array u8 (sz 11))
+          <:
+          Core.Option.t_Option (t_Array u8 (sz 11)))
+    with
+    | Core.Result.Result_Ok dsc ->
+      let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in
+      sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4
+        v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2
+        v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE
+        v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE
+        v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key (pre_hashed_message <: t_Slice u8)
+        (Core.Option.Option_Some domain_separation_context
+          <:
+          Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness
+    | Core.Result.Result_Err _ ->
+      Core.Result.Result_Err
+      (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError)
+      <:
+      Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+        Libcrux_ml_dsa.Types.t_SigningError
 
 let generate_key_pair
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE:
           usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i5:
+          i6:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i6:
+          i8:
           Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i7:
+          i9:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i8:
+          i10:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i9:
+          i11:
           Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4)
       (randomness: t_Array u8 (sz 32))
      =
@@ -977,7 +991,9 @@ let generate_key_pair
   let a_as_ntt:t_Array
     (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
     v_ROWS_IN_A =
-    Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit
+    Libcrux_ml_dsa.Samplex4.f_matrix_A #v_Sampler
+      #FStar.Tactics.Typeclasses.solve
+      #v_SIMDUnit
       v_ROWS_IN_A
       v_COLUMNS_IN_A
       (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) seed_for_a <: t_Array u8 (sz 34))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
index b333cdc66..a1ac213b3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti
@@ -9,6 +9,7 @@ let _ =
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Pre_hash in
+  let open Libcrux_ml_dsa.Samplex4 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
@@ -39,82 +40,21 @@ val derive_message_representative
       (message_representative: t_Array u8 (sz 64))
     : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True)
 
-/// The internal signing API.
-/// If no `domain_separation_context` is supplied, it is assumed that
-/// `message` already contains the domain separation.
-val sign_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
-      (v_GAMMA2: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
-          usize)
-      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
-      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
-      (message: t_Slice u8)
-      (domain_separation_context:
-          Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext)
-      (randomness: t_Array u8 (sz 32))
-    : Prims.Pure
-      (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-          Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
-
-val sign
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
-      (v_GAMMA2: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
-          usize)
-      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
-      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
-      (message context: t_Slice u8)
-      (randomness: t_Array u8 (sz 32))
-    : Prims.Pure
-      (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-          Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
-
-val sign_pre_hashed
-      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0)
-      (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
-          usize)
-      (v_GAMMA2: i32)
-      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
-          usize)
-      {| i7: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |}
-      {| i9: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
-      {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
-      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
-      (message context: t_Slice u8)
-      (randomness: t_Array u8 (sz 32))
-    : Prims.Pure
-      (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
-          Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
-
 /// The internal verification API.
 /// If no `domain_separation_context` is supplied, it is assumed that
 /// `message` already contains the domain separation.
 val verify_internal
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message: t_Slice u8)
       (domain_separation_context:
@@ -125,16 +65,17 @@ val verify_internal
       (fun _ -> Prims.l_True)
 
 val verify
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
@@ -143,18 +84,19 @@ val verify
       (fun _ -> Prims.l_True)
 
 val verify_pre_hashed
-      (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
+      (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0)
       (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE:
           usize)
       (v_GAMMA2 v_BETA: i32)
       (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT:
           usize)
-      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i11: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
+      {| i7: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i8: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
       (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE)
       (message context: t_Slice u8)
       (signature_serialized: t_Array u8 v_SIGNATURE_SIZE)
@@ -162,16 +104,83 @@ val verify_pre_hashed
       Prims.l_True
       (fun _ -> Prims.l_True)
 
+/// The internal signing API.
+/// If no `domain_separation_context` is supplied, it is assumed that
+/// `message` already contains the domain separation.
+val sign_internal
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
+      (v_GAMMA2: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
+          usize)
+      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
+      (message: t_Slice u8)
+      (domain_separation_context:
+          Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext)
+      (randomness: t_Array u8 (sz 32))
+    : Prims.Pure
+      (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+          Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
+
+val sign
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize)
+      (v_GAMMA2: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
+          usize)
+      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
+      (message context: t_Slice u8)
+      (randomness: t_Array u8 (sz 32))
+    : Prims.Pure
+      (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+          Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
+
+val sign_pre_hashed
+      (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH:
+          Type0)
+      (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT:
+          usize)
+      (v_GAMMA2: i32)
+      (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE:
+          usize)
+      {| i8: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i9: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |}
+      {| i11: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i13: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |}
+      (signing_key: t_Array u8 v_SIGNING_KEY_SIZE)
+      (message context: t_Slice u8)
+      (randomness: t_Array u8 (sz 32))
+    : Prims.Pure
+      (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE)
+          Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True)
+
 /// Generate a key pair.
 val generate_key_pair
-      (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
+      (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE:
           usize)
-      {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
-      {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
-      {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
-      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
+      {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |}
+      {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |}
+      {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |}
+      {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |}
+      {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |}
       (randomness: t_Array u8 (sz 32))
     : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE)
       Prims.l_True
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst
index 1cfb3ccb5..99e46c0e2 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst
@@ -9,6 +9,38 @@ let _ =
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1':
+    #v_SIMDUnit: Type0 ->
+    {| i1: Core.Clone.t_Clone v_SIMDUnit |} ->
+    {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+  -> Core.Clone.t_Clone (t_PolynomialRingElement v_SIMDUnit)
+
+let impl_1
+      (#v_SIMDUnit: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Clone.t_Clone v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+     = impl_1' #v_SIMDUnit #i1 #i2
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2':
+    #v_SIMDUnit: Type0 ->
+    {| i1: Core.Marker.t_Copy v_SIMDUnit |} ->
+    {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+  -> Core.Marker.t_Copy (t_PolynomialRingElement v_SIMDUnit)
+
+let impl_2
+      (#v_SIMDUnit: Type0)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Marker.t_Copy v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+     = impl_2' #v_SIMDUnit #i1 #i2
+
 let impl__ZERO
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -32,7 +64,7 @@ let impl__ZERO
 let impl__from_i32_array
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (array: t_Slice i32)
      =
@@ -92,7 +124,7 @@ let impl__from_i32_array
 let impl__add
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (self rhs: t_PolynomialRingElement v_SIMDUnit)
      =
@@ -131,7 +163,7 @@ let impl__add
 let impl__infinity_norm_exceeds
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (self: t_PolynomialRingElement v_SIMDUnit)
       (bound: i32)
@@ -161,7 +193,7 @@ let impl__infinity_norm_exceeds
 let impl__subtract
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (self rhs: t_PolynomialRingElement v_SIMDUnit)
      =
@@ -200,7 +232,7 @@ let impl__subtract
 let impl__to_i32_array
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i2:
+          i1:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
       (self: t_PolynomialRingElement v_SIMDUnit)
      =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti
index 6f7a5837e..b9648e9ab 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti
@@ -13,6 +13,20 @@ type t_PolynomialRingElement
   (v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
   = { f_simd_units:t_Array v_SIMDUnit (sz 32) }
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1
+      (#v_SIMDUnit: Type0)
+      {| i1: Core.Clone.t_Clone v_SIMDUnit |}
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+    : Core.Clone.t_Clone (t_PolynomialRingElement v_SIMDUnit)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2
+      (#v_SIMDUnit: Type0)
+      {| i1: Core.Marker.t_Copy v_SIMDUnit |}
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+    : Core.Marker.t_Copy (t_PolynomialRingElement v_SIMDUnit)
+
 val impl__ZERO:
     #v_SIMDUnit: Type0 ->
     {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} ->
@@ -21,31 +35,31 @@ val impl__ZERO:
 
 val impl__from_i32_array
       (#v_SIMDUnit: Type0)
-      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (array: t_Slice i32)
     : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True)
 
 val impl__add
       (#v_SIMDUnit: Type0)
-      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (self rhs: t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True)
 
 val impl__infinity_norm_exceeds
       (#v_SIMDUnit: Type0)
-      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (self: t_PolynomialRingElement v_SIMDUnit)
       (bound: i32)
     : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
 
 val impl__subtract
       (#v_SIMDUnit: Type0)
-      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (self rhs: t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True)
 
 val impl__to_i32_array
       (#v_SIMDUnit: Type0)
-      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
       (self: t_PolynomialRingElement v_SIMDUnit)
     : Prims.Pure (t_Array i32 (sz 256)) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
index 288d73ebd..a209fd286 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
@@ -6,12 +6,14 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
-  let open Libcrux_ml_dsa.Hash_functions.Portable in
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
+let generate_domain_separator (row, column: (u8 & u8)) =
+  (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) <<! 8l <: u16)
+
 let update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) =
   let seed:t_Array u8 (sz 66) =
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed
@@ -682,364 +684,6 @@ let sample_four_error_ring_elements
     Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
     Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
 
-let sample_four_ring_elements
-      (#v_SIMDUnit: Type0)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (seed0: t_Array u8 (sz 34))
-      (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16)
-     =
-  let seed0:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0
-      (sz 32)
-      (cast (domain_separator0 <: u16) <: u8)
-  in
-  let seed0:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0
-      (sz 33)
-      (cast (domain_separator0 >>! 8l <: u16) <: u8)
-  in
-  let seed1:t_Array u8 (sz 34) = seed0 in
-  let seed1:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1
-      (sz 32)
-      (cast (domain_separator1 <: u16) <: u8)
-  in
-  let seed1:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1
-      (sz 33)
-      (cast (domain_separator1 >>! 8l <: u16) <: u8)
-  in
-  let seed2:t_Array u8 (sz 34) = seed0 in
-  let seed2:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2
-      (sz 32)
-      (cast (domain_seperator2 <: u16) <: u8)
-  in
-  let seed2:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2
-      (sz 33)
-      (cast (domain_seperator2 >>! 8l <: u16) <: u8)
-  in
-  let seed3:t_Array u8 (sz 34) = seed0 in
-  let seed3:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3
-      (sz 32)
-      (cast (domain_separator3 <: u16) <: u8)
-  in
-  let seed3:t_Array u8 (sz 34) =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3
-      (sz 33)
-      (cast (domain_separator3 >>! 8l <: u16) <: u8)
-  in
-  let state:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 =
-    Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
-      #FStar.Tactics.Typeclasses.solve
-      (seed0 <: t_Slice u8)
-      (seed1 <: t_Slice u8)
-      (seed2 <: t_Slice u8)
-      (seed3 <: t_Slice u8)
-  in
-  let randomness0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
-  let randomness1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
-  let randomness2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
-  let randomness3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
-  let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 &
-    t_Array u8 (sz 840) &
-    t_Array u8 (sz 840) &
-    t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
-      #FStar.Tactics.Typeclasses.solve
-      state
-      randomness0
-      randomness1
-      randomness2
-      randomness3
-  in
-  let state:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 = tmp0 in
-  let randomness0:t_Array u8 (sz 840) = tmp1 in
-  let randomness1:t_Array u8 (sz 840) = tmp2 in
-  let randomness2:t_Array u8 (sz 840) = tmp3 in
-  let randomness3:t_Array u8 (sz 840) = tmp4 in
-  let _:Prims.unit = () in
-  let coefficients0:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in
-  let coefficients1:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in
-  let coefficients2:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in
-  let coefficients3:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in
-  let sampled0:usize = sz 0 in
-  let sampled1:usize = sz 0 in
-  let sampled2:usize = sz 0 in
-  let sampled3:usize = sz 0 in
-  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-    rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (randomness0 <: t_Slice u8)
-      sampled0
-      coefficients0
-  in
-  let sampled0:usize = tmp0 in
-  let coefficients0:t_Array i32 (sz 263) = tmp1 in
-  let done0:bool = out in
-  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-    rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (randomness1 <: t_Slice u8)
-      sampled1
-      coefficients1
-  in
-  let sampled1:usize = tmp0 in
-  let coefficients1:t_Array i32 (sz 263) = tmp1 in
-  let done1:bool = out in
-  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-    rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (randomness2 <: t_Slice u8)
-      sampled2
-      coefficients2
-  in
-  let sampled2:usize = tmp0 in
-  let coefficients2:t_Array i32 (sz 263) = tmp1 in
-  let done2:bool = out in
-  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-    rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (randomness3 <: t_Slice u8)
-      sampled3
-      coefficients3
-  in
-  let sampled3:usize = tmp0 in
-  let coefficients3:t_Array i32 (sz 263) = tmp1 in
-  let done3:bool = out in
-  let
-  coefficients0,
-  coefficients1,
-  coefficients2,
-  coefficients3,
-  done0,
-  done1,
-  done2,
-  done3,
-  sampled0,
-  sampled1,
-  sampled2,
-  sampled3,
-  state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) &
-    bool &
-    bool &
-    bool &
-    bool &
-    usize &
-    usize &
-    usize &
-    usize &
-    Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) =
-    Rust_primitives.f_while_loop (fun temp_0_ ->
-          let
-          coefficients0,
-          coefficients1,
-          coefficients2,
-          coefficients3,
-          done0,
-          done1,
-          done2,
-          done3,
-          sampled0,
-          sampled1,
-          sampled2,
-          sampled3,
-          state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) &
-            t_Array i32 (sz 263) &
-            bool &
-            bool &
-            bool &
-            bool &
-            usize &
-            usize &
-            usize &
-            usize &
-            Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) =
-            temp_0_
-          in
-          (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool))
-      (coefficients0,
-        coefficients1,
-        coefficients2,
-        coefficients3,
-        done0,
-        done1,
-        done2,
-        done3,
-        sampled0,
-        sampled1,
-        sampled2,
-        sampled3,
-        state
-        <:
-        (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) &
-          bool &
-          bool &
-          bool &
-          bool &
-          usize &
-          usize &
-          usize &
-          usize &
-          Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4))
-      (fun temp_0_ ->
-          let
-          coefficients0,
-          coefficients1,
-          coefficients2,
-          coefficients3,
-          done0,
-          done1,
-          done2,
-          done3,
-          sampled0,
-          sampled1,
-          sampled2,
-          sampled3,
-          state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) &
-            t_Array i32 (sz 263) &
-            bool &
-            bool &
-            bool &
-            bool &
-            usize &
-            usize &
-            usize &
-            usize &
-            Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) =
-            temp_0_
-          in
-          let tmp0, out:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 &
-            (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
-          =
-            Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
-              #FStar.Tactics.Typeclasses.solve
-              state
-          in
-          let state:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 = tmp0 in
-          let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) &
-            t_Array u8 (sz 168)) =
-            out
-          in
-          let coefficients0, done0, sampled0:(t_Array i32 (sz 263) & bool & usize) =
-            if ~.done0
-            then
-              let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-                rejection_sample_less_than_field_modulus #v_SIMDUnit
-                  (randomnesses._1 <: t_Slice u8)
-                  sampled0
-                  coefficients0
-              in
-              let sampled0:usize = tmp0 in
-              let coefficients0:t_Array i32 (sz 263) = tmp1 in
-              let done0:bool = out in
-              coefficients0, done0, sampled0 <: (t_Array i32 (sz 263) & bool & usize)
-            else coefficients0, done0, sampled0 <: (t_Array i32 (sz 263) & bool & usize)
-          in
-          let coefficients1, done1, sampled1:(t_Array i32 (sz 263) & bool & usize) =
-            if ~.done1
-            then
-              let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-                rejection_sample_less_than_field_modulus #v_SIMDUnit
-                  (randomnesses._2 <: t_Slice u8)
-                  sampled1
-                  coefficients1
-              in
-              let sampled1:usize = tmp0 in
-              let coefficients1:t_Array i32 (sz 263) = tmp1 in
-              let done1:bool = out in
-              coefficients1, done1, sampled1 <: (t_Array i32 (sz 263) & bool & usize)
-            else coefficients1, done1, sampled1 <: (t_Array i32 (sz 263) & bool & usize)
-          in
-          let coefficients2, done2, sampled2:(t_Array i32 (sz 263) & bool & usize) =
-            if ~.done2
-            then
-              let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-                rejection_sample_less_than_field_modulus #v_SIMDUnit
-                  (randomnesses._3 <: t_Slice u8)
-                  sampled2
-                  coefficients2
-              in
-              let sampled2:usize = tmp0 in
-              let coefficients2:t_Array i32 (sz 263) = tmp1 in
-              let done2:bool = out in
-              coefficients2, done2, sampled2 <: (t_Array i32 (sz 263) & bool & usize)
-            else coefficients2, done2, sampled2 <: (t_Array i32 (sz 263) & bool & usize)
-          in
-          if ~.done3
-          then
-            let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
-              rejection_sample_less_than_field_modulus #v_SIMDUnit
-                (randomnesses._4 <: t_Slice u8)
-                sampled3
-                coefficients3
-            in
-            let sampled3:usize = tmp0 in
-            let coefficients3:t_Array i32 (sz 263) = tmp1 in
-            let done3:bool = out in
-            coefficients0,
-            coefficients1,
-            coefficients2,
-            coefficients3,
-            done0,
-            done1,
-            done2,
-            done3,
-            sampled0,
-            sampled1,
-            sampled2,
-            sampled3,
-            state
-            <:
-            (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) &
-              t_Array i32 (sz 263) &
-              bool &
-              bool &
-              bool &
-              bool &
-              usize &
-              usize &
-              usize &
-              usize &
-              Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4)
-          else
-            coefficients0,
-            coefficients1,
-            coefficients2,
-            coefficients3,
-            done0,
-            done1,
-            done2,
-            done3,
-            sampled0,
-            sampled1,
-            sampled2,
-            sampled3,
-            state
-            <:
-            (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) &
-              t_Array i32 (sz 263) &
-              bool &
-              bool &
-              bool &
-              bool &
-              usize &
-              usize &
-              usize &
-              usize &
-              Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4))
-  in
-  Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients0 <: t_Slice i32),
-  Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients1 <: t_Slice i32),
-  Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients2 <: t_Slice i32),
-  Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients3 <: t_Slice i32)
-  <:
-  (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-
 let sample_mask_ring_element
       (#v_SIMDUnit #v_Shake256: Type0)
       (v_GAMMA1_EXPONENT: usize)
@@ -1317,3 +961,376 @@ let sample_mask_vector
   domain_separator, hax_temp_output
   <:
   (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION)
+
+let sample_up_to_four_ring_elements
+      (#v_SIMDUnit #v_Shake128: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i2:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128)
+      (seed0: t_Array u8 (sz 34))
+      (matrix:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+      (rand_stack:
+          (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)))
+      (tmp_stack: t_Slice (t_Array i32 (sz 263)))
+      (indices: t_Array (u8 & u8) (sz 4))
+      (elements_requested: usize)
+     =
+  let _:Prims.unit =
+    if true
+    then
+      let _:Prims.unit = Hax_lib.v_assert (elements_requested <=. sz 4 <: bool) in
+      ()
+  in
+  let domain_separator0:u16 = generate_domain_separator (indices.[ sz 0 ] <: (u8 & u8)) in
+  let domain_separator1:u16 = generate_domain_separator (indices.[ sz 1 ] <: (u8 & u8)) in
+  let domain_separator2:u16 = generate_domain_separator (indices.[ sz 2 ] <: (u8 & u8)) in
+  let domain_separator3:u16 = generate_domain_separator (indices.[ sz 3 ] <: (u8 & u8)) in
+  let seed0:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0
+      (sz 32)
+      (cast (domain_separator0 <: u16) <: u8)
+  in
+  let seed0:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0
+      (sz 33)
+      (cast (domain_separator0 >>! 8l <: u16) <: u8)
+  in
+  let seed1:t_Array u8 (sz 34) = seed0 in
+  let seed1:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1
+      (sz 32)
+      (cast (domain_separator1 <: u16) <: u8)
+  in
+  let seed1:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1
+      (sz 33)
+      (cast (domain_separator1 >>! 8l <: u16) <: u8)
+  in
+  let seed2:t_Array u8 (sz 34) = seed0 in
+  let seed2:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2
+      (sz 32)
+      (cast (domain_separator2 <: u16) <: u8)
+  in
+  let seed2:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2
+      (sz 33)
+      (cast (domain_separator2 >>! 8l <: u16) <: u8)
+  in
+  let seed3:t_Array u8 (sz 34) = seed0 in
+  let seed3:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3
+      (sz 32)
+      (cast (domain_separator3 <: u16) <: u8)
+  in
+  let seed3:t_Array u8 (sz 34) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3
+      (sz 33)
+      (cast (domain_separator3 >>! 8l <: u16) <: u8)
+  in
+  let state:v_Shake128 =
+    Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #v_Shake128
+      #FStar.Tactics.Typeclasses.solve
+      (seed0 <: t_Slice u8)
+      (seed1 <: t_Slice u8)
+      (seed2 <: t_Slice u8)
+      (seed3 <: t_Slice u8)
+  in
+  let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128
+      #FStar.Tactics.Typeclasses.solve
+      state
+      rand_stack._1
+      rand_stack._2
+      rand_stack._3
+      rand_stack._4
+  in
+  let state:v_Shake128 = tmp0 in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _1 = tmp1 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _2 = tmp2 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _3 = tmp3 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _4 = tmp4 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let _:Prims.unit = () in
+  let sampled0:usize = sz 0 in
+  let sampled1:usize = sz 0 in
+  let sampled2:usize = sz 0 in
+  let sampled3:usize = sz 0 in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._1 in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _1 = tmp0 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+    rejection_sample_less_than_field_modulus #v_SIMDUnit
+      (out <: t_Slice u8)
+      sampled0
+      (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263))
+  in
+  let sampled0:usize = tmp0 in
+  let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1
+  in
+  let done0:bool = out in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._2 in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _2 = tmp0 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+    rejection_sample_less_than_field_modulus #v_SIMDUnit
+      (out <: t_Slice u8)
+      sampled1
+      (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263))
+  in
+  let sampled1:usize = tmp0 in
+  let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1
+  in
+  let done1:bool = out in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._3 in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _3 = tmp0 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+    rejection_sample_less_than_field_modulus #v_SIMDUnit
+      (out <: t_Slice u8)
+      sampled2
+      (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263))
+  in
+  let sampled2:usize = tmp0 in
+  let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1
+  in
+  let done2:bool = out in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._4 in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    { rand_stack with _4 = tmp0 }
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+    rejection_sample_less_than_field_modulus #v_SIMDUnit
+      (out <: t_Slice u8)
+      sampled3
+      (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263))
+  in
+  let sampled3:usize = tmp0 in
+  let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1
+  in
+  let done3:bool = out in
+  let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool &
+    bool &
+    bool &
+    bool &
+    usize &
+    usize &
+    usize &
+    usize &
+    v_Shake128 &
+    t_Slice (t_Array i32 (sz 263))) =
+    Rust_primitives.f_while_loop (fun temp_0_ ->
+          let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool &
+            bool &
+            bool &
+            bool &
+            usize &
+            usize &
+            usize &
+            usize &
+            v_Shake128 &
+            t_Slice (t_Array i32 (sz 263))) =
+            temp_0_
+          in
+          (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool))
+      (done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack
+        <:
+        (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 &
+          t_Slice (t_Array i32 (sz 263))))
+      (fun temp_0_ ->
+          let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool &
+            bool &
+            bool &
+            bool &
+            usize &
+            usize &
+            usize &
+            usize &
+            v_Shake128 &
+            t_Slice (t_Array i32 (sz 263))) =
+            temp_0_
+          in
+          let tmp0, out:(v_Shake128 &
+            (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
+          =
+            Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #v_Shake128
+              #FStar.Tactics.Typeclasses.solve
+              state
+          in
+          let state:v_Shake128 = tmp0 in
+          let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) &
+            t_Array u8 (sz 168)) =
+            out
+          in
+          let done0, sampled0, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) =
+            if ~.done0
+            then
+              let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+                rejection_sample_less_than_field_modulus #v_SIMDUnit
+                  (randomnesses._1 <: t_Slice u8)
+                  sampled0
+                  (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263))
+              in
+              let sampled0:usize = tmp0 in
+              let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1
+              in
+              let done0:bool = out in
+              done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263)))
+            else done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263)))
+          in
+          let done1, sampled1, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) =
+            if ~.done1
+            then
+              let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+                rejection_sample_less_than_field_modulus #v_SIMDUnit
+                  (randomnesses._2 <: t_Slice u8)
+                  sampled1
+                  (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263))
+              in
+              let sampled1:usize = tmp0 in
+              let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1
+              in
+              let done1:bool = out in
+              done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263)))
+            else done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263)))
+          in
+          let done2, sampled2, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) =
+            if ~.done2
+            then
+              let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+                rejection_sample_less_than_field_modulus #v_SIMDUnit
+                  (randomnesses._3 <: t_Slice u8)
+                  sampled2
+                  (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263))
+              in
+              let sampled2:usize = tmp0 in
+              let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+                Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1
+              in
+              let done2:bool = out in
+              done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263)))
+            else done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263)))
+          in
+          if ~.done3
+          then
+            let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
+              rejection_sample_less_than_field_modulus #v_SIMDUnit
+                (randomnesses._4 <: t_Slice u8)
+                sampled3
+                (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263))
+            in
+            let sampled3:usize = tmp0 in
+            let tmp_stack:t_Slice (t_Array i32 (sz 263)) =
+              Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1
+            in
+            let done3:bool = out in
+            done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack
+            <:
+            (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 &
+              t_Slice (t_Array i32 (sz 263)))
+          else
+            done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack
+            <:
+            (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 &
+              t_Slice (t_Array i32 (sz 263))))
+  in
+  let matrix, hax_temp_output:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    Prims.unit) =
+    Rust_primitives.Hax.Folds.fold_range (sz 0)
+      elements_requested
+      (fun matrix temp_1_ ->
+          let matrix:t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A =
+            matrix
+          in
+          let _:usize = temp_1_ in
+          true)
+      matrix
+      (fun matrix k ->
+          let matrix:t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A =
+            matrix
+          in
+          let k:usize = k in
+          let i, j:(u8 & u8) = indices.[ k ] in
+          let matrix:t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A =
+            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize matrix
+              (cast (i <: u8) <: usize)
+              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (matrix.[ cast (i <: u8)
+                      <:
+                      usize ]
+                    <:
+                    t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                      v_COLUMNS_IN_A)
+                  (cast (j <: u8) <: usize)
+                  (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit
+                      (tmp_stack.[ k ] <: t_Slice i32)
+                    <:
+                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                <:
+                t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+                  v_COLUMNS_IN_A)
+          in
+          matrix)
+  in
+  matrix, rand_stack, tmp_stack
+  <:
+  (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Slice (t_Array i32 (sz 263)))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
index 9cab11744..142041aa2 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
@@ -6,12 +6,13 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
-  let open Libcrux_ml_dsa.Hash_functions.Portable in
   let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
+val generate_domain_separator: (u8 & u8) -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True)
+
 val update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16)
     : Prims.Pure (u16 & t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True)
 
@@ -80,19 +81,6 @@ val sample_four_error_ring_elements
       Prims.l_True
       (fun _ -> Prims.l_True)
 
-val sample_four_ring_elements
-      (#v_SIMDUnit: Type0)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (seed0: t_Array u8 (sz 34))
-      (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16)
-    : Prims.Pure
-      (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-        Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-        Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-        Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-      Prims.l_True
-      (fun _ -> Prims.l_True)
-
 val sample_mask_ring_element
       (#v_SIMDUnit #v_Shake256: Type0)
       (v_GAMMA1_EXPONENT: usize)
@@ -116,3 +104,32 @@ val sample_mask_vector
       (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION)
       Prims.l_True
       (fun _ -> Prims.l_True)
+
+/// Sample and write out up to four ring elements.
+/// If i <= `elements_requested`, a field element with domain separated
+/// seed according to the provided index is generated in
+/// `tmp_stack[i]`. After successful rejection sampling in
+/// `tmp_stack[i]`, the ring element is written to `matrix` at the
+/// provided index in `indices[i]`.
+/// `rand_stack` is a working buffer that holds initial Shake output.
+val sample_up_to_four_ring_elements
+      (#v_SIMDUnit #v_Shake128: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |}
+      (seed0: t_Array u8 (sz 34))
+      (matrix:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+      (rand_stack:
+          (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)))
+      (tmp_stack: t_Slice (t_Array i32 (sz 263)))
+      (indices: t_Array (u8 & u8) (sz 4))
+      (elements_requested: usize)
+    : Prims.Pure
+      (t_Array
+          (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+          v_ROWS_IN_A &
+        (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+        t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
index 06a86b638..105849569 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
@@ -6,47 +6,20 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-let generate_domain_separator (row column: u8) =
-  (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) <<! 8l <: u16)
-
-let update_matrix
-      (#v_SIMDUnit: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
-      (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
-          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
-      (m:
-          t_Array
-            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-            v_ROWS_IN_A)
-      (i j: usize)
-      (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-     =
-  let m:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize m
-      i
-      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (m.[ i ]
-            <:
-            t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-          j
-          v
-        <:
-        t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-  in
-  m
-
 let matrix_A_4_by_4_
-      (#v_SIMDUnit: Type0)
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
+          i2:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128)
       (seed: t_Array u8 (sz 34))
      =
   let
@@ -64,138 +37,154 @@ let matrix_A_4_by_4_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 0uy 0uy <: u16)
-      (generate_domain_separator 0uy 1uy <: u16)
-      (generate_domain_separator 0uy 2uy <: u16)
-      (generate_domain_separator 0uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 1uy 0uy <: u16)
-      (generate_domain_separator 1uy 1uy <: u16)
-      (generate_domain_separator 1uy 2uy <: u16)
-      (generate_domain_separator 1uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 2uy 0uy <: u16)
-      (generate_domain_separator 2uy 1uy <: u16)
-      (generate_domain_separator 2uy 2uy <: u16)
-      (generate_domain_separator 2uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 3uy 0uy <: u16)
-      (generate_domain_separator 3uy 1uy <: u16)
-      (generate_domain_separator 3uy 2uy <: u16)
-      (generate_domain_separator 3uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 3) four_ring_elements._4
-  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840)
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
+    let list =
+      [
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263)
+      ]
+    in
+    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+    Rust_primitives.Hax.array_of_list 4 list
+  in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            0uy, 0uy <: (u8 & u8);
+            0uy, 1uy <: (u8 & u8);
+            0uy, 2uy <: (u8 & u8);
+            0uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            1uy, 0uy <: (u8 & u8);
+            1uy, 1uy <: (u8 & u8);
+            1uy, 2uy <: (u8 & u8);
+            1uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            2uy, 0uy <: (u8 & u8);
+            2uy, 1uy <: (u8 & u8);
+            2uy, 2uy <: (u8 & u8);
+            2uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            3uy, 0uy <: (u8 & u8);
+            3uy, 1uy <: (u8 & u8);
+            3uy, 2uy <: (u8 & u8);
+            3uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
   v_A
 
 let matrix_A_6_by_5_
-      (#v_SIMDUnit: Type0)
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
+          i2:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128)
       (seed: t_Array u8 (sz 34))
      =
   let v_A:t_Array
@@ -210,252 +199,270 @@ let matrix_A_6_by_5_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 0uy 0uy <: u16)
-      (generate_domain_separator 0uy 1uy <: u16)
-      (generate_domain_separator 0uy 2uy <: u16)
-      (generate_domain_separator 0uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 0uy 4uy <: u16)
-      (generate_domain_separator 1uy 0uy <: u16)
-      (generate_domain_separator 1uy 1uy <: u16)
-      (generate_domain_separator 1uy 2uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 4) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 0) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 1) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 2) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 1uy 3uy <: u16)
-      (generate_domain_separator 1uy 4uy <: u16)
-      (generate_domain_separator 2uy 0uy <: u16)
-      (generate_domain_separator 2uy 1uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 3) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 4) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 0) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 1) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 2uy 2uy <: u16)
-      (generate_domain_separator 2uy 3uy <: u16)
-      (generate_domain_separator 2uy 4uy <: u16)
-      (generate_domain_separator 3uy 0uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 2) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 3) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 4) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 0) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 3uy 1uy <: u16)
-      (generate_domain_separator 3uy 2uy <: u16)
-      (generate_domain_separator 3uy 3uy <: u16)
-      (generate_domain_separator 3uy 4uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 1) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 2) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 3) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 4) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 4uy 0uy <: u16)
-      (generate_domain_separator 4uy 1uy <: u16)
-      (generate_domain_separator 4uy 2uy <: u16)
-      (generate_domain_separator 4uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 4uy 4uy <: u16)
-      (generate_domain_separator 5uy 0uy <: u16)
-      (generate_domain_separator 5uy 1uy <: u16)
-      (generate_domain_separator 5uy 2uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 4) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 0) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 1) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 2) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 5uy 3uy <: u16)
-      (generate_domain_separator 5uy 4uy <: u16)
-      (generate_domain_separator 5uy 5uy <: u16)
-      (generate_domain_separator 5uy 6uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 3) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 4) four_ring_elements._2
-  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840)
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
+    let list =
+      [
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263)
+      ]
+    in
+    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+    Rust_primitives.Hax.array_of_list 4 list
+  in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            0uy, 0uy <: (u8 & u8);
+            0uy, 1uy <: (u8 & u8);
+            0uy, 2uy <: (u8 & u8);
+            0uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            0uy, 4uy <: (u8 & u8);
+            1uy, 0uy <: (u8 & u8);
+            1uy, 1uy <: (u8 & u8);
+            1uy, 2uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            1uy, 3uy <: (u8 & u8);
+            1uy, 4uy <: (u8 & u8);
+            2uy, 0uy <: (u8 & u8);
+            2uy, 1uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            2uy, 2uy <: (u8 & u8);
+            2uy, 3uy <: (u8 & u8);
+            2uy, 4uy <: (u8 & u8);
+            3uy, 0uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            3uy, 1uy <: (u8 & u8);
+            3uy, 2uy <: (u8 & u8);
+            3uy, 3uy <: (u8 & u8);
+            3uy, 4uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            4uy, 0uy <: (u8 & u8);
+            4uy, 1uy <: (u8 & u8);
+            4uy, 2uy <: (u8 & u8);
+            4uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            4uy, 4uy <: (u8 & u8);
+            5uy, 0uy <: (u8 & u8);
+            5uy, 1uy <: (u8 & u8);
+            5uy, 2uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            5uy, 3uy <: (u8 & u8);
+            5uy, 4uy <: (u8 & u8);
+            5uy, 5uy <: (u8 & u8);
+            5uy, 6uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 2)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
   v_A
 
 let matrix_A_8_by_7_
-      (#v_SIMDUnit: Type0)
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
+          i2:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128)
       (seed: t_Array u8 (sz 34))
      =
   let v_A:t_Array
@@ -470,456 +477,452 @@ let matrix_A_8_by_7_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 0uy 0uy <: u16)
-      (generate_domain_separator 0uy 1uy <: u16)
-      (generate_domain_separator 0uy 2uy <: u16)
-      (generate_domain_separator 0uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 0uy 4uy <: u16)
-      (generate_domain_separator 0uy 5uy <: u16)
-      (generate_domain_separator 0uy 6uy <: u16)
-      (generate_domain_separator 1uy 0uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 4) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 5) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 0) (sz 6) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 0) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 1uy 1uy <: u16)
-      (generate_domain_separator 1uy 2uy <: u16)
-      (generate_domain_separator 1uy 3uy <: u16)
-      (generate_domain_separator 1uy 4uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 1) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 2) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 3) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 4) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 1uy 5uy <: u16)
-      (generate_domain_separator 1uy 6uy <: u16)
-      (generate_domain_separator 2uy 0uy <: u16)
-      (generate_domain_separator 2uy 1uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 5) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 1) (sz 6) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 0) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 1) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 2uy 2uy <: u16)
-      (generate_domain_separator 2uy 3uy <: u16)
-      (generate_domain_separator 2uy 4uy <: u16)
-      (generate_domain_separator 2uy 5uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 2) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 3) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 4) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 5) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 2uy 6uy <: u16)
-      (generate_domain_separator 3uy 0uy <: u16)
-      (generate_domain_separator 3uy 1uy <: u16)
-      (generate_domain_separator 3uy 2uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 2) (sz 6) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 0) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 1) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 2) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 3uy 3uy <: u16)
-      (generate_domain_separator 3uy 4uy <: u16)
-      (generate_domain_separator 3uy 5uy <: u16)
-      (generate_domain_separator 3uy 6uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 3) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 4) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 5) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 3) (sz 6) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 4uy 0uy <: u16)
-      (generate_domain_separator 4uy 1uy <: u16)
-      (generate_domain_separator 4uy 2uy <: u16)
-      (generate_domain_separator 4uy 3uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 0) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 1) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 2) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 3) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 4uy 4uy <: u16)
-      (generate_domain_separator 4uy 5uy <: u16)
-      (generate_domain_separator 4uy 6uy <: u16)
-      (generate_domain_separator 5uy 0uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 4) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 5) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 4) (sz 6) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 0) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 5uy 1uy <: u16)
-      (generate_domain_separator 5uy 2uy <: u16)
-      (generate_domain_separator 5uy 3uy <: u16)
-      (generate_domain_separator 5uy 4uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 1) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 2) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 3) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 4) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 5uy 5uy <: u16)
-      (generate_domain_separator 5uy 6uy <: u16)
-      (generate_domain_separator 6uy 0uy <: u16)
-      (generate_domain_separator 6uy 1uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 5) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 5) (sz 6) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 0) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 1) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 6uy 2uy <: u16)
-      (generate_domain_separator 6uy 3uy <: u16)
-      (generate_domain_separator 6uy 4uy <: u16)
-      (generate_domain_separator 6uy 5uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 2) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 3) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 4) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 5) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 6uy 6uy <: u16)
-      (generate_domain_separator 7uy 0uy <: u16)
-      (generate_domain_separator 7uy 1uy <: u16)
-      (generate_domain_separator 7uy 2uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 6) (sz 6) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 0) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 1) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 2) four_ring_elements._4
-  in
-  let four_ring_elements:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit &
-    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) =
-    Libcrux_ml_dsa.Sample.sample_four_ring_elements #v_SIMDUnit
-      seed
-      (generate_domain_separator 7uy 3uy <: u16)
-      (generate_domain_separator 7uy 4uy <: u16)
-      (generate_domain_separator 7uy 5uy <: u16)
-      (generate_domain_separator 7uy 6uy <: u16)
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 3) four_ring_elements._1
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 4) four_ring_elements._2
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 5) four_ring_elements._3
-  in
-  let v_A:t_Array
-    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-    v_ROWS_IN_A =
-    update_matrix #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A v_A (sz 7) (sz 6) four_ring_elements._4
-  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840),
+    Rust_primitives.Hax.repeat 0uy (sz 840)
+    <:
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
+    let list =
+      [
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263);
+        Rust_primitives.Hax.repeat 0l (sz 263)
+      ]
+    in
+    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+    Rust_primitives.Hax.array_of_list 4 list
+  in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            0uy, 0uy <: (u8 & u8);
+            0uy, 1uy <: (u8 & u8);
+            0uy, 2uy <: (u8 & u8);
+            0uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            0uy, 4uy <: (u8 & u8);
+            0uy, 5uy <: (u8 & u8);
+            0uy, 6uy <: (u8 & u8);
+            1uy, 0uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            1uy, 1uy <: (u8 & u8);
+            1uy, 2uy <: (u8 & u8);
+            1uy, 3uy <: (u8 & u8);
+            1uy, 4uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            1uy, 5uy <: (u8 & u8);
+            1uy, 6uy <: (u8 & u8);
+            2uy, 0uy <: (u8 & u8);
+            2uy, 1uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            2uy, 2uy <: (u8 & u8);
+            2uy, 3uy <: (u8 & u8);
+            2uy, 4uy <: (u8 & u8);
+            2uy, 5uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            2uy, 6uy <: (u8 & u8);
+            3uy, 0uy <: (u8 & u8);
+            3uy, 1uy <: (u8 & u8);
+            3uy, 2uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            3uy, 3uy <: (u8 & u8);
+            3uy, 4uy <: (u8 & u8);
+            3uy, 5uy <: (u8 & u8);
+            3uy, 6uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            4uy, 0uy <: (u8 & u8);
+            4uy, 1uy <: (u8 & u8);
+            4uy, 2uy <: (u8 & u8);
+            4uy, 3uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            4uy, 4uy <: (u8 & u8);
+            4uy, 5uy <: (u8 & u8);
+            4uy, 6uy <: (u8 & u8);
+            5uy, 0uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            5uy, 1uy <: (u8 & u8);
+            5uy, 2uy <: (u8 & u8);
+            5uy, 3uy <: (u8 & u8);
+            5uy, 4uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            5uy, 5uy <: (u8 & u8);
+            5uy, 6uy <: (u8 & u8);
+            6uy, 0uy <: (u8 & u8);
+            6uy, 1uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            6uy, 2uy <: (u8 & u8);
+            6uy, 3uy <: (u8 & u8);
+            6uy, 4uy <: (u8 & u8);
+            6uy, 5uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            6uy, 6uy <: (u8 & u8);
+            7uy, 0uy <: (u8 & u8);
+            7uy, 1uy <: (u8 & u8);
+            7uy, 2uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
+  let tmp0, tmp1, tmp2:(t_Array
+      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+      v_ROWS_IN_A &
+    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array i32 (sz 263)) (sz 4)) =
+    Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
+      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      (let list =
+          [
+            7uy, 3uy <: (u8 & u8);
+            7uy, 4uy <: (u8 & u8);
+            7uy, 5uy <: (u8 & u8);
+            7uy, 6uy <: (u8 & u8)
+          ]
+        in
+        FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+        Rust_primitives.Hax.array_of_list 4 list) (sz 4)
+  in
+  let v_A:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    tmp0
+  in
+  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+    t_Array u8 (sz 840)) =
+    tmp1
+  in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let _:Prims.unit = () in
   v_A
 
-let matrix_A
-      (#v_SIMDUnit: Type0)
+let matrix_A_generic
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
-          i1:
+          i2:
           Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i3:
+          Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128)
       (seed: t_Array u8 (sz 34))
      =
   match
     (cast (v_ROWS_IN_A <: usize) <: u8), (cast (v_COLUMNS_IN_A <: usize) <: u8) <: (u8 & u8)
   with
-  | 4uy, 4uy -> matrix_A_4_by_4_ #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed
-  | 6uy, 5uy -> matrix_A_6_by_5_ #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed
-  | 8uy, 7uy -> matrix_A_8_by_7_ #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed
+  | 4uy, 4uy -> matrix_A_4_by_4_ #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed
+  | 6uy, 5uy -> matrix_A_6_by_5_ #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed
+  | 8uy, 7uy -> matrix_A_8_by_7_ #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed
   | _ ->
     Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti
index e1b9a56dc..13aa21421 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti
@@ -6,31 +6,49 @@ open FStar.Mul
 let _ =
   (* This module has implicit dependencies, here we make them explicit. *)
   (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
   let open Libcrux_ml_dsa.Hash_functions.Shake256 in
   let open Libcrux_ml_dsa.Simd.Traits in
   ()
 
-val generate_domain_separator (row column: u8) : Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True)
-
-val update_matrix
-      (#v_SIMDUnit: Type0)
-      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
-      (m:
-          t_Array
+/// The x4 sampling implementation that is selected during multiplexing.
+class t_X4Sampler (v_Self: Type0) = {
+  f_matrix_A_pre:
+      #v_SIMDUnit: Type0 ->
+      v_ROWS_IN_A: usize ->
+      v_COLUMNS_IN_A: usize ->
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} ->
+      t_Array u8 (sz 34)
+    -> Type0;
+  f_matrix_A_post:
+      #v_SIMDUnit: Type0 ->
+      v_ROWS_IN_A: usize ->
+      v_COLUMNS_IN_A: usize ->
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} ->
+      t_Array u8 (sz 34) ->
+      t_Array
+          (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+          v_ROWS_IN_A
+    -> Type0;
+  f_matrix_A:
+      #v_SIMDUnit: Type0 ->
+      v_ROWS_IN_A: usize ->
+      v_COLUMNS_IN_A: usize ->
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} ->
+      x0: t_Array u8 (sz 34)
+    -> Prims.Pure
+        (t_Array
             (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
             v_ROWS_IN_A)
-      (i j: usize)
-      (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-    : Prims.Pure
-      (t_Array
-          (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-          v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True)
+        (f_matrix_A_pre #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A #i1 x0)
+        (fun result -> f_matrix_A_post #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A #i1 x0 result)
+}
 
 val matrix_A_4_by_4_
-      (#v_SIMDUnit: Type0)
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |}
       (seed: t_Array u8 (sz 34))
     : Prims.Pure
       (t_Array
@@ -38,9 +56,10 @@ val matrix_A_4_by_4_
           v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True)
 
 val matrix_A_6_by_5_
-      (#v_SIMDUnit: Type0)
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |}
       (seed: t_Array u8 (sz 34))
     : Prims.Pure
       (t_Array
@@ -48,19 +67,21 @@ val matrix_A_6_by_5_
           v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True)
 
 val matrix_A_8_by_7_
-      (#v_SIMDUnit: Type0)
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |}
       (seed: t_Array u8 (sz 34))
     : Prims.Pure
       (t_Array
           (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
           v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True)
 
-val matrix_A
-      (#v_SIMDUnit: Type0)
+val matrix_A_generic
+      (#v_SIMDUnit #v_Shake128: Type0)
       (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
-      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |}
       (seed: t_Array u8 (sz 34))
     : Prims.Pure
       (t_Array
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
index 8dc299c31..5d2d5a9a6 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
@@ -23,6 +23,18 @@ let from_coefficient_array (coefficient_array: t_Slice i32) =
     #FStar.Tactics.Typeclasses.solve
     (Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i32 coefficient_array <: u8)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Core.Clone.t_Clone t_AVX2SIMDUnit
+
+let impl_1 = impl_1'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2': Core.Marker.t_Copy t_AVX2SIMDUnit
+
+let impl_2 = impl_2'
+
 let to_coefficient_array (x: t_AVX2SIMDUnit) =
   let coefficient_array:t_Array i32 (sz 8) = Rust_primitives.Hax.repeat 0l (sz 8) in
   let coefficient_array:t_Array i32 (sz 8) =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
index e14bacddd..e5d296f3a 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti
@@ -13,5 +13,11 @@ val v_ZERO: Prims.unit -> Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims
 val from_coefficient_array (coefficient_array: t_Slice i32)
     : Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims.l_True)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Clone.t_Clone t_AVX2SIMDUnit
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_2:Core.Marker.t_Copy t_AVX2SIMDUnit
+
 val to_coefficient_array (x: t_AVX2SIMDUnit)
     : Prims.Pure (t_Array i32 (sz 8)) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst
index 338234407..cf5cb8df2 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst
@@ -25,5 +25,17 @@ let from_coefficient_array (array: t_Slice i32) =
 
 let to_coefficient_array (x: t_PortableSIMDUnit) = x.f_coefficients
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Core.Clone.t_Clone t_PortableSIMDUnit
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Core.Marker.t_Copy t_PortableSIMDUnit
+
+let impl_1 = impl_1'
+
 let v_ZERO (_: Prims.unit) =
   { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 8) } <: t_PortableSIMDUnit
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti
index 0b3010e59..f30200b21 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti
@@ -11,4 +11,10 @@ val from_coefficient_array (array: t_Slice i32)
 val to_coefficient_array (x: t_PortableSIMDUnit)
     : Prims.Pure (t_Array i32 (sz 8)) Prims.l_True (fun _ -> Prims.l_True)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Core.Clone.t_Clone t_PortableSIMDUnit
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Marker.t_Copy t_PortableSIMDUnit
+
 val v_ZERO: Prims.unit -> Prims.Pure t_PortableSIMDUnit Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
index 0a457fc6e..eee5c0b42 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst
@@ -9,17 +9,17 @@ let impl_2__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
 let impl_4__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE
 
-let impl_4__as_raw (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self.f_value
+let impl_4__as_ref (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self.f_value
 
 let impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) =
   { f_value = value } <: t_MLDSASignature v_SIZE
 
-let impl__as_raw (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value
+let impl__as_ref (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value
 
 let impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) =
   { f_value = value } <: t_MLDSASigningKey v_SIZE
 
-let impl_2__as_raw (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self.f_value
+let impl_2__as_ref (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self.f_value
 
 let impl_2__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) =
   { f_value = value } <: t_MLDSAVerificationKey v_SIZE
@@ -36,6 +36,36 @@ let t_VerificationError_cast_to_repr (x: t_VerificationError) =
   | VerificationError_CommitmentHashesDontMatchError  -> isz 3
   | VerificationError_VerificationContextTooLongError  -> isz 6
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSASigningKey v_SIZE)
+
+let impl_1 (v_SIZE: usize) = impl_1' v_SIZE
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_3': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSAVerificationKey v_SIZE)
+
+let impl_3 (v_SIZE: usize) = impl_3' v_SIZE
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_5': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSASignature v_SIZE)
+
+let impl_5 (v_SIZE: usize) = impl_5' v_SIZE
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_6': Core.Fmt.t_Debug t_VerificationError
+
+let impl_6 = impl_6'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_7': Core.Fmt.t_Debug t_SigningError
+
+let impl_7 = impl_7'
+
 let impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value <: t_Slice u8
 
 let impl_2__as_slice (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) =
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
index 0a03514df..ee4a22f89 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti
@@ -18,7 +18,7 @@ val impl_4__len: v_SIZE: usize -> Prims.unit
 type t_MLDSASignature (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 /// A reference to the raw byte array.
-val impl_4__as_raw (v_SIZE: usize) (self: t_MLDSASignature v_SIZE)
+val impl_4__as_ref (v_SIZE: usize) (self: t_MLDSASignature v_SIZE)
     : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Build
@@ -29,7 +29,7 @@ val impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE)
 type t_MLDSASigningKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 /// A reference to the raw byte array.
-val impl__as_raw (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE)
+val impl__as_ref (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE)
     : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Build
@@ -40,7 +40,7 @@ val impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE)
 type t_MLDSAVerificationKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
 
 /// A reference to the raw byte array.
-val impl_2__as_raw (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE)
+val impl_2__as_ref (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE)
     : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True)
 
 /// Build
@@ -69,6 +69,21 @@ type t_VerificationError =
 val t_VerificationError_cast_to_repr (x: t_VerificationError)
     : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1 (v_SIZE: usize) : Core.Clone.t_Clone (t_MLDSASigningKey v_SIZE)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_3 (v_SIZE: usize) : Core.Clone.t_Clone (t_MLDSAVerificationKey v_SIZE)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_5 (v_SIZE: usize) : Core.Clone.t_Clone (t_MLDSASignature v_SIZE)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_6:Core.Fmt.t_Debug t_VerificationError
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_7:Core.Fmt.t_Debug t_SigningError
+
 /// A reference to the raw byte slice.
 val impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE)
     : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
index 968a5585c..0c9c90e71 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
@@ -38,6 +38,12 @@ type t_Feature =
 
 val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True)
 
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Core.Clone.t_Clone t_Feature
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl_1:Core.Marker.t_Copy t_Feature
+
 /// Initialize CPU detection.
 val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True)
 

From 3cbb16f839872877a96f61a04538d59e744452a6 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 12:14:16 +0100
Subject: [PATCH 134/142] Format

---
 libcrux-ml-dsa/src/sample.rs   | 2 +-
 libcrux-ml-dsa/src/samplex4.rs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 0b947bb0b..345b11ef3 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -72,7 +72,7 @@ pub(crate) fn sample_up_to_four_ring_elements<
     let domain_separator1 = generate_domain_separator(indices[1]);
     let domain_separator2 = generate_domain_separator(indices[2]);
     let domain_separator3 = generate_domain_separator(indices[3]);
-    
+
     // Prepare the seeds
     seed0[32] = domain_separator0 as u8;
     seed0[33] = (domain_separator0 >> 8) as u8;
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index d0191c503..253936bba 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -196,7 +196,7 @@ pub(crate) fn matrix_A_6_by_5<
         &mut A,
         &mut rand_stack,
         &mut tmp_stack,
-        &[(5, 3), (5, 4), (5,5), (5,6)],
+        &[(5, 3), (5, 4), (5, 5), (5, 6)],
         2,
     );
 

From 0c697cb4f13d5b4bd1025d4888d99995ff8ad907 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 13:07:35 +0100
Subject: [PATCH 135/142] Missing FStar extractions

---
 .../Libcrux_intrinsics.Arm64_extract.fst      | 391 +++++++++++++
 .../Libcrux_intrinsics.Avx2_extract.fst       | 531 ++++++++++++++++++
 .../Libcrux_ml_dsa.Hash_functions.Neon.fst    | 107 ++++
 ...Libcrux_ml_dsa.Hash_functions.Portable.fst | 152 +++++
 .../Libcrux_ml_dsa.Hash_functions.Simd256.fst | 142 +++++
 .../Libcrux_ml_dsa.Samplex4.Avx2.fst          |  92 +++
 .../Libcrux_ml_dsa.Samplex4.Avx2.fsti         |  27 +
 .../Libcrux_ml_dsa.Samplex4.Neon.fst          |  61 ++
 .../Libcrux_ml_dsa.Samplex4.Neon.fsti         |  17 +
 .../Libcrux_ml_dsa.Samplex4.Portable.fst      |  61 ++
 .../Libcrux_ml_dsa.Samplex4.Portable.fsti     |  17 +
 .../extraction/Libcrux_platform.Platform.fst  |  44 ++
 .../fstar/extraction/Libcrux_platform.X86.fst |  60 ++
 13 files changed, 1702 insertions(+)
 create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
 create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst
 create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti
 create mode 100644 sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
 create mode 100644 sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
new file mode 100644
index 000000000..e23020d49
--- /dev/null
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
@@ -0,0 +1,391 @@
+module Libcrux_intrinsics.Arm64_extract
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+open Core
+open FStar.Mul
+
+assume
+val v__vaddq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vaddq_s16 = v__vaddq_s16'
+
+assume
+val v__vaddq_u32': compressed: u8 -> half: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vaddq_u32 = v__vaddq_u32'
+
+assume
+val v__vaddv_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vaddv_u16 = v__vaddv_u16'
+
+assume
+val v__vaddvq_s16': a: u8 -> Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vaddvq_s16 = v__vaddvq_s16'
+
+assume
+val v__vaddvq_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vaddvq_u16 = v__vaddvq_u16'
+
+assume
+val v__vandq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vandq_s16 = v__vandq_s16'
+
+assume
+val v__vandq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vandq_u16 = v__vandq_u16'
+
+assume
+val v__vandq_u32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vandq_u32 = v__vandq_u32'
+
+assume
+val v__vbicq_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vbicq_u64 = v__vbicq_u64'
+
+assume
+val v__vcgeq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vcgeq_s16 = v__vcgeq_s16'
+
+assume
+val v__vcleq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vcleq_s16 = v__vcleq_s16'
+
+assume
+val v__vdupq_n_s16': i: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vdupq_n_s16 = v__vdupq_n_s16'
+
+assume
+val v__vdupq_n_u16': value: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vdupq_n_u16 = v__vdupq_n_u16'
+
+assume
+val v__vdupq_n_u32': value: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vdupq_n_u32 = v__vdupq_n_u32'
+
+assume
+val v__vdupq_n_u64': i: u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vdupq_n_u64 = v__vdupq_n_u64'
+
+assume
+val v__veorq_s16': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__veorq_s16 = v__veorq_s16'
+
+assume
+val v__veorq_u64': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__veorq_u64 = v__veorq_u64'
+
+assume
+val v__vget_high_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vget_high_u16 = v__vget_high_u16'
+
+assume
+val v__vget_low_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vget_low_s16 = v__vget_low_s16'
+
+assume
+val v__vget_low_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vget_low_u16 = v__vget_low_u16'
+
+assume
+val v__vld1q_bytes_u64': array: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vld1q_bytes_u64 = v__vld1q_bytes_u64'
+
+assume
+val v__vld1q_s16': array: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vld1q_s16 = v__vld1q_s16'
+
+assume
+val v__vld1q_u16': ptr: t_Slice u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vld1q_u16 = v__vld1q_u16'
+
+assume
+val v__vld1q_u64': array: t_Slice u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vld1q_u64 = v__vld1q_u64'
+
+assume
+val v__vld1q_u8': ptr: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vld1q_u8 = v__vld1q_u8'
+
+assume
+val v__vmlal_high_s16': a: u8 -> b: u8 -> c: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmlal_high_s16 = v__vmlal_high_s16'
+
+assume
+val v__vmlal_s16': a: u8 -> b: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmlal_s16 = v__vmlal_s16'
+
+assume
+val v__vmull_high_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmull_high_s16 = v__vmull_high_s16'
+
+assume
+val v__vmull_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmull_s16 = v__vmull_s16'
+
+assume
+val v__vmulq_n_s16': v: u8 -> c: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmulq_n_s16 = v__vmulq_n_s16'
+
+assume
+val v__vmulq_n_u16': v: u8 -> c: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmulq_n_u16 = v__vmulq_n_u16'
+
+assume
+val v__vmulq_n_u32': a: u8 -> b: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmulq_n_u32 = v__vmulq_n_u32'
+
+assume
+val v__vmulq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vmulq_s16 = v__vmulq_s16'
+
+assume
+val v__vqdmulhq_n_s16': k: u8 -> b: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vqdmulhq_n_s16 = v__vqdmulhq_n_s16'
+
+assume
+val v__vqdmulhq_n_s32': a: u8 -> b: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vqdmulhq_n_s32 = v__vqdmulhq_n_s32'
+
+assume
+val v__vqdmulhq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vqdmulhq_s16 = v__vqdmulhq_s16'
+
+assume
+val v__vqtbl1q_u8': t: u8 -> idx: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vqtbl1q_u8 = v__vqtbl1q_u8'
+
+assume
+val v__vreinterpretq_s16_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s16_s32 = v__vreinterpretq_s16_s32'
+
+assume
+val v__vreinterpretq_s16_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s16_s64 = v__vreinterpretq_s16_s64'
+
+assume
+val v__vreinterpretq_s16_u16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s16_u16 = v__vreinterpretq_s16_u16'
+
+assume
+val v__vreinterpretq_s16_u32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s16_u32 = v__vreinterpretq_s16_u32'
+
+assume
+val v__vreinterpretq_s16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s16_u8 = v__vreinterpretq_s16_u8'
+
+assume
+val v__vreinterpretq_s32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s32_s16 = v__vreinterpretq_s32_s16'
+
+assume
+val v__vreinterpretq_s32_u32': compressed: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s32_u32 = v__vreinterpretq_s32_u32'
+
+assume
+val v__vreinterpretq_s64_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s64_s16 = v__vreinterpretq_s64_s16'
+
+assume
+val v__vreinterpretq_s64_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_s64_s32 = v__vreinterpretq_s64_s32'
+
+assume
+val v__vreinterpretq_u16_s16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_u16_s16 = v__vreinterpretq_u16_s16'
+
+assume
+val v__vreinterpretq_u16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_u16_u8 = v__vreinterpretq_u16_u8'
+
+assume
+val v__vreinterpretq_u32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_u32_s16 = v__vreinterpretq_u32_s16'
+
+assume
+val v__vreinterpretq_u32_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_u32_s32 = v__vreinterpretq_u32_s32'
+
+assume
+val v__vreinterpretq_u8_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_u8_s16 = v__vreinterpretq_u8_s16'
+
+assume
+val v__vreinterpretq_u8_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vreinterpretq_u8_s64 = v__vreinterpretq_u8_s64'
+
+assume
+val v__vshlq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshlq_n_s16 (v_SHIFT_BY: i32) = v__vshlq_n_s16' v_SHIFT_BY
+
+assume
+val v__vshlq_n_u32': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshlq_n_u32 (v_SHIFT_BY: i32) = v__vshlq_n_u32' v_SHIFT_BY
+
+assume
+val v__vshlq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshlq_n_u64 (v_SHIFT_BY: i32) = v__vshlq_n_u64' v_SHIFT_BY
+
+assume
+val v__vshlq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshlq_s16 = v__vshlq_s16'
+
+assume
+val v__vshlq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshlq_u16 = v__vshlq_u16'
+
+assume
+val v__vshrq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshrq_n_s16 (v_SHIFT_BY: i32) = v__vshrq_n_s16' v_SHIFT_BY
+
+assume
+val v__vshrq_n_u16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshrq_n_u16 (v_SHIFT_BY: i32) = v__vshrq_n_u16' v_SHIFT_BY
+
+assume
+val v__vshrq_n_u32': v_N: i32 -> a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshrq_n_u32 (v_N: i32) = v__vshrq_n_u32' v_N
+
+assume
+val v__vshrq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vshrq_n_u64 (v_SHIFT_BY: i32) = v__vshrq_n_u64' v_SHIFT_BY
+
+assume
+val v__vsliq_n_s32': v_N: i32 -> a: u8 -> b: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vsliq_n_s32 (v_N: i32) = v__vsliq_n_s32' v_N
+
+assume
+val v__vsliq_n_s64': v_N: i32 -> a: u8 -> b: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vsliq_n_s64 (v_N: i32) = v__vsliq_n_s64' v_N
+
+assume
+val v__vst1q_bytes_u64': out: t_Slice u8 -> v: u8
+  -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vst1q_bytes_u64 = v__vst1q_bytes_u64'
+
+assume
+val v__vst1q_s16': out: t_Slice i16 -> v: u8
+  -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vst1q_s16 = v__vst1q_s16'
+
+assume
+val v__vst1q_u64': out: t_Slice u64 -> v: u8
+  -> Prims.Pure (t_Slice u64) Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vst1q_u64 = v__vst1q_u64'
+
+assume
+val v__vst1q_u8': out: t_Slice u8 -> v: u8
+  -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vst1q_u8 = v__vst1q_u8'
+
+assume
+val v__vsubq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vsubq_s16 = v__vsubq_s16'
+
+assume
+val v__vtrn1q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn1q_s16 = v__vtrn1q_s16'
+
+assume
+val v__vtrn1q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn1q_s32 = v__vtrn1q_s32'
+
+assume
+val v__vtrn1q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn1q_s64 = v__vtrn1q_s64'
+
+assume
+val v__vtrn1q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn1q_u64 = v__vtrn1q_u64'
+
+assume
+val v__vtrn2q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn2q_s16 = v__vtrn2q_s16'
+
+assume
+val v__vtrn2q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn2q_s32 = v__vtrn2q_s32'
+
+assume
+val v__vtrn2q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn2q_s64 = v__vtrn2q_s64'
+
+assume
+val v__vtrn2q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let v__vtrn2q_u64 = v__vtrn2q_u64'
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
new file mode 100644
index 000000000..4b41a92e4
--- /dev/null
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
@@ -0,0 +1,531 @@
+module Libcrux_intrinsics.Avx2_extract
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+open Core
+open FStar.Mul
+
+assume
+val mm256_abs_epi32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_abs_epi32 = mm256_abs_epi32'
+
+assume
+val mm256_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_add_epi16 = mm256_add_epi16'
+
+assume
+val mm256_add_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_add_epi32 = mm256_add_epi32'
+
+assume
+val mm256_add_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_add_epi64 = mm256_add_epi64'
+
+assume
+val mm256_and_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_and_si256 = mm256_and_si256'
+
+assume
+val mm256_andnot_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_andnot_si256 = mm256_andnot_si256'
+
+assume
+val mm256_blend_epi16': v_CONTROL: i32 -> lhs: u8 -> rhs: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_blend_epi16 (v_CONTROL: i32) = mm256_blend_epi16' v_CONTROL
+
+assume
+val mm256_blend_epi32': v_CONTROL: i32 -> lhs: u8 -> rhs: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_blend_epi32 (v_CONTROL: i32) = mm256_blend_epi32' v_CONTROL
+
+assume
+val mm256_bsrli_epi128': v_SHIFT_BY: i32 -> x: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_bsrli_epi128 (v_SHIFT_BY: i32) = mm256_bsrli_epi128' v_SHIFT_BY
+
+assume
+val mm256_castsi128_si256': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_castsi128_si256 = mm256_castsi128_si256'
+
+assume
+val mm256_castsi256_ps': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_castsi256_ps = mm256_castsi256_ps'
+
+assume
+val mm256_castsi256_si128': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_castsi256_si128 = mm256_castsi256_si128'
+
+assume
+val mm256_cmpeq_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_cmpeq_epi32 = mm256_cmpeq_epi32'
+
+assume
+val mm256_cmpgt_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_cmpgt_epi16 = mm256_cmpgt_epi16'
+
+assume
+val mm256_cmpgt_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_cmpgt_epi32 = mm256_cmpgt_epi32'
+
+assume
+val mm256_cvtepi16_epi32': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_cvtepi16_epi32 = mm256_cvtepi16_epi32'
+
+assume
+val mm256_extracti128_si256': v_CONTROL: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_extracti128_si256 (v_CONTROL: i32) = mm256_extracti128_si256' v_CONTROL
+
+assume
+val mm256_inserti128_si256': v_CONTROL: i32 -> vector: u8 -> vector_i128: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_inserti128_si256 (v_CONTROL: i32) = mm256_inserti128_si256' v_CONTROL
+
+assume
+val mm256_loadu_si256_i16': input: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_loadu_si256_i16 = mm256_loadu_si256_i16'
+
+assume
+val mm256_loadu_si256_i32': input: t_Slice i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_loadu_si256_i32 = mm256_loadu_si256_i32'
+
+assume
+val mm256_loadu_si256_u8': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_loadu_si256_u8 = mm256_loadu_si256_u8'
+
+assume
+val mm256_madd_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_madd_epi16 = mm256_madd_epi16'
+
+assume
+val mm256_movemask_ps': a: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_movemask_ps = mm256_movemask_ps'
+
+assume
+val mm256_mul_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_mul_epi32 = mm256_mul_epi32'
+
+assume
+val mm256_mul_epu32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_mul_epu32 = mm256_mul_epu32'
+
+assume
+val mm256_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_mulhi_epi16 = mm256_mulhi_epi16'
+
+assume
+val mm256_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_mullo_epi16 = mm256_mullo_epi16'
+
+assume
+val mm256_mullo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_mullo_epi32 = mm256_mullo_epi32'
+
+assume
+val mm256_or_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_or_si256 = mm256_or_si256'
+
+assume
+val mm256_packs_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_packs_epi32 = mm256_packs_epi32'
+
+assume
+val mm256_permute2x128_si256': v_IMM8: i32 -> a: u8 -> b: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_permute2x128_si256 (v_IMM8: i32) = mm256_permute2x128_si256' v_IMM8
+
+assume
+val mm256_permute4x64_epi64': v_CONTROL: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_permute4x64_epi64 (v_CONTROL: i32) = mm256_permute4x64_epi64' v_CONTROL
+
+assume
+val mm256_permutevar8x32_epi32': vector: u8 -> control: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_permutevar8x32_epi32 = mm256_permutevar8x32_epi32'
+
+assume
+val mm256_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set1_epi16 = mm256_set1_epi16'
+
+assume
+val mm256_set1_epi32': constant: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set1_epi32 = mm256_set1_epi32'
+
+assume
+val mm256_set1_epi64x': a: i64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set1_epi64x = mm256_set1_epi64x'
+
+assume
+val mm256_set_epi16':
+    input15: i16 ->
+    input14: i16 ->
+    input13: i16 ->
+    input12: i16 ->
+    input11: i16 ->
+    input10: i16 ->
+    input9: i16 ->
+    input8: i16 ->
+    input7: i16 ->
+    input6: i16 ->
+    input5: i16 ->
+    input4: i16 ->
+    input3: i16 ->
+    input2: i16 ->
+    input1: i16 ->
+    input0: i16
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set_epi16 = mm256_set_epi16'
+
+assume
+val mm256_set_epi32':
+    input7: i32 ->
+    input6: i32 ->
+    input5: i32 ->
+    input4: i32 ->
+    input3: i32 ->
+    input2: i32 ->
+    input1: i32 ->
+    input0: i32
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set_epi32 = mm256_set_epi32'
+
+assume
+val mm256_set_epi64x': input3: i64 -> input2: i64 -> input1: i64 -> input0: i64
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set_epi64x = mm256_set_epi64x'
+
+assume
+val mm256_set_epi8':
+    byte31: i8 ->
+    byte30: i8 ->
+    byte29: i8 ->
+    byte28: i8 ->
+    byte27: i8 ->
+    byte26: i8 ->
+    byte25: i8 ->
+    byte24: i8 ->
+    byte23: i8 ->
+    byte22: i8 ->
+    byte21: i8 ->
+    byte20: i8 ->
+    byte19: i8 ->
+    byte18: i8 ->
+    byte17: i8 ->
+    byte16: i8 ->
+    byte15: i8 ->
+    byte14: i8 ->
+    byte13: i8 ->
+    byte12: i8 ->
+    byte11: i8 ->
+    byte10: i8 ->
+    byte9: i8 ->
+    byte8: i8 ->
+    byte7: i8 ->
+    byte6: i8 ->
+    byte5: i8 ->
+    byte4: i8 ->
+    byte3: i8 ->
+    byte2: i8 ->
+    byte1: i8 ->
+    byte0: i8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set_epi8 = mm256_set_epi8'
+
+assume
+val mm256_set_m128i': hi: u8 -> lo: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_set_m128i = mm256_set_m128i'
+
+assume
+val mm256_setzero_si256': Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_setzero_si256 = mm256_setzero_si256'
+
+assume
+val mm256_shuffle_epi32': v_CONTROL: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_shuffle_epi32 (v_CONTROL: i32) = mm256_shuffle_epi32' v_CONTROL
+
+assume
+val mm256_shuffle_epi8': vector: u8 -> control: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_shuffle_epi8 = mm256_shuffle_epi8'
+
+assume
+val mm256_sign_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_sign_epi32 = mm256_sign_epi32'
+
+assume
+val mm256_slli_epi16': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_slli_epi16 (v_SHIFT_BY: i32) = mm256_slli_epi16' v_SHIFT_BY
+
+assume
+val mm256_slli_epi32': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_slli_epi32 (v_SHIFT_BY: i32) = mm256_slli_epi32' v_SHIFT_BY
+
+assume
+val mm256_slli_epi64': v_LEFT: i32 -> x: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_slli_epi64 (v_LEFT: i32) = mm256_slli_epi64' v_LEFT
+
+assume
+val mm256_sllv_epi32': vector: u8 -> counts: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_sllv_epi32 = mm256_sllv_epi32'
+
+assume
+val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srai_epi16 (v_SHIFT_BY: i32) = mm256_srai_epi16' v_SHIFT_BY
+
+assume
+val mm256_srai_epi32': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srai_epi32 (v_SHIFT_BY: i32) = mm256_srai_epi32' v_SHIFT_BY
+
+assume
+val mm256_srli_epi16': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srli_epi16 (v_SHIFT_BY: i32) = mm256_srli_epi16' v_SHIFT_BY
+
+assume
+val mm256_srli_epi32': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srli_epi32 (v_SHIFT_BY: i32) = mm256_srli_epi32' v_SHIFT_BY
+
+assume
+val mm256_srli_epi64': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srli_epi64 (v_SHIFT_BY: i32) = mm256_srli_epi64' v_SHIFT_BY
+
+assume
+val mm256_srlv_epi32': vector: u8 -> counts: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srlv_epi32 = mm256_srlv_epi32'
+
+assume
+val mm256_srlv_epi64': vector: u8 -> counts: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_srlv_epi64 = mm256_srlv_epi64'
+
+assume
+val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: u8
+  -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_storeu_si256_i16 = mm256_storeu_si256_i16'
+
+assume
+val mm256_storeu_si256_i32': output: t_Slice i32 -> vector: u8
+  -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_storeu_si256_i32 = mm256_storeu_si256_i32'
+
+assume
+val mm256_storeu_si256_u8': output: t_Slice u8 -> vector: u8
+  -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_storeu_si256_u8 = mm256_storeu_si256_u8'
+
+assume
+val mm256_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_sub_epi16 = mm256_sub_epi16'
+
+assume
+val mm256_sub_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_sub_epi32 = mm256_sub_epi32'
+
+assume
+val mm256_testz_si256': lhs: u8 -> rhs: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_testz_si256 = mm256_testz_si256'
+
+assume
+val mm256_unpackhi_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_unpackhi_epi32 = mm256_unpackhi_epi32'
+
+assume
+val mm256_unpackhi_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_unpackhi_epi64 = mm256_unpackhi_epi64'
+
+assume
+val mm256_unpacklo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_unpacklo_epi32 = mm256_unpacklo_epi32'
+
+assume
+val mm256_unpacklo_epi64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_unpacklo_epi64 = mm256_unpacklo_epi64'
+
+assume
+val mm256_xor_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm256_xor_si256 = mm256_xor_si256'
+
+assume
+val mm_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_add_epi16 = mm_add_epi16'
+
+assume
+val mm_loadu_si128': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_loadu_si128 = mm_loadu_si128'
+
+assume
+val mm_movemask_epi8': vector: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_movemask_epi8 = mm_movemask_epi8'
+
+assume
+val mm_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_mulhi_epi16 = mm_mulhi_epi16'
+
+assume
+val mm_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_mullo_epi16 = mm_mullo_epi16'
+
+assume
+val mm_packs_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_packs_epi16 = mm_packs_epi16'
+
+assume
+val mm_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_set1_epi16 = mm_set1_epi16'
+
+assume
+val mm_set_epi32': input3: i32 -> input2: i32 -> input1: i32 -> input0: i32
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_set_epi32 = mm_set_epi32'
+
+assume
+val mm_set_epi8':
+    byte15: u8 ->
+    byte14: u8 ->
+    byte13: u8 ->
+    byte12: u8 ->
+    byte11: u8 ->
+    byte10: u8 ->
+    byte9: u8 ->
+    byte8: u8 ->
+    byte7: u8 ->
+    byte6: u8 ->
+    byte5: u8 ->
+    byte4: u8 ->
+    byte3: u8 ->
+    byte2: u8 ->
+    byte1: u8 ->
+    byte0: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_set_epi8 = mm_set_epi8'
+
+assume
+val mm_shuffle_epi8': vector: u8 -> control: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_shuffle_epi8 = mm_shuffle_epi8'
+
+assume
+val mm_sllv_epi32': vector: u8 -> counts: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_sllv_epi32 = mm_sllv_epi32'
+
+assume
+val mm_srli_epi64': v_SHIFT_BY: i32 -> vector: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_srli_epi64 (v_SHIFT_BY: i32) = mm_srli_epi64' v_SHIFT_BY
+
+assume
+val mm_storeu_bytes_si128': output: t_Slice u8 -> vector: u8
+  -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_storeu_bytes_si128 = mm_storeu_bytes_si128'
+
+assume
+val mm_storeu_si128': output: t_Slice i16 -> vector: u8
+  -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_storeu_si128 = mm_storeu_si128'
+
+assume
+val mm_storeu_si128_i32': output: t_Slice i32 -> vector: u8
+  -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_storeu_si128_i32 = mm_storeu_si128_i32'
+
+assume
+val mm_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let mm_sub_epi16 = mm_sub_epi16'
+
+assume
+val vec256_blendv_epi32': a: u8 -> b: u8 -> mask: u8
+  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
+
+let vec256_blendv_epi32 = vec256_blendv_epi32'
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst
new file mode 100644
index 000000000..7d78d62f2
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst
@@ -0,0 +1,107 @@
+module Libcrux_ml_dsa.Hash_functions.Neon
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+assume
+val t_Shake128x4': eqtype
+
+let t_Shake128x4 = t_Shake128x4'
+
+assume
+val t_Shake256x4': eqtype
+
+let t_Shake256x4 = t_Shake256x4'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4
+
+let impl_1 = impl_1'
+
+assume
+val init_absorb':
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8
+  -> Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb = init_absorb'
+
+assume
+val init_absorb_x4':
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8
+  -> Prims.Pure t_Shake256x4 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb_x4 = init_absorb_x4'
+
+assume
+val shake256_x4':
+    v_OUT_LEN: usize ->
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8 ->
+    out0: t_Array u8 v_OUT_LEN ->
+    out1: t_Array u8 v_OUT_LEN ->
+    out2: t_Array u8 v_OUT_LEN ->
+    out3: t_Array u8 v_OUT_LEN
+  -> Prims.Pure
+      (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let shake256_x4 (v_OUT_LEN: usize) = shake256_x4' v_OUT_LEN
+
+assume
+val squeeze_first_block_x4': state: t_Shake256x4
+  -> Prims.Pure
+      (t_Shake256x4 &
+        (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_first_block_x4 = squeeze_first_block_x4'
+
+assume
+val squeeze_first_five_blocks':
+    state: t_Shake128x4 ->
+    out0: t_Array u8 (sz 840) ->
+    out1: t_Array u8 (sz 840) ->
+    out2: t_Array u8 (sz 840) ->
+    out3: t_Array u8 (sz 840)
+  -> Prims.Pure
+      (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+        t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_first_five_blocks = squeeze_first_five_blocks'
+
+assume
+val squeeze_next_block': state: t_Shake128x4
+  -> Prims.Pure
+      (t_Shake128x4 &
+        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_next_block = squeeze_next_block'
+
+assume
+val squeeze_next_block_x4': state: t_Shake256x4
+  -> Prims.Pure
+      (t_Shake256x4 &
+        (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_next_block_x4 = squeeze_next_block_x4'
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst
new file mode 100644
index 000000000..b93e63c07
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst
@@ -0,0 +1,152 @@
+module Libcrux_ml_dsa.Hash_functions.Portable
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+assume
+val t_Shake128': eqtype
+
+let t_Shake128 = t_Shake128'
+
+assume
+val t_Shake128X4': eqtype
+
+let t_Shake128X4 = t_Shake128X4'
+
+assume
+val t_Shake256': eqtype
+
+let t_Shake256 = t_Shake256'
+
+assume
+val t_Shake256X4': eqtype
+
+let t_Shake256X4 = t_Shake256X4'
+
+assume
+val t_Shake256Xof': eqtype
+
+let t_Shake256Xof = t_Shake256Xof'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128
+
+let impl_1 = impl_1'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2': Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256
+
+let impl_2 = impl_2'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_3': Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4
+
+let impl_3 = impl_3'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_4': Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256Xof
+
+let impl_4 = impl_4'
+
+assume
+val init_absorb':
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8
+  -> Prims.Pure t_Shake128X4 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb = init_absorb'
+
+assume
+val init_absorb_final_shake256': input: t_Slice u8
+  -> Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb_final_shake256 = init_absorb_final_shake256'
+
+assume
+val init_absorb_x4':
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8
+  -> Prims.Pure t_Shake256X4 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb_x4 = init_absorb_x4'
+
+assume
+val shake128': v_OUTPUT_LENGTH: usize -> input: t_Slice u8 -> out: t_Array u8 v_OUTPUT_LENGTH
+  -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True)
+
+let shake128 (v_OUTPUT_LENGTH: usize) = shake128' v_OUTPUT_LENGTH
+
+assume
+val shake256': v_OUTPUT_LENGTH: usize -> input: t_Slice u8 -> out: t_Array u8 v_OUTPUT_LENGTH
+  -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True)
+
+let shake256 (v_OUTPUT_LENGTH: usize) = shake256' v_OUTPUT_LENGTH
+
+assume
+val squeeze_first_block_shake256': state: t_Shake256
+  -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_first_block_shake256 = squeeze_first_block_shake256'
+
+assume
+val squeeze_first_block_x4': state: t_Shake256X4
+  -> Prims.Pure
+      (t_Shake256X4 &
+        (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_first_block_x4 = squeeze_first_block_x4'
+
+assume
+val squeeze_first_five_blocks':
+    state: t_Shake128X4 ->
+    out0: t_Array u8 (sz 840) ->
+    out1: t_Array u8 (sz 840) ->
+    out2: t_Array u8 (sz 840) ->
+    out3: t_Array u8 (sz 840)
+  -> Prims.Pure
+      (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+        t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_first_five_blocks = squeeze_first_five_blocks'
+
+assume
+val squeeze_next_block': state: t_Shake128X4
+  -> Prims.Pure
+      (t_Shake128X4 &
+        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_next_block = squeeze_next_block'
+
+assume
+val squeeze_next_block_shake256': state: t_Shake256
+  -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_next_block_shake256 = squeeze_next_block_shake256'
+
+assume
+val squeeze_next_block_x4': state: t_Shake256X4
+  -> Prims.Pure
+      (t_Shake256X4 &
+        (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_next_block_x4 = squeeze_next_block_x4'
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst
new file mode 100644
index 000000000..fe67aa9fc
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst
@@ -0,0 +1,142 @@
+module Libcrux_ml_dsa.Hash_functions.Simd256
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+assume
+val t_Shake128x4': eqtype
+
+let t_Shake128x4 = t_Shake128x4'
+
+assume
+val t_Shake256': eqtype
+
+let t_Shake256 = t_Shake256'
+
+assume
+val t_Shake256x4': eqtype
+
+let t_Shake256x4 = t_Shake256x4'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256
+
+let impl_1 = impl_1'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_2': Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4
+
+let impl_2 = impl_2'
+
+assume
+val init_absorb':
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8
+  -> Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb = init_absorb'
+
+assume
+val init_absorb_final_shake256': input: t_Slice u8
+  -> Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb_final_shake256 = init_absorb_final_shake256'
+
+assume
+val init_absorb_x4':
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8
+  -> Prims.Pure t_Shake256x4 Prims.l_True (fun _ -> Prims.l_True)
+
+let init_absorb_x4 = init_absorb_x4'
+
+assume
+val shake256': v_OUTPUT_LENGTH: usize -> input: t_Slice u8 -> out: t_Array u8 v_OUTPUT_LENGTH
+  -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True)
+
+let shake256 (v_OUTPUT_LENGTH: usize) = shake256' v_OUTPUT_LENGTH
+
+assume
+val shake256_x4':
+    v_OUT_LEN: usize ->
+    input0: t_Slice u8 ->
+    input1: t_Slice u8 ->
+    input2: t_Slice u8 ->
+    input3: t_Slice u8 ->
+    out0: t_Array u8 v_OUT_LEN ->
+    out1: t_Array u8 v_OUT_LEN ->
+    out2: t_Array u8 v_OUT_LEN ->
+    out3: t_Array u8 v_OUT_LEN
+  -> Prims.Pure
+      (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN)
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let shake256_x4 (v_OUT_LEN: usize) = shake256_x4' v_OUT_LEN
+
+assume
+val squeeze_first_block_shake256': state: t_Shake256
+  -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_first_block_shake256 = squeeze_first_block_shake256'
+
+assume
+val squeeze_first_block_x4': state: t_Shake256x4
+  -> Prims.Pure
+      (t_Shake256x4 &
+        (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_first_block_x4 = squeeze_first_block_x4'
+
+assume
+val squeeze_first_five_blocks':
+    state: t_Shake128x4 ->
+    out0: t_Array u8 (sz 840) ->
+    out1: t_Array u8 (sz 840) ->
+    out2: t_Array u8 (sz 840) ->
+    out3: t_Array u8 (sz 840)
+  -> Prims.Pure
+      (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+        t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_first_five_blocks = squeeze_first_five_blocks'
+
+assume
+val squeeze_next_block': state: t_Shake128x4
+  -> Prims.Pure
+      (t_Shake128x4 &
+        (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_next_block = squeeze_next_block'
+
+assume
+val squeeze_next_block_shake256': state: t_Shake256
+  -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True)
+
+let squeeze_next_block_shake256 = squeeze_next_block_shake256'
+
+assume
+val squeeze_next_block_x4': state: t_Shake256x4
+  -> Prims.Pure
+      (t_Shake256x4 &
+        (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))
+      Prims.l_True
+      (fun _ -> Prims.l_True)
+
+let squeeze_next_block_x4 = squeeze_next_block_x4'
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst
new file mode 100644
index 000000000..96cf97528
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst
@@ -0,0 +1,92 @@
+module Libcrux_ml_dsa.Samplex4.Avx2
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
+  let open Libcrux_ml_dsa.Hash_functions.Simd256 in
+  let open Libcrux_ml_dsa.Simd.Traits in
+  ()
+
+let matrix_A_avx2
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (seed: t_Array u8 (sz 34))
+     =
+  match
+    (cast (v_ROWS_IN_A <: usize) <: u8), (cast (v_COLUMNS_IN_A <: usize) <: u8) <: (u8 & u8)
+  with
+  | 4uy, 4uy ->
+    Libcrux_ml_dsa.Samplex4.matrix_A_4_by_4_ #v_SIMDUnit
+      #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
+      v_ROWS_IN_A
+      v_COLUMNS_IN_A
+      seed
+  | 6uy, 5uy ->
+    Libcrux_ml_dsa.Samplex4.matrix_A_6_by_5_ #v_SIMDUnit
+      #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
+      v_ROWS_IN_A
+      v_COLUMNS_IN_A
+      seed
+  | 8uy, 7uy ->
+    Libcrux_ml_dsa.Samplex4.matrix_A_8_by_7_ #v_SIMDUnit
+      #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4
+      v_ROWS_IN_A
+      v_COLUMNS_IN_A
+      seed
+  | _ ->
+    Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+
+        <:
+        Rust_primitives.Hax.t_Never)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_AVX2Sampler =
+  {
+    f_matrix_A_pre
+    =
+    (fun
+        (#v_SIMDUnit: Type0)
+        (v_ROWS_IN_A: usize)
+        (v_COLUMNS_IN_A: usize)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+        (seed: t_Array u8 (sz 34))
+        ->
+        true);
+    f_matrix_A_post
+    =
+    (fun
+        (#v_SIMDUnit: Type0)
+        (v_ROWS_IN_A: usize)
+        (v_COLUMNS_IN_A: usize)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+        (seed: t_Array u8 (sz 34))
+        (out:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+        ->
+        true);
+    f_matrix_A
+    =
+    fun
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A: usize)
+      (v_COLUMNS_IN_A: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+        i1:
+        Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (seed: t_Array u8 (sz 34))
+      ->
+      matrix_A_avx2 #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed
+  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti
new file mode 100644
index 000000000..618fe2e20
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti
@@ -0,0 +1,27 @@
+module Libcrux_ml_dsa.Samplex4.Avx2
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
+  let open Libcrux_ml_dsa.Hash_functions.Simd256 in
+  let open Libcrux_ml_dsa.Simd.Traits in
+  ()
+
+type t_AVX2Sampler = | AVX2Sampler : t_AVX2Sampler
+
+val matrix_A_avx2
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      (seed: t_Array u8 (sz 34))
+    : Prims.Pure
+      (t_Array
+          (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+          v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True)
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Libcrux_ml_dsa.Samplex4.t_X4Sampler t_AVX2Sampler
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst
new file mode 100644
index 000000000..9d975149f
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst
@@ -0,0 +1,61 @@
+module Libcrux_ml_dsa.Samplex4.Neon
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Neon in
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
+  let open Libcrux_ml_dsa.Simd.Traits in
+  ()
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_NeonSampler =
+  {
+    f_matrix_A_pre
+    =
+    (fun
+        (#v_SIMDUnit: Type0)
+        (v_ROWS_IN_A: usize)
+        (v_COLUMNS_IN_A: usize)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+        (seed: t_Array u8 (sz 34))
+        ->
+        true);
+    f_matrix_A_post
+    =
+    (fun
+        (#v_SIMDUnit: Type0)
+        (v_ROWS_IN_A: usize)
+        (v_COLUMNS_IN_A: usize)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+        (seed: t_Array u8 (sz 34))
+        (out:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+        ->
+        true);
+    f_matrix_A
+    =
+    fun
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A: usize)
+      (v_COLUMNS_IN_A: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+        i1:
+        Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (seed: t_Array u8 (sz 34))
+      ->
+      Libcrux_ml_dsa.Samplex4.matrix_A_generic #v_SIMDUnit
+        #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4
+        v_ROWS_IN_A
+        v_COLUMNS_IN_A
+        seed
+  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti
new file mode 100644
index 000000000..3a407290f
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti
@@ -0,0 +1,17 @@
+module Libcrux_ml_dsa.Samplex4.Neon
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Neon in
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
+  let open Libcrux_ml_dsa.Simd.Traits in
+  ()
+
+type t_NeonSampler = | NeonSampler : t_NeonSampler
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Libcrux_ml_dsa.Samplex4.t_X4Sampler t_NeonSampler
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst
new file mode 100644
index 000000000..47473f479
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst
@@ -0,0 +1,61 @@
+module Libcrux_ml_dsa.Samplex4.Portable
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Portable in
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
+  let open Libcrux_ml_dsa.Simd.Traits in
+  ()
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_PortableSampler =
+  {
+    f_matrix_A_pre
+    =
+    (fun
+        (#v_SIMDUnit: Type0)
+        (v_ROWS_IN_A: usize)
+        (v_COLUMNS_IN_A: usize)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+        (seed: t_Array u8 (sz 34))
+        ->
+        true);
+    f_matrix_A_post
+    =
+    (fun
+        (#v_SIMDUnit: Type0)
+        (v_ROWS_IN_A: usize)
+        (v_COLUMNS_IN_A: usize)
+        (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+        (seed: t_Array u8 (sz 34))
+        (out:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+        ->
+        true);
+    f_matrix_A
+    =
+    fun
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A: usize)
+      (v_COLUMNS_IN_A: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+        i1:
+        Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (seed: t_Array u8 (sz 34))
+      ->
+      Libcrux_ml_dsa.Samplex4.matrix_A_generic #v_SIMDUnit
+        #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4
+        v_ROWS_IN_A
+        v_COLUMNS_IN_A
+        seed
+  }
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti
new file mode 100644
index 000000000..8764f68b8
--- /dev/null
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti
@@ -0,0 +1,17 @@
+module Libcrux_ml_dsa.Samplex4.Portable
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+  (* This module has implicit dependencies, here we make them explicit. *)
+  (* The implicit dependencies arise from typeclasses instances. *)
+  let open Libcrux_ml_dsa.Hash_functions.Portable in
+  let open Libcrux_ml_dsa.Hash_functions.Shake128 in
+  let open Libcrux_ml_dsa.Simd.Traits in
+  ()
+
+type t_PortableSampler = | PortableSampler : t_PortableSampler
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+val impl:Libcrux_ml_dsa.Samplex4.t_X4Sampler t_PortableSampler
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
new file mode 100644
index 000000000..a740de583
--- /dev/null
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
@@ -0,0 +1,44 @@
+module Libcrux_platform.Platform
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+open Core
+open FStar.Mul
+
+assume
+val adv_simd_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let adv_simd_support = adv_simd_support'
+
+assume
+val aes_ni_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let aes_ni_support = aes_ni_support'
+
+assume
+val bmi2_adx_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let bmi2_adx_support = bmi2_adx_support'
+
+assume
+val pmull_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let pmull_support = pmull_support'
+
+assume
+val sha256_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let sha256_support = sha256_support'
+
+assume
+val simd128_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let simd128_support = simd128_support'
+
+assume
+val simd256_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let simd256_support = simd256_support'
+
+assume
+val x25519_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let x25519_support = x25519_support'
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
new file mode 100644
index 000000000..2ddf180ff
--- /dev/null
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
@@ -0,0 +1,60 @@
+module Libcrux_platform.X86
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
+open Core
+open FStar.Mul
+
+let t_Feature_cast_to_repr (x: t_Feature) =
+  match x with
+  | Feature_mmx  -> isz 0
+  | Feature_sse  -> isz 1
+  | Feature_sse2  -> isz 3
+  | Feature_sse3  -> isz 6
+  | Feature_pclmulqdq  -> isz 10
+  | Feature_ssse3  -> isz 15
+  | Feature_fma  -> isz 21
+  | Feature_movbe  -> isz 28
+  | Feature_sse4_1_  -> isz 36
+  | Feature_sse4_2_  -> isz 45
+  | Feature_popcnt  -> isz 55
+  | Feature_aes  -> isz 66
+  | Feature_xsave  -> isz 78
+  | Feature_osxsave  -> isz 91
+  | Feature_avx  -> isz 105
+  | Feature_rdrand  -> isz 120
+  | Feature_sgx  -> isz 136
+  | Feature_bmi1  -> isz 153
+  | Feature_avx2  -> isz 171
+  | Feature_bmi2  -> isz 190
+  | Feature_avx512f  -> isz 210
+  | Feature_avx512dq  -> isz 231
+  | Feature_rdseed  -> isz 253
+  | Feature_adx  -> isz 276
+  | Feature_avx512ifma  -> isz 300
+  | Feature_avx512pf  -> isz 325
+  | Feature_avx512er  -> isz 351
+  | Feature_avx512cd  -> isz 378
+  | Feature_sha  -> isz 406
+  | Feature_avx512bw  -> isz 435
+  | Feature_avx512vl  -> isz 465
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl': Core.Clone.t_Clone t_Feature
+
+let impl = impl'
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+assume
+val impl_1': Core.Marker.t_Copy t_Feature
+
+let impl_1 = impl_1'
+
+assume
+val init': Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True)
+
+let init = init'
+
+assume
+val supported': feature: t_Feature -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+
+let supported = supported'

From c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 13:12:04 +0100
Subject: [PATCH 136/142] FStar extraction update

---
 .../Libcrux_intrinsics.Arm64_extract.fst      |   2 +-
 .../Libcrux_intrinsics.Arm64_extract.fsti     |   2 +-
 .../Libcrux_intrinsics.Avx2_extract.fst       | 481 ------------------
 .../Libcrux_intrinsics.Avx2_extract.fsti      |   2 +-
 .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst  |  12 -
 .../extraction/Libcrux_platform.Platform.fst  |   2 +-
 .../extraction/Libcrux_platform.Platform.fsti |   2 +-
 .../fstar/extraction/Libcrux_platform.X86.fst |   2 +-
 .../extraction/Libcrux_platform.X86.fsti      |   2 +-
 9 files changed, 7 insertions(+), 500 deletions(-)

diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
index 4110ce845..e23020d49 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
index a03c287ec..d4014e6a8 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Arm64_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
index 7a00501f1..5cf54bf43 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst
@@ -1,139 +1,13 @@
 module Libcrux_intrinsics.Avx2_extract
-<<<<<<< HEAD
 #set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
-=======
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
->>>>>>> main
 open Core
 open FStar.Mul
 
 assume
-<<<<<<< HEAD
-val mm256_abs_epi32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_abs_epi32 = mm256_abs_epi32'
-
-assume
-val mm256_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_add_epi16 = mm256_add_epi16'
-
-assume
-val mm256_add_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_add_epi32 = mm256_add_epi32'
-
-assume
-val mm256_add_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_add_epi64 = mm256_add_epi64'
-
-assume
-val mm256_and_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_and_si256 = mm256_and_si256'
-
-assume
-val mm256_andnot_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_andnot_si256 = mm256_andnot_si256'
-
-assume
-val mm256_blend_epi16': v_CONTROL: i32 -> lhs: u8 -> rhs: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_blend_epi16 (v_CONTROL: i32) = mm256_blend_epi16' v_CONTROL
-
-assume
-val mm256_blend_epi32': v_CONTROL: i32 -> lhs: u8 -> rhs: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_blend_epi32 (v_CONTROL: i32) = mm256_blend_epi32' v_CONTROL
-
-assume
-val mm256_bsrli_epi128': v_SHIFT_BY: i32 -> x: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_bsrli_epi128 (v_SHIFT_BY: i32) = mm256_bsrli_epi128' v_SHIFT_BY
-
-assume
-val mm256_castsi128_si256': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_castsi128_si256 = mm256_castsi128_si256'
-
-assume
-val mm256_castsi256_ps': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_castsi256_ps = mm256_castsi256_ps'
-
-assume
-val mm256_castsi256_si128': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_castsi256_si128 = mm256_castsi256_si128'
-
-assume
-val mm256_cmpeq_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_cmpeq_epi32 = mm256_cmpeq_epi32'
-
-assume
-val mm256_cmpgt_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_cmpgt_epi16 = mm256_cmpgt_epi16'
-
-assume
-val mm256_cmpgt_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_cmpgt_epi32 = mm256_cmpgt_epi32'
-
-assume
-val mm256_cvtepi16_epi32': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_cvtepi16_epi32 = mm256_cvtepi16_epi32'
-
-assume
-val mm256_extracti128_si256': v_CONTROL: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_extracti128_si256 (v_CONTROL: i32) = mm256_extracti128_si256' v_CONTROL
-
-assume
-val mm256_inserti128_si256': v_CONTROL: i32 -> vector: u8 -> vector_i128: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_inserti128_si256 (v_CONTROL: i32) = mm256_inserti128_si256' v_CONTROL
-
-assume
-val mm256_loadu_si256_i16': input: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_loadu_si256_i16 = mm256_loadu_si256_i16'
-
-assume
-val mm256_loadu_si256_i32': input: t_Slice i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_loadu_si256_i32 = mm256_loadu_si256_i32'
-
-assume
-val mm256_loadu_si256_u8': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_loadu_si256_u8 = mm256_loadu_si256_u8'
-
-assume
-val mm256_madd_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_madd_epi16 = mm256_madd_epi16'
-
-assume
-=======
->>>>>>> main
 val mm256_movemask_ps': a: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
 
 let mm256_movemask_ps = mm256_movemask_ps'
 
-<<<<<<< HEAD
-assume
-val mm256_mul_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 [@@ FStar.Tactics.Typeclasses.tcinstance]
 assume
 val impl_3': Core.Clone.t_Clone t_Vec128
@@ -273,24 +147,16 @@ let mm256_loadu_si256_u8 = mm256_loadu_si256_u8'
 assume
 val mm256_mul_epi32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_mul_epi32 = mm256_mul_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_mul_epu32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_mul_epu32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_mul_epu32 = mm256_mul_epu32'
 
 assume
-<<<<<<< HEAD
-val mm256_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_mulhi_epi16': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256
       Prims.l_True
@@ -301,265 +167,91 @@ val mm256_mulhi_epi16': lhs: t_Vec256 -> rhs: t_Vec256
           Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16)
             (vec256_as_i16x16 lhs)
             (vec256_as_i16x16 rhs))
->>>>>>> main
 
 let mm256_mulhi_epi16 = mm256_mulhi_epi16'
 
 assume
-<<<<<<< HEAD
-val mm256_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_mullo_epi16 = mm256_mullo_epi16'
-
-assume
-val mm256_mullo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_mullo_epi32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_mullo_epi32 = mm256_mullo_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_or_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_or_si256': a: t_Vec256 -> b: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_or_si256 = mm256_or_si256'
 
 assume
-<<<<<<< HEAD
-val mm256_packs_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_packs_epi32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_packs_epi32 = mm256_packs_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_permute2x128_si256': v_IMM8: i32 -> a: u8 -> b: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_permute2x128_si256': v_IMM8: i32 -> a: t_Vec256 -> b: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_permute2x128_si256 (v_IMM8: i32) = mm256_permute2x128_si256' v_IMM8
 
 assume
-<<<<<<< HEAD
-val mm256_permute4x64_epi64': v_CONTROL: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_permute4x64_epi64': v_CONTROL: i32 -> vector: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_permute4x64_epi64 (v_CONTROL: i32) = mm256_permute4x64_epi64' v_CONTROL
 
 assume
-<<<<<<< HEAD
-val mm256_permutevar8x32_epi32': vector: u8 -> control: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_permutevar8x32_epi32 = mm256_permutevar8x32_epi32'
-
-assume
-val mm256_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_set1_epi16 = mm256_set1_epi16'
-
-assume
-val mm256_set1_epi32': constant: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_set1_epi32': constant: i32 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_set1_epi32 = mm256_set1_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_set1_epi64x': a: i64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_set1_epi64x': a: i64 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_set1_epi64x = mm256_set1_epi64x'
 
 assume
-<<<<<<< HEAD
-val mm256_set_epi16':
-    input15: i16 ->
-    input14: i16 ->
-    input13: i16 ->
-    input12: i16 ->
-    input11: i16 ->
-    input10: i16 ->
-    input9: i16 ->
-    input8: i16 ->
-    input7: i16 ->
-    input6: i16 ->
-    input5: i16 ->
-    input4: i16 ->
-    input3: i16 ->
-    input2: i16 ->
-    input1: i16 ->
-    input0: i16
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_set_epi16 = mm256_set_epi16'
-
-assume
-val mm256_set_epi32':
-    input7: i32 ->
-    input6: i32 ->
-    input5: i32 ->
-    input4: i32 ->
-    input3: i32 ->
-    input2: i32 ->
-    input1: i32 ->
-    input0: i32
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_set_epi32 = mm256_set_epi32'
-
-assume
-val mm256_set_epi64x': input3: i64 -> input2: i64 -> input1: i64 -> input0: i64
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_set_epi64x': input3: i64 -> input2: i64 -> input1: i64 -> input0: i64
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_set_epi64x = mm256_set_epi64x'
 
 assume
-<<<<<<< HEAD
-val mm256_set_epi8':
-    byte31: i8 ->
-    byte30: i8 ->
-    byte29: i8 ->
-    byte28: i8 ->
-    byte27: i8 ->
-    byte26: i8 ->
-    byte25: i8 ->
-    byte24: i8 ->
-    byte23: i8 ->
-    byte22: i8 ->
-    byte21: i8 ->
-    byte20: i8 ->
-    byte19: i8 ->
-    byte18: i8 ->
-    byte17: i8 ->
-    byte16: i8 ->
-    byte15: i8 ->
-    byte14: i8 ->
-    byte13: i8 ->
-    byte12: i8 ->
-    byte11: i8 ->
-    byte10: i8 ->
-    byte9: i8 ->
-    byte8: i8 ->
-    byte7: i8 ->
-    byte6: i8 ->
-    byte5: i8 ->
-    byte4: i8 ->
-    byte3: i8 ->
-    byte2: i8 ->
-    byte1: i8 ->
-    byte0: i8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_set_epi8 = mm256_set_epi8'
-
-assume
-val mm256_set_m128i': hi: u8 -> lo: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_set_m128i': hi: t_Vec128 -> lo: t_Vec128
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_set_m128i = mm256_set_m128i'
 
 assume
-<<<<<<< HEAD
-val mm256_setzero_si256': Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_setzero_si256': Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_setzero_si256 = mm256_setzero_si256'
 
 assume
-<<<<<<< HEAD
-val mm256_shuffle_epi32': v_CONTROL: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_shuffle_epi32': v_CONTROL: i32 -> vector: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_shuffle_epi32 (v_CONTROL: i32) = mm256_shuffle_epi32' v_CONTROL
 
 assume
-<<<<<<< HEAD
-val mm256_shuffle_epi8': vector: u8 -> control: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_shuffle_epi8 = mm256_shuffle_epi8'
-
-assume
-val mm256_sign_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_sign_epi32': a: t_Vec256 -> b: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_sign_epi32 = mm256_sign_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_slli_epi16': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_slli_epi16 (v_SHIFT_BY: i32) = mm256_slli_epi16' v_SHIFT_BY
-
-assume
-val mm256_slli_epi32': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_slli_epi32': v_SHIFT_BY: i32 -> vector: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_slli_epi32 (v_SHIFT_BY: i32) = mm256_slli_epi32' v_SHIFT_BY
 
 assume
-<<<<<<< HEAD
-val mm256_slli_epi64': v_LEFT: i32 -> x: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_slli_epi64': v_LEFT: i32 -> x: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_slli_epi64 (v_LEFT: i32) = mm256_slli_epi64' v_LEFT
 
 assume
-<<<<<<< HEAD
-val mm256_sllv_epi32': vector: u8 -> counts: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_sllv_epi32 = mm256_sllv_epi32'
-
-assume
-val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: t_Vec256
   -> Prims.Pure t_Vec256
       (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l)
@@ -568,71 +260,34 @@ val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: t_Vec256
           let result:t_Vec256 = result in
           vec256_as_i16x16 result ==
           Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec256_as_i16x16 vector))
->>>>>>> main
 
 let mm256_srai_epi16 (v_SHIFT_BY: i32) = mm256_srai_epi16' v_SHIFT_BY
 
 assume
-<<<<<<< HEAD
-val mm256_srai_epi32': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_srai_epi32': v_SHIFT_BY: i32 -> vector: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_srai_epi32 (v_SHIFT_BY: i32) = mm256_srai_epi32' v_SHIFT_BY
 
 assume
-<<<<<<< HEAD
-val mm256_srli_epi16': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_srli_epi16 (v_SHIFT_BY: i32) = mm256_srli_epi16' v_SHIFT_BY
-
-assume
-val mm256_srli_epi32': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_srli_epi32': v_SHIFT_BY: i32 -> vector: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_srli_epi32 (v_SHIFT_BY: i32) = mm256_srli_epi32' v_SHIFT_BY
 
 assume
-<<<<<<< HEAD
-val mm256_srli_epi64': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm256_srli_epi64 (v_SHIFT_BY: i32) = mm256_srli_epi64' v_SHIFT_BY
-
-assume
-val mm256_srlv_epi32': vector: u8 -> counts: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_srlv_epi32': vector: t_Vec256 -> counts: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_srlv_epi32 = mm256_srlv_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_srlv_epi64': vector: u8 -> counts: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_srlv_epi64': vector: t_Vec256 -> counts: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_srlv_epi64 = mm256_srlv_epi64'
 
 assume
-<<<<<<< HEAD
-val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: u8
-  -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: t_Vec256
   -> Prims.Pure (t_Slice i16)
       Prims.l_True
@@ -641,34 +296,22 @@ val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: t_Vec256
           let output_future:t_Slice i16 = output_future in
           (Core.Slice.impl__len #i16 output_future <: usize) =.
           (Core.Slice.impl__len #i16 output <: usize))
->>>>>>> main
 
 let mm256_storeu_si256_i16 = mm256_storeu_si256_i16'
 
 assume
-<<<<<<< HEAD
-val mm256_storeu_si256_i32': output: t_Slice i32 -> vector: u8
-=======
 val mm256_storeu_si256_i32': output: t_Slice i32 -> vector: t_Vec256
->>>>>>> main
   -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True)
 
 let mm256_storeu_si256_i32 = mm256_storeu_si256_i32'
 
 assume
-<<<<<<< HEAD
-val mm256_storeu_si256_u8': output: t_Slice u8 -> vector: u8
-=======
 val mm256_storeu_si256_u8': output: t_Slice u8 -> vector: t_Vec256
->>>>>>> main
   -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
 
 let mm256_storeu_si256_u8 = mm256_storeu_si256_u8'
 
 assume
-<<<<<<< HEAD
-val mm256_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_sub_epi16': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256
       Prims.l_True
@@ -677,84 +320,52 @@ val mm256_sub_epi16': lhs: t_Vec256 -> rhs: t_Vec256
           let result:t_Vec256 = result in
           vec256_as_i16x16 result ==
           Spec.Utils.map2 ( -. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs))
->>>>>>> main
 
 let mm256_sub_epi16 = mm256_sub_epi16'
 
 assume
-<<<<<<< HEAD
-val mm256_sub_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_sub_epi32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_sub_epi32 = mm256_sub_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_testz_si256': lhs: u8 -> rhs: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_testz_si256': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_testz_si256 = mm256_testz_si256'
 
 assume
-<<<<<<< HEAD
-val mm256_unpackhi_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_unpackhi_epi32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_unpackhi_epi32 = mm256_unpackhi_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_unpackhi_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_unpackhi_epi64': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_unpackhi_epi64 = mm256_unpackhi_epi64'
 
 assume
-<<<<<<< HEAD
-val mm256_unpacklo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_unpacklo_epi32': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_unpacklo_epi32 = mm256_unpacklo_epi32'
 
 assume
-<<<<<<< HEAD
-val mm256_unpacklo_epi64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_unpacklo_epi64': a: t_Vec256 -> b: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_unpacklo_epi64 = mm256_unpacklo_epi64'
 
 assume
-<<<<<<< HEAD
-val mm256_xor_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm256_xor_si256': lhs: t_Vec256 -> rhs: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm256_xor_si256 = mm256_xor_si256'
 
 assume
-<<<<<<< HEAD
-val mm_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_add_epi16': lhs: t_Vec128 -> rhs: t_Vec128
   -> Prims.Pure t_Vec128
       Prims.l_True
@@ -763,24 +374,10 @@ val mm_add_epi16': lhs: t_Vec128 -> rhs: t_Vec128
           let result:t_Vec128 = result in
           vec128_as_i16x8 result ==
           Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs))
->>>>>>> main
 
 let mm_add_epi16 = mm_add_epi16'
 
 assume
-<<<<<<< HEAD
-val mm_loadu_si128': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm_loadu_si128 = mm_loadu_si128'
-
-assume
-val mm_movemask_epi8': vector: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm_movemask_epi8 = mm_movemask_epi8'
-
-assume
-val mm_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_mulhi_epi16': lhs: t_Vec128 -> rhs: t_Vec128
   -> Prims.Pure t_Vec128
       Prims.l_True
@@ -791,14 +388,10 @@ val mm_mulhi_epi16': lhs: t_Vec128 -> rhs: t_Vec128
           Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16)
             (vec128_as_i16x8 lhs)
             (vec128_as_i16x8 rhs))
->>>>>>> main
 
 let mm_mulhi_epi16 = mm_mulhi_epi16'
 
 assume
-<<<<<<< HEAD
-val mm_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_mullo_epi16': lhs: t_Vec128 -> rhs: t_Vec128
   -> Prims.Pure t_Vec128
       Prims.l_True
@@ -807,19 +400,10 @@ val mm_mullo_epi16': lhs: t_Vec128 -> rhs: t_Vec128
           let result:t_Vec128 = result in
           vec128_as_i16x8 result ==
           Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs))
->>>>>>> main
 
 let mm_mullo_epi16 = mm_mullo_epi16'
 
 assume
-<<<<<<< HEAD
-val mm_packs_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm_packs_epi16 = mm_packs_epi16'
-
-assume
-val mm_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_set1_epi16': constant: i16
   -> Prims.Pure t_Vec128
       Prims.l_True
@@ -827,99 +411,40 @@ val mm_set1_epi16': constant: i16
         fun result ->
           let result:t_Vec128 = result in
           vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant)
->>>>>>> main
 
 let mm_set1_epi16 = mm_set1_epi16'
 
 assume
 val mm_set_epi32': input3: i32 -> input2: i32 -> input1: i32 -> input0: i32
-<<<<<<< HEAD
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
   -> Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm_set_epi32 = mm_set_epi32'
 
 assume
-<<<<<<< HEAD
-val mm_set_epi8':
-    byte15: u8 ->
-    byte14: u8 ->
-    byte13: u8 ->
-    byte12: u8 ->
-    byte11: u8 ->
-    byte10: u8 ->
-    byte9: u8 ->
-    byte8: u8 ->
-    byte7: u8 ->
-    byte6: u8 ->
-    byte5: u8 ->
-    byte4: u8 ->
-    byte3: u8 ->
-    byte2: u8 ->
-    byte1: u8 ->
-    byte0: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm_set_epi8 = mm_set_epi8'
-
-assume
-val mm_shuffle_epi8': vector: u8 -> control: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-
-let mm_shuffle_epi8 = mm_shuffle_epi8'
-
-assume
-val mm_sllv_epi32': vector: u8 -> counts: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_sllv_epi32': vector: t_Vec128 -> counts: t_Vec128
   -> Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm_sllv_epi32 = mm_sllv_epi32'
 
 assume
-<<<<<<< HEAD
-val mm_srli_epi64': v_SHIFT_BY: i32 -> vector: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_srli_epi64': v_SHIFT_BY: i32 -> vector: t_Vec128
   -> Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let mm_srli_epi64 (v_SHIFT_BY: i32) = mm_srli_epi64' v_SHIFT_BY
 
 assume
-<<<<<<< HEAD
-val mm_storeu_bytes_si128': output: t_Slice u8 -> vector: u8
-  -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True)
-
-let mm_storeu_bytes_si128 = mm_storeu_bytes_si128'
-
-assume
-val mm_storeu_si128': output: t_Slice i16 -> vector: u8
-=======
 val mm_storeu_si128': output: t_Slice i16 -> vector: t_Vec128
->>>>>>> main
   -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True)
 
 let mm_storeu_si128 = mm_storeu_si128'
 
 assume
-<<<<<<< HEAD
-val mm_storeu_si128_i32': output: t_Slice i32 -> vector: u8
-=======
 val mm_storeu_si128_i32': output: t_Slice i32 -> vector: t_Vec128
->>>>>>> main
   -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True)
 
 let mm_storeu_si128_i32 = mm_storeu_si128_i32'
 
 assume
-<<<<<<< HEAD
-val mm_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val mm_sub_epi16': lhs: t_Vec128 -> rhs: t_Vec128
   -> Prims.Pure t_Vec128
       Prims.l_True
@@ -928,17 +453,11 @@ val mm_sub_epi16': lhs: t_Vec128 -> rhs: t_Vec128
           let result:t_Vec128 = result in
           vec128_as_i16x8 result ==
           Spec.Utils.map2 ( -. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs))
->>>>>>> main
 
 let mm_sub_epi16 = mm_sub_epi16'
 
 assume
-<<<<<<< HEAD
-val vec256_blendv_epi32': a: u8 -> b: u8 -> mask: u8
-  -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True)
-=======
 val vec256_blendv_epi32': a: t_Vec256 -> b: t_Vec256 -> mask: t_Vec256
   -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True)
->>>>>>> main
 
 let vec256_blendv_epi32 = vec256_blendv_epi32'
diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
index e597dd2fd..4b6ebb714 100644
--- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
+++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti
@@ -1,5 +1,5 @@
 module Libcrux_intrinsics.Avx2_extract
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
index 9a56fb8fc..1956943ed 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst
@@ -44,18 +44,6 @@ val impl_2': Core.Marker.t_Copy t_AVX2SIMDUnit
 
 let impl_2 = impl_2'
 
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-assume
-val impl_1': Core.Clone.t_Clone t_AVX2SIMDUnit
-
-let impl_1 = impl_1'
-
-[@@ FStar.Tactics.Typeclasses.tcinstance]
-assume
-val impl_2': Core.Marker.t_Copy t_AVX2SIMDUnit
-
-let impl_2 = impl_2'
-
 let to_coefficient_array (x: t_AVX2SIMDUnit) =
   let coefficient_array:t_Array i32 (sz 8) = Rust_primitives.Hax.repeat 0l (sz 8) in
   let coefficient_array:t_Array i32 (sz 8) =
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
index 0451136c0..a740de583 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
index e8713dad5..95dad6932 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.Platform
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
index 4284c4102..2ddf180ff 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst
@@ -1,5 +1,5 @@
 module Libcrux_platform.X86
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 
diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
index d7c15a880..0c9c90e71 100644
--- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
+++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti
@@ -1,5 +1,5 @@
 module Libcrux_platform.X86
-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 80"
 open Core
 open FStar.Mul
 

From 5d83c54f100cc8c722c9a6fa97f369cc77a0fc24 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 13:18:14 +0100
Subject: [PATCH 137/142] C extraction update

---
 libcrux-ml-dsa/cg/code_gen.txt               |  2 +-
 libcrux-ml-dsa/cg/header.txt                 |  2 +-
 libcrux-ml-dsa/cg/libcrux_core.h             |  2 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 10 ++++++----
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 11 +++++++----
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |  2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |  2 +-
 7 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index b0e4f99c7..fb5fd5691 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index bdd12b396..4cb8a526f 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+ * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
  */
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index 57c7db76c..09a487680 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+ * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 8a3d324dc..22fbd27b0 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+ * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -8739,9 +8739,11 @@ static inline void libcrux_ml_dsa_encoding_t1_deserialize_ea(
                               __m256i);
        i++) {
     size_t i0 = i;
-    __m256i uu____0 = libcrux_ml_dsa_simd_avx2_t1_deserialize_a2(
-        Eurydice_slice_subslice2(serialized, i0 * (size_t)10U,
-                                 (i0 + (size_t)1U) * (size_t)10U, uint8_t));
+    __m256i uu____0 =
+        libcrux_ml_dsa_simd_avx2_t1_deserialize_a2(Eurydice_slice_subslice2(
+            serialized, i0 * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW,
+            (i0 + (size_t)1U) * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW,
+            uint8_t));
     result->simd_units[i0] = uu____0;
   }
 }
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index f05d7b3af..177e98ceb 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+ * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -71,6 +71,8 @@ extern "C" {
 
 #define LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT ((size_t)13U)
 
+#define LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW ((size_t)10U)
+
 #define LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \
   ((size_t)10U)
 
@@ -9687,9 +9689,10 @@ static inline void libcrux_ml_dsa_encoding_t1_deserialize_ba(
        i++) {
     size_t i0 = i;
     libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 =
-        libcrux_ml_dsa_simd_portable_t1_deserialize_36(
-            Eurydice_slice_subslice2(serialized, i0 * (size_t)10U,
-                                     (i0 + (size_t)1U) * (size_t)10U, uint8_t));
+        libcrux_ml_dsa_simd_portable_t1_deserialize_36(Eurydice_slice_subslice2(
+            serialized, i0 * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW,
+            (i0 + (size_t)1U) * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW,
+            uint8_t));
     result->simd_units[i0] = uu____0;
   }
 }
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index b786152bb..a96bed3c2 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+ * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index c12c02ac6..d798f2f87 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0
+ * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
  */
 
 #ifndef __libcrux_sha3_portable_H

From b23ff3867648c3baddce38771f0f6a3be7336181 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 14:11:52 +0100
Subject: [PATCH 138/142] Use array instead of tuple

---
 libcrux-ml-dsa/src/sample.rs   | 28 ++++++++++++++--------------
 libcrux-ml-dsa/src/samplex4.rs | 12 ++++++------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index 345b11ef3..a12e0131a 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -56,12 +56,7 @@ pub(crate) fn sample_up_to_four_ring_elements<
 >(
     mut seed0: [u8; 34],
     matrix: &mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
-    rand_stack: &mut (
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-        [u8; shake128::FIVE_BLOCKS_SIZE],
-    ),
+    rand_stack: &mut [[u8; shake128::FIVE_BLOCKS_SIZE]; 4],
     tmp_stack: &mut [[i32; 263]],
     indices: &[(u8, u8); 4],
     elements_requested: usize,
@@ -91,11 +86,16 @@ pub(crate) fn sample_up_to_four_ring_elements<
 
     let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3);
 
+    let mut rand_stack0 = rand_stack[0];
+    let mut rand_stack1 = rand_stack[1];
+    let mut rand_stack2 = rand_stack[2];
+    let mut rand_stack3 = rand_stack[3];
+
     state.squeeze_first_five_blocks(
-        &mut rand_stack.0,
-        &mut rand_stack.1,
-        &mut rand_stack.2,
-        &mut rand_stack.3,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
     );
 
     // Every call to |rejection_sample_less_than_field_modulus|
@@ -112,22 +112,22 @@ pub(crate) fn sample_up_to_four_ring_elements<
     let mut sampled3 = 0;
 
     let mut done0 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack.0,
+        &mut rand_stack0,
         &mut sampled0,
         &mut tmp_stack[0],
     );
     let mut done1 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack.1,
+        &mut rand_stack1,
         &mut sampled1,
         &mut tmp_stack[1],
     );
     let mut done2 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack.2,
+        &mut rand_stack2,
         &mut sampled2,
         &mut tmp_stack[2],
     );
     let mut done3 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack.3,
+        &mut rand_stack3,
         &mut sampled3,
         &mut tmp_stack[3],
     );
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 253936bba..3b2208666 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -46,12 +46,12 @@ pub(crate) fn matrix_A_4_by_4<
     let mut A: Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A> =
         [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let mut rand_stack = (
+    let mut rand_stack = [
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
-    );
+    ];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
     sample_four_ring_elements_into!(
@@ -111,12 +111,12 @@ pub(crate) fn matrix_A_6_by_5<
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     let mut A = [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let mut rand_stack = (
+    let mut rand_stack = [
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
-    );
+    ];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
     sample_four_ring_elements_into!(
@@ -216,12 +216,12 @@ pub(crate) fn matrix_A_8_by_7<
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     let mut A = [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let mut rand_stack = (
+    let mut rand_stack = [
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
         [0u8; shake128::FIVE_BLOCKS_SIZE],
-    );
+    ];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
     sample_four_ring_elements_into!(

From 6f3e276f590bc07088c6ae648e929149836d2ae4 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 14:12:17 +0100
Subject: [PATCH 139/142] Update FStar extraction

---
 .../extraction/Libcrux_ml_dsa.Sample.fst      |  81 ++----
 .../extraction/Libcrux_ml_dsa.Sample.fsti     |   5 +-
 .../extraction/Libcrux_ml_dsa.Samplex4.fst    | 239 +++++++-----------
 3 files changed, 109 insertions(+), 216 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
index a209fd286..6a1132912 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
@@ -976,8 +976,7 @@ let sample_up_to_four_ring_elements
           t_Array
             (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
             v_ROWS_IN_A)
-      (rand_stack:
-          (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)))
+      (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4))
       (tmp_stack: t_Slice (t_Array i32 (sz 263)))
       (indices: t_Array (u8 & u8) (sz 4))
       (elements_requested: usize)
@@ -1043,54 +1042,33 @@ let sample_up_to_four_ring_elements
       (seed2 <: t_Slice u8)
       (seed3 <: t_Slice u8)
   in
+  let rand_stack0:t_Array u8 (sz 840) = rand_stack.[ sz 0 ] in
+  let rand_stack1:t_Array u8 (sz 840) = rand_stack.[ sz 1 ] in
+  let rand_stack2:t_Array u8 (sz 840) = rand_stack.[ sz 2 ] in
+  let rand_stack3:t_Array u8 (sz 840) = rand_stack.[ sz 3 ] in
   let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
     t_Array u8 (sz 840) &
     t_Array u8 (sz 840)) =
     Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128
       #FStar.Tactics.Typeclasses.solve
       state
-      rand_stack._1
-      rand_stack._2
-      rand_stack._3
-      rand_stack._4
+      rand_stack0
+      rand_stack1
+      rand_stack2
+      rand_stack3
   in
   let state:v_Shake128 = tmp0 in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _1 = tmp1 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _2 = tmp2 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _3 = tmp3 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _4 = tmp4 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
   let _:Prims.unit = () in
   let sampled0:usize = sz 0 in
   let sampled1:usize = sz 0 in
   let sampled2:usize = sz 0 in
   let sampled3:usize = sz 0 in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._1 in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _1 = tmp0 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack0 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
       (out <: t_Slice u8)
@@ -1102,13 +1080,8 @@ let sample_up_to_four_ring_elements
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1
   in
   let done0:bool = out in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._2 in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _2 = tmp0 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
       (out <: t_Slice u8)
@@ -1120,13 +1093,8 @@ let sample_up_to_four_ring_elements
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1
   in
   let done1:bool = out in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._3 in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _3 = tmp0 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
       (out <: t_Slice u8)
@@ -1138,13 +1106,8 @@ let sample_up_to_four_ring_elements
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1
   in
   let done2:bool = out in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._4 in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    { rand_stack with _4 = tmp0 }
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
-  in
+  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
       (out <: t_Slice u8)
@@ -1332,5 +1295,5 @@ let sample_up_to_four_ring_elements
   <:
   (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Slice (t_Array i32 (sz 263)))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
index 142041aa2..6e67335a3 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
@@ -122,8 +122,7 @@ val sample_up_to_four_ring_elements
           t_Array
             (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
             v_ROWS_IN_A)
-      (rand_stack:
-          (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)))
+      (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4))
       (tmp_stack: t_Slice (t_Array i32 (sz 263)))
       (indices: t_Array (u8 & u8) (sz 4))
       (elements_requested: usize)
@@ -131,5 +130,5 @@ val sample_up_to_four_ring_elements
       (t_Array
           (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
           v_ROWS_IN_A &
-        (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+        t_Array (t_Array u8 (sz 840)) (sz 4) &
         t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
index 105849569..124ade794 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
@@ -37,14 +37,17 @@ let matrix_A_4_by_4_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840)
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) =
+    let list =
+      [
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840)
+      ]
+    in
+    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+    Rust_primitives.Hax.array_of_list 4 list
   in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
     let list =
@@ -61,7 +64,7 @@ let matrix_A_4_by_4_
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -81,16 +84,13 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -110,16 +110,13 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -139,16 +136,13 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -168,10 +162,7 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   v_A
@@ -199,14 +190,17 @@ let matrix_A_6_by_5_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840)
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) =
+    let list =
+      [
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840)
+      ]
+    in
+    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+    Rust_primitives.Hax.array_of_list 4 list
   in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
     let list =
@@ -223,7 +217,7 @@ let matrix_A_6_by_5_
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -243,16 +237,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -272,16 +263,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -301,16 +289,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -330,16 +315,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -359,16 +341,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -388,16 +367,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -417,16 +393,13 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -446,10 +419,7 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   v_A
@@ -477,14 +447,17 @@ let matrix_A_8_by_7_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840),
-    Rust_primitives.Hax.repeat 0uy (sz 840)
-    <:
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) =
+    let list =
+      [
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840);
+        Rust_primitives.Hax.repeat 0uy (sz 840)
+      ]
+    in
+    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
+    Rust_primitives.Hax.array_of_list 4 list
   in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
     let list =
@@ -501,7 +474,7 @@ let matrix_A_8_by_7_
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -521,16 +494,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -550,16 +520,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -579,16 +546,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -608,16 +572,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -637,16 +598,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -666,16 +624,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -695,16 +650,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -724,16 +676,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -753,16 +702,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -782,16 +728,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -811,16 +754,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -840,16 +780,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -869,16 +806,13 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   let tmp0, tmp1, tmp2:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) &
+    t_Array (t_Array u8 (sz 840)) (sz 4) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
       v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
@@ -898,10 +832,7 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
-    t_Array u8 (sz 840)) =
-    tmp1
-  in
+  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
   let _:Prims.unit = () in
   v_A

From 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 14:34:03 +0100
Subject: [PATCH 140/142] Fix hax extraction

---
 .../extraction/Libcrux_ml_dsa.Sample.fst      |  87 ++--
 .../extraction/Libcrux_ml_dsa.Sample.fsti     |  22 +-
 .../extraction/Libcrux_ml_dsa.Samplex4.fst    | 464 +++++++++++-------
 libcrux-ml-dsa/src/sample.rs                  |  51 +-
 libcrux-ml-dsa/src/samplex4.rs                | 167 +++++--
 5 files changed, 521 insertions(+), 270 deletions(-)

diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
index 6a1132912..da6c38417 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst
@@ -29,6 +29,34 @@ let update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) =
   let hax_temp_output:t_Array u8 (sz 66) = seed in
   domain_separator, hax_temp_output <: (u16 & t_Array u8 (sz 66))
 
+let update_matrix
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
+      (#[FStar.Tactics.Typeclasses.tcresolve ()]
+          i1:
+          Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit)
+      (m:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+      (i j: usize)
+      (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+     =
+  let m:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
+    Rust_primitives.Hax.Monomorphized_update_at.update_at_usize m
+      i
+      (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (m.[ i ]
+            <:
+            t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+          j
+          v
+        <:
+        t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+  in
+  m
+
 let rejection_sample_less_than_eta_equals_2_
       (#v_SIMDUnit: Type0)
       (#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -976,7 +1004,7 @@ let sample_up_to_four_ring_elements
           t_Array
             (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
             v_ROWS_IN_A)
-      (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4))
+      (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840))
       (tmp_stack: t_Slice (t_Array i32 (sz 263)))
       (indices: t_Array (u8 & u8) (sz 4))
       (elements_requested: usize)
@@ -1042,10 +1070,6 @@ let sample_up_to_four_ring_elements
       (seed2 <: t_Slice u8)
       (seed3 <: t_Slice u8)
   in
-  let rand_stack0:t_Array u8 (sz 840) = rand_stack.[ sz 0 ] in
-  let rand_stack1:t_Array u8 (sz 840) = rand_stack.[ sz 1 ] in
-  let rand_stack2:t_Array u8 (sz 840) = rand_stack.[ sz 2 ] in
-  let rand_stack3:t_Array u8 (sz 840) = rand_stack.[ sz 3 ] in
   let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
     t_Array u8 (sz 840) &
     t_Array u8 (sz 840)) =
@@ -1067,11 +1091,9 @@ let sample_up_to_four_ring_elements
   let sampled1:usize = sz 0 in
   let sampled2:usize = sz 0 in
   let sampled3:usize = sz 0 in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack0 in
-  let rand_stack0:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (out <: t_Slice u8)
+      (rand_stack0 <: t_Slice u8)
       sampled0
       (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263))
   in
@@ -1080,11 +1102,9 @@ let sample_up_to_four_ring_elements
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1
   in
   let done0:bool = out in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack1 in
-  let rand_stack1:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (out <: t_Slice u8)
+      (rand_stack1 <: t_Slice u8)
       sampled1
       (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263))
   in
@@ -1093,11 +1113,9 @@ let sample_up_to_four_ring_elements
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1
   in
   let done1:bool = out in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack2 in
-  let rand_stack2:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (out <: t_Slice u8)
+      (rand_stack2 <: t_Slice u8)
       sampled2
       (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263))
   in
@@ -1106,11 +1124,9 @@ let sample_up_to_four_ring_elements
     Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1
   in
   let done2:bool = out in
-  let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack3 in
-  let rand_stack3:t_Array u8 (sz 840) = tmp0 in
   let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) =
     rejection_sample_less_than_field_modulus #v_SIMDUnit
-      (out <: t_Slice u8)
+      (rand_stack3 <: t_Slice u8)
       sampled3
       (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263))
   in
@@ -1246,10 +1262,9 @@ let sample_up_to_four_ring_elements
             (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 &
               t_Slice (t_Array i32 (sz 263))))
   in
-  let matrix, hax_temp_output:(t_Array
-      (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
-      v_ROWS_IN_A &
-    Prims.unit) =
+  let matrix:t_Array
+    (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+    v_ROWS_IN_A =
     Rust_primitives.Hax.Folds.fold_range (sz 0)
       elements_requested
       (fun matrix temp_1_ ->
@@ -1272,28 +1287,26 @@ let sample_up_to_four_ring_elements
           let matrix:t_Array
             (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
             v_ROWS_IN_A =
-            Rust_primitives.Hax.Monomorphized_update_at.update_at_usize matrix
+            update_matrix #v_SIMDUnit
+              v_ROWS_IN_A
+              v_COLUMNS_IN_A
+              matrix
               (cast (i <: u8) <: usize)
-              (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (matrix.[ cast (i <: u8)
-                      <:
-                      usize ]
-                    <:
-                    t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-                      v_COLUMNS_IN_A)
-                  (cast (j <: u8) <: usize)
-                  (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit
-                      (tmp_stack.[ k ] <: t_Slice i32)
-                    <:
-                    Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+              (cast (j <: u8) <: usize)
+              (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit
+                  (tmp_stack.[ k ] <: t_Slice i32)
                 <:
-                t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
-                  v_COLUMNS_IN_A)
+                Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
           in
           matrix)
   in
-  matrix, rand_stack, tmp_stack
+  let hax_temp_output:Prims.unit = () <: Prims.unit in
+  matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack
   <:
   (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Slice (t_Array i32 (sz 263)))
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
index 6e67335a3..5e6082b9b 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti
@@ -16,6 +16,21 @@ val generate_domain_separator: (u8 & u8) -> Prims.Pure u16 Prims.l_True (fun _ -
 val update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16)
     : Prims.Pure (u16 & t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True)
 
+val update_matrix
+      (#v_SIMDUnit: Type0)
+      (v_ROWS_IN_A v_COLUMNS_IN_A: usize)
+      {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
+      (m:
+          t_Array
+            (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+            v_ROWS_IN_A)
+      (i j: usize)
+      (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)
+    : Prims.Pure
+      (t_Array
+          (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
+          v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True)
+
 val rejection_sample_less_than_eta_equals_2_
       (#v_SIMDUnit: Type0)
       {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |}
@@ -122,7 +137,7 @@ val sample_up_to_four_ring_elements
           t_Array
             (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
             v_ROWS_IN_A)
-      (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4))
+      (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840))
       (tmp_stack: t_Slice (t_Array i32 (sz 263)))
       (indices: t_Array (u8 & u8) (sz 4))
       (elements_requested: usize)
@@ -130,5 +145,8 @@ val sample_up_to_four_ring_elements
       (t_Array
           (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
           v_ROWS_IN_A &
-        t_Array (t_Array u8 (sz 840)) (sz 4) &
+        t_Array u8 (sz 840) &
+        t_Array u8 (sz 840) &
+        t_Array u8 (sz 840) &
+        t_Array u8 (sz 840) &
         t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True)
diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
index 124ade794..e4e0c4571 100644
--- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
+++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst
@@ -37,18 +37,10 @@ let matrix_A_4_by_4_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) =
-    let list =
-      [
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840)
-      ]
-    in
-    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
-    Rust_primitives.Hax.array_of_list 4 list
-  in
+  let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
     let list =
       [
@@ -61,13 +53,16 @@ let matrix_A_4_by_4_
     FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
     Rust_primitives.Hax.array_of_list 4 list
   in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             0uy, 0uy <: (u8 & u8);
@@ -84,16 +79,22 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             1uy, 0uy <: (u8 & u8);
@@ -110,16 +111,22 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             2uy, 0uy <: (u8 & u8);
@@ -136,16 +143,22 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             3uy, 0uy <: (u8 & u8);
@@ -162,8 +175,11 @@ let matrix_A_4_by_4_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
   v_A
 
@@ -190,18 +206,10 @@ let matrix_A_6_by_5_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) =
-    let list =
-      [
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840)
-      ]
-    in
-    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
-    Rust_primitives.Hax.array_of_list 4 list
-  in
+  let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
     let list =
       [
@@ -214,13 +222,16 @@ let matrix_A_6_by_5_
     FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
     Rust_primitives.Hax.array_of_list 4 list
   in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             0uy, 0uy <: (u8 & u8);
@@ -237,16 +248,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             0uy, 4uy <: (u8 & u8);
@@ -263,16 +280,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             1uy, 3uy <: (u8 & u8);
@@ -289,16 +312,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             2uy, 2uy <: (u8 & u8);
@@ -315,16 +344,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             3uy, 1uy <: (u8 & u8);
@@ -341,16 +376,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             4uy, 0uy <: (u8 & u8);
@@ -367,16 +408,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             4uy, 4uy <: (u8 & u8);
@@ -393,16 +440,22 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             5uy, 3uy <: (u8 & u8);
@@ -419,8 +472,11 @@ let matrix_A_6_by_5_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
   v_A
 
@@ -447,18 +503,10 @@ let matrix_A_8_by_7_
         t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) =
-    let list =
-      [
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840);
-        Rust_primitives.Hax.repeat 0uy (sz 840)
-      ]
-    in
-    FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
-    Rust_primitives.Hax.array_of_list 4 list
-  in
+  let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
+  let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in
   let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) =
     let list =
       [
@@ -471,13 +519,16 @@ let matrix_A_8_by_7_
     FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4);
     Rust_primitives.Hax.array_of_list 4 list
   in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             0uy, 0uy <: (u8 & u8);
@@ -494,16 +545,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             0uy, 4uy <: (u8 & u8);
@@ -520,16 +577,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             1uy, 1uy <: (u8 & u8);
@@ -546,16 +609,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             1uy, 5uy <: (u8 & u8);
@@ -572,16 +641,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             2uy, 2uy <: (u8 & u8);
@@ -598,16 +673,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             2uy, 6uy <: (u8 & u8);
@@ -624,16 +705,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             3uy, 3uy <: (u8 & u8);
@@ -650,16 +737,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             4uy, 0uy <: (u8 & u8);
@@ -676,16 +769,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             4uy, 4uy <: (u8 & u8);
@@ -702,16 +801,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             5uy, 1uy <: (u8 & u8);
@@ -728,16 +833,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             5uy, 5uy <: (u8 & u8);
@@ -754,16 +865,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             6uy, 2uy <: (u8 & u8);
@@ -780,16 +897,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             6uy, 6uy <: (u8 & u8);
@@ -806,16 +929,22 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
-  let tmp0, tmp1, tmp2:(t_Array
+  let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array
       (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)
       v_ROWS_IN_A &
-    t_Array (t_Array u8 (sz 840)) (sz 4) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
+    t_Array u8 (sz 840) &
     t_Array (t_Array i32 (sz 263)) (sz 4)) =
     Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A
-      v_COLUMNS_IN_A seed v_A rand_stack tmp_stack
+      v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack
       (let list =
           [
             7uy, 3uy <: (u8 & u8);
@@ -832,8 +961,11 @@ let matrix_A_8_by_7_
     v_ROWS_IN_A =
     tmp0
   in
-  let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in
-  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in
+  let rand_stack0:t_Array u8 (sz 840) = tmp1 in
+  let rand_stack1:t_Array u8 (sz 840) = tmp2 in
+  let rand_stack2:t_Array u8 (sz 840) = tmp3 in
+  let rand_stack3:t_Array u8 (sz 840) = tmp4 in
+  let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in
   let _:Prims.unit = () in
   v_A
 
diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index a12e0131a..be056a497 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -37,6 +37,20 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
 #[inline(always)]
 fn generate_domain_separator((row, column): (u8, u8)) -> u16 {
     (column as u16) | ((row as u16) << 8)
+} // Doing deep updates like `a[1][1] = 3` causes a memory blowup in F*
+  // https://github.com/hacspec/hax/issues/1098
+  // So we are instead using a matrix abstraction with a custom update function here.
+
+type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
+    [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
+
+fn update_matrix<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
+    m: &mut Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>,
+    i: usize,
+    j: usize,
+    v: PolynomialRingElement<SIMDUnit>,
+) {
+    m[i][j] = v;
 }
 
 /// Sample and write out up to four ring elements.
@@ -55,8 +69,11 @@ pub(crate) fn sample_up_to_four_ring_elements<
     const COLUMNS_IN_A: usize,
 >(
     mut seed0: [u8; 34],
-    matrix: &mut [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A],
-    rand_stack: &mut [[u8; shake128::FIVE_BLOCKS_SIZE]; 4],
+    matrix: &mut Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>,
+    rand_stack0: &mut [u8; shake128::FIVE_BLOCKS_SIZE],
+    rand_stack1: &mut [u8; shake128::FIVE_BLOCKS_SIZE],
+    rand_stack2: &mut [u8; shake128::FIVE_BLOCKS_SIZE],
+    rand_stack3: &mut [u8; shake128::FIVE_BLOCKS_SIZE],
     tmp_stack: &mut [[i32; 263]],
     indices: &[(u8, u8); 4],
     elements_requested: usize,
@@ -86,17 +103,7 @@ pub(crate) fn sample_up_to_four_ring_elements<
 
     let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3);
 
-    let mut rand_stack0 = rand_stack[0];
-    let mut rand_stack1 = rand_stack[1];
-    let mut rand_stack2 = rand_stack[2];
-    let mut rand_stack3 = rand_stack[3];
-
-    state.squeeze_first_five_blocks(
-        &mut rand_stack0,
-        &mut rand_stack1,
-        &mut rand_stack2,
-        &mut rand_stack3,
-    );
+    state.squeeze_first_five_blocks(rand_stack0, rand_stack1, rand_stack2, rand_stack3);
 
     // Every call to |rejection_sample_less_than_field_modulus|
     // will result in a call to |PortableSIMDUnit::rejection_sample_less_than_field_modulus|;
@@ -112,22 +119,22 @@ pub(crate) fn sample_up_to_four_ring_elements<
     let mut sampled3 = 0;
 
     let mut done0 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack0,
+        rand_stack0,
         &mut sampled0,
         &mut tmp_stack[0],
     );
     let mut done1 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack1,
+        rand_stack1,
         &mut sampled1,
         &mut tmp_stack[1],
     );
     let mut done2 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack2,
+        rand_stack2,
         &mut sampled2,
         &mut tmp_stack[2],
     );
     let mut done3 = rejection_sample_less_than_field_modulus::<SIMDUnit>(
-        &mut rand_stack3,
+        rand_stack3,
         &mut sampled3,
         &mut tmp_stack[3],
     );
@@ -166,9 +173,15 @@ pub(crate) fn sample_up_to_four_ring_elements<
 
     for k in 0..elements_requested {
         let (i, j) = indices[k];
-        matrix[i as usize][j as usize] =
-            PolynomialRingElement::<SIMDUnit>::from_i32_array(&tmp_stack[k]);
+        update_matrix(
+            matrix,
+            i as usize,
+            j as usize,
+            PolynomialRingElement::<SIMDUnit>::from_i32_array(&tmp_stack[k]),
+        );
     }
+
+    ()
 }
 
 #[inline(always)]
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 3b2208666..37c70280f 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -20,11 +20,14 @@ type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
 /// A call to sample four ring elements from $seed into $memory at indices $a, $b
 /// $c, $d.
 macro_rules! sample_four_ring_elements_into {
-    ($seed:ident, $matrix:ident, $rand_stack:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
+    ($seed:ident, $matrix:ident, $rand_stack0:ident, $rand_stack1:ident, $rand_stack2:ident, $rand_stack3:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
         sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
             $seed,
             &mut $matrix,
-            &mut $rand_stack,
+            &mut $rand_stack0,
+            &mut $rand_stack1,
+            &mut $rand_stack2,
+            &mut $rand_stack3,
             &mut $tmp_stack,
             &[$a, $b, $c, $d],
             4,
@@ -46,18 +49,19 @@ pub(crate) fn matrix_A_4_by_4<
     let mut A: Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A> =
         [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let mut rand_stack = [
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-    ];
+    let mut rand_stack0 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack1 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack2 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (0, 0),
         (0, 1),
@@ -67,7 +71,10 @@ pub(crate) fn matrix_A_4_by_4<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (1, 0),
         (1, 1),
@@ -77,7 +84,10 @@ pub(crate) fn matrix_A_4_by_4<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (2, 0),
         (2, 1),
@@ -87,7 +97,10 @@ pub(crate) fn matrix_A_4_by_4<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (3, 0),
         (3, 1),
@@ -111,18 +124,19 @@ pub(crate) fn matrix_A_6_by_5<
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     let mut A = [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let mut rand_stack = [
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-    ];
+    let mut rand_stack0 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack1 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack2 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (0, 0),
         (0, 1),
@@ -132,7 +146,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (0, 4),
         (1, 0),
@@ -142,7 +159,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (1, 3),
         (1, 4),
@@ -152,7 +172,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (2, 2),
         (2, 3),
@@ -162,7 +185,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (3, 1),
         (3, 2),
@@ -172,7 +198,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (4, 0),
         (4, 1),
@@ -182,7 +211,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (4, 4),
         (5, 0),
@@ -194,7 +226,10 @@ pub(crate) fn matrix_A_6_by_5<
     sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
         &mut A,
-        &mut rand_stack,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
         &mut tmp_stack,
         &[(5, 3), (5, 4), (5, 5), (5, 6)],
         2,
@@ -216,18 +251,19 @@ pub(crate) fn matrix_A_8_by_7<
 ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A] {
     let mut A = [[PolynomialRingElement::<SIMDUnit>::ZERO(); COLUMNS_IN_A]; ROWS_IN_A];
 
-    let mut rand_stack = [
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-        [0u8; shake128::FIVE_BLOCKS_SIZE],
-    ];
+    let mut rand_stack0 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack1 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack2 = [0u8; shake128::FIVE_BLOCKS_SIZE];
+    let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (0, 0),
         (0, 1),
@@ -237,7 +273,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (0, 4),
         (0, 5),
@@ -247,7 +286,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (1, 1),
         (1, 2),
@@ -257,7 +299,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (1, 5),
         (1, 6),
@@ -267,7 +312,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (2, 2),
         (2, 3),
@@ -277,7 +325,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (2, 6),
         (3, 0),
@@ -287,7 +338,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (3, 3),
         (3, 4),
@@ -297,7 +351,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (4, 0),
         (4, 1),
@@ -307,7 +364,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (4, 4),
         (4, 5),
@@ -317,7 +377,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (5, 1),
         (5, 2),
@@ -327,7 +390,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (5, 5),
         (5, 6),
@@ -337,7 +403,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (6, 2),
         (6, 3),
@@ -347,7 +416,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (6, 6),
         (7, 0),
@@ -357,7 +429,10 @@ pub(crate) fn matrix_A_8_by_7<
     sample_four_ring_elements_into!(
         seed,
         A,
-        rand_stack,
+        rand_stack0,
+        rand_stack1,
+        rand_stack2,
+        rand_stack3,
         tmp_stack,
         (7, 3),
         (7, 4),

From 1b690c7aa20227fa27c65e92587a3c6ff77ba4a4 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Wed, 18 Dec 2024 14:42:42 +0100
Subject: [PATCH 141/142] C extraction update

---
 libcrux-ml-dsa/cg/code_gen.txt               |    2 +-
 libcrux-ml-dsa/cg/header.txt                 |    2 +-
 libcrux-ml-dsa/cg/libcrux_core.h             |    2 +-
 libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h     | 1746 +----------------
 libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 1752 +-----------------
 libcrux-ml-dsa/cg/libcrux_sha3_avx2.h        |    2 +-
 libcrux-ml-dsa/cg/libcrux_sha3_portable.h    |    2 +-
 7 files changed, 86 insertions(+), 3422 deletions(-)

diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
index fb5fd5691..cd71b6131 100644
--- a/libcrux-ml-dsa/cg/code_gen.txt
+++ b/libcrux-ml-dsa/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79
 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
index 4cb8a526f..c0b53bd40 100644
--- a/libcrux-ml-dsa/cg/header.txt
+++ b/libcrux-ml-dsa/cg/header.txt
@@ -8,5 +8,5 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+ * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
  */
diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h
index 09a487680..cb97a4566 100644
--- a/libcrux-ml-dsa/cg/libcrux_core.h
+++ b/libcrux-ml-dsa/cg/libcrux_core.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+ * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
  */
 
 #ifndef __libcrux_core_H
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
index 22fbd27b0..a79e5a218 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+ * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
  */
 
 #ifndef __libcrux_mldsa65_avx2_H
@@ -3326,6 +3326,20 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
   return done;
 }
 
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.update_matrix
+with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+KRML_ATTRIBUTE_TARGET("avx2")
+static inline void libcrux_ml_dsa_sample_update_matrix_fe(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*m)[5U], size_t i,
+    size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_24 v) {
+  m[i][j] = v;
+}
+
 /**
 This function found in impl
 {libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
@@ -3377,8 +3391,9 @@ static KRML_MUSTINLINE void
 libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
     uint8_t seed0[34U],
     libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*matrix)[5U],
-    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
-    uint8_t_x2 *indices, size_t elements_requested) {
+    uint8_t *rand_stack0, uint8_t *rand_stack1, uint8_t *rand_stack2,
+    uint8_t *rand_stack3, Eurydice_slice tmp_stack, uint8_t_x2 *indices,
+    size_t elements_requested) {
   uint16_t domain_separator0 =
       libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]);
   uint16_t domain_separator1 =
@@ -3408,33 +3423,32 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
           Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
           Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
   libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b(
-      &state, rand_stack->fst, rand_stack->snd, rand_stack->thd,
-      rand_stack->f3);
+      &state, rand_stack0, rand_stack1, rand_stack2, rand_stack3);
   size_t sampled0 = (size_t)0U;
   size_t sampled1 = (size_t)0U;
   size_t sampled2 = (size_t)0U;
   size_t sampled3 = (size_t)0U;
   bool done0 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack0, uint8_t),
           &sampled0,
           Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done1 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack1, uint8_t),
           &sampled1,
           Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done2 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack2, uint8_t),
           &sampled2,
           Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done3 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack3, uint8_t),
           &sampled3,
           Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
                                int32_t(*)[263U]));
@@ -3611,12 +3625,15 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
     size_t uu____0 = k;
     uint8_t i = indices[uu____0].fst;
     uint8_t j = indices[uu____0].snd;
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 =
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_24(*uu____1)[5U] = matrix;
+    size_t uu____2 = (size_t)i;
+    size_t uu____3 = (size_t)j;
+    libcrux_ml_dsa_sample_update_matrix_fe(
+        uu____1, uu____2, uu____3,
         libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_array_to_slice(
             (size_t)263U,
             Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]),
-            int32_t));
-    matrix[(size_t)i][(size_t)j] = uu____1;
+            int32_t)));
   }
 }
 
@@ -3639,1691 +3656,10 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
     A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
     A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea();
   }
-  uint8_t uu____0[840U] = {0U};
-  uint8_t uu____1[840U] = {0U};
-  uint8_t_840size_t__x4 rand_stack;
-  rand_stack.fst[0U] = 0U;
-  rand_stack.fst[1U] = 0U;
-  rand_stack.fst[2U] = 0U;
-  rand_stack.fst[3U] = 0U;
-  rand_stack.fst[4U] = 0U;
-  rand_stack.fst[5U] = 0U;
-  rand_stack.fst[6U] = 0U;
-  rand_stack.fst[7U] = 0U;
-  rand_stack.fst[8U] = 0U;
-  rand_stack.fst[9U] = 0U;
-  rand_stack.fst[10U] = 0U;
-  rand_stack.fst[11U] = 0U;
-  rand_stack.fst[12U] = 0U;
-  rand_stack.fst[13U] = 0U;
-  rand_stack.fst[14U] = 0U;
-  rand_stack.fst[15U] = 0U;
-  rand_stack.fst[16U] = 0U;
-  rand_stack.fst[17U] = 0U;
-  rand_stack.fst[18U] = 0U;
-  rand_stack.fst[19U] = 0U;
-  rand_stack.fst[20U] = 0U;
-  rand_stack.fst[21U] = 0U;
-  rand_stack.fst[22U] = 0U;
-  rand_stack.fst[23U] = 0U;
-  rand_stack.fst[24U] = 0U;
-  rand_stack.fst[25U] = 0U;
-  rand_stack.fst[26U] = 0U;
-  rand_stack.fst[27U] = 0U;
-  rand_stack.fst[28U] = 0U;
-  rand_stack.fst[29U] = 0U;
-  rand_stack.fst[30U] = 0U;
-  rand_stack.fst[31U] = 0U;
-  rand_stack.fst[32U] = 0U;
-  rand_stack.fst[33U] = 0U;
-  rand_stack.fst[34U] = 0U;
-  rand_stack.fst[35U] = 0U;
-  rand_stack.fst[36U] = 0U;
-  rand_stack.fst[37U] = 0U;
-  rand_stack.fst[38U] = 0U;
-  rand_stack.fst[39U] = 0U;
-  rand_stack.fst[40U] = 0U;
-  rand_stack.fst[41U] = 0U;
-  rand_stack.fst[42U] = 0U;
-  rand_stack.fst[43U] = 0U;
-  rand_stack.fst[44U] = 0U;
-  rand_stack.fst[45U] = 0U;
-  rand_stack.fst[46U] = 0U;
-  rand_stack.fst[47U] = 0U;
-  rand_stack.fst[48U] = 0U;
-  rand_stack.fst[49U] = 0U;
-  rand_stack.fst[50U] = 0U;
-  rand_stack.fst[51U] = 0U;
-  rand_stack.fst[52U] = 0U;
-  rand_stack.fst[53U] = 0U;
-  rand_stack.fst[54U] = 0U;
-  rand_stack.fst[55U] = 0U;
-  rand_stack.fst[56U] = 0U;
-  rand_stack.fst[57U] = 0U;
-  rand_stack.fst[58U] = 0U;
-  rand_stack.fst[59U] = 0U;
-  rand_stack.fst[60U] = 0U;
-  rand_stack.fst[61U] = 0U;
-  rand_stack.fst[62U] = 0U;
-  rand_stack.fst[63U] = 0U;
-  rand_stack.fst[64U] = 0U;
-  rand_stack.fst[65U] = 0U;
-  rand_stack.fst[66U] = 0U;
-  rand_stack.fst[67U] = 0U;
-  rand_stack.fst[68U] = 0U;
-  rand_stack.fst[69U] = 0U;
-  rand_stack.fst[70U] = 0U;
-  rand_stack.fst[71U] = 0U;
-  rand_stack.fst[72U] = 0U;
-  rand_stack.fst[73U] = 0U;
-  rand_stack.fst[74U] = 0U;
-  rand_stack.fst[75U] = 0U;
-  rand_stack.fst[76U] = 0U;
-  rand_stack.fst[77U] = 0U;
-  rand_stack.fst[78U] = 0U;
-  rand_stack.fst[79U] = 0U;
-  rand_stack.fst[80U] = 0U;
-  rand_stack.fst[81U] = 0U;
-  rand_stack.fst[82U] = 0U;
-  rand_stack.fst[83U] = 0U;
-  rand_stack.fst[84U] = 0U;
-  rand_stack.fst[85U] = 0U;
-  rand_stack.fst[86U] = 0U;
-  rand_stack.fst[87U] = 0U;
-  rand_stack.fst[88U] = 0U;
-  rand_stack.fst[89U] = 0U;
-  rand_stack.fst[90U] = 0U;
-  rand_stack.fst[91U] = 0U;
-  rand_stack.fst[92U] = 0U;
-  rand_stack.fst[93U] = 0U;
-  rand_stack.fst[94U] = 0U;
-  rand_stack.fst[95U] = 0U;
-  rand_stack.fst[96U] = 0U;
-  rand_stack.fst[97U] = 0U;
-  rand_stack.fst[98U] = 0U;
-  rand_stack.fst[99U] = 0U;
-  rand_stack.fst[100U] = 0U;
-  rand_stack.fst[101U] = 0U;
-  rand_stack.fst[102U] = 0U;
-  rand_stack.fst[103U] = 0U;
-  rand_stack.fst[104U] = 0U;
-  rand_stack.fst[105U] = 0U;
-  rand_stack.fst[106U] = 0U;
-  rand_stack.fst[107U] = 0U;
-  rand_stack.fst[108U] = 0U;
-  rand_stack.fst[109U] = 0U;
-  rand_stack.fst[110U] = 0U;
-  rand_stack.fst[111U] = 0U;
-  rand_stack.fst[112U] = 0U;
-  rand_stack.fst[113U] = 0U;
-  rand_stack.fst[114U] = 0U;
-  rand_stack.fst[115U] = 0U;
-  rand_stack.fst[116U] = 0U;
-  rand_stack.fst[117U] = 0U;
-  rand_stack.fst[118U] = 0U;
-  rand_stack.fst[119U] = 0U;
-  rand_stack.fst[120U] = 0U;
-  rand_stack.fst[121U] = 0U;
-  rand_stack.fst[122U] = 0U;
-  rand_stack.fst[123U] = 0U;
-  rand_stack.fst[124U] = 0U;
-  rand_stack.fst[125U] = 0U;
-  rand_stack.fst[126U] = 0U;
-  rand_stack.fst[127U] = 0U;
-  rand_stack.fst[128U] = 0U;
-  rand_stack.fst[129U] = 0U;
-  rand_stack.fst[130U] = 0U;
-  rand_stack.fst[131U] = 0U;
-  rand_stack.fst[132U] = 0U;
-  rand_stack.fst[133U] = 0U;
-  rand_stack.fst[134U] = 0U;
-  rand_stack.fst[135U] = 0U;
-  rand_stack.fst[136U] = 0U;
-  rand_stack.fst[137U] = 0U;
-  rand_stack.fst[138U] = 0U;
-  rand_stack.fst[139U] = 0U;
-  rand_stack.fst[140U] = 0U;
-  rand_stack.fst[141U] = 0U;
-  rand_stack.fst[142U] = 0U;
-  rand_stack.fst[143U] = 0U;
-  rand_stack.fst[144U] = 0U;
-  rand_stack.fst[145U] = 0U;
-  rand_stack.fst[146U] = 0U;
-  rand_stack.fst[147U] = 0U;
-  rand_stack.fst[148U] = 0U;
-  rand_stack.fst[149U] = 0U;
-  rand_stack.fst[150U] = 0U;
-  rand_stack.fst[151U] = 0U;
-  rand_stack.fst[152U] = 0U;
-  rand_stack.fst[153U] = 0U;
-  rand_stack.fst[154U] = 0U;
-  rand_stack.fst[155U] = 0U;
-  rand_stack.fst[156U] = 0U;
-  rand_stack.fst[157U] = 0U;
-  rand_stack.fst[158U] = 0U;
-  rand_stack.fst[159U] = 0U;
-  rand_stack.fst[160U] = 0U;
-  rand_stack.fst[161U] = 0U;
-  rand_stack.fst[162U] = 0U;
-  rand_stack.fst[163U] = 0U;
-  rand_stack.fst[164U] = 0U;
-  rand_stack.fst[165U] = 0U;
-  rand_stack.fst[166U] = 0U;
-  rand_stack.fst[167U] = 0U;
-  rand_stack.fst[168U] = 0U;
-  rand_stack.fst[169U] = 0U;
-  rand_stack.fst[170U] = 0U;
-  rand_stack.fst[171U] = 0U;
-  rand_stack.fst[172U] = 0U;
-  rand_stack.fst[173U] = 0U;
-  rand_stack.fst[174U] = 0U;
-  rand_stack.fst[175U] = 0U;
-  rand_stack.fst[176U] = 0U;
-  rand_stack.fst[177U] = 0U;
-  rand_stack.fst[178U] = 0U;
-  rand_stack.fst[179U] = 0U;
-  rand_stack.fst[180U] = 0U;
-  rand_stack.fst[181U] = 0U;
-  rand_stack.fst[182U] = 0U;
-  rand_stack.fst[183U] = 0U;
-  rand_stack.fst[184U] = 0U;
-  rand_stack.fst[185U] = 0U;
-  rand_stack.fst[186U] = 0U;
-  rand_stack.fst[187U] = 0U;
-  rand_stack.fst[188U] = 0U;
-  rand_stack.fst[189U] = 0U;
-  rand_stack.fst[190U] = 0U;
-  rand_stack.fst[191U] = 0U;
-  rand_stack.fst[192U] = 0U;
-  rand_stack.fst[193U] = 0U;
-  rand_stack.fst[194U] = 0U;
-  rand_stack.fst[195U] = 0U;
-  rand_stack.fst[196U] = 0U;
-  rand_stack.fst[197U] = 0U;
-  rand_stack.fst[198U] = 0U;
-  rand_stack.fst[199U] = 0U;
-  rand_stack.fst[200U] = 0U;
-  rand_stack.fst[201U] = 0U;
-  rand_stack.fst[202U] = 0U;
-  rand_stack.fst[203U] = 0U;
-  rand_stack.fst[204U] = 0U;
-  rand_stack.fst[205U] = 0U;
-  rand_stack.fst[206U] = 0U;
-  rand_stack.fst[207U] = 0U;
-  rand_stack.fst[208U] = 0U;
-  rand_stack.fst[209U] = 0U;
-  rand_stack.fst[210U] = 0U;
-  rand_stack.fst[211U] = 0U;
-  rand_stack.fst[212U] = 0U;
-  rand_stack.fst[213U] = 0U;
-  rand_stack.fst[214U] = 0U;
-  rand_stack.fst[215U] = 0U;
-  rand_stack.fst[216U] = 0U;
-  rand_stack.fst[217U] = 0U;
-  rand_stack.fst[218U] = 0U;
-  rand_stack.fst[219U] = 0U;
-  rand_stack.fst[220U] = 0U;
-  rand_stack.fst[221U] = 0U;
-  rand_stack.fst[222U] = 0U;
-  rand_stack.fst[223U] = 0U;
-  rand_stack.fst[224U] = 0U;
-  rand_stack.fst[225U] = 0U;
-  rand_stack.fst[226U] = 0U;
-  rand_stack.fst[227U] = 0U;
-  rand_stack.fst[228U] = 0U;
-  rand_stack.fst[229U] = 0U;
-  rand_stack.fst[230U] = 0U;
-  rand_stack.fst[231U] = 0U;
-  rand_stack.fst[232U] = 0U;
-  rand_stack.fst[233U] = 0U;
-  rand_stack.fst[234U] = 0U;
-  rand_stack.fst[235U] = 0U;
-  rand_stack.fst[236U] = 0U;
-  rand_stack.fst[237U] = 0U;
-  rand_stack.fst[238U] = 0U;
-  rand_stack.fst[239U] = 0U;
-  rand_stack.fst[240U] = 0U;
-  rand_stack.fst[241U] = 0U;
-  rand_stack.fst[242U] = 0U;
-  rand_stack.fst[243U] = 0U;
-  rand_stack.fst[244U] = 0U;
-  rand_stack.fst[245U] = 0U;
-  rand_stack.fst[246U] = 0U;
-  rand_stack.fst[247U] = 0U;
-  rand_stack.fst[248U] = 0U;
-  rand_stack.fst[249U] = 0U;
-  rand_stack.fst[250U] = 0U;
-  rand_stack.fst[251U] = 0U;
-  rand_stack.fst[252U] = 0U;
-  rand_stack.fst[253U] = 0U;
-  rand_stack.fst[254U] = 0U;
-  rand_stack.fst[255U] = 0U;
-  rand_stack.fst[256U] = 0U;
-  rand_stack.fst[257U] = 0U;
-  rand_stack.fst[258U] = 0U;
-  rand_stack.fst[259U] = 0U;
-  rand_stack.fst[260U] = 0U;
-  rand_stack.fst[261U] = 0U;
-  rand_stack.fst[262U] = 0U;
-  rand_stack.fst[263U] = 0U;
-  rand_stack.fst[264U] = 0U;
-  rand_stack.fst[265U] = 0U;
-  rand_stack.fst[266U] = 0U;
-  rand_stack.fst[267U] = 0U;
-  rand_stack.fst[268U] = 0U;
-  rand_stack.fst[269U] = 0U;
-  rand_stack.fst[270U] = 0U;
-  rand_stack.fst[271U] = 0U;
-  rand_stack.fst[272U] = 0U;
-  rand_stack.fst[273U] = 0U;
-  rand_stack.fst[274U] = 0U;
-  rand_stack.fst[275U] = 0U;
-  rand_stack.fst[276U] = 0U;
-  rand_stack.fst[277U] = 0U;
-  rand_stack.fst[278U] = 0U;
-  rand_stack.fst[279U] = 0U;
-  rand_stack.fst[280U] = 0U;
-  rand_stack.fst[281U] = 0U;
-  rand_stack.fst[282U] = 0U;
-  rand_stack.fst[283U] = 0U;
-  rand_stack.fst[284U] = 0U;
-  rand_stack.fst[285U] = 0U;
-  rand_stack.fst[286U] = 0U;
-  rand_stack.fst[287U] = 0U;
-  rand_stack.fst[288U] = 0U;
-  rand_stack.fst[289U] = 0U;
-  rand_stack.fst[290U] = 0U;
-  rand_stack.fst[291U] = 0U;
-  rand_stack.fst[292U] = 0U;
-  rand_stack.fst[293U] = 0U;
-  rand_stack.fst[294U] = 0U;
-  rand_stack.fst[295U] = 0U;
-  rand_stack.fst[296U] = 0U;
-  rand_stack.fst[297U] = 0U;
-  rand_stack.fst[298U] = 0U;
-  rand_stack.fst[299U] = 0U;
-  rand_stack.fst[300U] = 0U;
-  rand_stack.fst[301U] = 0U;
-  rand_stack.fst[302U] = 0U;
-  rand_stack.fst[303U] = 0U;
-  rand_stack.fst[304U] = 0U;
-  rand_stack.fst[305U] = 0U;
-  rand_stack.fst[306U] = 0U;
-  rand_stack.fst[307U] = 0U;
-  rand_stack.fst[308U] = 0U;
-  rand_stack.fst[309U] = 0U;
-  rand_stack.fst[310U] = 0U;
-  rand_stack.fst[311U] = 0U;
-  rand_stack.fst[312U] = 0U;
-  rand_stack.fst[313U] = 0U;
-  rand_stack.fst[314U] = 0U;
-  rand_stack.fst[315U] = 0U;
-  rand_stack.fst[316U] = 0U;
-  rand_stack.fst[317U] = 0U;
-  rand_stack.fst[318U] = 0U;
-  rand_stack.fst[319U] = 0U;
-  rand_stack.fst[320U] = 0U;
-  rand_stack.fst[321U] = 0U;
-  rand_stack.fst[322U] = 0U;
-  rand_stack.fst[323U] = 0U;
-  rand_stack.fst[324U] = 0U;
-  rand_stack.fst[325U] = 0U;
-  rand_stack.fst[326U] = 0U;
-  rand_stack.fst[327U] = 0U;
-  rand_stack.fst[328U] = 0U;
-  rand_stack.fst[329U] = 0U;
-  rand_stack.fst[330U] = 0U;
-  rand_stack.fst[331U] = 0U;
-  rand_stack.fst[332U] = 0U;
-  rand_stack.fst[333U] = 0U;
-  rand_stack.fst[334U] = 0U;
-  rand_stack.fst[335U] = 0U;
-  rand_stack.fst[336U] = 0U;
-  rand_stack.fst[337U] = 0U;
-  rand_stack.fst[338U] = 0U;
-  rand_stack.fst[339U] = 0U;
-  rand_stack.fst[340U] = 0U;
-  rand_stack.fst[341U] = 0U;
-  rand_stack.fst[342U] = 0U;
-  rand_stack.fst[343U] = 0U;
-  rand_stack.fst[344U] = 0U;
-  rand_stack.fst[345U] = 0U;
-  rand_stack.fst[346U] = 0U;
-  rand_stack.fst[347U] = 0U;
-  rand_stack.fst[348U] = 0U;
-  rand_stack.fst[349U] = 0U;
-  rand_stack.fst[350U] = 0U;
-  rand_stack.fst[351U] = 0U;
-  rand_stack.fst[352U] = 0U;
-  rand_stack.fst[353U] = 0U;
-  rand_stack.fst[354U] = 0U;
-  rand_stack.fst[355U] = 0U;
-  rand_stack.fst[356U] = 0U;
-  rand_stack.fst[357U] = 0U;
-  rand_stack.fst[358U] = 0U;
-  rand_stack.fst[359U] = 0U;
-  rand_stack.fst[360U] = 0U;
-  rand_stack.fst[361U] = 0U;
-  rand_stack.fst[362U] = 0U;
-  rand_stack.fst[363U] = 0U;
-  rand_stack.fst[364U] = 0U;
-  rand_stack.fst[365U] = 0U;
-  rand_stack.fst[366U] = 0U;
-  rand_stack.fst[367U] = 0U;
-  rand_stack.fst[368U] = 0U;
-  rand_stack.fst[369U] = 0U;
-  rand_stack.fst[370U] = 0U;
-  rand_stack.fst[371U] = 0U;
-  rand_stack.fst[372U] = 0U;
-  rand_stack.fst[373U] = 0U;
-  rand_stack.fst[374U] = 0U;
-  rand_stack.fst[375U] = 0U;
-  rand_stack.fst[376U] = 0U;
-  rand_stack.fst[377U] = 0U;
-  rand_stack.fst[378U] = 0U;
-  rand_stack.fst[379U] = 0U;
-  rand_stack.fst[380U] = 0U;
-  rand_stack.fst[381U] = 0U;
-  rand_stack.fst[382U] = 0U;
-  rand_stack.fst[383U] = 0U;
-  rand_stack.fst[384U] = 0U;
-  rand_stack.fst[385U] = 0U;
-  rand_stack.fst[386U] = 0U;
-  rand_stack.fst[387U] = 0U;
-  rand_stack.fst[388U] = 0U;
-  rand_stack.fst[389U] = 0U;
-  rand_stack.fst[390U] = 0U;
-  rand_stack.fst[391U] = 0U;
-  rand_stack.fst[392U] = 0U;
-  rand_stack.fst[393U] = 0U;
-  rand_stack.fst[394U] = 0U;
-  rand_stack.fst[395U] = 0U;
-  rand_stack.fst[396U] = 0U;
-  rand_stack.fst[397U] = 0U;
-  rand_stack.fst[398U] = 0U;
-  rand_stack.fst[399U] = 0U;
-  rand_stack.fst[400U] = 0U;
-  rand_stack.fst[401U] = 0U;
-  rand_stack.fst[402U] = 0U;
-  rand_stack.fst[403U] = 0U;
-  rand_stack.fst[404U] = 0U;
-  rand_stack.fst[405U] = 0U;
-  rand_stack.fst[406U] = 0U;
-  rand_stack.fst[407U] = 0U;
-  rand_stack.fst[408U] = 0U;
-  rand_stack.fst[409U] = 0U;
-  rand_stack.fst[410U] = 0U;
-  rand_stack.fst[411U] = 0U;
-  rand_stack.fst[412U] = 0U;
-  rand_stack.fst[413U] = 0U;
-  rand_stack.fst[414U] = 0U;
-  rand_stack.fst[415U] = 0U;
-  rand_stack.fst[416U] = 0U;
-  rand_stack.fst[417U] = 0U;
-  rand_stack.fst[418U] = 0U;
-  rand_stack.fst[419U] = 0U;
-  rand_stack.fst[420U] = 0U;
-  rand_stack.fst[421U] = 0U;
-  rand_stack.fst[422U] = 0U;
-  rand_stack.fst[423U] = 0U;
-  rand_stack.fst[424U] = 0U;
-  rand_stack.fst[425U] = 0U;
-  rand_stack.fst[426U] = 0U;
-  rand_stack.fst[427U] = 0U;
-  rand_stack.fst[428U] = 0U;
-  rand_stack.fst[429U] = 0U;
-  rand_stack.fst[430U] = 0U;
-  rand_stack.fst[431U] = 0U;
-  rand_stack.fst[432U] = 0U;
-  rand_stack.fst[433U] = 0U;
-  rand_stack.fst[434U] = 0U;
-  rand_stack.fst[435U] = 0U;
-  rand_stack.fst[436U] = 0U;
-  rand_stack.fst[437U] = 0U;
-  rand_stack.fst[438U] = 0U;
-  rand_stack.fst[439U] = 0U;
-  rand_stack.fst[440U] = 0U;
-  rand_stack.fst[441U] = 0U;
-  rand_stack.fst[442U] = 0U;
-  rand_stack.fst[443U] = 0U;
-  rand_stack.fst[444U] = 0U;
-  rand_stack.fst[445U] = 0U;
-  rand_stack.fst[446U] = 0U;
-  rand_stack.fst[447U] = 0U;
-  rand_stack.fst[448U] = 0U;
-  rand_stack.fst[449U] = 0U;
-  rand_stack.fst[450U] = 0U;
-  rand_stack.fst[451U] = 0U;
-  rand_stack.fst[452U] = 0U;
-  rand_stack.fst[453U] = 0U;
-  rand_stack.fst[454U] = 0U;
-  rand_stack.fst[455U] = 0U;
-  rand_stack.fst[456U] = 0U;
-  rand_stack.fst[457U] = 0U;
-  rand_stack.fst[458U] = 0U;
-  rand_stack.fst[459U] = 0U;
-  rand_stack.fst[460U] = 0U;
-  rand_stack.fst[461U] = 0U;
-  rand_stack.fst[462U] = 0U;
-  rand_stack.fst[463U] = 0U;
-  rand_stack.fst[464U] = 0U;
-  rand_stack.fst[465U] = 0U;
-  rand_stack.fst[466U] = 0U;
-  rand_stack.fst[467U] = 0U;
-  rand_stack.fst[468U] = 0U;
-  rand_stack.fst[469U] = 0U;
-  rand_stack.fst[470U] = 0U;
-  rand_stack.fst[471U] = 0U;
-  rand_stack.fst[472U] = 0U;
-  rand_stack.fst[473U] = 0U;
-  rand_stack.fst[474U] = 0U;
-  rand_stack.fst[475U] = 0U;
-  rand_stack.fst[476U] = 0U;
-  rand_stack.fst[477U] = 0U;
-  rand_stack.fst[478U] = 0U;
-  rand_stack.fst[479U] = 0U;
-  rand_stack.fst[480U] = 0U;
-  rand_stack.fst[481U] = 0U;
-  rand_stack.fst[482U] = 0U;
-  rand_stack.fst[483U] = 0U;
-  rand_stack.fst[484U] = 0U;
-  rand_stack.fst[485U] = 0U;
-  rand_stack.fst[486U] = 0U;
-  rand_stack.fst[487U] = 0U;
-  rand_stack.fst[488U] = 0U;
-  rand_stack.fst[489U] = 0U;
-  rand_stack.fst[490U] = 0U;
-  rand_stack.fst[491U] = 0U;
-  rand_stack.fst[492U] = 0U;
-  rand_stack.fst[493U] = 0U;
-  rand_stack.fst[494U] = 0U;
-  rand_stack.fst[495U] = 0U;
-  rand_stack.fst[496U] = 0U;
-  rand_stack.fst[497U] = 0U;
-  rand_stack.fst[498U] = 0U;
-  rand_stack.fst[499U] = 0U;
-  rand_stack.fst[500U] = 0U;
-  rand_stack.fst[501U] = 0U;
-  rand_stack.fst[502U] = 0U;
-  rand_stack.fst[503U] = 0U;
-  rand_stack.fst[504U] = 0U;
-  rand_stack.fst[505U] = 0U;
-  rand_stack.fst[506U] = 0U;
-  rand_stack.fst[507U] = 0U;
-  rand_stack.fst[508U] = 0U;
-  rand_stack.fst[509U] = 0U;
-  rand_stack.fst[510U] = 0U;
-  rand_stack.fst[511U] = 0U;
-  rand_stack.fst[512U] = 0U;
-  rand_stack.fst[513U] = 0U;
-  rand_stack.fst[514U] = 0U;
-  rand_stack.fst[515U] = 0U;
-  rand_stack.fst[516U] = 0U;
-  rand_stack.fst[517U] = 0U;
-  rand_stack.fst[518U] = 0U;
-  rand_stack.fst[519U] = 0U;
-  rand_stack.fst[520U] = 0U;
-  rand_stack.fst[521U] = 0U;
-  rand_stack.fst[522U] = 0U;
-  rand_stack.fst[523U] = 0U;
-  rand_stack.fst[524U] = 0U;
-  rand_stack.fst[525U] = 0U;
-  rand_stack.fst[526U] = 0U;
-  rand_stack.fst[527U] = 0U;
-  rand_stack.fst[528U] = 0U;
-  rand_stack.fst[529U] = 0U;
-  rand_stack.fst[530U] = 0U;
-  rand_stack.fst[531U] = 0U;
-  rand_stack.fst[532U] = 0U;
-  rand_stack.fst[533U] = 0U;
-  rand_stack.fst[534U] = 0U;
-  rand_stack.fst[535U] = 0U;
-  rand_stack.fst[536U] = 0U;
-  rand_stack.fst[537U] = 0U;
-  rand_stack.fst[538U] = 0U;
-  rand_stack.fst[539U] = 0U;
-  rand_stack.fst[540U] = 0U;
-  rand_stack.fst[541U] = 0U;
-  rand_stack.fst[542U] = 0U;
-  rand_stack.fst[543U] = 0U;
-  rand_stack.fst[544U] = 0U;
-  rand_stack.fst[545U] = 0U;
-  rand_stack.fst[546U] = 0U;
-  rand_stack.fst[547U] = 0U;
-  rand_stack.fst[548U] = 0U;
-  rand_stack.fst[549U] = 0U;
-  rand_stack.fst[550U] = 0U;
-  rand_stack.fst[551U] = 0U;
-  rand_stack.fst[552U] = 0U;
-  rand_stack.fst[553U] = 0U;
-  rand_stack.fst[554U] = 0U;
-  rand_stack.fst[555U] = 0U;
-  rand_stack.fst[556U] = 0U;
-  rand_stack.fst[557U] = 0U;
-  rand_stack.fst[558U] = 0U;
-  rand_stack.fst[559U] = 0U;
-  rand_stack.fst[560U] = 0U;
-  rand_stack.fst[561U] = 0U;
-  rand_stack.fst[562U] = 0U;
-  rand_stack.fst[563U] = 0U;
-  rand_stack.fst[564U] = 0U;
-  rand_stack.fst[565U] = 0U;
-  rand_stack.fst[566U] = 0U;
-  rand_stack.fst[567U] = 0U;
-  rand_stack.fst[568U] = 0U;
-  rand_stack.fst[569U] = 0U;
-  rand_stack.fst[570U] = 0U;
-  rand_stack.fst[571U] = 0U;
-  rand_stack.fst[572U] = 0U;
-  rand_stack.fst[573U] = 0U;
-  rand_stack.fst[574U] = 0U;
-  rand_stack.fst[575U] = 0U;
-  rand_stack.fst[576U] = 0U;
-  rand_stack.fst[577U] = 0U;
-  rand_stack.fst[578U] = 0U;
-  rand_stack.fst[579U] = 0U;
-  rand_stack.fst[580U] = 0U;
-  rand_stack.fst[581U] = 0U;
-  rand_stack.fst[582U] = 0U;
-  rand_stack.fst[583U] = 0U;
-  rand_stack.fst[584U] = 0U;
-  rand_stack.fst[585U] = 0U;
-  rand_stack.fst[586U] = 0U;
-  rand_stack.fst[587U] = 0U;
-  rand_stack.fst[588U] = 0U;
-  rand_stack.fst[589U] = 0U;
-  rand_stack.fst[590U] = 0U;
-  rand_stack.fst[591U] = 0U;
-  rand_stack.fst[592U] = 0U;
-  rand_stack.fst[593U] = 0U;
-  rand_stack.fst[594U] = 0U;
-  rand_stack.fst[595U] = 0U;
-  rand_stack.fst[596U] = 0U;
-  rand_stack.fst[597U] = 0U;
-  rand_stack.fst[598U] = 0U;
-  rand_stack.fst[599U] = 0U;
-  rand_stack.fst[600U] = 0U;
-  rand_stack.fst[601U] = 0U;
-  rand_stack.fst[602U] = 0U;
-  rand_stack.fst[603U] = 0U;
-  rand_stack.fst[604U] = 0U;
-  rand_stack.fst[605U] = 0U;
-  rand_stack.fst[606U] = 0U;
-  rand_stack.fst[607U] = 0U;
-  rand_stack.fst[608U] = 0U;
-  rand_stack.fst[609U] = 0U;
-  rand_stack.fst[610U] = 0U;
-  rand_stack.fst[611U] = 0U;
-  rand_stack.fst[612U] = 0U;
-  rand_stack.fst[613U] = 0U;
-  rand_stack.fst[614U] = 0U;
-  rand_stack.fst[615U] = 0U;
-  rand_stack.fst[616U] = 0U;
-  rand_stack.fst[617U] = 0U;
-  rand_stack.fst[618U] = 0U;
-  rand_stack.fst[619U] = 0U;
-  rand_stack.fst[620U] = 0U;
-  rand_stack.fst[621U] = 0U;
-  rand_stack.fst[622U] = 0U;
-  rand_stack.fst[623U] = 0U;
-  rand_stack.fst[624U] = 0U;
-  rand_stack.fst[625U] = 0U;
-  rand_stack.fst[626U] = 0U;
-  rand_stack.fst[627U] = 0U;
-  rand_stack.fst[628U] = 0U;
-  rand_stack.fst[629U] = 0U;
-  rand_stack.fst[630U] = 0U;
-  rand_stack.fst[631U] = 0U;
-  rand_stack.fst[632U] = 0U;
-  rand_stack.fst[633U] = 0U;
-  rand_stack.fst[634U] = 0U;
-  rand_stack.fst[635U] = 0U;
-  rand_stack.fst[636U] = 0U;
-  rand_stack.fst[637U] = 0U;
-  rand_stack.fst[638U] = 0U;
-  rand_stack.fst[639U] = 0U;
-  rand_stack.fst[640U] = 0U;
-  rand_stack.fst[641U] = 0U;
-  rand_stack.fst[642U] = 0U;
-  rand_stack.fst[643U] = 0U;
-  rand_stack.fst[644U] = 0U;
-  rand_stack.fst[645U] = 0U;
-  rand_stack.fst[646U] = 0U;
-  rand_stack.fst[647U] = 0U;
-  rand_stack.fst[648U] = 0U;
-  rand_stack.fst[649U] = 0U;
-  rand_stack.fst[650U] = 0U;
-  rand_stack.fst[651U] = 0U;
-  rand_stack.fst[652U] = 0U;
-  rand_stack.fst[653U] = 0U;
-  rand_stack.fst[654U] = 0U;
-  rand_stack.fst[655U] = 0U;
-  rand_stack.fst[656U] = 0U;
-  rand_stack.fst[657U] = 0U;
-  rand_stack.fst[658U] = 0U;
-  rand_stack.fst[659U] = 0U;
-  rand_stack.fst[660U] = 0U;
-  rand_stack.fst[661U] = 0U;
-  rand_stack.fst[662U] = 0U;
-  rand_stack.fst[663U] = 0U;
-  rand_stack.fst[664U] = 0U;
-  rand_stack.fst[665U] = 0U;
-  rand_stack.fst[666U] = 0U;
-  rand_stack.fst[667U] = 0U;
-  rand_stack.fst[668U] = 0U;
-  rand_stack.fst[669U] = 0U;
-  rand_stack.fst[670U] = 0U;
-  rand_stack.fst[671U] = 0U;
-  rand_stack.fst[672U] = 0U;
-  rand_stack.fst[673U] = 0U;
-  rand_stack.fst[674U] = 0U;
-  rand_stack.fst[675U] = 0U;
-  rand_stack.fst[676U] = 0U;
-  rand_stack.fst[677U] = 0U;
-  rand_stack.fst[678U] = 0U;
-  rand_stack.fst[679U] = 0U;
-  rand_stack.fst[680U] = 0U;
-  rand_stack.fst[681U] = 0U;
-  rand_stack.fst[682U] = 0U;
-  rand_stack.fst[683U] = 0U;
-  rand_stack.fst[684U] = 0U;
-  rand_stack.fst[685U] = 0U;
-  rand_stack.fst[686U] = 0U;
-  rand_stack.fst[687U] = 0U;
-  rand_stack.fst[688U] = 0U;
-  rand_stack.fst[689U] = 0U;
-  rand_stack.fst[690U] = 0U;
-  rand_stack.fst[691U] = 0U;
-  rand_stack.fst[692U] = 0U;
-  rand_stack.fst[693U] = 0U;
-  rand_stack.fst[694U] = 0U;
-  rand_stack.fst[695U] = 0U;
-  rand_stack.fst[696U] = 0U;
-  rand_stack.fst[697U] = 0U;
-  rand_stack.fst[698U] = 0U;
-  rand_stack.fst[699U] = 0U;
-  rand_stack.fst[700U] = 0U;
-  rand_stack.fst[701U] = 0U;
-  rand_stack.fst[702U] = 0U;
-  rand_stack.fst[703U] = 0U;
-  rand_stack.fst[704U] = 0U;
-  rand_stack.fst[705U] = 0U;
-  rand_stack.fst[706U] = 0U;
-  rand_stack.fst[707U] = 0U;
-  rand_stack.fst[708U] = 0U;
-  rand_stack.fst[709U] = 0U;
-  rand_stack.fst[710U] = 0U;
-  rand_stack.fst[711U] = 0U;
-  rand_stack.fst[712U] = 0U;
-  rand_stack.fst[713U] = 0U;
-  rand_stack.fst[714U] = 0U;
-  rand_stack.fst[715U] = 0U;
-  rand_stack.fst[716U] = 0U;
-  rand_stack.fst[717U] = 0U;
-  rand_stack.fst[718U] = 0U;
-  rand_stack.fst[719U] = 0U;
-  rand_stack.fst[720U] = 0U;
-  rand_stack.fst[721U] = 0U;
-  rand_stack.fst[722U] = 0U;
-  rand_stack.fst[723U] = 0U;
-  rand_stack.fst[724U] = 0U;
-  rand_stack.fst[725U] = 0U;
-  rand_stack.fst[726U] = 0U;
-  rand_stack.fst[727U] = 0U;
-  rand_stack.fst[728U] = 0U;
-  rand_stack.fst[729U] = 0U;
-  rand_stack.fst[730U] = 0U;
-  rand_stack.fst[731U] = 0U;
-  rand_stack.fst[732U] = 0U;
-  rand_stack.fst[733U] = 0U;
-  rand_stack.fst[734U] = 0U;
-  rand_stack.fst[735U] = 0U;
-  rand_stack.fst[736U] = 0U;
-  rand_stack.fst[737U] = 0U;
-  rand_stack.fst[738U] = 0U;
-  rand_stack.fst[739U] = 0U;
-  rand_stack.fst[740U] = 0U;
-  rand_stack.fst[741U] = 0U;
-  rand_stack.fst[742U] = 0U;
-  rand_stack.fst[743U] = 0U;
-  rand_stack.fst[744U] = 0U;
-  rand_stack.fst[745U] = 0U;
-  rand_stack.fst[746U] = 0U;
-  rand_stack.fst[747U] = 0U;
-  rand_stack.fst[748U] = 0U;
-  rand_stack.fst[749U] = 0U;
-  rand_stack.fst[750U] = 0U;
-  rand_stack.fst[751U] = 0U;
-  rand_stack.fst[752U] = 0U;
-  rand_stack.fst[753U] = 0U;
-  rand_stack.fst[754U] = 0U;
-  rand_stack.fst[755U] = 0U;
-  rand_stack.fst[756U] = 0U;
-  rand_stack.fst[757U] = 0U;
-  rand_stack.fst[758U] = 0U;
-  rand_stack.fst[759U] = 0U;
-  rand_stack.fst[760U] = 0U;
-  rand_stack.fst[761U] = 0U;
-  rand_stack.fst[762U] = 0U;
-  rand_stack.fst[763U] = 0U;
-  rand_stack.fst[764U] = 0U;
-  rand_stack.fst[765U] = 0U;
-  rand_stack.fst[766U] = 0U;
-  rand_stack.fst[767U] = 0U;
-  rand_stack.fst[768U] = 0U;
-  rand_stack.fst[769U] = 0U;
-  rand_stack.fst[770U] = 0U;
-  rand_stack.fst[771U] = 0U;
-  rand_stack.fst[772U] = 0U;
-  rand_stack.fst[773U] = 0U;
-  rand_stack.fst[774U] = 0U;
-  rand_stack.fst[775U] = 0U;
-  rand_stack.fst[776U] = 0U;
-  rand_stack.fst[777U] = 0U;
-  rand_stack.fst[778U] = 0U;
-  rand_stack.fst[779U] = 0U;
-  rand_stack.fst[780U] = 0U;
-  rand_stack.fst[781U] = 0U;
-  rand_stack.fst[782U] = 0U;
-  rand_stack.fst[783U] = 0U;
-  rand_stack.fst[784U] = 0U;
-  rand_stack.fst[785U] = 0U;
-  rand_stack.fst[786U] = 0U;
-  rand_stack.fst[787U] = 0U;
-  rand_stack.fst[788U] = 0U;
-  rand_stack.fst[789U] = 0U;
-  rand_stack.fst[790U] = 0U;
-  rand_stack.fst[791U] = 0U;
-  rand_stack.fst[792U] = 0U;
-  rand_stack.fst[793U] = 0U;
-  rand_stack.fst[794U] = 0U;
-  rand_stack.fst[795U] = 0U;
-  rand_stack.fst[796U] = 0U;
-  rand_stack.fst[797U] = 0U;
-  rand_stack.fst[798U] = 0U;
-  rand_stack.fst[799U] = 0U;
-  rand_stack.fst[800U] = 0U;
-  rand_stack.fst[801U] = 0U;
-  rand_stack.fst[802U] = 0U;
-  rand_stack.fst[803U] = 0U;
-  rand_stack.fst[804U] = 0U;
-  rand_stack.fst[805U] = 0U;
-  rand_stack.fst[806U] = 0U;
-  rand_stack.fst[807U] = 0U;
-  rand_stack.fst[808U] = 0U;
-  rand_stack.fst[809U] = 0U;
-  rand_stack.fst[810U] = 0U;
-  rand_stack.fst[811U] = 0U;
-  rand_stack.fst[812U] = 0U;
-  rand_stack.fst[813U] = 0U;
-  rand_stack.fst[814U] = 0U;
-  rand_stack.fst[815U] = 0U;
-  rand_stack.fst[816U] = 0U;
-  rand_stack.fst[817U] = 0U;
-  rand_stack.fst[818U] = 0U;
-  rand_stack.fst[819U] = 0U;
-  rand_stack.fst[820U] = 0U;
-  rand_stack.fst[821U] = 0U;
-  rand_stack.fst[822U] = 0U;
-  rand_stack.fst[823U] = 0U;
-  rand_stack.fst[824U] = 0U;
-  rand_stack.fst[825U] = 0U;
-  rand_stack.fst[826U] = 0U;
-  rand_stack.fst[827U] = 0U;
-  rand_stack.fst[828U] = 0U;
-  rand_stack.fst[829U] = 0U;
-  rand_stack.fst[830U] = 0U;
-  rand_stack.fst[831U] = 0U;
-  rand_stack.fst[832U] = 0U;
-  rand_stack.fst[833U] = 0U;
-  rand_stack.fst[834U] = 0U;
-  rand_stack.fst[835U] = 0U;
-  rand_stack.fst[836U] = 0U;
-  rand_stack.fst[837U] = 0U;
-  rand_stack.fst[838U] = 0U;
-  rand_stack.fst[839U] = 0U;
-  memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t));
-  memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t));
-  rand_stack.f3[0U] = 0U;
-  rand_stack.f3[1U] = 0U;
-  rand_stack.f3[2U] = 0U;
-  rand_stack.f3[3U] = 0U;
-  rand_stack.f3[4U] = 0U;
-  rand_stack.f3[5U] = 0U;
-  rand_stack.f3[6U] = 0U;
-  rand_stack.f3[7U] = 0U;
-  rand_stack.f3[8U] = 0U;
-  rand_stack.f3[9U] = 0U;
-  rand_stack.f3[10U] = 0U;
-  rand_stack.f3[11U] = 0U;
-  rand_stack.f3[12U] = 0U;
-  rand_stack.f3[13U] = 0U;
-  rand_stack.f3[14U] = 0U;
-  rand_stack.f3[15U] = 0U;
-  rand_stack.f3[16U] = 0U;
-  rand_stack.f3[17U] = 0U;
-  rand_stack.f3[18U] = 0U;
-  rand_stack.f3[19U] = 0U;
-  rand_stack.f3[20U] = 0U;
-  rand_stack.f3[21U] = 0U;
-  rand_stack.f3[22U] = 0U;
-  rand_stack.f3[23U] = 0U;
-  rand_stack.f3[24U] = 0U;
-  rand_stack.f3[25U] = 0U;
-  rand_stack.f3[26U] = 0U;
-  rand_stack.f3[27U] = 0U;
-  rand_stack.f3[28U] = 0U;
-  rand_stack.f3[29U] = 0U;
-  rand_stack.f3[30U] = 0U;
-  rand_stack.f3[31U] = 0U;
-  rand_stack.f3[32U] = 0U;
-  rand_stack.f3[33U] = 0U;
-  rand_stack.f3[34U] = 0U;
-  rand_stack.f3[35U] = 0U;
-  rand_stack.f3[36U] = 0U;
-  rand_stack.f3[37U] = 0U;
-  rand_stack.f3[38U] = 0U;
-  rand_stack.f3[39U] = 0U;
-  rand_stack.f3[40U] = 0U;
-  rand_stack.f3[41U] = 0U;
-  rand_stack.f3[42U] = 0U;
-  rand_stack.f3[43U] = 0U;
-  rand_stack.f3[44U] = 0U;
-  rand_stack.f3[45U] = 0U;
-  rand_stack.f3[46U] = 0U;
-  rand_stack.f3[47U] = 0U;
-  rand_stack.f3[48U] = 0U;
-  rand_stack.f3[49U] = 0U;
-  rand_stack.f3[50U] = 0U;
-  rand_stack.f3[51U] = 0U;
-  rand_stack.f3[52U] = 0U;
-  rand_stack.f3[53U] = 0U;
-  rand_stack.f3[54U] = 0U;
-  rand_stack.f3[55U] = 0U;
-  rand_stack.f3[56U] = 0U;
-  rand_stack.f3[57U] = 0U;
-  rand_stack.f3[58U] = 0U;
-  rand_stack.f3[59U] = 0U;
-  rand_stack.f3[60U] = 0U;
-  rand_stack.f3[61U] = 0U;
-  rand_stack.f3[62U] = 0U;
-  rand_stack.f3[63U] = 0U;
-  rand_stack.f3[64U] = 0U;
-  rand_stack.f3[65U] = 0U;
-  rand_stack.f3[66U] = 0U;
-  rand_stack.f3[67U] = 0U;
-  rand_stack.f3[68U] = 0U;
-  rand_stack.f3[69U] = 0U;
-  rand_stack.f3[70U] = 0U;
-  rand_stack.f3[71U] = 0U;
-  rand_stack.f3[72U] = 0U;
-  rand_stack.f3[73U] = 0U;
-  rand_stack.f3[74U] = 0U;
-  rand_stack.f3[75U] = 0U;
-  rand_stack.f3[76U] = 0U;
-  rand_stack.f3[77U] = 0U;
-  rand_stack.f3[78U] = 0U;
-  rand_stack.f3[79U] = 0U;
-  rand_stack.f3[80U] = 0U;
-  rand_stack.f3[81U] = 0U;
-  rand_stack.f3[82U] = 0U;
-  rand_stack.f3[83U] = 0U;
-  rand_stack.f3[84U] = 0U;
-  rand_stack.f3[85U] = 0U;
-  rand_stack.f3[86U] = 0U;
-  rand_stack.f3[87U] = 0U;
-  rand_stack.f3[88U] = 0U;
-  rand_stack.f3[89U] = 0U;
-  rand_stack.f3[90U] = 0U;
-  rand_stack.f3[91U] = 0U;
-  rand_stack.f3[92U] = 0U;
-  rand_stack.f3[93U] = 0U;
-  rand_stack.f3[94U] = 0U;
-  rand_stack.f3[95U] = 0U;
-  rand_stack.f3[96U] = 0U;
-  rand_stack.f3[97U] = 0U;
-  rand_stack.f3[98U] = 0U;
-  rand_stack.f3[99U] = 0U;
-  rand_stack.f3[100U] = 0U;
-  rand_stack.f3[101U] = 0U;
-  rand_stack.f3[102U] = 0U;
-  rand_stack.f3[103U] = 0U;
-  rand_stack.f3[104U] = 0U;
-  rand_stack.f3[105U] = 0U;
-  rand_stack.f3[106U] = 0U;
-  rand_stack.f3[107U] = 0U;
-  rand_stack.f3[108U] = 0U;
-  rand_stack.f3[109U] = 0U;
-  rand_stack.f3[110U] = 0U;
-  rand_stack.f3[111U] = 0U;
-  rand_stack.f3[112U] = 0U;
-  rand_stack.f3[113U] = 0U;
-  rand_stack.f3[114U] = 0U;
-  rand_stack.f3[115U] = 0U;
-  rand_stack.f3[116U] = 0U;
-  rand_stack.f3[117U] = 0U;
-  rand_stack.f3[118U] = 0U;
-  rand_stack.f3[119U] = 0U;
-  rand_stack.f3[120U] = 0U;
-  rand_stack.f3[121U] = 0U;
-  rand_stack.f3[122U] = 0U;
-  rand_stack.f3[123U] = 0U;
-  rand_stack.f3[124U] = 0U;
-  rand_stack.f3[125U] = 0U;
-  rand_stack.f3[126U] = 0U;
-  rand_stack.f3[127U] = 0U;
-  rand_stack.f3[128U] = 0U;
-  rand_stack.f3[129U] = 0U;
-  rand_stack.f3[130U] = 0U;
-  rand_stack.f3[131U] = 0U;
-  rand_stack.f3[132U] = 0U;
-  rand_stack.f3[133U] = 0U;
-  rand_stack.f3[134U] = 0U;
-  rand_stack.f3[135U] = 0U;
-  rand_stack.f3[136U] = 0U;
-  rand_stack.f3[137U] = 0U;
-  rand_stack.f3[138U] = 0U;
-  rand_stack.f3[139U] = 0U;
-  rand_stack.f3[140U] = 0U;
-  rand_stack.f3[141U] = 0U;
-  rand_stack.f3[142U] = 0U;
-  rand_stack.f3[143U] = 0U;
-  rand_stack.f3[144U] = 0U;
-  rand_stack.f3[145U] = 0U;
-  rand_stack.f3[146U] = 0U;
-  rand_stack.f3[147U] = 0U;
-  rand_stack.f3[148U] = 0U;
-  rand_stack.f3[149U] = 0U;
-  rand_stack.f3[150U] = 0U;
-  rand_stack.f3[151U] = 0U;
-  rand_stack.f3[152U] = 0U;
-  rand_stack.f3[153U] = 0U;
-  rand_stack.f3[154U] = 0U;
-  rand_stack.f3[155U] = 0U;
-  rand_stack.f3[156U] = 0U;
-  rand_stack.f3[157U] = 0U;
-  rand_stack.f3[158U] = 0U;
-  rand_stack.f3[159U] = 0U;
-  rand_stack.f3[160U] = 0U;
-  rand_stack.f3[161U] = 0U;
-  rand_stack.f3[162U] = 0U;
-  rand_stack.f3[163U] = 0U;
-  rand_stack.f3[164U] = 0U;
-  rand_stack.f3[165U] = 0U;
-  rand_stack.f3[166U] = 0U;
-  rand_stack.f3[167U] = 0U;
-  rand_stack.f3[168U] = 0U;
-  rand_stack.f3[169U] = 0U;
-  rand_stack.f3[170U] = 0U;
-  rand_stack.f3[171U] = 0U;
-  rand_stack.f3[172U] = 0U;
-  rand_stack.f3[173U] = 0U;
-  rand_stack.f3[174U] = 0U;
-  rand_stack.f3[175U] = 0U;
-  rand_stack.f3[176U] = 0U;
-  rand_stack.f3[177U] = 0U;
-  rand_stack.f3[178U] = 0U;
-  rand_stack.f3[179U] = 0U;
-  rand_stack.f3[180U] = 0U;
-  rand_stack.f3[181U] = 0U;
-  rand_stack.f3[182U] = 0U;
-  rand_stack.f3[183U] = 0U;
-  rand_stack.f3[184U] = 0U;
-  rand_stack.f3[185U] = 0U;
-  rand_stack.f3[186U] = 0U;
-  rand_stack.f3[187U] = 0U;
-  rand_stack.f3[188U] = 0U;
-  rand_stack.f3[189U] = 0U;
-  rand_stack.f3[190U] = 0U;
-  rand_stack.f3[191U] = 0U;
-  rand_stack.f3[192U] = 0U;
-  rand_stack.f3[193U] = 0U;
-  rand_stack.f3[194U] = 0U;
-  rand_stack.f3[195U] = 0U;
-  rand_stack.f3[196U] = 0U;
-  rand_stack.f3[197U] = 0U;
-  rand_stack.f3[198U] = 0U;
-  rand_stack.f3[199U] = 0U;
-  rand_stack.f3[200U] = 0U;
-  rand_stack.f3[201U] = 0U;
-  rand_stack.f3[202U] = 0U;
-  rand_stack.f3[203U] = 0U;
-  rand_stack.f3[204U] = 0U;
-  rand_stack.f3[205U] = 0U;
-  rand_stack.f3[206U] = 0U;
-  rand_stack.f3[207U] = 0U;
-  rand_stack.f3[208U] = 0U;
-  rand_stack.f3[209U] = 0U;
-  rand_stack.f3[210U] = 0U;
-  rand_stack.f3[211U] = 0U;
-  rand_stack.f3[212U] = 0U;
-  rand_stack.f3[213U] = 0U;
-  rand_stack.f3[214U] = 0U;
-  rand_stack.f3[215U] = 0U;
-  rand_stack.f3[216U] = 0U;
-  rand_stack.f3[217U] = 0U;
-  rand_stack.f3[218U] = 0U;
-  rand_stack.f3[219U] = 0U;
-  rand_stack.f3[220U] = 0U;
-  rand_stack.f3[221U] = 0U;
-  rand_stack.f3[222U] = 0U;
-  rand_stack.f3[223U] = 0U;
-  rand_stack.f3[224U] = 0U;
-  rand_stack.f3[225U] = 0U;
-  rand_stack.f3[226U] = 0U;
-  rand_stack.f3[227U] = 0U;
-  rand_stack.f3[228U] = 0U;
-  rand_stack.f3[229U] = 0U;
-  rand_stack.f3[230U] = 0U;
-  rand_stack.f3[231U] = 0U;
-  rand_stack.f3[232U] = 0U;
-  rand_stack.f3[233U] = 0U;
-  rand_stack.f3[234U] = 0U;
-  rand_stack.f3[235U] = 0U;
-  rand_stack.f3[236U] = 0U;
-  rand_stack.f3[237U] = 0U;
-  rand_stack.f3[238U] = 0U;
-  rand_stack.f3[239U] = 0U;
-  rand_stack.f3[240U] = 0U;
-  rand_stack.f3[241U] = 0U;
-  rand_stack.f3[242U] = 0U;
-  rand_stack.f3[243U] = 0U;
-  rand_stack.f3[244U] = 0U;
-  rand_stack.f3[245U] = 0U;
-  rand_stack.f3[246U] = 0U;
-  rand_stack.f3[247U] = 0U;
-  rand_stack.f3[248U] = 0U;
-  rand_stack.f3[249U] = 0U;
-  rand_stack.f3[250U] = 0U;
-  rand_stack.f3[251U] = 0U;
-  rand_stack.f3[252U] = 0U;
-  rand_stack.f3[253U] = 0U;
-  rand_stack.f3[254U] = 0U;
-  rand_stack.f3[255U] = 0U;
-  rand_stack.f3[256U] = 0U;
-  rand_stack.f3[257U] = 0U;
-  rand_stack.f3[258U] = 0U;
-  rand_stack.f3[259U] = 0U;
-  rand_stack.f3[260U] = 0U;
-  rand_stack.f3[261U] = 0U;
-  rand_stack.f3[262U] = 0U;
-  rand_stack.f3[263U] = 0U;
-  rand_stack.f3[264U] = 0U;
-  rand_stack.f3[265U] = 0U;
-  rand_stack.f3[266U] = 0U;
-  rand_stack.f3[267U] = 0U;
-  rand_stack.f3[268U] = 0U;
-  rand_stack.f3[269U] = 0U;
-  rand_stack.f3[270U] = 0U;
-  rand_stack.f3[271U] = 0U;
-  rand_stack.f3[272U] = 0U;
-  rand_stack.f3[273U] = 0U;
-  rand_stack.f3[274U] = 0U;
-  rand_stack.f3[275U] = 0U;
-  rand_stack.f3[276U] = 0U;
-  rand_stack.f3[277U] = 0U;
-  rand_stack.f3[278U] = 0U;
-  rand_stack.f3[279U] = 0U;
-  rand_stack.f3[280U] = 0U;
-  rand_stack.f3[281U] = 0U;
-  rand_stack.f3[282U] = 0U;
-  rand_stack.f3[283U] = 0U;
-  rand_stack.f3[284U] = 0U;
-  rand_stack.f3[285U] = 0U;
-  rand_stack.f3[286U] = 0U;
-  rand_stack.f3[287U] = 0U;
-  rand_stack.f3[288U] = 0U;
-  rand_stack.f3[289U] = 0U;
-  rand_stack.f3[290U] = 0U;
-  rand_stack.f3[291U] = 0U;
-  rand_stack.f3[292U] = 0U;
-  rand_stack.f3[293U] = 0U;
-  rand_stack.f3[294U] = 0U;
-  rand_stack.f3[295U] = 0U;
-  rand_stack.f3[296U] = 0U;
-  rand_stack.f3[297U] = 0U;
-  rand_stack.f3[298U] = 0U;
-  rand_stack.f3[299U] = 0U;
-  rand_stack.f3[300U] = 0U;
-  rand_stack.f3[301U] = 0U;
-  rand_stack.f3[302U] = 0U;
-  rand_stack.f3[303U] = 0U;
-  rand_stack.f3[304U] = 0U;
-  rand_stack.f3[305U] = 0U;
-  rand_stack.f3[306U] = 0U;
-  rand_stack.f3[307U] = 0U;
-  rand_stack.f3[308U] = 0U;
-  rand_stack.f3[309U] = 0U;
-  rand_stack.f3[310U] = 0U;
-  rand_stack.f3[311U] = 0U;
-  rand_stack.f3[312U] = 0U;
-  rand_stack.f3[313U] = 0U;
-  rand_stack.f3[314U] = 0U;
-  rand_stack.f3[315U] = 0U;
-  rand_stack.f3[316U] = 0U;
-  rand_stack.f3[317U] = 0U;
-  rand_stack.f3[318U] = 0U;
-  rand_stack.f3[319U] = 0U;
-  rand_stack.f3[320U] = 0U;
-  rand_stack.f3[321U] = 0U;
-  rand_stack.f3[322U] = 0U;
-  rand_stack.f3[323U] = 0U;
-  rand_stack.f3[324U] = 0U;
-  rand_stack.f3[325U] = 0U;
-  rand_stack.f3[326U] = 0U;
-  rand_stack.f3[327U] = 0U;
-  rand_stack.f3[328U] = 0U;
-  rand_stack.f3[329U] = 0U;
-  rand_stack.f3[330U] = 0U;
-  rand_stack.f3[331U] = 0U;
-  rand_stack.f3[332U] = 0U;
-  rand_stack.f3[333U] = 0U;
-  rand_stack.f3[334U] = 0U;
-  rand_stack.f3[335U] = 0U;
-  rand_stack.f3[336U] = 0U;
-  rand_stack.f3[337U] = 0U;
-  rand_stack.f3[338U] = 0U;
-  rand_stack.f3[339U] = 0U;
-  rand_stack.f3[340U] = 0U;
-  rand_stack.f3[341U] = 0U;
-  rand_stack.f3[342U] = 0U;
-  rand_stack.f3[343U] = 0U;
-  rand_stack.f3[344U] = 0U;
-  rand_stack.f3[345U] = 0U;
-  rand_stack.f3[346U] = 0U;
-  rand_stack.f3[347U] = 0U;
-  rand_stack.f3[348U] = 0U;
-  rand_stack.f3[349U] = 0U;
-  rand_stack.f3[350U] = 0U;
-  rand_stack.f3[351U] = 0U;
-  rand_stack.f3[352U] = 0U;
-  rand_stack.f3[353U] = 0U;
-  rand_stack.f3[354U] = 0U;
-  rand_stack.f3[355U] = 0U;
-  rand_stack.f3[356U] = 0U;
-  rand_stack.f3[357U] = 0U;
-  rand_stack.f3[358U] = 0U;
-  rand_stack.f3[359U] = 0U;
-  rand_stack.f3[360U] = 0U;
-  rand_stack.f3[361U] = 0U;
-  rand_stack.f3[362U] = 0U;
-  rand_stack.f3[363U] = 0U;
-  rand_stack.f3[364U] = 0U;
-  rand_stack.f3[365U] = 0U;
-  rand_stack.f3[366U] = 0U;
-  rand_stack.f3[367U] = 0U;
-  rand_stack.f3[368U] = 0U;
-  rand_stack.f3[369U] = 0U;
-  rand_stack.f3[370U] = 0U;
-  rand_stack.f3[371U] = 0U;
-  rand_stack.f3[372U] = 0U;
-  rand_stack.f3[373U] = 0U;
-  rand_stack.f3[374U] = 0U;
-  rand_stack.f3[375U] = 0U;
-  rand_stack.f3[376U] = 0U;
-  rand_stack.f3[377U] = 0U;
-  rand_stack.f3[378U] = 0U;
-  rand_stack.f3[379U] = 0U;
-  rand_stack.f3[380U] = 0U;
-  rand_stack.f3[381U] = 0U;
-  rand_stack.f3[382U] = 0U;
-  rand_stack.f3[383U] = 0U;
-  rand_stack.f3[384U] = 0U;
-  rand_stack.f3[385U] = 0U;
-  rand_stack.f3[386U] = 0U;
-  rand_stack.f3[387U] = 0U;
-  rand_stack.f3[388U] = 0U;
-  rand_stack.f3[389U] = 0U;
-  rand_stack.f3[390U] = 0U;
-  rand_stack.f3[391U] = 0U;
-  rand_stack.f3[392U] = 0U;
-  rand_stack.f3[393U] = 0U;
-  rand_stack.f3[394U] = 0U;
-  rand_stack.f3[395U] = 0U;
-  rand_stack.f3[396U] = 0U;
-  rand_stack.f3[397U] = 0U;
-  rand_stack.f3[398U] = 0U;
-  rand_stack.f3[399U] = 0U;
-  rand_stack.f3[400U] = 0U;
-  rand_stack.f3[401U] = 0U;
-  rand_stack.f3[402U] = 0U;
-  rand_stack.f3[403U] = 0U;
-  rand_stack.f3[404U] = 0U;
-  rand_stack.f3[405U] = 0U;
-  rand_stack.f3[406U] = 0U;
-  rand_stack.f3[407U] = 0U;
-  rand_stack.f3[408U] = 0U;
-  rand_stack.f3[409U] = 0U;
-  rand_stack.f3[410U] = 0U;
-  rand_stack.f3[411U] = 0U;
-  rand_stack.f3[412U] = 0U;
-  rand_stack.f3[413U] = 0U;
-  rand_stack.f3[414U] = 0U;
-  rand_stack.f3[415U] = 0U;
-  rand_stack.f3[416U] = 0U;
-  rand_stack.f3[417U] = 0U;
-  rand_stack.f3[418U] = 0U;
-  rand_stack.f3[419U] = 0U;
-  rand_stack.f3[420U] = 0U;
-  rand_stack.f3[421U] = 0U;
-  rand_stack.f3[422U] = 0U;
-  rand_stack.f3[423U] = 0U;
-  rand_stack.f3[424U] = 0U;
-  rand_stack.f3[425U] = 0U;
-  rand_stack.f3[426U] = 0U;
-  rand_stack.f3[427U] = 0U;
-  rand_stack.f3[428U] = 0U;
-  rand_stack.f3[429U] = 0U;
-  rand_stack.f3[430U] = 0U;
-  rand_stack.f3[431U] = 0U;
-  rand_stack.f3[432U] = 0U;
-  rand_stack.f3[433U] = 0U;
-  rand_stack.f3[434U] = 0U;
-  rand_stack.f3[435U] = 0U;
-  rand_stack.f3[436U] = 0U;
-  rand_stack.f3[437U] = 0U;
-  rand_stack.f3[438U] = 0U;
-  rand_stack.f3[439U] = 0U;
-  rand_stack.f3[440U] = 0U;
-  rand_stack.f3[441U] = 0U;
-  rand_stack.f3[442U] = 0U;
-  rand_stack.f3[443U] = 0U;
-  rand_stack.f3[444U] = 0U;
-  rand_stack.f3[445U] = 0U;
-  rand_stack.f3[446U] = 0U;
-  rand_stack.f3[447U] = 0U;
-  rand_stack.f3[448U] = 0U;
-  rand_stack.f3[449U] = 0U;
-  rand_stack.f3[450U] = 0U;
-  rand_stack.f3[451U] = 0U;
-  rand_stack.f3[452U] = 0U;
-  rand_stack.f3[453U] = 0U;
-  rand_stack.f3[454U] = 0U;
-  rand_stack.f3[455U] = 0U;
-  rand_stack.f3[456U] = 0U;
-  rand_stack.f3[457U] = 0U;
-  rand_stack.f3[458U] = 0U;
-  rand_stack.f3[459U] = 0U;
-  rand_stack.f3[460U] = 0U;
-  rand_stack.f3[461U] = 0U;
-  rand_stack.f3[462U] = 0U;
-  rand_stack.f3[463U] = 0U;
-  rand_stack.f3[464U] = 0U;
-  rand_stack.f3[465U] = 0U;
-  rand_stack.f3[466U] = 0U;
-  rand_stack.f3[467U] = 0U;
-  rand_stack.f3[468U] = 0U;
-  rand_stack.f3[469U] = 0U;
-  rand_stack.f3[470U] = 0U;
-  rand_stack.f3[471U] = 0U;
-  rand_stack.f3[472U] = 0U;
-  rand_stack.f3[473U] = 0U;
-  rand_stack.f3[474U] = 0U;
-  rand_stack.f3[475U] = 0U;
-  rand_stack.f3[476U] = 0U;
-  rand_stack.f3[477U] = 0U;
-  rand_stack.f3[478U] = 0U;
-  rand_stack.f3[479U] = 0U;
-  rand_stack.f3[480U] = 0U;
-  rand_stack.f3[481U] = 0U;
-  rand_stack.f3[482U] = 0U;
-  rand_stack.f3[483U] = 0U;
-  rand_stack.f3[484U] = 0U;
-  rand_stack.f3[485U] = 0U;
-  rand_stack.f3[486U] = 0U;
-  rand_stack.f3[487U] = 0U;
-  rand_stack.f3[488U] = 0U;
-  rand_stack.f3[489U] = 0U;
-  rand_stack.f3[490U] = 0U;
-  rand_stack.f3[491U] = 0U;
-  rand_stack.f3[492U] = 0U;
-  rand_stack.f3[493U] = 0U;
-  rand_stack.f3[494U] = 0U;
-  rand_stack.f3[495U] = 0U;
-  rand_stack.f3[496U] = 0U;
-  rand_stack.f3[497U] = 0U;
-  rand_stack.f3[498U] = 0U;
-  rand_stack.f3[499U] = 0U;
-  rand_stack.f3[500U] = 0U;
-  rand_stack.f3[501U] = 0U;
-  rand_stack.f3[502U] = 0U;
-  rand_stack.f3[503U] = 0U;
-  rand_stack.f3[504U] = 0U;
-  rand_stack.f3[505U] = 0U;
-  rand_stack.f3[506U] = 0U;
-  rand_stack.f3[507U] = 0U;
-  rand_stack.f3[508U] = 0U;
-  rand_stack.f3[509U] = 0U;
-  rand_stack.f3[510U] = 0U;
-  rand_stack.f3[511U] = 0U;
-  rand_stack.f3[512U] = 0U;
-  rand_stack.f3[513U] = 0U;
-  rand_stack.f3[514U] = 0U;
-  rand_stack.f3[515U] = 0U;
-  rand_stack.f3[516U] = 0U;
-  rand_stack.f3[517U] = 0U;
-  rand_stack.f3[518U] = 0U;
-  rand_stack.f3[519U] = 0U;
-  rand_stack.f3[520U] = 0U;
-  rand_stack.f3[521U] = 0U;
-  rand_stack.f3[522U] = 0U;
-  rand_stack.f3[523U] = 0U;
-  rand_stack.f3[524U] = 0U;
-  rand_stack.f3[525U] = 0U;
-  rand_stack.f3[526U] = 0U;
-  rand_stack.f3[527U] = 0U;
-  rand_stack.f3[528U] = 0U;
-  rand_stack.f3[529U] = 0U;
-  rand_stack.f3[530U] = 0U;
-  rand_stack.f3[531U] = 0U;
-  rand_stack.f3[532U] = 0U;
-  rand_stack.f3[533U] = 0U;
-  rand_stack.f3[534U] = 0U;
-  rand_stack.f3[535U] = 0U;
-  rand_stack.f3[536U] = 0U;
-  rand_stack.f3[537U] = 0U;
-  rand_stack.f3[538U] = 0U;
-  rand_stack.f3[539U] = 0U;
-  rand_stack.f3[540U] = 0U;
-  rand_stack.f3[541U] = 0U;
-  rand_stack.f3[542U] = 0U;
-  rand_stack.f3[543U] = 0U;
-  rand_stack.f3[544U] = 0U;
-  rand_stack.f3[545U] = 0U;
-  rand_stack.f3[546U] = 0U;
-  rand_stack.f3[547U] = 0U;
-  rand_stack.f3[548U] = 0U;
-  rand_stack.f3[549U] = 0U;
-  rand_stack.f3[550U] = 0U;
-  rand_stack.f3[551U] = 0U;
-  rand_stack.f3[552U] = 0U;
-  rand_stack.f3[553U] = 0U;
-  rand_stack.f3[554U] = 0U;
-  rand_stack.f3[555U] = 0U;
-  rand_stack.f3[556U] = 0U;
-  rand_stack.f3[557U] = 0U;
-  rand_stack.f3[558U] = 0U;
-  rand_stack.f3[559U] = 0U;
-  rand_stack.f3[560U] = 0U;
-  rand_stack.f3[561U] = 0U;
-  rand_stack.f3[562U] = 0U;
-  rand_stack.f3[563U] = 0U;
-  rand_stack.f3[564U] = 0U;
-  rand_stack.f3[565U] = 0U;
-  rand_stack.f3[566U] = 0U;
-  rand_stack.f3[567U] = 0U;
-  rand_stack.f3[568U] = 0U;
-  rand_stack.f3[569U] = 0U;
-  rand_stack.f3[570U] = 0U;
-  rand_stack.f3[571U] = 0U;
-  rand_stack.f3[572U] = 0U;
-  rand_stack.f3[573U] = 0U;
-  rand_stack.f3[574U] = 0U;
-  rand_stack.f3[575U] = 0U;
-  rand_stack.f3[576U] = 0U;
-  rand_stack.f3[577U] = 0U;
-  rand_stack.f3[578U] = 0U;
-  rand_stack.f3[579U] = 0U;
-  rand_stack.f3[580U] = 0U;
-  rand_stack.f3[581U] = 0U;
-  rand_stack.f3[582U] = 0U;
-  rand_stack.f3[583U] = 0U;
-  rand_stack.f3[584U] = 0U;
-  rand_stack.f3[585U] = 0U;
-  rand_stack.f3[586U] = 0U;
-  rand_stack.f3[587U] = 0U;
-  rand_stack.f3[588U] = 0U;
-  rand_stack.f3[589U] = 0U;
-  rand_stack.f3[590U] = 0U;
-  rand_stack.f3[591U] = 0U;
-  rand_stack.f3[592U] = 0U;
-  rand_stack.f3[593U] = 0U;
-  rand_stack.f3[594U] = 0U;
-  rand_stack.f3[595U] = 0U;
-  rand_stack.f3[596U] = 0U;
-  rand_stack.f3[597U] = 0U;
-  rand_stack.f3[598U] = 0U;
-  rand_stack.f3[599U] = 0U;
-  rand_stack.f3[600U] = 0U;
-  rand_stack.f3[601U] = 0U;
-  rand_stack.f3[602U] = 0U;
-  rand_stack.f3[603U] = 0U;
-  rand_stack.f3[604U] = 0U;
-  rand_stack.f3[605U] = 0U;
-  rand_stack.f3[606U] = 0U;
-  rand_stack.f3[607U] = 0U;
-  rand_stack.f3[608U] = 0U;
-  rand_stack.f3[609U] = 0U;
-  rand_stack.f3[610U] = 0U;
-  rand_stack.f3[611U] = 0U;
-  rand_stack.f3[612U] = 0U;
-  rand_stack.f3[613U] = 0U;
-  rand_stack.f3[614U] = 0U;
-  rand_stack.f3[615U] = 0U;
-  rand_stack.f3[616U] = 0U;
-  rand_stack.f3[617U] = 0U;
-  rand_stack.f3[618U] = 0U;
-  rand_stack.f3[619U] = 0U;
-  rand_stack.f3[620U] = 0U;
-  rand_stack.f3[621U] = 0U;
-  rand_stack.f3[622U] = 0U;
-  rand_stack.f3[623U] = 0U;
-  rand_stack.f3[624U] = 0U;
-  rand_stack.f3[625U] = 0U;
-  rand_stack.f3[626U] = 0U;
-  rand_stack.f3[627U] = 0U;
-  rand_stack.f3[628U] = 0U;
-  rand_stack.f3[629U] = 0U;
-  rand_stack.f3[630U] = 0U;
-  rand_stack.f3[631U] = 0U;
-  rand_stack.f3[632U] = 0U;
-  rand_stack.f3[633U] = 0U;
-  rand_stack.f3[634U] = 0U;
-  rand_stack.f3[635U] = 0U;
-  rand_stack.f3[636U] = 0U;
-  rand_stack.f3[637U] = 0U;
-  rand_stack.f3[638U] = 0U;
-  rand_stack.f3[639U] = 0U;
-  rand_stack.f3[640U] = 0U;
-  rand_stack.f3[641U] = 0U;
-  rand_stack.f3[642U] = 0U;
-  rand_stack.f3[643U] = 0U;
-  rand_stack.f3[644U] = 0U;
-  rand_stack.f3[645U] = 0U;
-  rand_stack.f3[646U] = 0U;
-  rand_stack.f3[647U] = 0U;
-  rand_stack.f3[648U] = 0U;
-  rand_stack.f3[649U] = 0U;
-  rand_stack.f3[650U] = 0U;
-  rand_stack.f3[651U] = 0U;
-  rand_stack.f3[652U] = 0U;
-  rand_stack.f3[653U] = 0U;
-  rand_stack.f3[654U] = 0U;
-  rand_stack.f3[655U] = 0U;
-  rand_stack.f3[656U] = 0U;
-  rand_stack.f3[657U] = 0U;
-  rand_stack.f3[658U] = 0U;
-  rand_stack.f3[659U] = 0U;
-  rand_stack.f3[660U] = 0U;
-  rand_stack.f3[661U] = 0U;
-  rand_stack.f3[662U] = 0U;
-  rand_stack.f3[663U] = 0U;
-  rand_stack.f3[664U] = 0U;
-  rand_stack.f3[665U] = 0U;
-  rand_stack.f3[666U] = 0U;
-  rand_stack.f3[667U] = 0U;
-  rand_stack.f3[668U] = 0U;
-  rand_stack.f3[669U] = 0U;
-  rand_stack.f3[670U] = 0U;
-  rand_stack.f3[671U] = 0U;
-  rand_stack.f3[672U] = 0U;
-  rand_stack.f3[673U] = 0U;
-  rand_stack.f3[674U] = 0U;
-  rand_stack.f3[675U] = 0U;
-  rand_stack.f3[676U] = 0U;
-  rand_stack.f3[677U] = 0U;
-  rand_stack.f3[678U] = 0U;
-  rand_stack.f3[679U] = 0U;
-  rand_stack.f3[680U] = 0U;
-  rand_stack.f3[681U] = 0U;
-  rand_stack.f3[682U] = 0U;
-  rand_stack.f3[683U] = 0U;
-  rand_stack.f3[684U] = 0U;
-  rand_stack.f3[685U] = 0U;
-  rand_stack.f3[686U] = 0U;
-  rand_stack.f3[687U] = 0U;
-  rand_stack.f3[688U] = 0U;
-  rand_stack.f3[689U] = 0U;
-  rand_stack.f3[690U] = 0U;
-  rand_stack.f3[691U] = 0U;
-  rand_stack.f3[692U] = 0U;
-  rand_stack.f3[693U] = 0U;
-  rand_stack.f3[694U] = 0U;
-  rand_stack.f3[695U] = 0U;
-  rand_stack.f3[696U] = 0U;
-  rand_stack.f3[697U] = 0U;
-  rand_stack.f3[698U] = 0U;
-  rand_stack.f3[699U] = 0U;
-  rand_stack.f3[700U] = 0U;
-  rand_stack.f3[701U] = 0U;
-  rand_stack.f3[702U] = 0U;
-  rand_stack.f3[703U] = 0U;
-  rand_stack.f3[704U] = 0U;
-  rand_stack.f3[705U] = 0U;
-  rand_stack.f3[706U] = 0U;
-  rand_stack.f3[707U] = 0U;
-  rand_stack.f3[708U] = 0U;
-  rand_stack.f3[709U] = 0U;
-  rand_stack.f3[710U] = 0U;
-  rand_stack.f3[711U] = 0U;
-  rand_stack.f3[712U] = 0U;
-  rand_stack.f3[713U] = 0U;
-  rand_stack.f3[714U] = 0U;
-  rand_stack.f3[715U] = 0U;
-  rand_stack.f3[716U] = 0U;
-  rand_stack.f3[717U] = 0U;
-  rand_stack.f3[718U] = 0U;
-  rand_stack.f3[719U] = 0U;
-  rand_stack.f3[720U] = 0U;
-  rand_stack.f3[721U] = 0U;
-  rand_stack.f3[722U] = 0U;
-  rand_stack.f3[723U] = 0U;
-  rand_stack.f3[724U] = 0U;
-  rand_stack.f3[725U] = 0U;
-  rand_stack.f3[726U] = 0U;
-  rand_stack.f3[727U] = 0U;
-  rand_stack.f3[728U] = 0U;
-  rand_stack.f3[729U] = 0U;
-  rand_stack.f3[730U] = 0U;
-  rand_stack.f3[731U] = 0U;
-  rand_stack.f3[732U] = 0U;
-  rand_stack.f3[733U] = 0U;
-  rand_stack.f3[734U] = 0U;
-  rand_stack.f3[735U] = 0U;
-  rand_stack.f3[736U] = 0U;
-  rand_stack.f3[737U] = 0U;
-  rand_stack.f3[738U] = 0U;
-  rand_stack.f3[739U] = 0U;
-  rand_stack.f3[740U] = 0U;
-  rand_stack.f3[741U] = 0U;
-  rand_stack.f3[742U] = 0U;
-  rand_stack.f3[743U] = 0U;
-  rand_stack.f3[744U] = 0U;
-  rand_stack.f3[745U] = 0U;
-  rand_stack.f3[746U] = 0U;
-  rand_stack.f3[747U] = 0U;
-  rand_stack.f3[748U] = 0U;
-  rand_stack.f3[749U] = 0U;
-  rand_stack.f3[750U] = 0U;
-  rand_stack.f3[751U] = 0U;
-  rand_stack.f3[752U] = 0U;
-  rand_stack.f3[753U] = 0U;
-  rand_stack.f3[754U] = 0U;
-  rand_stack.f3[755U] = 0U;
-  rand_stack.f3[756U] = 0U;
-  rand_stack.f3[757U] = 0U;
-  rand_stack.f3[758U] = 0U;
-  rand_stack.f3[759U] = 0U;
-  rand_stack.f3[760U] = 0U;
-  rand_stack.f3[761U] = 0U;
-  rand_stack.f3[762U] = 0U;
-  rand_stack.f3[763U] = 0U;
-  rand_stack.f3[764U] = 0U;
-  rand_stack.f3[765U] = 0U;
-  rand_stack.f3[766U] = 0U;
-  rand_stack.f3[767U] = 0U;
-  rand_stack.f3[768U] = 0U;
-  rand_stack.f3[769U] = 0U;
-  rand_stack.f3[770U] = 0U;
-  rand_stack.f3[771U] = 0U;
-  rand_stack.f3[772U] = 0U;
-  rand_stack.f3[773U] = 0U;
-  rand_stack.f3[774U] = 0U;
-  rand_stack.f3[775U] = 0U;
-  rand_stack.f3[776U] = 0U;
-  rand_stack.f3[777U] = 0U;
-  rand_stack.f3[778U] = 0U;
-  rand_stack.f3[779U] = 0U;
-  rand_stack.f3[780U] = 0U;
-  rand_stack.f3[781U] = 0U;
-  rand_stack.f3[782U] = 0U;
-  rand_stack.f3[783U] = 0U;
-  rand_stack.f3[784U] = 0U;
-  rand_stack.f3[785U] = 0U;
-  rand_stack.f3[786U] = 0U;
-  rand_stack.f3[787U] = 0U;
-  rand_stack.f3[788U] = 0U;
-  rand_stack.f3[789U] = 0U;
-  rand_stack.f3[790U] = 0U;
-  rand_stack.f3[791U] = 0U;
-  rand_stack.f3[792U] = 0U;
-  rand_stack.f3[793U] = 0U;
-  rand_stack.f3[794U] = 0U;
-  rand_stack.f3[795U] = 0U;
-  rand_stack.f3[796U] = 0U;
-  rand_stack.f3[797U] = 0U;
-  rand_stack.f3[798U] = 0U;
-  rand_stack.f3[799U] = 0U;
-  rand_stack.f3[800U] = 0U;
-  rand_stack.f3[801U] = 0U;
-  rand_stack.f3[802U] = 0U;
-  rand_stack.f3[803U] = 0U;
-  rand_stack.f3[804U] = 0U;
-  rand_stack.f3[805U] = 0U;
-  rand_stack.f3[806U] = 0U;
-  rand_stack.f3[807U] = 0U;
-  rand_stack.f3[808U] = 0U;
-  rand_stack.f3[809U] = 0U;
-  rand_stack.f3[810U] = 0U;
-  rand_stack.f3[811U] = 0U;
-  rand_stack.f3[812U] = 0U;
-  rand_stack.f3[813U] = 0U;
-  rand_stack.f3[814U] = 0U;
-  rand_stack.f3[815U] = 0U;
-  rand_stack.f3[816U] = 0U;
-  rand_stack.f3[817U] = 0U;
-  rand_stack.f3[818U] = 0U;
-  rand_stack.f3[819U] = 0U;
-  rand_stack.f3[820U] = 0U;
-  rand_stack.f3[821U] = 0U;
-  rand_stack.f3[822U] = 0U;
-  rand_stack.f3[823U] = 0U;
-  rand_stack.f3[824U] = 0U;
-  rand_stack.f3[825U] = 0U;
-  rand_stack.f3[826U] = 0U;
-  rand_stack.f3[827U] = 0U;
-  rand_stack.f3[828U] = 0U;
-  rand_stack.f3[829U] = 0U;
-  rand_stack.f3[830U] = 0U;
-  rand_stack.f3[831U] = 0U;
-  rand_stack.f3[832U] = 0U;
-  rand_stack.f3[833U] = 0U;
-  rand_stack.f3[834U] = 0U;
-  rand_stack.f3[835U] = 0U;
-  rand_stack.f3[836U] = 0U;
-  rand_stack.f3[837U] = 0U;
-  rand_stack.f3[838U] = 0U;
-  rand_stack.f3[839U] = 0U;
+  uint8_t rand_stack0[840U] = {0U};
+  uint8_t rand_stack1[840U] = {0U};
+  uint8_t rand_stack2[840U] = {0U};
+  uint8_t rand_stack3[840U] = {0U};
   int32_t tmp_stack[4U][263U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seed[34U];
@@ -5333,7 +3669,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}),
                          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed, A, &rand_stack,
+      copy_of_seed, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5344,7 +3680,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}),
                          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed0, A, &rand_stack,
+      copy_of_seed0, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5355,7 +3691,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}),
                          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed1, A, &rand_stack,
+      copy_of_seed1, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5366,7 +3702,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}),
                          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed2, A, &rand_stack,
+      copy_of_seed2, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5377,7 +3713,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}),
                          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed3, A, &rand_stack,
+      copy_of_seed3, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5388,7 +3724,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}),
                          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed4, A, &rand_stack,
+      copy_of_seed4, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5399,7 +3735,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}),
                          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed5, A, &rand_stack,
+      copy_of_seed5, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -5410,7 +3746,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(
                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}),
                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4(
-      copy_of_seed6, A, &rand_stack,
+      copy_of_seed6, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf,
       (size_t)2U);
   memcpy(ret, A,
diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
index 177e98ceb..13e99f9fc 100644
--- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+ * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
  */
 
 #ifndef __libcrux_mldsa65_portable_H
@@ -4166,13 +4166,6 @@ static inline void libcrux_ml_dsa_simd_portable_invert_ntt_montgomery_36(
 typedef struct libcrux_ml_dsa_samplex4_portable_PortableSampler_s {
 } libcrux_ml_dsa_samplex4_portable_PortableSampler;
 
-typedef struct uint8_t_840size_t__x4_s {
-  uint8_t fst[840U];
-  uint8_t snd[840U];
-  uint8_t thd[840U];
-  uint8_t f3[840U];
-} uint8_t_840size_t__x4;
-
 /**
 A monomorphic instance of K.
 with types uint8_t[4032size_t], uint8_t[1952size_t]
@@ -4274,6 +4267,19 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
   return done;
 }
 
+/**
+A monomorphic instance of libcrux_ml_dsa.sample.update_matrix
+with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit
+with const generics
+- ROWS_IN_A= 6
+- COLUMNS_IN_A= 5
+*/
+static inline void libcrux_ml_dsa_sample_update_matrix_2f(
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*m)[5U], size_t i,
+    size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_9b v) {
+  m[i][j] = v;
+}
+
 /**
 This function found in impl
 {libcrux_ml_dsa::polynomial::PolynomialRingElement<SIMDUnit>[TraitClause@0,
@@ -4326,8 +4332,9 @@ static KRML_MUSTINLINE void
 libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
     uint8_t seed0[34U],
     libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*matrix)[5U],
-    uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack,
-    uint8_t_x2 *indices, size_t elements_requested) {
+    uint8_t *rand_stack0, uint8_t *rand_stack1, uint8_t *rand_stack2,
+    uint8_t *rand_stack3, Eurydice_slice tmp_stack, uint8_t_x2 *indices,
+    size_t elements_requested) {
   uint16_t domain_separator0 =
       libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]);
   uint16_t domain_separator1 =
@@ -4357,33 +4364,32 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
           Eurydice_array_to_slice((size_t)34U, seed2, uint8_t),
           Eurydice_array_to_slice((size_t)34U, seed3, uint8_t));
   libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed(
-      &state, rand_stack->fst, rand_stack->snd, rand_stack->thd,
-      rand_stack->f3);
+      &state, rand_stack0, rand_stack1, rand_stack2, rand_stack3);
   size_t sampled0 = (size_t)0U;
   size_t sampled1 = (size_t)0U;
   size_t sampled2 = (size_t)0U;
   size_t sampled3 = (size_t)0U;
   bool done0 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack0, uint8_t),
           &sampled0,
           Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done1 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack1, uint8_t),
           &sampled1,
           Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done2 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack2, uint8_t),
           &sampled2,
           Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U],
                                int32_t(*)[263U]));
   bool done3 =
       libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba(
-          Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t),
+          Eurydice_array_to_slice((size_t)840U, rand_stack3, uint8_t),
           &sampled3,
           Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U],
                                int32_t(*)[263U]));
@@ -4561,12 +4567,15 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
     size_t uu____0 = k;
     uint8_t i = indices[uu____0].fst;
     uint8_t j = indices[uu____0].snd;
-    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 =
+    libcrux_ml_dsa_polynomial_PolynomialRingElement_9b(*uu____1)[5U] = matrix;
+    size_t uu____2 = (size_t)i;
+    size_t uu____3 = (size_t)j;
+    libcrux_ml_dsa_sample_update_matrix_2f(
+        uu____1, uu____2, uu____3,
         libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_array_to_slice(
             (size_t)263U,
             Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]),
-            int32_t));
-    matrix[(size_t)i][(size_t)j] = uu____1;
+            int32_t)));
   }
 }
 
@@ -4588,1691 +4597,10 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
     A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
     A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba();
   }
-  uint8_t uu____0[840U] = {0U};
-  uint8_t uu____1[840U] = {0U};
-  uint8_t_840size_t__x4 rand_stack;
-  rand_stack.fst[0U] = 0U;
-  rand_stack.fst[1U] = 0U;
-  rand_stack.fst[2U] = 0U;
-  rand_stack.fst[3U] = 0U;
-  rand_stack.fst[4U] = 0U;
-  rand_stack.fst[5U] = 0U;
-  rand_stack.fst[6U] = 0U;
-  rand_stack.fst[7U] = 0U;
-  rand_stack.fst[8U] = 0U;
-  rand_stack.fst[9U] = 0U;
-  rand_stack.fst[10U] = 0U;
-  rand_stack.fst[11U] = 0U;
-  rand_stack.fst[12U] = 0U;
-  rand_stack.fst[13U] = 0U;
-  rand_stack.fst[14U] = 0U;
-  rand_stack.fst[15U] = 0U;
-  rand_stack.fst[16U] = 0U;
-  rand_stack.fst[17U] = 0U;
-  rand_stack.fst[18U] = 0U;
-  rand_stack.fst[19U] = 0U;
-  rand_stack.fst[20U] = 0U;
-  rand_stack.fst[21U] = 0U;
-  rand_stack.fst[22U] = 0U;
-  rand_stack.fst[23U] = 0U;
-  rand_stack.fst[24U] = 0U;
-  rand_stack.fst[25U] = 0U;
-  rand_stack.fst[26U] = 0U;
-  rand_stack.fst[27U] = 0U;
-  rand_stack.fst[28U] = 0U;
-  rand_stack.fst[29U] = 0U;
-  rand_stack.fst[30U] = 0U;
-  rand_stack.fst[31U] = 0U;
-  rand_stack.fst[32U] = 0U;
-  rand_stack.fst[33U] = 0U;
-  rand_stack.fst[34U] = 0U;
-  rand_stack.fst[35U] = 0U;
-  rand_stack.fst[36U] = 0U;
-  rand_stack.fst[37U] = 0U;
-  rand_stack.fst[38U] = 0U;
-  rand_stack.fst[39U] = 0U;
-  rand_stack.fst[40U] = 0U;
-  rand_stack.fst[41U] = 0U;
-  rand_stack.fst[42U] = 0U;
-  rand_stack.fst[43U] = 0U;
-  rand_stack.fst[44U] = 0U;
-  rand_stack.fst[45U] = 0U;
-  rand_stack.fst[46U] = 0U;
-  rand_stack.fst[47U] = 0U;
-  rand_stack.fst[48U] = 0U;
-  rand_stack.fst[49U] = 0U;
-  rand_stack.fst[50U] = 0U;
-  rand_stack.fst[51U] = 0U;
-  rand_stack.fst[52U] = 0U;
-  rand_stack.fst[53U] = 0U;
-  rand_stack.fst[54U] = 0U;
-  rand_stack.fst[55U] = 0U;
-  rand_stack.fst[56U] = 0U;
-  rand_stack.fst[57U] = 0U;
-  rand_stack.fst[58U] = 0U;
-  rand_stack.fst[59U] = 0U;
-  rand_stack.fst[60U] = 0U;
-  rand_stack.fst[61U] = 0U;
-  rand_stack.fst[62U] = 0U;
-  rand_stack.fst[63U] = 0U;
-  rand_stack.fst[64U] = 0U;
-  rand_stack.fst[65U] = 0U;
-  rand_stack.fst[66U] = 0U;
-  rand_stack.fst[67U] = 0U;
-  rand_stack.fst[68U] = 0U;
-  rand_stack.fst[69U] = 0U;
-  rand_stack.fst[70U] = 0U;
-  rand_stack.fst[71U] = 0U;
-  rand_stack.fst[72U] = 0U;
-  rand_stack.fst[73U] = 0U;
-  rand_stack.fst[74U] = 0U;
-  rand_stack.fst[75U] = 0U;
-  rand_stack.fst[76U] = 0U;
-  rand_stack.fst[77U] = 0U;
-  rand_stack.fst[78U] = 0U;
-  rand_stack.fst[79U] = 0U;
-  rand_stack.fst[80U] = 0U;
-  rand_stack.fst[81U] = 0U;
-  rand_stack.fst[82U] = 0U;
-  rand_stack.fst[83U] = 0U;
-  rand_stack.fst[84U] = 0U;
-  rand_stack.fst[85U] = 0U;
-  rand_stack.fst[86U] = 0U;
-  rand_stack.fst[87U] = 0U;
-  rand_stack.fst[88U] = 0U;
-  rand_stack.fst[89U] = 0U;
-  rand_stack.fst[90U] = 0U;
-  rand_stack.fst[91U] = 0U;
-  rand_stack.fst[92U] = 0U;
-  rand_stack.fst[93U] = 0U;
-  rand_stack.fst[94U] = 0U;
-  rand_stack.fst[95U] = 0U;
-  rand_stack.fst[96U] = 0U;
-  rand_stack.fst[97U] = 0U;
-  rand_stack.fst[98U] = 0U;
-  rand_stack.fst[99U] = 0U;
-  rand_stack.fst[100U] = 0U;
-  rand_stack.fst[101U] = 0U;
-  rand_stack.fst[102U] = 0U;
-  rand_stack.fst[103U] = 0U;
-  rand_stack.fst[104U] = 0U;
-  rand_stack.fst[105U] = 0U;
-  rand_stack.fst[106U] = 0U;
-  rand_stack.fst[107U] = 0U;
-  rand_stack.fst[108U] = 0U;
-  rand_stack.fst[109U] = 0U;
-  rand_stack.fst[110U] = 0U;
-  rand_stack.fst[111U] = 0U;
-  rand_stack.fst[112U] = 0U;
-  rand_stack.fst[113U] = 0U;
-  rand_stack.fst[114U] = 0U;
-  rand_stack.fst[115U] = 0U;
-  rand_stack.fst[116U] = 0U;
-  rand_stack.fst[117U] = 0U;
-  rand_stack.fst[118U] = 0U;
-  rand_stack.fst[119U] = 0U;
-  rand_stack.fst[120U] = 0U;
-  rand_stack.fst[121U] = 0U;
-  rand_stack.fst[122U] = 0U;
-  rand_stack.fst[123U] = 0U;
-  rand_stack.fst[124U] = 0U;
-  rand_stack.fst[125U] = 0U;
-  rand_stack.fst[126U] = 0U;
-  rand_stack.fst[127U] = 0U;
-  rand_stack.fst[128U] = 0U;
-  rand_stack.fst[129U] = 0U;
-  rand_stack.fst[130U] = 0U;
-  rand_stack.fst[131U] = 0U;
-  rand_stack.fst[132U] = 0U;
-  rand_stack.fst[133U] = 0U;
-  rand_stack.fst[134U] = 0U;
-  rand_stack.fst[135U] = 0U;
-  rand_stack.fst[136U] = 0U;
-  rand_stack.fst[137U] = 0U;
-  rand_stack.fst[138U] = 0U;
-  rand_stack.fst[139U] = 0U;
-  rand_stack.fst[140U] = 0U;
-  rand_stack.fst[141U] = 0U;
-  rand_stack.fst[142U] = 0U;
-  rand_stack.fst[143U] = 0U;
-  rand_stack.fst[144U] = 0U;
-  rand_stack.fst[145U] = 0U;
-  rand_stack.fst[146U] = 0U;
-  rand_stack.fst[147U] = 0U;
-  rand_stack.fst[148U] = 0U;
-  rand_stack.fst[149U] = 0U;
-  rand_stack.fst[150U] = 0U;
-  rand_stack.fst[151U] = 0U;
-  rand_stack.fst[152U] = 0U;
-  rand_stack.fst[153U] = 0U;
-  rand_stack.fst[154U] = 0U;
-  rand_stack.fst[155U] = 0U;
-  rand_stack.fst[156U] = 0U;
-  rand_stack.fst[157U] = 0U;
-  rand_stack.fst[158U] = 0U;
-  rand_stack.fst[159U] = 0U;
-  rand_stack.fst[160U] = 0U;
-  rand_stack.fst[161U] = 0U;
-  rand_stack.fst[162U] = 0U;
-  rand_stack.fst[163U] = 0U;
-  rand_stack.fst[164U] = 0U;
-  rand_stack.fst[165U] = 0U;
-  rand_stack.fst[166U] = 0U;
-  rand_stack.fst[167U] = 0U;
-  rand_stack.fst[168U] = 0U;
-  rand_stack.fst[169U] = 0U;
-  rand_stack.fst[170U] = 0U;
-  rand_stack.fst[171U] = 0U;
-  rand_stack.fst[172U] = 0U;
-  rand_stack.fst[173U] = 0U;
-  rand_stack.fst[174U] = 0U;
-  rand_stack.fst[175U] = 0U;
-  rand_stack.fst[176U] = 0U;
-  rand_stack.fst[177U] = 0U;
-  rand_stack.fst[178U] = 0U;
-  rand_stack.fst[179U] = 0U;
-  rand_stack.fst[180U] = 0U;
-  rand_stack.fst[181U] = 0U;
-  rand_stack.fst[182U] = 0U;
-  rand_stack.fst[183U] = 0U;
-  rand_stack.fst[184U] = 0U;
-  rand_stack.fst[185U] = 0U;
-  rand_stack.fst[186U] = 0U;
-  rand_stack.fst[187U] = 0U;
-  rand_stack.fst[188U] = 0U;
-  rand_stack.fst[189U] = 0U;
-  rand_stack.fst[190U] = 0U;
-  rand_stack.fst[191U] = 0U;
-  rand_stack.fst[192U] = 0U;
-  rand_stack.fst[193U] = 0U;
-  rand_stack.fst[194U] = 0U;
-  rand_stack.fst[195U] = 0U;
-  rand_stack.fst[196U] = 0U;
-  rand_stack.fst[197U] = 0U;
-  rand_stack.fst[198U] = 0U;
-  rand_stack.fst[199U] = 0U;
-  rand_stack.fst[200U] = 0U;
-  rand_stack.fst[201U] = 0U;
-  rand_stack.fst[202U] = 0U;
-  rand_stack.fst[203U] = 0U;
-  rand_stack.fst[204U] = 0U;
-  rand_stack.fst[205U] = 0U;
-  rand_stack.fst[206U] = 0U;
-  rand_stack.fst[207U] = 0U;
-  rand_stack.fst[208U] = 0U;
-  rand_stack.fst[209U] = 0U;
-  rand_stack.fst[210U] = 0U;
-  rand_stack.fst[211U] = 0U;
-  rand_stack.fst[212U] = 0U;
-  rand_stack.fst[213U] = 0U;
-  rand_stack.fst[214U] = 0U;
-  rand_stack.fst[215U] = 0U;
-  rand_stack.fst[216U] = 0U;
-  rand_stack.fst[217U] = 0U;
-  rand_stack.fst[218U] = 0U;
-  rand_stack.fst[219U] = 0U;
-  rand_stack.fst[220U] = 0U;
-  rand_stack.fst[221U] = 0U;
-  rand_stack.fst[222U] = 0U;
-  rand_stack.fst[223U] = 0U;
-  rand_stack.fst[224U] = 0U;
-  rand_stack.fst[225U] = 0U;
-  rand_stack.fst[226U] = 0U;
-  rand_stack.fst[227U] = 0U;
-  rand_stack.fst[228U] = 0U;
-  rand_stack.fst[229U] = 0U;
-  rand_stack.fst[230U] = 0U;
-  rand_stack.fst[231U] = 0U;
-  rand_stack.fst[232U] = 0U;
-  rand_stack.fst[233U] = 0U;
-  rand_stack.fst[234U] = 0U;
-  rand_stack.fst[235U] = 0U;
-  rand_stack.fst[236U] = 0U;
-  rand_stack.fst[237U] = 0U;
-  rand_stack.fst[238U] = 0U;
-  rand_stack.fst[239U] = 0U;
-  rand_stack.fst[240U] = 0U;
-  rand_stack.fst[241U] = 0U;
-  rand_stack.fst[242U] = 0U;
-  rand_stack.fst[243U] = 0U;
-  rand_stack.fst[244U] = 0U;
-  rand_stack.fst[245U] = 0U;
-  rand_stack.fst[246U] = 0U;
-  rand_stack.fst[247U] = 0U;
-  rand_stack.fst[248U] = 0U;
-  rand_stack.fst[249U] = 0U;
-  rand_stack.fst[250U] = 0U;
-  rand_stack.fst[251U] = 0U;
-  rand_stack.fst[252U] = 0U;
-  rand_stack.fst[253U] = 0U;
-  rand_stack.fst[254U] = 0U;
-  rand_stack.fst[255U] = 0U;
-  rand_stack.fst[256U] = 0U;
-  rand_stack.fst[257U] = 0U;
-  rand_stack.fst[258U] = 0U;
-  rand_stack.fst[259U] = 0U;
-  rand_stack.fst[260U] = 0U;
-  rand_stack.fst[261U] = 0U;
-  rand_stack.fst[262U] = 0U;
-  rand_stack.fst[263U] = 0U;
-  rand_stack.fst[264U] = 0U;
-  rand_stack.fst[265U] = 0U;
-  rand_stack.fst[266U] = 0U;
-  rand_stack.fst[267U] = 0U;
-  rand_stack.fst[268U] = 0U;
-  rand_stack.fst[269U] = 0U;
-  rand_stack.fst[270U] = 0U;
-  rand_stack.fst[271U] = 0U;
-  rand_stack.fst[272U] = 0U;
-  rand_stack.fst[273U] = 0U;
-  rand_stack.fst[274U] = 0U;
-  rand_stack.fst[275U] = 0U;
-  rand_stack.fst[276U] = 0U;
-  rand_stack.fst[277U] = 0U;
-  rand_stack.fst[278U] = 0U;
-  rand_stack.fst[279U] = 0U;
-  rand_stack.fst[280U] = 0U;
-  rand_stack.fst[281U] = 0U;
-  rand_stack.fst[282U] = 0U;
-  rand_stack.fst[283U] = 0U;
-  rand_stack.fst[284U] = 0U;
-  rand_stack.fst[285U] = 0U;
-  rand_stack.fst[286U] = 0U;
-  rand_stack.fst[287U] = 0U;
-  rand_stack.fst[288U] = 0U;
-  rand_stack.fst[289U] = 0U;
-  rand_stack.fst[290U] = 0U;
-  rand_stack.fst[291U] = 0U;
-  rand_stack.fst[292U] = 0U;
-  rand_stack.fst[293U] = 0U;
-  rand_stack.fst[294U] = 0U;
-  rand_stack.fst[295U] = 0U;
-  rand_stack.fst[296U] = 0U;
-  rand_stack.fst[297U] = 0U;
-  rand_stack.fst[298U] = 0U;
-  rand_stack.fst[299U] = 0U;
-  rand_stack.fst[300U] = 0U;
-  rand_stack.fst[301U] = 0U;
-  rand_stack.fst[302U] = 0U;
-  rand_stack.fst[303U] = 0U;
-  rand_stack.fst[304U] = 0U;
-  rand_stack.fst[305U] = 0U;
-  rand_stack.fst[306U] = 0U;
-  rand_stack.fst[307U] = 0U;
-  rand_stack.fst[308U] = 0U;
-  rand_stack.fst[309U] = 0U;
-  rand_stack.fst[310U] = 0U;
-  rand_stack.fst[311U] = 0U;
-  rand_stack.fst[312U] = 0U;
-  rand_stack.fst[313U] = 0U;
-  rand_stack.fst[314U] = 0U;
-  rand_stack.fst[315U] = 0U;
-  rand_stack.fst[316U] = 0U;
-  rand_stack.fst[317U] = 0U;
-  rand_stack.fst[318U] = 0U;
-  rand_stack.fst[319U] = 0U;
-  rand_stack.fst[320U] = 0U;
-  rand_stack.fst[321U] = 0U;
-  rand_stack.fst[322U] = 0U;
-  rand_stack.fst[323U] = 0U;
-  rand_stack.fst[324U] = 0U;
-  rand_stack.fst[325U] = 0U;
-  rand_stack.fst[326U] = 0U;
-  rand_stack.fst[327U] = 0U;
-  rand_stack.fst[328U] = 0U;
-  rand_stack.fst[329U] = 0U;
-  rand_stack.fst[330U] = 0U;
-  rand_stack.fst[331U] = 0U;
-  rand_stack.fst[332U] = 0U;
-  rand_stack.fst[333U] = 0U;
-  rand_stack.fst[334U] = 0U;
-  rand_stack.fst[335U] = 0U;
-  rand_stack.fst[336U] = 0U;
-  rand_stack.fst[337U] = 0U;
-  rand_stack.fst[338U] = 0U;
-  rand_stack.fst[339U] = 0U;
-  rand_stack.fst[340U] = 0U;
-  rand_stack.fst[341U] = 0U;
-  rand_stack.fst[342U] = 0U;
-  rand_stack.fst[343U] = 0U;
-  rand_stack.fst[344U] = 0U;
-  rand_stack.fst[345U] = 0U;
-  rand_stack.fst[346U] = 0U;
-  rand_stack.fst[347U] = 0U;
-  rand_stack.fst[348U] = 0U;
-  rand_stack.fst[349U] = 0U;
-  rand_stack.fst[350U] = 0U;
-  rand_stack.fst[351U] = 0U;
-  rand_stack.fst[352U] = 0U;
-  rand_stack.fst[353U] = 0U;
-  rand_stack.fst[354U] = 0U;
-  rand_stack.fst[355U] = 0U;
-  rand_stack.fst[356U] = 0U;
-  rand_stack.fst[357U] = 0U;
-  rand_stack.fst[358U] = 0U;
-  rand_stack.fst[359U] = 0U;
-  rand_stack.fst[360U] = 0U;
-  rand_stack.fst[361U] = 0U;
-  rand_stack.fst[362U] = 0U;
-  rand_stack.fst[363U] = 0U;
-  rand_stack.fst[364U] = 0U;
-  rand_stack.fst[365U] = 0U;
-  rand_stack.fst[366U] = 0U;
-  rand_stack.fst[367U] = 0U;
-  rand_stack.fst[368U] = 0U;
-  rand_stack.fst[369U] = 0U;
-  rand_stack.fst[370U] = 0U;
-  rand_stack.fst[371U] = 0U;
-  rand_stack.fst[372U] = 0U;
-  rand_stack.fst[373U] = 0U;
-  rand_stack.fst[374U] = 0U;
-  rand_stack.fst[375U] = 0U;
-  rand_stack.fst[376U] = 0U;
-  rand_stack.fst[377U] = 0U;
-  rand_stack.fst[378U] = 0U;
-  rand_stack.fst[379U] = 0U;
-  rand_stack.fst[380U] = 0U;
-  rand_stack.fst[381U] = 0U;
-  rand_stack.fst[382U] = 0U;
-  rand_stack.fst[383U] = 0U;
-  rand_stack.fst[384U] = 0U;
-  rand_stack.fst[385U] = 0U;
-  rand_stack.fst[386U] = 0U;
-  rand_stack.fst[387U] = 0U;
-  rand_stack.fst[388U] = 0U;
-  rand_stack.fst[389U] = 0U;
-  rand_stack.fst[390U] = 0U;
-  rand_stack.fst[391U] = 0U;
-  rand_stack.fst[392U] = 0U;
-  rand_stack.fst[393U] = 0U;
-  rand_stack.fst[394U] = 0U;
-  rand_stack.fst[395U] = 0U;
-  rand_stack.fst[396U] = 0U;
-  rand_stack.fst[397U] = 0U;
-  rand_stack.fst[398U] = 0U;
-  rand_stack.fst[399U] = 0U;
-  rand_stack.fst[400U] = 0U;
-  rand_stack.fst[401U] = 0U;
-  rand_stack.fst[402U] = 0U;
-  rand_stack.fst[403U] = 0U;
-  rand_stack.fst[404U] = 0U;
-  rand_stack.fst[405U] = 0U;
-  rand_stack.fst[406U] = 0U;
-  rand_stack.fst[407U] = 0U;
-  rand_stack.fst[408U] = 0U;
-  rand_stack.fst[409U] = 0U;
-  rand_stack.fst[410U] = 0U;
-  rand_stack.fst[411U] = 0U;
-  rand_stack.fst[412U] = 0U;
-  rand_stack.fst[413U] = 0U;
-  rand_stack.fst[414U] = 0U;
-  rand_stack.fst[415U] = 0U;
-  rand_stack.fst[416U] = 0U;
-  rand_stack.fst[417U] = 0U;
-  rand_stack.fst[418U] = 0U;
-  rand_stack.fst[419U] = 0U;
-  rand_stack.fst[420U] = 0U;
-  rand_stack.fst[421U] = 0U;
-  rand_stack.fst[422U] = 0U;
-  rand_stack.fst[423U] = 0U;
-  rand_stack.fst[424U] = 0U;
-  rand_stack.fst[425U] = 0U;
-  rand_stack.fst[426U] = 0U;
-  rand_stack.fst[427U] = 0U;
-  rand_stack.fst[428U] = 0U;
-  rand_stack.fst[429U] = 0U;
-  rand_stack.fst[430U] = 0U;
-  rand_stack.fst[431U] = 0U;
-  rand_stack.fst[432U] = 0U;
-  rand_stack.fst[433U] = 0U;
-  rand_stack.fst[434U] = 0U;
-  rand_stack.fst[435U] = 0U;
-  rand_stack.fst[436U] = 0U;
-  rand_stack.fst[437U] = 0U;
-  rand_stack.fst[438U] = 0U;
-  rand_stack.fst[439U] = 0U;
-  rand_stack.fst[440U] = 0U;
-  rand_stack.fst[441U] = 0U;
-  rand_stack.fst[442U] = 0U;
-  rand_stack.fst[443U] = 0U;
-  rand_stack.fst[444U] = 0U;
-  rand_stack.fst[445U] = 0U;
-  rand_stack.fst[446U] = 0U;
-  rand_stack.fst[447U] = 0U;
-  rand_stack.fst[448U] = 0U;
-  rand_stack.fst[449U] = 0U;
-  rand_stack.fst[450U] = 0U;
-  rand_stack.fst[451U] = 0U;
-  rand_stack.fst[452U] = 0U;
-  rand_stack.fst[453U] = 0U;
-  rand_stack.fst[454U] = 0U;
-  rand_stack.fst[455U] = 0U;
-  rand_stack.fst[456U] = 0U;
-  rand_stack.fst[457U] = 0U;
-  rand_stack.fst[458U] = 0U;
-  rand_stack.fst[459U] = 0U;
-  rand_stack.fst[460U] = 0U;
-  rand_stack.fst[461U] = 0U;
-  rand_stack.fst[462U] = 0U;
-  rand_stack.fst[463U] = 0U;
-  rand_stack.fst[464U] = 0U;
-  rand_stack.fst[465U] = 0U;
-  rand_stack.fst[466U] = 0U;
-  rand_stack.fst[467U] = 0U;
-  rand_stack.fst[468U] = 0U;
-  rand_stack.fst[469U] = 0U;
-  rand_stack.fst[470U] = 0U;
-  rand_stack.fst[471U] = 0U;
-  rand_stack.fst[472U] = 0U;
-  rand_stack.fst[473U] = 0U;
-  rand_stack.fst[474U] = 0U;
-  rand_stack.fst[475U] = 0U;
-  rand_stack.fst[476U] = 0U;
-  rand_stack.fst[477U] = 0U;
-  rand_stack.fst[478U] = 0U;
-  rand_stack.fst[479U] = 0U;
-  rand_stack.fst[480U] = 0U;
-  rand_stack.fst[481U] = 0U;
-  rand_stack.fst[482U] = 0U;
-  rand_stack.fst[483U] = 0U;
-  rand_stack.fst[484U] = 0U;
-  rand_stack.fst[485U] = 0U;
-  rand_stack.fst[486U] = 0U;
-  rand_stack.fst[487U] = 0U;
-  rand_stack.fst[488U] = 0U;
-  rand_stack.fst[489U] = 0U;
-  rand_stack.fst[490U] = 0U;
-  rand_stack.fst[491U] = 0U;
-  rand_stack.fst[492U] = 0U;
-  rand_stack.fst[493U] = 0U;
-  rand_stack.fst[494U] = 0U;
-  rand_stack.fst[495U] = 0U;
-  rand_stack.fst[496U] = 0U;
-  rand_stack.fst[497U] = 0U;
-  rand_stack.fst[498U] = 0U;
-  rand_stack.fst[499U] = 0U;
-  rand_stack.fst[500U] = 0U;
-  rand_stack.fst[501U] = 0U;
-  rand_stack.fst[502U] = 0U;
-  rand_stack.fst[503U] = 0U;
-  rand_stack.fst[504U] = 0U;
-  rand_stack.fst[505U] = 0U;
-  rand_stack.fst[506U] = 0U;
-  rand_stack.fst[507U] = 0U;
-  rand_stack.fst[508U] = 0U;
-  rand_stack.fst[509U] = 0U;
-  rand_stack.fst[510U] = 0U;
-  rand_stack.fst[511U] = 0U;
-  rand_stack.fst[512U] = 0U;
-  rand_stack.fst[513U] = 0U;
-  rand_stack.fst[514U] = 0U;
-  rand_stack.fst[515U] = 0U;
-  rand_stack.fst[516U] = 0U;
-  rand_stack.fst[517U] = 0U;
-  rand_stack.fst[518U] = 0U;
-  rand_stack.fst[519U] = 0U;
-  rand_stack.fst[520U] = 0U;
-  rand_stack.fst[521U] = 0U;
-  rand_stack.fst[522U] = 0U;
-  rand_stack.fst[523U] = 0U;
-  rand_stack.fst[524U] = 0U;
-  rand_stack.fst[525U] = 0U;
-  rand_stack.fst[526U] = 0U;
-  rand_stack.fst[527U] = 0U;
-  rand_stack.fst[528U] = 0U;
-  rand_stack.fst[529U] = 0U;
-  rand_stack.fst[530U] = 0U;
-  rand_stack.fst[531U] = 0U;
-  rand_stack.fst[532U] = 0U;
-  rand_stack.fst[533U] = 0U;
-  rand_stack.fst[534U] = 0U;
-  rand_stack.fst[535U] = 0U;
-  rand_stack.fst[536U] = 0U;
-  rand_stack.fst[537U] = 0U;
-  rand_stack.fst[538U] = 0U;
-  rand_stack.fst[539U] = 0U;
-  rand_stack.fst[540U] = 0U;
-  rand_stack.fst[541U] = 0U;
-  rand_stack.fst[542U] = 0U;
-  rand_stack.fst[543U] = 0U;
-  rand_stack.fst[544U] = 0U;
-  rand_stack.fst[545U] = 0U;
-  rand_stack.fst[546U] = 0U;
-  rand_stack.fst[547U] = 0U;
-  rand_stack.fst[548U] = 0U;
-  rand_stack.fst[549U] = 0U;
-  rand_stack.fst[550U] = 0U;
-  rand_stack.fst[551U] = 0U;
-  rand_stack.fst[552U] = 0U;
-  rand_stack.fst[553U] = 0U;
-  rand_stack.fst[554U] = 0U;
-  rand_stack.fst[555U] = 0U;
-  rand_stack.fst[556U] = 0U;
-  rand_stack.fst[557U] = 0U;
-  rand_stack.fst[558U] = 0U;
-  rand_stack.fst[559U] = 0U;
-  rand_stack.fst[560U] = 0U;
-  rand_stack.fst[561U] = 0U;
-  rand_stack.fst[562U] = 0U;
-  rand_stack.fst[563U] = 0U;
-  rand_stack.fst[564U] = 0U;
-  rand_stack.fst[565U] = 0U;
-  rand_stack.fst[566U] = 0U;
-  rand_stack.fst[567U] = 0U;
-  rand_stack.fst[568U] = 0U;
-  rand_stack.fst[569U] = 0U;
-  rand_stack.fst[570U] = 0U;
-  rand_stack.fst[571U] = 0U;
-  rand_stack.fst[572U] = 0U;
-  rand_stack.fst[573U] = 0U;
-  rand_stack.fst[574U] = 0U;
-  rand_stack.fst[575U] = 0U;
-  rand_stack.fst[576U] = 0U;
-  rand_stack.fst[577U] = 0U;
-  rand_stack.fst[578U] = 0U;
-  rand_stack.fst[579U] = 0U;
-  rand_stack.fst[580U] = 0U;
-  rand_stack.fst[581U] = 0U;
-  rand_stack.fst[582U] = 0U;
-  rand_stack.fst[583U] = 0U;
-  rand_stack.fst[584U] = 0U;
-  rand_stack.fst[585U] = 0U;
-  rand_stack.fst[586U] = 0U;
-  rand_stack.fst[587U] = 0U;
-  rand_stack.fst[588U] = 0U;
-  rand_stack.fst[589U] = 0U;
-  rand_stack.fst[590U] = 0U;
-  rand_stack.fst[591U] = 0U;
-  rand_stack.fst[592U] = 0U;
-  rand_stack.fst[593U] = 0U;
-  rand_stack.fst[594U] = 0U;
-  rand_stack.fst[595U] = 0U;
-  rand_stack.fst[596U] = 0U;
-  rand_stack.fst[597U] = 0U;
-  rand_stack.fst[598U] = 0U;
-  rand_stack.fst[599U] = 0U;
-  rand_stack.fst[600U] = 0U;
-  rand_stack.fst[601U] = 0U;
-  rand_stack.fst[602U] = 0U;
-  rand_stack.fst[603U] = 0U;
-  rand_stack.fst[604U] = 0U;
-  rand_stack.fst[605U] = 0U;
-  rand_stack.fst[606U] = 0U;
-  rand_stack.fst[607U] = 0U;
-  rand_stack.fst[608U] = 0U;
-  rand_stack.fst[609U] = 0U;
-  rand_stack.fst[610U] = 0U;
-  rand_stack.fst[611U] = 0U;
-  rand_stack.fst[612U] = 0U;
-  rand_stack.fst[613U] = 0U;
-  rand_stack.fst[614U] = 0U;
-  rand_stack.fst[615U] = 0U;
-  rand_stack.fst[616U] = 0U;
-  rand_stack.fst[617U] = 0U;
-  rand_stack.fst[618U] = 0U;
-  rand_stack.fst[619U] = 0U;
-  rand_stack.fst[620U] = 0U;
-  rand_stack.fst[621U] = 0U;
-  rand_stack.fst[622U] = 0U;
-  rand_stack.fst[623U] = 0U;
-  rand_stack.fst[624U] = 0U;
-  rand_stack.fst[625U] = 0U;
-  rand_stack.fst[626U] = 0U;
-  rand_stack.fst[627U] = 0U;
-  rand_stack.fst[628U] = 0U;
-  rand_stack.fst[629U] = 0U;
-  rand_stack.fst[630U] = 0U;
-  rand_stack.fst[631U] = 0U;
-  rand_stack.fst[632U] = 0U;
-  rand_stack.fst[633U] = 0U;
-  rand_stack.fst[634U] = 0U;
-  rand_stack.fst[635U] = 0U;
-  rand_stack.fst[636U] = 0U;
-  rand_stack.fst[637U] = 0U;
-  rand_stack.fst[638U] = 0U;
-  rand_stack.fst[639U] = 0U;
-  rand_stack.fst[640U] = 0U;
-  rand_stack.fst[641U] = 0U;
-  rand_stack.fst[642U] = 0U;
-  rand_stack.fst[643U] = 0U;
-  rand_stack.fst[644U] = 0U;
-  rand_stack.fst[645U] = 0U;
-  rand_stack.fst[646U] = 0U;
-  rand_stack.fst[647U] = 0U;
-  rand_stack.fst[648U] = 0U;
-  rand_stack.fst[649U] = 0U;
-  rand_stack.fst[650U] = 0U;
-  rand_stack.fst[651U] = 0U;
-  rand_stack.fst[652U] = 0U;
-  rand_stack.fst[653U] = 0U;
-  rand_stack.fst[654U] = 0U;
-  rand_stack.fst[655U] = 0U;
-  rand_stack.fst[656U] = 0U;
-  rand_stack.fst[657U] = 0U;
-  rand_stack.fst[658U] = 0U;
-  rand_stack.fst[659U] = 0U;
-  rand_stack.fst[660U] = 0U;
-  rand_stack.fst[661U] = 0U;
-  rand_stack.fst[662U] = 0U;
-  rand_stack.fst[663U] = 0U;
-  rand_stack.fst[664U] = 0U;
-  rand_stack.fst[665U] = 0U;
-  rand_stack.fst[666U] = 0U;
-  rand_stack.fst[667U] = 0U;
-  rand_stack.fst[668U] = 0U;
-  rand_stack.fst[669U] = 0U;
-  rand_stack.fst[670U] = 0U;
-  rand_stack.fst[671U] = 0U;
-  rand_stack.fst[672U] = 0U;
-  rand_stack.fst[673U] = 0U;
-  rand_stack.fst[674U] = 0U;
-  rand_stack.fst[675U] = 0U;
-  rand_stack.fst[676U] = 0U;
-  rand_stack.fst[677U] = 0U;
-  rand_stack.fst[678U] = 0U;
-  rand_stack.fst[679U] = 0U;
-  rand_stack.fst[680U] = 0U;
-  rand_stack.fst[681U] = 0U;
-  rand_stack.fst[682U] = 0U;
-  rand_stack.fst[683U] = 0U;
-  rand_stack.fst[684U] = 0U;
-  rand_stack.fst[685U] = 0U;
-  rand_stack.fst[686U] = 0U;
-  rand_stack.fst[687U] = 0U;
-  rand_stack.fst[688U] = 0U;
-  rand_stack.fst[689U] = 0U;
-  rand_stack.fst[690U] = 0U;
-  rand_stack.fst[691U] = 0U;
-  rand_stack.fst[692U] = 0U;
-  rand_stack.fst[693U] = 0U;
-  rand_stack.fst[694U] = 0U;
-  rand_stack.fst[695U] = 0U;
-  rand_stack.fst[696U] = 0U;
-  rand_stack.fst[697U] = 0U;
-  rand_stack.fst[698U] = 0U;
-  rand_stack.fst[699U] = 0U;
-  rand_stack.fst[700U] = 0U;
-  rand_stack.fst[701U] = 0U;
-  rand_stack.fst[702U] = 0U;
-  rand_stack.fst[703U] = 0U;
-  rand_stack.fst[704U] = 0U;
-  rand_stack.fst[705U] = 0U;
-  rand_stack.fst[706U] = 0U;
-  rand_stack.fst[707U] = 0U;
-  rand_stack.fst[708U] = 0U;
-  rand_stack.fst[709U] = 0U;
-  rand_stack.fst[710U] = 0U;
-  rand_stack.fst[711U] = 0U;
-  rand_stack.fst[712U] = 0U;
-  rand_stack.fst[713U] = 0U;
-  rand_stack.fst[714U] = 0U;
-  rand_stack.fst[715U] = 0U;
-  rand_stack.fst[716U] = 0U;
-  rand_stack.fst[717U] = 0U;
-  rand_stack.fst[718U] = 0U;
-  rand_stack.fst[719U] = 0U;
-  rand_stack.fst[720U] = 0U;
-  rand_stack.fst[721U] = 0U;
-  rand_stack.fst[722U] = 0U;
-  rand_stack.fst[723U] = 0U;
-  rand_stack.fst[724U] = 0U;
-  rand_stack.fst[725U] = 0U;
-  rand_stack.fst[726U] = 0U;
-  rand_stack.fst[727U] = 0U;
-  rand_stack.fst[728U] = 0U;
-  rand_stack.fst[729U] = 0U;
-  rand_stack.fst[730U] = 0U;
-  rand_stack.fst[731U] = 0U;
-  rand_stack.fst[732U] = 0U;
-  rand_stack.fst[733U] = 0U;
-  rand_stack.fst[734U] = 0U;
-  rand_stack.fst[735U] = 0U;
-  rand_stack.fst[736U] = 0U;
-  rand_stack.fst[737U] = 0U;
-  rand_stack.fst[738U] = 0U;
-  rand_stack.fst[739U] = 0U;
-  rand_stack.fst[740U] = 0U;
-  rand_stack.fst[741U] = 0U;
-  rand_stack.fst[742U] = 0U;
-  rand_stack.fst[743U] = 0U;
-  rand_stack.fst[744U] = 0U;
-  rand_stack.fst[745U] = 0U;
-  rand_stack.fst[746U] = 0U;
-  rand_stack.fst[747U] = 0U;
-  rand_stack.fst[748U] = 0U;
-  rand_stack.fst[749U] = 0U;
-  rand_stack.fst[750U] = 0U;
-  rand_stack.fst[751U] = 0U;
-  rand_stack.fst[752U] = 0U;
-  rand_stack.fst[753U] = 0U;
-  rand_stack.fst[754U] = 0U;
-  rand_stack.fst[755U] = 0U;
-  rand_stack.fst[756U] = 0U;
-  rand_stack.fst[757U] = 0U;
-  rand_stack.fst[758U] = 0U;
-  rand_stack.fst[759U] = 0U;
-  rand_stack.fst[760U] = 0U;
-  rand_stack.fst[761U] = 0U;
-  rand_stack.fst[762U] = 0U;
-  rand_stack.fst[763U] = 0U;
-  rand_stack.fst[764U] = 0U;
-  rand_stack.fst[765U] = 0U;
-  rand_stack.fst[766U] = 0U;
-  rand_stack.fst[767U] = 0U;
-  rand_stack.fst[768U] = 0U;
-  rand_stack.fst[769U] = 0U;
-  rand_stack.fst[770U] = 0U;
-  rand_stack.fst[771U] = 0U;
-  rand_stack.fst[772U] = 0U;
-  rand_stack.fst[773U] = 0U;
-  rand_stack.fst[774U] = 0U;
-  rand_stack.fst[775U] = 0U;
-  rand_stack.fst[776U] = 0U;
-  rand_stack.fst[777U] = 0U;
-  rand_stack.fst[778U] = 0U;
-  rand_stack.fst[779U] = 0U;
-  rand_stack.fst[780U] = 0U;
-  rand_stack.fst[781U] = 0U;
-  rand_stack.fst[782U] = 0U;
-  rand_stack.fst[783U] = 0U;
-  rand_stack.fst[784U] = 0U;
-  rand_stack.fst[785U] = 0U;
-  rand_stack.fst[786U] = 0U;
-  rand_stack.fst[787U] = 0U;
-  rand_stack.fst[788U] = 0U;
-  rand_stack.fst[789U] = 0U;
-  rand_stack.fst[790U] = 0U;
-  rand_stack.fst[791U] = 0U;
-  rand_stack.fst[792U] = 0U;
-  rand_stack.fst[793U] = 0U;
-  rand_stack.fst[794U] = 0U;
-  rand_stack.fst[795U] = 0U;
-  rand_stack.fst[796U] = 0U;
-  rand_stack.fst[797U] = 0U;
-  rand_stack.fst[798U] = 0U;
-  rand_stack.fst[799U] = 0U;
-  rand_stack.fst[800U] = 0U;
-  rand_stack.fst[801U] = 0U;
-  rand_stack.fst[802U] = 0U;
-  rand_stack.fst[803U] = 0U;
-  rand_stack.fst[804U] = 0U;
-  rand_stack.fst[805U] = 0U;
-  rand_stack.fst[806U] = 0U;
-  rand_stack.fst[807U] = 0U;
-  rand_stack.fst[808U] = 0U;
-  rand_stack.fst[809U] = 0U;
-  rand_stack.fst[810U] = 0U;
-  rand_stack.fst[811U] = 0U;
-  rand_stack.fst[812U] = 0U;
-  rand_stack.fst[813U] = 0U;
-  rand_stack.fst[814U] = 0U;
-  rand_stack.fst[815U] = 0U;
-  rand_stack.fst[816U] = 0U;
-  rand_stack.fst[817U] = 0U;
-  rand_stack.fst[818U] = 0U;
-  rand_stack.fst[819U] = 0U;
-  rand_stack.fst[820U] = 0U;
-  rand_stack.fst[821U] = 0U;
-  rand_stack.fst[822U] = 0U;
-  rand_stack.fst[823U] = 0U;
-  rand_stack.fst[824U] = 0U;
-  rand_stack.fst[825U] = 0U;
-  rand_stack.fst[826U] = 0U;
-  rand_stack.fst[827U] = 0U;
-  rand_stack.fst[828U] = 0U;
-  rand_stack.fst[829U] = 0U;
-  rand_stack.fst[830U] = 0U;
-  rand_stack.fst[831U] = 0U;
-  rand_stack.fst[832U] = 0U;
-  rand_stack.fst[833U] = 0U;
-  rand_stack.fst[834U] = 0U;
-  rand_stack.fst[835U] = 0U;
-  rand_stack.fst[836U] = 0U;
-  rand_stack.fst[837U] = 0U;
-  rand_stack.fst[838U] = 0U;
-  rand_stack.fst[839U] = 0U;
-  memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t));
-  memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t));
-  rand_stack.f3[0U] = 0U;
-  rand_stack.f3[1U] = 0U;
-  rand_stack.f3[2U] = 0U;
-  rand_stack.f3[3U] = 0U;
-  rand_stack.f3[4U] = 0U;
-  rand_stack.f3[5U] = 0U;
-  rand_stack.f3[6U] = 0U;
-  rand_stack.f3[7U] = 0U;
-  rand_stack.f3[8U] = 0U;
-  rand_stack.f3[9U] = 0U;
-  rand_stack.f3[10U] = 0U;
-  rand_stack.f3[11U] = 0U;
-  rand_stack.f3[12U] = 0U;
-  rand_stack.f3[13U] = 0U;
-  rand_stack.f3[14U] = 0U;
-  rand_stack.f3[15U] = 0U;
-  rand_stack.f3[16U] = 0U;
-  rand_stack.f3[17U] = 0U;
-  rand_stack.f3[18U] = 0U;
-  rand_stack.f3[19U] = 0U;
-  rand_stack.f3[20U] = 0U;
-  rand_stack.f3[21U] = 0U;
-  rand_stack.f3[22U] = 0U;
-  rand_stack.f3[23U] = 0U;
-  rand_stack.f3[24U] = 0U;
-  rand_stack.f3[25U] = 0U;
-  rand_stack.f3[26U] = 0U;
-  rand_stack.f3[27U] = 0U;
-  rand_stack.f3[28U] = 0U;
-  rand_stack.f3[29U] = 0U;
-  rand_stack.f3[30U] = 0U;
-  rand_stack.f3[31U] = 0U;
-  rand_stack.f3[32U] = 0U;
-  rand_stack.f3[33U] = 0U;
-  rand_stack.f3[34U] = 0U;
-  rand_stack.f3[35U] = 0U;
-  rand_stack.f3[36U] = 0U;
-  rand_stack.f3[37U] = 0U;
-  rand_stack.f3[38U] = 0U;
-  rand_stack.f3[39U] = 0U;
-  rand_stack.f3[40U] = 0U;
-  rand_stack.f3[41U] = 0U;
-  rand_stack.f3[42U] = 0U;
-  rand_stack.f3[43U] = 0U;
-  rand_stack.f3[44U] = 0U;
-  rand_stack.f3[45U] = 0U;
-  rand_stack.f3[46U] = 0U;
-  rand_stack.f3[47U] = 0U;
-  rand_stack.f3[48U] = 0U;
-  rand_stack.f3[49U] = 0U;
-  rand_stack.f3[50U] = 0U;
-  rand_stack.f3[51U] = 0U;
-  rand_stack.f3[52U] = 0U;
-  rand_stack.f3[53U] = 0U;
-  rand_stack.f3[54U] = 0U;
-  rand_stack.f3[55U] = 0U;
-  rand_stack.f3[56U] = 0U;
-  rand_stack.f3[57U] = 0U;
-  rand_stack.f3[58U] = 0U;
-  rand_stack.f3[59U] = 0U;
-  rand_stack.f3[60U] = 0U;
-  rand_stack.f3[61U] = 0U;
-  rand_stack.f3[62U] = 0U;
-  rand_stack.f3[63U] = 0U;
-  rand_stack.f3[64U] = 0U;
-  rand_stack.f3[65U] = 0U;
-  rand_stack.f3[66U] = 0U;
-  rand_stack.f3[67U] = 0U;
-  rand_stack.f3[68U] = 0U;
-  rand_stack.f3[69U] = 0U;
-  rand_stack.f3[70U] = 0U;
-  rand_stack.f3[71U] = 0U;
-  rand_stack.f3[72U] = 0U;
-  rand_stack.f3[73U] = 0U;
-  rand_stack.f3[74U] = 0U;
-  rand_stack.f3[75U] = 0U;
-  rand_stack.f3[76U] = 0U;
-  rand_stack.f3[77U] = 0U;
-  rand_stack.f3[78U] = 0U;
-  rand_stack.f3[79U] = 0U;
-  rand_stack.f3[80U] = 0U;
-  rand_stack.f3[81U] = 0U;
-  rand_stack.f3[82U] = 0U;
-  rand_stack.f3[83U] = 0U;
-  rand_stack.f3[84U] = 0U;
-  rand_stack.f3[85U] = 0U;
-  rand_stack.f3[86U] = 0U;
-  rand_stack.f3[87U] = 0U;
-  rand_stack.f3[88U] = 0U;
-  rand_stack.f3[89U] = 0U;
-  rand_stack.f3[90U] = 0U;
-  rand_stack.f3[91U] = 0U;
-  rand_stack.f3[92U] = 0U;
-  rand_stack.f3[93U] = 0U;
-  rand_stack.f3[94U] = 0U;
-  rand_stack.f3[95U] = 0U;
-  rand_stack.f3[96U] = 0U;
-  rand_stack.f3[97U] = 0U;
-  rand_stack.f3[98U] = 0U;
-  rand_stack.f3[99U] = 0U;
-  rand_stack.f3[100U] = 0U;
-  rand_stack.f3[101U] = 0U;
-  rand_stack.f3[102U] = 0U;
-  rand_stack.f3[103U] = 0U;
-  rand_stack.f3[104U] = 0U;
-  rand_stack.f3[105U] = 0U;
-  rand_stack.f3[106U] = 0U;
-  rand_stack.f3[107U] = 0U;
-  rand_stack.f3[108U] = 0U;
-  rand_stack.f3[109U] = 0U;
-  rand_stack.f3[110U] = 0U;
-  rand_stack.f3[111U] = 0U;
-  rand_stack.f3[112U] = 0U;
-  rand_stack.f3[113U] = 0U;
-  rand_stack.f3[114U] = 0U;
-  rand_stack.f3[115U] = 0U;
-  rand_stack.f3[116U] = 0U;
-  rand_stack.f3[117U] = 0U;
-  rand_stack.f3[118U] = 0U;
-  rand_stack.f3[119U] = 0U;
-  rand_stack.f3[120U] = 0U;
-  rand_stack.f3[121U] = 0U;
-  rand_stack.f3[122U] = 0U;
-  rand_stack.f3[123U] = 0U;
-  rand_stack.f3[124U] = 0U;
-  rand_stack.f3[125U] = 0U;
-  rand_stack.f3[126U] = 0U;
-  rand_stack.f3[127U] = 0U;
-  rand_stack.f3[128U] = 0U;
-  rand_stack.f3[129U] = 0U;
-  rand_stack.f3[130U] = 0U;
-  rand_stack.f3[131U] = 0U;
-  rand_stack.f3[132U] = 0U;
-  rand_stack.f3[133U] = 0U;
-  rand_stack.f3[134U] = 0U;
-  rand_stack.f3[135U] = 0U;
-  rand_stack.f3[136U] = 0U;
-  rand_stack.f3[137U] = 0U;
-  rand_stack.f3[138U] = 0U;
-  rand_stack.f3[139U] = 0U;
-  rand_stack.f3[140U] = 0U;
-  rand_stack.f3[141U] = 0U;
-  rand_stack.f3[142U] = 0U;
-  rand_stack.f3[143U] = 0U;
-  rand_stack.f3[144U] = 0U;
-  rand_stack.f3[145U] = 0U;
-  rand_stack.f3[146U] = 0U;
-  rand_stack.f3[147U] = 0U;
-  rand_stack.f3[148U] = 0U;
-  rand_stack.f3[149U] = 0U;
-  rand_stack.f3[150U] = 0U;
-  rand_stack.f3[151U] = 0U;
-  rand_stack.f3[152U] = 0U;
-  rand_stack.f3[153U] = 0U;
-  rand_stack.f3[154U] = 0U;
-  rand_stack.f3[155U] = 0U;
-  rand_stack.f3[156U] = 0U;
-  rand_stack.f3[157U] = 0U;
-  rand_stack.f3[158U] = 0U;
-  rand_stack.f3[159U] = 0U;
-  rand_stack.f3[160U] = 0U;
-  rand_stack.f3[161U] = 0U;
-  rand_stack.f3[162U] = 0U;
-  rand_stack.f3[163U] = 0U;
-  rand_stack.f3[164U] = 0U;
-  rand_stack.f3[165U] = 0U;
-  rand_stack.f3[166U] = 0U;
-  rand_stack.f3[167U] = 0U;
-  rand_stack.f3[168U] = 0U;
-  rand_stack.f3[169U] = 0U;
-  rand_stack.f3[170U] = 0U;
-  rand_stack.f3[171U] = 0U;
-  rand_stack.f3[172U] = 0U;
-  rand_stack.f3[173U] = 0U;
-  rand_stack.f3[174U] = 0U;
-  rand_stack.f3[175U] = 0U;
-  rand_stack.f3[176U] = 0U;
-  rand_stack.f3[177U] = 0U;
-  rand_stack.f3[178U] = 0U;
-  rand_stack.f3[179U] = 0U;
-  rand_stack.f3[180U] = 0U;
-  rand_stack.f3[181U] = 0U;
-  rand_stack.f3[182U] = 0U;
-  rand_stack.f3[183U] = 0U;
-  rand_stack.f3[184U] = 0U;
-  rand_stack.f3[185U] = 0U;
-  rand_stack.f3[186U] = 0U;
-  rand_stack.f3[187U] = 0U;
-  rand_stack.f3[188U] = 0U;
-  rand_stack.f3[189U] = 0U;
-  rand_stack.f3[190U] = 0U;
-  rand_stack.f3[191U] = 0U;
-  rand_stack.f3[192U] = 0U;
-  rand_stack.f3[193U] = 0U;
-  rand_stack.f3[194U] = 0U;
-  rand_stack.f3[195U] = 0U;
-  rand_stack.f3[196U] = 0U;
-  rand_stack.f3[197U] = 0U;
-  rand_stack.f3[198U] = 0U;
-  rand_stack.f3[199U] = 0U;
-  rand_stack.f3[200U] = 0U;
-  rand_stack.f3[201U] = 0U;
-  rand_stack.f3[202U] = 0U;
-  rand_stack.f3[203U] = 0U;
-  rand_stack.f3[204U] = 0U;
-  rand_stack.f3[205U] = 0U;
-  rand_stack.f3[206U] = 0U;
-  rand_stack.f3[207U] = 0U;
-  rand_stack.f3[208U] = 0U;
-  rand_stack.f3[209U] = 0U;
-  rand_stack.f3[210U] = 0U;
-  rand_stack.f3[211U] = 0U;
-  rand_stack.f3[212U] = 0U;
-  rand_stack.f3[213U] = 0U;
-  rand_stack.f3[214U] = 0U;
-  rand_stack.f3[215U] = 0U;
-  rand_stack.f3[216U] = 0U;
-  rand_stack.f3[217U] = 0U;
-  rand_stack.f3[218U] = 0U;
-  rand_stack.f3[219U] = 0U;
-  rand_stack.f3[220U] = 0U;
-  rand_stack.f3[221U] = 0U;
-  rand_stack.f3[222U] = 0U;
-  rand_stack.f3[223U] = 0U;
-  rand_stack.f3[224U] = 0U;
-  rand_stack.f3[225U] = 0U;
-  rand_stack.f3[226U] = 0U;
-  rand_stack.f3[227U] = 0U;
-  rand_stack.f3[228U] = 0U;
-  rand_stack.f3[229U] = 0U;
-  rand_stack.f3[230U] = 0U;
-  rand_stack.f3[231U] = 0U;
-  rand_stack.f3[232U] = 0U;
-  rand_stack.f3[233U] = 0U;
-  rand_stack.f3[234U] = 0U;
-  rand_stack.f3[235U] = 0U;
-  rand_stack.f3[236U] = 0U;
-  rand_stack.f3[237U] = 0U;
-  rand_stack.f3[238U] = 0U;
-  rand_stack.f3[239U] = 0U;
-  rand_stack.f3[240U] = 0U;
-  rand_stack.f3[241U] = 0U;
-  rand_stack.f3[242U] = 0U;
-  rand_stack.f3[243U] = 0U;
-  rand_stack.f3[244U] = 0U;
-  rand_stack.f3[245U] = 0U;
-  rand_stack.f3[246U] = 0U;
-  rand_stack.f3[247U] = 0U;
-  rand_stack.f3[248U] = 0U;
-  rand_stack.f3[249U] = 0U;
-  rand_stack.f3[250U] = 0U;
-  rand_stack.f3[251U] = 0U;
-  rand_stack.f3[252U] = 0U;
-  rand_stack.f3[253U] = 0U;
-  rand_stack.f3[254U] = 0U;
-  rand_stack.f3[255U] = 0U;
-  rand_stack.f3[256U] = 0U;
-  rand_stack.f3[257U] = 0U;
-  rand_stack.f3[258U] = 0U;
-  rand_stack.f3[259U] = 0U;
-  rand_stack.f3[260U] = 0U;
-  rand_stack.f3[261U] = 0U;
-  rand_stack.f3[262U] = 0U;
-  rand_stack.f3[263U] = 0U;
-  rand_stack.f3[264U] = 0U;
-  rand_stack.f3[265U] = 0U;
-  rand_stack.f3[266U] = 0U;
-  rand_stack.f3[267U] = 0U;
-  rand_stack.f3[268U] = 0U;
-  rand_stack.f3[269U] = 0U;
-  rand_stack.f3[270U] = 0U;
-  rand_stack.f3[271U] = 0U;
-  rand_stack.f3[272U] = 0U;
-  rand_stack.f3[273U] = 0U;
-  rand_stack.f3[274U] = 0U;
-  rand_stack.f3[275U] = 0U;
-  rand_stack.f3[276U] = 0U;
-  rand_stack.f3[277U] = 0U;
-  rand_stack.f3[278U] = 0U;
-  rand_stack.f3[279U] = 0U;
-  rand_stack.f3[280U] = 0U;
-  rand_stack.f3[281U] = 0U;
-  rand_stack.f3[282U] = 0U;
-  rand_stack.f3[283U] = 0U;
-  rand_stack.f3[284U] = 0U;
-  rand_stack.f3[285U] = 0U;
-  rand_stack.f3[286U] = 0U;
-  rand_stack.f3[287U] = 0U;
-  rand_stack.f3[288U] = 0U;
-  rand_stack.f3[289U] = 0U;
-  rand_stack.f3[290U] = 0U;
-  rand_stack.f3[291U] = 0U;
-  rand_stack.f3[292U] = 0U;
-  rand_stack.f3[293U] = 0U;
-  rand_stack.f3[294U] = 0U;
-  rand_stack.f3[295U] = 0U;
-  rand_stack.f3[296U] = 0U;
-  rand_stack.f3[297U] = 0U;
-  rand_stack.f3[298U] = 0U;
-  rand_stack.f3[299U] = 0U;
-  rand_stack.f3[300U] = 0U;
-  rand_stack.f3[301U] = 0U;
-  rand_stack.f3[302U] = 0U;
-  rand_stack.f3[303U] = 0U;
-  rand_stack.f3[304U] = 0U;
-  rand_stack.f3[305U] = 0U;
-  rand_stack.f3[306U] = 0U;
-  rand_stack.f3[307U] = 0U;
-  rand_stack.f3[308U] = 0U;
-  rand_stack.f3[309U] = 0U;
-  rand_stack.f3[310U] = 0U;
-  rand_stack.f3[311U] = 0U;
-  rand_stack.f3[312U] = 0U;
-  rand_stack.f3[313U] = 0U;
-  rand_stack.f3[314U] = 0U;
-  rand_stack.f3[315U] = 0U;
-  rand_stack.f3[316U] = 0U;
-  rand_stack.f3[317U] = 0U;
-  rand_stack.f3[318U] = 0U;
-  rand_stack.f3[319U] = 0U;
-  rand_stack.f3[320U] = 0U;
-  rand_stack.f3[321U] = 0U;
-  rand_stack.f3[322U] = 0U;
-  rand_stack.f3[323U] = 0U;
-  rand_stack.f3[324U] = 0U;
-  rand_stack.f3[325U] = 0U;
-  rand_stack.f3[326U] = 0U;
-  rand_stack.f3[327U] = 0U;
-  rand_stack.f3[328U] = 0U;
-  rand_stack.f3[329U] = 0U;
-  rand_stack.f3[330U] = 0U;
-  rand_stack.f3[331U] = 0U;
-  rand_stack.f3[332U] = 0U;
-  rand_stack.f3[333U] = 0U;
-  rand_stack.f3[334U] = 0U;
-  rand_stack.f3[335U] = 0U;
-  rand_stack.f3[336U] = 0U;
-  rand_stack.f3[337U] = 0U;
-  rand_stack.f3[338U] = 0U;
-  rand_stack.f3[339U] = 0U;
-  rand_stack.f3[340U] = 0U;
-  rand_stack.f3[341U] = 0U;
-  rand_stack.f3[342U] = 0U;
-  rand_stack.f3[343U] = 0U;
-  rand_stack.f3[344U] = 0U;
-  rand_stack.f3[345U] = 0U;
-  rand_stack.f3[346U] = 0U;
-  rand_stack.f3[347U] = 0U;
-  rand_stack.f3[348U] = 0U;
-  rand_stack.f3[349U] = 0U;
-  rand_stack.f3[350U] = 0U;
-  rand_stack.f3[351U] = 0U;
-  rand_stack.f3[352U] = 0U;
-  rand_stack.f3[353U] = 0U;
-  rand_stack.f3[354U] = 0U;
-  rand_stack.f3[355U] = 0U;
-  rand_stack.f3[356U] = 0U;
-  rand_stack.f3[357U] = 0U;
-  rand_stack.f3[358U] = 0U;
-  rand_stack.f3[359U] = 0U;
-  rand_stack.f3[360U] = 0U;
-  rand_stack.f3[361U] = 0U;
-  rand_stack.f3[362U] = 0U;
-  rand_stack.f3[363U] = 0U;
-  rand_stack.f3[364U] = 0U;
-  rand_stack.f3[365U] = 0U;
-  rand_stack.f3[366U] = 0U;
-  rand_stack.f3[367U] = 0U;
-  rand_stack.f3[368U] = 0U;
-  rand_stack.f3[369U] = 0U;
-  rand_stack.f3[370U] = 0U;
-  rand_stack.f3[371U] = 0U;
-  rand_stack.f3[372U] = 0U;
-  rand_stack.f3[373U] = 0U;
-  rand_stack.f3[374U] = 0U;
-  rand_stack.f3[375U] = 0U;
-  rand_stack.f3[376U] = 0U;
-  rand_stack.f3[377U] = 0U;
-  rand_stack.f3[378U] = 0U;
-  rand_stack.f3[379U] = 0U;
-  rand_stack.f3[380U] = 0U;
-  rand_stack.f3[381U] = 0U;
-  rand_stack.f3[382U] = 0U;
-  rand_stack.f3[383U] = 0U;
-  rand_stack.f3[384U] = 0U;
-  rand_stack.f3[385U] = 0U;
-  rand_stack.f3[386U] = 0U;
-  rand_stack.f3[387U] = 0U;
-  rand_stack.f3[388U] = 0U;
-  rand_stack.f3[389U] = 0U;
-  rand_stack.f3[390U] = 0U;
-  rand_stack.f3[391U] = 0U;
-  rand_stack.f3[392U] = 0U;
-  rand_stack.f3[393U] = 0U;
-  rand_stack.f3[394U] = 0U;
-  rand_stack.f3[395U] = 0U;
-  rand_stack.f3[396U] = 0U;
-  rand_stack.f3[397U] = 0U;
-  rand_stack.f3[398U] = 0U;
-  rand_stack.f3[399U] = 0U;
-  rand_stack.f3[400U] = 0U;
-  rand_stack.f3[401U] = 0U;
-  rand_stack.f3[402U] = 0U;
-  rand_stack.f3[403U] = 0U;
-  rand_stack.f3[404U] = 0U;
-  rand_stack.f3[405U] = 0U;
-  rand_stack.f3[406U] = 0U;
-  rand_stack.f3[407U] = 0U;
-  rand_stack.f3[408U] = 0U;
-  rand_stack.f3[409U] = 0U;
-  rand_stack.f3[410U] = 0U;
-  rand_stack.f3[411U] = 0U;
-  rand_stack.f3[412U] = 0U;
-  rand_stack.f3[413U] = 0U;
-  rand_stack.f3[414U] = 0U;
-  rand_stack.f3[415U] = 0U;
-  rand_stack.f3[416U] = 0U;
-  rand_stack.f3[417U] = 0U;
-  rand_stack.f3[418U] = 0U;
-  rand_stack.f3[419U] = 0U;
-  rand_stack.f3[420U] = 0U;
-  rand_stack.f3[421U] = 0U;
-  rand_stack.f3[422U] = 0U;
-  rand_stack.f3[423U] = 0U;
-  rand_stack.f3[424U] = 0U;
-  rand_stack.f3[425U] = 0U;
-  rand_stack.f3[426U] = 0U;
-  rand_stack.f3[427U] = 0U;
-  rand_stack.f3[428U] = 0U;
-  rand_stack.f3[429U] = 0U;
-  rand_stack.f3[430U] = 0U;
-  rand_stack.f3[431U] = 0U;
-  rand_stack.f3[432U] = 0U;
-  rand_stack.f3[433U] = 0U;
-  rand_stack.f3[434U] = 0U;
-  rand_stack.f3[435U] = 0U;
-  rand_stack.f3[436U] = 0U;
-  rand_stack.f3[437U] = 0U;
-  rand_stack.f3[438U] = 0U;
-  rand_stack.f3[439U] = 0U;
-  rand_stack.f3[440U] = 0U;
-  rand_stack.f3[441U] = 0U;
-  rand_stack.f3[442U] = 0U;
-  rand_stack.f3[443U] = 0U;
-  rand_stack.f3[444U] = 0U;
-  rand_stack.f3[445U] = 0U;
-  rand_stack.f3[446U] = 0U;
-  rand_stack.f3[447U] = 0U;
-  rand_stack.f3[448U] = 0U;
-  rand_stack.f3[449U] = 0U;
-  rand_stack.f3[450U] = 0U;
-  rand_stack.f3[451U] = 0U;
-  rand_stack.f3[452U] = 0U;
-  rand_stack.f3[453U] = 0U;
-  rand_stack.f3[454U] = 0U;
-  rand_stack.f3[455U] = 0U;
-  rand_stack.f3[456U] = 0U;
-  rand_stack.f3[457U] = 0U;
-  rand_stack.f3[458U] = 0U;
-  rand_stack.f3[459U] = 0U;
-  rand_stack.f3[460U] = 0U;
-  rand_stack.f3[461U] = 0U;
-  rand_stack.f3[462U] = 0U;
-  rand_stack.f3[463U] = 0U;
-  rand_stack.f3[464U] = 0U;
-  rand_stack.f3[465U] = 0U;
-  rand_stack.f3[466U] = 0U;
-  rand_stack.f3[467U] = 0U;
-  rand_stack.f3[468U] = 0U;
-  rand_stack.f3[469U] = 0U;
-  rand_stack.f3[470U] = 0U;
-  rand_stack.f3[471U] = 0U;
-  rand_stack.f3[472U] = 0U;
-  rand_stack.f3[473U] = 0U;
-  rand_stack.f3[474U] = 0U;
-  rand_stack.f3[475U] = 0U;
-  rand_stack.f3[476U] = 0U;
-  rand_stack.f3[477U] = 0U;
-  rand_stack.f3[478U] = 0U;
-  rand_stack.f3[479U] = 0U;
-  rand_stack.f3[480U] = 0U;
-  rand_stack.f3[481U] = 0U;
-  rand_stack.f3[482U] = 0U;
-  rand_stack.f3[483U] = 0U;
-  rand_stack.f3[484U] = 0U;
-  rand_stack.f3[485U] = 0U;
-  rand_stack.f3[486U] = 0U;
-  rand_stack.f3[487U] = 0U;
-  rand_stack.f3[488U] = 0U;
-  rand_stack.f3[489U] = 0U;
-  rand_stack.f3[490U] = 0U;
-  rand_stack.f3[491U] = 0U;
-  rand_stack.f3[492U] = 0U;
-  rand_stack.f3[493U] = 0U;
-  rand_stack.f3[494U] = 0U;
-  rand_stack.f3[495U] = 0U;
-  rand_stack.f3[496U] = 0U;
-  rand_stack.f3[497U] = 0U;
-  rand_stack.f3[498U] = 0U;
-  rand_stack.f3[499U] = 0U;
-  rand_stack.f3[500U] = 0U;
-  rand_stack.f3[501U] = 0U;
-  rand_stack.f3[502U] = 0U;
-  rand_stack.f3[503U] = 0U;
-  rand_stack.f3[504U] = 0U;
-  rand_stack.f3[505U] = 0U;
-  rand_stack.f3[506U] = 0U;
-  rand_stack.f3[507U] = 0U;
-  rand_stack.f3[508U] = 0U;
-  rand_stack.f3[509U] = 0U;
-  rand_stack.f3[510U] = 0U;
-  rand_stack.f3[511U] = 0U;
-  rand_stack.f3[512U] = 0U;
-  rand_stack.f3[513U] = 0U;
-  rand_stack.f3[514U] = 0U;
-  rand_stack.f3[515U] = 0U;
-  rand_stack.f3[516U] = 0U;
-  rand_stack.f3[517U] = 0U;
-  rand_stack.f3[518U] = 0U;
-  rand_stack.f3[519U] = 0U;
-  rand_stack.f3[520U] = 0U;
-  rand_stack.f3[521U] = 0U;
-  rand_stack.f3[522U] = 0U;
-  rand_stack.f3[523U] = 0U;
-  rand_stack.f3[524U] = 0U;
-  rand_stack.f3[525U] = 0U;
-  rand_stack.f3[526U] = 0U;
-  rand_stack.f3[527U] = 0U;
-  rand_stack.f3[528U] = 0U;
-  rand_stack.f3[529U] = 0U;
-  rand_stack.f3[530U] = 0U;
-  rand_stack.f3[531U] = 0U;
-  rand_stack.f3[532U] = 0U;
-  rand_stack.f3[533U] = 0U;
-  rand_stack.f3[534U] = 0U;
-  rand_stack.f3[535U] = 0U;
-  rand_stack.f3[536U] = 0U;
-  rand_stack.f3[537U] = 0U;
-  rand_stack.f3[538U] = 0U;
-  rand_stack.f3[539U] = 0U;
-  rand_stack.f3[540U] = 0U;
-  rand_stack.f3[541U] = 0U;
-  rand_stack.f3[542U] = 0U;
-  rand_stack.f3[543U] = 0U;
-  rand_stack.f3[544U] = 0U;
-  rand_stack.f3[545U] = 0U;
-  rand_stack.f3[546U] = 0U;
-  rand_stack.f3[547U] = 0U;
-  rand_stack.f3[548U] = 0U;
-  rand_stack.f3[549U] = 0U;
-  rand_stack.f3[550U] = 0U;
-  rand_stack.f3[551U] = 0U;
-  rand_stack.f3[552U] = 0U;
-  rand_stack.f3[553U] = 0U;
-  rand_stack.f3[554U] = 0U;
-  rand_stack.f3[555U] = 0U;
-  rand_stack.f3[556U] = 0U;
-  rand_stack.f3[557U] = 0U;
-  rand_stack.f3[558U] = 0U;
-  rand_stack.f3[559U] = 0U;
-  rand_stack.f3[560U] = 0U;
-  rand_stack.f3[561U] = 0U;
-  rand_stack.f3[562U] = 0U;
-  rand_stack.f3[563U] = 0U;
-  rand_stack.f3[564U] = 0U;
-  rand_stack.f3[565U] = 0U;
-  rand_stack.f3[566U] = 0U;
-  rand_stack.f3[567U] = 0U;
-  rand_stack.f3[568U] = 0U;
-  rand_stack.f3[569U] = 0U;
-  rand_stack.f3[570U] = 0U;
-  rand_stack.f3[571U] = 0U;
-  rand_stack.f3[572U] = 0U;
-  rand_stack.f3[573U] = 0U;
-  rand_stack.f3[574U] = 0U;
-  rand_stack.f3[575U] = 0U;
-  rand_stack.f3[576U] = 0U;
-  rand_stack.f3[577U] = 0U;
-  rand_stack.f3[578U] = 0U;
-  rand_stack.f3[579U] = 0U;
-  rand_stack.f3[580U] = 0U;
-  rand_stack.f3[581U] = 0U;
-  rand_stack.f3[582U] = 0U;
-  rand_stack.f3[583U] = 0U;
-  rand_stack.f3[584U] = 0U;
-  rand_stack.f3[585U] = 0U;
-  rand_stack.f3[586U] = 0U;
-  rand_stack.f3[587U] = 0U;
-  rand_stack.f3[588U] = 0U;
-  rand_stack.f3[589U] = 0U;
-  rand_stack.f3[590U] = 0U;
-  rand_stack.f3[591U] = 0U;
-  rand_stack.f3[592U] = 0U;
-  rand_stack.f3[593U] = 0U;
-  rand_stack.f3[594U] = 0U;
-  rand_stack.f3[595U] = 0U;
-  rand_stack.f3[596U] = 0U;
-  rand_stack.f3[597U] = 0U;
-  rand_stack.f3[598U] = 0U;
-  rand_stack.f3[599U] = 0U;
-  rand_stack.f3[600U] = 0U;
-  rand_stack.f3[601U] = 0U;
-  rand_stack.f3[602U] = 0U;
-  rand_stack.f3[603U] = 0U;
-  rand_stack.f3[604U] = 0U;
-  rand_stack.f3[605U] = 0U;
-  rand_stack.f3[606U] = 0U;
-  rand_stack.f3[607U] = 0U;
-  rand_stack.f3[608U] = 0U;
-  rand_stack.f3[609U] = 0U;
-  rand_stack.f3[610U] = 0U;
-  rand_stack.f3[611U] = 0U;
-  rand_stack.f3[612U] = 0U;
-  rand_stack.f3[613U] = 0U;
-  rand_stack.f3[614U] = 0U;
-  rand_stack.f3[615U] = 0U;
-  rand_stack.f3[616U] = 0U;
-  rand_stack.f3[617U] = 0U;
-  rand_stack.f3[618U] = 0U;
-  rand_stack.f3[619U] = 0U;
-  rand_stack.f3[620U] = 0U;
-  rand_stack.f3[621U] = 0U;
-  rand_stack.f3[622U] = 0U;
-  rand_stack.f3[623U] = 0U;
-  rand_stack.f3[624U] = 0U;
-  rand_stack.f3[625U] = 0U;
-  rand_stack.f3[626U] = 0U;
-  rand_stack.f3[627U] = 0U;
-  rand_stack.f3[628U] = 0U;
-  rand_stack.f3[629U] = 0U;
-  rand_stack.f3[630U] = 0U;
-  rand_stack.f3[631U] = 0U;
-  rand_stack.f3[632U] = 0U;
-  rand_stack.f3[633U] = 0U;
-  rand_stack.f3[634U] = 0U;
-  rand_stack.f3[635U] = 0U;
-  rand_stack.f3[636U] = 0U;
-  rand_stack.f3[637U] = 0U;
-  rand_stack.f3[638U] = 0U;
-  rand_stack.f3[639U] = 0U;
-  rand_stack.f3[640U] = 0U;
-  rand_stack.f3[641U] = 0U;
-  rand_stack.f3[642U] = 0U;
-  rand_stack.f3[643U] = 0U;
-  rand_stack.f3[644U] = 0U;
-  rand_stack.f3[645U] = 0U;
-  rand_stack.f3[646U] = 0U;
-  rand_stack.f3[647U] = 0U;
-  rand_stack.f3[648U] = 0U;
-  rand_stack.f3[649U] = 0U;
-  rand_stack.f3[650U] = 0U;
-  rand_stack.f3[651U] = 0U;
-  rand_stack.f3[652U] = 0U;
-  rand_stack.f3[653U] = 0U;
-  rand_stack.f3[654U] = 0U;
-  rand_stack.f3[655U] = 0U;
-  rand_stack.f3[656U] = 0U;
-  rand_stack.f3[657U] = 0U;
-  rand_stack.f3[658U] = 0U;
-  rand_stack.f3[659U] = 0U;
-  rand_stack.f3[660U] = 0U;
-  rand_stack.f3[661U] = 0U;
-  rand_stack.f3[662U] = 0U;
-  rand_stack.f3[663U] = 0U;
-  rand_stack.f3[664U] = 0U;
-  rand_stack.f3[665U] = 0U;
-  rand_stack.f3[666U] = 0U;
-  rand_stack.f3[667U] = 0U;
-  rand_stack.f3[668U] = 0U;
-  rand_stack.f3[669U] = 0U;
-  rand_stack.f3[670U] = 0U;
-  rand_stack.f3[671U] = 0U;
-  rand_stack.f3[672U] = 0U;
-  rand_stack.f3[673U] = 0U;
-  rand_stack.f3[674U] = 0U;
-  rand_stack.f3[675U] = 0U;
-  rand_stack.f3[676U] = 0U;
-  rand_stack.f3[677U] = 0U;
-  rand_stack.f3[678U] = 0U;
-  rand_stack.f3[679U] = 0U;
-  rand_stack.f3[680U] = 0U;
-  rand_stack.f3[681U] = 0U;
-  rand_stack.f3[682U] = 0U;
-  rand_stack.f3[683U] = 0U;
-  rand_stack.f3[684U] = 0U;
-  rand_stack.f3[685U] = 0U;
-  rand_stack.f3[686U] = 0U;
-  rand_stack.f3[687U] = 0U;
-  rand_stack.f3[688U] = 0U;
-  rand_stack.f3[689U] = 0U;
-  rand_stack.f3[690U] = 0U;
-  rand_stack.f3[691U] = 0U;
-  rand_stack.f3[692U] = 0U;
-  rand_stack.f3[693U] = 0U;
-  rand_stack.f3[694U] = 0U;
-  rand_stack.f3[695U] = 0U;
-  rand_stack.f3[696U] = 0U;
-  rand_stack.f3[697U] = 0U;
-  rand_stack.f3[698U] = 0U;
-  rand_stack.f3[699U] = 0U;
-  rand_stack.f3[700U] = 0U;
-  rand_stack.f3[701U] = 0U;
-  rand_stack.f3[702U] = 0U;
-  rand_stack.f3[703U] = 0U;
-  rand_stack.f3[704U] = 0U;
-  rand_stack.f3[705U] = 0U;
-  rand_stack.f3[706U] = 0U;
-  rand_stack.f3[707U] = 0U;
-  rand_stack.f3[708U] = 0U;
-  rand_stack.f3[709U] = 0U;
-  rand_stack.f3[710U] = 0U;
-  rand_stack.f3[711U] = 0U;
-  rand_stack.f3[712U] = 0U;
-  rand_stack.f3[713U] = 0U;
-  rand_stack.f3[714U] = 0U;
-  rand_stack.f3[715U] = 0U;
-  rand_stack.f3[716U] = 0U;
-  rand_stack.f3[717U] = 0U;
-  rand_stack.f3[718U] = 0U;
-  rand_stack.f3[719U] = 0U;
-  rand_stack.f3[720U] = 0U;
-  rand_stack.f3[721U] = 0U;
-  rand_stack.f3[722U] = 0U;
-  rand_stack.f3[723U] = 0U;
-  rand_stack.f3[724U] = 0U;
-  rand_stack.f3[725U] = 0U;
-  rand_stack.f3[726U] = 0U;
-  rand_stack.f3[727U] = 0U;
-  rand_stack.f3[728U] = 0U;
-  rand_stack.f3[729U] = 0U;
-  rand_stack.f3[730U] = 0U;
-  rand_stack.f3[731U] = 0U;
-  rand_stack.f3[732U] = 0U;
-  rand_stack.f3[733U] = 0U;
-  rand_stack.f3[734U] = 0U;
-  rand_stack.f3[735U] = 0U;
-  rand_stack.f3[736U] = 0U;
-  rand_stack.f3[737U] = 0U;
-  rand_stack.f3[738U] = 0U;
-  rand_stack.f3[739U] = 0U;
-  rand_stack.f3[740U] = 0U;
-  rand_stack.f3[741U] = 0U;
-  rand_stack.f3[742U] = 0U;
-  rand_stack.f3[743U] = 0U;
-  rand_stack.f3[744U] = 0U;
-  rand_stack.f3[745U] = 0U;
-  rand_stack.f3[746U] = 0U;
-  rand_stack.f3[747U] = 0U;
-  rand_stack.f3[748U] = 0U;
-  rand_stack.f3[749U] = 0U;
-  rand_stack.f3[750U] = 0U;
-  rand_stack.f3[751U] = 0U;
-  rand_stack.f3[752U] = 0U;
-  rand_stack.f3[753U] = 0U;
-  rand_stack.f3[754U] = 0U;
-  rand_stack.f3[755U] = 0U;
-  rand_stack.f3[756U] = 0U;
-  rand_stack.f3[757U] = 0U;
-  rand_stack.f3[758U] = 0U;
-  rand_stack.f3[759U] = 0U;
-  rand_stack.f3[760U] = 0U;
-  rand_stack.f3[761U] = 0U;
-  rand_stack.f3[762U] = 0U;
-  rand_stack.f3[763U] = 0U;
-  rand_stack.f3[764U] = 0U;
-  rand_stack.f3[765U] = 0U;
-  rand_stack.f3[766U] = 0U;
-  rand_stack.f3[767U] = 0U;
-  rand_stack.f3[768U] = 0U;
-  rand_stack.f3[769U] = 0U;
-  rand_stack.f3[770U] = 0U;
-  rand_stack.f3[771U] = 0U;
-  rand_stack.f3[772U] = 0U;
-  rand_stack.f3[773U] = 0U;
-  rand_stack.f3[774U] = 0U;
-  rand_stack.f3[775U] = 0U;
-  rand_stack.f3[776U] = 0U;
-  rand_stack.f3[777U] = 0U;
-  rand_stack.f3[778U] = 0U;
-  rand_stack.f3[779U] = 0U;
-  rand_stack.f3[780U] = 0U;
-  rand_stack.f3[781U] = 0U;
-  rand_stack.f3[782U] = 0U;
-  rand_stack.f3[783U] = 0U;
-  rand_stack.f3[784U] = 0U;
-  rand_stack.f3[785U] = 0U;
-  rand_stack.f3[786U] = 0U;
-  rand_stack.f3[787U] = 0U;
-  rand_stack.f3[788U] = 0U;
-  rand_stack.f3[789U] = 0U;
-  rand_stack.f3[790U] = 0U;
-  rand_stack.f3[791U] = 0U;
-  rand_stack.f3[792U] = 0U;
-  rand_stack.f3[793U] = 0U;
-  rand_stack.f3[794U] = 0U;
-  rand_stack.f3[795U] = 0U;
-  rand_stack.f3[796U] = 0U;
-  rand_stack.f3[797U] = 0U;
-  rand_stack.f3[798U] = 0U;
-  rand_stack.f3[799U] = 0U;
-  rand_stack.f3[800U] = 0U;
-  rand_stack.f3[801U] = 0U;
-  rand_stack.f3[802U] = 0U;
-  rand_stack.f3[803U] = 0U;
-  rand_stack.f3[804U] = 0U;
-  rand_stack.f3[805U] = 0U;
-  rand_stack.f3[806U] = 0U;
-  rand_stack.f3[807U] = 0U;
-  rand_stack.f3[808U] = 0U;
-  rand_stack.f3[809U] = 0U;
-  rand_stack.f3[810U] = 0U;
-  rand_stack.f3[811U] = 0U;
-  rand_stack.f3[812U] = 0U;
-  rand_stack.f3[813U] = 0U;
-  rand_stack.f3[814U] = 0U;
-  rand_stack.f3[815U] = 0U;
-  rand_stack.f3[816U] = 0U;
-  rand_stack.f3[817U] = 0U;
-  rand_stack.f3[818U] = 0U;
-  rand_stack.f3[819U] = 0U;
-  rand_stack.f3[820U] = 0U;
-  rand_stack.f3[821U] = 0U;
-  rand_stack.f3[822U] = 0U;
-  rand_stack.f3[823U] = 0U;
-  rand_stack.f3[824U] = 0U;
-  rand_stack.f3[825U] = 0U;
-  rand_stack.f3[826U] = 0U;
-  rand_stack.f3[827U] = 0U;
-  rand_stack.f3[828U] = 0U;
-  rand_stack.f3[829U] = 0U;
-  rand_stack.f3[830U] = 0U;
-  rand_stack.f3[831U] = 0U;
-  rand_stack.f3[832U] = 0U;
-  rand_stack.f3[833U] = 0U;
-  rand_stack.f3[834U] = 0U;
-  rand_stack.f3[835U] = 0U;
-  rand_stack.f3[836U] = 0U;
-  rand_stack.f3[837U] = 0U;
-  rand_stack.f3[838U] = 0U;
-  rand_stack.f3[839U] = 0U;
+  uint8_t rand_stack0[840U] = {0U};
+  uint8_t rand_stack1[840U] = {0U};
+  uint8_t rand_stack2[840U] = {0U};
+  uint8_t rand_stack3[840U] = {0U};
   int32_t tmp_stack[4U][263U] = {{0U}};
   /* Passing arrays by value in Rust generates a copy in C */
   uint8_t copy_of_seed[34U];
@@ -6282,7 +4610,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}),
                          (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed, A, &rand_stack,
+      copy_of_seed, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6293,7 +4621,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}),
                          (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed0, A, &rand_stack,
+      copy_of_seed0, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6304,7 +4632,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}),
                          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed1, A, &rand_stack,
+      copy_of_seed1, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6315,7 +4643,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}),
                          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed2, A, &rand_stack,
+      copy_of_seed2, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6326,7 +4654,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}),
                          (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed3, A, &rand_stack,
+      copy_of_seed3, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6337,7 +4665,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}),
                          (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed4, A, &rand_stack,
+      copy_of_seed4, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6348,7 +4676,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}),
                          (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed5, A, &rand_stack,
+      copy_of_seed5, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6,
       (size_t)4U);
   /* Passing arrays by value in Rust generates a copy in C */
@@ -6359,7 +4687,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(
                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}),
                         (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})};
   libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49(
-      copy_of_seed6, A, &rand_stack,
+      copy_of_seed6, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3,
       Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf,
       (size_t)2U);
   memcpy(ret, A,
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
index a96bed3c2..876ec6f9b 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+ * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
  */
 
 #ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
index d798f2f87..ebba16495 100644
--- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
  * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5
  * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42
+ * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3
  */
 
 #ifndef __libcrux_sha3_portable_H

From 8c00dbf291da94dc6d4942e8a849a20997ed80c2 Mon Sep 17 00:00:00 2001
From: Jonas Schneider-Bensch <jonas@cryspen.com>
Date: Thu, 19 Dec 2024 08:43:54 +0100
Subject: [PATCH 142/142] Address review comments

- Comment location
- Remove `sample_four_ring_elements_into!` macro
---
 libcrux-ml-dsa/src/sample.rs   |   9 +-
 libcrux-ml-dsa/src/samplex4.rs | 523 ++++++++++++++-------------------
 2 files changed, 231 insertions(+), 301 deletions(-)

diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs
index be056a497..ea7f49291 100644
--- a/libcrux-ml-dsa/src/sample.rs
+++ b/libcrux-ml-dsa/src/sample.rs
@@ -37,13 +37,14 @@ fn rejection_sample_less_than_field_modulus<SIMDUnit: Operations>(
 #[inline(always)]
 fn generate_domain_separator((row, column): (u8, u8)) -> u16 {
     (column as u16) | ((row as u16) << 8)
-} // Doing deep updates like `a[1][1] = 3` causes a memory blowup in F*
-  // https://github.com/hacspec/hax/issues/1098
-  // So we are instead using a matrix abstraction with a custom update function here.
+}
 
-type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
+pub(crate) type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
     [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
 
+// Doing deep updates like `a[1][1] = 3` causes a memory blowup in F*
+// https://github.com/hacspec/hax/issues/1098
+// So we are instead using a matrix abstraction with a custom update function here.
 fn update_matrix<SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize>(
     m: &mut Matrix<SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>,
     i: usize,
diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs
index 37c70280f..ddcf0ac40 100644
--- a/libcrux-ml-dsa/src/samplex4.rs
+++ b/libcrux-ml-dsa/src/samplex4.rs
@@ -1,7 +1,7 @@
 use crate::{
     hash_functions::{shake128, shake256},
     polynomial::PolynomialRingElement,
-    sample::{sample_four_error_ring_elements, sample_up_to_four_ring_elements},
+    sample::{sample_four_error_ring_elements, sample_up_to_four_ring_elements, Matrix},
     simd::traits::Operations,
 };
 
@@ -14,27 +14,6 @@ pub(crate) trait X4Sampler {
     ) -> [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
 }
 
-type Matrix<SIMDUnit, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> =
-    [[PolynomialRingElement<SIMDUnit>; COLUMNS_IN_A]; ROWS_IN_A];
-
-/// A call to sample four ring elements from $seed into $memory at indices $a, $b
-/// $c, $d.
-macro_rules! sample_four_ring_elements_into {
-    ($seed:ident, $matrix:ident, $rand_stack0:ident, $rand_stack1:ident, $rand_stack2:ident, $rand_stack3:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => {
-        sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
-            $seed,
-            &mut $matrix,
-            &mut $rand_stack0,
-            &mut $rand_stack1,
-            &mut $rand_stack2,
-            &mut $rand_stack3,
-            &mut $tmp_stack,
-            &[$a, $b, $c, $d],
-            4,
-        );
-    };
-}
-
 #[allow(non_snake_case)]
 #[inline(always)]
 #[cfg(feature = "mldsa44")]
@@ -55,57 +34,49 @@ pub(crate) fn matrix_A_4_by_4<
     let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (0, 0),
-        (0, 1),
-        (0, 2),
-        (0, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(0, 0), (0, 1), (0, 2), (0, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (1, 0),
-        (1, 1),
-        (1, 2),
-        (1, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(1, 0), (1, 1), (1, 2), (1, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (2, 0),
-        (2, 1),
-        (2, 2),
-        (2, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(2, 0), (2, 1), (2, 2), (2, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (3, 0),
-        (3, 1),
-        (3, 2),
-        (3, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(3, 0), (3, 1), (3, 2), (3, 3)],
+        4,
     );
 
     A
@@ -130,96 +101,82 @@ pub(crate) fn matrix_A_6_by_5<
     let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (0, 0),
-        (0, 1),
-        (0, 2),
-        (0, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(0, 0), (0, 1), (0, 2), (0, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (0, 4),
-        (1, 0),
-        (1, 1),
-        (1, 2)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(0, 4), (1, 0), (1, 1), (1, 2)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (1, 3),
-        (1, 4),
-        (2, 0),
-        (2, 1)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(1, 3), (1, 4), (2, 0), (2, 1)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (2, 2),
-        (2, 3),
-        (2, 4),
-        (3, 0)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(2, 2), (2, 3), (2, 4), (3, 0)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (3, 1),
-        (3, 2),
-        (3, 3),
-        (3, 4)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(3, 1), (3, 2), (3, 3), (3, 4)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (4, 0),
-        (4, 1),
-        (4, 2),
-        (4, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(4, 0), (4, 1), (4, 2), (4, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (4, 4),
-        (5, 0),
-        (5, 1),
-        (5, 2)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(4, 4), (5, 0), (5, 1), (5, 2)],
+        4,
     );
 
     // The last 2 sampled ring elements are discarded here.
@@ -257,187 +214,159 @@ pub(crate) fn matrix_A_8_by_7<
     let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE];
     let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]];
 
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (0, 0),
-        (0, 1),
-        (0, 2),
-        (0, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(0, 0), (0, 1), (0, 2), (0, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (0, 4),
-        (0, 5),
-        (0, 6),
-        (1, 0)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(0, 4), (0, 5), (0, 6), (1, 0)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (1, 1),
-        (1, 2),
-        (1, 3),
-        (1, 4)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(1, 1), (1, 2), (1, 3), (1, 4)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (1, 5),
-        (1, 6),
-        (2, 0),
-        (2, 1)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(1, 5), (1, 6), (2, 0), (2, 1)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (2, 2),
-        (2, 3),
-        (2, 4),
-        (2, 5)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(2, 2), (2, 3), (2, 4), (2, 5)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (2, 6),
-        (3, 0),
-        (3, 1),
-        (3, 2)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(2, 6), (3, 0), (3, 1), (3, 2)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (3, 3),
-        (3, 4),
-        (3, 5),
-        (3, 6)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(3, 3), (3, 4), (3, 5), (3, 6)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (4, 0),
-        (4, 1),
-        (4, 2),
-        (4, 3)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(4, 0), (4, 1), (4, 2), (4, 3)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (4, 4),
-        (4, 5),
-        (4, 6),
-        (5, 0)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(4, 4), (4, 5), (4, 6), (5, 0)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (5, 1),
-        (5, 2),
-        (5, 3),
-        (5, 4)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(5, 1), (5, 2), (5, 3), (5, 4)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (5, 5),
-        (5, 6),
-        (6, 0),
-        (6, 1)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(5, 5), (5, 6), (6, 0), (6, 1)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (6, 2),
-        (6, 3),
-        (6, 4),
-        (6, 5)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(6, 2), (6, 3), (6, 4), (6, 5)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (6, 6),
-        (7, 0),
-        (7, 1),
-        (7, 2)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(6, 6), (7, 0), (7, 1), (7, 2)],
+        4,
     );
-    sample_four_ring_elements_into!(
+    sample_up_to_four_ring_elements::<SIMDUnit, Shake128, ROWS_IN_A, COLUMNS_IN_A>(
         seed,
-        A,
-        rand_stack0,
-        rand_stack1,
-        rand_stack2,
-        rand_stack3,
-        tmp_stack,
-        (7, 3),
-        (7, 4),
-        (7, 5),
-        (7, 6)
+        &mut A,
+        &mut rand_stack0,
+        &mut rand_stack1,
+        &mut rand_stack2,
+        &mut rand_stack3,
+        &mut tmp_stack,
+        &[(7, 3), (7, 4), (7, 5), (7, 6)],
+        4,
     );
 
     A